research-article

Privacy Personas: Clustering Users via Attitudes and Behaviors toward Security Practices

Authors:

Janna Lynn Dupree,

Richard Devries,

Daniel M. Berry,

Edward LankAuthors Info & Claims

CHI '16: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems

Pages 5228 - 5239

https://doi.org/10.1145/2858036.2858214

Published: 07 May 2016 Publication History

Abstract

A primary goal of research in usable security and privacy is to understand the differences and similarities between users. While past researchers have clustered users into different groups, past categories of users have proven to be poor predictors of end-user behaviors. In this paper, we perform an alternative clustering of users based on their behaviors. Through the analysis of data from surveys and interviews of participants, we identify five user clusters that emerge from end-user behaviors-Fundamentalists, Lazy Experts, Technicians, Amateurs and the Marginally Concerned. We examine the stability of our clusters through a survey-based study of an alternative sample, showing that clustering remains consistent. We conduct a small-scale design study to demonstrate the utility of our clusters in design. Finally, we argue that our clusters complement past work in understanding privacy choices, and that our categorization technique can aid in the design of new computer security technologies.

References

[1]

Mark S. Ackerman, Lorrie Faith Cranor, and Joseph Reagle. 1999. Privacy in e-Commerce: Examining User Scenarios and Privacy Preferences. Proceedings of the 1st ACM Conference on Electronic Commerce, ACM, 1--8. http://doi.org/10.1145/336992.336995

Digital Library

[2]

Alessandro Acquisti and Ralph Gross. 2006. Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook. In Privacy Enhancing Technologies, George Danezis and Philippe Golle (eds.). Springer Berlin Heidelberg, 36--58.

Digital Library

[3]

Anne Adams and Martina Angela Sasse. 1999. Users Are Not the Enemy. Commun. ACM 42, 12: 40--46. http://doi.org/10.1145/322796.322806

Digital Library

[4]

Julio Angulo, Erik Wästlund, and Johan Högberg. 2014. What Would It Take for You to Tell Your Secrets to a Cloud? In Secure IT Systems. Springer, 129--145.

[5]

Bettina Berendt, Oliver Günther, and Sarah Spiekermann. 2005. Privacy in e-Commerce: Stated Preferences vs. Actual Behavior. Commun. ACM 48, 4: 101--106. http://doi.org/10.1145/1053291.1053295

Digital Library

[6]

Hugh Beyer and Karen Holtzblatt. 1997. Contextual design: defining customer-centered systems. Elsevier.

Digital Library

[7]

Glenn A. Bowen. 2008. Naturalistic inquiry and the saturation concept: a research note. Qualitative Research 8, 1: 137--152. http://doi.org/10.1177/1468794107085301

[8]

Laura Brandimarte, Alessandro Acquisti, and George Loewenstein. 2013. Misplaced Confidences Privacy and the Control Paradox. Social Psychological and Personality Science 4, 3: 340--347. http://doi.org/10.1177/1948550612455931

[9]

Farah Chanchary and Sonia Chiasson. 2015. User Perceptions of Sharing, Advertising, and Tracking. Eleventh Symposium On Usable Privacy and Security (SOUPS 2015), 53--67.

[10]

Sunny Consolvo, Ian E. Smith, Tara Matthews, Anthony LaMarca, Jason Tabert, and Pauline Powledge. 2005. Location Disclosure to Social Relations: Why, when, & What People Want to Share. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ACM, 81--90. http://doi.org/10.1145/1054972.1054985

Digital Library

[11]

Gregory Conti and Edward Sobiesk. 2007. An Honest Man Has Nothing to Fear: User Perceptions on Webbased Information Disclosure. Proceedings of the 3rd Symposium on Usable Privacy and Security, ACM, 112--121. http://doi.org/10.1145/1280680.1280695

Digital Library

[12]

Alan Cooper. 1999. The Inmates are Running the Asylum. Macmillan.

Digital Library

[13]

Kovila Coopamootoo and Thomas Gross. 2014. Mental Models: An Approach to Model Privacy Concern and Behavior. Workshop on Privacy Personas and Segmentation, PPS 2014, held with SOUPS 2014. See: http://cups.cs.cmu.edu/soups/2014/workshops/privacy/ s2p2.pdf

[14]

Lynne Coventry, Debora Jeske and Pam Briggs. 2014. Combining privacy and risk perceptions to better understand user behavior. Workshop on Privacy Personas and Segmentation, PPS 2014, held with SOUPS 2014. See: http://cups.cs.cmu.edu/soups/2014/workshops/privacy/ s2p3.pdf

[15]

John W. Creswell. 2013. Research Design: Qualitative, Quantitative, and Mixed Methods Approaches, 2nd Edition, Sage.

[16]

Paul Dourish and Ken Anderson. 2006. Collective Information Practice: Emploring Privacy and Security As Social and Cultural Phenomena. Hum.-Comput. Interact. 21, 3: 319--342. http://doi.org/10.1207/s15327051hci2103_2

Digital Library

[17]

Dinei Florencio and Cormac Herley. 2007. A Largescale Study of Web Password Habits. Proceedings of the 16th International Conference on World Wide Web, ACM, 657--666. http://doi.org/10.1145/1242572.1242661

Digital Library

[18]

Batya Friedman, David Hurley, Daniel C. Howe, Edward Felten, and Helen Nissenbaum. 2002. Users' Conceptions of Web Security: A Comparative Study. CHI '02 Extended Abstracts on Human Factors in Computing Systems, ACM, 746--747. http://doi.org/10.1145/506443.506577

Digital Library

[19]

Adam N. Joinson, Ulf-Dietrich Reips, Tom Buchanan, and Carina B. Paine Schofield. 2010. Privacy, Trust, and Self-Disclosure Online. Human-Computer Interaction 25, 1: 1--24. http://doi.org/10.1080/07370020903586662

[20]

Ruogu Kang, Laura Dabbish, Nathaniel Fruchter, and Sara Kiesler. 2015. "My Data Just Goes Everywhere:" User Mental Models of the Internet and Implications for Privacy and Security. In Eleventh Symposium On Usable Privacy and Security (SOUPS 2015) (pp. 3952).

[21]

Jennifer King. 2014. Taken Out of Context: An Empirical Analysis of Westin's Privacy Scale. Workshop on Privacy Personas and Segmentation, PPS 2014, held with SOUPS 2014. See: http://cups.cs.cmu.edu/soups/2014/workshops/privacy/ s1p1.pdf.

[22]

Predrag Klasnja, Sunny Consolvo, Jaeyeon Jung, et al. 2009. "When I Am on Wi-Fi, I Am Fearless": Privacy Concerns & Practices in Eeryday Wi-Fi Use. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ACM, 1993--2002. http://doi.org/10.1145/1518701.1519004

Digital Library

[23]

Bart P. Knijnenburg, Alfred Kobsa, and Hongxia Jin. 2013. Preference-based Location Sharing: Are More Privacy Options Really Better? Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ACM, 2667--2676. http://doi.org/10.1145/2470654.2481369

Digital Library

[24]

Bart P. Knijnenburg, Alfred Kobsa, and Hongxia Jin. 2013. Dimensionality of information disclosure behavior. International Journal of Human-Computer Studies 71, 12: 1144--1162. http://doi.org/10.1016/j.ijhcs.2013.06.003

Digital Library

[25]

Lydia Kraus, Ina Wechsung and Sebastian Möller. 2014. A Comparison of Privacy and Security Knowledge and Privacy Concern as Influencing Factors for Mobile Protection Behavior. Workshop on Privacy Personas and Segmentation, PPS 2014, held with SOUPS 2014. See: http://cups.cs.cmu.edu/soups/2014/workshops/privacy/ s2p4.pdf

[26]

Ponnurangam Kumaraguru and Lorrie Faith Cranor. 2005. Privacy Indexes: A Survey of Westin's Studies. Technical Report Carnegie Mellon University-ISRI-5--138, December 2005, Carnegie Mellon University.

[27]

Doohwang Lee, Robert Larose, and Nora Rifon. 2008. Keeping our network safe: a model of online protection behaviour. Behaviour & Information Technology 27, 5: 445--454. http://doi.org/10.1080/01449290600879344

Digital Library

[28]

Ryan Lytle. 2013. The Beginner's Guide to Google+. http://mashable.com/2013/10/27/google-plusbeginners-guide/.

[29]

Tomasz Miaskiewicz, Tamara Sumner, and Kenneth A. Kozar. 2008. A Latent Semantic Analysis Methodology for the Identification and Creation of Personas. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ACM, 1501--1510. http://doi.org/10.1145/1357054.1357290

Digital Library

[30]

A. Morton and M.A. Sasse. 2014. Desperately seeking assurances: Segmenting users by their informationseeking preferences. 2014 Twelfth Annual International Conference on Privacy, Security and Trust (PST), 102--111. http://doi.org/10.1109/PST.2014.6890929

[31]

Judith S. Olson, Jonathan Grudin, and Eric Horvitz. 2005. A Study of Preferences for Sharing and Privacy. CHI '05 Extended Abstracts on Human Factors in Computing Systems, ACM, 1985--1988. http://doi.org/10.1145/1056808.1057073

Digital Library

[32]

Sai Teja Peddinti, Allen Collins, Aaron Sedley, Nina Taft, Anna Turner and Allison Woodruff. 2015. Perceived Frequency of Advertising Practices. Workshop on Privacy Personas and Segmentation, PPS 2015, held with SOUPS 2015. See: https://cups.cs.cmu.edu/soups/2015/papers/ppsPeddinit i.pdf

[33]

Kim Bartel Sheehan. 2002. Toward a Typology of Internet Users and Online Privacy Concerns. The Information Society 18, 1: 21--32. http://doi.org/10.1080/01972240252818207

[34]

Anselm Leonard Strauss and Juliet M. Corbin. 1990.Basics of Qualitative Research: Grounded Theory Procedures and Techniques. Sage.

[35]

Colleen Swanson, Ruth Urner, and Edward Lank. 2010. Naïve Security in a Wi-Fi World. In Trust Management IV, Masakatsu Nishigaki, Audun Jøsang, Yuko Murayama and Stephen Marsh (eds.). Springer Berlin Heidelberg, 32--47.

[36]

Jennifer Urban and Chris Hoofnagle. 2014. The Privacy Pragmatic as Privacy Vulnerable, Workshop on Privacy Personas and Segmentation, PPS 2014, held with SOUPS 2014. See: http://cups.cs.cmu.edu/soups/2014/workshops/privacy/s1p2.pdf

[37]

Jessica Vitak. 2015. Balancing Privacy Concerns and Impression Management Strategies on Facebook. Workshop on Privacy Personas and Segmentation, PPS 2015, held with SOUPS 2015. See: https://cups.cs.cmu.edu/soups/2015/papers/ppsVitak.pdf

[38]

Rick Wash and Emilee Rader. 2015. Too Much Knowledge? Security Beliefs and Protective Behaviors Among United States Internet Users. In Eleventh Symposium On Usable Privacy and Security (SOUPS 2015) (pp. 309--325).

[39]

Robert S. Weiss. 1995. Learning from strangers: The art and method of qualitative interview studies. Simon and Schuster.

[40]

Pamela Wisniewski, Bart Knijnenburg and Heather Richter Lipford. 2014. Profiling facebook users' privacy behaviors. Workshop on Privacy Personas and Segmentation, PPS 2014, held with SOUPS 2014. See: http://cups.cs.cmu.edu/soups/2014/workshops/privacy/ s2p1.pdf

[41]

Allison Woodruff, Vasyl Pihur, Sunny Consolvo, Lauren Schmidt, Laura Brandimarte, and Alessandro Acquisti. 2014. Would a privacy fundamentalist sell their dna for $1000... if nothing bad happened as a result? the westin categories, behavioral intentions, and consequences. In Symposium on Usable Privacy and Security (SOUPS).

Cited By

Rajaram S(2024)Enabling Safer Augmented Reality Experiences: Usable Privacy Interventions for AR Creators and End-UsersAdjunct Proceedings of the 37th Annual ACM Symposium on User Interface Software and Technology10.1145/3672539.3686708(1-8)Online publication date: 13-Oct-2024
https://dl.acm.org/doi/10.1145/3672539.3686708
Kukshinov EHarley DSzita KHadi Mogavi RMacarthur CNacke L(2024)Disembodied, Asocial, and Unreal: How Users Reinterpret Designed Affordances of Social VRProceedings of the 2024 ACM Designing Interactive Systems Conference10.1145/3643834.3661548(1914-1925)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3643834.3661548
Kaate ISalminen JJung SSantos JHäyhänen EXuan TAzem JJansen BBoratto LGena CMarras MGermanakos PPopescus E(2024)Modeling the New Modalities of Personas: How Do Users' Attributes Influence Their Perceptions and Use of Interactive Personas?Adjunct Proceedings of the 32nd ACM Conference on User Modeling, Adaptation and Personalization10.1145/3631700.3664882(164-169)Online publication date: 27-Jun-2024
https://dl.acm.org/doi/10.1145/3631700.3664882
Show More Cited By

Index Terms

Privacy Personas: Clustering Users via Attitudes and Behaviors toward Security Practices
1. Human-centered computing

Recommendations

User-Centric Privacy Controls for Smart Homes
CSCW

The widespread adoption of smart home devices (SHD) has increased privacy concerns among users, yet user-friendly controls are lacking. While there is a large body of research focused on understanding privacy concerns and threat models of SHD users, ...
Making personas memorable
CHI EA '07: CHI '07 Extended Abstracts on Human Factors in Computing Systems

Although Cisco's tag line for fiscal year 2007 is "Lead the Experience," not all Cisco product teams have historically focused on designing products that facilitate user success and delight. The Cisco User Experience Design (UXD) Group provides tools ...
Privacy through pseudonymity in user-adaptive systems

User-adaptive applications cater to the needs of each individual computer user, taking for example users' interests, level of expertise, preferences, perceptual and motoric abilities, and the usage environment into account. Central user modeling servers ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CHI '16: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems

May 2016

6108 pages

ISBN:9781450333627

DOI:10.1145/2858036

General Chairs:
Jofish Kaye
Yahoo
,
Allison Druin
University of Maryland / National Park Service
,
Program Chairs:
Cliff Lampe
University of Michigan
,
Dan Morris
Microsoft
,
Juan Pablo Hourcade
University of Iowa

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 May 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Natural Sciences and Engineering Research Council of Canada

Conference

CHI'16

Sponsor:

SIGCHI

CHI'16: CHI Conference on Human Factors in Computing Systems

May 7 - 12, 2016

California, San Jose, USA

Acceptance Rates

CHI '16 Paper Acceptance Rate 565 of 2,435 submissions, 23%;

Overall Acceptance Rate 6,199 of 26,314 submissions, 24%

Upcoming Conference

CHI 2025

Sponsor:
sigchi

ACM CHI Conference on Human Factors in Computing Systems

April 26 - May 1, 2025

Yokohama , Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

71
Total Citations
View Citations
2,223
Total Downloads

Downloads (Last 12 months)203
Downloads (Last 6 weeks)25

Reflects downloads up to 14 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Rajaram S(2024)Enabling Safer Augmented Reality Experiences: Usable Privacy Interventions for AR Creators and End-UsersAdjunct Proceedings of the 37th Annual ACM Symposium on User Interface Software and Technology10.1145/3672539.3686708(1-8)Online publication date: 13-Oct-2024
https://dl.acm.org/doi/10.1145/3672539.3686708
Kukshinov EHarley DSzita KHadi Mogavi RMacarthur CNacke L(2024)Disembodied, Asocial, and Unreal: How Users Reinterpret Designed Affordances of Social VRProceedings of the 2024 ACM Designing Interactive Systems Conference10.1145/3643834.3661548(1914-1925)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3643834.3661548
Kaate ISalminen JJung SSantos JHäyhänen EXuan TAzem JJansen BBoratto LGena CMarras MGermanakos PPopescus E(2024)Modeling the New Modalities of Personas: How Do Users' Attributes Influence Their Perceptions and Use of Interactive Personas?Adjunct Proceedings of the 32nd ACM Conference on User Modeling, Adaptation and Personalization10.1145/3631700.3664882(164-169)Online publication date: 27-Jun-2024
https://dl.acm.org/doi/10.1145/3631700.3664882
Kaushik SSharma TYu YAli AWang YZou Y(2024)Cross-Country Examination of People’s Experience with Targeted Advertising on Social MediaExtended Abstracts of the CHI Conference on Human Factors in Computing Systems10.1145/3613905.3650780(1-10)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613905.3650780
Zhou HGoel MAgarwal Y(2024)Bring Privacy To The Table: Interactive Negotiation for Privacy Settings of Shared Sensing DevicesProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642897(1-22)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642897
Delgado Rodriguez SChatterjee PDao Phuong AAlt FMarky K(2024)Do You Need to Touch? Exploring Correlations between Personal Attributes and Preferences for Tangible Privacy MechanismsProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642863(1-23)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642863
Marky KStöver APrange SBleck KGerber PZimmermann VMüller FAlt FMühlhäuser M(2024)Decide Yourself or Delegate - User Preferences Regarding the Autonomy of Personal Privacy Assistants in Private IoT-Equipped EnvironmentsProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642591(1-20)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642591
Si JSharma TWang K(2024)Understanding User-Perceived Security Risks and Mitigation Strategies in the Web3 EcosystemProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642291(1-22)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642291
Islami LKitkowska AFischer-Hübner S(2024)Inter-regional Lens on the Privacy Preferences of Drivers for ITS and Future VANETsProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3641997(1-20)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3641997
Baltuttis DTeubner TAdam M(2024)A typology of cybersecurity behavior among knowledge workersComputers and Security10.1016/j.cose.2024.103741140:COnline publication date: 1-May-2024
https://dl.acm.org/doi/10.1016/j.cose.2024.103741
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten