Privacy-by-ReDesign: Alleviating Users’ Privacy Concerns for Third-Party Applications on Facebook
ABSTRACT
The extensive disclosure of personal information by users of online social networks (OSNs) has made privacy concerns particularly salient. A number of studies have been conducted to investigate users' privacy attitudes and possible risks that users face when they fail to adequately protect their information. An additional dimension that represents the complexity of studying privacy in the context of OSNs is added by the large amount of data collection and transmission by third-party applications ("apps"). Such particularly aggressive way of data access and transmission raises a new set of privacy challenges, because users' private information can be easily revealed by their and even their friends' use of apps. A heightened need for empowering user privacy control for third-party apps arises due to the inability to monitor the data use of app providers within and outside of the Facebook platform and the inherent uncertainty about their data practices.
In this work, we first systematically study apps' current practices for privacy notice and consent by: i) collecting data from the 1800 most popular Facebook apps to record their data collection practices concerning users and their friends, and ii) developing our own Facebook app to conduct a number of tests to identify problems that exist in the current design of privacy authentication dialogs for third-party apps on Facebook. We find that in the current design of the privacy authentication dialogs, there is no way for users to limit apps' information access or publishing abilities during the installation process. Even the post installation settings cannot sufficiently help users to control what information they share with apps.
To address these problems, the approach of Privacy by ReDesign is employed to investigate whether users can more adequately represent their preferences for sharing and releasing personal information with these two improved designs of privacy authorization dialogues. Specifically, we propose two enhanced versions of interfaces (shown in Figure 1 and Figure 2), which highlight control and awareness as the essential factors of privacy concerns in the context of third-party apps on Facebook. These two new designs aim to fulfill the following two design principles: 1) the authorization dialog should provide options for a user to control the information accessibility or publishing ability before adding the app to the user's Facebook profile; 2) the authorization dialog should provide alert signals for a user when the app asks for the user's sensitive private information. A field experiment with 150 Facebook users was conducted to investigate whether users can more adequately represent their preferences for sharing and releasing personal information with these newly designed privacy authorization dialogues. We believe that this work provides both conceptual and empirical insights in terms of design recommendations to address privacy concerns toward third-party apps on Facebook.
Publications:
-
- Wang, N., Grossklags, J. and Xu, H. (2013). An Online Experiment of Social Applications' Privacy Authorization Dialogues, Proceedings of 16th ACM Conference on Computer Supported Cooperative Work and Social Computing (CSCW), San Antonio, TX.
-
- Xu, H., Wang, N., and Grossklags, J. (2012). Privacy-by-ReDesign: Alleviating Privacy Concerns for Third-Party Applications, Proceedings of 33rd Annual International Conference on Information Systems (ICIS), Orlando, FL.
-
- Wang, N., Xu, H., and Grossklags, J. (2011). Third-Party Apps on Facebook: Privacy and the Illusion of Control, Proceedings of the ACM Symposium on Computer Human Interaction for Management of Information Technology (CHIMIT), Boston, MA.
Dr. Heng Xu is a tenured associate professor of Information Sciences and Technology at the Pennsylvania State University where she is a recipient of the endowed PNC Technologies Career Development Professorship. She leads the Privacy Assurance Lab (PAL), an inter-disciplinary research group working on a diverse set of projects related to understanding and assuring information privacy. She is also the associate director of the Center for Cyber-Security, Information Privacy and Trust (LIONS Center) at Penn State.
Her current research focus is on the interplay between social and technological issues associated with information privacy. She approaches privacy issues through a combination of empirical, theoretical, and technical research efforts. Her research projects have been dealing with individuals' information privacy concerns and behaviors, strategic management of organizational privacy and security practices, and design and empirical evaluations of privacy-enhancing technologies. At Penn State, she teaches courses on security and risk analysis, integration of privacy and security, human information behavior, and organizational informatics. Dr. Xu has been granted a Faculty Early Career Development (CAREER) Award, which is the National Science Foundation's most prestigious awards in support of junior faculty who exemplify the role of teacher-scholars through outstanding research, excellent education and the integration of education and research.
Dr. Xu has authored over 70 research papers on information privacy, security management, human-computer interaction, and technology innovation adoption. Her research has appeared in Decision Support Systems, Information Systems Research, Information & Management, Journal of Management Information Systems, Journal of the American Society for Information Science and Technology, Journal of the Association for Information Systems, MIS Quarterly, and in other journals. Her interdisciplinary privacy research has been recently featured in the Wall Street Journal Digits, on the Kathleen Dunn Show that airs live on Wisconsin Public Radio, and on TV Show - To the Best of My Knowledge that airs live in Central Pennsylvania.
PDF document- 1.53 MB
- 140 downloads
- Download
- Printer-friendly version