Exploring mobile privacy in context

Thesis: Ph. D., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2015.Cataloged from PDF version of thesis.Includes bibliographical references (pages 145-152).My research investigates the following question: What factors affect people's privacy preferences for disclosing data that is collected about them when interacting with mobile applications? Research about information privacy has revealed that there are relations between the role of context and people's expectations about privacy. But it is unclear how those findings can be applied to the ubiquitous environment where mobile apps operate. In order to illuminate this problem I have developed a framework, ContextProbe, which supports both quantitative and qualitative investigations of how user context and other external factors jointly affect people's willingness to disclose personal information to mobile apps. As a consequence of this work, I have learned that people use contextual factors in making decisions about disclosing personal information to apps. Some of the significant privacy contextual factors are people's frequently visited places, specific time slots, who is around, and activities people are engaged in. Although contextual factors help, they do not provide a complete explanation of people's privacy choices. More importantly, I found that other external factors such as purposes of data use and trust in the app itself outweigh contextual factors when considering information disclosure. My study showed that subjects were not aware of context in thinking about disclosure when purpose of data use was presented together in the question. Surprisingly, results drawn from in-situ responses are the exact opposite to previous survey-based approaches on the effect of apps' showing their purpose strings when requesting personal information: showing less information seems to result in greater willingness to disclose. ContextProbe has three major parts: app-building platform, personal data store, and application server. The app-building platform allows experimenters to create apps for ESM studies easily within a visual programming environment. Apps built by ContextProbe can be used to collect sensor data on mobile phones as well as subject-reported data for representing subjects' context. In addition, the apps can probe subjects' privacy preference in-situ with the detected context. The personal data store holds all data collected from subjects' phones and is responsible for sending data automatically to the corresponding application server. It provides a one-stop "dashboard" approach that lets subjects review information collected by the ESM apps. The application server aggregates all collected data in the study and monitors the health status of data collection tasks running on subjects' phone. ContextProbe provides an automatic process for study subjects and experimenters to easily set up personal data store and application server without extra overheads comparing to other existing architectures for ESM studies. My work has opened up the following new questions: how do we best represent the information of privacy-relevant contexts during preference solicitation? And how to balance the trade-offs between sampling in various contexts and the cost of subjects' times? Further research in fields such as behavioral economics that require real-time monitoring of user context, data collection, and in-situ responses might well be conducted using the ContextProbe framework.by Fuming Shih.Ph. D

GlobalIdentifier: Unexpected Personal Social Content with Data on the Web

The past year has seen a growing public awareness of the privacy risks of social networking through personal information that people voluntarily disclose. A spotlight has accordingly been turned on the disclosure policies of social networking sites and on mechanisms for restricting access to personal information on Facebook and other sites. But this is not sufficient to address privacy concerns in a world where Web-based data mining tools can let anyone infer information about others by combining data from multiple sources. To illustrate this, we are building a demonstration data miner, GlobalInferencer, that makes inferences about an individual?s lifestyle and other behavior. GlobalInferencer uses linked data technology to perform unified searches across Facebook, Flickr, and public data sites. It demonstrates that controlling access to personal information on individual social networking sites is not an adequate framework for protecting privacy, or even for supporting valid inferencing. In addition to access restrictions, there must be mechanisms for maintaining the provenance of information combined from multiple sources, for revealing the context within which information is presented, and for respecting the accountability that determines how information should be used