research-article

Six usable privacy heuristics

Authors:

André de Lima Salgado,

Patrick C. K. Hung,

Renata P. M. FortesAuthors Info & Claims

IHC '23: Proceedings of the XXII Brazilian Symposium on Human Factors in Computing Systems

Article No.: 43, Pages 1 - 11

https://doi.org/10.1145/3638067.3638111

Published: 24 January 2024 Publication History

Abstract

Enhancing privacy policy interfaces is crucial for improving users’ trust in technology and ensuring compliance with legislation. This thesis focused on developing usable interfaces that enable laypeople to protect their online privacy. Through a comprehensive analysis, including literature review, thematic and cluster analysis, and empirical evaluation, six usable privacy heuristics (push#) are established. These heuristics effectively identify catastrophic problems in privacy policy interfaces for laypeople. Additionally, preliminary usable privacy guidelines (pug#) are created, and a new process for developing usability criteria is proposed. Future research directions are suggested, including the application of these heuristics and guidelines to domains like human-robot interaction and human-artificial intelligence interaction.

References

[1]

Alessandro Acquisti, Laura Brandimarte, and George Loewenstein. 2015. Privacy and human behavior in the age of information. Science 347, 6221 (Jan. 2015), 509–514. https://doi.org/10.1126/science.aaa1465

[2]

Mohd Anwar and Philip W. L. Fong. 2012. A Visualization Tool for Evaluating Access Control Policies in Facebook-style Social Network Systems. In Proceedings of the 27th Annual ACM Symposium on Applied Computing(SAC ’12). ACM, New York, NY, USA, 1443–1450. https://doi.org/10.1145/2245276.2232007

Digital Library

[3]

Esma Aïmeur, Oluwa Lawani, and Kimiz Dalkir. 2016. When changing the look of privacy policies affects user trust: An experimental study. Computers in Human Behavior 58 (May 2016), 368–379. https://doi.org/10.1016/j.chb.2015.11.014

Digital Library

[4]

E. Bertino. 2016. Data Security and Privacy: Concepts, Approaches, and Research Directions. In 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), Vol. 1. 400–407. https://doi.org/10.1109/COMPSAC.2016.89

[5]

Virginia Braun and Victoria Clarke. 2006. Using thematic analysis in psychology. Qualitative Research in Psychology 3, 2 (Jan. 2006), 77–101. https://doi.org/10.1191/1478088706qp063oa

[6]

Kelly Caine. 2016. Local Standards for Sample Size at CHI. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems(CHI ’16). ACM, New York, NY, USA, 981–992. https://doi.org/10.1145/2858036.2858498

Digital Library

[7]

M.A.P. Chamikara, P. Bertok, I. Khalil, D. Liu, and S. Camtepe. 2021. PPaaS: Privacy Preservation as a Service. Computer Communications 173 (May 2021), 192–205. https://doi.org/10.1016/j.comcom.2021.04.006

[8]

Seung-Seok Choi, Sung-Hyuk Cha, and Charles C Tappert. 2010. A Survey of Binary Similarity and Distance Measures. 8, 1 (2010), 6.

[9]

Victoria Clarke and Virginia Braun. 2014. Thematic Analysis. In Encyclopedia of Critical Psychology, Thomas Teo (Ed.). Springer New York, New York, NY, 1947–1952. https://doi.org/10.1007/978-1-4614-5583-7_311

[10]

L. F. Cranor and N. Buchler. 2014. Better Together: Usability and Security Go Hand in Hand. IEEE Security Privacy 12, 6 (Nov. 2014), 89–93. https://doi.org/10.1109/MSP.2014.109

[11]

Mariana Cunha, Ricardo Mendes, and João P. Vilela. 2021. A survey of privacy-preserving mechanisms for heterogeneous data types. Computer Science Review 41 (Aug. 2021), 100403. https://doi.org/10.1016/j.cosrev.2021.100403

Digital Library

[12]

Luca Alexander De and Emanuel von Zezschwitz. 2016. Usable privacy and security. it - Information Technology 58, 5 (2016), 215–216. https://doi.org/10.1515/itit-2016-0034

[13]

André de Lima Salgado, Renata Pontin de Mattos Fortes, Ricardo Ramos de Oliveira, and André Pimenta Freire. 2020. Usability heuristics on parental privacy controls for smart toys: From an exploratory map to a confirmatory research. Electronic Commerce Research and Applications 42 (2020), 100984. https://doi.org/10.1016/j.elerap.2020.100984

[14]

André de Lima Salgado, Flávia de Souza Santos, Renata Pontin de Mattos Fortes, and Patrick C. K. Hung. 2018. Guiding Usability Newcomers to Understand the Context of Use: Towards Models of Collaborative Heuristic Evaluation. In Behavior Engineering and Applications, Raymond Wong, Chi-Hung Chi, and Patrick C. K. Hung (Eds.). Springer International Publishing, Cham, 149–168. https://doi.org/10.1007/978-3-319-76430-6_7

[15]

André de Lima Salgado, Felipe Silva Dias, João Pedro Rodrigues Mattos, Renata Pontin de Mattos Fortes, and Patrick C. K. Hung. 2019. Smart toys and children’s privacy: usable privacy policy insights from a card sorting experiment. In Proceedings of the 37th ACM International Conference on the Design of Communication. ACM, Portland Oregon, 1–8. https://doi.org/10.1145/3328020.3353951

Digital Library

[16]

André de Lima Salgado, Fernanda Maciel Federici, Renata Pontin de Mattos Fortes, and Vivian Genaro Motti. 2019. Startup Workplace, Mobile Games, and Older Adults: A Practical Guide on UX, Usability, and Accessibility Evaluation. In Proceedings of the 37th ACM International Conference on the Design of Communication (Portland, Oregon) (SIGDOC ’19). Association for Computing Machinery, New York, NY, USA, Article 15, 9 pages. https://doi.org/10.1145/3328020.3353948

Digital Library

[17]

André de Lima Salgado, Sandra Souza Rodrigues, and Renata Pontin M. Fortes. 2016. Evolving Heuristic Evaluation for Multiple Contexts and Audiences: Perspectives from a Mapping Study. In Proceedings of the 34th ACM International Conference on the Design of Communication(SIGDOC ’16). ACM, New York, NY, USA, 19:1–19:8. https://doi.org/10.1145/2987592.2987617

Digital Library

[18]

Flávia de Souza Santos, André de Lima Salgado, and Renata Pontin de Mattos Fortes. 2018. Um Mapeamento Sistemático sobre Acessibilidade e Usabilidade no Desenvolvimento de Jogos Digitais para Idosos. iSys-Brazilian Journal of Information Systems 11, 2 (2018), 63–90.

[19]

Matthew Demoe, Alvaro Uribe-Quevedo, André L. Salgado, Hidenori Mimura, Kamen Kanev, and Patrick C.K. Hung. 2020. Exploring Data Glove and Robotics Hand Exergaming: Lessons Learned. In 2020 IEEE 8th International Conference on Serious Games and Applications for Health (SeGAH). 1–8. https://doi.org/10.1109/SeGAH49190.2020.9201747

[20]

Simson Garfinkel and Heather Richter Lipford. 2014. Usable Security: History, Themes, and Challenges. SYNTHESIS LECTURES ON INFORMATION SECURITY, PRIVACY, AND TRUST, Vol. 5. Morgan & Claypool Publishers.

[21]

Felipe Tassario Gomes, André de Lima Salgado, Lianna Mara Castro Duarte, Flávia de Souza Santos, and Renata Pontin Fortes. 2018. Um Simulador Visual de Leitor de Telas para Auxílio à Interpretação de Questões de Acessibilidade por Avaliadores Videntes. Revista de Sistemas e Computação-RSC 8, 1 (2018).

[22]

Hana Habib, Sarah Pearman, Jiamin Wang, Yixin Zou, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, and Florian Schaub. 2020. “It’s a scavenger hunt”: Usability of Websites’ Opt-Out and Data Deletion Choices. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems. ACM, Honolulu HI USA, 1–12. https://doi.org/10.1145/3313831.3376511

Digital Library

[23]

Joseph F Hair, Rolph E Anderson, Barry J Babin, and Wiiliam C Black. 2010. Multivariate data analysis: A global perspective. Vol. 7. Pearson Upper Saddle River, NJ.

[24]

H Rex Hartson, Terence S Andre, and Robert C Williges. 2001. Criteria for evaluating usability evaluation methods. International journal of human-computer interaction 13, 4 (2001), 373–410.

[25]

Setia Hermawati and Glyn Lawson. 2016. Establishing usability heuristics for heuristics evaluation in a specific domain: Is there a consensus?Applied Ergonomics 56 (2016), 34 – 51. https://doi.org/10.1016/j.apergo.2015.11.016

[26]

Hongxin Hu, Gail-Joon Ahn, and Jan Jorgensen. 2011. Detecting and Resolving Privacy Conflicts for Collaborative Data Sharing in Online Social Networks. In Proceedings of the 27th Annual Computer Security Applications Conference(ACSAC ’11). ACM, New York, NY, USA, 103–112. https://doi.org/10.1145/2076732.2076747

Digital Library

[27]

H. Hu, G. J. Ahn, and J. Jorgensen. 2012. Enabling Collaborative data sharing in Google+. In 2012 IEEE Global Communications Conference (GLOBECOM). 720–725. https://doi.org/10.1109/GLOCOM.2012.6503198

[28]

H. Hu, G. J. Ahn, and J. Jorgensen. 2013. Multiparty Access Control for Online Social Networks: Model and Mechanisms. IEEE Transactions on Knowledge and Data Engineering 25, 7 (July 2013), 1614–1627. https://doi.org/10.1109/TKDE.2012.97

Digital Library

[29]

Pooya Jaferian, Kirstie Hawkey, Andreas Sotirakopoulos, Maria Velez-Rojas, and Konstantin Beznosov. 2014. Heuristics for Evaluating IT Security Management Tools. Human–Computer Interaction 29, 4 (July 2014), 311–350. https://doi.org/10.1080/07370024.2013.819198

Digital Library

[30]

Julian Jang-Jaccard and Surya Nepal. 2014. A survey of emerging threats in cybersecurity. J. Comput. System Sci. 80, 5 (Aug. 2014), 973–993. https://doi.org/10.1016/j.jcss.2014.02.005

[31]

Patrick Gage Kelley, Joanna Bresee, Lorrie Faith Cranor, and Robert W. Reeder. 2009. A “Nutrition Label” for Privacy. In Proceedings of the 5th Symposium on Usable Privacy and Security(SOUPS ’09). ACM, New York, NY, USA, 4:1–4:12. https://doi.org/10.1145/1572532.1572538

Digital Library

[32]

John Krumm. 2018. Ubiquitous computing fundamentals. CRC Press.

[33]

Jonathan Lazar, Jinjuan Heidi Feng, and Harry Hochheiser. 2017. Research methods in human-computer interaction. Morgan Kaufmann, Cambridge, MA, USA.

[34]

Alessandra Mazzia, Kristen LeFevre, and Eytan Adar. 2012. The PViz Comprehension Tool for Social Network Privacy Settings. In Proceedings of the Eighth Symposium on Usable Privacy and Security(SOUPS ’12). ACM, New York, NY, USA, 13:1–13:12. https://doi.org/10.1145/2335356.2335374

Digital Library

[35]

Vikram Mehta, Daniel Gooch, Arosha Bandara, Blaine Price, and Bashar Nuseibeh. 2021. Privacy Care: A Tangible Interaction Framework for Privacy Management. ACM Transactions on Internet Technology 21, 1 (Feb. 2021), 1–32. https://doi.org/10.1145/3430506

Digital Library

[36]

Jan Meszaros and Alena Buchalcevova. 2017. Introducing OSSF: A framework for online service cybersecurity risk management. Computers & Security 65 (March 2017), 300–313. https://doi.org/10.1016/j.cose.2016.12.008

Digital Library

[37]

Fionn Murtagh and Pierre Legendre. 2014. Ward’s Hierarchical Agglomerative Clustering Method: Which Algorithms Implement Ward’s Criterion?Journal of Classification 31, 3 (Oct. 2014), 274–295. https://doi.org/10.1007/s00357-014-9161-z

Digital Library

[38]

Maggie Oates, Yama Ahmadullah, Abigail Marsh, Chelse Swoopes, Shikun Zhang, Rebecca Balebako, and Lorrie Faith Cranor. 2018. Turtles, Locks, and Bathrooms: Understanding Mental Models of Privacy Through Illustration. Proceedings on Privacy Enhancing Technologies 2018, 4 (2018). https://content.sciendo.com/view/journals/popets/2018/4/article-p5.xml

[39]

Federica Paci, Anna Squicciarini, and Nicola Zannone. 2018. Survey on Access Control for Community-Centered Collaborative Systems. ACM Comput. Surv. 51, 1 (Jan. 2018), 6:1–6:38. https://doi.org/10.1145/3146025

Digital Library

[40]

Daniela Quiñones and Cristian Rusu. 2017. How to develop usability heuristics: A systematic literature review. Computer Standards & Interfaces 53 (Aug. 2017), 89–122. https://doi.org/10.1016/j.csi.2017.03.009

Digital Library

[41]

Laura Rafferty, Marcelo Fantinato, and Patrick C. K. Hung. 2015. Privacy Requirements in Toy Computing. In Mobile Services for Toy Computing, Patrick C. K. Hung (Ed.). Springer International Publishing, 141–173. http://link.springer.com/chapter/10.1007/978-3-319-21323-1_8

[42]

Robert W. Reeder. 2008. Expandable Grids: A user interface visualization technique and a policy semantics to support fast, accurate security and privacy policy authoring. PhD Thesis. Carnegie Mellon University.

[43]

Robert W. Reeder, Lujo Bauer, Lorrie Faith Cranor, Michael K. Reiter, Kelli Bacon, Keisha How, and Heather Strong. 2008. Expandable Grids for Visualizing and Authoring Computer Security Policies. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems(CHI ’08). ACM, New York, NY, USA, 1473–1482. https://doi.org/10.1145/1357054.1357285

Digital Library

[44]

Jennifer Rode, Carolina Johansson, Paul DiGioia, Roberto Silva Filho, Kari Nies, David H. Nguyen, Jie Ren, Paul Dourish, and David Redmiles. 2006. Seeing Further: Extending Visualization As a Basis for Usable Security. In Proceedings of the Second Symposium on Usable Privacy and Security(SOUPS ’06). ACM, New York, NY, USA, 145–155. https://doi.org/10.1145/1143120.1143138

Digital Library

[45]

André de Lima Salgado. 2022. Six Privacy and Usability Heuristics: from grounded models to validated new heuristics of usable privacy. Ph. D. Dissertation. Universidade de São Paulo.

[46]

André de Lima Salgado, Renata Pontin de Mattos Fortes, Patrick CK Hung, and Dilvan de Abreu Moreira. 2019. A Method for Classifying Usability Findings to Enhance Validation of New Heuristics. Revista de Sistemas e Computação-RSC 9, 1 (2019).

[47]

M. A. Sasse and M. Smith. 2016. The Security-Usability Tradeoff Myth [Guest editors’ introduction]. IEEE Security Privacy 14, 5 (Sept. 2016), 11–13. https://doi.org/10.1109/MSP.2016.102

Digital Library

[48]

F. Schaub, R. Balebako, and L. F. Cranor. 2017. Designing Effective Privacy Notices and Controls. IEEE Internet Computing 21, 3 (May 2017), 70–77. https://doi.org/10.1109/MIC.2017.75

Digital Library

[49]

Roman Schlegel, Apu Kapadia, and Adam J. Lee. 2011. Eyeing Your Exposure: Quantifying and Controlling Information Sharing for Improved Privacy. In Proceedings of the Seventh Symposium on Usable Privacy and Security(SOUPS ’11). ACM, New York, NY, USA, 14:1–14:14. https://doi.org/10.1145/2078827.2078846

Digital Library

[50]

David Silverman. 2016. Qualitative Research. SAGE. Google-Books-ID: 9FALDAAAQBAJ.

[51]

Alec N Slepchuk and George R Milne. 2020. Informing the design of better privacy policies. Current Opinion in Psychology 31 (Feb. 2020), 89–93. https://doi.org/10.1016/j.copsyc.2019.08.007

[52]

Jeremiah D. Still. 2016. Cybersecurity Needs You!interactions 23, 3 (April 2016), 54–58. https://doi.org/10.1145/2899383

Digital Library

[53]

Carissa Véliz. 2021. Privacy and digital ethics after the pandemic. Nature Electronics 4, 1 (Jan. 2021), 10–11. https://doi.org/10.1038/s41928-020-00536-y

[54]

Yang Wang, Liang Gou, Anbang Xu, Michelle X. Zhou, Huahai Yang, and Hernan Badenes. 2015. VeilMe: An Interactive Visualization Tool for Privacy Configuration of Using Personality Traits. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems(CHI ’15). ACM, New York, NY, USA, 817–826. https://doi.org/10.1145/2702123.2702293

Digital Library

[55]

R. Wash and M. E. Zurko. 2017. Usable Security. IEEE Internet Computing 21, 3 (May 2017), 19–21. https://doi.org/10.1109/MIC.2017.69

Digital Library

[56]

Claes Wohlin. 2014. Guidelines for Snowballing in Systematic Literature Studies and a Replication in Software Engineering. In Proceedings of the 18th International Conference on Evaluation and Assessment in Software Engineering(EASE ’14). ACM, New York, NY, USA, 38:1–38:10. https://doi.org/10.1145/2601248.2601268

Digital Library

[57]

Benjamin Yankson, Andre L Salgado, and Renata PM Fortes. 2021. Recommendations to Enhance Privacy and Usability of Smart Toys. In Proceedings of the 54th Hawaii International Conference on System Sciences. 1868.

Cited By

Coleti TDivino SSalgado AZacarias RSaraiva JGonçalves DMorandini MSantos R(2024)GranDIHC-BR 2025-2035 - GC5 - Human-Data Interaction Data Literacy and Usable Privacy✱Proceedings of the XXIII Brazilian Symposium on Human Factors in Computing Systems10.1145/3702038.3702058(1-24)Online publication date: 7-Oct-2024
https://dl.acm.org/doi/10.1145/3702038.3702058

Index Terms

Six usable privacy heuristics
1. Human-centered computing
  1. Human computer interaction (HCI)
    1. HCI design and evaluation methods
      1. Heuristic evaluations
2. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Usability in security and privacy

Recommendations

Extending layered privacy language to support privacy icons for a personal privacy policy user interface
HCI '18: Proceedings of the 32nd International BCS Human Computer Interaction Conference

The LPL Personal Privacy Policy User Interface (LPL PPP UI) is designed to allow for informed and free consent. An extension for the Layered Privacy Language and the Privacy Icons Overview is introduced here. The capabilities of the LPL PPP UI consist ...
Game theoretical analysis of usable security and privacy

Security, privacy, and usability are among the most important concerns in system and application design. Enhanced security, privacy, and usability features in a product definitely lead to remarkable total customer experience. It is commonly seen that ...
Detailed Usability Heuristics: A Breakdown of Usability Heuristics to Enhance Comprehension for Novice Evaluators
HCI International 2020 - Late Breaking Papers: User Experience Design and Case Studies
Abstract
Heuristic evaluation (HE) is one of the most commonly used usability evaluation methods. In HE, 3–5 evaluators evaluate a certain system guided by a list of usability heuristics with the goal of detecting usability issues. Although HE is popular ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

IHC '23: Proceedings of the XXII Brazilian Symposium on Human Factors in Computing Systems

October 2023

791 pages

ISBN:9798400717154

DOI:10.1145/3638067

Editors:
Ranilson Paiva
Universidade Federal de Alagoas (UFAL)
,
André Magno C. de Araújo
Universidade Federal de Alagoas (UFAL)
,
Taciana Pontual Falcão
Universidade Federal Rural de Pernambuco (UFRPE)
,
Yuska Paola Costa Aguiar
Universidade Federal da Paraíba (UFPB)

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 January 2024

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Honorable Mention

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

São Paulo Research Foundation (FAPESP)
Coordenação de Aperfeiçoamento de Pessoal de NSão Paível Superior ð Brasil (CAPES)

Conference

IHC '23

IHC '23: XXII Brazilian Symposium on Human Factors in Computing Systems

October 16 - 20, 2023

Maceió, Brazil

Acceptance Rates

Overall Acceptance Rate 331 of 973 submissions, 34%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
123
Total Downloads

Downloads (Last 12 months)88
Downloads (Last 6 weeks)9

Reflects downloads up to 27 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Coleti TDivino SSalgado AZacarias RSaraiva JGonçalves DMorandini MSantos R(2024)GranDIHC-BR 2025-2035 - GC5 - Human-Data Interaction Data Literacy and Usable Privacy✱Proceedings of the XXIII Brazilian Symposium on Human Factors in Computing Systems10.1145/3702038.3702058(1-24)Online publication date: 7-Oct-2024
https://dl.acm.org/doi/10.1145/3702038.3702058

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Figures

Tables

Media

View Table of Conten