Abstract

Less than a decade ago mobile, phones were a mere tool for communication, nowadays, we rely on their successors to remind us about our next appointment, what we need from the grocery store, or even where we parked our car. But this assistance comes with a cost

Problem Statement

In order to help us, our devices rely on using our personal information like GPS, contacts list, calendar e.t.c. Recent research shows that often times (especially with free applications), apps tend to request access to more privacy information than it needs.

Background

While there has been research conducted on ways to alert users on the usage of their private information, there has not been much focus on a human-centered solution that empowers users to make informed decisions with regards to their privacy.

Our Approach

We focused on creating a user-centric design for a privacy manager that empowers users, and increases their awareness about how their privacy information is used.

Only in some fantasy world do users actually read [privacy] notices and understand their implications before clicking to indicate their consent.”

United States President’s Council of Advisors  on Science and Technology (PCAST)
BIG DATA & PRIVACY: A TECHNOLOGICAL PERSPECTIVE

Literature Review

We started our research by studying the existing approaches in the Usable Security field. We examined techniques that varied from nudging (a.k.a asymmetric paternalism), obstructive interfaces design, to ai aided privacy management. We took the opportunity to build up on the missing Interaction Designs that we did not come across on the existing solutions for enhancing a user-friendly experience.

Design Goals

Our primary objective was to create an easy-to-use and habit-forming product, so that users will learn to rely on as they use it. In order to achieve this, we focused on making our protoype tool both intuitive and appealing, but also powerful enough so that the users were not restricted in their decision making. These goals would ultimately allow Privus to empower users to make more informed decisions

Experimental Methodology

To test our proposed system, we created a 3 step experiment. First we gave users a survey with an informed consent, and collected demographic information and some quantitative data about users feedback for the current built-in managers. We were able to collect this quantitative data by modifying the System Usability Scale. The second part of the experiment was the A/B Tsting part where we had the users follow a series of scripted tasks on both the built-in manager and Privus. We used the Wizard of Oz technique as our prototype used mocked up information, thus deceived the users as a real application. Finally we sat down with the participants for an exit survey. We asked questions that collected both quantitative and qualitative feedback. To analyze the qualitative results we used the Grounded Theory.

UI Design

We wanted to create an intuitive design space that is targeted towards all types of users with a mobile device; so, our interface employs a minimal and intuitive design

Results

In our research we proposed a novel, user-centered approach that would empower its users to make context-aware decisions. Since the experiment contained deception, we simply highlighted our comparative results rather than providing a statistical significance analysis.

Not Good Enough

Existing permission models; ask-on-install, and ask-on-first-use, and built-in permission managers are insufficient

Intimidating Interfaces

They offer a complicated and frustrating experience, which can intimidate users

Insuffucient Feedback

Users indeed want to protect their sensitive information, but often fail to make context-aware decisions, as there isn't enough information provided to them.

Proven Techniques

We created Privus by following studied and proven design principles in the HCI community.

Room for Progress

Both our qualitative and quantitative results show that there is clearly a need for a better privacy management solution.

Future Work

We highlight our results from our user study to support more research in this field

Sample Interview Feedback

Here are a few exmpales of the feedback we collected after the A/B Testing.

“I had some issues with the scroll-screen in the beginning, but besides that it was way easier than the first one [talking about Privus vs the Built-in]”

Participant #11

“I really liked the colors! and the graphs make it easy to understand”

Participant #7

“I thought the app was pretty straight-forward, and guided me well on each step”

Participant #15

The complete thesis is accessible to public, so feel free to check it out!

View Case Study