On the Awareness, Control and Privacy of Shared Photo Metadata

With the continuously rising number of shared photos, metadata is also increasingly shared, possibly with a huge and potentially unseen impact on the privacy of people. Users often relinquish the control over their photos and the embedded metadata when uploading them. Our results confirm that the concept of metadata is still not commonly known and even people who know about the concept are not aware of the full extent of what is shared. In this work we present two solutions, one to raise awareness about metadata in online photos and one to offer a user-friendly way to gain control over what and how metadata is shared. We assess user interest in options ranging from deletion and modification to encryption and third party storage. We present results from a lab study (\(\mathrm {n}=43\)) in which we evaluated user acceptance, feelings and usability of the proposed solutions. Many of our participants expressed the desire for user-friendly mechanisms to control the privacy of metadata. 33 % of them did not simply want to delete their metadata, but preferred to use encryption to share, but nonetheless protect, their data.

[1]  Alexander De Luca,et al.  Using data type based security alert dialogs to raise online security awareness , 2011, SOUPS.

[2]  Yvo Desmedt,et al.  Poster: preliminary analysis of Google+'s privacy , 2011, CCS '11.

[3]  Matthew Smith,et al.  Awareness about Photos on the Web and How Privacy-Privacy-Tradeoffs Could Help , 2013, Financial Cryptography Workshops.

[4]  Gerald Friedland,et al.  Cybercasing the Joint: On the Privacy Implications of Geo-Tagging , 2010, HotSec.

[5]  Heather Richter Lipford,et al.  Moving beyond untagging: photo privacy in a tagged world , 2010, CHI.

[6]  B. Thomas,et al.  Usability Evaluation In Industry , 1996 .

[7]  Dongwan Shin,et al.  An empirical study of visual security cues to prevent the SSLstripping attack , 2011, ACSAC '11.

[8]  Matthew Smith,et al.  Confidentiality as a Service -- Usable Security for the Cloud , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[9]  Bruce Christianson,et al.  Security Protocols XX , 2012, Lecture Notes in Computer Science.

[10]  J. B. Brooke,et al.  SUS: A 'Quick and Dirty' Usability Scale , 1996 .

[11]  Matthew Smith,et al.  Helping Johnny 2.0 to encrypt his Facebook conversations , 2012, SOUPS.

[12]  Matthew Smith,et al.  SnapMe if you can: privacy threats of other peoples' geo-tagged media and what we can do about it , 2013, WiSec '13.

[13]  Yvo Desmedt,et al.  Usable Privacy by Visual and Interactive Control of Information Flow , 2012, Security Protocols Workshop.

[14]  Blase Ur,et al.  Tag, you can see it!: using tags for access control in photo sharing , 2012, CHI.

[15]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.