Chapter 5: Usable and Useful Privacy Interfaces Flashcards
How can you reduce opportunities for user regret?
Nudges - to remind users of their privacy choices
Time delays
What are best practices when presenting privacy controls to a user?
Offer them a meaningful way to control their preferences in a way that aligns with their needs
What is rational choice theory?
A rationally acting person ingests information about companies’ data practices and uses this information to engage in a risk-benefit analysis and make rational decisions
Such decisions are assumed to be consistent with the person’s privacy preferences
Are users rational in their privacy decisions?
In practice people’s privacy decisions and behavior are rarely rational or predictable but rather highly context dependent and malleable
What is the privacy paradox?
People express certain privacy preferences or intentions but act contrary to them
List 4 examples of privacy behaviour that contradict the research showing that people are concerned about their privacy
People:
• share copious personal details on social media
• express regrets about sharing too much information online
• are frequently surprised by the data practices of services they use
• are often unaware of privacy controls and protections available to them
Describe self-censorship
Some people may opt not to share personal opinions, political leanings or certain updates about their lives online in order to avoid arguments or to manage their self-presentation
What is the chilling effect?
Increased awareness about invasive data practices may lead people to restrict their behaviour (for example not searching for terrorism-related terms after wikileaks)
Describe privacy preferences
What the person would prefer to happen in a certain situation, which may be informed by one’s general attitudes towards privacy, sociocultural norms, and prior experience
Describe privacy concerns
Privacy risks or potential privacy harm a person is aware of or worried about
Describe privacy expectations
What data processing or privacy infringements a person anticipates will occur in a given situation—are shaped by the person’s privacy preferences, concerns and awareness of data practices
Why would a person’s privacy decision in a given situation be an inconsistent reflection of their privacy preference?
Subject to both external influences (e.g., incomplete information, context) and internal influences (e.g., bounded rationality, experience)
What is privacy regret?
When an individual realizes that their privacy behavior or the actual data practices of a system or an organization were misaligned with their privacy expectations in a way that negatively affected them
What assumption do informed consent and informed decision-making rely on?
The person has fully considered all available information
List 3 common misconceptions that individuals have about privacy
- Companies securely transfer data
- They are protected by privacy law (depends on country)
- If a company has a privacy policy they don’t share data with 3rd parties
What is the control paradox?
Perceived control over privacy may lead to increased sharing, which in turn may increase privacy risks
What is bounded rationality?
Humans are limited in their ability and time to acquire, memorize and process all information relevant to making a fully informed and rational decision
How do individuals compensate for the effects of bounded rationality?
Humans rely on heuristics in their decision-making to reach a satisfactory solution rather than an optimal one
List some common decision heuristics and biases that can affect privacy decisions and behaviour
- Availability heuristic
- Representativeness heuristic
- Anchoring
- Loss aversion
- Hyperbolic discounting
- Optimism bias
- Status quo bias
Describe the availability heuristic
Due to uncertainty about privacy risks, people may look for other available cues to judge the probability of risks (store’s visual design, presence of a privacy policy, vendor’s reputation)
Describe the representativeness heuristic
People may perceive privacy intrusions as low-probability events
Describe anchoring
Available information creates a reference point for future decisions (Survey participants disclose more information when a survey starts with intrusive questions and gradually reduces in sensitivity compared with a survey that increases in sensitivity)
Describe loss aversion
Individuals dislike losses more than they like gains
Describe hyperbolic discounting
Even if people claim to care about privacy, they may discount less immediate privacy risks in the moment in favor of immediate gratification
Describe optimism bias
People systematically underestimate the likelihood of being affected by a negative event
Describe status quo bias
People have a general affinity for default choices
People often keep default settings even if they are privacy invasive, because they are not aware of the setting and/or its privacy implications, because of associated transaction costs
It is assumed that the default settings are set to protect them
What is context-dependendance?
What information someone considers appropriate to share varies based on contextual factors, such as the nature or source of the information, the activity or transaction as part of which information may be shared, as well as the people involved
List the 4 types of boundary that, when breached, can result in a privacy violation
- Natural borders
- Social borders
- Spatial or temporal borders
- Ephemeral or transitory borders
What are natural borders?
walls, closed doors, clothing, sealed envelopes and encryption protect information by limiting observation by others
What are social borders?
Assumptions or expectations of social norms about confidentiality and respect of one’s privacy, such as confidential relationships with doctors, lawyers or priests; the integrity and confidentiality of personal correspondence; trust in colleagues, friends and family members to not rifle through one’s personal effects; or the assumption that information is not retained longer than required or used for other purposes
What are spatial or temporal borders?
Physical distance or the passing of time, separate information from different periods or aspects of a person’s life
What are ephemeral or transitory borders?
Based on assumptions that certain interactions or communication only exist in the moment and are not recorded permanently