Provide Users with User-Friendly Tools to Manage Their Privacy Settings
Problem Summary
Due to the complexity and usability of privacy settings in digital environments, users face challenges in understanding and managing them effectively. Existing interfaces are not always user-friendly, requiring significant effort and understanding to configure privacy settings appropriately. Additionally, traditional privacy settings interfaces do not provide real-time or easily interpretable feedback about data exposure.
Rationale
There is a need for intuitive, user-friendly tools that provide clear, real-time feedback on data exposure, enhancing user control and confidence in managing their privacy settings.
Solution
The development and implementation of intuitive, user-centred privacy management tools that leverage visual interfaces and feedback mechanisms. These tools are designed to simplify the process of configuring privacy settings by providing users with clear, understandable visual representations of their privacy preferences and the implications of their choices.
Watson, Whitney and Lipford [1] introduced AudienceView, a prototype designed to simplify privacy management on social networks, particularly Facebook. Technical implementation centres around visualising privacy settings as they appear to different audiences (e.g., friends, networks, search) through tabbed panes within the user interface. Each tab presents the user's profile as it would be seen by the selected audience, with controls for showing or hiding information to specific groups. This design provides immediate visual feedback on privacy settings, enhancing users' understanding and control over data sharing. The prototype allows locking categories of information, thereby greying out and collapsing those sections for a clearer visual indication of protected content. Additionally, it features consolidated settings for broad categories like "All My Friends" or "All My Networks," streamlining the privacy configuration process. This approach addresses usability issues by offering an intuitive, interactive way to manage privacy grounded in audience-aware policy management.
Alemerien [2] presented the Visual Privacy Management Policy (VPMP), a solution designed to enhance privacy management for photo sharing on social networking sites. The VPMP system uses a user-friendly interface with a social graph for visualising connections and photo privacy settings. It operates through two main components, the Social Graph Generator and the Privacy Policy Manager, alongside three data repositories for Photos, Friends, and Privacy Policies. Key functionalities enable users to share photos with specified friends or groups, manage tagging permissions, and control photo redistribution. Privacy preferences are set through an intuitive drag-and-drop interface, with immediate visual feedback provided to show the effect of these settings. The underlying algorithm uses an undirected graph to represent the relationships and actions among users (vertices), their connections (edges), and privacy settings (functions), enabling a clear visualisation and management of privacy preferences for shared photos.
Wang et al. [3] introduced VeilMe, designed to assist users in managing privacy settings for their personality portraits derived from social media data. It targets four main design goals: intuitive visualisation of personality traits, awareness of privacy settings, easy control over sharing preferences, and personalised initial privacy settings. The system uses a visual metaphor, "PersonalityGenome," to represent multidimensional and hierarchical personality data, allowing users to explore and understand their personality traits interactively. The interface incorporates a SocialDistance metaphor to adjust the visibility of personality traits to different social groups, using draggable sliders for intuitive control. Based on k-anonymity models, obfuscation techniques are applied to blur personality portraits for certain social distances, with the degree of obfuscation adjustable at a general level and for individual traits. Initial privacy settings strategies include conservative, rule-based, and prediction-based approaches, leveraging regression models to estimate sharing preferences based on personality portraits, aiming to simplify the configuration process for users.
Schlegel, Kapadia, and Lee [4] proposed an ambient interface using the metaphor of eyes to provide users with real-time feedback on their data exposure. The size of the eyes on the user's smartphone home screen represents the frequency of data access, giving users an intuitive sense of how often their information is being accessed. This interface allows users to quickly assess and manage their privacy without detailed access logs, enabling them to block access temporarily when exposure is high, thus maintaining better control over their personal information.
Rathore and Tripathy [5] proposed AppMonitor, a tool for managing privacy in social networks by controlling and monitoring data shared with third-party apps. It simplifies complex privacy settings and provides real-time feedback on data exposure, helping users manage their privacy settings.
Platforms: personal computers, mobile devices
Related guidelines: Leverage Personalised Recommendations for Enhanced User Management of Privacy Settings
Example
AudienceView prototype resembling Facebook’s profile information and layout as in [1]. (See enlarged)
The screenshot of the VeilMe interface. Panel A & B: user’s Twitter profile and the latest tweets; C: portrait exploration panel; D: privacy setting panel. Users can click to expand to reveal traits with sub-traits. When hovering a social distance knob, the input audience names of that group will be shown for user engagement [3]. (See enlarged)
Left: Eye metaphor to signal exposure; Middle: Detailed feedback interface; Right: Interface to define access rules hour-by-hour [4]. (See enlarged)
A simplified prototype of AppMonitor as in [5]. (See enlarged)
Use cases
- Combining UI/UX design principles and data visualisation techniques to enhance privacy control mechanisms.
- Implementing user interface as a tool for managing privacy settings visually.
Pros
- Studies consistently showed that user-friendly, visually intuitive interfaces significantly improve user confidence, satisfaction, and efficiency in managing privacy settings. Tools like AudienceView[1], VPMP[2], VeilMe[3], and AppMonitor[5] demonstrate that visual feedback mechanisms, such as visual metaphors and rule-based settings, help users better understand and control their privacy. These interfaces are particularly beneficial for novice users and align with user expectations for simplicity and efficiency. They enhance the overall user experience by reducing cognitive load and providing clear, real-time feedback on privacy implications, thus improving privacy management without compromising functionality [1][2][3][4][5].
Cons
- The generalisability of findings is often limited by the specific participant demographics and contexts used in evaluations. Studies frequently involve specific groups, such as college students or workplace settings, which may not represent broader populations [1][2][3][4]. Additionally, evaluations focus on short-term interactions, failing to account for the long-term and evolving nature of privacy preferences and behaviours [3].
- Monitoring user data flow between internal and external third-party application modules can place an additional burden on OSN sites. However, this can be mitigated by random checks of data flow [5].
Privacy Choices
This guideline discusses solutions that align with the design space for privacy choices [6] and can be applied in the following dimensions:
- Contextualised
This guideline presents solutions that also touch upon contextualised choices by allowing users to configure privacy settings based on specific contexts, such as different audience views in AudienceView [1] or visual privacy preferences in the Visual Privacy Advisor [2]. These tools consider the context of information sharing (e.g., social relationship, content type) to offer tailored privacy settings.
- Binary choices
The guideline can incorporate binary choices (e.g., opt-in/opt-out) within the visual tools, ensuring these choices are intuitive and user-friendly.
- Multiple choices
This guideline presents solutions that enhance the granularity of privacy settings available to users, moving beyond binary choices (e.g., opt-in/opt-out) to offer a spectrum of options for managing privacy settings.
- On-demand
This guideline discusses solutions that users can access and modify on demand.
- At Setup
Initial privacy settings can be configured during setup, ensuring users have control from the beginning.
- Just in time
Visual tools can prompt users with privacy choices just in time. This approach allows users to make informed decisions at the moment where their data is about to be used or shared, reducing cognitive load and enhancing the effectiveness of privacy decisions.
- Visual
This guideline discusses solutions that leverage visual modality by representing privacy settings using intuitive interfaces, imagery, or icons. These solutions aim to simplify configuring privacy preferences and enhance user understanding of the privacy implications of these configurations.
- Feedback
This guideline discusses solutions that, by providing visual or otherwise immediate feedback on the effect of privacy settings, help users understand the immediate impact of their decisions, enhancing their confidence in the privacy management process.
- Enforcement
This guideline presents solutions where enforcement is implicit in the functionality of these solutions. The technical capability to enforce these decisions is crucial for the integrity of privacy choices, ensuring that users' preferences are effectively implemented.
- Presentation
Privacy choices always have a presentation that involves a system providing clear and easily understandable information to users about potential data practices, available options, and how to communicate privacy decisions, often incorporating multiple components and integrating with related privacy notices, requiring careful consideration of design dimensions such as timing, channel, and modality [5].
This guideline discusses solutions that provide visual interfaces that clearly outline available privacy choices, enabling users to make informed decisions regarding their privacy settings.
- Primary
This guideline discusses solutions that integrate privacy settings directly within the platform or device that users are interacting with.
- Secondary
If primary channels are not feasible, secondary channels (e.g., web portals or mobile apps) can be used to manage privacy settings.
Control
This guideline discusses solutions that collectively support the importance of providing intuitive tools that enhance user Control [7] over privacy settings. By implementing user-centred interfaces and visual feedback mechanisms, users can more easily manage their consent, opt-out options, and overall privacy preferences, better protecting their personal data sharing. Other related privacy attributes:
While not directly addressed by user control interfaces, the ability to easily manage and update privacy settings can contribute to better security practices by ensuring that users can quickly respond to potential threats or data breaches.
Visual tools and intuitive interfaces inherently promote transparency by making it clearer to users how their data is being used and shared.
References
[1] Jason Watson, Michael Whitney, and Heather Richter Lipford (2009). Configuring audience-oriented privacy policies. In Proceedings of the 2nd ACM workshop on Assurable and usable security configuration (SafeConfig '09). Association for Computing Machinery, New York, NY, USA, 2009, 71–78. https://doi.org/10.1145/1655062.1655076
[2] Khalid Alemerien (2020). User-Friendly Privacy-Preserving Photo Sharing on Online Social Networks. Journal of Mobile Multimedia, 16(3), 2020, 267–292. https://doi.org/10.13052/jmm1550-4646.1631
[3] Yang Wang, Liang Gou, Anbang Xu, Michelle X. Zhou, Huahai Yang, and Hernan Badenes (2015). VeilMe: An Interactive Visualization Tool for Privacy Configuration of Using Personality Traits. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI '15). Association for Computing Machinery, New York, NY, USA, 2015, 817–826. https://doi.org/10.1145/2702123.2702293
[4] Roman Schlegel, Apu Kapadia, and Adam J. Lee (2011). Eyeing your exposure: quantifying and controlling information sharing for improved privacy. In Proceedings of the Seventh Symposium on Usable Privacy and Security (SOUPS '11). Association for Computing Machinery, New York, NY, USA, Article 14, 1–14. https://doi.org/10.1145/2078827.207884
[5] Nemi Chandra Rathore and Somanath Tripathy (2020). AppMonitor: restricting information leakage to third-party applications. Soc. Netw. Anal. Min. 10, 49. https://doi.org/10.1007/s13278-020-00662-7
[6] Yuanyuan Feng, Yaxing Yao, and Norman Sadeh (2021). A Design Space for Privacy Choices: Towards Meaningful Privacy Control in the Internet of Things. In CHI Conference on Human Factors in Computing Systems (CHI ’21), May 8–13, 2021, Yokohama, Japan. ACM, New York, NY, USA, 16 pages. https://doi.org/10.1145/3411764.3445148
[7] Susanne Barth, Dan Ionita, and Pieter Hartel (2022). Understanding Online Privacy — A Systematic Review of Privacy Visualizations and Privacy by Design Guidelines. ACM Comput. Surv. 55, 3, Article 63 (February 2022), 37 pages. https://doi.org/10.1145/3502288