Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Designing for Usable Privacy and Transparency in Digital Transactions
Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT. Karlstad University, Faculty of Arts and Social Sciences (starting 2013), Karlstad Business School. (HumanIT, PriSec)ORCID iD: 0000-0002-0101-2498
2015 (English)Doctoral thesis, comprehensive summary (Other academic)Alternative title
Designing for Usable Privacy and Transparency in Digital Transactions : Exploring and enhancing the usability and user experience aspects of selected privacy and transparency technologies (English)
Abstract [en]

People engage with multiple online services and carry out a range of different digital transactions with these services. Registering an account, sharing content in social networks, or requesting products or services online are a few examples of such digital transactions. With every transaction, people take decisions and make disclosures of personal data. Despite the possible benefits of collecting data about a person or a group of people, massive collection and aggregation of personal data carries a series of privacy and security implications which can ultimately result in a threat to people's dignity, their finances, and many other aspects of their lives. For this reason, privacy and transparency enhancing technologies are being developed to help people protect their privacy and personal data online. However, some of these technologies are usually hard to understand, difficult to use, and get in the way of people's momentary goals.

The objective of this thesis is to explore, and iteratively improve, the usability and user experience provided by novel privacy and transparency technologies. To this end, it compiles a series of case studies that address identified issues of usable privacy and transparency at four stages of a digital transaction, namely the information, agreement, fulfilment and after-sales stages. These studies contribute with a better understanding of the human-factors and design requirements that are necessary for creating user-friendly tools that can help people to protect their privacy and to control their personal information on the Internet.

Abstract [en]

People engage with multiple online services and carry out a range of different digital transactions with these services. Registering an account, sharing content in social networks, or requesting products or services online are a few examples of such digital transactions. With every transaction, people take decisions and make disclosures of personal data. Despite the possible benefits of collecting data about a person or a group of people, massive collection and aggregation of personal data carries a series of privacy and security implications which can ultimately result in a threat to people's dignity, their finances, and many other aspects of their lives. For this reason, privacy and transparency enhancing technologies are being developed to help people protect their privacy and personal data online. However, some of these technologies are usually hard to understand, difficult to use, and get in the way of people's momentary goals.

The objective of this thesis is to explore, and iteratively improve, the usability and user experience provided by novel privacy and transparency technologies. To this end, it compiles a series of case studies that address identified issues of usable privacy and transparency at four stages of a digital transaction, namely the informationagreementfulfilment and after-sales stages. These studies contribute with a better understanding of the human-factors and design requirements that are necessary for creating user-friendly tools that can help people to protect their privacy and to control their personal information on the Internet.

Place, publisher, year, edition, pages
Karlstad: Karlstads universitet, 2015. , 96 p.
Series
Karlstad University Studies, ISSN 1403-8099 ; 2015:30
Keyword [en]
Usable privacy, usable transparency, usability, user experience, mental models, mobile devices, digital transactions, e-commerce, user interfaces
National Category
Computer Systems Human Aspects of ICT
Research subject
Information Systems; Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-35921ISBN: 978-91-7063-646-2 (print)OAI: oai:DiVA.org:kau-35921DiVA: diva2:808762
Public defence
2015-06-10, 1 B364, Karlstads universitet, Karlstad, 09:00 (English)
Opponent
Supervisors
Available from: 2015-05-21 Created: 2015-04-27 Last updated: 2017-12-06Bibliographically approved
List of papers
1. What Would It Take for You to Tell Your Secrets to a Cloud?: Studying decision factors when disclosing information to cloud services
Open this publication in new window or tab >>What Would It Take for You to Tell Your Secrets to a Cloud?: Studying decision factors when disclosing information to cloud services
2014 (English)In: Secure IT Systems: 19th Nordic Conference, NordSec 2014, Tromsø, Norway, October 15-17, 2014, Proceedings, Springer, 2014, Vol. 8788, 129-145 p.Conference paper, Published paper (Refereed)
Abstract [en]

We investigate the end users’ behaviours and attitudes with regards to the control they place in the personal information that they disclose to cloud storage services. Three controlled experiments were carried out to study the influence in users’ decisions to retain or surrender control over their personal information depending on different factors. The results of these experiments reveal, among other things, the users’ willingness to surrender control over personal information that is perceived as non-sensitive in exchange for valuable rewards, and that users would value the possibility of knowing and controlling the parties who are granted access to their data in the cloud. Based on the results from the experiments we provide implications for the design of end-user tools that can promote transparency and accountability in cloud computing environments.

Place, publisher, year, edition, pages
Springer, 2014
Keyword
Cloud computing mental models HCI UX privacy security accountability transparency psychology information control
National Category
Information Systems, Social aspects
Research subject
Computer Science; Information Systems
Identifiers
urn:nbn:se:kau:diva-35854 (URN)10.1007/978-3-319-11599-3_8 (DOI)978-3-319-11599-3 (ISBN)
Conference
Nordic Conference on Secure IT Systems
Funder
EU, FP7, Seventh Framework Programme, 317550
Available from: 2015-04-15 Created: 2015-04-15 Last updated: 2017-12-06Bibliographically approved
2. Towards Usable Privacy Policy Display & Management
Open this publication in new window or tab >>Towards Usable Privacy Policy Display & Management
2012 (English)In: Information Management & Computer Security, ISSN 0968-5227, Vol. 20, 4-17 p.Article in journal (Refereed) Published
Abstract [en]

This paper discusses the approach taken within the PrimeLife project for providing user-friendly privacy policy interfaces for the PrimeLife Policy Language (PPL).We present the requirements, design process and usability testing of the “Send Data?” prototype, a browser extension designed and developed to deal with the powerful features provided by PPL. Our interface introduces the novel features of “on the fly” privacy management, predefined levels of privacy settings, and simplified selectionof anonymous credentials. Results from usability tests showed that users understand and appreciate these features and perceive them as being privacy-friendly, and they are therefore suggested as a good approach towards usable privacy policy display and management. Additionally, we present our lessons learnt in the design process of privacy policy interfaces.

Place, publisher, year, edition, pages
Bingley, UK: Emerald Group Publishing Limited, 2012
Keyword
Internet, Online operations, Privacy, Data Security, Web site design, PrimeLife Policy Language, Usability, Privacy policy interfaces, Credential selection
National Category
Human Computer Interaction Information Systems Computer Science
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-14836 (URN)10.1108/09685221211219155 (DOI)
Projects
PrimeLife
Available from: 2012-09-24 Created: 2012-09-18 Last updated: 2017-12-06Bibliographically approved
3. Evoking Comprehensive Mental Models of Anonymous Credentials
Open this publication in new window or tab >>Evoking Comprehensive Mental Models of Anonymous Credentials
2012 (English)In: Proceedings of the 2011 IFIP WG 11.4 international conference on Open Problems in Network Security / [ed] Camenisch J., Kesdogan, D., Berlin: Springer Berlin/Heidelberg, 2012, Vol. 7039, 1-14 p.Conference paper, Published paper (Refereed)
Abstract [en]

Anonymous credentials are a fundamental technology for preserving end users' privacy by enforcing data minimization for online applications. However, the design of user-friendly interfaces that convey their privacy benefits to users is still a major challenge. Users are still unfamiliar with the new and rather complex concept of anonymous credentials, since no obvious real-world analogies exists that can help them create the correct mental models. In this paper we explore different ways in which suitable mental models of the data minimization property of anonymous credentials can be evoked on end users. To achieve this, we investigate three different approaches in the context of an e-shopping scenario: a card-based approach, an attribute-based approach and an adapted card-based approach. Results show that the adapted card-based approach is a good approach towards evoking the right mental models for anonymous credential applications. However, better design paradigms are still needed to make users understand that attributes can be used to satisfy conditions without revealing the value of the attributes themselves.

Place, publisher, year, edition, pages
Berlin: Springer Berlin/Heidelberg, 2012
Series
LNCS, ISSN 0302-9743 ; 7039
National Category
Computer Systems
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-12118 (URN)10.1007/978-3-642-27585-2_1 (DOI)000306351500001 ()978-3-642-27584-5 (ISBN)
Conference
IFIP WG 11.4 international conference on Open Problems in Network Security, Lucerne
Available from: 2012-03-09 Created: 2012-03-09 Last updated: 2017-12-06Bibliographically approved
4. Identity Management through “Profiles”: Prototyping an Online Information Segregation Service
Open this publication in new window or tab >>Identity Management through “Profiles”: Prototyping an Online Information Segregation Service
2013 (English)In: Human-Computer Interaction. Users and Contexts of Use: 15th International Conference, HCI International 2013, Las Vegas, NV, USA, July 21-26, 2013, Proceedings, Part III / [ed] Masaaki Kurosu, Springer Berlin/Heidelberg, 2013, Vol. 8006, 10-19 p.Conference paper, Published paper (Refereed)
Abstract [en]

Whereas in real everyday life individuals have an intuitive approach at deciding which information to disseminate to others, in the digital world it becomes difficult to keep control over the information that is distributed to different online services. In this paper we present the design of a user interface for a system that can help users decide which pieces of information to distribute to which type of service providers by allowing them to segregate their information attributes into various personalized profiles. Iterative usability evaluations showed that users understand and appreciate the possibility to segregate information, and revealed possible improvements, implications and limitations of such an interface.

Place, publisher, year, edition, pages
Springer Berlin/Heidelberg, 2013
Series
Lecture Notes in Computer Science, ISSN 0302-9743
Keyword
Usability, identity management, privacy preferences, partial identities, audience segregation, digital transactions
National Category
Computer Systems
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-35846 (URN)10.1007/978-3-642-39265-8_2 (DOI)978-3-642-39264-1 (ISBN)978-3-642-39265-8 (ISBN)
Conference
Human-Computer Interaction International, 15th International Conference, HCI International 2013, Las Vegas, NV, USA, July 21-26, 2013, Proceedings, Part III
Available from: 2015-04-15 Created: 2015-04-15 Last updated: 2017-12-12Bibliographically approved
5. Exploring Touch-Screen Biometrics for User Identification on Smart Phones
Open this publication in new window or tab >>Exploring Touch-Screen Biometrics for User Identification on Smart Phones
2011 (English)In: Privacy and Identity Managementfor Life: Proceedings of the 7th IFIP WG 9.2, 9.6/11.7, 11.4, 11.6 International Summer School 2011 / [ed] an Camenisch, Bruno Crispo, Simone Fischer-Hübner, Ronald Leenes, and Giovanni Russello, Springer, 2011, 130-143 p.Conference paper, Published paper (Refereed)
Abstract [en]

The use of mobile smart devices for storing sensitive informationand accessing online services is increasing. At the same time, methods for authenticating users into their devices and online services that are not only secure, but also privacy and user-friendly are needed. In this paper, we present our initial explorations of the use of lock pattern dynamics as a secure and user-friendly two-factor authentication method. We developed an application for the Android mobile platform to collect data on the way individuals draw lock patterns on a touchscreen. Using a Random Forest machine learning classier this method achieves an average Equal Error Rate (EER) of approximately 10.39%, meaning that lock patterns biometrics can be used for identifying users towards their device, but could also pose a threat to privacy if the users' biometric information is handled outside their control.

Place, publisher, year, edition, pages
Springer, 2011
Series
IFIP Advances in Information and Communication Technology, ISSN 1868-4238 ; Vol. 375
Keyword
Mobile user experience, biometrics, smart mobile devices, mobile identity management, mobile authentication, privacy, lock patterns
National Category
Computer Science Human Computer Interaction Other Computer and Information Science
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-14830 (URN)10.1007/978-3-642-31668-5_10 (DOI)978-3-642-31667-8 (ISBN)978-3-642-31668-5 (ISBN)
Conference
International Summer School 2011, Trento Italy
Projects
U-PrIM (Usable Privacy-enhancing Identity Management for smart applications)
Available from: 2012-09-19 Created: 2012-09-18 Last updated: 2017-12-06Bibliographically approved
6. Understanding the user experience of secure mobile online transactions in realistic contexts of use
Open this publication in new window or tab >>Understanding the user experience of secure mobile online transactions in realistic contexts of use
Show others...
2012 (English)In: Symposium on Usable Privacy and Security (SOUPS) 2012, Washington D.C.,USA: ACM Digital Library, 2012, 8- p.Conference paper, Published paper (Refereed)
Abstract [en]

Possible attacks on mobile smart devices demand higher security for applications handling payments or sensitive information. The introduction of a tamper-proof area on future generations of mobile devices, called Trusted Execution Environment (TEE), is being implemented. Before devices with embedded TEEs can be deployed to the public, investigations on usability aspects of Trusted User Interfaces (TUI) are needed. This article describes the process we have followed at gathering requirements, prototyping and testing suitable designs for TUIs in combination with a touch-screen biometric system. At the end, we present relevant findings of a pilot study that we have conducted using an Experience Sampling Method (ESM) as part of our ongoing work.

Place, publisher, year, edition, pages
Washington D.C.,USA: ACM Digital Library, 2012
Keyword
Usable Security, Secure Mobile UIs, Trusted Executing Environment, Biometrics, Experience Sampling Method
National Category
Human Computer Interaction Computer Science Information Systems
Research subject
Computer Science; Information Systems
Identifiers
urn:nbn:se:kau:diva-14831 (URN)
Conference
Workshop on Usable Privacy & Security for Mobile Devices (U-PriSM), Symposium On Usable Privacy and Security (SOUPS), July 11-12 2012 Washington
Available from: 2012-09-19 Created: 2012-09-18 Last updated: 2017-12-06Bibliographically approved
7. Usable Transparency with the Data Track: A Tool for Visualizing Data Disclosures
Open this publication in new window or tab >>Usable Transparency with the Data Track: A Tool for Visualizing Data Disclosures
2015 (English)In: CHI EA '15 Proceedings of the 33rd Annual ACM Conference Extended Abstracts on Human Factors in Computing Systems / [ed] Bo Begole, Jinwoo Kim, Kori Inkpen, Woontack Woo, Association for Computing Machinery (ACM), 2015, 1803-18098 p.Conference paper, Published paper (Refereed)
Abstract [en]

We present a prototype of the user interface of a transparency tool that displays an overview of a user's data disclosures to different online service providers and allows them to access data collected about them stored at the services' sides. We explore one particular type of visualization method consisting of tracing lines that connect a user's disclosed personal attributes to the service to which these attributes have been disclosed. We report on the ongoing iterative process of design of such visualization, the challenges encountered and the possibilities for future improvements.

Place, publisher, year, edition, pages
Association for Computing Machinery (ACM), 2015
National Category
Computer and Information Science
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-38926 (URN)10.1145/2702613.2732701 (DOI)978-1-4503-3146-3 (ISBN)
Conference
33rd Annual ACM Conference Extended Abstracts on Human Factors in Computing Systems, Seoul, CHI 2015 Extended Abstracts, Republic of Korea, April 18 - 23, 2015
Available from: 2015-12-20 Created: 2015-12-20 Last updated: 2016-10-13Bibliographically approved
8. “WTH..!?!” Experiences, reactions, and expectations related to online privacy panic situations
Open this publication in new window or tab >>“WTH..!?!” Experiences, reactions, and expectations related to online privacy panic situations
(English)Manuscript (preprint) (Other academic)
National Category
Information Systems, Social aspects
Research subject
Computer Science; Information Systems
Identifiers
urn:nbn:se:kau:diva-35838 (URN)
Available from: 2015-04-15 Created: 2015-04-15 Last updated: 2017-12-12Bibliographically approved

Open Access in DiVA

Avhandling_Angulo(8241 kB)689 downloads
File information
File name FULLTEXT02.pdfFile size 8241 kBChecksum SHA-512
6a935b304234a3191144c8d411247d72982819353a34a495fcaab2014d8e58ef7bc5a9f5f996d6b682a64ac17e3d6210d5fb5753965a73d60f3fd89361e352e3
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Angulo, Julio
By organisation
Centre for HumanITKarlstad Business School
Computer SystemsHuman Aspects of ICT

Search outside of DiVA

GoogleGoogle Scholar
Total: 689 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 1940 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf