Title: Privacy Expectations and Violations between Users
Advisor: Yoshi Kohno
Supervisory Committee: Yoshi Kohno (Chair), Edward Mack (GSR, Asian Languages & Literature), Alexis Hiniker (iSchool), Katharina Reinecke, and Michael Calo (Law School)
Users are quick to adopt new technologies and accept changes in existing technologies. However, by using these new technologies, users may expose themselves to a variety of security and privacy risks. Researchers have studied and developed best practices to mitigate security and privacy threats due to technical vulnerabilities, threats that may arise from powerful, knowledgeable, or privileged adversaries, and vulnerabilities caused by user error.
Another category of privacy risk, which may be especially salient to users, is risks that result from information that is freely available to other users. I refer to these expectations and violations of privacy between users as ``peer-to-peer (P2P) privacy.''
P2P privacy concerns have surfaced in previous research studies but have not yet received sufficient attention. Although the repeated emergence of P2P privacy concerns in security and privacy studies across a variety of domains suggests that it is an important topic to address, these concerns may be viewed dismissively by both users and researchers. It is likely that the majority of P2P privacy concerns rarely manifest in privacy violations, and the privacy violations that do occur may generally lead to relatively minor harms such as embarrassment or social awkwardness.
I believe this is nevertheless an important topic to explore. Even when users express P2P privacy concerns dismissively, they reveal that they have devoted mental and emotional energy to thinking about these risks. Additionally, P2P privacy violations may not be harmless in all circumstances; for users with certain personal characteristics or within specific types of interpersonal relationships, P2P privacy violations may pose a very serious threat.
In this dissertation proposal, I give additional context and examples of P2P privacy risks in social and communications systems, define a principal hypothesis and supporting hypotheses to narrow the focus of my dissertation, outline one completed project and one in-progress research project that have informed my understanding and contributed to these hypotheses, detail additional research I plan to complete before I graduate, suggest directions for future work that I will not be able complete during my dissertation timeline, and summarize the anticipated contributions of my work.