Paul Gerber

Usability versus privacy instead of usable privacy: Google's balancing act between usability and privacy

A smartphone is an indispensible device that also holds a great deal of personal and private data. Contact details, party or holiday photos and emails --- all carried around in our pockets and easily lost. On Android, the most widely-used smartphone operating system, access to this data is regulated by permissions. Apps request these permissions at installation, and they ideally only ask for permission to access data they really need to carry out their functions. The user is expected to check, and grant, requested permissions before installing the app. Their privacy can potentially be violated if they fail to check the permissions carefully. In June 2014 Google changed the Android permission screen, perhaps attempting to improve its usability. Does this mean that all is well in the Android eco-system, or was this update a retrograde move? This article discusses the new permission screen and its possible implications for smartphone owner privacy.

The simpler, the better? Presenting the COPING Android permission-granting interface for better privacy-related decisions

Abstract One of the great innovations of the modern world is the Smartphone app. The sheer multitude of available apps attests to their popularity and general ability to satisfy our wants and needs. The flip side of the functionality these apps offer is their potential for privacy invasion. Apps can, if granted permission, gather a vast amount of very personal and sensitive information. App developers might exploit the combination of human propensities and the design of the Android permission-granting interface to gain permission to access more information than they really need. This compromises personal privacy. The fact that the Android is the globally dominant phone means widespread privacy invasion is a real concern. We, and other researchers, have proposed alternatives to the Android permission-granting interface. The aim of these alternatives is to highlight privacy considerations more effectively during app installation: to ensure that privacy becomes part of the decision-making process. We report here on a study with 344 participants that compared the impact of a number of permission-granting interface proposals, including our own (called the COPING interface — COmprehensive PermIssioN Granting) and two Android interfaces. To conduct the comparison we carried out an online study with a mixed-model design. Our main finding is that the focus in these interfaces ought to be on improving the quality of the provided information rather than merely simplifying the interface. The intuitive approach is to reduce and simplify information, but we discovered that this actually impairs the quality of the decision. Our recommendation is that further investigation is required in order to find the “sweet spot” where understandability and comprehensiveness are maximised.

Spot the phish by checking the pruned URL

Purpose Phishing is still a very popular and effective security threat, and it takes, on average, more than a day to detect new phish websites. Protection by purely technical means is hampered by this vulnerability window. During this window, users need to act to protect themselves. To support users in doing so, the paper aims to propose to first make users aware of the need to consult the address bar. Moreover, the authors propose to prune URL displayed in the address bar. The authors report on an evaluation of this proposal. Design/methodology/approach The paper opted for an online study with 411 participants, judging 16 websites – all with authentic design: half with legitimate and half with phish URLs. The authors applied four popular widely used types of URL manipulation techniques. The authors conducted a within-subject and between-subject study with participants randomly assigned to one of two groups (domain highlighting or pruning). The authors then tested both proposals using a repeated-measures multivariate analysis of variance. Findings The analysis shows a significant improvement in terms of phish detection after providing the hint to check the address bar. Furthermore, the analysis shows a significant improvement in terms of phish detection after the hint to check the address bar for uninitiated participants in the pruning group, as compared to those in the highlighting group. Research limitations/implications Because of the chosen research approach, the research results may lack generalisability. Therefore, researchers are encouraged to test the proposed propositions further. Practical implications This paper confirms the efficacy of URL pruning and of prompting users to consult the address bar for phish detection. Originality/value This paper introduces a classification for URL manipulation techniques used by phishers. We also provide evidence that drawing people’s attention to the address bar makes them more likely to spot phish websites, but does not impair their ability to identify authentic websites.

Human Factors in Security

Das Kapitel gibt eine Einfuhrung in das Thema „Human Factors in Security“ mit Fokus auf den Endanwender. Dabei wird zunachst das Problem allgemein eingefuhrt und an den konkreten Beispielen „E-Mail-Verschlusselung“, „HTTPS-Verbindungen im Internet“ sowie „Passworter“ beschrieben und diskutiert. Anschliesend werden allgemeine Losungsansatze basierend auf „Human Centered Security by Design“ vorgestellt, sowie einige methodische Beispiele genannt. Besondere Herausforderungen im Vergleich zu „Human Centered Design“ werden vorgestellt und einige Beispiele aus der Praxis im Bereich „Human Centered Security by Design“ vorgestellt und diskutiert.

Explaining the privacy paradox: A systematic review of literature investigating privacy attitude and behavior

Abstract Although survey results show that the privacy of their personal data is an important issue for online users worldwide, most users rarely make an effort to protect this data actively and often even give it away voluntarily. Privacy researchers have made several attempts to explain this dichotomy between privacy attitude and behavior, usually referred to as ‘privacy paradox’. While they proposed different theoretical explanations for the privacy paradox, as well as empirical study results concerning the relationship of individual factors on privacy behavior and attitude, no comprehensive explanation for the privacy paradox has been found so far. We aim to shed light on the privacy paradox phenomenon by summarizing the most popular theoretical privacy paradox explanations and identifying the factors that are most relevant for the prediction of privacy attitude and behavior. Since many studies focus on the behavioral intention instead of the actual behavior, we decided to consider this topic as well. Based on a literature review, we identify all factors that significantly predict one of the three privacy aspects and report the corresponding standardized effect sizes (β). The results provide strong evidence for the theoretical explanation approach called ‘privacy calculus’, with possibly gained benefits being among the best predictors for disclosing intention as well as actual disclosure. Other strong predictors for privacy behavior are privacy intention, willingness to disclose, privacy concerns and privacy attitude. Demographic variables play a minor role, only gender was found to weakly predict privacy behavior. Privacy attitude was best predicted by internal variables like trust towards the website, privacy concerns or computer anxiety. Despite the multiplicity of survey studies dealing with user privacy, it is not easy to draw overall conclusions, because authors often refer to slightly different constructs. We suggest the privacy research community to agree on a shared definition of the different privacy constructs to allow for conclusions beyond individual samples and study designs.

Advancing Trust Visualisations for Wider Applicability and User Acceptance

There are only a few visualisations targeting the communication of trust statements. Even though there are some advanced and scientifically founded visualisations—like, for example, the opinion triangle, the human trust interface, and T-Viz—the stars interface known from e-commerce platforms is by far the most common one. In this paper, we propose two trust visualisations based on T-Viz, which was recently proposed and successfully evaluated in large user studies. Despite being the most promising proposal, its design is not primarily based on findings from human-computer interaction or cognitive psychology. Our visualisations aim to integrate such findings and to potentially improve decision making in terms of correctness and efficiency. A large user study reveals that our proposed visualisations outperform T-Viz in these factors.

Sharing the ‘Real Me’ – How Usage Motivation and Personality Relate to Privacy Protection Behavior on Facebook

Although social networks like Facebook have become an important part of social communication and daily life for many people, most users have concerns regarding their privacy on Facebook. In order to gain a deeper understanding of how users try to protect their private data on Facebook, we conducted an online survey with 280 German Facebook users. We used regression analyses to investigate if usage motivation and personality relate to the management of privacy settings as well as the deployment of other protection strategies in Facebook, such as blocking certain contacts or deleting a post or photo/video tag. Our results showed that Facebook users with rather lax privacy settings have a greater feeling of being meaningful and stimulated when using Facebook than users with rather strict privacy settings. Furthermore, Facebook users scoring high on extraversion and low on agreeableness tend to use more other protection strategies besides the management of privacy settings. However, no association could be found between usage motivation and the deployment of other protection strategies on the one hand, and between personality and the management of privacy settings on the other hand. The results indicate that it is important for privacy researchers as well as product and privacy intervention designers to consider the user’s motivation to share personal data, because only if privacy studies and interventions account for this important factor, it is possible not only to gain a complete picture of the privacy behavior of users, but also to influence it.

Das Privacy-Paradoxon – Ein Erklärungsversuch und Handlungsempfehlungen

Der Schutz der eigenen Privatsphare im digitalen Alltag fallt schwer. Spatestens seit der Omniprasenz des mobilen Internets dank Smartphones und der damit verbundenen rapiden Verbreitung digitaler Dienste, ist die Verbreitung personliche Informationen immer schwerer zu kontrollieren. Daruber hinaus stellte die Forschung bereits vor etwa zehn Jahren fest, dass Menschen sich widerspruchlich in Bezug auf ihre Privatsphare verhalten (Norberg et al. 2007) und bezeichneten dieses Phanomen als das Privacy-Paradoxons. Um zu klaren, warum Menschen sich im Hinblick auf ihre Privatsphare widerspruchlich verhalten und ob dies in der Tat paradox im Sinne des Wortes ist, ist es notwendig, zu verstehen, was Menschen motiviert und wie sie Entscheidungen treffen. Kurz, wie menschliches Verhalten entsteht. Im Rahmen dieses Beitrags werden Faktoren beschrieben und diskutiert, die in verschiedenen Situationen das menschliche Verhalten beeinflussen und aus diesen ein integratives Verhaltensmodell im Kontext der digitalen Privatsphare abgeleitet. Auf Basis dieses Modell werden dann Antworten auf die Frage geliefert, wie das Phanomen des Privacy-Paradoxons zu erklaren ist und anhand eines Beispiels diskutiert, was sich daraus fur die Praxis an Handlungsansatzen ableiten lassen.

Usability und Privacy im Android Ökosystem

ZusammenfassungDie Gestaltung des User-Inferfaces kann für die wirksame Ausübung von Datenschutzkontrolle entscheidend sein — das zeigt der Beitrag am Beispiel der Zugriffsberechtigungen von Apps unter Googles Smartphone-Betriebssystem Android, die vom Anwender bei der Installation freigegeben werden. Vor wenigen Monaten hat Google die Darstellung der Berechtigungen im Play Store umfassend überarbeitet. An den vorgenommenen Umstellungen lässt sich zeigen, dass und wie die wirksame Kontrolle von Zugriffsberechtigungen durch den Anwender von der Usability der Darstellung und Aufbereitung dieser abhängt.

Automatisierte nichtinvasive Emotionsmessung. Ein Erfahrungsbericht von der Vision bis zur Realisierung

Zusammenfassung Affektive Reaktionen spielen eine wichtige Rolle in der Usability- und User Experience Forschung und sind häufig Gegens-tand in entsprechenden Messinstrumenten. Diese Messinstrumente haben aber oft den Nachteil, dass sie den Interaktions-prozess unterbrechen, etwa wenn sie während eines Usability-Tests durchgeführt werden. Oder aber sie unterliegen retro-spektiven Verfälschungen, zum Beispiel wenn sie nach Abschluss der Interaktion durchgeführt werden. Ziel unserer Arbeit war die Entwicklung eines nichtinvasiven Messinstruments, das emotionale Reaktionen während einer Interaktion erfassbar macht, ohne dass der Interaktionsprozess unterbrochen werden müsste. In dem vorliegenden Beitrag skizzieren wir den Prozess der Entwicklung dieses Messinstruments, von der ursprünglichen Vision bis zur Realisierung. Dabei gehen wir auf theoretische wie praktische Hindernisse ein und beschreiben, wie diese die finale Lösung beeinflusst haben. Abschließend berichten wir Ergebnisse zur Genauigkeit aus der Pilotstudie und diskutieren Implikationen für zukünftige Arbeiten sowie für Praktiker, die solch ein System einsetzen möchten.