location-sharing technologies: privacy risks and controls
DESCRIPTION
Location-sharing technologies: Privacy risks and controls. Lorrie Faith Cranor. Outline. Locating Technologies Location Risk/Benefit Survey Location-Sharing Applications and Privacy Controls Locaccino. Locating Technologies. Global Positioning System. WiFi Positioning. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/1.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 1
CyLab Usable Privacy and Security Laboratoryhttp://cups.cs.cmu.edu/
Location-sharing technologies: Privacy risks and controls
Lorrie Faith Cranor
![Page 2: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/2.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 2
Outline
Locating Technologies Location Risk/Benefit Survey Location-Sharing Applications and Privacy
Controls Locaccino
![Page 3: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/3.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 3
Locating Technologies
![Page 4: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/4.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 4
Global Positioning System
![Page 5: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/5.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 5
WiFi Positioning
![Page 6: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/6.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 6
Cellular Triangulation
![Page 7: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/7.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 7
IP Location
![Page 8: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/8.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 8
Locating Technologies Platforms
– Laptop computers– Mobile phones
Applications– Advertising/Marketing
• Location-based advertising– Information services
• Directions• Find the nearest …• Local weather, local events
– People finding• Meet new friends, play games, socialize• Coordination• Monitor kids, employees, elderly
![Page 9: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/9.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 9
Location Risk/Benefit Survey
![Page 10: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/10.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 10
Method
Conducted April 2008, n = 587 Provided list of use scenarios
– Rate the likelihood of scenario– Rate the magnitude of harm or benefits
Ranked each risk/benefit
Expected Utility = Likelihood * Magnitude
![Page 11: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/11.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 11
Location-Sharing Applications
Not very useful People are concerned about their privacy Risks outweigh benefits
![Page 12: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/12.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 12
Benefit Scenarios
![Page 13: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/13.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 13
Risk Scenarios
![Page 14: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/14.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 14
Location-Sharing Applications and Privacy Controls
![Page 15: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/15.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 15
Privacy features
Most current location sharing services allow sharing to be either on or off, per person
Many have a “make me invisible feature” (e.g. Loopt and Brightkite)
Some have the ability to limit by location granularity (e.g. Google Latitude and FireEagle)
Commercial services don’t have fine-grained privacy controls or ability to see who is tracking your location
![Page 16: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/16.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 16
Loopt privacy settings
![Page 17: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/17.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 17
Loopt privacy settings
![Page 18: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/18.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 18
Google Lattitude privacy settings
![Page 19: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/19.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 19
Google Lattitude privacy settings
![Page 20: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/20.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 20
Google Lattitude privacy settings
![Page 21: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/21.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 21
Location-Sharing Applications
Reviewed 89 Applications in August 2009– Date of Launch– Privacy Policy– Privacy Controls– Immediately Accessible Privacy Settings
![Page 22: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/22.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 22
Privacy Overview
Types of Applications– Open: Requested by anyone (52)– Closed: Requested by friends only (29)
Category Yes No Unknown Not Applicable
Privacy Policy 66% 34% - -
Privacy Controls 76% 17% 1% 6%
Accessible Privacy Settings 17% 75% 2% 6%
![Page 23: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/23.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 23
Types of Restrictions
Friends Only (49.4%) Granularity (11.2%) Blacklist (15.7%) Invisible (33.7%)
% of applications
![Page 24: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/24.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 24
Types of Restrictions
Per-Request (2.25%) Time-Expiring (2.25%)
![Page 25: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/25.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 25
Most Frequent Controls
Friends Only (49.4%) Invisible (33.7%)
% of applications
![Page 26: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/26.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 26
Privacy Controls
Frequency of Restrictions
![Page 27: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/27.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 27
Best ways to mitigate the greatest expected risks Blacklist (16%) Granularity (12%) Group-based rules (12%) Location-based rules (1%) Time-based rules (1%)
% of applications
![Page 28: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/28.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 28
Recommendations for developers
Need for more expressive privacy controls in most applications
Providing expressive controls could reduce concerns
Developers must balance expressiveness and user burden
![Page 29: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/29.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 29
Recommendations for users
Understand why you want to use location-sharing application (social, coordination, etc.)
Find application well-suited to your needs Configure privacy controls Avoid public posting of your location with
your real name
![Page 30: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/30.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 30
http://locaccino.org
![Page 31: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/31.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 31
![Page 32: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/32.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 32
Friends around me
![Page 33: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/33.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 33
![Page 34: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/34.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 34
Editing rules
![Page 35: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/35.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 35
Editing location restrictions
![Page 36: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/36.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 36
Who can see me?
![Page 37: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/37.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 37
![Page 38: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/38.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 38
![Page 39: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/39.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 39
![Page 40: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/40.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 40
![Page 41: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/41.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 41
![Page 42: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/42.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 42
Inviting friends
![Page 43: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/43.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 43
Clients
Android Symbian Mac + PC
![Page 44: Location-sharing technologies: Privacy risks and controls](https://reader036.vdocuments.mx/reader036/viewer/2022062520/56815adc550346895dc8a8e3/html5/thumbnails/44.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 44
Cylab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/