Encourage the Consideration of Interdependent Privacy Management in Cloud Applications
Problem Summary
In cloud storage services, privacy risks are heightened due to the interconnected nature of user data and shared files. Third-party applications often request full access to users' files, including those shared with collaborators, leading to significant privacy risks for all parties involved.
Rationale
To mitigate privacy risks in cloud environments, it is crucial to develop mechanisms that account for interdependent privacy concerns, informing users about the privacy decisions of their collaborators and encouraging privacy-preserving behaviours.
Solution
Develop systems that provide users with information about previously authorised vendors, promote History-based decisions to minimise privacy loss, and include privacy indicators to encourage compliance with privacy-preserving practices.
Harkous and Aberer [1] addressed interdependent privacy in cloud applications by introducing mechanisms that consider the privacy implications of collaborators' actions on shared data. In cloud services like Google Drive and Dropbox, when one user authorises a third-party app, it often gains access not only to their files but also to files shared by other collaborators. This interconnected nature of data access creates privacy risks for all parties involved.
To mitigate these risks, the authors propose History-based decisions, which inform users about previously authorised vendors. By highlighting which third-party apps have already been granted access, this mechanism encourages users to avoid installing new apps that require similar permissions, thus minimising additional privacy loss.
Moreover, the system includes a privacy indicator that provides visual cues to users about the potential privacy risks associated with new app installations. This indicator aims to enhance user awareness and guide them towards privacy-preserving decisions. Through these measures, the solution emphasises the importance of considering collaborators' privacy when making decisions about app authorisations, thereby effectively managing interdependent privacy risks in cloud environments.
Platforms: personal computers, mobile devices
![Proposed "History-based insights" interface as in <a href="#section1">[1]</a>.](/upcguidelines/media/uploads/guideline_images/thumbnails/uploads/guideline_images/interdependent-privacy.jpg)
![Proposed "History-based insights" interface as in <a href="#section1">[1]</a>.](/upcguidelines/media/uploads/guideline_images/interdependent-privacy.png)
Use cases
- Installing or granting permission to cloud apps that may access shared resources.
Pros
- The study demonstrated that teams can reduce privacy loss by up to 40% by considering the decisions made by their team members. It also improved users' awareness of previously authorised vendors, helping them understand the privacy implications of their collaborators' actions [1].
Cons
- Despite demonstrating the effectiveness of History-based Insights, the authors acknowledge that their study has limitations due to its reliance on a web experiment with hypothetical data [1].
Privacy Notices
Considering the design space for privacy notices [2], this guideline can be applied to the following dimensions:
- At Setup
Informing users when they are about to install a new app that requires access to shared files.
- Just in time
This guideline could also be applied to inform users when a data practice is about to happen.
- Blocking
This guideline can be applied when users must make a choice before proceeding with specific actions that could impact privacy.
- Non-blocking
Although primarily designed for blocking situations, this guideline can be coupled with non-blocking controls, providing control options (privacy choices) without forcing user interaction.
- Visual
This guideline is for a visual notice, using visual resources such as colours, text and icons.
- Primary
Providing in-app notifications or alerts within the cloud application interface.
Control
By implementing History-based decisions and privacy indicators, the guideline aims to enhance users' ability to manage and influence the privacy settings of shared content, thus addressing the core element of Control [3]. Other related privacy attributes:
The guideline addresses sharing by informing users about the third-party apps that have access to their data and the data shared with collaborators. This awareness helps users understand and manage how their data is being shared with third parties.
The guideline promotes transparency by informing users about previously authorised vendors and the privacy decisions of their collaborators. This allows users to understand the potential privacy implications of their actions and make informed decisions [3].
References
[1] Hamza Harkous and Karl Aberer (2017). "If You Can't Beat them, Join them": A Usability Approach to Interdependent Privacy in Cloud Apps. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy (CODASPY '17). Association for Computing Machinery, New York, NY, USA, 127–138. https://doi.org/10.1145/3029806.3029837
[2] Florian Schaub, Rebecca Balebako, Adam L Durity, and Lorrie Faith Cranor (2015). A Design Space for Effective Privacy Notices. In: Symposium on Usable Privacy and Security (SOUPS 2015). [S.l.: s.n.], p. 1–17. https://www.usenix.org/system/files/conference/soups2015/soups15-paper-schaub.pdf
[3] Susanne Barth, Dan Ionita, and Pieter Hartel (2022). Understanding Online Privacy — A Systematic Review of Privacy Visualizations and Privacy by Design Guidelines. ACM Comput. Surv. 55, 3, Article 63 (February 2022), 37 pages. https://doi.org/10.1145/3502288