Sameer Patil

Privacy in instant messaging: an impression management model

Instant messaging (IM) has evolved into an important tool for collaborative work. It supports informal near-synchronous communication and fosters awareness of the online presence of ones communication partners. Like all awareness systems, IM runs into concerns regarding privacy. Drawing upon prior literature and exploratory interviews, we postulate a model that posits impression management as an underlying cause for privacy desires of IM users. We verify our hypotheses using linear structural modelling on data from a large online survey of IM users across the US. The model establishes that the desire for privacy in IM arises due to the desire for impression management (both directly, as well as indirectly through the desire for visibility of ones impression to oneself). Based on this model, we suggest that IM systems could support privacy needs of users better by providing them with more knowledge and control over aspects that affect their IM-conveyed impression on others (i.e. by making impression management functionality available). Specifically, to help convey and sustain appropriate impressions on IM contacts, IM systems should allow for increased visibility of ones actions to oneself, facilitate easy comparison of ones practices with those of others, and allow one to view oneself from the perspective of others and to make finer-grained adjustments to IM settings than is possible today.

Reflection or action?: how feedback and control affect location sharing decisions

Owing to the ever-expanding size of social and professional networks, it is becoming cumbersome for individuals to configure information disclosure settings. We used location sharing systems to unpack the nature of discrepancies between a persons disclosure settings and contextual choices. We conducted an experience sampling study (N = 35) to examine various factors contributing to such divergence. We found that immediate feedback about disclosures without any ability to control the disclosures evoked feelings of oversharing. Moreover, deviation from specified settings did not always signal privacy violation; it was just as likely that settings prevented information disclosure considered permissible in situ. We suggest making feedback more actionable or delaying it sufficiently to avoid a knee-jerk reaction. Our findings also make the case for proactive techniques for detecting potential mismatches and recommending adjustments to disclosure settings, as well as selective control when sharing location with socially distant recipients and visiting atypical locations.

Methodological reflections on a field study of a globally distributed software project

Context: We describe the methodology of a field study of a globally distributed software development project in a multinational corporation. The project spanned four sites in the US and one in India, and is a representative example of the complexities and intricacies of global corporate software development. Objective: Our goal is to provide the rationale behind the methodological choices and derive insights to inform the methodology of future studies of global software engineering teams. The paper also aims to provide an illustrative case of a typical geographically distributed corporate software project, through an in-depth description that emerged by applying the methods. Method: We reflect upon the reasons for choosing each of our methods, viz., non-participant observation, site visits, interviews, and an online questionnaire. We then discuss what we learned from the experience of applying the methods. Results: During and after the study, the discussions surrounding our methodological choices yielded important insights. The dynamics of software engineering practice and the geographical distribution of the project impacted factors such as access, costs, and cultural and linguistic diversity, and influenced the choice of methods. Our experience makes a case for methodological breadth and plurality as a means to a broad understanding of a global project. This understanding could then be linked to the specific research questions under consideration. Conclusion: The in-depth contextual description of the project that emerged from our methods highlights the utility of our methodological approach and provides an illustration of the complex nature of these projects. Our systematic reflection also yielded several methodological insights and provides important implications for future empirical studies of global corporate software development. Our experience can serve as a useful resource in methodological choices for research on globally distributed software engineering teams, or collaborative knowledge work in general.

Enhancing privacy management support in instant messaging

Instant Messaging (IM) is a useful tool for collaborative work. However, the awareness and communication features of IM pose a tension with privacy desires. Inadequate support for managing privacy could lead to suboptimal use of IM and thereby undermine its benefits. We conducted interviews and an Internet survey to understand privacy attitudes and practices in IM usage. Based on the findings from these studies, we designed an IM plugin to improve the support for privacy management in current IM systems. The plugin detects conflicts in privacy preferences, notifies the parties involved, and allows negotiation of a resolution. It also encrypts the communication channels and archives, allows different privacy preferences for different contact groups, and provides visualizations to facilitate the comparison of ones own IM activities with those of any IM contact group. A usability evaluation of the plugin indicated that it can be expected to succeed in its goal of providing IM users with better privacy management.

Peer-produced privacy protection

Privacy risks have been addressed through technical solutions such as Privacy-Enhancing Technologies (PETs) as well as regulatory measures including Do Not Track. These approaches are inherently limited as they are grounded in the paradigm of a rational end user who can determine, articulate, and manage consistent privacy preferences. This assumes that self-serving efforts to enact privacy preferences lead to socially optimal outcomes with regard to information sharing. We argue that this assumption typically does not hold true. Consequently, solutions to specific risks are developed - even mandated - without effective reduction in the overall harm of privacy breaches. We present a systematic framework to examine these limitations of current technical and policy solutions. To address the shortcomings of existing privacy solutions, we argue for considering information sharing to be transactions within a community. Outcomes of privacy management can be improved at a lower overall cost if peers, as a community, are empowered by appropriate technical and policy mechanisms. Designing for a community requires encouraging dialogue, enabling transparency, and supporting enforcement of community norms. We describe how peer production of privacy is possible through PETs that are grounded in the notion of information as a common-pool resource subject to community governance.

My privacy policy: exploring end-user specification of free-form location access rules

The increasing inclusion of location and other contextual information in social media applications requires users to be more aware of what their location disclosures reveal. As such, it is important to consider whether existing access-control mechanisms for managing location sharing meet the needs of todays users. We report on a questionnaire (N=103) in which respondents were asked to specify location access control rules using free-form everyday language. Respondents also rated and ranked the importance of a variety of contextual factors that could influence their decisions for allowing or disallowing access to their location. Our findings validate some prior results (e.g., the recipient was the most highly rated and ranked factor and appeared most often in free-form rules) while challenging others (e.g., time-based constraints were deemed relatively less important, despite being features of multiple location-sharing services). We also identified several themes in the free-form rules (e.g., special rules for emergency situations). Our findings can inform the design of tools to empower end users to articulate and capture their access-control preferences more effectively.

Comparing privacy attitudes of knowledge workers in the U.S. and India

We compared privacy attitudes of knowledge workers from the U.S. and India who were involved in a collaborative software development project distributed across five sites of a multinational corporation. Prior studies on consumer privacy suggest that privacy concerns in India are lower than those in the U.S. While our work largely confirmed these findings, we found unexpectedly that knowledge workers in India expressed higher interpersonal privacy concerns compared with their U.S. colleagues. Our study points to a number of explanatory factors for the elevated privacy concerns in the Indian knowledge workplace: nature of interpersonal relationships, associations with privacy, competition among team members, management style and hierarchy, and differences in the physical characteristics of the workplace. Our findings highlight the challenges in satisfying privacy needs when individuals and teams collaborate with knowledge workers in India. An understanding of these issues is important for building and deploying systems for intercultural collaboration that can accommodate differences in privacy concerns.

Interrupt Now or Inform Later?: Comparing Immediate and Delayed Privacy Feedback

Feedback about privacy-affecting system operations is important for informed end-user privacy management. While feedback is most relevant if provided immediately, such delivery interrupts the user and risks disrupting ongoing tasks. The timing, volume, and nature of feedback is therefore critical for avoiding inopportune interruption. We varied the timing and actionability of feedback regarding accesses to a users physical location. We found that the sense of privacy violation was heightened when feedback was immediate, but not actionable. While immediate and actionable feedback may sometimes be necessary, our findings suggest that moderately delayed feedback is often acceptable. A moderate delay may serve as a compromise to minimize interruption and avoid overly alarming reaction to immediate feedback. However, immediate and actionable feedback could still be beneficial when privacy sensitivity is high or ambiguous.

Privacy and HCI: methodologies for studying privacy issues

This workshop aims to reflect on methodologies to empirically study privacy issues related to advanced technology. The goal is to address methodological concerns by drawing upon both theoretical perspectives as well as practical experiences.

“THAT’s what i was looking for”: comparing user-rated relevance with search engine rankings

We present a lightweight tool to compare the relevance ranking provided by a search engine to the relevance as actually judged by the user performing the query. Using the tool, we conducted a user study with two different versions of the search engine for a large corporate web site with more than 1.8 million pages, and with the popular search engine GoogleTM. Our tool provides an inexpensive and efficient way to do this comparison, and can be easily extended to any search engine that provides an API. Relevance feedback from actual users can be used to assess precision and recall of a search engine’s retrieval algorithms and, perhaps more importantly, to tune its relevance ranking algorithms to better match user needs. We found the tool to be quite effective at comparing different versions of the same search engine, and for benchmarking by comparing against a standard.