article

A Value Sensitive Design Investigation of Privacy Enhancing Tools in Web Browsers

Authors:

Robert E. Crossler,

France BéLangerAuthors Info & Claims

Decision Support Systems, Volume 54, Issue 1

Pages 424 - 433

https://doi.org/10.1016/j.dss.2012.06.003

Published: 01 December 2012 Publication History

Abstract

Privacy concern has been identified as a major factor hindering the growth of e-business. Recently, various privacy-enhancing tools (PETs) have been proposed to protect the online privacy of Internet users. However, most of these PETs have been designed using an ad hoc approach rather than a systematic design. In this paper, we present an exploratory investigation of an end-use PET using a Value Sensitive Design approach. We propose an integrated design of a Privacy Enhancing Support System (PESS) with three proposed tools, namely privacy-enhancing search feature (PESearch), privacy-enhancing control for personal data (PEControl), and privacy-enhancing review for sharing the ratings and reviews of websites' privacy practices (PEReview). This system could enhance the interactivity of Internet users' privacy experiences, increase users' control perceptions over their personal information, and reduce their privacy concerns. An empirical evaluation of PESearch, PEControl, and PEReview revealed that novices felt the most important aspect of the tools for downloading and usage intentions was its usefulness; most experts felt the tool met the design principles as specified.

References

[1]

Aggarwal, G., Bursztein, E., Jackson, C. and Boneh, D., An Analysis of Private Browsing Modes in Modern Browsers. In: Proceedings of19th USENIX Security Symposium, Washington, DC, USA, pp. 79-94.

[2]

Alonso, G., Kuno, H., Casati, F. and Machiraju, V., Web Services: Concepts, Architectures and Applications. 2003. Springer, New York.

[3]

Antón, A.I., Earp, J.B., Bolchini, D., He, Q., Jensen, C. and Stufflebeam, W., The lack of clarity in financial privacy policies and the need for standardization. IEEE Security & Privacy. v2 i2. 36-45.

[4]

Bandura, A., Self-efficacy mechanism in human agency. American Psychologist. v37. 122-147.

[5]

Bélanger, F. and Crossler, R.E., Privacy in the digital age: a review of information privacy research in information systems. MIS Quarterly. v35 i4. 1017-1041.

[6]

Bélanger, F., Hiller, J. and Smith, W.J., Trustworthiness in electronic commerce: the role of privacy, security, and site attributes. The Journal of Strategic Information Systems. v11 i3/4. 245-270.

[7]

Byers, S., Cranor, L., Kormann, D. and McDaniel, P., Searching for Privacy: Design and Implementation of a P3P-Enabled Search Engine. In: The 2004 Workshop on Privacy Enhancing Technologies (PET2004), (Toronto, Canada), pp. 314-328.

[8]

Byers, S., Cranor, L.F., Kormann, D. and McDaniel, P., Searching for Privacy: Design and Implementation of a P3P-Enabled Search Engine. In: Proceedings of the 4th International Conference on Privacy Enhancing Technologies, Springer-Verlag, Toronto, Canada. pp. 314-328.

[9]

Chakrabarti, S., Mining the Web. 2003. Morgan Kaufmann, San Fransisco, CA.

[10]

Cranor, L.F., Web Privacy with P3P. 2002. O'Reilly & Associates, Sebastopol, CA.

[11]

Cranor, L.F., Byers, S. and Kormann, D., An Analysis of P3P Deployment on Commercial, Government, and Children's Web Sites as of May 2003. In: Technical Report prepared for the 14 May 2003 Federal Trade Commission Workshop on Technologies for Protecting Personal Information, AT&T Labs-Research, Florham Park, NJ.

[12]

Culnan, M.J., 'How Did They Get My Name'? An Exploratory Investigation of Consumer Attitudes toward Secondary Information Use. MIS Quarterly. v17 i3. 341-364.

[13]

Culnan, M.J. and Bies, J.R., Consumer privacy: balancing economic and justice considerations. Journal of Social Issues. v59 i2. 323-342.

[14]

Czeskis, A., Dermendjieva, I., Yapit, H., Borning, A., Friedman, B., Gill, B. and Kohno, T., Parenting from the Pocket: Value Tensions and Technical Directions for Secure and Private Parent-Teen Mobile Safety. In: Proceedings of the Sixth Symposium on Usable Privacy and Security Redmond, WA, pp. 1-15.

[15]

Dinev, T. and Hart, P., Internet privacy concerns and their antecedents - measurement validity and a regression model. Behavior and Information Technology. v23 i6. 413-423.

[16]

Egelman, S., Cranor, L.F. and Hong, J., You've Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings. In: Proceedings of the Twenty-Sixth Annual SIGCHI Conference on Human Factors in Computing Systems (CHI'08), pp. 1065-1074.

[17]

EPIC, Pretty Poor Privacy: An Assessment of P3P and Internet Privacy. In: Electronic Privacy Information Center,

[18]

Friedman, B., Value Sensitive Design. In: Encyclopedia of Human-Computer Interaction, Berkshire Publishing Group, Great Barrington, MA. pp. 769-774.

[19]

Friedman, B., Kahn Jr., P.H. and Borning, A., Value Sensitive Design and Information Systems. In: Zhang, P., Galletta, D. (Eds.), Human-Computer Interaction and Management Information Systems: Foundations, M E Sharpe, Armonk, NY.

[20]

FTC, Protecting Consumer Privacy in an Era of Rapid Change. 2010. Federal Trade Commission.

[21]

Genkina, A. and Camp, L.J., Re-Embedding Existing Social Networks into Online Experiences to Aid in Trust Assessment. 2005.

[22]

Hevner, A.R., March, S.T., Park, J. and Ram, S., Design science in information systems research. MIS Quarterly. v28 i1. 75

[23]

Hong, J.I., An Architecture for Privacy-Sensitive Ubiquitous Computing, in: Computer Science Division. 2005. University of California at Berkeley, Berkeley.

[24]

Hu, X., Wu, G., Wu, Y. and Zhang, H., The effects of web assurance seals on consumers' initial trust in an online vendor: a functional perspective. Decision Support Systems. v48 i2. 407-418.

[25]

Jensen, C. and Potts, C., Privacy Policies Examined: Fair Warning or Fair Game?. 2003. The Georgia Institute of Technology.

[26]

Jensen, C. and Potts, C., Privacy Policies as Decision-Making Tools: An Evaluation of Online Privacy Notices. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 471-478.

[27]

Karjoth, G., Access control with IBM Tivoli access manager. ACM Transactions on Information and System Security. v6 i2. 232-257.

[28]

Karjoth, G., Schunter, M. and Waidner, M., The Platform for Enterprise Privacy Practices - Privacy-Enabled Management of Customer Data. In: The 2nd Workshop on Privacy Enhancing Technologies (PET 2002), San Francisco, CA, pp. 69-84.

[29]

Kwon, O., A pervasive P3P-based negotiation mechanism for privacy-aware pervasive e-commerce. Decision Support Systems. v50 i1. 213-221.

[30]

Your privacy is assured-of being disturbed: comparing web sites with and without privacy seals. New Media and Society. v8 i6. 1009-1029.

[31]

Lee, R.M., Doing Research on Sensitive Topics. 1993. Sage.

[32]

Li, H., Sarathy, R. and Xu, H., The role of affect and cognition on online consumers' willingness to disclose personal information. Decision Support Systems. v51 i3. 434-445.

[33]

Liang, H. and Xue, Y., Avoidance of information technology threats: a theoretical perspective. MIS Quarterly. v33 i1. 71-90.

[34]

Mackay, W.E., Triggers and Barriers to Customizing Software. In: The ACM CHI'91 Human Factors in Computing Systems, New Orleans, LA, pp. 153-160.

[35]

Madden, M., Fox, S., Smith, A. and Vitak, J., Digital Footprints: Online Identity Management and Search in the Age of Transparency. 2008. Pew Internet & American Life Project.

[36]

Malhotra, K.N., Kim, S.S. and Agarwal, J., Internet Users' Information Privacy Concerns (IUIPC): the construct, the scale, and a causal model. Information Systems Research. v15 i4. 336-355.

[37]

March, S.T. and Smith, G.F., Design and natural science research on information technology. Decision Support Systems. v15 i4. 251-266.

[38]

Microsoft, Providing Windows Customers with More Choice and Control of Their Privacy Online with Internet Explorer 9. 2010.

[39]

Microsoft, Tracking Protection List. 2011.

[40]

Microsoft, How to Manage Cookies in Internet Explorer 9. 2012.

[41]

Miles, M.B. and Huberman, A.M., Qualitative Data Analysis: An Expanded Sourcebook. 1994. Sage Publications, Thousand Oaks, CA.

[42]

Miller, J.K., Friedman, B. and Jancke, G., Value Tensions in Design: The Value Sensitive Design, Development, and Appropriation of a Corporation's Groupware System. In: Proceedings of the International ACM Conference on Supporting Group Work, Sanibel Island, Florida. pp. 281-290.

[43]

Millett, L.I., Friedman, B. and Felten, E., Cookies and Web Browser Design: Toward Realizing Informed Consent Online. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ACM, Seattle, WA. pp. 46-52.

[44]

Milne, G.R. and Culnan, M.J., Strategies for reducing online privacy risks: why consumers read(or don't read) online privacy notices. Journal of Interactive Marketing. v18 i3. 15-29.

[45]

Miyazaki, A. and Krishnamurthy, S., Internet seals of approval: effects on online privacy policies and consumer perceptions. Journal of Consumer Affairs. v36 i1. 28-49.

[46]

Pahnila, S., Siponen, M. and Mahmood, A., Employees' Behavior towards IS Security Policy Compliance. In: Proceedings of the 40th Hawaii International Conference on System Sciences, IEEE Computer Society, Big Island, HI, United States.

Digital Library

[47]

PrivacyChoice Tracking Protection List. 2010.

[48]

Proctor, R.W., Ali, M.A. and Vu, K.P.L., Examining usability of web privacy policies. International Journal of Human Computer Interaction. v24 i3. 307-328.

[49]

The platform for privacy preferences, Association for Computing Machinery. Communications of the ACM. v42 i2. 48

[50]

I am fine but you are not: Optimistic bias and illusion of control on information security. In: International Conference on Information Systems, Las Vegas, NV,

[51]

Rifon, N.J., LaRose, R. and Choi, S.M., Your privacy is sealed: effects of web privacy seals on trust and personal disclosures. Journal of Consumer Affairs. v39 i2. 339-362.

[52]

Romanosky, S., Acquisti, A., Hong, J., Cranor, L.F. and Friedman, B., Privacy Patterns for Online Interactions. In: Proceedings of the 2006 Conference on Pattern Languages of Programs,

[53]

Sheng, S., Wardman, B., Warner, G., Cranor, L.F., Hong, J. and Zhang, C., An Empirical Analysis of Phishing Blacklists. In: Sixth Conference on Email and Anti-Spam,

[54]

Sobey, J., Biddle, R., Oorschot, P.C. and Patrick, A.S., Exploring User Reactions to New Browser Cues for Extended Validation Certificates. In: Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security, Málaga, Spain, pp. 411-427.

[55]

Staikos, G., Web Browser Developers Work Together on Security. 2005.

[56]

Steinfield, C., Bouwman, H. and Adelaar, T., The dynamics of click-and-motor electronic commerce: opportunities and management strategies. International Journal of Electronic Commerce. v7 i1. 93-119.

Digital Library

[57]

Stone, E.F., Gueutal, G.H., Gardner, D.G. and McClure, S., A field experiment comparing information-privacy values, beliefs, and attitudes across several types of organizations. Journal of Applied Psychology. v68 i3. 459-468.

[58]

Gaining trust through online privacy protection: self-regulation, mandatory standards, or caveat emptor. Journal of Management Information Systems. v24 i4. 153-173.

[59]

Truste, Truste Easy Tracking Protection List. 2010.

[60]

Privacy on the web: an examination of user concerns, technology, and implications for business organizations and individuals. Information Systems Management. 8-18.

[61]

W3C, Web Service Definition Language (WSDL). 2001.

[62]

W3Schools, Browser Statistics. 2011.

[63]

Whalen, T. and Inkpen, K.M., Gathering Evidence: Use of Visual Security Cues in Web Browsers. In: Proceedings of Graphics Interface 2005, Canadian Human-Computer Communications Society, Victoria, British Columbia. pp. 137-144.

[64]

Wu, M., Miller, R.C. and Garfinkel, S.L., Do Security Toolbars Actually Prevent Phishing Attacks?. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, Montréal, Québec, Canada, pp. 601-610.

[65]

Xu, H. and Teo, H.H., Alleviating Consumer's Privacy Concern in Location-Based Services: A Psychological Control Perspective. In: Proceedings of the Twenty-Fifth Annual International Conference on Information Systems (ICIS 2004), Washington, D. C., United States, pp. 793-806.

[66]

Xu, H., Irani, N., Zhu, S. and Xu, W., Alleviating Parental Concerns for Children's Online Privacy: A Value Sensitive Design Investigation. 2008. ICIS.

[67]

Xu, H., Dinev, T., Smith, H.J. and Hart, P., Information privacy concerns: linking individual perceptions with institutional privacy assurances. Journal of the Association for Information Systems. v12 i12. 798-824.

[68]

Xu, H., Luo, X., Carroll, J.M. and Rosson, M.B., The personalization privacy paradox: a study of privacy decision making process for location-awareness marketing. Decision Support Systems. v51 i1. 42-52.

[69]

Yamaguchi, S., Culture and Control Orientations. In: Matsumoto, D. (Ed.), The Handbook of Culture and Psychology, Oxford University Press, New York. pp. 223-243.

[70]

Zhang, N. and Zhao, W., Privacy-Preserving OLAP: An Information-Theoretic Approach. IEEE Transactions on Knowledge and Data Engineering (TKDE). v23 i1. 122-138.

Cited By

Reeck CGuo XDimoka APavlou P(2024)Uncovering the Neural Processes of PrivacyInformation Systems Research10.1287/isre.2021.055035:2(727-746)Online publication date: 1-Jun-2024
https://dl.acm.org/doi/10.1287/isre.2021.0550
Gerdes AFrandsen T(2023)A systematic review of almost three decades of value sensitive design (VSD): what happened to the technical investigations?Ethics and Information Technology10.1007/s10676-023-09700-225:2Online publication date: 13-Apr-2023
https://dl.acm.org/doi/10.1007/s10676-023-09700-2
Winkler TSpiekermann S(2021)Twenty years of value sensitive design: a review of methodological practices in VSD projectsEthics and Information Technology10.1007/s10676-018-9476-223:1(17-21)Online publication date: 1-Mar-2021
https://dl.acm.org/doi/10.1007/s10676-018-9476-2
Show More Cited By

A Value Sensitive Design Investigation of Privacy Enhancing Tools in Web Browsers
1. Human-centered computing
2. Security and privacy

Recommendations

Optimal tag suppression for privacy protection in the semantic Web

Leveraging on the principle of data minimization, we propose tag suppression, a privacy-enhancing technique for the semantic Web. In our approach, users tag resources on the Web revealing their personal preferences. However, in order to prevent privacy ...
The Role of Risk Perceptions in Privacy Concerns Evaluation
TRUSTCOM '15: Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA - Volume 01

The collection of information on individual persons for personal data intensive systems and services poses the risk of privacy violations and raises privacy concerns. Individuals' privacy concerns and risk perceptions affect their decision-making on ...
The Role of Risk Perceptions in Privacy Concerns Evaluation
TRUSTCOM '15: Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA - Volume 01

The collection of information on individual persons for personal data intensive systems and services poses the risk of privacy violations and raises privacy concerns. Individuals' privacy concerns and risk perceptions affect their decision-making on ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Decision Support Systems

Decision Support Systems Volume 54, Issue 1

December, 2012

814 pages

ISSN:0167-9236

Issue’s Table of Contents

Copyright © Elsevier B.V. © 2012.

Publisher

Elsevier Science Publishers B. V.

Netherlands

Publication History

Published: 01 December 2012

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Reeck CGuo XDimoka APavlou P(2024)Uncovering the Neural Processes of PrivacyInformation Systems Research10.1287/isre.2021.055035:2(727-746)Online publication date: 1-Jun-2024
https://dl.acm.org/doi/10.1287/isre.2021.0550
Gerdes AFrandsen T(2023)A systematic review of almost three decades of value sensitive design (VSD): what happened to the technical investigations?Ethics and Information Technology10.1007/s10676-023-09700-225:2Online publication date: 13-Apr-2023
https://dl.acm.org/doi/10.1007/s10676-023-09700-2
Winkler TSpiekermann S(2021)Twenty years of value sensitive design: a review of methodological practices in VSD projectsEthics and Information Technology10.1007/s10676-018-9476-223:1(17-21)Online publication date: 1-Mar-2021
https://dl.acm.org/doi/10.1007/s10676-018-9476-2
(2018)Do consumers want to control their personal data? Empirical evidenceInternational Journal of Human-Computer Studies10.5555/3168019.3168178110:C(21-32)Online publication date: 1-Feb-2018
https://dl.acm.org/doi/10.5555/3168019.3168178
Gerber NGerber PDrews HKirchner ESchlegel NSchmidt TScholz LBella GLenzini G(2018)FoxITProceedings of the 7th Workshop on Socio-Technical Aspects in Security and Trust10.1145/3167996.3167999(53-63)Online publication date: 5-Dec-2018
https://dl.acm.org/doi/10.1145/3167996.3167999
Wang Y(2017)The Third Wave?Proceedings of the 2017 New Security Paradigms Workshop10.1145/3171533.3171538(122-130)Online publication date: 1-Oct-2017
https://dl.acm.org/doi/10.1145/3171533.3171538
Schaub FBalebako RDurity ACranor L(2015)A design space for effective privacy noticesProceedings of the Eleventh USENIX Conference on Usable Privacy and Security10.5555/3235866.3235868(1-17)Online publication date: 22-Jul-2015
https://dl.acm.org/doi/10.5555/3235866.3235868
Liu NGavino APurao S(2015)Extracting Citizen Values as Inputs for Designing Citizen-Responsive Urban e-Planning ServicesInternational Journal of E-Planning Research10.5555/3003863.30038644:2(1-25)Online publication date: 1-Apr-2015
https://dl.acm.org/doi/10.5555/3003863.3003864
Liu NGavino APurao S(2015)Extracting Citizen Values as Inputs for Designing Citizen-Responsive Urban e-Planning ServicesInternational Journal of E-Planning Research10.5555/2795651.27956524:2(1-25)Online publication date: 1-Apr-2015
https://dl.acm.org/doi/10.5555/2795651.2795652
Liu NGavino APurao S(2015)Extracting Citizen Values as Inputs for Designing Citizen-Responsive Urban e-Planning ServicesInternational Journal of E-Planning Research10.5555/2783800.27838014:2(1-25)Online publication date: 1-Apr-2015
https://dl.acm.org/doi/10.5555/2783800.2783801
Show More Cited By

View Options

View options

Figures

Tables

Media

View Issue’s Table of Contents