Skip to main content
SpringerLink
Log in

Understanding and capturing people’s privacy policies in a mobile social networking application

  • Original Article
  • Published:
Personal and Ubiquitous Computing Aims and scope Submit manuscript

Abstract

A number of mobile applications have emerged that allow users to locate one another. However, people have expressed concerns about the privacy implications associated with this class of software, suggesting that broad adoption may only happen to the extent that these concerns are adequately addressed. In this article, we report on our work on PeopleFinder, an application that enables cell phone and laptop users to selectively share their locations with others (e.g. friends, family, and colleagues). The objective of our work has been to better understand people’s attitudes and behaviors towards privacy as they interact with such an application, and to explore technologies that empower users to more effectively and efficiently specify their privacy preferences (or “policies”). These technologies include user interfaces for specifying rules and auditing disclosures, as well as machine learning techniques to refine user policies based on their feedback. We present evaluations of these technologies in the context of one laboratory study and three field studies.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16

Similar content being viewed by others

Notes

  1. Not to be confused with the popular social networking site with the same name.

References

  1. Aha DW, Kibler D, Albert MK (1991) Instance-based learning algorithms. Mach Learn 6:37–66

    Google Scholar 

  2. Barkhuus L (2004) Privacy in location-based services, concern vs. coolness. In: Proceedings of workshop paper in mobile HCI 2004 workshop: location system privacy and control. Glasgow, UK

  3. Beresford AR, Stajano F (2003) Location privacy in pervasive computing. IEEE Pervasive Comput 2(1):46–55

    Article  Google Scholar 

  4. Canny J, Duan T (2004) Protecting user data in ubiquitous computing environments: towards trustworthy environments. In: Proceedings of privacy-enhancing technologies (PET). Toronto

  5. Cornwell J, Fette I, Hsieh G, Prabaker M, Rao J, Tang K, Vaniea K, Bauer L, Cranor L, Hong J, McLaren B, Reiter M, Sadeh N (2007) User-Controllable security and privacy for pervasive computing. In: Proceedings of the 8th IEEE workshop on mobile computing systems and applications (HotMobile 2007)

  6. Consolvo S, Smith I, Matthews T, LaMarca A, Tabert J, Powledge P (2005) Location disclosure to social relations: why, when, & what people want to share. In: Proceedings of CHI 2005, conference on human factors in computing systems, ACM Press, pp 82–90

  7. Gruteser M, Grunwald D (2002) Anonymous usage of location-based services through spatial and temporal cloaking. In: Proceedings of the first international conference on mobile systems, applications, and services (MobiSys 2002)

  8. Grudin J, Horvitz E (2003) Presenting choices in context: approaches to information sharing. Workshop on Ubicomp communities: privacy as boundary negotiation. http://guir.berkeley.edu/pubs/ubicomp2003/privacyworkshop/papers.htm

  9. Harper RH (1996) Why people do and don’t wear active badges: a case study. In: Proceedings of computer supported cooperative work (CSCW96), pp 297–318

  10. Hightower J, Borriello G (2001) Location systems for ubiquitous computing. IEEE Comput 34:57–66

    Google Scholar 

  11. Ho TK (1995) Random decision forest. In: Proceedings of the 3rd international conference on document analysis and recognition. Montreal, Canada, pp 278–282

  12. Hong JI (2005) An architecture for privacy-sensitive ubiquitous computing. University of California at Berkeley, Berkeley

    Google Scholar 

  13. Hong JI, Landay JA (2004) An architecture for privacy-sensitive ubiquitous computing. In: Proceedings of the second international conference on mobile systems, applications, and services. Boston, MA, pp 177–189

  14. Hsieh G, Tang KP, Low WY, Hong JI (2007) Field deployment of IMBuddy: a study of privacy control and feedback mechanisms for contextual IM. In: Proceedings of 9th international conference on ubiquitous computing (Ubicomp 2007)

  15. Kaasinen E (2003) User needs for location-aware mobile services. Pers Ubiquitous Comput 7(1):70–79

    Article  Google Scholar 

  16. Khalil A, Connelly K (2006) Context-aware telephony: privacy preferences and sharing patterns. In: Proceedings of computer supported collaborative work (CSCW 2006)

  17. Krumm J (2007) Inference attacks on location tracks. In: Proceedings of fifth international conference on pervasive computing (Pervasive 2007). Toronto, Ontario May 13–16, 2007

  18. Krumm J (2007) A survey of computational location privacy. In: Proceedings of 9th international conference on ubiquitous computing (Ubicomp 2007), workshop on privacy. Innsbruck, Austria, May 13–16, 2007

  19. LaMarca A, Chawathe Y, Consolvo S, Hightower J, Smith I, Scott J, Sohn T, Howard HJJ, Potter F, Tabert J, Powledge P, Borriello G, Schilit BN (2005) Place lab: device positioning using radio beacons in the wild. In: Proceedings of international conference on pervasive computing (pervasive 2005) (to appear)

  20. Lederer S, Mankoff J, Dey AK (2003) Who wants to know what when? Privacy preference determinants in ubiquitous computing. In: Proceedings of extended abstracts of CHI 2003, ACM conference on human factors in computing systems. Fort Lauderdale, FL, pp 724–725

  21. Palen L, Dourish P (2003) Unpacking “privacy” for a networked world. CHI Letters (human factors in computing systems: CHI 2003) 5(1):129–136

  22. Patil S, Lai J (2005) Who gets to know what when: configuring privacy permissions in an awareness application. In: Proceedings of the SIGCHI conference on human factors in computing systems (CHI 2005), pp 101–110

  23. Priyantha NB, Chakraborty A, Balakrishnan H (2000) The cricket location-support system. In: Proceedings of MobiCom 2000: the sixth annual international conference on mobile computing and networking. ACM Press, Boston, pp 32–43

  24. Rastogi V, Walbourne E, Khoussainova N, Kriplean R, Balazinska M, Borriello G, Kohno T, Suciu D (2007) Expressing privacy policies using authorization views. In: Proceedings of 9th international conference on ubiquitous computing (workshop on privacy). Innsbruck, Austria, May 13–16, 2007

  25. Sadeh N, Gandon F, Kwon OB (2006) Ambient intelligence: the mycampus experience, in ambient intelligence and pervasive computing In: Pedrycz TVaW (ed). ArTech House

  26. Sohn T, Varshavsky A, LaMarca A, Chen MY, Choudhury T, Smith I, Consolvo S, Griswold W (2006) Mobility detection using everyday GSM traces. In: Proceedings of 9th international conference on ubiquitous computing (Ubicomp 2007). Irvine, CA

  27. Tang KP, Keyani P, Fogarty J, Hong JI (2006) Putting people in their place: an anonymous and privacy-sensitive approach to collecting sensed data in location-based applications. In: Proceedings of conference on human factors in computing systems. Montréal, Québec, Canada. ACM Press, New York, pp 93–102. http://doi.acm.org/10.1145/1124772.1124788

  28. Want R, Hopper A, Falcão V, Gibbons J (1992) The active badge location system. ACM Trans Inf Syst 10(1):91–102

    Article  Google Scholar 

  29. Wireless S http://www.skyhookwireless.com

Download references

Acknowledgments

This work is supported by NSF Cyber Trust grant CNS-0627513, NSF grant CNS-0433540, ARO research grant DAAD19-02-1-0389 to Carnegie Mellon University’s CyLab, and a grant from FCT to the CMU/Portugal Information and Communication Technologies Institute. Additional support has also been provided by FranceTelecom, Nokia, IBM and Microsoft, the latter through the Center for Computational Thinking. PeopleFinder’s WiFi-based location tracking functionality runs on top of technology developed by Skyhook Wireless. The authors would like to thank all the other members of Carnegie Mellon University’s project on “User-Controllable Security and Privacy for Pervasive Computing” for their help designing and evaluating the PeopleFinder application, including Lujo Bauer, Bruce McLaren, Mike Reiter, Jacob Albertson, Paul Drielsma, Jason Cornwell, David Hacker, Gary Hsieh, Jialiu Lin, Justin Pincar, Rob Reeder, Alberto Sardinha, Karen Tang, Janice Tsai, Kami Vaniea, Michael Weber, Wei Zhiqiang, and Yue Zhang.

Author information

Authors and Affiliations

  1. ISR, School of Computer Science, Carnegie Mellon University, 5000 Forbes Avenue, Pittsburgh, PA, 15213-3891, USA

    Norman Sadeh, Jason Hong, Lorrie Cranor, Ian Fette, Patrick Kelley, Madhu Prabaker & Jinghai Rao

Authors
  1. Norman Sadeh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jason Hong
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lorrie Cranor
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ian Fette
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Patrick Kelley
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Madhu Prabaker
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Jinghai Rao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Norman Sadeh.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Sadeh, N., Hong, J., Cranor, L. et al. Understanding and capturing people’s privacy policies in a mobile social networking application. Pers Ubiquit Comput 13, 401–412 (2009). https://doi.org/10.1007/s00779-008-0214-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00779-008-0214-3

Keywords

Search

Navigation