Privacy Behavior Research Articles

Honesty is the Best Policy: On the Accuracy of Apple Privacy Labels Compared to Apps' Privacy Policies

Apple introduced privacy labels in Dec. 2020 as a way for developers to report the privacy behaviors of their apps. While Apple does not validate labels, they also require developers to provide a privacy policy, which offers an important comparison point. In this paper, we fine-tuned BERT-based language models to extract privacy policy features for 474,669 apps on the iOS App Store, comparing the output to the privacy labels. We identify discrepancies between the policies and the labels, particularly as they relate to data collected linked to users. We find that 228K apps' privacy policies may indicate data collection linked to users than what is reported in the privacy labels. More alarming, a large number (97%) of the apps with a Data Not Collected privacy label have a privacy policy indicating otherwise. We provide insights into potential sources for discrepancies, including the use of templates and confusion around Apple's definitions and requirements. These results suggest that significant work is still needed to help developers more accurately label their apps. Our system can be incorporated as a first-order check to inform developers when privacy labels are possibly misapplied.

Revealed Privacy Preferences: Are Privacy Choices Rational?

We investigate the extent to which trade-offs involving the sharing of personal information exhibit consistency with an underlying rational preference for privacy. In an experiment, people engage in trade-offs across two domains of personal information sharing, allowing us to classify whether their choices satisfy the generalized axiom of revealed preference. They also subsequently price the sharing of their personal information. Sixty-three percent of subjects act consistently with a rational preference ordering when allocating privacy levels, a level comparable to that observed in other domains. Individuals who are inconsistent when engaging in simple privacy trade-offs exhibit substantially more costly preference reversals when pricing personal information sharing. Only one-third of subjects exhibit consistency across both the selection of personal information to share and the pricing of such information sharing. Our results imply that monetizing personal information can have distinct welfare consequences for people with different degrees of rationality in their underlying ability to make sensible trade-offs involving personal information. We also provide evidence that preferences elicited over choices in our experiment correlate with real-world privacy behaviors. This paper was accepted by Yan Chen, behavioral economics and decision analysis. Funding: This work was supported by Forschungskredit (University of Zurich) [Grant FK-17-017] and Schweizerischer Nationalfonds zur Förderung der Wissenschaftlichen Forschung [Grant 174630] to Y.S. Lee. Supplemental Material: The online appendix and data files are available at https://doi.org/10.1287/mnsc.2022.00807 .

LSTEG: An evolutionary game model leveraging deep reinforcement learning for privacy behavior analysis on social networks

With the investment of third-party companies, various accurate recommendation services have emerged on social network platforms, making convenience and privacy concerns coexist for users. Platforms, users, and third-party companies have conflicts of interest around privacy issues, and privacy protection is not the only goal for them. For the analysis of multi-party behaviors related to privacy, a long short-term evolutionary game model (LSTEG) is proposed, where the long-term and short-term evolutionary processes describe the dynamics between three parties and between users, respectively. Their dynamic evolutionary processes are described by mean dynamic equations and all possible stationary-state conditions are analyzed theoretically. Deep reinforcement learning is adopted to solve these evolutionary stationary states and to reveal the rules of interdependence between long-term evolution and short-term evolution. Experiments conducted on real-world datasets show that this work can help platforms, users, and third-party companies to get a better sense of what is occurring in dynamic network environments.

To disclose or to protect? Predicting social media users’ behavioral intention toward privacy

PurposeIn the paradox of personalized services and privacy risks, what factors influence users’ decisions is considered an interesting issue worth exploring. The current study aims to empirically explore privacy behavior of social media users by developing a theoretical model based on privacy calculus theory.Design/methodology/approachPrivacy risks, conceptualized as natural risks and integrated risks, were proposed to affect the intention of privacy disclosure and protection. The model was validated through a hybrid approach of structural equation modeling (SEM)-artificial neural network (ANN) to analyze the data collected from 527 effective responses.FindingsThe results from the SEM analysis indicated that social interaction and perceived enjoyment were strong determinants of perceived benefits, which in turn played a dominant role in the intention to disclose the privacy in social media. Similarly, trust and privacy invasion experience were significantly related to perceived risks that had the most considerable effect on users’ privacy protection intention. And the following ANN models revealed consistent relationships and rankings with the SEM results.Originality/valueThis study broadened the application perspective of privacy calculus theory to identify both linear and non-linear effects of privacy risks and privacy benefits on users’ intention to disclose or protect their privacy by using a state-of-the-art methodological approach combining SEM and ANN.

How Do Job Seekers Respond to Cybervetting? An Exploration of Threats, Fear, and Access Control

The cybervetting activities of potential employers present a significant threat to job-seeking social media users because their content becomes vulnerable to unwanted access and scrutiny. Without control over access, personal information may be gathered from social media and used in ways that harm the job seeker. Access control is a critical element of information privacy that has not received much attention but can help explain individuals' privacy behaviors. We use a protection motivation framework and a fear appeal to examine how job-seeking SNS users respond to cybervetting. We analyze the responses of 375 job-seeking SNS users to understand the relationships among threat perceptions, fear, coping responses, access control, and intention to implement and use an ephemeral application. We argue that when confronted by cybervetting, job-seeking SNS users are favorable toward using an ephemeral application because it bolsters privacy and meets the psychological need for control over access. Our results show that access control moderates the fear response to cybervetting, it is prompted by users' coping responses, and it helps explain why response efficacy and self-efficacy are predictive of behavioral intention.

Investigation and Protection of Social Media Users’ Privacy Behavior

Investigation and Protection of Social Media Users’ Privacy Behavior

Privacy concerns and social desirability bias

Privacy concerns may influence many choices consumers make. However, their expressed concerns are sometimes inconsistent with their information-sharing and privacy-protecting behaviors. Many theories have been proposed to explain the paradoxical gap between privacy attitudes and behaviors. Part of the privacy paradox may be explained with two measures that have received limited consideration: impulsiveness and social desirability bias (SDB). Surveys of US adults in 2015 and 2022 included questions to measure several types of privacy concerns along with impulsive tendencies and SDB (N = 2729). Age, education, gender, race, income, and impulsive tendencies were linked with some privacy concerns. If people with above-average concerns also disclose personal information on impulse, it might explain part of the paradox. Large coefficients on the SDB measure suggest that individuals who adjust their responses to be consistent with social norms may also overstate specific privacy concerns. For these individuals, their high expressed concerns may be inconsistent with their privacy behaviors. When researchers try to explain consumer attitudes or actions that involve privacy, multiple privacy concern dimensions should be considered and demographics, impulsive tendencies, and SDB should be included in the models.

Un-Paradoxing Privacy: Considering Hopeful Trust

Extant literature has proposed an important role for trust in moderating people’s willingness to disclose personal information, but there is scant HCI literature that deeply explores the relationship between privacy and trust in apparent privacy paradox circumstances. Attending to this gap, this article reports a qualitative study examining how people account for continuing to use services that conflict with their stated privacy preferences, and how trust features in these accounts. Our findings undermine the notion that individuals engage in strategic thinking about privacy, raising important questions regarding the explanatory power of the well-known privacy calculus model and its proposed relationship between privacy and trust. Finding evidence of hopeful trust in participants’ accounts, we argue that trust allows people to morally account for their “paradoxical” information disclosure behavior. We propose that effecting greater alignment between people’s privacy attitudes and privacy behavior—or “un-paradoxing privacy”—will require greater regulatory assurances of privacy.

Is knowledge power? Testing whether knowledge affects chilling effects and privacy-protective behaviors using browser histories

This study examines whether providing users with declarative and procedural privacy knowledge positively affects behaviors to safeguard their privacy. Two forms of coping behaviors were in focus: Measures that reduce data collection by technological means (privacy-protective behaviors) and self-restraint in the use of online services (chilling effect-related behaviors). We hypothesized that a combination of declarative knowledge and procedural knowledge as opposed to declarative knowledge alone increases privacy-protective behaviors while being less likely to induce chilling effect-related behaviors. Data were obtained using an experimental study design combined with browser histories. Individuals were exposed to video treatments providing them with a) declarative knowledge or b) a combination of declarative and procedural knowledge, while the control group received no treatment. The study attracted a total of N = 500 participants for self-report data and N = 252 participants with data donations from a student sample in Austria. The findings indicate that both knowledge treatments increased recipients' privacy concerns. Furthermore, the declarative and procedural knowledge treatment increased participants’ self-efficacy. However, increasing knowledge did not translate into more pronounced privacy behaviors. Tentative evidence suggests that privacy fatigue might play a particularly important role in explaining these null findings.

The Effect of Privacy Fatigue on Privacy Decision-Making Behavior

With the rapid growth of information communication technology, internet users face constantly demands to manage privacy setting and make decisions on whether to disclose privacy data in the digital environment. Such privacy-related decisions and actions are heavily influenced by users’ level of trust, privacy concerns, perceived risks, and perceived benefits. One recently recognized factor that may impair privacy behaviors is privacy fatigue. This study will employ a within-subjects design with eye-tracking devices in which participants complete the same online decision-making task. Additionally, potential covariates, including privacy concern and digital privacy literacy, will be controlled for. We expect that higher level of baseline privacy fatigue will reveal poorer privacy decision-making outcomes, which will be represented by more frequent acceptance of online cookies. Moreover, we predict that participants’ pupil dilation, a physiological index of cognitive effort, will decrease, and privacy fatigue levels will increase over the course of the online decision-making task.

The Impact of Shared Information Presentation Time on Users' Privacy-Regulation Behavior in the Context of Vertical Privacy: A Moderated Mediation Model.

Combining data-sharing models and algorithm technologies has led to new data flow structures and usage patterns. In this context, the presentation time of shared low-sensitivity information across platforms has become a crucial factor that affects user perception and privacy-regulation behavior. However, previous studies have not conducted an in-depth exploration of this issue. Based on privacy process theory, this study discusses the impact and potential mechanism of the presentation time (immediate or delayed) of shared low-sensitivity information across platforms on privacy-regulation behavior. Through a pre-study and two online survey experimental studies, which included 379 participants in total, we verified that the immediate information presentation time has a significantly higher impact on online vigilance and privacy-regulation behavior than the delayed condition, βdirect = 0.5960, 95% CI 0.2402 to 0.9518; βindirect = 0.1765, 95% CI 0.0326 to 0.3397, and users' perceived control as the moderating role influences online vigilance and privacy-regulation behaviors (preventive or corrective), βpreventive = -0.0562, 95% CI -0.1435 to -0.0063; βcorrective = -0.0581, 95% CI -0.1402 to -0.0065. Based on these results, we suggest that the presentation time of using shared low-sensitivity information across platforms should be concerned by companies' recommendation algorithms to reduce users' negative perceptions and privacy behaviors and improve user experience.

Are digital natives overconfident in their privacy literacy? Discrepancy between self-assessed and actual privacy literacy, and their impacts on privacy protection behavior.

Privacy literacy is recognized as a crucial skill for safeguarding personal privacy online. However, self-assessed privacy literacy often diverges from actual literacy, revealing the presence of cognitive biases. The protection motivation theory (PMT) is widely used to explain privacy protection behavior, positing that whether individuals take defensive measures depends on their cognitive evaluation of threats and coping capabilities. However, the role of cognitive biases in this process has been understudied in previous research. This study focuses on Chinese digital natives and examines the differential impacts of subjective and objective privacy literacy on privacy protection behavior, as well as the role of cognitive biases in privacy decision-making. The results show that there is no significant correlation between subjective and objective privacy literacy, and a bias exists. When privacy concern is used as a mediating variable, there are significant differences in the paths through which subjective and objective privacy literacy influence privacy protection behavior. Furthermore, privacy literacy overconfidence moderates the relationship between privacy concern and privacy protection behavior. The findings confirm the influence of cognitive biases in privacy behavior decision-making and extend the PMT. This study also calls for the government to enhance privacy literacy training for digital natives to improve their privacy protection capabilities.

Visual privacy behaviour recognition for social robots based on an improved generative adversarial network

AbstractAlthough social robots equipped with visual devices may leak user information, countermeasures for ensuring privacy are not readily available, making visual privacy protection problematic. In this article, a semi‐supervised learning algorithm is proposed for visual privacy behaviour recognition based on an improved generative adversarial network for social robots; it is called PBR‐GAN. A 9‐layer residual generator network enhances the data quality, and a 10‐layer discriminator network strengthens the feature extraction. A tailored objective function, loss function, and strategy are proposed to dynamically adjust the learning rate to guarantee high performance. A social robot platform and architecture for visual privacy recognition and protection are implemented. The recognition accuracy of the proposed PBR‐GAN is compared with Inception_v3, SS‐GAN, and SF‐GAN. The average recognition accuracy of the proposed PBR‐GAN is 85.91%, which is improved by 3.93%, 9.91%, and 1.73% compared with the performance of Inception_v3, SS‐GAN, and SF‐GAN respectively. Through a case study, seven situations are considered related to privacy at home, and develop training and test datasets with 8,720 and 1,280 images, respectively, are developed. The proposed PBR‐GAN recognises the designed visual privacy information with an average accuracy of 89.91%.

Is the Privacy Paradox a Domain-Specific Phenomenon

The digital era introduces significant challenges for privacy protection, which grow constantly as technology advances. Privacy is a personal trait, and individuals may desire a different level of privacy, which is known as their “privacy concern”. To achieve privacy, the individual has to act in the digital world, taking steps that define their “privacy behavior”. It has been found that there is a gap between people’s privacy concern and their privacy behavior, a phenomenon that is called the “privacy paradox”. In this research, we investigated if the privacy paradox is domain-specific; in other words, does it vary for an individual when that person moves between different domains, for example, when using e-Health services vs. online social networks? A unique metric was developed to estimate the paradox in a way that enables comparisons, and an empirical study in which (n=437) validated participants acted in eight domains. It was found that the domain does indeed affect the magnitude of the privacy paradox. This finding has a profound significance both for understanding the privacy paradox phenomenon and for the process of developing effective means to protect privacy.

How Is Privacy Behavior Formulated? A Review of Current Research and Synthesis of Information Privacy Behavioral Factors

What influences Information Communications and Technology (ICT) users’ privacy behavior? Several studies have shown that users state to care about their personal data. Contrary to that though, they perform unsafe privacy actions, such as ignoring to configure privacy settings. In this research, we present the results of an in-depth literature review on the factors affecting privacy behavior. We seek to investigate the underlying factors that influence individuals’ privacy-conscious behavior in the digital domain, as well as effective interventions to promote such behavior. Privacy decisions regarding the disclosure of personal information may have negative consequences on individuals’ lives, such as becoming a victim of identity theft, impersonation, etc. Moreover, third parties may exploit this information for their own benefit, such as targeted advertising practices. By identifying the factors that may affect SNS users’ privacy awareness, we can assist in creating methods for effective privacy protection and/or user-centered design. Examining the results of several research studies, we found evidence that privacy behavior is affected by a variety of factors, including individual ones (e.g., demographics) and contextual ones (e.g., financial exchanges). We synthesize a framework that aggregates the scattered factors that have been found in the literature to affect privacy behavior. Our framework can be beneficial to academics and practitioners in the private and public sectors. For example, academics can utilize our findings to create specialized information privacy courses and theoretical or laboratory modules.

Data Transparency Design in Internet of Things: A Systematic Review

Data transparency plays a critical role in understanding IoT privacy practices and making informed decisions. To gain a comprehensive understanding of transparency in the IoT environment, a systematic literature review of 58 academic articles is conducted to investigate the progress and status of existing data transparency studies from a design perspective. Data transparency was identified as a signifier to bridge the connection between user behavior and privacy risks. The level of transparency achieved was shaped by users’ privacy perceptions, which in turn influenced their privacy behavior. GUI-based transparency design has been widely used in IoT, but it is not sufficient to provide users with accessible, understandable, and unified transparency information. A conceptual transparency design is proposed based on the extracted design opportunities and practices. This paper provides an important resource on transparency issues in the IoT environment, and will benefit the design and computer science communities.

How to Influence Privacy Behavior Using Cognitive Theory and Respective Determinant Factors

Several studies have shown that the traditional way of learning is not optimal when we aim to improve ICT users’ actual privacy behaviors. In this research, we present a literature review of the theories that are followed in other fields to modify human behavior. Our findings show that cognitive theory and the health belief model present optimistic results. Further, we examined various learning methods, and we concluded that experiential learning is advantageous compared to other methods. In this paper, we aggregate the privacy behavior determinant factors found in the literature and use cognitive theory to synthesize a theoretical framework. The proposed framework can be beneficial to educational policymakers and practitioners in institutions such as public and private schools and universities. Also, our framework provides a fertile ground for more research on experiential privacy learning and privacy behavior enhancement.

Helping Youth Navigate Privacy Protection: Developing and Testing the Children's Online Privacy Scale

As children’s and teens’ internet use has reached record highs, the protection of their online privacy is a pressing issue for parents, consumer groups, social media firms, and federal, state, and international agencies. Even with strategies to help children protect their personal information, questions remain as to what children really know about the risks of interacting online. Thus far, much of the online privacy research has relied on subjective measures of adult beliefs and attitudes, which may not be predictive of children's online privacy behaviors. To address these issues, the authors develop and test a children's online privacy scale tapping different content domains of objective knowledge about online privacy for children and young teens (age 6–15 years). From this conceptualization, evidence is offered in two pretests and four studies supporting the scale's structure, reliability, and validity and its relationships with online privacy education, age categories, personality traits, intent to share personal information online, and online privacy behaviors. Implications for child and young teen online privacy policy are offered.

Is cybersecurity research missing a trick? Integrating insights from the psychology of habit into research and practice

The idea that people should form positive security habits is gaining increasing attention amongst security practitioners. Habit is a well-studied concept in psychology, but the extent to which the richness of that literature has been fully utilised for security is currently unclear. In order to address this gap, we compared usage of the term “habit”—and connected constructs —in the cybersecurity and habit fields using a co-occurrence networks-based analysis. We aimed to answer three research questions: 1. What is the context within which habit has been discussed in the habit literature and the cybersecurity literature; 2. How does the discussion in these two fields compare; and 3. What are the implications of the outcomes of this analysis for the future research agenda for cybersecurity behaviour? The analysis showed that the habit construct tended to be discussed primarily in the context of other models, rather than on its own. The depth of discussion was therefore limited; resulting gaps in knowledge have important implications for security, like the idea that habits moderate the relationship between intention and behaviour. Given the popularity of the theory of planned behaviour in security research, this represents a key omission. Furthermore, the cybersecurity literature we surveyed contained very little discussion surrounding methods for formation and changing of habits, nor of the role of cues in triggering habitual behaviours. Habits require a different behaviour change approach than intentional behaviours, and many day-to-day security behaviours may in fact be habits. For that reason, these topics represents a potentially productive avenue of research for both security and privacy behaviour.

Not Your Average App: A Large-scale Privacy Analysis of Android Browsers

The transparency and privacy behavior of mobile browsers has remained widely unexplored by the research community. In fact, as opposed to regular Android apps, mobile browsers may present contradicting privacy behaviors. On the one end, they can have access to (and can expose) a unique combination of sensitive user data, from users’ browsing history to permission-protected personally identifiable information (PII) such as unique identifiers and geolocation. However, on the other end, they also are in a unique position to protect users’ privacy by limiting data sharing with other parties by implementing ad-blocking features. In this paper, we perform a comparative and empirical analysis on how hundreds of Android web browsers protect or expose user data during browsing sessions. To this end, we collect the largest dataset of Android browsers to date, from the Google Play Store and four Chinese app stores. Then, we developed a novel analysis pipeline that combines static and dynamic analysis methods to find a wide range of privacy-enhancing (e.g., ad-blocking) and privacy-harming behaviors (e.g., sending browsing histories to third parties, not validating TLS certificates, and exposing PII---including non-resettable identifiers---to third parties) across browsers. We find that various popular apps on both Google Play and Chinese stores have these privacy-harming behaviors, including apps that claim to be privacy-enhancing in their descriptions. Overall, our study not only provides new insights into important yet overlooked considerations for browsers’ adoption and transparency, but also that automatic app analysis systems (e.g., sandboxes) need context-specific analysis to reveal such privacy behaviors.