Abstract
A number of mobile applications have emerged that allow users to locate one another. However, people have expressed concerns about the privacy implications associated with this class of software, suggesting that broad adoption may only happen to the extent that these concerns are adequately addressed. In this article, we report on our work on PeopleFinder, an application that enables cell phone and laptop users to selectively share their locations with others (e.g. friends, family, and colleagues). The objective of our work has been to better understand people’s attitudes and behaviors towards privacy as they interact with such an application, and to explore technologies that empower users to more effectively and efficiently specify their privacy preferences (or “policies”). These technologies include user interfaces for specifying rules and auditing disclosures, as well as machine learning techniques to refine user policies based on their feedback. We present evaluations of these technologies in the context of one laboratory study and three field studies.
Similar content being viewed by others
Notes
Not to be confused with the popular social networking site with the same name.
References
Aha DW, Kibler D, Albert MK (1991) Instance-based learning algorithms. Mach Learn 6:37–66
Barkhuus L (2004) Privacy in location-based services, concern vs. coolness. In: Proceedings of workshop paper in mobile HCI 2004 workshop: location system privacy and control. Glasgow, UK
Beresford AR, Stajano F (2003) Location privacy in pervasive computing. IEEE Pervasive Comput 2(1):46–55
Canny J, Duan T (2004) Protecting user data in ubiquitous computing environments: towards trustworthy environments. In: Proceedings of privacy-enhancing technologies (PET). Toronto
Cornwell J, Fette I, Hsieh G, Prabaker M, Rao J, Tang K, Vaniea K, Bauer L, Cranor L, Hong J, McLaren B, Reiter M, Sadeh N (2007) User-Controllable security and privacy for pervasive computing. In: Proceedings of the 8th IEEE workshop on mobile computing systems and applications (HotMobile 2007)
Consolvo S, Smith I, Matthews T, LaMarca A, Tabert J, Powledge P (2005) Location disclosure to social relations: why, when, & what people want to share. In: Proceedings of CHI 2005, conference on human factors in computing systems, ACM Press, pp 82–90
Gruteser M, Grunwald D (2002) Anonymous usage of location-based services through spatial and temporal cloaking. In: Proceedings of the first international conference on mobile systems, applications, and services (MobiSys 2002)
Grudin J, Horvitz E (2003) Presenting choices in context: approaches to information sharing. Workshop on Ubicomp communities: privacy as boundary negotiation. http://guir.berkeley.edu/pubs/ubicomp2003/privacyworkshop/papers.htm
Harper RH (1996) Why people do and don’t wear active badges: a case study. In: Proceedings of computer supported cooperative work (CSCW96), pp 297–318
Hightower J, Borriello G (2001) Location systems for ubiquitous computing. IEEE Comput 34:57–66
Ho TK (1995) Random decision forest. In: Proceedings of the 3rd international conference on document analysis and recognition. Montreal, Canada, pp 278–282
Hong JI (2005) An architecture for privacy-sensitive ubiquitous computing. University of California at Berkeley, Berkeley
Hong JI, Landay JA (2004) An architecture for privacy-sensitive ubiquitous computing. In: Proceedings of the second international conference on mobile systems, applications, and services. Boston, MA, pp 177–189
Hsieh G, Tang KP, Low WY, Hong JI (2007) Field deployment of IMBuddy: a study of privacy control and feedback mechanisms for contextual IM. In: Proceedings of 9th international conference on ubiquitous computing (Ubicomp 2007)
Kaasinen E (2003) User needs for location-aware mobile services. Pers Ubiquitous Comput 7(1):70–79
Khalil A, Connelly K (2006) Context-aware telephony: privacy preferences and sharing patterns. In: Proceedings of computer supported collaborative work (CSCW 2006)
Krumm J (2007) Inference attacks on location tracks. In: Proceedings of fifth international conference on pervasive computing (Pervasive 2007). Toronto, Ontario May 13–16, 2007
Krumm J (2007) A survey of computational location privacy. In: Proceedings of 9th international conference on ubiquitous computing (Ubicomp 2007), workshop on privacy. Innsbruck, Austria, May 13–16, 2007
LaMarca A, Chawathe Y, Consolvo S, Hightower J, Smith I, Scott J, Sohn T, Howard HJJ, Potter F, Tabert J, Powledge P, Borriello G, Schilit BN (2005) Place lab: device positioning using radio beacons in the wild. In: Proceedings of international conference on pervasive computing (pervasive 2005) (to appear)
Lederer S, Mankoff J, Dey AK (2003) Who wants to know what when? Privacy preference determinants in ubiquitous computing. In: Proceedings of extended abstracts of CHI 2003, ACM conference on human factors in computing systems. Fort Lauderdale, FL, pp 724–725
Palen L, Dourish P (2003) Unpacking “privacy” for a networked world. CHI Letters (human factors in computing systems: CHI 2003) 5(1):129–136
Patil S, Lai J (2005) Who gets to know what when: configuring privacy permissions in an awareness application. In: Proceedings of the SIGCHI conference on human factors in computing systems (CHI 2005), pp 101–110
Priyantha NB, Chakraborty A, Balakrishnan H (2000) The cricket location-support system. In: Proceedings of MobiCom 2000: the sixth annual international conference on mobile computing and networking. ACM Press, Boston, pp 32–43
Rastogi V, Walbourne E, Khoussainova N, Kriplean R, Balazinska M, Borriello G, Kohno T, Suciu D (2007) Expressing privacy policies using authorization views. In: Proceedings of 9th international conference on ubiquitous computing (workshop on privacy). Innsbruck, Austria, May 13–16, 2007
Sadeh N, Gandon F, Kwon OB (2006) Ambient intelligence: the mycampus experience, in ambient intelligence and pervasive computing In: Pedrycz TVaW (ed). ArTech House
Sohn T, Varshavsky A, LaMarca A, Chen MY, Choudhury T, Smith I, Consolvo S, Griswold W (2006) Mobility detection using everyday GSM traces. In: Proceedings of 9th international conference on ubiquitous computing (Ubicomp 2007). Irvine, CA
Tang KP, Keyani P, Fogarty J, Hong JI (2006) Putting people in their place: an anonymous and privacy-sensitive approach to collecting sensed data in location-based applications. In: Proceedings of conference on human factors in computing systems. Montréal, Québec, Canada. ACM Press, New York, pp 93–102. http://doi.acm.org/10.1145/1124772.1124788
Want R, Hopper A, Falcão V, Gibbons J (1992) The active badge location system. ACM Trans Inf Syst 10(1):91–102
Wireless S http://www.skyhookwireless.com
Acknowledgments
This work is supported by NSF Cyber Trust grant CNS-0627513, NSF grant CNS-0433540, ARO research grant DAAD19-02-1-0389 to Carnegie Mellon University’s CyLab, and a grant from FCT to the CMU/Portugal Information and Communication Technologies Institute. Additional support has also been provided by FranceTelecom, Nokia, IBM and Microsoft, the latter through the Center for Computational Thinking. PeopleFinder’s WiFi-based location tracking functionality runs on top of technology developed by Skyhook Wireless. The authors would like to thank all the other members of Carnegie Mellon University’s project on “User-Controllable Security and Privacy for Pervasive Computing” for their help designing and evaluating the PeopleFinder application, including Lujo Bauer, Bruce McLaren, Mike Reiter, Jacob Albertson, Paul Drielsma, Jason Cornwell, David Hacker, Gary Hsieh, Jialiu Lin, Justin Pincar, Rob Reeder, Alberto Sardinha, Karen Tang, Janice Tsai, Kami Vaniea, Michael Weber, Wei Zhiqiang, and Yue Zhang.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Sadeh, N., Hong, J., Cranor, L. et al. Understanding and capturing people’s privacy policies in a mobile social networking application. Pers Ubiquit Comput 13, 401–412 (2009). https://doi.org/10.1007/s00779-008-0214-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00779-008-0214-3