Personalised Privacy by Default Preferences - Experiment and Analysis
Toru Nakamura, Shinsaku Kiyomoto, Welderufael B. Tesfay, Jetzabel Serna
2016
Abstract
In this paper, we present a novel mechanism that provides individuals with personalised privacy by default setting when they register into a new system or service. The proposed approach consists of an intelligent mechanism that learns users’ context and preferences to generate personalised default privacy settings. To achieve this, we used a machine learning approach that requires a minimal number of questions at the registration phase, and, based on users’ responses, sets up privacy settings associated to users’ privacy preferences for a particular service. This is the first attempt to predict general privacy preferences from a minimal number of questions. We propose two approaches. The first scheme is based on the sole use of SVM to predict users’ personalised settings. The second scheme implemented an additional layer that includes clustering. The accuracy of proposed approaches is evaluated by comparing the guessed answers against the answers from a questionnaire administered to 10,000 participants. Results show that, the SVM based scheme is able to guess the the full set of personalised privacy settings with an accuracy of 85%, by using a limited input of only 5 answers from the user.
References
- Acquisti, A. and Grossklags, J. (2005). Privacy and rationality in individual decision making. Security Privacy, IEEE, 3(1):26 -33.
- Backes, M., Karjoth, G., Bagga, W., and Schunter, M. (2004). Efficient comparison of enterprise privacy policies. In Proceedings of the 2004 ACM symposium on Applied computing, SAC 7804, pages 375-382.
- Basu, A., Vaidya, J., and Kikuchi, H. (2011). Efficient privacy-preserving collaborative filtering based on the weighted slope one predictor. Journal of Internet Services and Information Security (JISIS), 1(4):26-46.
- Bekara, K., Ben Mustapha, Y., and Laurent, M. (2010). Xpacml extensible privacy access control markup langua. In Communications and Networking (ComNet), 2010 Second International Conference on, pages 1 -5.
- Berendt, B., Günther, O., and Spiekermann, S. (2005). Privacy in e-commerce: Stated preferences vs. actual behavior. Commun. ACM, 48(4):101-106.
- Biswas, D. (2012). Privacy policies change management for smartphones. In Pervasive Computing and Communications Workshops (PERCOM Workshops), 2012 IEEE International Conference on, pages 70 -75.
- Buffett, S. and Fleming, M. W. (2007). Applying a preference modeling structure to user privacy. In Proceedings of the 1st International Workshop on Sustaining Privacy in Autonomous Collaborative Environments.
- Cranor, L. (2003). P3p: making privacy policies more useful. Security Privacy, IEEE, 1(6):50 - 55.
- Cranor, L. F., Arjula, M., and Guduru, P. (2002). Use of a p3p user agent by early adopters. In Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society, WPES 7802, pages 1-10.
- Cranor, L. F., Guduru, P., and Arjula, M. (2006). User interfaces for privacy agents. ACM Trans. Comput.-Hum. Interact., 13(2):135-178.
- Dehghantanha, A., Udzir, N., and Mahmod, R. (2010). Towards a pervasive formal privacy language. In Advanced Information Networking and Applications Workshops (WAINA), 2010 IEEE 24th International Conference on, pages 1085 -1091.
- Deuker, A. (2010). Addressing the privacy paradox by expanded privacy awareness the example of context-aware services. Privacy and Identity Management for Life, pages 275-283.
- Ester, M., Kriegel, H.-P., Sander, J., and Xu, X. (1996). A density-based algorithm for discovering clusters in large spatial databases with noise. In KDD, volume 96, pages 226-231.
- Fang, L., Kim, H., LeFevre, K., and Tami, A. (2010). A privacy recommendation wizard for users of social networking sites. In Proceedings of the 17th ACM conference on Computer and communications security, pages 630-632. ACM.
- Fang, L. and LeFevre, K. (2010). Privacy wizards for social networking sites. In Proceedings of the 19th international conference on World wide web, pages 351-360. ACM.
- Guha, S., Cheng, B., and Francis, P. (2010). Challenges in measuring online advertising systems. In Proceedings of the 10th ACM SIGCOMM conference on Internet measurement, IMC 7810, pages 81-87.
- Gunn, S. R. et al. (1998). Support vector machines for classification and regression. ISIS technical report, 14.
- Guo, S. and Chen, K. (2012). Mining privacy settings to find optimal privacy-utility tradeoffs for social network services. In Privacy, Security, Risk and Trust (PASSAT), 2012 International Conference on and 2012 International Confernece on Social Computing (SocialCom), pages 656-665.
- Hargittai, E. et al. (2010). Facebook privacy settings: Who cares? First Monday, 15(8).
- Jensen, C., Potts, C., and Jensen, C. (2005). Privacy practices of internet users: self-reports versus observed behavior. Int. J. Hum.-Comput. Stud., 63(1-2):203-227.
- Kelley, P. G., Hankes Drielsma, P., Sadeh, N., and Cranor, L. F. (2008). User-controllable learning of security and privacy policies. In Proc. of the 1st ACM workshop on Workshop on AISec, AISec 7808, pages 11-18.
- Kolter, J. and Pernul, G. (2009). Generating user-understandable privacy preferences. In Availability, Reliability and Security, 2009. ARES 7809. International Conference on, pages 299 -306.
- Korolova, A. (2010). Privacy violations using microtargeted ads: A case study. In Proceedings of the 2010 IEEE International Conference on Data Mining Workshops, ICDMW 7810, pages 474-482.
- Liu, Y., Gummadi, K. P., Krishnamurthy, B., and Mislove, A. (2011). Analyzing facebook privacy settings: User expectations vs. reality. In Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, IMC 7811, pages 61-70, New York, NY, USA. ACM.
- MacQueen, J. et al. (1967). Some methods for classification and analysis of multivariate observations. In Proceedings of the fifth Berkeley symposium on mathematical statistics and probability, volume 1, pages 281-297. Oakland, CA, USA.
- Madejski, M., Johnson, M., and Bellovin, S. (2012). A study of privacy settings errors in an online social network. In Pervasive Computing and Communications Workshops (PERCOM Workshops), 2012 IEEE International Conference on, pages 340-345.
- Meyer, D., Dimitriadou, E., Hornik, K., Weingessel, A., Leisch, F., Chang, C.-C., and Lin, C.-C. (2015). Package 'e107178. https://cran.r-project.org/web/ packages/e1071/e1071.pdf.
- Pedersen, A. (2003). P3 - problems, progress, potential. Privacy Laws & Business International Newsletter, 2:20-21.
- Pollach, I. (2007). What's wrong with online privacy policies? Commun. ACM, 50(9):103-108.
- Qin, M., Buffett, S., and Fleming, W. (2008). Predicting user preferences via similarity-based clustering. In Canadian Conference on AI, volume 5032 of Lecture Notes in Computer Science, pages 222-233. Springer.
- Sadeh, N., Hong, J., Cranor, L., Fette, I., Kelley, P., Prabaker, M., and Rao, J. (2009). Understanding and capturing people's privacy policies in a mobile social networking application. Personal Ubiquitous Comput., 13(6):401-412.
- Scipioni, M. P. and Langheinrich, M. (2011). Towards a new privacy-aware location sharing platform. Journal of Internet Services and Information Security (JISIS), 1(4):47-59.
- Solove, D. J. (2013). Privacy self-management and the consent paradox. Harvard Law Review, 126.
- Srivastava, A. and Geethakumari, G. (2013). A framework to customize privacy settings of online social network users. In Intelligent Computational Systems (RAICS), 2013 IEEE Recent Advances in, pages 187-192.
- Srivastava, A. and Geethakumari, G. (2014). A privacy settings recommender system for online social networks. In Recent Advances and Innovations in Engineering (ICRAIE), 2014, pages 1-6.
- Tondel, I., Nyre, A., and Bernsmed, K. (2011). Learning privacy preferences. In Availability, Reliability and Security (ARES), 2011 Sixth International Conference on, pages 621-626.
- Tondel, I. A. and Nyre, A. A. (2012). Towards a similarity metric for comparing machine-readable privacy policies. In Open Problems in Network Security, volume 7039 of Lecture Notes in Computer Science, pages 89-103.
- W3C (2002). The platform for privacy preferences 1.0 (P3P1.0) specificati. In Platform for Privacy Preferences (P3P) Project.
- Ward Jr, J. H. (1963). Hierarchical grouping to optimize an objective function. Journal of the American statistical association, 58(301):236-244.
- Wishart, R., Corapi, D., Madhavapeddy, A., and Sloman, M. (2010). Privacy butler: A personal privacy rights manager for online presence. In Pervasive Computing and Communications Workshops (PERCOM Workshops), 2010 8th IEEE International Conference on, pages 672 -677.
- Yee, G. (2009). An automatic privacy policy agreement checker for e-services. In Availability, Reliability and Security, 2009. ARES 7809. International Conference on, pages 307 -315.
Paper Citation
in Harvard Style
Nakamura T., Kiyomoto S., Tesfay W. and Serna J. (2016). Personalised Privacy by Default Preferences - Experiment and Analysis . In Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-167-0, pages 53-62. DOI: 10.5220/0005681100530062
in Bibtex Style
@conference{icissp16,
author={Toru Nakamura and Shinsaku Kiyomoto and Welderufael B. Tesfay and Jetzabel Serna},
title={Personalised Privacy by Default Preferences - Experiment and Analysis},
booktitle={Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2016},
pages={53-62},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005681100530062},
isbn={978-989-758-167-0},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Personalised Privacy by Default Preferences - Experiment and Analysis
SN - 978-989-758-167-0
AU - Nakamura T.
AU - Kiyomoto S.
AU - Tesfay W.
AU - Serna J.
PY - 2016
SP - 53
EP - 62
DO - 10.5220/0005681100530062