research-article

Challenges in supporting end-user privacy and security management with social navigation

Authors:

W. Keith Edwards,

Elizabeth D. MynattAuthors Info & Claims

SOUPS '09: Proceedings of the 5th Symposium on Usable Privacy and Security

Article No.: 5, Pages 1 - 12

https://doi.org/10.1145/1572532.1572539

Published: 15 July 2009 Publication History

Abstract

Social navigation is a promising approach for supporting privacy and security management. By aggregating and presenting the choices made by others, social navigation systems can provide users with easily understandable guidance on security and privacy decisions, rather than requiring that they understand low-level technical details in order to make informed decisions. We have developed two prototype systems to explore how social navigation can help users manage their privacy and security. The Acumen system employs social navigation to address a common privacy activity, managing Internet cookies, and the Bonfire system uses social navigation to help users manage their personal firewall. Our experiences with Acumen and Bonfire suggest that, despite the promise of social navigation, there are significant challenges in applying these techniques to the domains of end-user privacy and security management. Due to features of these domains, individuals may misuse community data when making decisions, leading to incorrect individual decisions, inaccurate community data, and "herding" behavior that is an example of what economists term an informational cascade. By understanding this phenomenon in these terms, we develop and present two general approaches for mitigating herding in social navigation systems that support end-user security and privacy management, mitigation via algorithms and mitigation via user interaction. Mitigation via user interaction is a novel and promising approach to mitigating cascades in social navigation systems.

References

[1]

Ackerman, M., Cranor, L. and Reagle, J. Privacy in E-Commerce: Examining User Scenarios and Privacy Preferences 1999 ACM Conference on Electronic Commerce, 1999, 1--8.

Digital Library

[2]

Anderson, L. R. and Holt, C. A. Information Cascade Experiments. in Plott, C. and Smith, V. eds. The Handbook of Results in Experimental Economics, 2006.

[3]

Bandura, A. Social Learning Theory. General Learning Press, 1977.

[4]

Banerjee, A. A Simple Model of Herd Behavior. Quarterly Journal of Economics, 107 (3). 797--818.

[5]

Baron, R. S., Vandello, J. A. and Brunsman, B. The forgotten variable in conformity research: Impact of task importance on social influence. Journal of Personality and Social Psychology, 71. 915--927.

[6]

Bikhchandani, S., Hirshleifer, D. and Welch, I. A Theory of Fads, Fashion, Custom, and Cultural Change as Informational Cascades. Journal of Political Economy, 100 (5). 992--1026.

[7]

Cosley, D., Lam, S. K., Albert, I., Konstan, J. and Riedl, J., Is Seeing Believing? How Recommender Systems Influence Users' Opinions. in 2003 ACM Conference on Human Factors in Computing, (2003), ACM Press, 585--592.

Digital Library

[8]

Cranor, L. Web Privacy with P3P. O'Reilly, 2002.

Digital Library

[9]

Cranor, L. What do they "indicate?": evaluating security and privacy indicators. Interactions, 13 (3). 45--47.

Digital Library

[10]

Deutsch, M. and Gerard, H. B. A Study of Normative and Informational Social Influences Upon Individual Judgment. Journal of Abnormal and Social Psychology, 59. 204--209.

[11]

Devenow, A. and Welch, I. Rational Herding in Financial Economics. European Economic Review, 40 (3--5). 603--615.

[12]

DiGioia, P. and Dourish, P., Social navigation as a model for usable security. in 2005 Symposium on Usable Privacy and Security, (2005), 101--108.

Digital Library

[13]

Domingos, P. and Richardson, M., Mining the network value of customers. in The seventh ACM SIGKDD international conference on Knowledge discovery and data mining (KDD 2001), (2001), ACM Press, 57--66.

Digital Library

[14]

Dourish, P. and Chalmers, M., Running Out of Space: Models of Information Navigation. in 1994 Conference on Human-Computer Interaction, (1994), (Short paper).

[15]

Dourish, P., Edwards, W. K., LaMarca, A., Lamping, J., Peterson, K., Salisbury, M., Terry, D. B. and Thorton, J. Extending document management systems with user-specific active properties. ACM Transactions on Information Systems (TOIS), 18 (2). 140--170.

Digital Library

[16]

Dourish, P., Grinter, R., Delgado de la Flor, J. and Joseph, M. Security in the Wild: User Strategies for Managing Security as an Everyday, Practical Problem. Personal and Ubiquitous Computing, 8 (6). 391--401.

[17]

Edwards, W. K., Poole, E. S. and Stoll, J., Security Automation Considered Harmful? in Proceedings of the IEEE New Security Paradigms Workshop 2007, (White Mountain, New Hampshire, 2007).

Digital Library

[18]

Federal Trade Commission. Privacy Online: Fair Information Practices in the Electronic Marketplace: A Federal Trade Commission Report to Congress, 2000.

[19]

Friedman, B., Howe, D. and Felten, E., Informed Consent in the Mozilla Browser: Implementing Value-Sensitive Design. in 35th Hawaii International Conference on System Sciences, (2002), 247 (See CD-ROM for full paper).

Digital Library

[20]

Goecks, J. and Mynatt, E. D., Supporting Privacy Management via Community Experience and Expertise. in 2005 Conference on Communities and Technologies, (2005), 397--418.

[21]

Grebe, T., Schmid, J. and Stiehler, A. Do individuals recognize cascade behavior of others? -- An experimental study Journal of Economic Psychology, 29 (2). 197--209.

[22]

Gross, J. and Rosson, M. B., Looking for Trouble: Understanding End-User Security Management in 2007 Computer Human Interaction for the Management of Information Technology, (2007), ACM Press, 10.

Digital Library

[23]

Harris, I. Most People Are "Privacy Pragmatists" Who, While Concerned about Privacy, Will Sometimes Trade It Off for Other Benefits, 2003.

[24]

Herzog, A. and Shahmehri, N., Usability and Security of Personal Firewalls. in 2007 International Information Security Conference, (2007), 37--48.

[25]

Herzog, A. and Shahmehri, N. User Help Techniques for Usable Security 2007 Computer Human Interaction for the Management of Information Technology, ACM Press, 2007, 11.

Digital Library

[26]

Hill, W., Hollan, J., Wroblewski, D. and McCandless, T., Edit Wear and Read Wear. in 1992 Conference on Human Factors in Computing, (1992), 3--9.

Digital Library

[27]

Höök, K., Benyon, D. and Munro, A. J. Designing Information Systems: The Social Navigation Approach. Springer, 2003.

[28]

Horrigan, J. Wireless Internet Access; A Pew Internet&American Life Project Report, 2007.

[29]

Huberman, B. The Laws of the Web: Patterns in the Ecology of Information. MIT Press, 2001.

Digital Library

[30]

InsightExpress. InsightExpress Study Sheds New Light on Cookie Deletion: Misperceptions About Cookies Continue, But Deletion Is Easier Said Than Done, 2007.

[31]

Jensen, C. and Potts, C. Privacy Policies as Decision-Making Tools: A Usability Evaluation of Online Privacy Notices 2004 ACM Conference on Human Factors in Computing (CHI 2004), ACM, 2004, 471--478.

Digital Library

[32]

Jensen, C. and Potts, C. Privacy practices of Internet users: self-reports versus observed behavior. International Journal of Human-Computer Studies, 63 (1--2). 203--227.

Digital Library

[33]

Lampe, C. and Resnick, P., Slash(dot) and Burn: Distributed Moderation in a Large Online Conversation Space. in 2004 SIGCHI conference on Human factors in computing systems, (2004), ACM Press, 543--550.

Digital Library

[34]

Leskovec, J., Krause, A., Guestrin, C., Faloutsos, C., VanBriesen, J. and Gruhl, D., Cost-effective outbreak detection in networks. in 13th ACM SIGKDD international conference on Knowledge discovery and data mining (KDD 2007), (2007), ACM, 420--429.

Digital Library

[35]

Ludford, P. J., Cosley, D., Frankowski, D. and Terveen, L. G. Think different: increasing online community participation using uniqueness and group dissimilarity 2004 SIGCHI conference on Human factors in computing systems, ACM Press, 2004, 631--638.

Digital Library

[36]

McNee, S., Kapoor, N. and Konstan, J. A., Don't Look Stupid: Avoiding Pitfalls when Recommending Research Papers. in 2006 Conference on Computer-Support Cooperative Work (CSCW 2006), (2006), 171--180.

Digital Library

[37]

Millett, L., B., F. and Felten, E., Cookies and Web Browser Design: Toward Realizing Informed Consent Online. in 2001 Conference on Human Factors in Computing (CHI), (2001), 46--52.

Digital Library

[38]

Paine, C., Reips, U., Stieger, S., Joinson, A. and Buchanan, T. Internet users' perceptions of 'privacy concerns' and 'privacy actions'. International Journal of Human-Computer Studies, 65 (6). 526--536.

Digital Library

[39]

Palen, L. and Dourish, P., Unpacking "Privacy" for a Networked World. in 2003 Conference on Human Factors in Computing, (2003), 129--136.

Digital Library

[40]

Pew Internet&American Life Project. Report: Home Broadband Adoption 2006, 2006.

[41]

Pew Internet&American Life Project. Spyware, The threat of unwanted software programs is changing the way people use the Internet; The Pew Internet&American Life Project Report, 2005.

[42]

Pew Internet&American Life Project. The Broadband Difference: How online Americans' behavior changes with high-speed Internet connections at home, 2004.

[43]

Resnick, P., Kuwabara, K., Zeckhauser, R. and Friedman, E. Reputation Systems. Communications of the ACM, 43 (12). 45--48.

Digital Library

[44]

Resnick, P., Neophytos, I., Suchak, M., Bergstrom, P. and Riedl, J., GroupLens: an open architecture for collaborative filtering of netnews. in 1994 Conference on Computer-Supported Cooperative Work, (1994), 175--186.

Digital Library

[45]

Resnick, P. and Sami, R., The influence limiter: provably manipulation-resistant recommender systems. in 2007 ACM Conference on Recommender Systems, (2007), ACM, 25--32.

Digital Library

[46]

Schneier, B. Secrets and Lies: Digital Security in a Networked World. Wiley, 2004.

Digital Library

[47]

Shilad, S., Shyong, K. L., Rashid, A. M., Cosley, D., Frankowski, D., Osterhouse, J., Harper, F. M. and Riedl, J., Tagging, communities, vocabulary, evolution. in 2006 ACM Conference on Computer-Supported Cooperative Work, (2006), ACM Press, 181--190.

Digital Library

[48]

Svensson, M., Höök, K., Laaksolahti, J. and Waern, A., Social Navigation of Food Recipes. in 2001 Conference on Human Factors in Computing, (2001), 341--348.

Digital Library

[49]

Taubes, G. Good Calories, Bad Calories: Challenging the Conventional Wisdom on Diet, Weight Control, and Disease. Knopf, 2007. Turow, J. Americans and Online Privacy: The System is Broken, 2003.

[50]

Turow, J. Americans and Online Privacy: The System is Broken, 2003.

[51]

Walden, E. A. and Browne, G. J., Information Cascades in the Adoption of New Technology. in 2002 International Conference on Information Systems, (2002), 435--443.

[52]

Welch, I. Sequential Sales, Learning, and Cascades. Journal of Finance, 47 (2). 695--732.

[53]

Wexelblat, A. and Maes, P., Footprints: History-Rich Tools for Information Foraging. in 1999 Conference on Human Factors in Computing, (1999), 270--277.

Digital Library

[54]

Whitten, A. and Tygar, J. D. Why Johnny can't encrypt: A usability evaluation of PGP 5.0. 8th USENIX Security Symposium, Usenix, 1999, 169--184.

Digital Library

Cited By

Tazi FShrestha SDe La Cruz JDas S(2022)SoK: An Evaluation of the Secure End User Experience on the Dark Net through Systematic Literature ReviewJournal of Cybersecurity and Privacy10.3390/jcp20200182:2(329-357)Online publication date: 27-May-2022
https://doi.org/10.3390/jcp2020018
Wu YEdwards WDas S(2022)SoK: Social Cybersecurity2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833757(1863-1879)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833757
Chouhan CLaPerriere CAljallad ZKropczynski JLipford HWisniewski P(2019)Co-designing for Community OversightProceedings of the ACM on Human-Computer Interaction10.1145/33592483:CSCW(1-31)Online publication date: 7-Nov-2019
https://dl.acm.org/doi/10.1145/3359248
Show More Cited By

Index Terms

Challenges in supporting end-user privacy and security management with social navigation

Recommendations

The impact of social navigation on privacy policy configuration
SOUPS '10: Proceedings of the Sixth Symposium on Usable Privacy and Security

Social navigation is a promising approach to help users make better privacy and security decisions using community knowledge and expertise. Social navigation has recently been applied to several privacy and security systems such as peer-to-peer file ...
Social navigation: modeling, simulation, and experimentation
AAMAS '03: Proceedings of the second international joint conference on Autonomous agents and multiagent systems

The term social navigation refers to the process of seeking social interaction as a source of navigational support. In this paper we present a computational model of social navigation as an extension to an existing conceptual, non-computational model of ...
Social navigation research agenda
CHI EA '01: CHI '01 Extended Abstracts on Human Factors in Computing Systems

Social navigation (SN) emerged as a marriage between one-user-one-system scenarios and CSCW. It is a design approach based on either visualizing traces of other users' activities or on direct or indirect communication between users, with the goal to ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

SOUPS '09: Proceedings of the 5th Symposium on Usable Privacy and Security

July 2009

205 pages

ISBN:9781605587363

DOI:10.1145/1572532

General Chair:
Lorrie Faith Cranor
Carnegie Mellon University

Copyright © 2009 Copyright held by the author/owner.

Sponsors

Carnegie Mellon CyLab
Google Inc.

In-Cooperation

SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 July 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SOUPS '09

Sponsor:

SOUPS '09: Symposium on Usable Privacy and Security

July 15 - 17, 2009

California, Mountain View, USA

Acceptance Rates

SOUPS '09 Paper Acceptance Rate 15 of 49 submissions, 31%;

Overall Acceptance Rate 15 of 49 submissions, 31%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

20
Total Citations
View Citations
952
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)1

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Tazi FShrestha SDe La Cruz JDas S(2022)SoK: An Evaluation of the Secure End User Experience on the Dark Net through Systematic Literature ReviewJournal of Cybersecurity and Privacy10.3390/jcp20200182:2(329-357)Online publication date: 27-May-2022
https://doi.org/10.3390/jcp2020018
Wu YEdwards WDas S(2022)SoK: Social Cybersecurity2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833757(1863-1879)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833757
Chouhan CLaPerriere CAljallad ZKropczynski JLipford HWisniewski P(2019)Co-designing for Community OversightProceedings of the ACM on Human-Computer Interaction10.1145/33592483:CSCW(1-31)Online publication date: 7-Nov-2019
https://dl.acm.org/doi/10.1145/3359248
Emami Naeini PDegeling MBauer LChow RCranor LHaghighat MPatterson H(2018)The Influence of Friends and Experts on Privacy Decision Making in IoT ScenariosProceedings of the ACM on Human-Computer Interaction10.1145/32743172:CSCW(1-26)Online publication date: 1-Nov-2018
https://dl.acm.org/doi/10.1145/3274317
Knijnenburg B(2018)Privacy in Social Information AccessSocial Information Access10.1007/978-3-319-90092-6_2(19-74)Online publication date: 3-May-2018
https://doi.org/10.1007/978-3-319-90092-6_2
Coventry LJeske DBlythe JTurland JBriggs P(2016)Personality and Social Framing in Privacy Decision-Making: A Study on Cookie AcceptanceFrontiers in Psychology10.3389/fpsyg.2016.013417Online publication date: 7-Sep-2016
https://doi.org/10.3389/fpsyg.2016.01341
Elmisery ARho SBotvich D(2016)A Fog Based Middleware for Automated Compliance With OECD Privacy Principles in Internet of Healthcare ThingsIEEE Access10.1109/ACCESS.2016.26315464(8418-8441)Online publication date: 2016
https://doi.org/10.1109/ACCESS.2016.2631546
Barrett-Maitland NBarclay COsei-Bryson K(2016)Security in Social Networking ServicesInformation Technology for Development10.1080/02681102.2016.117300222:3(464-486)Online publication date: 1-Jul-2016
https://dl.acm.org/doi/10.1080/02681102.2016.1173002
Reilly DSalimian MMacKay BMathiasen NEdwards WFranz JPaternò FSantoro CZiegler J(2014)SecSpaceProceedings of the 2014 ACM SIGCHI symposium on Engineering interactive computing systems10.1145/2607023.2607039(273-282)Online publication date: 17-Jun-2014
https://dl.acm.org/doi/10.1145/2607023.2607039
Benton KCamp LGarg V(2013)Studying the effectiveness of android application permissions requests2013 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops)10.1109/PerComW.2013.6529497(291-296)Online publication date: Mar-2013
https://doi.org/10.1109/PerComW.2013.6529497
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten