The effect of privacy salience on end-user behaviour : an experimental approach based on the theory of planned behaviour

End-User privacy concerns surrounding use of Social Networks present new and complex problems for research. Specifically, a phenomenon known as “the Privacy Paradox” has been observed where end-users stated concerns, attitudes and intended behaviour are not consistent with the actual behaviour within the network. Numerous causes have been proposed as potentially being the root of the problem of this paradoxical phenomenon including a lack of user awareness of privacy issues, a low level skill in using technology or a lack of privacy salience within the social network itself. However, the role of the User Interface (UI) in contributing to, and potentially providing a solution to, poor privacy behaviour is under-explored. A potentially fruitful avenue of enquiry given that behaviour is considered to be a reaction to environmental stimulus and the UI provides the environment within which the user is interacting. This thesis implements a two phase approach to furthering understanding of privacy behaviour in social networks. First, a survey is implemented exploring the relationship of concepts within the privacy paradox identifying that users stated needs are not being met by their observable behaviour. Secondly, two experiments are implemented in order to explore this behaviour as an interaction with the network; these questions are answered to build a social network profile and can be grouped according to their potential sensitivity. A model of social psychology, the Theory of Planned Behaviour (TPB), is used to develop such experiments in order to examine the cognition behind these interactions. Each of the salient influencers defined by the TPB is used to inform a series of UI treatments and form the basis for experiment groups. An initial experiment explores the method and is used to inform the design of the second, which also introduces a factorial design to explore the relationships between treatments. These experiments show that participants within the treatment groups disclose less information than the control, with statistical significance. Within the first experiment this non-disclosure took place across all questions sensitivities, possibly due to limitations in the experimental method. However, participants in experiment two appear far more selective in their disclosure, choosing not to answer more sensitive questions suggesting that they thought of their privacy while interacting with the system. Findings within this thesis suggest that the UI plays an important role in influencing end-user behaviour as it can inform the context of the interaction as it happens.

[1]  L. Jean Camp,et al.  Security and Morality: A Tale of User Deceit , 2006, MTW.

[2]  Alessandro Acquisti,et al.  Misplaced Confidences , 2013, WEIS.

[3]  Fabien L. Gandon,et al.  Semantic web technologies to reconcile privacy and context awareness , 2003, Journal of Web Semantics.

[4]  Olli Pitkänen,et al.  Users' Awareness of Privacy on Online Social Networking Sites - Case Facebook , 2009, Bled eConference.

[5]  Kori Inkpen Quinn,et al.  Gathering evidence: use of visual security cues in web browsers , 2005, Graphics Interface.

[6]  Nora J. Rifon,et al.  Promoting i-Safety: Effects of Privacy Warnings and Privacy Seals on Risk Assessment and Online Privacy Behavior , 2007 .

[7]  Luke Church,et al.  Privacy suites: shared privacy for social networks , 2009, SOUPS.

[8]  Jonathan Bishop,et al.  Increasing participation in online communities: A framework for human-computer interaction , 2007, Comput. Hum. Behav..

[9]  Kerk F. Kee,et al.  Is There Social Capital in a Social Network Site?: Facebook Use and College Students’ Life Satisfaction, Trust, and Participation 1 , 2009 .

[10]  Starr Roxanne Hiltz,et al.  Trust and Privacy Concern Within Social Networking Sites: A Comparison of Facebook and MySpace , 2007, AMCIS.

[11]  E. B. Zechmeister,et al.  Research Methods in Psychology. , 1990 .

[12]  Judith Donath,et al.  Public Displays of Connection , 2004 .

[13]  R. West Time for a change: putting the Transtheoretical (Stages of Change) Model to rest. , 2005, Addiction.

[14]  A. Tversky,et al.  Prospect theory: an analysis of decision under risk — Source link , 2007 .

[15]  A. Bandura Social Foundations of Thought and Action: A Social Cognitive Theory , 1985 .

[16]  Sören Preibusch Experiments and formal methods for privacy research , 2010 .

[17]  Joshua Fogel,et al.  Internet social network communities: Risk taking, trust, and privacy concerns , 2009, Comput. Hum. Behav..

[18]  Aaron Marcus,et al.  Metaphor design in user interfaces , 1998, ASTR.

[19]  Susan B. Barnes,et al.  A privacy paradox: Social networking in the United States , 2006, First Monday.

[20]  Kieran Mathieson,et al.  Predicting User Intentions: Comparing the Technology Acceptance Model with the Theory of Planned Behavior , 1991, Inf. Syst. Res..

[21]  Alfred Kobsa,et al.  Dimensionality of information disclosure behavior , 2013, Int. J. Hum. Comput. Stud..

[22]  Alessandro Acquisti,et al.  Privacy Attitudes and Privacy Behavior - Losses, Gains, and Hyperbolic Discounting , 2004, Economics of Information Security.

[23]  Heather Richter Lipford,et al.  Understanding Privacy Settings in Facebook with an Audience View , 2008, UPSEC.

[24]  K. Strater,et al.  Strategies and struggles with privacy in an online social networking community , 2008 .

[25]  Betsy Masiello Deconstructing the Privacy Experience , 2009, IEEE Security & Privacy.

[26]  Mary-Anne Williams,et al.  Privacy in Social Networks: a Comparative Study , 2009, PACIS.

[27]  I. Ajzen,et al.  Predicting dishonest actions using the theory of planned behavior , 1991 .

[28]  Adam N. Joinson,et al.  Measuring self-disclosure online: Blurring and non-response to sensitive items in web-based surveys , 2008, Comput. Hum. Behav..

[29]  John Ingham,et al.  Why do people use information technology? A critical review of the technology acceptance model , 2003, Inf. Manag..

[30]  Balachander Krishnamurthy,et al.  Characterizing privacy in online social networks , 2008, WOSN '08.

[31]  Daniel J. Solove A Taxonomy of Privacy , 2006 .

[32]  Harry Hochheiser,et al.  Research Methods for Human-Computer Interaction , 2008 .

[33]  Sacha Brostoff,et al.  Transforming the ‘Weakest Link’ — a Human/Computer Interaction Approach to Usable and Effective Security , 2001 .

[34]  J. Melton,et al.  Students and Social Networking Sites: A Model of Inappropriate Posting , 2011 .

[35]  Alessandro Acquisti,et al.  The Best of Strangers: Context Dependent Willingness to Divulge Personal Information , 2009 .

[36]  Harry Hochheiser,et al.  HCI and Societal Issues: A Framework for Engagement , 2007, Int. J. Hum. Comput. Interact..

[37]  Kristen LeFevre,et al.  Privacy wizards for social networking sites , 2010, WWW '10.

[38]  Richard G. Lomax An Introduction to Statistical Concepts , 2007 .

[39]  E. Goffman The Presentation of Self in Everyday Life , 1959 .

[40]  Colin Potts,et al.  Privacy practices of Internet users: Self-reports versus observed behavior , 2005, Int. J. Hum. Comput. Stud..

[41]  Scott D. Mainwaring,et al.  1 Privacy Issues and Human-Computer Interaction , 2008 .

[42]  Emily Christofides,et al.  Information Disclosure and Control on Facebook: Are They Two Sides of the Same Coin or Two Different Processes? , 2009, Cyberpsychology Behav. Soc. Netw..

[43]  Chareen Snelson,et al.  Image and video disclosure of substance use on social media websites , 2010, Comput. Hum. Behav..

[44]  David J. Houghton,et al.  Privacy, Social Network Sites, and Social Relations , 2010 .

[45]  R. Lyman Ott.,et al.  An introduction to statistical methods and data analysis , 1977 .

[46]  P. Sheeran,et al.  Does changing behavioral intentions engender behavior change? A meta-analysis of the experimental evidence. , 2006, Psychological bulletin.

[47]  Lorrie Faith Cranor,et al.  User interfaces for privacy agents , 2006, TCHI.

[48]  Guy G. Gable,et al.  Integrating case study and survey research methods: an example in information systems , 1994 .

[49]  Steven Furnell,et al.  The challenges of understanding and using security: A survey of end-users , 2006, Comput. Secur..

[50]  Dogan Kesdogan,et al.  Privacy in E-Commerce , 2001 .

[51]  Daniele Quercia,et al.  The personality of popular facebook users , 2012, CSCW.

[52]  Paul Dourish,et al.  Collective Information Practice: Exploring Privacy and Security as Social and Cultural Phenomena , 2006, Hum. Comput. Interact..

[53]  Daniel R. Horne,et al.  The Privacy Paradox: Personal Information Disclosure Intentions versus Behaviors , 2007 .

[54]  Anil Kumar Understanding Privacy , 2010 .

[55]  H. Klein,et al.  Information systems research: contemporary approaches and emergent traditions , 1991 .

[56]  Blair H. Sheppard,et al.  The Theory of Reasoned Action: A Meta-Analysis of Past Research with Recommendations for Modifications and Future Research , 1988 .

[57]  Hugh Coolican Research Methods and Statistics in Psychology , 1993 .

[58]  A. Tversky,et al.  Prospect Theory : An Analysis of Decision under Risk Author ( s ) : , 2007 .

[59]  Bernhard Debatin,et al.  Facebook and Online Privacy: Attitudes, Behaviors, and Unintended Consequences , 2009, J. Comput. Mediat. Commun..

[60]  Mari Martiskainen,et al.  Affecting consumer behaviour on energy demand , 2007 .

[61]  A. Westin Social and Political Dimensions of Privacy , 2003 .

[62]  M. Levi,et al.  Technologies, Security, and Privacy in the Post-9/11 European Information Society , 2004 .

[63]  Joel R. Reidenberg,et al.  Can User Agents Accurately Represent Privacy Policies , 2002 .

[64]  J. Grimshaw,et al.  Constructing questionnaires based on the theory of planned behaviour: A manual for health services researchers , 2004 .

[65]  J. Jacko,et al.  The human-computer interaction handbook: fundamentals, evolving technologies and emerging applications , 2002 .

[66]  Clifford Nass,et al.  Can User Choice Alter Experimental Findings in Human–Computer Interaction?: Similarity Attraction Versus Cognitive Dissonance in Social Responses to Synthetic Speech , 2011, Int. J. Hum. Comput. Interact..

[67]  Min Wu,et al.  Do security toolbars actually prevent phishing attacks? , 2006, CHI.

[68]  Wayne F. Velicer,et al.  Stages of change in psychotherapy: Measurement and sample profiles. , 1983 .

[69]  B. J. Fogg,et al.  Persuasive computers: perspectives and research directions , 1998, CHI.

[70]  Paul Dourish,et al.  Unpacking "privacy" for a networked world , 2003, CHI '03.

[71]  John C. Hancock,et al.  Signal Detection Theory , 1966 .

[72]  B. J. Fogg,et al.  Persuasive technology: using computers to change what we think and do , 2002, UBIQ.

[73]  James A. Landay,et al.  Personal privacy through understanding and action: five pitfalls for designers , 2004, Personal and Ubiquitous Computing.

[74]  M. Conner,et al.  The Theory of Planned Behaviour , 2004 .

[75]  Jisuk Woo,et al.  The right not to be identified: privacy and anonymity in the interactive media environment , 2006, New Media Soc..

[76]  Seounmi Youn Determinants of Online Privacy Concern and Its Influence on Privacy Protection Behaviors Among Young Adolescents , 2009 .

[77]  Erik Stolterman,et al.  Exploring the assumptions underlying information systems methodologies: Their impact on past, present and future ISM research , 2000, Inf. Technol. People.

[78]  Chava Nachmias,et al.  Research Methods in the Social Sciences , 1976 .

[79]  Alfred Kobsa,et al.  Privacy-enhanced personalization , 2007, CACM.

[80]  J. Teasdale Self-efficacy: Toward a unifying theory of behavioural change? , 1978 .

[81]  Sean W. Smith,et al.  Security and Cognitive Bias: Exploring the Role of the Mind , 2012, IEEE Security & Privacy.

[82]  Alessandro Acquisti,et al.  Information revelation and privacy in online social networks , 2005, WPES '05.

[83]  Hock-Hai Teo,et al.  The Value of Privacy Assurance: An Exploratory Field Experiment , 2007, MIS Q..

[84]  Peter A. Todd,et al.  Understanding Information Technology Usage: A Test of Competing Models , 1995, Inf. Syst. Res..

[85]  Yang Wang,et al.  Privacy nudges for social media: an exploratory Facebook study , 2013, WWW.

[86]  B. J. Fogg,et al.  Online Persuasion in Facebook and Mixi: A Cross-Cultural Comparison , 2008, PERSUASIVE.

[87]  Esma Aïmeur,et al.  UPP: User Privacy Policy for Social Networking Sites , 2009, 2009 Fourth International Conference on Internet and Web Applications and Services.

[88]  Melanie Tory,et al.  Human factors in visualization research , 2004, IEEE Transactions on Visualization and Computer Graphics.

[89]  Antti Oulasvirta,et al.  Field Experiments in HCI: Promises and Challenges , 2009 .

[90]  Mark S. Ackerman,et al.  Beyond Concern: Understanding Net Users' Attitudes About Online Privacy , 1999, ArXiv.

[91]  H. Jeff Smith,et al.  Information Privacy: Measuring Individuals' Concerns About Organizational Practices , 1996, MIS Q..

[92]  Alain Forget,et al.  Influencing users towards better passwords: persuasive cued click-points , 2008 .

[93]  Steven M. Bellovin,et al.  Facebook and privacy: it's complicated , 2012, SOUPS.

[94]  I. Ajzen,et al.  Understanding Attitudes and Predicting Social Behavior , 1980 .

[95]  A. Portes Social Capital: Its Origins and Applications in Modern Sociology , 1998 .

[96]  Andrew Howes,et al.  The problem of conflicting social spheres: effects of network structure on experienced tension in social network sites , 2009, CHI.

[97]  Nicholas Christakis,et al.  The Taste for Privacy: An Analysis of College Student Privacy Settings in an Online Social Network , 2008, J. Comput. Mediat. Commun..

[98]  Jason P. Mitchell,et al.  Disclosing information about the self is intrinsically rewarding , 2012, Proceedings of the National Academy of Sciences.