Privacy-by-ReDesign: Alleviating Users’ Privacy Concerns for Third-Party Applications on Facebook
ABSTRACT
The extensive disclosure of personal information by users of online social networks (OSNs) has made privacy concerns particularly salient. A number of studies have been conducted to investigate users’ privacy attitudes and possible risks that users face when they fail to adequately protect their information. An additional dimension that represents the complexity of studying privacy in the context of OSNs is added by the large amount of data collection and transmission by third-party applications (“apps”). Such particularly aggressive way of data access and transmission raises a new set of privacy challenges, because users’ private information can be easily revealed by their and even their friends’ use of apps. A heightened need for empowering user privacy control for third-party apps arises due to the inability to monitor the data use of app providers within and outside of the Facebook platform and the inherent uncertainty about their data practices.
In this work, we first systematically study apps' current practices for privacy notice and consent by: i) collecting data from the 1800 most popular Facebook apps to record their data collection practices concerning users and their friends, and ii) developing our own Facebook app to conduct a number of tests to identify problems that exist in the current design of privacy authentication dialogs for third-party apps on Facebook. We find that in the current design of the privacy authentication dialogs, there is no way for users to limit apps' information access or publishing abilities during the installation process. Even the post installation settings cannot sufficiently help users to control what information they share with apps.
To address these problems, we employ the approach of Privacy by ReDesign to develop two enhanced versions of interfaces (shown in Figure 1 and Figure 2), which highlight control and awareness as the essential factors of privacy concerns in the context of third-party apps on Facebook. These two new designs aim to fulfill the following two design principles: 1) the authorization dialog should provide options for a user to control the information accessibility or publishing ability before adding the app to the user’s Facebook profile; 2) the authorization dialog should provide alert signals for a user when the app asks for the user’s sensitive private information. A field experiment with 150 Facebook users was conducted to investigate whether users can more adequately represent their preferences for sharing and releasing personal information with these newly designed privacy authorization dialogues. We believe that this work provides both conceptual and empirical insights in terms of design recommendations to address privacy concerns toward third-party apps on Facebook.
Award ID: 0953749