A Data-Driven Approach to Developing IoT Privacy-Setting Interfaces

User testing is often used to inform the development of user interfaces (UIs). But what if an interface needs to be developed for a system that does not yet exist? In that case, existing datasets can provide valuable input for UI development. We apply a data-driven approach to the development of a privacy-setting interface for Internet-of-Things (IoT) devices. Applying machine learning techniques to an existing dataset of users' sharing preferences in IoT scenarios, we develop a set of "smart" default profiles. Our resulting interface asks users to choose among these profiles, which capture their preferences with an accuracy of 82%---a 14% improvement over a naive default setting and a 12% improvement over a single smart default setting for all users.

[1]  Gerrit C. van der Veer,et al.  CHI '05 Extended Abstracts on Human Factors in Computing Systems , 2005, CHI 2005.

[2]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..

[3]  Pamela J. Wisniewski,et al.  Making privacy personal: Profiling social network users to inform privacy education and nudging , 2017, Int. J. Hum. Comput. Stud..

[4]  Sajal K. Das,et al.  Adaptive and context-aware privacy preservation exploiting user interactions in smart environments , 2014, Pervasive Mob. Comput..

[5]  Steven M. Bellovin,et al.  A study of privacy settings errors in an online social network , 2012, 2012 IEEE International Conference on Pervasive Computing and Communications Workshops.

[6]  Deirdre K. Mulligan,et al.  Stopping spyware at the gate: a user study of privacy, notice and spyware , 2005, SOUPS '05.

[7]  Alexander De Luca,et al.  Privacy Wedges: Area-Based Audience Selection for Social Network Posts , 2016, WPI@SOUPS.

[8]  Alessandro Acquisti,et al.  Information revelation and privacy in online social networks , 2005, WPES '05.

[9]  Alessandro Acquisti,et al.  Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions , 2016, SOUPS.

[10]  Colin Potts,et al.  Privacy policies as decision-making tools: an evaluation of online privacy notices , 2004, CHI.

[11]  Alexander De Luca,et al.  Usable privacy and security , 2016, it Inf. Technol..

[12]  Lorrie Faith Cranor,et al.  Understanding and capturing people’s privacy policies in a mobile social networking application , 2009, Personal and Ubiquitous Computing.

[13]  Alfred Kobsa,et al.  Dimensionality of information disclosure behavior , 2013, Int. J. Hum. Comput. Stud..

[14]  Alessandro Acquisti,et al.  Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook , 2006, Privacy Enhancing Technologies.

[15]  Daniel G. Goldstein,et al.  Choice without Awareness: Ethical and Policy Implications of Defaults , 2013 .

[16]  Alfred Kobsa,et al.  Understanding user privacy in Internet of Things environments , 2016, 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT).

[17]  Alfred Kobsa,et al.  Cross-Cultural Privacy Prediction , 2017, Proc. Priv. Enhancing Technol..

[18]  I. Ajzen,et al.  Attitude-behavior relations: A theoretical analysis and review of empirical research. , 1977 .

[19]  Sadie Creese,et al.  The Perfect Storm: The Privacy Paradox and the Internet-of-Things , 2016, 2016 11th International Conference on Availability, Reliability and Security (ARES).

[20]  Hongxia Jin,et al.  PPM: A Privacy Prediction Model for Online Social Networks , 2016, SocInfo.

[21]  Jonathan Grudin,et al.  A study of preferences for sharing and privacy , 2005, CHI Extended Abstracts.

[22]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.

[23]  Serge Egelman,et al.  HCI in Business: A Collaboration with Academia in IoT Privacy , 2015, HCI.

[24]  D. A. Kenny,et al.  The moderator-mediator variable distinction in social psychological research: conceptual, strategic, and statistical considerations. , 1986, Journal of personality and social psychology.

[25]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[26]  Heather Richter Lipford,et al.  +Your circles: sharing behavior on Google+ , 2012, SOUPS.

[27]  Kristen LeFevre,et al.  Privacy wizards for social networking sites , 2010, WWW '10.

[28]  Anind K. Dey,et al.  Who wants to know what when? privacy preference determinants in ubiquitous computing , 2003, CHI Extended Abstracts.

[29]  Bart P. Knijnenburg,et al.  A User-Tailored Approach to Privacy Decision Support , 2015 .