Skip to main content
SpringerLink
Log in

Capturing location-privacy preferences: quantifying accuracy and user-burden tradeoffs

  • Original Article
  • Published:
Personal and Ubiquitous Computing Aims and scope Submit manuscript

Abstract

We present a 3-week user study in which we tracked the locations of 27 subjects and asked them to rate when, where, and with whom they would have been comfortable sharing their locations. The results of analysis conducted on over 7,500 h of data suggest that the user population represented by our subjects has rich location-privacy preferences, with a number of critical dimensions, including time of day, day of week, and location. We describe a methodology for quantifying the effects, in terms of accuracy and amount of information shared, of privacy-setting types with differing levels of complexity (e.g., setting types that allow users to specify location- and/or time-based rules). Using the detailed preferences we collected, we identify the best possible policy (or collection of rules granting access to one’s location) for each subject and privacy-setting type. We measure the accuracy with which the resulting policies are able to capture our subjects’ preferences under a variety of assumptions about the sensitivity of the information and user-burden tolerance. One practical implication of our results is that today’s location-sharing applications may have failed to gain much traction due to their limited privacy settings, as they appear to be ineffective at capturing the preferences revealed by our study.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Notes

  1. Loopt. http://loopt.com

  2. Latitude. http://www.google.com/latitude

  3. iPhone Dev Center. http://developer.apple.com/iphone

  4. Android. http://code.google.com/android

  5. Fire Eagle. http://fireeagle.yahoo.net

  6. Locaccino. http://locaccino.org

  7. These phones were generously provided by Nokia.

  8. Details about the Skyhook API are available at http://skyhookwireless.com/.

  9. For more details about this process, see the description of a similar technique used by Wang et al. for managing energy consumption while tracking users with mobile devices [26].

  10. Path observations between locations were also depicted on some pages. However, we do not address those observations in this paper since they accounted for less than 1% of the observed time.

  11. The partial group option was chosen about 20% of the time for Facebook friends. However, 89% of the time this option was chosen by a subject, the subject also reported that he or she would have been comfortable sharing with either friends and family, or the university community. These subjects were most likely considering one or both of these two groups as subgroups of Facebook friends. This hypothesis is further supported by the fact that 82% of the subjects reported in the post-study survey that they did not feel there were any relevant groups missing from our list. For these reasons, we treat this response as denying the entire group in our subsequent analysis.

  12. We assume that there is no penalty for mistakenly withholding a location, since our post-study survey results suggest that subjects had relatively little dis-utility at this prospect. However, this can easily be added as an additional cost to the accuracy calculation in (1).

  13. When a subject indicated that he or she would never have shared their location with a particular group, thereby making the accuracy equation undefined, we report the accuracy for that subject and group as one, since we assume that the default behavior of the system is to deny access, which is consistent with the subject’s preferences.

References

  1. Barkhuus L, Brown B, Bell M, Hall M, Sherwood S, Chalmers M (2008) From awareness to repartee: sharing location within social groups. In: Proceedings of the conference on human factors in computing systems (CHI)

  2. Barkhuus L, Dey A (2003) Location-based services for mobile telephony: a study of users’ privacy concerns. In: Proceedings of the international conference on human-computer interaction (INTERACT)

  3. Benisch M, Sadeh N, Sandholm T (2008) A theory of expressiveness in mechanisms. In: Proceedings of the national conference on artificial intelligence (AAAI)

  4. Benisch M, Sadeh N, Sandholm T (2009) Methodology for designing reasonably expressive mechanisms with application to ad auctions. In: Proceedings of the international joint conference on artificial intelligence (IJCAI)

  5. Burghardt T, Buchmann E, Müller J, Böhm K (2009) Understanding user preferences and awareness: privacy mechanisms in location-based services. In: Proceedings of the onthemove conferences (OTM)

  6. Connelly K, Khalil A, Liu Y (2007) Do I do what I say? Observed versus stated privacy preferences. In: Proceedings of the international conference on human-computer interaction (INTERACT)

  7. Consolovo S, Smith I, Matthews T, LaMarca A, Tabert J, Powledge P (2005) Location disclosure to social relations: why, when, and what people want to share. In: Proceedings of the conference on human factors in computing systems (CHI)

  8. Cornwell J, Fette I, Hsieh G, Prabaker M, Rao J, Tang K, Vaniea K, Bauer L, Cranor L, Hong J, McLaren B, Reiter M, Sadeh N (2007) User-controllable security and privacy for pervasive computing. In: Proceedings of the workshop on mobile computing systems and applications

  9. Gonzalez MC, Hidalgo CA, Barabasi A-L (2008) Understanding individual human mobility patterns. Nature 453(7196):779–782

    Google Scholar 

  10. K Group (2009) BIA’s The Kelsey Group Forecasts U.S. mobile local search advertising revenues to reach $1.3B in 2013. http://www.kelseygroup.com/press

  11. Hightower J, LaMarca A, Smith IE (2006) Practical lessons from place lab. IEEE Pervasive Comput 5(3):32–39

    Article  Google Scholar 

  12. Huang S, Proulx F, Ratti C (2007) iFIND: a Peer-to-Peer application for real-time location monitoring on the MIT campus. In: International conference on computers in urban planning and urban management (CUPUM)

  13. Iachello G, Smith I, Consolovo S, Abowd G, Hughes J, Howard J, Potter F, Scott J, Sohn T, Hightower J, LaMarca A (2005) Control, deception, and communication: evaluating the deployment of a location-enhanced messaging service. In: Proceedings of the international conference on ubiquitous computing (UbiComp)

  14. Kelley PG, Benisch M, Sadeh N, Cranor LF (2010) When are users comfortable sharing locations with advertisers? Technical Report CMU-ISR-10-126, Carnegie Mellon University

  15. Lederer S, Mankoff J, Dey AK (2003) Who wants to know what when? Privacy preference determinants in ubiquitous computing. In: Proceedings of the conference on human factors in computing systems (CHI)

  16. Mazurek M, Arsenault J, Bresee J, Gupta N, Ion I, Johns C, Lee D, Liang Y, Olsen J, Salmon B, Shay R, Vaniea K, Bauer L, Cranor L, Ganger G, Reiter M (2010) Access control for home data sharing: attitudes, needs and practices. In: Proceedings of the conference on human factors in computing systems (CHI)

  17. Miller CC, Wortham J (2010) Technology aside, most people still decline to be located. http://www.nytimes.com/2010/08/30/technology/30location.html

  18. Patil S, Lai J (2005) Who gets to know what when: configuring privacy permissions in an awareness application. In: Proceedings of the conference on human factors in computing systems (CHI)

  19. Sadeh N, Gandon F, Kwon OB (2006) Ambient intelligence: the MyCampus experience. In: Vasilakos T, Pedrycz W (eds) Ambient intelligence and pervasive computing. ArTech House, Norwood

  20. Sadeh N, Hong J, Cranor L, Fette I, Kelley P, Prabaker M, Rao J (2009) Understanding and capturing people’s privacy policies in a mobile social networking application. J Pers Ubiquit Comput 13(6):401–412

    Article  Google Scholar 

  21. Simon HA (1957) Models of man. Wiley, New York

  22. Smith I, Consolovo S, LaMarca A, Hightower J, Scott J, Sohn T, Hughes J, Iachello G, Abowd G (2005) Social disclosure of place: from location technology to communication practices. In: Lecture notes in computer science: pervasive computing, pp 134–151

  23. Toch E, Cranshaw J, Drielsma PH, Tsai JY, Kelley PG, Springfield J, Cranor L, Hong J, Sadeh N (2010) Empirical models of privacy in location sharing. In: International conference on Ubiquitous Computing (UbiComp), Copenhagen, Denmark

  24. Tsai J, Kelley P, Cranor L, Sadeh N (2009) Location-sharing technologies: privacy risks and controls. In: Research conference on communication, information and internet policy (TPRC)

  25. Tsai J, Kelley P, Drielsma PH, Cranor LF, Hong J, Sadeh N (2009) Who’s viewed you? The impact of feedback in a mobile-location system. In: Proceedings of the conference on human factors in computing systems (CHI)

  26. Wang Y, Lin J, Annavaram M, Jacobson QA, Hong J, Krishnamachari B, Sadeh N (2009) A framework of energy efficient mobile sensing for automatic user state recognition. In: International conference on mobile systems, applications, and services (MobiSys)

  27. Want R, Falcão V, Gibbons J (1992) The active badge location system. ACM Trans Inf Syst 10:91–102

    Article  Google Scholar 

Download references

Acknowledgments

This work has been supported by a Siebel Scholarship and NSF grants CNS-0627513, CNS-0905562, CNS-1012763. This research was also supported by CyLab at Carnegie Mellon under grants DAAD19-02-1-0389 and W911NF-09-1-0273 from the Army Research Office. Additional support has been provided by Nokia, France Telecom, Google, and the CMU/Portugal Information and Communication Technologies Institute. The authors would also like to thank Paul Hankes-Drielsma, Janice Tsai, Tuomas Sandholm, Lucian Cesca, Jialiu Lin, Tony Poor, Eran Toch, Kami Vaniea, and Jianwei Niu for their assistance with our study.

Author information

Authors and Affiliations

  1. School of Computer Science, Carnegie Mellon University, 5000 Forbes Ave., Pittsburgh, PA, 15213, USA

    Michael Benisch, Patrick Gage Kelley, Norman Sadeh & Lorrie Faith Cranor

Authors
  1. Michael Benisch
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Patrick Gage Kelley
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Norman Sadeh
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Lorrie Faith Cranor
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Michael Benisch.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Benisch, M., Kelley, P.G., Sadeh, N. et al. Capturing location-privacy preferences: quantifying accuracy and user-burden tradeoffs. Pers Ubiquit Comput 15, 679–694 (2011). https://doi.org/10.1007/s00779-010-0346-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00779-010-0346-0

Keywords

Search

Navigation