What Happens when you show people evidence of a likely privacy violation?
The Privacy Paradox is a phenomenon which describes the difference between people’s stated privacy concerns and the actions they actually take to preserve their privacy.
Our Experiment
We set out find out whether this paradox also applied to IoT devices. This is important because these devices are in our homes and have the potential to violate our privacy to an unprecedented degree.We did an experiment as follows:
- Measure people’s privacy concerns and level of trust related to IoT devices
- They activated a smart device intermittently while they used their computers for 2 hours
- We showed them a visualisation of the traffic generated by the device, which was not proportionate to its usage (and it was more active when not being used)
- We offered them a range of actions to take, including discarding the device, expressing their disapproval, or doing nothing.
- We then measured their privacy concerns and level of trust related to the IoT device
Results
What we found was that people’s privacy concerns increased, and their trust decreased after seeing the evidence. These had generally returned to pre-experiment levels 4 weeks later.
We asked them what actions they would like to take based on their new knowledge. Most of them chose to continue using the device.
Conclusion
This is a classic Privacy Paradox manifestation. So, giving someone evidence that a device is violating their privacy will not necessarily trigger any privacy-preserving actions.
For a full description of this experiment, here’s the paper:
Noura Aleisa, Karen Renaud, Ivano Bongiovanni. The Privacy Paradox Applies to IoT Devices Too: A Saudi Arabian Study Computers & Security. https://doi.org/10.1016/j.cose.2020.101897