Revisiting the Design Agenda for Privacy Notices and Security Warnings

System-generated user-facing notices, dialogs, and warnings in privacy and security interventions present the opportunity to support users in making informed decisions about identified risks. However, too often, they are bypassed, ignored, and mindlessly clicked through, mainly in connection to the well-studied effect of user fatigue and habituation. The contribution of this position paper is to provide a summarized review of established and emergent design dimensions and principles to limit such risk-prone behavior, and to identify three emergent research and design directions for privacy-enhancing dialogs.Comment: 11 pages, 3 figures, Workshop on Privacy Interventions and Education (PIE): Encouraging Privacy Protective Behavioral Change Online, ACM CHI Conference on Human Factors in Computing Systems, 23-28 April 2023, Hamburg, German

Revisiting the Design Agenda for Privacy Notices and Security Warnings

System-generated user-facing notices, dialogs, and warnings in privacy and security interventions present the opportunity to support users in making informed decisions about identified risks. However, too often, they are bypassed, ignored, and mindlessly clicked through, mainly in connection to the well-studied effect of user fatigue and habituation. The contribution of this position paper is to provide a summarized review of established and emergent design dimensions and principles to limit such risk-prone behavior, and to identify three emergent research and design directions for privacy-enhancing dialogs

Security and Privacy with Second-Hand Storage Devices: A User-Centric Perspective from Switzerland

Second-hand electronic devices are increasingly being sold online. Although more affordable and more environment-friendly than new products, second-hand devices, in particular those with storage capabilities, create security and privacy threats (e.g., malware or confidential data still stored on the device, aka remnant data). Previous work studied this issue from a technical point of view or only from the perspective of the sellers of the devices, but the perspective of the buyers has been largely overlooked. In this paper, we fill this gap and take a multi-disciplinary approach, focusing on the case of Switzerland. First, we conduct a brief legal analysis of the rights and obligations related to second-hand storage devices. Second, in order to understand the buyers’ practices related to these devices and their beliefs about their legal rights and obligations, we deploy a survey in collaboration with a major online platform for transactions of second-hand goods. We demonstrate that the risks highlighted in prior research might not materialize, as many buyers do not inspect the content of the bought devices (e.g., they format it directly). We also found that none of the buyers uses forensic techniques. We identified that the buyers’ decisions about remnant data depend on the type of data. For instance, for data with illegal content, they would keep the data to report it to the authorities, whereas for sensitive personal data they would either delete the data or contact the sellers. We identified several discrepancies between the actual legal rights/obligations and users’ belief

On the Potential of Mediation Chatbots for Mitigating Online Multiparty Privacy Conflicts - A Wizard-of-Oz Study

Sharing multimedia content, without obtaining consent from the people involved causes multiparty privacy conflicts (MPCs). However, social-media platforms do not proactively protect users from the occurrence of MPCs. Hence, users resort to out-of-band, informal communication channels, attempting to mitigate such conflicts. So far, previous works have focused on hard interventions that do not adequately consider the contextual factors (e.g., social norms, cognitive priming) or are employed too late (i.e., the content has already been seen). In this work, we investigate the potential of conversational agents as a medium for negotiating and mitigating MPCs. We designed MediationBot, a mediator chatbot that encourages consent collection, enables users to explain their points of view, and proposes solutions to finding a middle ground. We evaluated our design using a Wizard-of-Oz experiment with = 32 participants, where we found that MediationBot can effectively help participants to reach an agreement and to prevent MPCs. It produced a structured conversation where participants had well-clarified speaking turns. Overall, our participants found MediationBot to be supportive as it proposes useful middle-ground solutions. Our work informs the future design of mediator agents to support social-media users against MPCs

On the Potential of Mediation Chatbots for Mitigating Multiparty Privacy Conflicts - A Wizard-of-Oz Study

Sharing multimedia content, without obtaining consent from the people involved causes multiparty privacy conflicts (MPCs). However, social-media platforms do not proactively protect users from the occurrence of MPCs. Hence, users resort to out-of-band, informal communication channels, attempting to mitigate such conflicts. So far, previous works have focused on hard interventions that do not adequately consider the contextual factors (e.g., social norms, cognitive priming) or are employed too late (i.e., the content has already been seen). In this work, we investigate the potential of conversational agents as a medium for negotiating and mitigating MPCs. We design MediationBot, a mediator chatbot that encourages consent collection, enables users to explain their points of view, and proposes solutions to finding a middle ground. We evaluate our design using a Wizard-of-Oz experiment with = 32 participants, where we find that MediationBot can effectively help participants to reach an agreement and to prevent MPCs. It produces a structured conversation where participants had well-clarified speaking turns. Overall, our participants found MediationBot to be supportive as it proposes useful middle-ground solutions. Our work informs the future design of mediator agents to support social-media users against MPCs

Security and Privacy with Second-Hand Storage Devices: A User-Centric Perspective from Switzerland

Second-hand electronic devices are increasingly being sold online. Although more affordable and more environment-friendly than new products, second-hand devices, in particular those with storage capabilities, create security and privacy threats (e.g., malware or confidential data still stored on the device, aka remnant data). Previous work studied this issue from a technical point of view or only from the perspective of the sellers of the devices, but the perspective of the buyers has been largely overlooked. In this paper, we fill this gap and take a multi-disciplinary approach by analyzing the situation in Switzerland. First, we conduct a brief legal analysis of the rights and obligations related to second-hand storage devices. Second, in order to understand the buyers’ practices related to these devices and their beliefs about their legal rights and obligations, we deploy a survey in collaboration with a major online platform for transactions of second-hand goods. Our findings show that the risks demonstrated in previous works do not seem to materialize: many buyers immediately format the devices without looking at the data. And none seems to use forensic techniques. We identified that the buyers’ decisions about remnant data depend on the type of data. For instance, for data with illegal content, they would keep the data to report it to the authorities, whereas, for sensitive personal data, they would either delete the data or contact the sellers. We identified several discrepancies between the actual legal rights/obligations and users’ beliefs

Contributing authors

All rights reserved. No part of this publication may be reproduced or modified without the prior permission of the publisher. Free PDF copy available on Orbicom’s website