Understanding the user privacy management overhead
Description
Online social networks (OSNs) have become the de-facto portal for Web access for millions of users, resulting in fundamental shift in the patterns of context exchange over the Web. Previously, content on the Web was primarily created by a (relatively) small group of publishers, including companies, universities, and governments. This content was (for the most part) public, with open
sharing and universal access to information being explicit goals. Today, much of the content shared on the Web is being created by individual end users, and the increasingly personal nature of this information is causing
privacy and access control to become key concerns.
The result of this fundamental shift is that instead of just being content consumers, individual end users are now required to be content managers. Today, for every single piece of data shared on sites like Facebook -- every wall post, photo, status update, friend request, and video—the uploader must decide which of his friends, group members, and other Facebook users should be able to access the data. Given the per-user average of 130 friends and 80 groups—compounded with the average 90 pieces of content uploaded per user per month—it is unsurprising that we are in the midst of a privacy management crisis , wherein the task of simply managing access to their content has become a significant mental burden for many users.
In this project, we argue that this situation is being exacerbated by the lack of meaningful and intuitive privacy controls and abstractions. Instead of making the task of privacy management easier, the most common controls today require users to expend significant mental effort. The result is that most users simply do not use the controls at all: Facebook recently revealed that only 5% of users had ever created a friend list, one of the core mechanisms for expressing privacy. While others have taken this lack of use to indicate that users are no longer concerned about privacy, we believe that it is more symptomatic of the inadequacy of the controls themselves.
The result of this fundamental shift is that instead of just being content consumers, individual end users are now required to be content managers. Today, for every single piece of data shared on sites like Facebook -- every wall post, photo, status update, friend request, and video—the uploader must decide which of his friends, group members, and other Facebook users should be able to access the data. Given the per-user average of 130 friends and 80 groups—compounded with the average 90 pieces of content uploaded per user per month—it is unsurprising that we are in the midst of a privacy management crisis , wherein the task of simply managing access to their content has become a significant mental burden for many users.
In this project, we argue that this situation is being exacerbated by the lack of meaningful and intuitive privacy controls and abstractions. Instead of making the task of privacy management easier, the most common controls today require users to expend significant mental effort. The result is that most users simply do not use the controls at all: Facebook recently revealed that only 5% of users had ever created a friend list, one of the core mechanisms for expressing privacy. While others have taken this lack of use to indicate that users are no longer concerned about privacy, we believe that it is more symptomatic of the inadequacy of the controls themselves.
Publications
Addressing the Privacy Management Crisis in Online Social Networks
Krishna P. Gummadi, Alan Mislove, and Balachander Krishnamurthy. IAB Workshop on Internet Privacy, Boston, MA, December 2010. (Position Paper)