Gamification: A Necessary Element for Designing Privacy Training Programs

The benefits, deriving from utilizing new Information and Communication Technologies (ICTs), such as Internet of Things or cloud computing, raise at the same time several privacy risks and concerns for users. Despite the fact that users’ inability to protect their privacy has been recognized, hence users do not get involved in processes for enhancing their awareness on such issues. However, in order to protect their fundamental right of privacy and to manage it in a practical way when using ICT, privacy literacy is crucial. Users should be trained on privacy issues through appropriate educational programs. Specifically, the development of instructional simulation programs could be of great importance. Relevant methodologies for the development of such services have been recorded in previous literature. Since the concept of training is advanced by creating attractive interaction environments, the educational privacy process could be also more efficient. Towards this, the implementation of game elements serves that purpose, contributing to the design of gameful educational programs. However, despite its benefits, gamification has been noticed to be used more as a tool rather than a concept which could be included in instructional methods. Thus, in this work, gamification features are explained to highlight their importance along with the recorded in the literature educational methods and privacy awareness issues

A User-Focused Reference Model for Wireless Systems Beyond 3G

This whitepaper describes a proposal from Working Group 1, the Human Perspective of the Wireless World, for a user-focused reference model for systems beyond 3G. The general structure of the proposed model involves two "planes": the Value Plane and the Capability Plane. The characteristics of these planes are discussed in detail and an example application of the model to a specific scenario for the wireless world is provided

Phish Phinder: A Game Design Approach to Enhance User Confidence in Mitigating Phishing Attacks

Phishing is an especially challenging cyber security threat as it does not attack computer systems, but targets the user who works on that system by relying on the vulnerability of their decision-making ability. Phishing attacks can be used to gather sensitive information from victims and can have devastating impact if they are successful in deceiving the user. Several anti-phishing tools have been designed and implemented but they have been unable to solve the problem adequately. This failure is often due to security experts overlooking the human element and ignoring their fallibility in making trust decisions online. In this paper, we present Phish Phinder, a serious game designed to enhance the user's confidence in mitigating phishing attacks by providing them with both conceptual and procedural knowledge about phishing. The user is trained through a series of gamified challenges, designed to educate them about important phishing related concepts, through an interactive user interface. Key elements of the game interface were identified through an empirical study with the aim of enhancing user interaction with the game. We also adopted several persuasive design principles while designing Phish Phinder to enhance phishing avoidance behaviour among users.Comment: 1

PRIMA — Privacy research through the perspective of a multidisciplinary mash up

Based on a summary description of privacy protection research within three fields of inquiry, viz. social sciences, legal science, and computer and systems sciences, we discuss multidisciplinary approaches with regard to the difficulties and the risks that they entail as well as their possible advantages. The latter include the identification of relevant perspectives of privacy, increased expressiveness in the formulation of research goals, opportunities for improved research methods, and a boost in the utility of invested research efforts

Empowering users to control their privacy in context-aware system through interactive consent

Context-aware systems adapt their behaviour based on the context a user is in. Since context is potentially privacy sensitive information, users should be empowered to control how much of their context they are willing to share, under what conditions and for what purpose. We propose an interactive consent mechanism that allows this. It is interactive in the sense that users are asked for consent when a request for their context information is received. Our interactive consent mechanism complements a more traditional pre-configuration approach. We describe the architecture, the implementation of our interactive consent mechanism and a use case

Literature Overview - Privacy in Online Social Networks

In recent years, Online Social Networks (OSNs) have become an important\ud part of daily life for many. Users build explicit networks to represent their\ud social relationships, either existing or new. Users also often upload and share a plethora of information related to their personal lives. The potential privacy risks of such behavior are often underestimated or ignored. For example, users often disclose personal information to a larger audience than intended. Users may even post information about others without their consent. A lack of experience and awareness in users, as well as proper tools and design of the OSNs, perpetuate the situation. This paper aims to provide insight into such privacy issues and looks at OSNs, their associated privacy risks, and existing research into solutions. The final goal is to help identify the research directions for the Kindred Spirits project

On-line privacy behavior: using user interfaces for salient factors

The problem of privacy in social networks is well documented within literature; users have privacy concerns however, they consistently disclose their sensitive information and leave it open to unintended third parties. While numerous causes of poor behaviour have been suggested by research the role of the User Interface (UI) and the system itself is underexplored. The field of Persuasive Technology would suggest that Social Network Systems persuade users to deviate from their normal or habitual behaviour. This paper makes the case that the UI can be used as the basis for user empowerment by informing them of their privacy at the point of interaction and reminding them of their privacy needs. The Theory of Planned Behaviour is introduced as a potential theoretical foundation for exploring the psychology behind privacy behaviour as it describes the salient factors that influence intention and action. Based on these factors of personal attitude, subjective norms and perceived control, a series of UIs are presented and implemented in controlled experiments examining their effect on personal information disclosure. This is combined with observations and interviews with the participants. Results from this initial, pilot experiment suggest groups with privacy salient information embedded exhibit less disclosure than the control group. This work reviews this approach as a method for exploring privacy behaviour and proposes further work required