Cybersecurity - Human Factors in privacy Flashcards
User Privacy
Privacy is about controlling who sees your personal information and keeping it safe from unauthorized access.
📌 Example: Turning off location tracking on your phone so apps can’t follow where you go.
The Right to Be Let Alone
This means people should be free from unnecessary surveillance or interference.
📌 Example: No one should read your private messages unless you allow them.
Westin’s Four Privacy States
A model that describes how people share information:
1️⃣ Solitude – Keeping information to yourself.
2️⃣ Intimacy – Sharing with a few trusted people.
3️⃣ Anonymity – Keeping your identity hidden.
4️⃣ Reserve – Controlling what you share in public.
📌 Example: Posting on Instagram with a private account (reserve) vs. posting publicly (no anonymity).
Solove’s Privacy Taxonomy
Privacy risks fall into four main types:
1️⃣ Collection – Data is gathered without consent.
2️⃣ Processing – Data is stored or analyzed without control.
3️⃣ Dissemination – Private data is shared or leaked.
4️⃣ Invasion – Personal space or decisions are interfered with.
📌 Example: A company tracking your web activity without telling you (collection).
Contextual Integrity
Privacy depends on the context in which data is shared. Some situations require more protection than others.
📌 Example: Medical records should be more private than a restaurant review you post online.
Surveillance Capitalism
Companies collect personal data to predict and influence behavior, often to make money from ads.
📌 Example: Google tracks your searches to show ads based on your interests.
The Privacy Paradox
People say they care about privacy but still share a lot of personal data online.
📌 Example: Someone complains about online tracking but accepts all cookies on websites.
Privacy Calculus
People weigh the benefits and risks before deciding to share data.
📌 Example: You give your email to get a discount on an online store, even though you might receive spam emails later.
Trust and Risk in Privacy
People are more likely to share personal data if they trust the company handling it.
📌 Example: Users trust Apple’s privacy policies more than a random unknown website.
Theory of Planned Behavior
People’s privacy decisions depend on attitudes, social pressure, and control over their choices.
📌 Example: If all your friends share personal photos online, you might feel pressured to do the same.
Cognitive Consistency Theories
People adjust their thinking to avoid feeling uncomfortable about their privacy choices.
📌 Example: “I know Facebook tracks me, but I still use it because everyone else does.”
Deceptive Design (Dark Patterns)
Tricks that push users to share more data than they intend to.
📌 Example: A website hides the “Reject Cookies” button, making it hard to refuse tracking.
Privacy Nudges
Small reminders or changes that help people make better privacy choices.
📌 Example: A pop-up asks, “Are you sure you want to post your location?” before sharing.
Information Asymmetry
Companies know more about users than users know about them.
📌 Example: Google knows what you search, but you don’t know how much data they store
Bounded Rationality
People don’t always make the best privacy decisions because they have limited time and knowledge.
📌 Example: Accepting a long privacy policy without reading it because it’s too complicated.
Present Bias
People focus on immediate benefits rather than future privacy risks.
📌 Example: Sharing personal details to enter a giveaway without thinking about how your data might be used later.
Illusory Control
People think they have more control over their privacy than they actually do.
📌 Example: Someone uses strong passwords but shares private details on social media.
Herding Effect
People follow what others do, even if it’s unsafe.
📌 Example: Using TikTok even though it collects a lot of personal data, just because everyone else does.
Privacy Grieving Stages
When people lose privacy, they react in five emotional stages:
1️⃣ Denial – “Nobody cares about my data.”
2️⃣ Anger – “Why do companies spy on me?”
3️⃣ Bargaining – “I’ll give some data, but not too much.”
4️⃣ Resignation – “Privacy is dead anyway.”
5️⃣ Acceptance – “I’ll take steps to protect my data.”
📌 Example: Someone who starts using encrypted messaging apps after realizing privacy matters.
WO Personas (Website Owner Privacy Challenges)
Website owners have different attitudes toward privacy:
1️⃣ Privacy Enthusiasts – Care a lot about user privacy.
2️⃣ Compliant Owners – Follow laws but don’t go beyond.
3️⃣ Indifferent Owners – Don’t care about privacy unless forced.
📌 Example: Signal (privacy-focused) vs. Facebook (compliant but still collects lots of data).
Default Effect in Privacy
People tend to stick with default settings, even if they harm privacy.
📌 Example: Many users never change Facebook’s default privacy settings, leaving their data exposed.
Transparency in Privacy
Users should clearly understand how their data is used.
📌 Example: A website explains in simple words how it collects and stores your data.
Social Influence on Privacy
People change privacy behaviors based on what their friends or colleagues do.
📌 Example: If your friends all cover their laptop webcams, you might do the same.
Online Experiment on Privacy Behavior
Studies show that people often accept tracking without thinking.
📌 Example: A test found that most people accept cookies by default, even if an opt-out button is available.
