Talking to the Overlooked: A Nationwide Telephone Survey with Four Groups Under-represented in Privacy and Security Studies

Online surveys - a primary research tool in the field of usable security and privacy research - frequently rely on web-panel platforms. However, these platforms tend not to generalize well to specific user groups. Our study addresses this research gap by studying security and privacy perceptions of four under-represented groups. We conducted telephone interviews with n = 1003 participants in Germany: (I) teenagers aged 14-17, (II) older adults 70+, (III) people with low formal education, and (IV) people with migration background. We found these groups to be under-represented in our online comparison survey. We further identified target group-specific perceptions for each group compared to the general population, e.g., regarding their experiences with cybercrime, and provide detailed insight into the privacy and security knowledge and behavior of each group. Our findings underscore the effectiveness of telephone interviews and lay the foundation for further research on these groups

The effects of website quality on customer satisfaction, use intention, and purchase intention: A comparison among three types of booking channels

There is no doubt that hotel distribution has changed dramatically since the advent of the Internet. Online travel agencies’ (OTAs) and hotel websites have risen to reach a broader range of customers to generate more revenue. The latest in a series of disruptive innovations brought by the Internet, is the sharing economy business. This new wave of peer-to-peer businesses allow customers to make money from underused assets. In the hospitality industry, Airbnb is the best-known example of this phenomenon. The proliferation of online accommodation booking websites has created the need for measurement criteria to evaluate the quality of website. It is important for hoteliers, hosts, and website designers to understand and compare what components comprise website quality and how website quality influences customers’ purchase intention across three types of booking channels: OTA websites, hotel branded websites, and hospitality sharing economy platforms (HSEPs). This study identified what constituted website quality by regressing the perceived ease-of-use, information quality, privacy risk, and website aesthetics against overall website quality. This study also proposed a purchase intention model by adding customer satisfaction and use intention as two mediating variables. Results from 973 online survey responses revealed the conceptualization of website quality varied across three types of booking websites and highlighted the importance of website aesthetics. It was suggested OTA website quality was assessed based on customers’ experience in the information search process, while hotel website quality was evaluated with a focus on the technical adequacy. In the HSEP setting, it was noted that aesthetics was viewed as high-quality. Additionally, this study confirmed the inter-relationships among website quality, customer satisfaction and purchase intention, and mapped the customers’ search-purchase relationships in an online context. The mediating effects of customer satisfaction and use intention were also detected. The contribution of this research is both academic and practical. First, given the rapid growth of sharing economy platforms, this research is among the first studies to investigate the impact of website quality on customers’ intention to purchase on the HSEPs; and provides new insights in understanding this niche segment from customers’ perspectives. Second, this study expands upon the current website quality measurements body of knowledge in a more accurate manner by assessing measurement invariance and regressing overall website quality against each proposed website quality dimension across three booking channels. The third contribution of study is through the inclusion of two types of behavioral intentions (use intention and purchase intention) and the examination of the relationship between these two constructs, which suggest the diminished value of the billboard effect. Lastly, this study helps hospitality industry practitioners better position their own websites by revealing and comparing the influential factors that determine online accommodation bookers’ perceptions towards three types of booking channels

An Investigation of Factors that Influence Passengers’ Intentions to Use Biometric Technologies at Airports

Biometric technologies use the characteristics and measurements from humans to establish or verify their identity. Within an airport setting, biometric technologies can be used to hasten passenger processes such as airport check-in, baggage drop-off or pick-up, and aircraft boarding, thus enhancing the overall passenger experience. This research investigated the factors that influence passengers’ intentions to choose the use of biometrics over other methods of identification. The current study utilized a quantitative research method via an online survey of 689 persons from Amazon ® Mechanical Turk ® (MTurk) and employed structural equation modeling (SEM) techniques for data analysis. The study utilized the theory of planned behavior (TPB) as the grounded theory, while perceived usefulness and perceived ease of use were included as additional factors that could influence individuals’ intentions to use new technology. The study further assessed the impact of passengers’ privacy concerns on the intentions to use biometrics and investigated how the privacy concerns moderate the influencing factors of passengers’ behavioral intentions. Because of the coronavirus (COVID-19) pandemic that became prevalent at the time of the study, a COVID-19 variable was introduced as a control variable to examine if there were any effects of COVID-19 on passengers\u27 behavioral intentions while controlling for the other variables. Results showed that for the TPB factors, attitudes and subjective norms significantly influenced passengers’ behavioral intentions to use biometrics, while the effect of perceived behavioral control (PBC) on passengers’ intentions was not significant. The additional factors of perceived usefulness and perceived ease of use did not significantly influence passengers’ intentions. In addition, the hypothesized relationships between privacy concerns and four factors, behavioral intentions, attitudes, PBC, and perceived ease of use were supported, while the relationships between privacy concerns and perceived usefulness and between privacy concerns and subjective norms were not supported. The examination of the moderating effects found that privacy concerns moderated the relationships between passengers’ intentions and three factors: attitudes, subjective norms, and perceived usefulness. However, because the interaction plots showed that the moderating effects were weak, the effects were not considered to be of much value and were therefore not added to the final model. Results also showed that the control variable (COVID-19) did not significantly influence passengers’ behavioral intentions and passengers’ privacy concerns while controlling for the other variables. Practically, the study contributed a research model and specified factors that were postulated to influence passengers’ behavioral intentions to use biometrics at airports. Further research would be required to determine additional factors that influence behavioral intentions. Finally, although the moderating effects were not used in the final model, the findings suggest that stakeholders can customize biometric systems and solutions appropriately to cater to passengers’ concerns

Quality and Inequity in Digital Security Education

Few users have a formal, authoritative introduction to digital security. Rather, digital security skills are often learned haphazardly, as users filter through an overwhelming quantity of security education from a multitude of sources, hoping they're implementing the right set of behaviors that will keep them safe. In this thesis, I use computational, interview, and survey methods to investigate how users learn digital security behaviors, how security education impacts security outcomes, and how inequity in security education can create a digital divide. As a first step toward remedying this divide, I conduct a large-scale measurement of the quality of the digital security education content (i.e., security advice) that is available to users through one of their most cited sources of education: the Internet. The results of this evaluation suggest a security education ecosystem in crisis: security experts are unable or unwilling to narrow down which behaviors are most important for users' security, leaving end-users -- especially those with the least resources -- to attempt to implement the hundreds of security behaviors advised by educational materials

From Promise to Form: How Contracting Online Changes Consumers

I hypothesize that different experiences with online contracting have led some consumers to see contracts—both online and offline—in distinctive ways. Experimenting on a large, nationally representative sample, this paper provides evidence of age-based and experience-based differences in views of consumer contract formation and breach. I show that younger subjects who have entered into more online contracts are likelier than older ones to think that contracts can be formed online, that digital contracts are legitimate while oral contracts are not, and that contract law is unforgiving of breach. I argue that such individual differences in views of contract formation and enforceability might lead firms to discriminate among consumers. There is some evidence that businesses are already using variance in views of contract to induce consumers to purchase goods they would not otherwise have. I conclude by suggesting how the law might respond to such behavior

Third Person Effect and Internet Privacy Risks

The current study tests the third-person effect (TPE) in the context of Internet privacy. TPE refers to the phenomenon that people tend to perceive greater media effects on others than on themselves. The behavioral component of TPE holds that the self-others perceptual gap is positively associated with support for restricting harmful media messages. Using a sample (N=613) from Amazon Mturk, the current research documented firm support for the perceptual and behavioral components of TPE in the context of Internet privacy. Moreover, social distance, perceived Internet privacy knowledge, negative online privacy experiences, and Internet use were found to be significant predictors of the TPE perceptions of Internet privacy risks. There are four novel contributions of the current study. First, this study systematically tests TPE in a new context―Internet privacy. Second, this study examines five antecedents of TPE perceptions, of which perceived Internet privacy knowledge, negative online privacy experiences, and Internet use are novel to TPE studies. Unlike prior studies which assume social distance and desirability of media content, the current study provides direct empirical tests of these two antecedents. Third, prior research primarily examines support for censorship of harmful media messages, a context in which individuals do not have control over policy enforcement. In the case of Internet privacy, people can decide whether to adopt privacy protective measures or not. The current study addresses two types of behavioral intentions to reduce privacy risks: (1) the willingness to adopt online privacy protection measures; and (2) recommend such measures to others. Fourth, unlike prior studies using fear based theories to investigate Internet privacy issues, the current tests Internet privacy from a novel perspective—TPE theory

Digital privacy and new media: an empirical study assessing the impact of privacy seals on personal information disclosure.

Advances in technology have facilitated the rapid growth of a global new media industry. Many new media firms rely heavily on networked technologies to enable a primary income driver based on advertising revenues. This has attracted criticisms from privacy campaigners who argue that elements of the way some of these firms operate constitute an invasion of user’s privacy. Early economic approaches to privacy are primarily informed by the rational choice theory and viewed individuals as utility maximizers when making decisions involving personal information disclosure. Theoretical approaches have since developed to account for factors explored by bounded rationality and behavioural economics where individuals engage in complex trade-offs when making privacy disclosure decisions. Both EU and US regulators believe rapid technological advances have rendered existing regulatory provisions inadequate. In the EU, the 2018 General Data Protection Regulation (GDPR) set out to improve ‘information transparency’ and give individuals to exercise greater ‘control’ over their personal data. The regulation set out provisions for the establishment of a privacy seal accreditation scheme. There is little empirical evidence to demonstrate that the use of privacy seals is privacy enhancing. Existing research reveals inconsistent and at times counter-intuitive findings. This research conducted online experimental research to establish if a causal link exists between the presence of a privacy seals and personal information disclose. Experiment results show that contrary to previous research in this area, the presence of privacy seals does not result in lower personal information disclosure. Survey findings also show that the GDPR has failed to expand ‘sensitive’ categories of data in line with both EU and US data subjects expectations. This research makes a number of original contributions to knowledge. Information disclosure is examined in relation to sensitive data categories as defined in the GDPR. Using commercially available privacy seals, it adds to the existing body of literature on the impact of iconography on user behaviour. The findings suggest there is an opportunity for new media firms to use independently accredited privacy seals as a differentiator in this industry sector

Enhancing Privacy Management on Social Network Services

Tesis por compendioIn the recent years, social network services, such as Facebook or LinkedIn, have experienced an exponential growth. People enjoy their functionalities, such as sharing photos, finding friends, looking for jobs, and in general, they appreciate the social benefits that social networks provide. However, as using social network has become routine for many people, privacy breaches that may occur in social network services have increased users' concerns. For example, it is easy to find news about people being fired because of something they shared on a social network. To enable people define their privacy settings, service providers employ simple access controls which usually rely exclusively on lists or circles of friends. Although these access controls are easy to configure by average users, research literature points out that they are lacking elements, such as tie strength, that play a key role when users decide what to share and with whom. Additionally, despite the simplicity of current access controls, research on privacy on social media reports that people still struggle to effectively control how their information flows on these services. To provide users with a more robust privacy framework, related literature proposes a new paradigm for access controls based on relationships. In contrast to traditional access controls where permissions are granted based on users and their roles, this paradigm employs social elements such as the relationship between the information owner and potential viewers (e.g., only my siblings can see this photo). Access controls that follow this paradigm provide users with mechanisms for disclosure control that represent more naturally how humans reason about privacy. Furthermore, these access controls can deal with specific issues that social network services present. Specifically, users often share information that concerns many people, especially other members of the social network. In such situations, two or more people can have conflicting privacy preferences; thus, an appropriate sharing policy may not be apparent. These situations are usually identified as multiuser privacy scenarios. Since relationship based access controls are complex for the average social network user, service providers have not adopted them. Therefore, to enable the implementation of such access controls in current social networks, tools and mechanisms that facilitate their use must be provided. To that aim, this thesis makes five contributions: (1) a review of related research on privacy management on social networks that identifies pressing challenges in the field, (2) BFF, a tool for eliciting automatically tie strength and user communities, (3) a new access control that employs communities, individual identifiers, tie strength, and content tags, (4) a novel model for representing and reasoning about multiuser privacy scenarios, employing three types of features: contextual factors, user preferences, and user arguments; and, (5) Muppet, a tool that recommends sharing policies in multiuser privacy scenarios.En los últimos años, los servicios de redes sociales, como Facebook o LinkedIn, han experimentado un crecimiento exponencial. Los usuarios valoran positivamente sus muchas funcionalidades tales como compartir fotos, o búsqueda de amigos y trabajo. En general, los usuarios aprecian los beneficios que las redes sociales les aportan. Sin embargo, mientras el uso de redes sociales se ha convertido en rutina para mucha gente, brechas de privacidad que pueden ocurrir en redes sociales han aumentado los recelos de los usuarios. Por ejemplo, es sencillo encontrar en las noticias casos sobre personas que han perdido su empleo debido a algo que compartieron en una red social. Para facilitar la definición de los ajustes de privacidad, los proveedores de servicios emplean controles de acceso sencillos que normalmente se basan, de forma exclusiva, en listas o círculos de amigos. Aunque estos controles de acceso son fáciles de configurar por un usuario medio, investigaciones recientes indican que éstos carecen de elementos tales como la intensidad de los vínculos personales, que juegan un papel clave en cómo los usuarios deciden qué compartir y con quién. Además, a pesar de la simplicidad de los controles de acceso, investigaciones sobre privacidad en redes sociales señalan que los usuarios han de esforzarse para controlar de forma efectiva como su información fluye en estos servicios. Para ofrecer a los usuarios un marco de privacidad más robusto, trabajos recientes proponen un nuevo paradigma para controles de acceso basado en relaciones. A diferencia de los controles de acceso tradicionales donde los permisos se otorgan en base a usuarios y sus roles, este paradigma emplea elementos sociales como la relación entre el propietario de la información y su audiencia potencial (por ejemplo, sólo mis hermanos pueden ver la foto). Los controles de acceso que siguen este paradigma ofrecen a los usuarios mecanismos para el control de la privacidad que representan de una forma más natural como los humanos razonan sobre cuestiones de privacidad. Además, estos controles de acceso pueden lidiar con problemáticas específicas que presentan las redes sociales. Específicamente, los usuarios comparten de forma habitual información que atañe a muchas personas, especialmente a otros miembros de la red social. En tales situaciones, dos o más personas pueden tener preferencias de privacidad que entran en conflicto. Cuando esto ocurre, no hay una configuración correcta de privacidad que sea evidente. Estas situaciones son normalmente identificadas como escenarios de privacidad multiusuario. Dado que los controles de acceso basados en relaciones son complejos para el usuario promedio de redes sociales, los proveedores de servicios no los han adoptado. Por lo tanto, para permitir la implementación de tales controles de acceso en redes sociales actuales, es necesario que se ofrezcan herramientas y mecanismos que faciliten su uso. En este sentido, esta tesis presenta cinco contribuciones: (1) una revisión del estado del arte en manejo de privacidad en redes sociales que permite identificar los retos más importantes en el campo, (2) BFF, una herramienta para obtener automáticamente la intensidad de los vínculos personales y las comunidades de usuarios, (3) un nuevo control de acceso que emplea comunidades, identificadores individuales, la intensidad de los vínculos personales, y etiquetas de contenido, (4) un modelo novedoso para representar y razonar sobre escenarios de privacidad multiusario que emplea tres tipos de características: factores contextuales, preferencias de usuario, y argumentos de usuario; y, (5) Muppet, una herramienta que recomienda configuraciones de privacidad en escenarios de privacidad multiusuario.En els darrers anys, els servicis de xarxes socials, com Facebook o LinkedIn, han experimentat un creixement exponencial. Els usuaris valoren positivament les seues variades funcionalitats com la compartició de fotos o la cerca d'amics i treball. En general, els usuaris aprecien els beneficis que les xarxes socials els aporten. No obstant això, mentre l'ús de les xarxes socials s'ha convertit en rutina per a molta gent, bretxes de privacitat que poden ocórrer en xarxes socials han augmentat els recels dels usuaris. Per exemple, és senzill trobar notícies sobre persones que han perdut el seu treball per alguna cosa que compartiren a una xarxa social. Per facilitar la definició dels ajustos de privacitat, els proveïdors de servicis empren controls d'accés senzills que normalment es basen, de forma exclusiva, en llistes o cercles d'amics. Encara que aquests controls d'accés són fàcils d'emprar per a un usuari mitjà, investigacions recents indiquen que aquests manquen elements com la força dels vincles personals, que juguen un paper clau en com els usuaris decideixen què compartir i amb qui. A més a més, malgrat la simplicitat dels controls d'accés, investigacions sobre privacitat en xarxes socials revelen que els usuaris han d'esforçar-se per a controlar de forma efectiva com fluix la seua informació en aquests servicis. Per a oferir als usuaris un marc de privacitat més robust, treballs recents proposen un nou paradigma per a controls d'accés basat en relacions. A diferència dels controls d'accés tradicionals on els permisos s'atorguen segons usuaris i els seus rols, aquest paradigma empra elements socials com la relació entre el propietari de la informació i la seua audiència potencial (per exemple, sols els meus germans poden veure aquesta foto). Els controls d'accés que segueixen aquest paradigma ofereixen als usuaris mecanismes per al control de la privacitat que representen d'una forma més natural com els humans raonen sobre la privacitat. A més a més, aquests controls d'accés poden resoldre problemàtiques específiques que presenten les xarxes socials. Específicament, els usuaris comparteixen de forma habitual informació que concerneix moltes persones, especialment a altres membres de la xarxa social. En aquestes situacions, dues o més persones poden tindre preferències de privacitat que entren en conflicte. Quan açò ocorre, no hi ha una configuració de privacitat correcta que siga evident. Aquestes situacions són normalment identificades com escenaris de privacitat multiusari. Donat que els controls d'accés basats en relacions són complexos per a l'usuari mitjà de xarxes socials, els proveïdors de servicis no els han adoptat. Per tant, per a permetre la implementació d'aquests controls d'accés en xarxes socials actuals, és necessari oferir ferramentes i mecanismes que faciliten el seu ús. En aquest sentit, aquesta tesi presenta cinc contribucions: (1) una revisió de l'estat de l'art en maneig de privacitat en xarxes socials que permet identificar els reptes més importants en el camp, (2) BFF, una ferramenta per a obtenir automàticament la força dels vincles personals i les comunitats d'usuaris, (3) un nou control d'accés que empra comunitats, identificadors individuals, força dels vincles personals, i etiquetes de contingut, (4) un model nou per a representar i raonar sobre escenaris de privacitat multiusari que empra tres tipus de característiques: factors contextuals, preferències d'usuari, i arguments d'usuaris; i, (5) Muppet, una ferramenta que recomana configuracions de privacitat en escenaris de privacitat multiusuari.López Fogués, R. (2017). Enhancing Privacy Management on Social Network Services [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/85978TESISCompendi