Abstract
Setting appropriate privacy preferences is both a difficult and cumbersome task for users. In this paper, we propose a solution to address users’ privacy concerns by easing the burden of manually configuring appropriate privacy settings at the time of their registration into a new system or service. To achieve this, we implemented a machine learning approach that provides users personalized privacy-by-default settings. In particular, the proposed approach combines prediction and clustering techniques, for modeling and guessing the privacy profiles associated to users’ privacy preferences. This approach takes into consideration the combinations of service providers, types of personal data and usage purposes. Based on a minimal number of questions that users answer at the registration phase, it predicts their privacy preferences and sets an optimal default privacy setting. We evaluated our approach with a data set resulting from a questionnaire administered to 10,000 participants. Results show that with a limited user input of 5 answers the system is able to predict the personalised privacy settings with an accuracy of 85%.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Individuals born after 1980, raised in a digital, media-saturated world - Prensky 2001.
References
Hargittai, E., et al.: Facebook privacy settings: who cares? First Monday 15(8) (2010)
Liu, Y., Gummadi, K.P., Krishnamurthy, B., Mislove, A.: Analyzing facebook privacy settings: user expectations vs. reality. In: Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference (IMC 2011), pp. 61–70, New York, NY, USA. ACM (2011)
Deuker, A.: Addressing the privacy paradox by expanded privacy awareness – the example of context-aware services. In: Bezzi, M., Duquenoy, P., Fischer-Hübner, S., Hansen, M., Zhang, G. (eds.) Privacy and Identity 2009. IAICT, vol. 320, pp. 275–283. Springer, Heidelberg (2010). doi:10.1007/978-3-642-14282-6_23
Basu, A., Vaidya, J., Kikuchi, H.: Efficient privacy-preserving collaborative filtering based on the weighted slope one predictor. J. Internet Serv. Inf. Secur. (JISIS) 1(4), 26–46 (2011)
Scipioni, M.P., Langheinrich, M.: Towards a new privacy-aware location sharing platform. J. Internet Serv. Inf. Secur. (JISIS) 1(4), 47–59 (2011)
Guha, S., Cheng, B., Francis, P.: Challenges in measuring online advertising systems. In: Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement (IMC 2010), pp. 81–87 (2010)
Korolova, A.: Privacy violations using micro targeted ads: a case study. In: Proceedings of the 2010 IEEE International Conference on Data Mining Workshops (ICDMW 2010), pp. 474–482 (2010)
Acquisti, A., Grossklags, J.: Privacy and rationality in individual decision making. IEEE Secur. Priv. 3(1), 26–33 (2005)
Pollach, I.: What’s wrong with online privacy policies? Commun. ACM 50(9), 103–108 (2007)
Jensen, C., Potts, C., Jensen, C.: Privacy practices of internet users: self-reports versus observed behavior. Int. J. Hum. Comput. Stud. 63(1–2), 203–227 (2005)
Solove, D.J.: Privacy self-management and the consent paradox. Harv. Law Rev. 126, 1879–1903 (2013)
W3C. The platform for privacy preferences 1.0 (P3P1.0) specification. In: Platform for Privacy Preferences (P3P) Project (2002)
Cranor, L.F.: P3p: making privacy policies more useful. IEEE Secur. Priv. 1(6), 50–55 (2003)
Cranor, L.F., Arjula, M., Guduru, P.: Use of a P3P user agent by early adopters. In: Proceedings of the 2002 ACM Workshop on Privacy in the Electronic Society (WPES 2002), pp. 1–10 (2002)
Cranor, L.F., Guduru, P., Arjula, M.: User interfaces for privacy agents. ACM Trans. Comput. Hum. Interact. 13(2), 135–178 (2006)
Pedersen, A.: P3 - problems, progress, potential. Priv. Laws Bus. Int. Newslett. 2, 20–21 (2003)
Backes, M., Karjoth, G, Bagga, W, Schunter, M.: Efficient comparison of enterprise privacy policies. In: Proceedings of the 2004 ACM Symposium on Applied Computing (SAC 2004), pp. 375–382 (2004)
Dehghantanha, A., Udzir, N.I., Mahmod, R.: Towards a pervasive formal privacy language. In: 2010 IEEE 24th International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 1085–1091 (2010)
Bekara, K., Mustapha, Y.B., Laurent, M.: XPACML extensible privacy access control markup langua. In: 2010 Second International Conference on Communications and Networking (ComNet), pp. 1–5 (2010)
Tøndel, I.A., Nyre, Å.A.: Towards a similarity metric for comparing machine-readable privacy policies. In: Camenisch, J., Kesdogan, D. (eds.) iNetSec 2011. LNCS, vol. 7039, pp. 89–103. Springer, Heidelberg (2012). doi:10.1007/978-3-642-27585-2_8
Yee, G.O.M.: An automatic privacy policy agreement checker for e-services. In: International Conference on Availability, Reliability and Security (ARES 2009), pp. 307–315 (2009)
Kolter, J., Pernul, G.: Generating user-understandable privacy preferences. In: International Conference on Availability, Reliability and Security (ARES 2009), pp. 299–306 (2009)
Biswas, D.: Privacy policies change management for smartphones. In: 2012 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), pp. 70–75 (2012)
Wishart, R., Corapi, D., Madhavapeddy, A., Sloman, M.: Privacy butler: a personal privacy rights manager for online presence. In: 2010 8th IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), pp. 672–677 (2010)
Srivastava, A., Geethakumari, G.: A framework to customize privacy settings of online social network users. In: 2013 IEEE Recent Advances in Intelligent Computational Systems (RAICS), pp. 187–192 (2013)
Srivastava, A., Geethakumari, G.: A privacy settings recommender system for online social networks. In: Recent Advances and Innovations in Engineering (ICRAIE), pp. 1–6 (2014)
Berendt, B., Günther, O., Spiekermann, S.: Privacy in e-commerce: stated preferences vs. actual behavior. Commun. ACM 48(4), 101–106 (2005)
Sadeh, N., Hong, J., Cranor, L., Fette, I., Kelley, P., Prabaker, M., Rao, J.: Understanding and capturing people’s privacy policies in a mobile social networking application. Pers. Ubiquit. Comput. 13(6), 401–412 (2009)
Madejski, M., Johnson, M., Bellovin, S.M.: A study of privacy settings errors in an online social network. In: 2012 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), pp. 340–345 (2012)
Buffett, S., Fleming, M.W.: Applying a preference modeling structure to user privacy. In: Proceedings of the 1st International Workshop on Sustaining Privacy in Autonomous Collaborative Environments (2007)
Mugan, J., Sharma, T., Sadeh, N.: Understandable learning of privacy preferences through default personas and suggestions (2011)
Fang, L., LeFevre, K.: Privacy wizards for social networking sites. In: Proceedings of the 19th International Conference on World Wide Web, pp. 351–360. ACM (2010)
Fang, L., Kim, H., LeFevre, K., Tami, A.: A privacy recommendation wizard for users of social networking sites. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 630–632. ACM (2010)
Lin, J., Liu, B., Sadeh, N., Hong, J.I.: Modeling users? Mobile app privacy preferences: restoring usability in a sea of permission settings. In: Symposium on Usable Privacy and Security (SOUPS 2014), pp. 199–212 (2014)
Guo, S., Chen, K.: Mining privacy settings to find optimal privacy-utility tradeoffs for social network services. In: 2012 International Conference on Privacy, Security, Risk and Trust (PASSAT), and 2012 International Confernece on Social Computing (SocialCom), pp. 656–665 (2012)
Tondel, I.A., Nyre, A.A., Bernsmed, K.: Learning privacy preferences. In: 2011 Sixth International Conference on Availability, Reliability and Security (ARES), pp. 621–626 (2011)
Sacco, O., Passant, A.: A privacy preference ontology (ppo) for linked data. In: LDOW. Citeseer (2011)
Gunn, S.R., et al.: Support vector machines for classification and regression. ISIS Technical report 14 (1998)
Meyer, D., Dimitriadou, E., Hornik, K., Weingessel, A., Leisch, F., Chang, C.-C., Lin, C.-C.: Package ‘e1071’ (2015). https://cran.r-project.org/web/packages/e1071/e1071.pdf
MacQueen, J., et al.: Some methods for classification and analysis of multivariate observations. In: Proceedings of the Fifth Berkeley Symposium on Mathematical Statistics and Probability, Oakland, CA, USA, vol. 1, pp. 281–297 (1967)
Ward Jr., J.H.: Hierarchical grouping to optimize an objective function. J. Am. Stat. Assoc. 58(301), 236–244 (1963)
Ester, M., Kriegel, H.-P., Sander, J., Xiaowei, X.: A density-based algorithm for discovering clusters in large spatial databases with noise. KDD 96, 226–231 (1996)
Qin, M., Buffett, S., Fleming, M.W.: Predicting user preferences via similarity-based clustering. In: Bergler, S. (ed.) AI 2008. LNCS (LNAI), vol. 5032, pp. 222–233. Springer, Heidelberg (2008). doi:10.1007/978-3-540-68825-9_22
Acknowledgments
This paper is an extension of the paper published in the ICISSP2016 conference. Authors would like to thank anonymous reviewers for their insightful comments, which, allow us to improve the overall quality of the paper.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Nakamura, T., Kiyomoto, S., Tesfay, W.B., Serna, J. (2017). Easing the Burden of Setting Privacy Preferences: A Machine Learning Approach. In: Camp, O., Furnell, S., Mori, P. (eds) Information Systems Security and Privacy. ICISSP 2016. Communications in Computer and Information Science, vol 691. Springer, Cham. https://doi.org/10.1007/978-3-319-54433-5_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-54433-5_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-54432-8
Online ISBN: 978-3-319-54433-5
eBook Packages: Computer ScienceComputer Science (R0)