"I feel stupid I can't delete...": A Study of Users' Cloud Deletion Practices and Coping Strategies

Deletion of data from cloud storage and services is an important aspect of privacy and security. But how easy or simple a task is it for users to complete? Cloud users' deletion practices, challenges and coping strategies have not been well studied to date. We undertook an exploratory study to better understand this issue. Through in-depth semi-structured interviews and use of deletion scenarios with 26 subjects, we explored several key questions: why and when cloud users would like to delete, why cloud users cannot delete, what causes such failures, what users do to work around these problems, and finally what do users want in terms of usable deletion in the cloud. We found that users' failure to delete arises from lack of information about deletion, incomplete mental models of the cloud and deletion within the cloud, and poorly designed user interfaces for deletion functions. Our results also show that users develop different coping strategies such as deleting from certain devices only, seeking help and changing service providers, to overcome such challenges. However, these strategies may not always produce desired results. We also discuss potential ways to improve the usability of deletion in the cloud.

[1]  A. Strauss,et al.  The discovery of grounded theory: strategies for qualitative research aldine de gruyter , 1968 .

[2]  Rick Wash,et al.  Organization Interfaces—collaborative computing General Terms , 2022 .

[3]  Steven M. Bellovin,et al.  Facebook and privacy: it's complicated , 2012, SOUPS.

[4]  Sunny Consolvo,et al.  "...No one Can Hack My Mind": Comparing Expert and Non-Expert Security Practices , 2015, SOUPS.

[5]  Matt Blaze,et al.  Why (Special Agent) Johnny (Still) Can't Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System , 2011, USENIX Security Symposium.

[6]  Frank Teuteberg,et al.  The role of trust and risk perceptions in cloud archiving — Results from an empirical study , 2014 .

[7]  Natalia Criado,et al.  Resolving Multi-Party Privacy Conflicts in Social Media , 2015, IEEE Transactions on Knowledge and Data Engineering.

[8]  Franziska Roesner,et al.  Investigating the Computer Security Practices and Needs of Journalists , 2015, USENIX Security Symposium.

[9]  Yang Tang,et al.  A Secure Cloud Backup System with Assured Deletion and Version Control , 2011, 2011 40th International Conference on Parallel Processing Workshops.

[10]  Alessandro Acquisti,et al.  Tweets are forever: a large-scale quantitative analysis of deleted tweets , 2013, CSCW.

[11]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[12]  Blase Ur,et al.  "i read my Twitter the next morning and was astonished": a conversational perspective on Twitter regrets , 2013, CHI.

[13]  Jose M. Such,et al.  Assured Deletion in the Cloud: Requirements, Challenges and Future Directions , 2016, CCSW.

[14]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[15]  Chris Kanich,et al.  "I Saw Images I Didn't Even Know I Had": Understanding User Perceptions of Cloud Storage Privacy , 2015, CHI.

[16]  Eleanor McLellan,et al.  Codebook Development for Team-Based Qualitative Analysis , 1998 .

[17]  Myeong-Cheol Park,et al.  Privacy concerns and benefits in SaaS adoption by individual users , 2016 .

[18]  Srdjan Capkun,et al.  Home is safer than the cloud!: privacy concerns for consumer cloud storage , 2011, SOUPS.

[19]  Alessandro Sorniotti,et al.  Policy-based secure deletion , 2013, IACR Cryptol. ePrint Arch..

[20]  Alice E. Marwick,et al.  Social Privacy in Networked Publics: Teens’ Attitudes, Practices, and Strategies , 2011 .

[21]  Lorrie Faith Cranor,et al.  Necessary But Not Sufficient: Standardized Mechanisms for Privacy Notice and Choice , 2012, J. Telecommun. High Technol. Law.

[22]  Yang Wang,et al.  "I regretted the minute I pressed share": a qualitative study of regrets on Facebook , 2011, SOUPS.

[23]  Lorrie Faith Cranor,et al.  Bridging the Gap in Computer Security Warnings: A Mental Model Approach , 2011, IEEE Security & Privacy.

[24]  J. Reeve,et al.  Solutions to problematic polypharmacy: learning from the expertise of patients. , 2015, The British journal of general practice : the journal of the Royal College of General Practitioners.

[25]  K. Charmaz,et al.  Constructing Grounded Theory , 2014 .

[26]  L. Jean Camp,et al.  Mental models of privacy and security , 2009, IEEE Technology and Society Magazine.

[27]  Yang Tang,et al.  FADE: Secure Overlay Cloud Storage with File Assured Deletion , 2010, SecureComm.