UC Irvine

Smartphone apps and websites increasingly ask users to make privacy decisions, e.g., to grant or deny app permission to access their location. Previous research indicates that people are often unable to make these decisions in a reasonable manner due to limits of their available time, motivation, and cognitive decision-making abilities. This problem will continue to grow in ubiquitous computing environments like the Internet of Things (IoT), as an array of IoT devices around the user unobtrusively collects (or infers) his/her personal information. Even though this practice may enable IoT systems to realize highly personalized services for their users, it also raises privacy concerns that may lead users to stop using the service. Therefore, providing IoT services with minimized privacy risks is crucial for both protecting user privacy and keeping IoT ecosystems sustainable. One possible way to achieve this aim is to assist users with making better privacy decisions, by predicting decisions based on their and/or fellow users' historical decision-making behaviors and recommending the privacy settings accordingly (i.e., privacy decision support). To make it a reality, we investigated how to computationally model and predict people's privacy decision-making in IoT. Through both online and situated survey studies, we collected user-stated privacy attitudes and decisions toward a wide range of IoT service scenarios. We then extracted a set of context- and user-specific factors that could impact IoT users' privacy decision-making via statistical analysis on the collected dataset. Based on this dataset, we also conducted a series of machine learning experiments so as to figure out the most suitable approach for constructing predictive models. These models are trained to infer the optimal privacy decisions toward IoT services that the user had never interacted with. Regarding this, we presented several practical insights we gained from building privacy decision prediction models. Lastly, we designed and proposed a novel privacy-aware system that aims not only to increase users' awareness about privacy implications of using IoT services but also to gather their privacy decision samples made with confidence, which can be utilized as high-quality training data for continuously updating machine learning models for the realization of privacy decision support in IoT.