Results of the User Survey about  Privacy and Spontaneous Collaboration

 

Markus Endler, Fernando Ney and Vagner Sacramento

 

September 2005

 

Goal

 

The goal of this survey was to identify the main envisaged benefits and privacy concerns that end-users have in the use of context-aware applications for collaboration and communication. We aimed at assessing how much the privacy concerns would hinder the large-scale adoption and use of applications that have the potential of disclosing a person’s context information, in particular, his/her location. The survey was made in October/November 2004.

 

Methodology

 

The survey was made through a questionnaire, which was filled out on paper or through a Web-page. In the first case, usually there was also a nearby person  to give some required explanations. However, these persons were instructed to be careful when explaining the questionnaire, in order to avoid giving any implicit suggestions to the polled person. Both a Portuguese and an English version of the questionnaire was made available.

 

Since there was no concrete context-aware software and hardware available, the questionnaire started with the description of a hypothetical infrastructure that would perform a transparent and automatic collection of context data from a user’s device and make this data available for context-sensitive applications, thus enabling the deployment of also hypothetical context-aware applications.

Besides the common questions to classify the polled person according to his/her age, activity, and interest/familiarity with IT, the questionnaire had 8 questions divided into two groups. In the first group, two questions asked about envisaged usage and benefits of context-aware collaboration. In a second group, 6 questions addressed privacy and anonymity requirements. Of the eight questions, six were multiple-choice questions and the remaining two were essay questions.

 

Characterization of the poll set

 

The questionnaire was filled out by 120 people, most of them were undergraduate and graduate computer science students and faculty. But there was also a significantly large group of users outside this group, including family members, co-workers, and friends of students and faculty. Some few responders were also non-Brazilian. In the following we present the exact percentages.

 

According to the Age:

·         10-17 years:        7,9 %

·         18-25 years:      29,7 %

·         26-35 years:      48,5 %

·         36-45 years:      12,9 % 

·         over 46 years            0,9 %

 

According to Activity:    

·         Student:      46,5 %

·         Lecturer         7,9 %

·         Other      41,6 %

 

According to Area of Studies/Activity:

·         Computer Science:      65,3 %

·         Natural Sciences:            5,9 %

·         Humanities:         6,9 %          

·         Social Sciences:       1,9 %

·         Health Sciences:       3,9 %

·         Others:                5,9 %

                       

According to interest in Information/Communication Technology?:  

·         Interested:         78,2 %

·         Not interested:     1,9 %

·         Just as a user:             15,8 %

 

Results

 

In this section we first present the results of the multiple-choice questions, and later the answers given to the two essay questions Q2 and Q8.

 

 

Q1: Which types of applications using such technology would you use:

·         on-line games:                                                                          31,6 %

·         for asynchronous communication (e.g. Email):                                      78,2 %

·         for synchronous communication (e.g. chat, Instant Messenger):                       63,3 %

·         for navigation with a map and the tracking of your current location on the map:      65,3 %

·         for finding people: discovery of nearby people with similar profile or interests:      35,6 %

·         Others:                                                                                       6,9 %

 

Q3: If you had access to applications based on such technology, would you:

·         use it without any concern                                                                  17,8 %

·         try to get more information about which kind of data is being monitored          63,4 %

·         check the options to selectively disable monitoring of some dada                       45,5 %

·         not use such software                                                                 16,8 %

·         be seriously concerned about privacy isses related to the monitoring of such data       26,7 %

 

Q4: Which people would you allow to access your context data?

·         only people you know (friends, colleagues, relatives)                                   74,3 %

·         only people with similar profile or interest                                                 19,8 %

·         any member of the community which has been authenticated                      20,8 %

·         any (authenticated) user                                                                  20,8 %

 

Q5: When using this technology you would give

·         your real identity, or                                                               36,6 %

·         a nickname                                                                               64,3 %

 

Q6: If any other person were requesting access to your context data, what would you expect:

·         to be immediately notified about this event (even if this disturbs you current activity)      29,7 %

·         to be asked if you want to allow or block the access                                      66,3 %

·         to be able to check at any moment (on a log or database) who requested the data,

when, and through which application                                                                     57,4 %

·         would not be interested in knowing about the access request                                 2,9 %

·         only would be interested in knowing about the access request  if it occurred frequently

(or periodically)                                                                                                        2,9 %

 

Q7: Which kind of privacy control mechanisms would like the technology to have:

·         where you would explicitly define which access is allowed, and by default any access

would be disallowed                                                                                             76,2 %

·         where you would explicitly define which kind of access is not allowed (e.g. which data,

by which groups of people), and by default any access would be allowed                    20,8 %

·         where there is an automatic learning process (of your privacy profile), based on

your previous actions                                                                                     14,8 %

 

 

As expected, only a small fraction of people answered the essay questions.

In the following we present the number of answers (and percentages) in each group of strongly related statements,  for each of the essay questions.

 

Question Q2 was answered by 79 people (65,8%)

 

Q2: For which tasks/activities of your daily life do you think such technology and applications could be helpful? For example, building groups of students for joint studies, etc.  Please give examples:

 

Work (total)                                                                39 (49,36% of 79)

            Work and study groups                                      24

Exchange of information                                7

            Calender sharing                                               2

            Document co-edition                                        2

            Mobile technical support                         2

            Technological prospection                               1

            Polls                                                                 1

Communication (total)                                                           18 (22,78%)

            Any                                                                  15

            Synchronous                                                     1

            Knowledge sharing/discussion                                 2

Finding People (total)                                                  40 (50,63%)

            General            ly                                                          4

            Friends                                                             10

Family members                                               6

Other                                                                2

Group building                                                 6

People with similar interests                                    13

Information Access (total)                                      3 (3,78%)

            Meteorological             information                               1

            Real-time information                                                2

Guides and Navigation (total)                                      9 (11,39%)

            Generally                                                          3

            Car trip                                                             4

            Find nearby services                                     2

Commerce/Business (total)                                       5 (6,39%)

            Find discounts/promotions                             3

            Shopping                                                          2

Other uses/applications

News                                                               4 (5,06%)

            Discover/become to know people                  3 (3,78%)

            Entertainment                                                   3 (3,78%)

Personal security                                               2

            Trips (in general)                                           1                                                                                                                                                                                             

Question Q8 was answered by 48 people (40% of 120)

 

Q8: Which specific and access control and privacy mechanisms would you expect to be offered by the technology? Please explain:

 

User authentication (total)                                            18 (37,50% of 48)

           Not further specified                                            5

           Through password                                        12

           Biometric                                                      2

Data cryptography (total)                                   7 (14,58%)

Control/Grant Access (total)                                   48 (100%)

           Not further specified                                            6

           Only to certain people                                    13

           Only at specific periods of time                                   4

           Ability to specify Access Rules                        7

           System infers new rules automatically              1

           Availability of default rules                           2

           Ability to select the disclosed data             8

           Be informed about access request            7

Request explicit authorization at each access           4

Other

           Data should be stored locally                         3

           Data should be readable to user (?)                      1

 

Evaluation

 

From the results of our survey we  identified the following trends (with the corresponding percentages of votes):

 

·        a cautious attitude toward such technology prevails. For example, 45% would check the options to selectively disable monitoring of some data, 26% are seriously concerned about privacy issues. However, only 16% would refuse to the technology;

 

·        users demand for detailed information to about which context data is being monitored (63%);

 

·        since mutual discovery and communication is mediated through a yet unfamiliar technology, most users would like to use a nickname instead of their real identity (64%);

 

·        the majority of users would only share their context data with people they know, such as friends, colleagues, relatives, (74%);

 

·        concerning access control users demand: that a priori all access be denied, and that they need to explicitly define which access is allowed (76%),and 66% want to be explicitly queried for permission at each access request;

 

·         concerning traceability and notifications, most want to be able to check at any moment (at a log) who requested the data, when and through which application (57%), and some want to be immediately notified at each request (29%).

 

 

Conclusion

 

We are aware of the limited expressiveness of this survey, which are mainly due to the following facts:

·        the small number of queried people

·        most people were from academia

·        the well-known disadvantage of surveys via forms, when compared to live interviews

·        the questions were based on the description of a  hypothetical infrastructure and applications, instead of  experience gained with the use of a real context-aware application

·        since such context-aware applications are not commonplace, most users may have had difficulties in imagining all good and bad implications of their use  

·        the language used in the questionnaire may not have been appropriate for persons not working/studying in an IT-related area

 

Nevertheless, we think that the results of our surveys gave us a first idea of the privacy concerns and needs of users of ubiquitous and context-aware applications. 
Questionnaire about Privacy and Spontaneous Collaboration

Survey made by Laboratory for Advanced Collaboration at PUC-Rio, Brazil

www.lac.inf.puc-rio.br

 

Remark: This data will be used exclusively for scientific purposes (no commercial use).

 

Age: [  ] 10-17,    [  ] 18-25,   [  ] 26-35,    [  ] 36-45,   [  ] over 46 years

Activity:     [  ]Student,  [  ]Lecturer   [ ] Other

Area of Studies/Activity: [  ]Computer Science,    [   ]Natural Sciences,      [   ]Humanities,           [  ] Social Sciences  [ ] Health Sciences  [ ] Others

Are you interested in Information/Communication Technology?:   [  ]yes,   [  ]no,   [  ] just as a user

 

Consider a technology (i.e. software) which supports the continuous monitoring of data about the use of a mobile device (e.g. a cell phone, a PDA, or a notebook with a wireless communication interface),  and which enables the development of context-aware applications and services for spontaneous communication, information sharing and collaboration among members of a community, such as friends, colleagues, relatives, etc.

The monitored data would be of three kind:

·         Data about the system: quality of the wireless link, level of remaining energy, current base station or access point (for WiFi), etc.

·         Data about the environment: geographic location, surrounding noise, luminosity, image of a video câmera, etc.

·         Data about the user: preferences, interests, applications being executed on the device, and which user commands have being triggered.

 

Q1: Which types of applications using such technology would you use:

 [  ] on-line games

 [  ] for asynchronous communication (e.g. Email)

 [  ] for synchronous communication (e.g. chat, Instant Messenger)

 [  ] for navigation with a map and the continuous update of your current location on the map

 [  ] for finding people: discovery of nearby people with similar profile or interests

 [  ] Others (Give Examples):

 

 

Q2: For which tasks/activities of your daily life do you think such technology and applications could be helpful? For example, building groups of students for joint studies, etc.  Please give examples:

 

 

 

 

Q3: If you had access to applications based on such technology, would you:

 [  ] use it without any concern

 [  ] try to get more information about which kind of data is being monitored

 [  ] check the options to selectively disable monitoring of some dada

 [  ] not use such software

 [  ] be seriously concerned about privacy isses related to the monitoring of such data

continues on next page

 

 

 

Q4: Which people would you allow to access your context data?

 [  ] only people you know (friends, colleagues, relatives)

 [  ] only people with similar profile or interest

 [  ] any member of the community which has been authenticated

 [  ] any (authenticated) user

 

 

 

Q5: When using this technology you would give

 [  ] your real identity, or

 [  ] a nickname

 

 

Q6: If any other person were requesting access to your context data, what would you expect:

  [  ] to be immediately notified about this event (even if this disturbs you current activity)

  [  ] to be asked if you want to allow or block the access 

  [  ] to be able to check at any moment (on a log or database) who requested the data,

        when, and through which application

  [  ] would not be interested in knowing about the access request

  [  ] only would be interested in knowing about the access request  if it occurred frequently (or periodically)

 

 

Q7: Which kind of privacy control mechanisms would like the technology to have:

  [  ] Where you would explicitly define which access is allowed, and by default any access

         would be disallowed

  [  ] Where you would explicitly define which kind of access is not allowed (e.g. which data,

        by which groups of people), and by default any access would be allowed

  [  ] where there is an automatic learning process (of your privacy profile), based on

        your previous actions

 

 

Q8: Which specific and access control and privacy mechanisms would you expect to be offered by the technology? Please explain:

 

 

 

 

 

 

 

Thank you for your answers!