skip to main content
10.1145/3411763.3451603acmconferencesArticle/Chapter ViewAbstractPublication PageschiConference Proceedingsconference-collections
poster

“I’m Not a Millionaire”: How Users’ Online Behaviours and Offline Behaviours Impact Their Privacy

Published: 08 May 2021 Publication History

Abstract

Compromising the privacy of personally identifiable information (PII) can leave users vulnerable to risks, such as identity theft. We conducted a study with 27 participants in which we examined the types of publicly available PII they could locate on their social media accounts, and through a web search. We interviewed participants about the online and offline behaviours they employ to manage their PII. Participants leaked significant amounts of PII through their online presence, and potentially further exposed it through their offline behaviours. Many were surprised at the amount of PII they came across, and immediately took rectifying actions.

References

[1]
Alessandro Acquisti and Ralph Gross. 2009. I Just Found 10 Million SSNs. Paper presented at Black Hat USA 2009, Las Vegas, NV. https://www.blackhat.com/presentations/bh-usa-09/ACQUISTI/BHUSA09-Acquisti-GrossSSN-PAPER.pdf.
[2]
Mahdi Nasrullah Al-Ameen, Tanjina Tamanna, Swapnil Nandy, MA Manazir Ahsan, Priyank Chandra, and Syed Ishtiaque Ahmed. 2020. We Don’t Give a Second Thought Before Providing Our Information: Understanding Users’ Perceptions of Information Collection by Apps in Urban Bangladesh. In Proceedings of the 3rd ACM SIGCAS Conference on Computing and Sustainable Societies. ACM, New York, NY, USA, 32–43.
[3]
Maria Bada, Angela Sasse, and Jason R. C. Nurse. 2015. Cyber Security Awareness Campaigns: Why do they fail to change behaviour?. In International Conference on Cyber Security for Sustainable Society. N/A, Coventry, UK, 118–131. https://arxiv.org/abs/1901.02672.
[4]
Michael Barbaro and Tom Zeller Jr.2006. A Face Is Exposed for AOL Searcher No. 4417749. The New York Times N/A, N/A (2006), N/A. Retrieved June 24, 2019 from https://www.nytimes.com/2006/08/09/technology/09aol.html.
[5]
Juan Pablo Carrascal, Christopher Riederer, Vijay Erramilli, Mauro Cherubini, and Rodrigo de Oliveira. 2013. Your browsing behavior for a big mac: Economics of personal information online. In Proceedings of the 22nd international conference on World Wide Web. ACM, New York, NY, US, 189–200.
[6]
Heith Copes and Lynne Vieraitis. 2007. Identity Theft: Assessing Offenders’ Strategies and Perceptions of Risk. Report. Inter-university Consortium for Political and Social Research. Retrieved December 12, 2017 from https://www.ncjrs.gov/pdffiles1/nij/grants/219122.pdf.
[7]
Hilde Van den Bulck. 2002. Tools for Studying the Media. In The Media Book, Chris Newbold, Oliver Boyd-Barrett, and Hilde Van den Bulck (Eds.). Arnold, N/A, Chapter 2, 55–100.
[8]
Satu Elo and Helvi Kyngäs. 2008. The qualitative content analysis process. Journal of Advanced Nursing 62, 1 (2008), 107–115. https://doi.org/10.1111/j.1365-2648.2007.04569.x https://doi.org/10.1111/j.1365-2648.2007.04569.x.
[9]
Kristin M Finklea. 2009. Identity theft: Trends and issues. DIANE Publishing, Darby, PA, U.S.A.
[10]
JOINT TASK FORCE and TRANSFORMATION INITIATIVE. 2010. Guide for applying the risk management framework to federal information systems. NIST special publication 800 (2010), 37.
[11]
Philippe Golle. 2006. Revisiting the Uniqueness of Simple Demographics in the US Population. In Proceedings of the 5th ACM Workshop on Privacy in Electronic Society(WPES ’06). ACM, New York, NY, US, 77–80. https://doi.org/10.1145/1179601.1179615.
[12]
Virgil Griffith and Markus Jakobsson. 2005. Messin’with texas deriving mother’s maiden names using public records. In International Conference on Applied Cryptography and Network Security. Springer, Springer Berlin Heidelberg, Berling, Heidelberg, 91–103.
[13]
Cormac Herley. 2009. So Long, and No Thanks for the Externalities: The Rational Rejection of Security Advice by Users. In Proceedings of the 2009 Workshop on New Security Paradigms Workshop(NSPW ’09). ACM, New York, NY, USA, 133–144. http://doi.acm.org/10.1145/1719030.1719050.
[14]
Danesh Irani, Steve Webb, Kang Li, and Calton Pu. 2011. Modeling Unintended Personal-Information Leakage from Multiple Online Social Networks. IEEE Internet Computing 15, 3 (2011), 13–19. https://doi.org/10.1109/MIC.2011.25.
[15]
Yongick Jeong and Erin Coyle. 2014. What are you worrying about on facebook and twitter? an empirical investigation of young social network site users’ privacy perceptions and behaviors. Journal of Interactive Advertising 14, 2 (2014), 51–59.
[16]
Hanna Krasnova, Nicole Eling, Oleg Schneider, Helena Wenninger, Thomas Widjaja, and Peter Buxmann. 2013. Does this app ask for too much data? The role of privacy perceptions in user behavior towards Facebook applications and permission dialogs. In European Conference on Information Systems (ECIS). Association for Information Systems, Atlanta, GA, USA.
[17]
Philipp K Masur and Michael Scharkow. 2016. Disclosure management on social network sites: Individual privacy perceptions and user-directed privacy strategies. Social Media+ Society 2, 1 (2016), 2056305116634368.
[18]
Gustavo S Mesch. 2012. Is online trust and trust in social institutions associated with online disclosure of identifiable information online?Computers in Human Behavior 28, 4 (2012), 1471–1477.
[19]
Sean A. Munson, Daniel Avrahami, Sunny Consolvo, James Fogarty, Batya Friedman, and Ian Smith. 2011. Attitudes Toward Online Availability of US Public Records. In Proceedings of the 12th Annual International Digital Government Research Conference: Digital Government Innovation in Challenging Times. ACM, New York, NY, USA, 2–9. https://doi.org/10.1145/2037556.2037558.
[20]
National Institute of Standards and Technology. 2015. Measuring Strength of Identity Proofing. Discussion draft. Inforation Technology Laboratory, NIST. Retrieved June 25, 2019 from https://www.nist.gov/sites/default/files/nstic-strength-identity-proofing-discussion-draft.pdf.
[21]
Pew Research Center. 2019. Mobile Fact Sheet. Retrieved January 20, 2020 from https://www.pewresearch.org/internet/fact-sheet/mobile/.
[22]
Pew Research Center. 2019. Social Media Fact Sheet. Retrieved September 7, 2019 from https://www.pewinternet.org/fact-sheet/social-media/.
[23]
Standing Committee on Finance. 2012. Evidence. Transcript 60. House of Commons of Canada. Retrieved May 24, 2019 from https://www.ourcommons.ca/DocumentViewer/en/41-1/FINA/meeting-60/evidence.
[24]
Latanya Sweeney. 2000. Simple demographics often identify people uniquely. Health (San Francisco) 671, 2000 (2000), 1–34.
[25]
Latanya Sweeney. 2013. Matching Known Patients to Health Records in Washington State Data. Journal of Technology Science N/A, N/A (2013), N/A. Retrieved September 7, 2019 from https://techscience.org/a/2015092903.
[26]
Jayant Venkatanathan, Vassilis Kostakos, Evangelos Karapanos, and Jorge Gonçalves. 2014. Online disclosure of personally identifiable information with strangers: Effects of public and private sharing. Interacting with Computers 26, 6 (2014), 614–626.
[27]
Linda Wilbanks. 2007. The impact of personally identifiable information. IT Professional 9, 4 (2007), 62–64.
[28]
Alexis Wilke. 2017. Getting Rid of Deactivated Facebook Friends | Made to Order Software Corporation. Retrieved April 30, 2019 from https://www.m2osw.com/delete-deactivated-facebook-friends.
[29]
Josh Wolford. 2012. Facebook Including Deactivated Accounts In Total Friend Count [UPDATED]. Retrieved April 30, 2019 from https://www.webpronews.com/facebook-including-deactivated-accounts-in-total-friend-count/.

Cited By

View all

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CHI EA '21: Extended Abstracts of the 2021 CHI Conference on Human Factors in Computing Systems
May 2021
2965 pages
ISBN:9781450380959
DOI:10.1145/3411763
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 May 2021

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. digital identity
  2. privacy
  3. usable security
  4. user study

Qualifiers

  • Poster
  • Research
  • Refereed limited

Funding Sources

  • Canada Research Chairs
  • CHORUS Lab Support by Bluink Ltd

Conference

CHI '21
Sponsor:

Acceptance Rates

Overall Acceptance Rate 6,164 of 23,696 submissions, 26%

Upcoming Conference

CHI 2025
ACM CHI Conference on Human Factors in Computing Systems
April 26 - May 1, 2025
Yokohama , Japan

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)29
  • Downloads (Last 6 weeks)2
Reflects downloads up to 20 Feb 2025

Other Metrics

Citations

Cited By

View all

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media