Challenges in supporting end-user privacy and security management with social navigation

Social navigation is a promising approach for supporting privacy and security management. By aggregating and presenting the choices made by others, social navigation systems can provide users with easily understandable guidance on security and privacy decisions, rather than requiring that they understand low-level technical details in order to make informed decisions. We have developed two prototype systems to explore how social navigation can help users manage their privacy and security. The Acumen system employs social navigation to address a common privacy activity, managing Internet cookies, and the Bonfire system uses social navigation to help users manage their personal firewall. Our experiences with Acumen and Bonfire suggest that, despite the promise of social navigation, there are significant challenges in applying these techniques to the domains of end-user privacy and security management. Due to features of these domains, individuals may misuse community data when making decisions, leading to incorrect individual decisions, inaccurate community data, and "herding" behavior that is an example of what economists term an informational cascade. By understanding this phenomenon in these terms, we develop and present two general approaches for mitigating herding in social navigation systems that support end-user security and privacy management, mitigation via algorithms and mitigation via user interaction. Mitigation via user interaction is a novel and promising approach to mitigating cascades in social navigation systems.

[1]  Julia Schmid,et al.  Do Individuals Recognize Cascade Behavior of Others , 2006 .

[2]  A. Banerjee,et al.  A Simple Model of Herd Behavior , 1992 .

[3]  W. Keith Edwards,et al.  Security automation considered harmful? , 2008, NSPW '07.

[4]  Robert S. Baron,et al.  The forgotten variable in conformity research: Impact of task importance on social influence. , 1996 .

[5]  Paul Resnick,et al.  Slash(dot) and burn: distributed moderation in a large online conversation space , 2004, CHI.

[6]  Sean M. McNee,et al.  Don't look stupid: avoiding pitfalls when recommending research papers , 2006, CSCW '06.

[7]  I. Welch,et al.  Rational herding in financial economics , 1996 .

[8]  Elizabeth D. Mynatt,et al.  Supporting Privacy Management via Community Experience and Expertise , 2005 .

[9]  Paul Resnick,et al.  The influence limiter: provably manipulation-resistant recommender systems , 2007, RecSys '07.

[10]  M. Deutsch,et al.  A study of normative and informational social influences upon individual judgement. , 1955, Journal of abnormal psychology.

[11]  Paul Dourish,et al.  Social navigation as a model for usable security , 2005, SOUPS '05.

[12]  John Riedl,et al.  Is seeing believing?: how recommender system interfaces affect users' opinions , 2003, CHI '03.

[13]  Paul Dourish,et al.  Unpacking "privacy" for a networked world , 2003, CHI '03.

[14]  Mark S. Ackerman,et al.  Privacy in e-commerce: examining user scenarios and privacy preferences , 1999, EC '99.

[15]  Bernardo A. Huberman,et al.  The laws of the web - patterns in the ecology of information , 2001 .

[16]  Paul Resnick,et al.  Reputation systems , 2000, CACM.

[17]  Kristina Höök,et al.  Designing Information Spaces: The Social Navigation Approach , 2003, Computer Supported Cooperative Work.

[18]  Joseph Turow,et al.  Americans Online Privacy: The System Is Broken , 2003 .

[19]  Batya Friedman,et al.  Informed consent in the Mozilla browser: implementing value-sensitive design , 2002, Proceedings of the 35th Annual Hawaii International Conference on System Sciences.

[20]  Matthew Richardson,et al.  Mining the network value of customers , 2001, KDD '01.

[21]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[22]  Paul Dourish,et al.  Running Out of Space: Models of Information Navigation , 1999 .

[23]  I. Welch Sequential Sales, Learning, and Cascades , 1992 .

[24]  John Riedl,et al.  GroupLens: an open architecture for collaborative filtering of netnews , 1994, CSCW '94.

[25]  Charles A. Holt,et al.  information cascade experiments , 2010 .

[26]  Mary Beth Rosson,et al.  Looking for trouble: understanding end-user security management , 2007, CHIMIT '07.

[27]  S. Bikhchandani,et al.  You have printed the following article : A Theory of Fads , Fashion , Custom , and Cultural Change as Informational Cascades , 2007 .

[28]  Paul Dourish,et al.  Security in the wild: user strategies for managing security as an everyday, practical problem , 2004, Personal and Ubiquitous Computing.

[29]  Colin Potts,et al.  Privacy policies as decision-making tools: an evaluation of online privacy notices , 2004, CHI.

[30]  Dan Cosley,et al.  Think different: increasing online community participation using uniqueness and group dissimilarity , 2004, CHI.

[31]  S. Thompson Social Learning Theory , 2008 .

[32]  Nahid Shahmehri,et al.  Usability and Security of Personal Firewalls , 2007, SEC.

[33]  Colin Potts,et al.  Privacy practices of Internet users: Self-reports versus observed behavior , 2005, Int. J. Hum. Comput. Stud..

[34]  Paul Dourish,et al.  Extending document management systems with user-specific active properties , 2000, TOIS.

[35]  Julia Schmid,et al.  Do individuals recognize cascade behavior of others? : An experimental study , 2008 .

[36]  John Riedl,et al.  tagging, communities, vocabulary, evolution , 2006, CSCW '06.

[37]  Paul Jones,et al.  Secrets and Lies: Digital Security in a Networked World , 2002 .

[38]  CranorLorrie Faith What do they "indicate?" , 2006 .

[39]  Nahid Shahmehri,et al.  User help techniques for usable security , 2007, CHIMIT '07.

[40]  Batya Friedman,et al.  Cookies and Web browser design: toward realizing informed consent online , 2001, CHI.

[41]  Urs Birchler,et al.  Learning and cascades , 2007 .

[42]  Glenn J. Browne,et al.  Information Cascades in the Adoption of New Technology , 2002, ICIS.

[43]  Lorrie Faith Cranor,et al.  What do they "indicate?": evaluating security and privacy indicators , 2006, INTR.

[44]  Pattie Maes,et al.  Footprints: history-rich tools for information foraging , 1999, CHI '99.

[45]  Kristina Höök,et al.  Social navigation of food recipes , 2001, CHI.

[46]  Stefan Stieger,et al.  Internet users' perceptions of 'privacy concerns' and 'privacy actions' , 2007, Int. J. Hum. Comput. Stud..

[47]  Andreas Krause,et al.  Cost-effective outbreak detection in networks , 2007, KDD '07.

[48]  Lorrie Faith Cranor,et al.  Web Privacy with P3p , 2002 .

[49]  James D. Hollan,et al.  Edit wear and read wear , 1992, CHI.