Jana Korunovska,Bernadette Kamleitner,Sarah Spiekermann

DOI: https://doi.org/10.48550/arXiv.2005.08967

2020-05-18

Abstract:The new information and communication technology providers collect increasing amounts of personal data, a lot of which is user generated. Unless use policies are privacy-friendly, this leaves users vulnerable to privacy risks such as exposure through public data visibility or intrusive commercialisation of their data through secondary data use. Due to complex privacy policies, many users of online services unwillingly agree to privacy-intruding practices. To give users more control over their privacy, scholars and regulators have pushed for short, simple, and prominent privacy policies. The premise has been that users will see and comprehend such policies, and then rationally adjust their disclosure behaviour. In this paper, on a use case of social network service site, we show that this premise does not hold. We invited 214 regular Facebook users to join a new fictitious social network. We experimentally manipulated the privacy-friendliness of an unavoidable and simple privacy policy. Half of our participants miscomprehended even this transparent privacy policy. When privacy threats of secondary data use were present, users remembered the policies as more privacy-friendly than they actually were and unwittingly uploaded more data. To mitigate such behavioural pitfalls we present design recommendations to improve the quality of informed consent.

Computers and Society

Yan Leng,Yijun Chen,Xiaowen Dong,Junfeng Wu,Guodong Shi

DOI: https://doi.org/10.2139/ssrn.3875878

2021-01-01

SSRN Electronic Journal

Abstract:There exists a growing concern about the privacy threats inherently encoded in the increasingly available behavioral data. In this paper, we focus on online service providers over which users reveal preferences (e.g., ratings or reviews) as publicly available behavioral data. We model users' strategic interactions in making these decisions as quadratic games on networks, where a user's payoff depends not only on their actions but also on their neighbors in a social interaction network. Based on the assumption that the observed preferences correspond to the Nash equilibrium of the game, we investigate whether eavesdroppers or competitors having access to such behavioral data could potentially infer or even thoroughly learn the hidden social interaction network from the observed user actions, leading to privacy risks at a system level for the platform. We introduce three notions of privacy risks on networks: fundamental privacy, conditional privacy, and practical privacy. We establish necessary and sufficient conditions for fundamental and conditional privacy of the social interaction structure, suggesting that at the system level, such interaction structure is not facing a critical risk of being fully exposed regardless of the amount of data available. To study practical privacy, we further propose and analyze a novel learning framework by solving a joint optimization problem for the network structure and the individual marginal benefits in the game. Extensive experiments on synthetic and real-world data demonstrate the effectiveness of the proposed framework, hence illustrating that behavioral data indeed present substantial privacy risks in practice. Broadly, this study enriches the network privacy literature and provides implications for online platforms by revealing the unexpected consequence of leaking network connections due to public consumer revealed preferences.

Yannic Meier,Johanna Schäwel,Nicole C. Krämer

DOI: https://doi.org/10.17645/mac.v8i2.2846

IF: 3.043

2020-06-23

Media and Communication

Abstract:Privacy policies provide Internet users with the possibility to inform themselves about websites’ usage of their disclosed personal data. Strikingly, however, most people tend not to read privacy policies because they are long and cumbersome, indicating that people do not wish to expend much (cognitive) effort on reading such policies. The present study aimed to examine whether shorter privacy policies can be beneficial in informing users about a social networking site’s (SNS) privacy practices, and to investigate associations between variables relevant for privacy decision-making using one theory-based integrative model. In an online experiment, participants ( N = 305) were asked to create a personal account on an SNS after being given the option to read the privacy policy. Privacy policy length and the SNS’s level of privacy were varied, creating a 2 (policy length) x 2 (level of privacy) between-subjects design. The results revealed that participants who saw short policies spent less time on reading but gained higher knowledge about the SNS’s privacy practices—due to the fact that they spent more reading time per word. Factual privacy policy knowledge was found to be an indicator for participants’ subjective privacy perception. The perception and evaluation of the specific SNS ́s privacy level influenced the assessment of privacy costs and benefits. Particularly when benefits were perceived as high, self-disclosure was increased.

communication

T. Kroll,Stefan Stieglitz

DOI: https://doi.org/10.1080/0144929X.2019.1584644

2019-02-27

Abstract:ABSTRACT Self-disclosure on social network sites (SNSs) constitutes a feedback necessity as well as a potential privacy risk. We integrate both perspectives by studying privacy-related factors that influence self-disclosure: perceived control, trust in provider and perceived privacy risk. We further propose the application of digital nudging as a conceptual basis for interventions that is similar to persuasion but focuses on informed and consistent decision-making. In a qualitative assessment of persuasive elements used by the SNS Facebook, we collect and present currently-used intervention and behaviour change strategies. Two privacy-related nudges are selected for a quantitative study with N = 382 in Germany. Regression analyses show effects of control, trust and risk on self-disclosure. The identified nudges aiming at a higher privacy awareness do not yield clear results. We find indications that nudges may have a converse effect, meaning that reminders to change privacy settings trigger privacy concerns. The results are discussed in respect to short- and long-term changes of perceptions. Furthermore, we propose perceived control as the best influential factor. The study contributes by depicting the current usage of persuasive elements on Facebook and studying their impact on privacy factors.

Computer Science,Psychology

Thomas Paul,Daniel Puscher,Thorsten Strufe

DOI: https://doi.org/10.48550/arXiv.1505.06178

2015-05-23

Abstract:Privacy in Online Social Networks (OSNs) evolved from a niche topic to a broadly discussed issue in a wide variety of media. Nevertheless, OSNs drastically increase the amount of information that can be found about individuals on the web. To estimate the dimension of data leakage in OSNs, we measure the real exposure of user content of 4,182 Facebook users from 102 countries in the most popular OSN, Facebook. We further quantify the impact of a comprehensible privacy control interface that has been shown to extremely decrease configuration efforts as well as misconfiguration in audience selection. Our study highlights the importance of usable security. (i) The total amount of content that is visible to Facebook users does not dramatically decrease by simplifying the audience selection interface, but the composition of the visible content changes. (ii) Which information is uploaded to Facebook as well as which information is shared with whom strongly depends on the user's country of origin.

Social and Information Networks

Yang Wang,Pedro Giovanni Leon,Kevin Scott,Xiaoxuan Chen,Alessandro Acquisti,Lorrie Faith Cranor

DOI: https://doi.org/10.1145/2487788.2488038

2013-01-01

Abstract:Anecdotal evidence and scholarly research have shown that a significant portion of Internet users experience regrets over their online disclosures. To help individuals avoid regrettable online disclosures, we employed lessons from behavioral decision research and research on soft paternalism to design mechanisms that \"nudge\" users to consider the content and context of their online disclosures before posting them. We developed three such privacy nudges on Facebook. The first nudge provides visual cues about the audience for a post. The second nudge introduces time delays before a post is published. The third nudge gives users feedback about their posts. We tested the nudges in a three-week exploratory field trial with 21 Facebook users, and conducted 13 follow-up interviews. Our system logs, results from exit surveys, and interviews suggest that privacy nudges could be a promising way to prevent unintended disclosure. We discuss limitations of the current nudge designs and future directions for improvement.

JaeWon Kim,Soobin Cho,Robert Wolfe,Jishnu Hari Nair,Alexis Hiniker

2024-10-23

Abstract:Privacy is essential to fully enjoying the benefits of social media. While fear around privacy risks can sometimes motivate privacy management, the negative impact of such fear, particularly when it is perceived as unaddressable (i.e., "dysfunctional" fear), can significantly harm teen well-being. In a co-design study with 136 participants aged 13-18, we explored how teens can protect their privacy without experiencing heightened fear. We identified seven different sources of dysfunctional fear, such as `fear of a hostile environment' and `fear of overstepping privacy norms.' We also evaluated ten designs, co-created with teen participants, that address these fears. Our findings suggest that social media platforms can mitigate dysfunctional fear without compromising privacy by creating a culture where privacy protection is the norm through default privacy-protective features. However, we also found that even the most effective privacy features are not likely to be adopted unless they balance the multifaceted and diverse needs of teens. Individual teens have different needs -- for example, public and private account users have different needs -- and teens often want to enjoy the benefits they get from slightly reducing privacy and widening their social reach. Given these considerations, augmenting default privacy features by allowing them to be toggled on and off will allow individual users to choose their own balance while still maintaining a privacy-focused norm.

Human-Computer Interaction

Kai Li,Xiaowen Wang,Kunrong Li,Jianguo Che

DOI: https://doi.org/10.1108/nbri-02-2015-0005

2016-01-01

Nankai Business Review International

Abstract:Purpose As social network sites (SNS) have increasingly become one of the most important channels for communication, the related privacy issues gain more and more attention in both industry and academic research fields. This study aims to connect the antecedents of information privacy disclosure on SNS. Design/methodology/approach Based on exchange theory, this study tries to investigate the decision-making process for information privacy disclosure on SNS. Factors from both user’s and website’s perspectives are taken into account in the proposed model. Findings The results suggest that an individual’s perceived benefits will increase their willingness to disclose information privacy on SNS, but perceived risks decrease this kind of willingness. The authors also find social network size, personal innovativeness and incentive provision positively affect people’s perceived benefits. Originality/value Moreover, privacy invasion experience enhances perceived personal risks, but website reputation helps to reduce perceived risks.

Stefan Kutschera,Wolfgang Slany,Patrick Ratschiller,Sarina Gursch,Patrick Deininger,Håvard Dagenborg

DOI: https://doi.org/10.3390/jcp4010006

2024-02-23

Journal of Cybersecurity and Privacy

Abstract:Sharing information with the public is becoming easier than ever before through the usage of the numerous social media platforms readily available today. Once posted online and released to the public, information is almost impossible to withdraw or delete. More alarmingly, postings may carry sensitive information far beyond what was intended to be released, so-called incidental data, which raises various additional security and privacy concerns. To improve our understanding of the awareness of incidental data, we conducted a survey where we asked 192 students for their opinions on publishing selected postings on social media. We found that up to 21.88% of all participants would publish a posting that contained incidental data that two-thirds of them found privacy-compromising. Our results show that continued efforts are needed to increase our awareness of incidental data posted on social media.

computer science, information systems, interdisciplinary applications, software engineering

Laura F. Bright,Kelty Logan,Hayoung Sally Lim

DOI: https://doi.org/10.1080/15252019.2022.2051097

2022-04-29

Journal of Interactive Advertising

Abstract:This study examined U.S. Facebook users’ privacy concerns and how those concerns, the Facebook users’ perceived abilities to protect their privacy on social media, their perceptions and intentions regarding social media advertising, and their prior experience with data breaches affected their likelihood of experiencing social media fatigue. While previous research has identified general privacy concerns as a contributing factor to social media fatigue, this study proposed that privacy concerns mediate the effect of the other, identified variables to predict social media fatigue, thus contributing to the existing literature by conceptually integrating privacy calculus theory (PCT) and privacy protection motivation theory (PPMT) into a model that demonstrates the pivotal role of privacy concerns as a predictor of social media fatigue. The results indicated that, regarding consumer engagement with social media advertising, the conceptualization of the privacy paradox should not be limited to an assessment of perceived risks and benefits; it should also include users’ self-assessments of their ability to manage their personal data.

Aaron R. Brough,David A. Norton,Shannon L. Sciarappa,Leslie K. John

DOI: https://doi.org/10.1177/00222437211069093

IF: 6.1

2022-02-18

Journal of Marketing Research

Abstract:Drawing from a content analysis of publicly traded companies’ privacy notices, a survey of managers, a field study, and five online experiments, this research investigates how consumers respond to privacy notices. A privacy notice, by placing legally enforceable limits on a firm's data practices, communicating safeguards, and signaling transparency, might be expected to promote confidence that personal data will not be misused. Indeed, most managers expected a privacy notice to make customers feel more secure (Study 1). Yet, consistent with the analogy that bulletproof glass can increase feelings of vulnerability despite the protection offered, formal privacy notices undermined consumer trust and decreased purchase interest even when they emphasized objective protection (Studies 2, 3, and 5) or omitted any mention of potentially concerning data practices (Study 6). These unintended consequences did not occur, however, when consumers had an a priori reason to be distrustful (Study 4) or when benevolence cues were added to privacy notices (Studies 5 and 6). Finally, Study 7 showed that both the presence and conspicuous absence of privacy information are sufficient to trigger decreased purchase intent. Together, these results provide actionable guidance to managers on how to effectively convey privacy information (without hurting purchase interest).

business

Shara Monteleone

Abstract:Information notice and data subject's consent are the current main legal safeguards of data protection and privacy rights: they reflect individuals' instances, such as self-determination and control over one's own private sphere, that have been acknowledged in many jurisdictions. However, the theoretic strength of these safeguards appears frustrated by current online practices that seem suggesting to give-up with their most common form of implementation: privacy notices and request for consent. These measures are proving to be unsuccessful in increasing users' awareness and in fostering a privacy protective-behaviour. As recent studies have shown, although people declare privacy concerns, their actual behaviour diverges from their statements (the "privacy paradox"), as they seem to increasingly disclose personal data and to not even read privacy notices available online; eventually, the current privacy notices are not effective in regulating user's data disclosure. Behaviourally informed approaches to regulatory problems, already applied to different areas of information provision and public policy, helped to clarify the reasons of similar peoples' behaviour that cannot be reduced to a simplistic "users do not care about privacy." Highlighting the regulatory weakness of traditional information notices, applied behavioural science has also demonstrated to be particularly effective in improving users' decision-making and attaining concrete policy objectives if accompanied by ad hoc design interventions to display the relevant, salient information. As users do not read privacy policies or act in contradiction with them, other strategies might be more successful in promoting, "nudging," privacy-protective behaviour. The use of innovative information notices, like salient alerts and nudges, seems to be a promising means of behavioural change also in the area of digital privacy, a possible new area of application of behavioural insights. Building on recent studies in the field ( conducted mainly in the U.S.), this paper considers new forms of privacy notices (like "visceral" 2 Syracuse Journal of International Law and Commerce, Vol. 43, No. 1 [2015], Art. 4 https://surface.syr.edu/jilc/vol43/iss1/4 2015] Addressing the 'Failure' of Informed Consent 71 notices), as alternative or complement to current legal (technical) measures for data protection. For the informed consent approach (or "notice and choice" approach) to work, it needs to be improved with welldesigned, transparent and regulated nudging system, capable to help citizens in their decision-making as regards their privacy. Without disregarding the challenges and limitations of nudging strategies in public policy in general and in the privacy area in particular, and examining their legal grounds, the paper aims also to integrate that branch of legal-policy research that see "nudging" methods as an effective way to gently encourage safer behaviours in the citizens.

Computer Science,Economics,Law

Yu Tao,Wendy Hui Wang

DOI: https://doi.org/10.1080/1369118X.2023.2166361

2023-01-14

Information, Communication and Society

Abstract:With the wide use of social media and other online services, people are getting more concerned about online privacy. Social media platforms and other online companies are collecting users' information for various purposes, including targeted advertising. While these data are anonymous, it is possible to identify people through publicly available information and machine learning algorithms. Members of some groups are more vulnerable to such privacy attacks and more likely to be identified. This raises a concern regarding the fair or equitable protection of online privacy, or the protection of all online users' instead of most users' private information. This research addresses this relatively new topic from the sociological perspective and focuses on fair privacy protection in online datasets. Questionnaire data show that college students rate the current privacy protection in online datasets low, but they have great support for general privacy protection and greater support for fair privacy protection. Factors that affect their support for general and fair privacy protection include prior cautious online behavior and how essential they rate company practice and government policies that ensure fair privacy. When they perceive a lack of fair privacy in online datasets, most of them would reduce or stop using certain online services. Factors affecting such reactions include prior cautious online behavior, hours on social media, the perception of being included in online datasets, and perceived importance of fair privacy policies. The findings highlight the pivotal role of institutional privacy measures, namely fair privacy company practice and government policies, especially the latter.

Pejvak Oghazi,Rakel Schultheiss,Koteshwar Chirumalla,Nicolas Philipp Kalmer,Fakhreddin F. Rad

DOI: https://doi.org/10.1016/j.jbusres.2019.12.006

IF: 11.3

2020-05-01

Journal of Business Research

Abstract:This study investigates a cross-cultural comparison between Germany and Norway regarding users' self-disclosure of personal information on social network sites (SNSs). More specifically, the study considers three antecedents of privacy, namely concerns, attitudes, and intentions, and evaluates their potential effects on self-disclosure, considering Facebook as the SNS of choice. The study employs a deductive research approach and develops a conceptual model based on the theoretical analysis. Data is collected via an online survey of users in Germany and Norway. The results show that privacy intention is the only antecedent that has a significant direct influence on users' self-disclosure of information. By contrast, neither privacy concerns nor privacy attitude have a statistically significant influence on self-disclosure. Additionally, there are statistically significant differences between the German and Norwegian samples in privacy concepts and reported self-disclosure. The results support the creation of more transparent privacy policies by SNS providers to improve targeted marketing.

business

Kai Li,Xiaowen Wang,Kunrong Li,Jianguo Che

DOI: https://doi.org/10.1108/NBRI-02-2015-0005

2016-01-01

Nankai Business Review International

Abstract:Purpose -As social network sites (SNS) have increasingly become one of the most important channels for communication, the related privacy issues gain more and more attention in both industry and academic research fields. This study aims to connect the antecedents of information privacy disclosure on SNS.Design/methodology/approach- Based on exchange theory, this study tries to investigate the decision-making process for information privacy disclosure on SNS. Factors from both user's and website's perspectives are taken into account in the proposed model.Findings -The results suggest that an individual's perceived benefits will increase their willingness to disclose information privacy on SNS, but perceived risks decrease this kind of willingness. The authors also find social network size, personal innovativeness and incentive provision positively affect people's perceived benefits.Originality/value-Moreover, privacy invasion experience enhances perceived personal risks, but website reputation helps to reduce perceived risks.

Kijung Lee,Prudence Attablayo

DOI: https://doi.org/10.48550/arXiv.2303.07927

2023-03-14

Social and Information Networks

Abstract:This research aims to investigate the impact of users' privacy awareness on their self-disclosing behavior. Our primary research question is to investigate how young social media users feel about the benefits and risks of disclosing them-selves on social media and how risk-benefit awareness influences the assess-ment of their self-disclosure. Based on the data we recorded, the factor analysis, and three-way ANOVA, we conclude that users who know more about privacy benefits share more on social media (F= 36.291; df 1; sig < .001) while those who know less about the benefits disclose less on social media. According to the analysis, users who know more about self-disclosure risks share less on so-cial media (F= 7.001; df 1; sig < .001). Users disclose less information on so-cial media platforms based on the different levels of their risk perceptions (df 3, F=.715, sig < 0.5). This indicates that risks on social media platforms vary to some degree. We saw that people's sharing habits based on their levels of risk, benefits, and social media platforms can vary. One thing that remained certain was users' main benefit for engaging and disclosing on social media is their need to stay in touch with friends and their need for community. On the flip side, the main risk was the need not to be impersonated and misunderstood by people. Based on a simple frequency analysis of the open-ended questions we asked In our data collection, the most highlighted words in our responses were "people" and "friends". These were the two main words that stood out in all the data we collected concerning the benefits, risks, and intention to self-disclose.

Thomas Mildner,Gian-Luca Savino

DOI: https://doi.org/10.1145/3411763.3451659

2021-04-07

Abstract:Many researchers have been concerned with whether social media has a negative impact on the well-being of their audience. With the popularity of social networking sites (SNS) steadily increasing, psychological and social sciences have shown great interest in their effects and consequences on humans. In this work, we investigate Facebook using the tools of HCI to find connections between interface features and the concerns raised by these domains. Using an empirical design analysis, we identify interface interferences impacting users' online privacy. Through a subsequent survey (n=116), we find usage behaviour changes due to increased privacy concerns and report individual cases of addiction and mental health issues. These observations are the results of a rapidly changing SNS creating a gap of understanding between users' interactions with the platform and future consequences. We explore how HCI can help close this gap and work towards more ethical user interfaces in the future.

Human-Computer Interaction

Nicolas E. Díaz Ferreyra,Esma Aïmeur,Hicham Hage,Maritta Heisel,Catherine García van Hoogstraten

DOI: https://doi.org/10.5220/0010142402040211

2020-09-27

Abstract:Privacy in Social Network Sites (SNSs) like Facebook or Instagram is closely related to people's self-disclosure decisions and their ability to foresee the consequences of sharing personal information with large and diverse audiences. Nonetheless, online privacy decisions are often based on spurious risk judgements that make people liable to reveal sensitive data to untrusted recipients and become victims of social engineering attacks. Artificial Intelligence (AI) in combination with persuasive mechanisms like nudging is a promising approach for promoting preventative privacy behaviour among the users of SNSs. Nevertheless, combining behavioural interventions with high levels of personalization can be a potential threat to people's agency and autonomy even when applied to the design of social engineering countermeasures. This paper elaborates on the ethical challenges that nudging mechanisms can introduce to the development of AI-based countermeasures, particularly to those addressing unsafe self-disclosure practices in SNSs. Overall, it endorses the elaboration of personalized risk awareness solutions as i) an ethical approach to counteract social engineering, and ii) as an effective means for promoting reflective privacy decisions.

Computers and Society,Human-Computer Interaction,Social and Information Networks

Tehila Minkus,Nasir Memon

DOI: https://doi.org/10.48550/arXiv.1406.2398

2014-06-10

Abstract:Online social networks have enabled new methods and modalities of collaboration and sharing. These advances bring privacy concerns: online social data is more accessible and persistent and simultaneously less contextualized than traditional social interactions. To allay these concerns, many web services allow users to configure their privacy settings based on a set of multiple-choice questions. We suggest a new paradigm for privacy options. Instead of suggesting the same defaults to each user, services can leverage knowledge of users' traits to recommend a machine-learned prediction of their privacy preferences for Facebook. As a case study, we build and evaluate MyPrivacy, a publicly available web application that suggests personalized privacy settings. An evaluation with 199 users shows that users find the suggestions to be appropriate and private; furthermore, they express intent to implement the recommendations made by MyPrivacy. This supports the proposal to put personalization to work in online communities to promote privacy and security.

Social and Information Networks,Computers and Society,Physics and Society