Understanding & controlling user privacy in social media via exposure

The recent popularity of Online Social Media sites (OSM) like Facebook and Twitter have led to a renewed discussion about user privacy. In fact, numerous recent news reports and research studies on user privacy stress the OSM users’ urgent need for better privacy control mechanisms. Thus, today, a key research question is: how do we provide improved privacy protection to OSM users for their social content? In this thesis, we propose a systematic approach to address this question. We start with the access control model, the dominant privacy model in OSMs today. We show that, while useful, the access control model does not capture many theoretical and practical aspects of privacy. Thus, we propose a new model, which we term the exposure control model. We define exposure for a piece of content as the set of people who actually view the content. We demonstrate that our model is a significant improvement over access control to capture users’ privacy requirements. Next, we investigate the effectiveness of our model to protect users’ privacy in three real world scenarios: (1) Understanding and controlling exposure using social access control lists (SACLs) (2) Controlling exposure by limiting large-scale social data aggregators and (3) Understanding and controlling longitudinal exposure in OSMs, i.e., how users control exposure of their old OSM content. We show that, in each of these cases, the exposure control-based approach helps us to design improved privacy control mechanisms.Die Popularität von sozialen Netzwerken (SN), wie Facebook, haben zu einer erneuten Diskussion über die Privatsphäre geführt. Wissenschaftliche Publikationen untersuchen die Privatsphäre und zeigen wie dringend SN Benutzer besseren Datenschutz benoötigen. Eine zentrale Herausforderung für in diesem Bereich ist: Wie kann der Schutz der Privatsphäre von SN Benutzern und ihren Inhalten garantiert werden? Diese Doktorarbeit schlägt Ansätze vor, die diese Frage beantworten. Wir untersuchen das Privatsphäremodel, das Access Control Modell, in SN. Wir zeigen auf, dass das Access Control Modell theoretische und praktische Aspekte der Privatsphäre nicht erfasst. Deshalb schlagen wir das Expositionssteuerunsgmodell vor und definieren Exposition für einen Inhalt als die Menge der Personen, die einen Beitrag ansieht. Unser Modell stellt eine bedeutende Verbesserung zu dem Access Control Modell dar. Wir untersuchen die Effektivität unseres Modells, indem wir den Datenschutz der Benutzer in drei realen Szenarien schützen: (1) Verständnis und Steuerung der Exposition von Inhalten mit Sozialen Access Control Listen (SACLs), (2) Steuerung der Exposition durch Begrenzung der umfassenden sozialen Datenaggregation und (3) Verständnis und Steuerung von Langzeitexposition in SN, z.B. wie Benutzer Exposition alter Inhalte begrenzen. In diesen Fällen fürt Expositionssteuerungsmethoden zu einem verbesserten Privatsphäresteuerungsmechanismus

Are HIV smartphone apps and online interventions fit for purpose?

Sexual health is an under-explored area of Human-Computer Interaction (HCI), particularly sexually transmitted infections such as HIV. Due to the stigma associated with these infections, people are often motivated to seek information online. With the rise of smartphone and web apps, there is enormous potential for technology to provide easily accessible information and resources. However, using online information raises important concerns about the trustworthiness of these resources and whether they are fit for purpose. We conducted a review of smartphone and web apps to investigate the landscape of currently available online apps and whether they meet the diverse needs of people seeking information on HIV online. Our functionality review revealed that existing technology interventions have a one-size-fits-all approach and do not support the breadth and complexity of HIV-related support needs. We argue that technology-based interventions need to signpost their offering and provide tailored support for different stages of HIV, including prevention, testing, diagnosis and management

Real Virtuality: A Code of Ethical Conduct. Recommendations for Good Scientific Practice and the Consumers of VR-Technology

The goal of this article is to present a first list of ethical concerns that may arise from research and personal use of virtual reality (VR) and related technology, and to offer concrete recommendations for minimizing those risks. Many of the recommendations call for focused research initiatives. In the first part of the article, we discuss the relevant evidence from psychology that motivates our concerns. In Section “Plasticity in the Human Mind,” we cover some of the main results suggesting that one’s environment can influence one’s psychological states, as well as recent work on inducing illusions of embodiment. Then, in Section “Illusions of Embodiment and Their Lasting Effect,” we go on to discuss recent evidence indicating that immersion in VR can have psychological effects that last after leaving the virtual environment. In the second part of the article, we turn to the risks and recommendations. We begin, in Section “The Research Ethics of VR,” with the research ethics of VR, covering six main topics: the limits of experimental environments, informed consent, clinical risks, dual-use, online research, and a general point about the limitations of a code of conduct for research. Then, in Section “Risks for Individuals and Society,” we turn to the risks of VR for the general public, covering four main topics: long-term immersion, neglect of the social and physical environment, risky content, and privacy. We offer concrete recommendations for each of these 10 topics, summarized in Table 1

After Over-Privileged Permissions: Using Technology and Design to Create Legal Compliance

Consumers in the mobile ecosystem can putatively protect their privacy with the use of application permissions. However, this requires the mobile device owners to understand permissions and their privacy implications. Yet, few consumers appreciate the nature of permissions within the mobile ecosystem, often failing to appreciate the privacy permissions that are altered when updating an app. Even more concerning is the lack of understanding of the wide use of third-party libraries, most which are installed with automatic permissions, that is permissions that must be granted to allow the application to function appropriately. Unsurprisingly, many of these third-party permissions violate consumers’ privacy expectations and thereby, become “over-privileged” to the user. Consequently, an obscurity of privacy expectations between what is practiced by the private sector and what is deemed appropriate by the public sector is exhibited. Despite the growing attention given to privacy in the mobile ecosystem, legal literature has largely ignored the implications of mobile permissions. This article seeks to address this omission by analyzing the impacts of mobile permissions and the privacy harms experienced by consumers of mobile applications. The authors call for the review of industry self-regulation and the overreliance upon simple notice and consent. Instead, the authors set out a plan for greater attention to be paid to socio-technical solutions, focusing on better privacy protections and technology embedded within the automatic permission-based application ecosystem