Chapter 5: Usable and Useful Privacy Interfaces Flashcards

1
Q

How can you reduce opportunities for user regret?

A

Nudges - to remind users of their privacy choices

Time delays

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are best practices when presenting privacy controls to a user?

A

Offer them a meaningful way to control their preferences in a way that aligns with their needs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is rational choice theory?

A

A rationally acting person ingests information about companies’ data practices and uses this information to engage in a risk-benefit analysis and make rational decisions
Such decisions are assumed to be consistent with the person’s privacy preferences

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Are users rational in their privacy decisions?

A

In practice people’s privacy decisions and behavior are rarely rational or predictable but rather highly context dependent and malleable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the privacy paradox?

A

People express certain privacy preferences or intentions but act contrary to them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

List 4 examples of privacy behaviour that contradict the research showing that people are concerned about their privacy

A

People:
• share copious personal details on social media
• express regrets about sharing too much information online
• are frequently surprised by the data practices of services they use
• are often unaware of privacy controls and protections available to them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Describe self-censorship

A

Some people may opt not to share personal opinions, political leanings or certain updates about their lives online in order to avoid arguments or to manage their self-presentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the chilling effect?

A

Increased awareness about invasive data practices may lead people to restrict their behaviour (for example not searching for terrorism-related terms after wikileaks)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Describe privacy preferences

A

What the person would prefer to happen in a certain situation, which may be informed by one’s general attitudes towards privacy, sociocultural norms, and prior experience

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Describe privacy concerns

A

Privacy risks or potential privacy harm a person is aware of or worried about

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Describe privacy expectations

A

What data processing or privacy infringements a person anticipates will occur in a given situation—are shaped by the person’s privacy preferences, concerns and awareness of data practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Why would a person’s privacy decision in a given situation be an inconsistent reflection of their privacy preference?

A

Subject to both external influences (e.g., incomplete information, context) and internal influences (e.g., bounded rationality, experience)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is privacy regret?

A

When an individual realizes that their privacy behavior or the actual data practices of a system or an organization were misaligned with their privacy expectations in a way that negatively affected them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What assumption do informed consent and informed decision-making rely on?

A

The person has fully considered all available information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

List 3 common misconceptions that individuals have about privacy

A
  • Companies securely transfer data
  • They are protected by privacy law (depends on country)
  • If a company has a privacy policy they don’t share data with 3rd parties
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the control paradox?

A

Perceived control over privacy may lead to increased sharing, which in turn may increase privacy risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is bounded rationality?

A

Humans are limited in their ability and time to acquire, memorize and process all information relevant to making a fully informed and rational decision

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

How do individuals compensate for the effects of bounded rationality?

A

Humans rely on heuristics in their decision-making to reach a satisfactory solution rather than an optimal one

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

List some common decision heuristics and biases that can affect privacy decisions and behaviour

A
  • Availability heuristic
  • Representativeness heuristic
  • Anchoring
  • Loss aversion
  • Hyperbolic discounting
  • Optimism bias
  • Status quo bias
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Describe the availability heuristic

A

Due to uncertainty about privacy risks, people may look for other available cues to judge the probability of risks (store’s visual design, presence of a privacy policy, vendor’s reputation)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Describe the representativeness heuristic

A

People may perceive privacy intrusions as low-probability events

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Describe anchoring

A

Available information creates a reference point for future decisions (Survey participants disclose more information when a survey starts with intrusive questions and gradually reduces in sensitivity compared with a survey that increases in sensitivity)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Describe loss aversion

A

Individuals dislike losses more than they like gains

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Describe hyperbolic discounting

A

Even if people claim to care about privacy, they may discount less immediate privacy risks in the moment in favor of immediate gratification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Describe optimism bias

A

People systematically underestimate the likelihood of being affected by a negative event

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Describe status quo bias

A

People have a general affinity for default choices
People often keep default settings even if they are privacy invasive, because they are not aware of the setting and/or its privacy implications, because of associated transaction costs
It is assumed that the default settings are set to protect them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is context-dependendance?

A

What information someone considers appropriate to share varies based on contextual factors, such as the nature or source of the information, the activity or transaction as part of which information may be shared, as well as the people involved

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

List the 4 types of boundary that, when breached, can result in a privacy violation

A
  • Natural borders
  • Social borders
  • Spatial or temporal borders
  • Ephemeral or transitory borders
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What are natural borders?

A

walls, closed doors, clothing, sealed envelopes and encryption protect information by limiting observation by others

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What are social borders?

A

Assumptions or expectations of social norms about confidentiality and respect of one’s privacy, such as confidential relationships with doctors, lawyers or priests; the integrity and confidentiality of personal correspondence; trust in colleagues, friends and family members to not rifle through one’s personal effects; or the assumption that information is not retained longer than required or used for other purposes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What are spatial or temporal borders?

A

Physical distance or the passing of time, separate information from different periods or aspects of a person’s life

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What are ephemeral or transitory borders?

A

Based on assumptions that certain interactions or communication only exist in the moment and are not recorded permanently

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What are dark patterns?

A

Interface or system designs that purposefully exploit cognitive and behavioral biases

34
Q

List some common dark patterns

A
  • Default settings
  • Cumbersome privacy choices
  • Framing (how a choice is described)
  • Rewards and punishment
  • Forced action
  • Norm shaping (showing more revealing photographs sets the norm that that’s ok here)
  • Distractions and delays
35
Q

List the 5 components that determine a system’s usability

A
  • Learnability
  • Efficiency
  • Memorability
  • Errors (how many do they make)
  • Satisfaction
36
Q

What is utility in system design?

A

Does the system support users in satisfying their needs and accomplishing their goals?

37
Q

What is value-sensitive design?

A

Design approach that accounts for ethical values, such as privacy, in addition to usability-oriented design goals

38
Q

How do you apply value-sensitive design?

A
  • Clarify project values
  • Identify direct and indirect stakeholders
  • Identify benefits and harms
  • Identify and elicit potential values
  • Develop working definitions of key values
  • Identify potential value tensions
  • Value-oriented design and development
39
Q

Describe the different forms privacy notices can take

A
  • Privacy policies
  • Informational privacy resources
  • Integrated privacy notices
  • Privacy indicators
  • Privacy reminders
40
Q

Describe the general types of consent interfaces

A
  • Integrated consent prompt
  • Decoupled opt-out
  • Integrated opt-out
  • Delegated consent
41
Q

Why is an opt-out useless as documentation of informed consent?

A

It cannot be guaranteed that a user made an actual decision

42
Q

Provide an example of an integrated consent prompt

A

Checkbox accepting data storage practices before you submit a form containing personal information

43
Q

What is a decoupled opt-out?

A

Not integrated into the UX

User has to seek them out and may not be aware of their existence or of the data practice they pertain to

44
Q

What is an integrated opt-out?

A

Opt-out option which is present in the context in which people might need and want to use them
Example: Unsubscribe link in email communication

45
Q

What is delegated consent?

A

Consent that is not directly obtained by the first party but rather by a different service or platform provider

46
Q

Provide an example of delegated consent

A

Apps do not directly ask users for access to resources on the smartphone (e.g., location, contacts, text messages), but instead programmatically declare required permissions to the smartphone
The smartphone operating system then generates a respective permission prompt

47
Q

What are the advantages of delegated consent?

A

Consistent interface which facilitates learnability and reduces cognitive load

48
Q

What are privacy settings?

A

Privacy settings typically aggregate the privacy choices and controls available to a user of a given product or service in one place

49
Q

List the 2 types of privacy settings

A
  • First-party privacy settings - from the service provider or product manufacturer
  • Platform privacy settings - controlled by the platform (ex. a browser)
50
Q

What is typically included in a privacy dashboard?

A
  • Activity timelines
  • Data summaries (or access to actual data)
  • Viewing privacy settings
  • Links to privacy resources
51
Q

What operations should a privacy dashboard support?

A
  • Viewing data
  • Enabling data correction
  • Export of data
  • Delete data
  • Update privacy settings
52
Q

What are the 3 properties of meaningful consent?

A
  • Specific
  • Informed
  • Freely given
53
Q

What is habituation in a privacy context?

A

Repeated exposure to seemingly irrelevant privacy notices or dialogs results in people paying little attention to them

54
Q

What is poor discoverability in a privacy context?

A

Decoupling privacy choices from the UX and making them hard to locate
Splitting up privacy settings into multiple locations can also be confusing to users who assume they have found all the relevant controls

55
Q

Provide examples of confusing privacy interfaces

A

Icons that don’t clearly identify what they mean
Privacy choices or opt-outs whose effects are unclear
Privacy controls that behave contradictory to expectations

56
Q

What is Wogalter’s communication-human information processing (C-HIP) model?

A

It explains how humans perceive, process and react to warnings

57
Q

What is the Human in the loop (HILP) model?

A

Adapts the C-HIP model for security (and privacy)

58
Q

What do the C-HIP and HILP models describe?

A

A similar progression of steps in human information processing, which, if not considered properly, can present a hurdle for a privacy interface in achieving its goal

59
Q

What are the key steps of the information processing model as it pertains to privacy?

A
  • Communication
  • Attention
  • Comprehension
  • Intention
  • Behaviour
60
Q

List the 5 privacy design principles

A
  • User centric
  • Relevant
  • Understandable
  • Actionable
  • Integrated
61
Q

What are the 6 steps to combine UX, PIA, and value-sensitive design?

A
  • Build on privacy assessment, privacy management and privacy engineering practice to systematically identify a system’s user rights and transparency requirements
  • Identify users and their privacy needs by identifying stakeholders and eliciting their privacy expectations and privacy concerns as well as their privacy information needs and privacy control needs
  • Identify unexpected data practices, which are those that users are unaware of or might be surprised by, to help prioritize which data practices and controls to highlight
  • Integrate privacy interfaces into system’s UX by determining which privacy notices and controls are most relevant to a user at which points in the UX
  • Leverage the available design space for privacy notices and controls to develop user-centric privacy interfaces that work within a system’s constraints
  • Conduct user testing to evaluate the usability and usefulness of developed privacy interfaces
62
Q

What are the different times when you can include a privacy control?

A
  • At setup
  • Just in time
  • Context-dependent
  • Periodic
  • Persistent
  • On demand
63
Q

What channels can be used to present privacy information?

A

Primary - within the actual system
Secondary - within another system (fitbit)
Public - on the manufacturer’s website

64
Q

What are the 3 levels of control you can offer to a user?

A
  • Blocking (forcing the user to interact with the control)
  • Non-blocking (do not interrupt the flow)
  • Decoupled
65
Q

What are the 2 common underlying challenges that lead to configuration mistakes

A

Gulf of evaluation

Gulf of execution

66
Q

What is the gulf of evaluation?

A

Understanding the state of the system

67
Q

What is the gulf of execution?

A

Taking action to accomplish a specific goal

68
Q

What is the purpose of a formative evaluation?

A

Used to gain insights into which aspects of a prototype or product could use improvements
Small scale and focus on gathering rich qualitative insights that can be used to improve a product

69
Q

What is the purpose of a summative evaluation?

A

Used to draw comparisons between a prototype or product and some benchmark (e.g., previous version, competing product)
Generally conducted once the design team believes they are done

70
Q

What is A/B testing?

A

Refers to tests where some users of a product or service see version A and others see version B

71
Q

What is ecological validity?

A

Refers to the realism of the methods, materials and setting of a user study or usability test

72
Q

Provide an example situation that lacks ecological validity

A

If a study participant sitting in a usability lab is shown a privacy policy or any other privacy interface and asked questions about it without being provided with any context or reason for wanting to read the policy, the resulting usability evaluation will lack ecological validity. In this case, participants may pay more attention to the policy than they would in real life, when privacy is likely not their primary concern.

73
Q

Why should you not mention that a study is about privacy when soliciting participants?

A

To avoid self-selection bias where people who already have an interest or opinion regarding privacy will respond, but those who prefer to ignore the topic won’t

74
Q

What key moral and ethical values are considered in value-sensitive design?

A
  • Trust
  • Fairness
  • Informed consent
  • Courtesy
  • Freedom from bias
75
Q

List the 3 types of value-sensitive investigations

A
  • Conceptual
  • Empirical
  • Technical
76
Q

What is the purpose of a conceptual investigation in value-sensitive design?

A

Identifies the direct and indirect stakeholders, attempts to establish what those stakeholders might value, and determines how those stakeholders may be affected by the design

77
Q

What is the purpose of an empirical investigation in value-sensitive design?

A

Focuses on how stakeholders configure, use or are otherwise affected by the technology

78
Q

What is the purpose of a technical investigation in value-sensitive design?

A

Examines how the existing technology supports or hinders human values and how the technology might be designed to support the values identified in the conceptual investigation

79
Q

List the 14 value-sensitive design methods

A
  • Direct and indirect stakeholder analysis
  • Value source analysis
  • Co-evolution of technology and social structure
  • Value scenarios
  • Value sketches
  • Value-oriented semi-structured interviews
  • Scalable information dimensions
  • Value-oriented coding manuals
  • Value-oriented mockups, prototypes, or field deployments
  • Ethnographically-informed inquiries regarding values and technology
  • The model of informed consent online
  • Value dams and flows
  • The value-sensitive action reflection model
  • Envisioning cards
80
Q

List 6 strategies for embedding value-sensitive design into technology

A
  • Clarify project values
  • Identify direct and indirect stakeholders
  • Identify benefits and harms for stakeholders
  • Identify and elicit potential values
  • Develop working definitions of key values
  • Identify potential value tensions
81
Q

What are the 5 steps of the Design Thinking process?

A
  • Empathize
  • Define
  • Ideate
  • Prototype
  • Test