Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
PerCol 2012 - Presentation
1. Understanding the Privacy Implications of
Using Context-based Awareness Cues in
Social Networks
Ville Antila*^, Jussi Polet*
*VTT Technical Research Centre of Finland, Oulu, Finland
^Philips Research, Eindhoven, The Netherlands
2. Background – Smarcos project
• Smarcos creates solutions to allow
devices and services to exchange
context information, user actions,
and semantic data
• One important part of the work has
been to investigate the practical
usage of context information and to
develop models that can be
dynamic and adaptive as well as
applicable to different applications
• www.smarcos-project.eu
3. Outline of the talk
• Introduction and challenges
• ContextCapture -application
• User study
• Results
• Discussion and lessons learned
• Conclusions
4. Introduction
Information from the physical world is
increasingly “digitalized” and shared
Smartphones can be used to provide a wide range of
awareness and presence information
5. Challenges (privacy implications of context-
awareness in social networks)
Context (“anything that can Privacy
characterize the situation of an
entity”) • The level of information disclosure
can be difficult to manage
• The notion of ‘context’ can not be (awareness of consequences might
objectively defined (a prior) by not be clear)
settings, actions and actors
• People can end-up disclosing more
• Rather, context is the meaning that information than they meant to
the actions and actors acquire at (unwillingly)
any given time from the subjective
perspective [Mancini et al., 2009] • “Privacy is a dynamic and
continuously negotiated
• Awareness of ‘consequences’ is process” [Palen & Dourish, 2003]
important for grasping the effect of
actions determining the level of • People tend to appropriate the
information disclosure usage of a service to their own
needs [Barkhuus et al, 2008]
6. Context-based awareness cues
• Sharing context information can create awareness about the user’s situation
and thus enhance or make communication more efficient [Oulasvirta, 2008]
• Creating awareness can have multiple purposes...
• “Declaring one’s position is perhaps as much about deixis (pointing at and
referencing features of the environment) as it is about telling someone exactly
where you are” [Benford et al., 2004]
• Our hypothesis is that in many cases, rather than using exact parameters
provided by sensors, people would like to add semantic meaning by using
more abstract terms
• Also we claim that people prefer abstraction to ensure a certain level of
privacy
• The challenge is to give means for the dynamic abstraction while keeping as
brief as possible (cf. interactions in “4-second bursts”)
7. Research approach
• We developed an experimental • Conducted a two-week user trial
mobile application, which allows exploring the usage of different
users to add different types of abstraction levels on different
contextual information to their context types (and their privacy
Facebook status updates in a implications)
format of a “story” or a narrative
of the situation
• We developed a semantic
database which links the
abstract, user-defined context
labels to the low-level sensor
data
8. ContextCapture -application (1/4)
• Architecture: A mobile application
and a backend service integrated
with Facebook and Twitter
• Android and Symbian mobile
applications
• Backend using Jena Semantic Web
toolkit and a domain context model
(using RDF)
9. ContextCapture -application (2/4)
• Context recognition is based • for example:
on different sensors • based on the accelerometer
• accelerometer, ambient light data, a decision is made
detector, GPS data, open whether the user is moving or
applications on the device, the still by using movement
device system information and detection algorithm
nearby Wifi access points and • nearby Facebook friends can
Bluetooth devices be detected using Bluetooth
scanning
10. ContextCapture -application (3/4)
• Context items in
ContextCapture -application
• Activity – physical activity of the
user
• Applications – currently open
applications
• Device – device information, such
as the device type
• Friends – nearby Facebook friends
using ContextCapture
• Location – abstrations using GPS,
network and Wifi scan data, current
street address, cell ID
• Surroundings – abstractions of
physical surroundings using
ambient light detector, weather etc
11. (Example)
• Creating a message:
“[User-defined message]
Sent from [Location] while [Activity] [Description] [Topic] and
[Applications Activity] with [Friends].”
As an example, a status update message generated with the previous rule
could be:
“I think this is the killer app for Pervasive Computing!
Sent from Conference Room 1 at PerCom 2012, Lugano, Switzerland while
listening to an interesting presentation by Dr. Firstname Lastname and using
Notepad with 4 conference buddies nearby.”
12. ContextCapture -application (4/4)
• “Collective” context is gathered from nearby devices (running
ContextCapture)
• If lacking, the mobile client can ask nearby devices for additional
context information, such as GPS coordinates, address, weather etc.
• Bluetooth communication is used with a simple protocol over
RFCOMM
• Request:
• CCRAControlProtocol:Client:ClientBluetoothName:
WTHR:Request
• Response:
• CCRAControlProtocol:Server:ServerBluetoothName:WTHR:-3
degrees Celsius,Sunny
13. User study
• 12 participants used ContextCapture for two weeks using their
own mobile phones in their everyday lives
14. Participants
• …were between 30-46 years,
37.25 years on average, six males
and six females
• …used their own mobile devices
and personal Facebook accounts
during the trial
• …were experienced Facebook
users as 25% of them had used
the service 1-2 years and the rest
for over two years
15. The study setup
•The participants…
1.…were emailed a short description of the study
• Purpose, a short manual, a link with installation instructions and a link to the
initial Web questionnaire
2.…used the application for two (2) weeks
• During that time, they could tell their experiences through a Web diary (we
asked them to fill in the diary at least five times)
3.…were interviewed at the end of the trial
• The interviews were semi-structured, including questions about the users’
expectations, attitudes, privacy and the most pleasing and unpleasing
experiences related to the usage
• The participants also filled a Web questionnaire about their experiences
16. Findings (1/3)
• Status updates with Location information were seen most informative as
people often use location to give further context for their activities
• Weather information, which was related to Surroundings field, was also
seen highly interesting
• Application and Device were considered as the least useful fields (average:
2.3/5.0 and 2.4/5.0)
• It seemed that many participants did not want to “advertise” the device they
were using; and open applications were often unrelated or uninteresting (with
regards of the current situation)
17. Findings (2/3)
• The participants were clearly aware of their privacy and had thought about
it while using the application
• E.g. the participants did not use the addresses of their homes or the kindergarten
their children were, even though the audience consisted of Facebook friends
• The accurate location of places was too sensitive to be shared, many of the
participants stated that the semantic meaning of the place is enough
• E.g. stating “I’m at home” is adequate enough for the people the message is meant
for
• In many participants’ opinion sharing friends’ location without permission is not
acceptable, participants preferred to use more abstract words, like “group of
friends”, instead of giving the exact names
18. Findings (3/3)
• One key finding was that people were clearly interested about “context” as a
form of communication enabler, especially while communicating to their
friends (i.e. social network)
• Context information was seen to add value, but users wanted to have full
control in the level of abstraction (and each subsequent time they used the
system)
• Abstract labels (with a semantic meaning), such as “home”, “work” and
“kindergarten” were seen more useful than more exact terms
• Abstract labels were also considered more privacy preserving in many
situations
• Moreover the usage of different abstractions were observed to be dynamic
rather than static, therefore users did change the usage of different labels in
different situations
19. Implications for design of context-aware social
applications
• With applications dealing with privacy sensitive information, the
information disclosure and privacy should be fully controlled by the
user
• By giving freedom for users to control the disclosure and
abstraction level of contextual information, it creates:
• meaningfulness and motivation for the users
• and in the same time allows the system to gather a set of user-defined
context labels with different abstraction levels (which can be associated
with the gathered low-level sensor data)
• Privacy is indeed a dynamic and continuously negotiated process
in which a rigorous set of prior rules can render the application
useless
• People often appropriate the shared information level according to the
needs of the moment
20. Discussion
• Through the analysis of contextual information derived from mobile device
usage patterns it is possible to infer a lot of potentially privacy-sensitive
information
• There has been research in extracting these patterns from large datasets [Eagle
& Pentland, 2006; Farrahi & Gatica-Perez, 2008 and 2010]
• In addition there has been an increasing interest of exploring the social-side of
context-awareness in pervasive computing [Endler et al., 2011, Hosio et al.,
2010]
• We argue that the increased context-awareness is an inevitable step in
pervasive computing but the privacy implications of this progress are largely
not tested in the “real-world” yet
• Novel approaches for capturing and storing context “labels” are called for..
21. Conclusions
• We have presented a work investigating the practical use of labeling
context information in social computing..
• The main findings include:
• Current location, activity and surroundings were the most relevant context types
(in this study)
• Disclosing the nearby friends or colleagues in the status updates was seen as
relevant but problematic due to privacy issues
• The context types were seen as most meaningful when the used abstraction
level was high
• Participants felt that exact information, such as street address or coordinates,
conveyed a too matter-of-fact type description
• Whereas more abstract descriptions, such as “at the movie theatre” or “at the
botanical garden” were seen as more illustrative, interesting and meaningful
22. Something to take away from the talk...
• Avoid using “hard to define” rules for setting privacy preferences for
different situations
• Instead, a programming-by-example -approach to let user to label
situations with the intended abstraction level “on-the-go” (along with
ensuring the privacy)
• Allow to change these settings/labels dynamically, preferably with least
effort possible (e.g. one-click selection from a set of recommendations)
• Make the system learnable (learning the contexts and their associated
labels/ privacy rules while the user defines and refines these)
23. Understanding the Privacy Implications of Using Context-based
Awareness Cues in Social Networks
Thank you!
Questions?
Ville Antila
ville.antila@vtt.fi
Jussi Polet
jussi.polet@vtt.fi