Nudges for Privacy and Security: Understanding and Assisting Users’ Choices Online

Authors:
Alessandro Acquisti

Carnegie Mellon University, USA

Carnegie Mellon University, USA

0000-0001-6582-6178
View Profile

,
Idris Adjerid

University of Notre Dame, USA

University of Notre Dame, USA
View Profile

,
Rebecca Balebako

Carnegie Mellon University, USA

Carnegie Mellon University, USA
View Profile

,
Laura Brandimarte

University of Arizona, USA

University of Arizona, USA
View Profile

,
Lorrie Faith Cranor

Carnegie Mellon University

Carnegie Mellon University
View Profile

,
Saranga Komanduri

Civis Analytics, USA

Civis Analytics, USA
View Profile

,
Pedro Giovanni Leon

Banco de Mexico, Mexico City, Mexico

Banco de Mexico, Mexico City, Mexico
View Profile

,
Norman Sadeh

Carnegie Mellon University

Carnegie Mellon University
View Profile

,
Florian Schaub

University of Michigan, USA

University of Michigan, USA
View Profile

,
Manya Sleeper

Carnegie Mellon University, USA

Carnegie Mellon University, USA
View Profile

,
Yang Wang

Syracuse University, USA

Syracuse University, USA
View Profile

,
Shomir Wilson

University of Cincinnati, USA

University of Cincinnati, USA
View Profile

Authors Info & Claims

ACM Computing Surveys Volume 50 Issue 3Article No.: 44pp 1–41https://doi.org/10.1145/3054926

Published:08 August 2017Publication History

ACM Computing Surveys

Abstract

Advancements in information technology often task users with complex and consequential privacy and security decisions. A growing body of research has investigated individuals’ choices in the presence of privacy and information security tradeoffs, the decision-making hurdles affecting those choices, and ways to mitigate such hurdles. This article provides a multi-disciplinary assessment of the literature pertaining to privacy and security decision making. It focuses on research on assisting individuals’ privacy and security choices with soft paternalistic interventions that nudge users toward more beneficial choices. The article discusses potential benefits of those interventions, highlights their shortcomings, and identifies key ethical, design, and research challenges.

References

Alessandro Acquisti. 2004. Privacy in electronic commerce and the economics of immediate gratification. In Proceedings of the 5th ACM Conference on Electronic Commerce. ACM, New York, NY, 21--29. Google ScholarDigital Library
Alessandro Acquisti. 2009. Nudging privacy: The behavioral economics of personal information. IEEE Secur. Priv. 7, 6 (2009), 82--85. Google ScholarDigital Library
Alessandro Acquisti, Laura Brandimarte, and George Loewenstein. 2015. Privacy and human behavior in the age of information. Science 347, 6221 (2015), 509--514. Google ScholarCross Ref
Alessandro Acquisti and Christina M. Fong. 2014. An experiment in hiring discrimination via online social networks. Available at SSRN 2031979 (2014), 1--81.Google Scholar
Alessandro Acquisti and Ralph Gross. 2006. Imagined communities: Awareness, information sharing, and privacy on the Facebook. In Proceedings of the 6th International Workshop Privacy Enhancing Technology (PET’06). Springer, 36--58. Google ScholarDigital Library
Alessandro Acquisti and Jens Grossklags. 2005. Privacy and rationality in individual decision making. IEEE Secur. Priv. 2 (2005), 24--30. Google ScholarDigital Library
Alessandro Acquisti and Jens Grossklags. 2007. What can behavioral economics teach us about privacy. In Digital Privacy: Theory, Technologies and Practices, Sabrina De Capitani di Vimercati, Stefanos Gritzalis, Costas Lambrinoudakis, and Alessandro Acquisti (Eds.). Auerbach Publications, 363--377.Google Scholar
Alessandro Acquisti, Leslie K. John, and George Loewenstein. 2012. The impact of relative standards on the propensity to disclose. J. Market. Res. 49, 2 (2012), 160--174. Google ScholarCross Ref
Alessandro Acquisti, Leslie K. John, and George Loewenstein. 2013. What is privacy worth? J. Legal Stud. 42, 2 (2013), 249--274. Google ScholarCross Ref
Alessandro Acquisti, Curtis R. Taylor, and Liad Wagman. 2016. The economics of privacy. J. Econ. Lit. 52, 2 (2016). Google ScholarCross Ref
Anne Adams and Martina Angela Sasse. 1999. Users are not the enemy. Commun. ACM 42, 12 (1999), 40--46. Google ScholarDigital Library
Idris Adjerid, Alessandro Acquisti, Laura Brandimarte, and George Loewenstein. 2013. Sleights of privacy: Framing, disclosures, and the limits of transparency. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS’13). ACM, 1--11. Google ScholarDigital Library
George Ainslie and Nick Haslam. 1992. Hyperbolic discounting. In Choice Over Time, G. Loewenstein and J. Elster (Eds.). Russell Sage Foundation, New York, NY, 57--92.Google Scholar
George A. Akerlof. 1970. The market for “lemons”: Quality uncertainty and the market mechanism. Quarter. J. Econ. 84, 3 (1970), 488--500. Google ScholarCross Ref
Reed Albergotti. 2014. Facebook’s Blue Dino Wants You to Mind Your Posting. WSJ Blog. (April 2014). Retrieved from http://blogs.wsj.com/digits/2014/04/01/facebooks-blue-dino-wants-you-to-mind-your-posting.Google Scholar
Hazim Almuhimedi, Florian Schaub, Norman Sadeh, Idris Adjerid, Alessandro Acquisti, Joshua Gluck, Lorrie Faith Cranor, and Yuvraj Agarwal. 2015. Your location has been shared 5,398 times&excl; A field study on mobile app privacy nudging. In Proceedings of the Conference on Human Factors in Computing Systems (CHI’15). ACM, 1--10.Google Scholar
Adil Alsaid and David Martin. 2003. Detecting web bugs with Bugnosis: Privacy advocacy through education. In Proceedings of the 2nd International Conference on Privacy Enhancing Technologies. Springer, 27--31. Google ScholarCross Ref
Christopher J. Anderson. 2003. The psychology of doing nothing: Forms of decision avoidance result from reason and emotion. Psychol. Bull. 129, 1 (2003), 139--167. Google ScholarCross Ref
Ross Anderson. 2001. Why information security is hard: An economic perspective. In Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC’01). IEEE, New York, NY, 358--365. Google ScholarCross Ref
Ross Anderson, Chris Barton, Rainer Böhme, Richard Clayton, Michel van Eeten, Michael Levi, Tyler Moore, and Stefan Savage. 2013. Measuring the cost of cybercrime. In The Economics of Information Security and Privacy. Springer-Verlag, Berlin, 265--300. Google ScholarCross Ref
Julia Angwin. 2012. Microsoft’s “Do Not Track” Move Angers Advertising Industry. Wall Street Journal Blog (2012). Retrieved from http://blogs.wsj.com/digits/2012/05/31/microsofts-do-not-track-move-angers-advertising-industry/.Google Scholar
Apple Inc. 2014. Mac Basics: Time Machine backs up your Mac (2014). Retrieved from http://support.apple.com/kb/ht1427.Google Scholar
Dan Ariely, George Loewenstein, and Drazen Prelec. 2003. “Coherent arbitrariness”: Stable demand curves without stable preferences. Quarter. J. Econ. 118, 1 (2003), 73--106. Google ScholarCross Ref
Rebecca Balebako, Pedro G. Leon, Hazim Almuhimedi, Patrick Gage Kelley, Jonathan Mugan, Alessandro Acquisti, Lorrie Faith Cranor, and Norman Sadeh. 2011. Nudging users towards privacy on mobile devices. In Proceedings of the CHI 2011 Workshop on Persuasion, Nudge, Influence and Coercion. ACM, 1--4.Google Scholar
Rebecca Balebako, Florian Schaub, Idris Adjerid, Alessandro Acquisti, and Lorrie Cranor. 2015. The impact of timing on the salience of smartphone app privacy notices. In Proceedings of the CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM’15). ACM, New York, NY, 63--74. Google ScholarDigital Library
Scott Beaulier and Bryan Caplan. 2007. Behavioral economics and perverse effects of the welfare state. Kyklos 60, 4 (2007), 485--507. Google ScholarCross Ref
Gary S. Becker. 1976. The Economic Approach to Human Behavior. University of Chicago Press, Chicago, IL.Google Scholar
Omri Ben-Shahar and Carl E. Schneider. 2010. The failure of mandated discourse. U. Pa. Law Rev. 159, 3 (2010, 647).Google Scholar
John Beshears, James J. Choi, David Laibson, and Brigitte C. Madrian. 2009. The importance of default options for retirement saving outcomes: Evidence from the united states. In Social Security Policy in a Changing Environment. University of Chicago Press, Chicago, IL, USA, 167--195. Google ScholarCross Ref
Andrew Besmer and Heather Richter Lipford. 2010. Moving beyond untagging: Photo privacy in a tagged world. In Proceedings of the Conference on Human Factors in Computing Systems (CHI’10). ACM, 1563--1572. Google ScholarDigital Library
Andrew Besmer, Jason Watson, and Heather Richter Lipford. 2010. The impact of social navigation on privacy policy configuration. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS’10). ACM, 1--10. Google ScholarDigital Library
Matt Bishop. 2000. Education in information security. IEEE Concurr. 8, 4 (2000), 4--8. Google ScholarDigital Library
Garrick Blalock, Vrinda Kadiyali, and Daniel H. Simon. 2007. The impact of post-9/11 airport security measures on the demand for air travel. J. Law Econ. 50, 4 (2007), 731--755. Google ScholarCross Ref
Christoph Bösch, Benjamin Erb, Frank Kargl, Henning Kopp, and Stefan Pfattheicher. 2016. Tales from the dark side: Privacy dark strategies and privacy dark patterns. Proceedings of the Privacy Enhancing Technologies, 4 (2016), 237--254. Google ScholarCross Ref
Luc Bovens. 2009. The ethics of nudge. In Preference Change: Approaches from Philosophy, Economics and Psychology, Till Grne-Yanoff and S. O. Hansson, (Eds.). Springer, Berlin, 207--220. Google ScholarCross Ref
Laura Brandimarte, Alessandro Acquisti, and George Loewenstein. 2013. Misplaced confidences: Privacy and the control paradox. Soc. Psychol. Personal. Sci. 4, 3 (2013), 340--347. Google ScholarCross Ref
Alex Braunstein, Laura Granka, and Jessica Staddon. 2011. Indirect content privacy surveys: Measuring privacy without asking about it. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS’11). ACM, 1--14. Google ScholarDigital Library
Cristian Bravo-Lillo, Saranga Komanduri, Lorrie Faith Cranor, Robert W. Reeder, Manya Sleeper, Julie Downs, and Stuart Schechter. 2013. Your attention please: Designing security-decision UIs to make genuine risks harder to ignore. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS’13). ACM, 1--12. Google ScholarDigital Library
Patricia C. Brennan, Poornima Madhavan, Cleotilde Gonzalez, and Frank C. Lacson. 2009. The impact of performance incentives during training on transfer of learning. Proc. Hum. Fact. Ergon. Soc. Ann. Meet. 53, 26 (2009), 1979--1983.Google Scholar
José Carlos Brustoloni and Ricardo Villamarín-Salomón. 2007. Improving security decisions with polymorphic and audited dialogs. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS’07). ACM, 76--85. Google ScholarDigital Library
Frank H. Buckley. 2005. Perfectionism. Supr. Court Econ. Rev. 13 (2005), 133--163. Google ScholarCross Ref
Federico Cabitza and Marco Loregian. 2008. Much undo about nothing?: Investigating why email retraction is less popular than apologizing. In Proceedings of the Nordic Conference on HCI (NordiCHI’08). ACM, 431--434. Google ScholarDigital Library
Ryan Calo. 2010. The boundaries of privacy harm. Ind. Law J. 86, 3 (2010), 1--31.Google Scholar
Ryan Calo. 2012. Against notice skepticism in privacy (and elsewhere). Notre Dame Law Rev. 87, 3 (2012), 1027--1072.Google Scholar
Colin Camerer, Samuel Issacharoff, George Loewenstein, Ted O’Donoghue, and Matthew Rabin. 2003. Regulation for conservatives: Behavioral economics and the case for ‘asymmetric paternalism’. U. Penn. Law Rev. 151, 3 (2003), 1211--1254. Google ScholarCross Ref
Colin F. Camerer, George Loewenstein, and Matthew Rabin. 2011. Advances in Behavioral Economics. Princeton University Press, Princeton, NJ, USA.Google Scholar
Ann Cavoukian. 2009. Privacy by Design: Take the Challenge. Information and Privacy Commissioner of Ontario, Canada, Toronto, ON, Canada. Retrieved from http://privacybydesign.ca.Google Scholar
Daphne Chang, Erin L. Krupka, Eytan Adar, and Alessandro Acquisti. 2016. Engineering information disclosure: Norm shaping designs. In Proceedings of the Conference on Human Factors in Computing Systems (CHI’16). ACM, 587--597. Google ScholarDigital Library
Avi Charkham. 2012. 5 design tricks Facebook uses to affect your privacy decisions. TechCrunch. (Aug. 2012). Retrieved from https://techcrunch.com/2012/08/25/5-design-tricks-facebook-uses-to-affect-your-privacy-decisions/.Google Scholar
Sonia Chiasson, Alain Forget, Robert Biddle, and Paul C. van Oorschot. 2008. Influencing users towards better passwords: Persuasive cued click-points. In Proceedings of the 22nd British HCI Group Annual Conference on People and Computers. British Computer Society, Swinton, UK, 121--130.Google Scholar
James J. Choi, David Laibson, Brigitte Madrian, and Andrew Metrick. 2004. For better or for worse: Default effects and 401(K) savings behavior. In Perspectives on the Economics of Aging, David Wise (Ed.). University of Chicago Press, Chicago, IL, 81--121. Google ScholarCross Ref
Brian Christian. 2012. The A/B test: Inside the technology that’s changing the rules of business. Wired (April 2012). Retrieved from http://www.wired.com/business/2012/04/ff_abtesting/.Google Scholar
Nicolas Christin, Serge Egelman, Timothy Vidas, and Jens Grossklags. 2012. It’s all about the Benjamins: An empirical study on incentivizing users to ignore security advice. In Proceedings of the Conference on Financial Cryptography and Data Security (FC’12). Springer-Verlag, Berlin, 16--30. Google ScholarDigital Library
Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman, Kevin Xu, and Matt Blaze. 2011. Why (special agent) Johnny (still) can’t encrypt: A security analysis of the APCO Project 25 two-way radio system. In Proceedings of the USENIX Security Symposium. USENIX Association, Berkeley, CA.Google Scholar
Sunny Consolvo, Katherine Everitt, Ian Smith, and James A. Landay. 2006. Design requirements for technologies that encourage physical activity. In Proceedings of the Conference on Human Factors in Computing Systems (CHI’06). ACM, 457--466. Google ScholarDigital Library
Lorrie Faith Cranor and Simson Garfinkel. 2005. Security and Usability: Designing Secure Systems that People Can Use. O’Reilly Media, Inc., Sebastopol, CA.Google Scholar
Lorrie Faith Cranor, Praveen Guduru, and Manjula Arjula. 2006. User interfaces for privacy agents. ACM Trans. Comput.-Hum. Interact. (TOCHI) 13, 2 (2006), 135--178.Google ScholarDigital Library
Paul Curzon and Ann Blandford. 2004. Formally justifying user-centred design rules: A case study on post-completion errors. In Proceedings of the 4th International Conference on Integrated Formal Methods. Springer, 461--480. Google ScholarCross Ref
Nikhil Dhingra, Zach Gorn, Andrew Kener, and Jason Dana. 2012. The default pull: An experimental demonstration of subtle default effects on preferences. Judgm. Decis. Mak. 7, 1 (2012), 69--76.Google Scholar
Isaac Dinner, Eric J. Johnson, Daniel G. Goldstein, and Kaiya Liu. 2011. Partitioning default effects: Why people choose not to choose. J. Exper. Psychol.: Appl. 17, 4 (2011), 332--341. Google ScholarCross Ref
Paul Dolan, Michael Hallsworth, David Halpern, D. King, R. Metcalfe, and Ivo Vlaev. 2012. Influencing behaviour: The mindspace way. J. Econ. Psychol. 33, 1 (2012), 264--277. Google ScholarCross Ref
Julie S. Downs, George Loewenstein, and Jessica Wisdom. 2009. Strategies for promoting healthier food choices. Amer. Econ. Rev. 99, 2 (2009), 159--164. Google ScholarCross Ref
Andreas C. Drichoutis, Panagiotis Lazaridis, and Rodolfo M. Nayga. 2006. Consumers’ use of nutritional labels: A review of research studies and issues. Acad. Market. Sci. Rev. 10, 9 (2006), 1--25.Google Scholar
Serge Egelman, David Molnar, Nicolas Christin, Alessandro Acquisti, Cormac Herley, and Shriram Krishnamurthi. 2010. Please continue to hold: An empirical study on user tolerance of security delays. In Proceedings of the Workshop on the Economics of Information Security (WEIS’10).Google Scholar
Serge Egelman, Adrienne Porter Felt, and David Wagner. 2013. Choice architecture and smartphone privacy: There’s a price for that. In The Economics of Information Security. Springer, 211--236. Google ScholarCross Ref
Serge Egelman and Eyal Peer. 2015. The myth of the average user: Improving privacy and security systems through individualization. In Proceedings of the 2015 New Security Paradigms Workshop. ACM, 16--28. Google ScholarDigital Library
Serge Egelman, Janice Tsai, Lorrie Faith Cranor, and Alessandro Acquisti. 2009. Timing is everything?: The effects of timing and placement of online privacy indicators. In Proceedings of the 27th International Conference on Human Factors in Computing Systems (CHI’09). ACM, New York, NY, 319--328. Google ScholarDigital Library
Lujun Fang and Kristen LeFevre. 2010. Privacy wizards for social networking sites. In Proceedings of the 19th International Conference on World Wide Web (WWW’10). ACM, New York, NY, 351--360. Google ScholarDigital Library
Federal Register. 2004. 16 Code of Federal Regulation Part 429. Retrieved from http://www.archives.gov/federal-register/cfr/subject-title-16.html (2004).Google Scholar
Financial Consumer Agency of Canada. 2014. Credit Card Selector Tool. Retrieved from http://itools-ioutils.fcac-acfc.gc.ca/stcv-osvc/ccst-oscc-eng.aspx (April 2014).Google Scholar
Baruch Fischoff. 1981. Debiasing. Technical Report. DTIC Document. Google ScholarCross Ref
Myron F. Floyd, Heather Gibson, Lori Pennington-Gray, and Brijesh Thapa. 2004. The effect of risk perceptions on intentions to travel in the aftermath of September 11, 2001. J. Trav. Tour. Market. 15, 2--3 (2004), 19--38.Google Scholar
B. J. Fogg. 2002. Persuasive Technology (1st ed.). Morgan Kaufmann, Burlington, MA.Google Scholar
Shane Frederick, George Loewenstein, and Ted O’Donoghue. 2002. Time discounting and time preference: A critical review. J. Econ. Lit. 40, 2 (2002), 351--401. Google ScholarCross Ref
Milton Friedman and Leonard J. Savage. 1948. The utility analysis of choices involving risk. J. Pol. Econ. 56, 4 (1948), 279--304. Google ScholarCross Ref
Bo Gao, Bettina Berendt, Dave Clarke, Ralf De Wolf, Thomas Peetz, Jo Pierson, and Rula Sayaf. 2012. Interactive grouping of friends in OSN: Towards online context management. In Proceedings of the International Conference on Data Mining Workshops. IEEE, 555--562. Google ScholarDigital Library
Simson Garfinkel and Heather Richter Lipford. 2014. Usable security: History, themes, and challenges. Synth. Lect. Info. Sec. Priv. Trust 5, 2 (2014), 1--124. Google ScholarCross Ref
Gartner Group. 2014. Magic Quadrant for Security Awareness Computer-based Training Vendors. Technical Report. Gartner Group.Google Scholar
Edward L. Glaeser. 2005. Paternalism and Psychology. NBER Working Paper No. 11789. National Bureau of Economic Research.Google Scholar
Jeremy Goecks and Elizabeth Mynatt. 2005. Social approaches to end-user privacy management. In Security and Usability: Designing Secure Systems that People can use, L. F. Cranor and S. Garfinkel (Eds.). O’Reilly, Sebastopol, CA, 523--547.Google Scholar
Daniel G. Goldstein, Eric J. Johnson, Andreas Herrmann, and Mark Heitmann. 2008. Nudge your customers toward better choices. Harv. Bus. Rev. 86, 12 (2008), 99--105.Google Scholar
Nathaniel S. Good, Jens Grossklags, Deirdre K. Mulligan, and Joseph A. Konstan. 2007. Noticing notice: A large-scale experiment on the timing of software license agreements. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI’07). ACM, New York, NY, 607--616. Google ScholarDigital Library
Nathaniel S. Good, Jens Grossklags, David Thaw, Aaron Perzanowski, Deirdre K. Mulligan, and Joseph A. Konstan. 2006. User choices and regret: Understanding users’ decision process about consensually acquired spyware. I/S: J. LawPolicy 2, 2 (2006), 283--344.Google Scholar
Connor Graham, Peter Benda, Steve Howard, James Balmford, Nicole Bishop, and Ron Borland. 2006. Heh—keeps me off the smokes&ldot;: Probing technology support for personal change. In Proceedings of the 18th Australia Conference on Computer-Human Interaction (OzCHI’06). ACM, New York, NY, 221--228.Google Scholar
Victoria Groom and Ryan Calo. 2011. Reversing the privacy paradox: An experimental study. Available at SSRN 1993125 (2011).Google Scholar
Jens Grossklags and Alessandro Acquisti. 2007. When 25 cents is too much: An experiment on willingness-to-sell and willingness-to-protect personal information. In Proceedings of the Workshop on the Economics of Information Security (WEIS’07). 1--22.Google Scholar
Jens Grossklags, Benjamin Johnson, and Nicolas Christin. 2010. When information improves information security. In Proceedings of the International Conference on Financial Cryptography and Data Security (FC’10). Springer, 416--423. Google ScholarDigital Library
Scott D. Halpern, Peter A. Ubel, and David A. Asch. 2007. Harnessing the power of default options to improve health care. New Engl. J. Med. 357 (2007), 1340--1344. Google ScholarCross Ref
Pelle Guldborg Hansen. 2012. Nudging traffic safety by visual illusions. iNudgeYou. (2012). Retrieved from http://inudgeyou.com/en/archives/504.Google Scholar
Pelle Guldborg Hansen. 2016. The definition of nudge and libertarian paternalism: Does the hand fit the glove?. Eur. J. Risk Reg. 7, 1 (2016), 155--174. Google ScholarCross Ref
Marian Harbach, Markus Hettig, Susanne Weber, and Matthew Smith. 2014. Using personal examples to improve risk communication for security 8 privacy decisions. In Proceedings of the 32nd Annual ACM Conference on Human Factors in Computing Systems. ACM, 2647--2656. Google ScholarDigital Library
Tejaswini Herath and H. Raghav Rao. 2009. Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness. Decis. Supp. Syst. 47, 2 (2009), 154--165. Google ScholarDigital Library
Cormac Herley. 2009. So long, and no thanks for the externalities: The rational rejection of security advice by users. In Proceedings of the Workshop on New Security Paradigms (NSPW’09). ACM, New York, NY, 133--144. Google ScholarDigital Library
Donna L. Hoffman and Thomas P. Novak. 1997. A new marketing paradigm for electronic commerce. Info. Soc.: Int. J. 13, 1 (1997), 43--54. Google ScholarCross Ref
Chris Hoofnagle and Jennifer King. 2008. What Californians understand about privacy online. Available at SSRN 1262130 (2008), 1--33. Google ScholarCross Ref
Leonie Huddy, Stanley Feldman, Gallya Lahav, and Charles Taber. 2003. Fear and terrorism: Psychological reactions to 9/11. In Framing Terrorism: The News Media, the Government and the Public, Pippa Norris, Montague Kern, and Marion Just (Eds.). Routeledge, New York, NY, USA, 255--278.Google Scholar
Giovanni Iachello, Ian Smith, Sunny Consolvo, Mike Chen, and Gregory D. Abowd. 2005. Developing privacy guidelines for social location disclosure applications and services. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS’05). ACM, New York, NY, 65--76. Google ScholarDigital Library
Lukasz Jedrzejczyk, Blaine A. Price, Arosha K. Bandara, and Bashar Nuseibeh. 2010. On the impact of real-time feedback on users’ behaviour in mobile location-sharing applications. In Proceedings of the 6th Symposium on Usable Privacy and Security (SOUPS’10). ACM, New York, NY, 1--12. Google ScholarDigital Library
Nicola Jentzsch, Sören Preibusch, and Andreas Harasser. 2012. Study on Monetising Privacy: An Economic Model for Pricing Personal Information. European Union Agency for Network and Inf. Sec. (ENISA).Google Scholar
Leslie K. John, Alessandro Acquisti, and George Loewenstein. 2011. Strangers on a plane: Context-dependent willingness to divulge sensitive information. J. Consum. Res. 37, 5 (2011), 858--873. Google ScholarCross Ref
Eric J. Johnson and Daniel G. Goldstein. 2004. Defaults and donation decisions. Transplantation 78, 12 (2004), 1713--1716. Google ScholarCross Ref
Eric J. Johnson, Suzanne B. Shu, Benedict G. C. Dellaert, Craig Fox, Daniel G. Goldstein, Gerald Häubl, Richard P. Larrick, John W. Payne, Ellen Peters, David Schkade, Brian Wansink, and Elke U. Weber. 2012. Beyond nudges: Tools of a choice architecture. Market. Lett. 23, 2 (2012), 487--504. Google ScholarCross Ref
Daniel Kahneman, Jack L. Knetsch, and Richard H. Thaler. 1990. Experimental tests of the endowment effect and the Coase theorem. J. Pol. Econ. 98, 6 (1990), 1325--1348. Google ScholarCross Ref
Daniel Kahneman, Jack L. Knetsch, and Richard H. Thaler. 1991. Anomalies: The endowment effect, loss aversion, and status quo bias. J. Econ. Perspec. 5, 1 (1991), 193--206. Google ScholarCross Ref
Daniel Kahneman and Dale T. Miller. 1986. Norm theory: Comparing reality to its alternatives. Psychol. Rev. 93, 2 (1986), 136--153. Google ScholarCross Ref
Daniel Kahneman and Amos Tversky. 1979. Prospect theory: An analysis of decision under risk. Econometrica 47, 2 (1979), 263--291. Google ScholarCross Ref
Patrick Gage Kelley, Lucian Cesca, Joanna Bresee, and Lorrie Faith Cranor. 2010. Standardizing privacy notices: An online study of the nutrition label approach. In Proceedings of the Conference on Human Factors in Computing Systems (CHI’10). ACM, 1573--1582. Google ScholarDigital Library
Patrick Gage Kelley, Lorrie Faith Cranor, and Norman Sadeh. 2013. Privacy as part of the app decision-making process. In Proceedings of the Conference on Human Factors in Computing Systems (CHI’13). ACM, 3393--3402. Google ScholarDigital Library
Saranga Komanduri, Richard Shay, Lorrie Faith Cranor, Cormac Herley, and Stuart Schechter. 2014. Telepathwords: Preventing weak passwords by reading Users minds. In Proceedings of the 23rd USENIX Security Symposium. USENIX Association, Berkeley, CA, 591--606.Google Scholar
Ulrich König and Jan Schallaböck. 2011. Privacy preferences for e-mail messages. IETF draft (2011). Retrieved from http://tools.ietf.org/html/draft-koenig-privicons-01.Google Scholar
Bastian Könings, David Piendl, Florian Schaub, and Michael Weber. 2011. PrivacyJudge: Effective privacy controls for online published information. In Proceedings of the Conference on Privacy, Security, Risk and Trust (PASSAT’11). IEEE, 935--941. Google ScholarCross Ref
Bastian Könings, Sebastian Thoma, Florian Schaub, and Michael Weber. 2014. PriPref broadcaster: Enabling users to broadcast privacy preferences in their physical proximity. In Proceedings of the 13th International Conference on Mobile and Ubiquitous Multimedia (MUM’14). ACM, New York, NY, USA, 133--142. Google ScholarDigital Library
Ponnurangam Kumaraguru, Yong Rhee, Alessandro Acquisti, Lorrie Faith Cranor, Jason Hong, and Elizabeth Nunge. 2007. Protecting people from phishing: The design and evaluation of an embedded training email system. In Proceedings of the Conference on Human Factors in Computing Systems (CHI’07). ACM, 905--914. Google ScholarDigital Library
Yee-Lin Lai and Kai-Lung Hui. 2006. Internet opt-in and opt-out: Investigating the roles of frames, defaults and privacy concerns. In Proceedings of the Conference on Computer Personnel Research (CPR’06). ACM, 253--263. Google ScholarDigital Library
David Laibson. 1997. Golden eggs and hyperbolic discounting. Quart. J. Econ. 112, 2 (1997), 443--478. Google ScholarCross Ref
Marc Langheinrich. 2002. A privacy awareness system for ubiquitous computing environments. In Proceedings of the Conference on Ubiquitous Computing (UbiComp’02). Springer-Verlag, London, 237--245. Google ScholarCross Ref
Robert S. Laufer and Maxine Wolfe. 1977. Privacy as a concept and a social issue: A multidimensional developmental theory. J. Soc. Issues 33, 3 (1977), 22--42. Google ScholarCross Ref
Scott Lederer, Jason I. Hong, Anind K. Dey, and James A. Landay. 2004. Personal privacy through understanding and action: Five pitfalls for designers. Person. Ubiq. Comp. 8, 6 (2004), 440--454.Google ScholarCross Ref
Pedro Giovanni Leon, Blase Ur, Rebecca Balebako, Lorrie Faith Cranor, Richard Shay, and Yang Wang. 2012. Why Johnny can’t opt out: A usability evaluation of tools to limit online behavioral advertising. In Proceedings of the Conference on Human Factors in Computing Systems (CHI’12). ACM, 589--598. Google ScholarDigital Library
Irwin P. Levin, Sandra L. Schneider, and Gary J. Gaeth. 1998. All frames are not created equal: A typology and critical analysis of framing effects. Organ. Behav. Hum. Dec. 76, 2 (1998), 149--188.Google ScholarCross Ref
Han Li, Rathindra Sarathy, and Heng Xu. 2011. The role of affect and cognition on online consumers’ decision to disclose personal information to unfamiliar online vendors. Decis. Support Syst. 51, 3 (2011), 434--445. Google ScholarDigital Library
Han Li, Rathindra Sarathy, and Jie Zhang. 2008. The role of emotions in shaping consumers’ privacy beliefs about unfamiliar online vendors. J. Info. Priv. Sec. 4, 3 (2008), 36--62. Google ScholarCross Ref
Simon Y. W. Li, Ann Blandford, Paul Cairns, and Richard M. Young. 2005. Post-completion errors in problem solving. In Proceedings of the 27th Annual Conference of the Cognitive Science Society. 1--6.Google Scholar
Sarah Lichtenstein, Baruch Fischhoff, and Lawrence D. Phillips. 1982. Calibration of probabilities: The state of the art to 1980. In Judgment Under Uncertainty: Heuristics and Biases, Daniel Kahneman, Paul Slovic, and Amos Tversky, (Eds.). Cambridge University Press, UK, 306--334. Google ScholarCross Ref
Assar Lindbeck. 1997. Incentices and social norms in household behavior. Am. Econ. Rev. 87, 2 (1997), 370--377.Google Scholar
Janne Lindqvist, Justin Cranshaw, Jason Wiese, Jason Hong, and John Zimmerman. 2011. I’m the mayor of my house: Examining why people use foursquare—a social-driven location sharing application. In Proceedings of the Conf. Human Factors in Computing Systems (CHI’11). ACM, 2409--2418. Google ScholarDigital Library
Bin Liu, Mads Schaarup Andersen, Florian Schaub, Hazim Almuhimedi, Shikun Zhang, Norman Sadeh, Alessandro Acquisti, and Yuvraj Agarwal. 2016. Follow my recommendations: A personalized privacy assistant for mobile app permissions. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS’16). USENIX Association, Denver, CO, 27--41.Google Scholar
George Loewenstein and Emily Celia Haisley. 2007. The economist as therapist: Methodological ramifications of ’light’ paternalism. Available at SSRN 962472 (2007), 1--50. Google ScholarCross Ref
George Loewenstein and Drazen Prelec. 1992. Anomalies in intertemporal choice: Evidence and an interpretation. Quart. J. Econ. 107, 2 (1992), 573--597. Google ScholarCross Ref
Marco Loregian and Marco P. Locatelli. 2008. An experimental analysis of undo in ubiquitous computing environments. In Proceedings of the Conference on Ubiquitous Intelligence and Computing. Springer, 505--519. Google ScholarDigital Library
Kim Ly, Nina Mazăr, Min Zhao, and Dilip Soman. 2013. A practiotioner’s guide to nudging. Rotman School of Management. University of Toronto. (March 2013).Google Scholar
Wendy E. Mackay. 1991. Triggers and barriers to customizing software. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI’91). ACM, New York, NY, 153--160. Google ScholarDigital Library
Brigitte C. Madrian and Dennis F. Shea. 2001. The power of suggestion: Inertia in 401(K) participation and savings behavior. Quart. J. Econ. 116, 4 (2001), 1149--1187. Google ScholarCross Ref
Alessandra Mazzia, Kristen LeFevre, and Eytan Adar. 2012. The PViz comprehension tool for social network privacy settings. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS’12). ACM, 1--12. Google ScholarDigital Library
Aleecia M. McDonald and Lorrie Faith Cranor. 2008. The cost of reading privacy policies. I/S: J. Law Policy 4, 3 (2008), 540--565.Google Scholar
Miriam J. Metzger. 2006. Effects of site, vendor, and consumer characteristics on web site trust and disclosure. Commun. Res. 33, 3 (2006), 155--179. Google ScholarCross Ref
Microsoft. 2008. Privacy guidelines for developing software products and services (2008).Google Scholar
Microsoft. 2014. What are the system recovery options in Windows? (2014). Retrieved from http://windows.microsoft.com/en-us/windows/what-are-system-recovery-options.Google Scholar
Tyler Moore and Ross Anderson. 2011. Economics and Internet Security: A Survey of Recent Analytical, Empirical and Behavioral Research. Tech. Rep. TR-03-11. Dept. Computer Science, Harvard Univ.Google Scholar
M. Granger Morgan and Max Henrion. 1992. Uncertainty: A Guide to Dealing with Uncertainty in Quantitative Risk and Policy Analysis. Cambridge University Press, New York, NY.Google Scholar
Maggie Mullane and Steven Sheffrin. 2012. Regulatory Nudges in Practice. White paper. Department of Economics and Murphy Institute, Tulane University.Google Scholar
Donald A. Norman. 2013. The Design of Everyday Things: Revised and Expanded. Basic Books, New York.Google Scholar
Joon S. Park, Kevin A. Kwiat, Charles A. Kamhoua, Jonathan White, and Sookyung Kim. 2014. Trusted online social network (OSN) services with optimal data management. Comput. Secur. 42 (2014), 116--136. Google ScholarCross Ref
Sameer Patil, Xinru Page, and Alfred Kobsa. 2011. With a little help from my friends: Can social navigation inform interpersonal privacy preferences? In Proceedings of the Conference on Computer Supported Cooperative Work (CSCW’11). ACM, 391--394. Google ScholarDigital Library
Andrew S. Patrick and Steve Kenny. 2003. From privacy legislation to interface design: Implementing information privacy in human-computer interactions. In Proceedings of the Workshop on Privacy Enhancing Technology (PET’03). Springer, 107--124. Google ScholarCross Ref
Eyal Pe’er. 2011. The time-saving bias, speed choices and driving behavior. Transport. Res. Part F: Traffic Psychol. Behav. 14, 6 (2011), 543--554. Google ScholarCross Ref
Pennsylvania Department of Transportation. 2013. PA Driver’s manual. Chapter 3—Learning to drive. (March 2013).Google Scholar
Jon Perlow. 2008. New in Labs: Stop sending mail you later regret. Official Gmail Blog (October 2008). Retrieved from http://gmailblog.blogspot.com/2008/10/new-in-labs-stop-sending-mail-you-later.html.Google Scholar
John E. Petersen, Vladislav Shunturov, Kathryn Janda, Gavin Platt, and Kate Weinberger. 2007. Dormitory residents reduce electricity consumption when exposed to real-time visual feedback and incentives. Int. J. Sustain. Higher Edu. 8, 1 (2007), 16--33. Google ScholarCross Ref
Pew Research Internet Project. 2013. Anonymity, Privacy, and Security Online. Retrieved from http://www.pewinternet.org/2013/09/05/anonymity-privacy-and-security-online/(September 2013).Google Scholar
Richard A. Posner. 1978. The right of privacy. Georgia Law Rev. 12, 3 (1978), 393--422.Google Scholar
Richard A. Posner. 1981. The economics of privacy. Amer. Econ. Rev. 71, 2 (1981), 405--509.Google Scholar
Matthew Rabin. 1998. Psychology and economics. J. Econ. Lit. 36, 1 (1998), 11--46.Google Scholar
Mika Raento and Antti Oulasvirta. 2005. Privacy management for social awareness applications. In Proceedings of the Workshop on Context Awareness for Proactive Systems. 105--114.Google Scholar
Fahimeh Raja, Kirstie Hawkey, Steven Hsu, Kai-Le Clement Wang, and Konstantin Beznosov. 2011. A brick wall, a locked door, and a bandit: A physical security metaphor for firewall warnings. In Proceedings of the 7th Symposium on Usable Privacy and Security (SOUPS’11). ACM, New York, NY, 1--20. Google ScholarDigital Library
Norman Sadeh, Jason Hong, Lorrie Faith Cranor, Ian Fette, Patrick Gage Kelley, Madhu Prabaker, and Jinghai Rao. 2009. Understanding and capturing people’s privacy policies in a mobile social networking application. Person. Ubiq. Comput. 13, 6 (2009), 401--412. Google ScholarDigital Library
M. Angela Sasse, Sacha Brostoff, and Dirk Weirich. 2001. Transforming the “weakest link”: A human/computer interaction approach to usable and effective security. BT Technol. J. 19, 3 (2001), 122--131. Google ScholarDigital Library
Florian Schaub, Rebecca Balebako, Adam L. Durity, and Lorrie Faith Cranor. 2015. A design space for effective privacy notices. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS’15). USENIX Association.Google Scholar
Stuart E. Schechter, Rachna Dhamija, Andy Ozment, and Ian Fischer. 2007. The emperor’s new security indicators. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, New York, NY, 51--65. Google ScholarDigital Library
Bruce Schneier. 2007. The psychology of security. Commun. ACM 50, 5 (2007), 128.Google ScholarDigital Library
Katarina Segerstahl and Harri Oinas-Kukkonen. 2007. Distributed user experience in persuasive technology environments. In Proceedings of the 2nd International Conference on Persuasive Technology. Springer, 80--91. Google ScholarCross Ref
Evan Selinger and Kyle Whyte. 2011. Is there a right way to nudge? The practice and ethics of choice architecture. Sociol. Compass 5, 10 (2011), 923--935. Google ScholarCross Ref
Jesse M. Shapiro. 2005. Is there a daily discount rate? Evidence from the food stamp nutrition cycle. J. Public Econ. 89, 2 (2005), 303--325. Google ScholarCross Ref
David Sharek, Cameron Swofford, and Michael Wogalter. 2008. Failure to recognize fake internet popup warning messages. Proceedings of the Human Factors and Erg. Society Ann. Meeting 52, 6 (2008), 557--560.Google ScholarCross Ref
Fuming Shih, Ilaria Liccardi, and Daniel J. Weitzner. 2015. Privacy tipping points in smartphones privacy preferences. In Proceedings of the Conference on Human Factors in Computing Systems (CHI’15). ACM, 807--816. Google ScholarDigital Library
Katie Shilton, Jeffrey A. Burke, Deborah Estrin, Mark Hansen, and Mani Srivastava. 2008. Participatory Privacy in Urban Sensing. Technical Report. Center for Embedded Network Sensing.Google Scholar
Adam Shostack. 2003. Paying for privacy: Consumers and infrastructures. In Proceedings of the 2nd Annual Workshop on Economics and Information Security.Google Scholar
Herbert A. Simon. 1957. Models of Man, Social and Rational: Mathematical Essays on Rational Human Behavior in a Social Setting. Wiley, New York, NY, USA.Google Scholar
Herbert A Simon. 1982. Models of Bounded Rationality: Empirically Grounded Economic Reason. MIT Press.Google Scholar
Manya Sleeper, Justin Cranshaw, Patrick Gage Kelley, Blase Ur, Alessandro Acquisti, Lorrie Faith Cranor, and Norman Sadeh. 2013. “I read my Twitter the next morning and was astonished”: A conversational perspective on Twitter regrets. In Proceedings of the Conference on Human Factors in Computimg Systems (CHI’13). ACM, 3277--3286. Google ScholarDigital Library
H. Jeff Smith, Tamara Dinev, and Heng Xu. 2011. Information privacy research: An interdisciplinary review. MIS Quart. 35, 4 (2011), 989--1015.Google ScholarDigital Library
Sarah Spiekermann, Jens Grossklags, and Bettina Berendt. 2001. E-privacy in 2nd generation e-commerce: Privacy preferences versus actual behavior. In Proceedings of the Conference on Electronic Commerce (EC’01). ACM, 38--47. Google ScholarDigital Library
Frank Stajano and Paul Wilson. 2011. Understanding scam victims: Seven principles for systems security. Commun. ACM 54, 3 (March 2011), 70--75. Google ScholarDigital Library
George J. Stigler. 1980. An introduction to privacy in economics and politics. J. Legal Stud. 9, 4 (1980), 623--644. Google ScholarCross Ref
Fred Stutzman, Ralph Gross, and Alessandro Acquisti. 2013. Silent listeners: The evolution of privacy and disclosure on Facebook. J. Priv. Confident. 4, 2 (2013), 7--41.Google Scholar
Cass R. Sunstein. 2012. The Storrs Lectures: Behavioral economics and paternalism. Yale Law J. 122, 7 (2012), 1826. Google ScholarCross Ref
Joshua Tan, Khanh Nguyen, Michael Theodorides, Heidi Negrón-Arroyo, Christopher Thompson, Serge Egelman, and David Wagner. 2014. The effect of developer-specified explanations for permission requests on smartphone user behavior. In Proceedings of the Conference on Human Factors in Computing Systems (CHI’14). ACM, 91--100. Google ScholarDigital Library
David G. Taylor, Donna F. Davis, and Ravi Jillapalli. 2009. Privacy concern and online personalization: The moderating effects of information control and compensation. Electr. Commer. Res. 9, 3 (2009), 203--223. Google ScholarDigital Library
Humphrey Taylor. 2003. Most People are “Privacy Pragmatists” Who, While Concerned about Privacy, will Sometimes Trade it off for Other Benefits. Technical Report. Harris Interactive.Google Scholar
Tennessee Department of Transportation. 2014. Tennessee Highway Fatalities. Retrieved from http://www.tdot.state.tn.us/ghso/thf.htm (June 2014).Google Scholar
Richard H. Thaler. 1981. Some empirical evidence on dynamic inconsistency. Econ. Lett. 8, 3 (1981), 201--207. Google ScholarCross Ref
Richard H. Thaler and Cass R. Sunstein. 2008. Nudge: Improving Decisions About Health, Wealth, and Happiness. Yale University Press, New Haven, CT.Google Scholar
Janice Y. Tsai, Serge Egelman, Lorrie Faith Cranor, and Alessandro Acquisti. 2011. The effect of online privacy information on purchasing behavior: An experimental study. Info. Syst. Res. 22, 2 (2011), 254--268. Google ScholarDigital Library
Janice Y. Tsai, Patrick Gage Kelley, Paul Drielsma, Lorrie Faith Cranor, Jason Hong, and Norman Sadeh. 2009. Who’s viewed you?: The impact of feedback in a mobile location-sharing application. In Proceedings of the Conference on Human Factors in Computing Systems (CHI’09). ACM, 2003--2012. Google ScholarDigital Library
Amos Tversky and Daniel Kahneman. 1975. Judgment under uncertainty: Heuristics and biases. In Utility, Probability, and Human Decision Making, Dirk Wendt and Charles Vlek (Eds.). Springer, 141--162. Google ScholarCross Ref
Amos Tversky and Daniel Kahneman. 1981. The framing of decisions and the psychology of choice. Science 211, 4481 (1981), 453--458. Google ScholarCross Ref
Blase Ur, Patrick Gage Kelley, Saranga Komanduri, Joel Lee, Michael Maass, Michelle Mazurek, Timothy Passaro, Richard Shay, Timothy Vidas, Lujo Bauer, Nicholas Christin, and Lorrie Faith Cranor. 2012a. How does your password measure up? The effect of strength meters on password creation. In Proceedings of the USENIX Security Symposium. USENIX Association, Berkeley, CA, 1--16.Google Scholar
Blase Ur, Pedro Giovanni Leon, Lorrie Faith Cranor, Richard Shay, and Yang Wang. 2012b. Smart, useful, scary, creepy: Perceptions of online behavioral advertising. In Proceedings of the 8th Symposium on Usable Privacy and Security (SOUPS’12). ACM, New York, NY, 1--15. Google ScholarDigital Library
Hal R. Varian. 1996. Economic aspects of personal privacy. In Privacy and Self-regulation in the Information Age. U.S. Department of Commerce.Google Scholar
Hal R. Varian. 2000. Economic scene: Managing online security risks. New York Times (June 2000).Google Scholar
Tony Vila, Rachel Greenstadt, and David Molnar. 2003. Why we can’t be bothered to read privacy policies: Models of privacy economics as a lemons market. In Proceedings of the Conference on Electronic Commerce (EC’03). ACM, 403--407. Google ScholarDigital Library
Yang Wang, Gregory Norcie, Saranga Komanduri, Alessandro Acquisti, Pedro Giovanni Leon, and Lorrie Faith Cranor. 2011. I regretted the minute I pressed share: A qualitative study of regrets on Facebook. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS’11). ACM, 1--16. Google ScholarDigital Library
Yang Wang, Pedro Giovanni Leon, Alessandro Acquisti, Lorrie Faith Cranor, Alain Forget, and Norman Sadeh. 2014. A field trial of privacy nudges for Facebook. In Proceedings of the 32nd Annual ACM Conference on Human Factors in Computing Systems (CHI’14). ACM, New York, NY, 2367--2376. Google ScholarDigital Library
Webroot. 2010. Social media sobriety test. Retrieved from http://www.webroot.com/En_US/sites/sobrietytest/ (2010).Google Scholar
Alma Whitten and J. Doug Tygar. 1999. Why Johnny can’t encrypt: A usability evaluation of PGP 5.0. In Proceedings of the USENIX Security Symposium. USENIX Association, Berkeley, CA, 1--16.Google Scholar
Lauren E. Willis. 2014. Why not privacy by default? Berkeley Technol. Law J. 29, 1 (2014), 1--57.Google Scholar
Shomir Wilson, Justin Cranshaw, Norman Sadeh, Alessandro Acquisti, Lorrie Faith Cranor, Jay Springfield, Sae Young Jeong, and Arun Balasubramanian. 2013. Privacy manipulation and acclimation in a location sharing application. In Proceedings of the Conference on Pervasive and Ubiquitous Computing (Ubicomp’13). ACM, 549--558. Google ScholarDigital Library
Jessica Wisdom, Julie S. Downs, and George Loewenstein. 2010. Promoting healthy choices: Information versus convenience. Amer. Econ. J.: Appl. Econ. 2, 2 (2010), 164--178. Google ScholarCross Ref
Evan Wondrasek. 2010. Take control of your Facebook privacy with PrivacyDefender. (June 2010). Retrieved from http://www.makeuseof.com/tag/control-facebook-privacy-privacydefender/.Google Scholar
Joshua D. Wright and Douglas H. Ginsburg. 2012. Behavioral law and economics: Its origins, fatal flaws, and implications for liberty. Northwest. Univ. Law Rev. 106, 3 (2012), 12--63.Google Scholar
Haidong Xia and José Carlos Brustoloni. 2005. Hardening Web browsers against man-in-the-middle and eavesdropping attacks. In Proceedings of the Conference on the World Wide Web (WWW’05). ACM, 489--498.Google Scholar

Index Terms

Nudges for Privacy and Security: Understanding and Assisting Users’ Choices Online
1. Human-centered computing
  1. Human computer interaction (HCI)
  2. Interaction design
2. Security and privacy
  1. Human and societal aspects of security and privacy

Recommendations

Privacy nudges for social media: an exploratory Facebook study
WWW '13 Companion: Proceedings of the 22nd International Conference on World Wide Web

Anecdotal evidence and scholarly research have shown that a significant portion of Internet users experience regrets over their online disclosures. To help individuals avoid regrettable online disclosures, we employed lessons from behavioral decision ...
Read More
RFID system with fairness within the framework of security and privacy
ESAS'05: Proceedings of the Second European conference on Security and Privacy in Ad-Hoc and Sensor Networks

Radio Frequency Identification (RFID) systems are expected to be widely deployed in automated identification and supply-chain applications. Although RFID systems have several advantages, the technology may also create new threats to user privacy. In ...
Read More
Are RNGs Achilles' Heel of RFID Security and Privacy Protocols?

Security and privacy concerns have been growing with the increased utilisation of RFID technology in our daily lives. To mitigate these issues, numerous privacy-friendly authentication protocols have been published in the last decade. Random number ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Computing Surveys Volume 50, Issue 3
May 2018
550 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/3101309
Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering / University of Florida / Gainesville, FL 32611
Issue’s Table of Contents
Copyright © 2017 Owner/Author
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 8 August 2017
- Accepted: 1 January 2017
- Revised: 1 September 2016
- Received: 1 October 2015
Published in csur Volume 50, Issue 3

Check for updates
Author Tags
Privacy
behavioral economics
nudge
security
soft paternalism
Qualifiers
- survey
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 318
  Total Citations
  View Citations
- 16,491
  Total Downloads
- Downloads (Last 12 months)3,157
- Downloads (Last 6 weeks)356
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Nudges for Privacy and Security: Understanding and Assisting Users’ Choices Online

ACM Computing Surveys

Abstract

References

Cited By

Index Terms

Recommendations

Privacy nudges for social media: an exploratory Facebook study

RFID system with fairness within the framework of security and privacy

Are RNGs Achilles' Heel of RFID Security and Privacy Protocols?