On Being an Expert: Habitus as a Lens for Understanding Privacy Expertise
Article No.: 102, Pages 1 - 25
Abstract
How do privacy experts and lay persons differ? We investigate this question using data about the use of privacy-enhancing technologies and strategies from 128 surveys and 17 follow-up interviews with two populations: privacy experts (i.e., privacy researchers and professionals) and privacy laypersons. Findings reveal that both experts and laypersons use common privacy strategies, but experts employ a broader range of strategies, favor open source technologies, and possess a more technical understanding of internet privacy risks and technologies such as onion routing and tracking algorithms. We characterize these differences in terms of sociological habitus, where experts and laypersons differ not only in technical skill but also in broader conceptualizations and practices. From this characterization, we make recommendations for technology design practices, as well as legal and pedagogical implications, that can help decenter the experiences of privacy experts and accommodate privacy laypersons' preferences and habits.
References
[1]
Alessandro Acquisti, Curtis Taylor, and Liad Wagman. 2016. The economics of privacy. Journal of economic Literature 54, 2 (2016), 442--92.
[2]
Shane Ahern, Dean Eckles, Nathaniel S Good, Simon King, Mor Naaman, and Rahul Nair. 2007. Over-exposed? Privacy patterns and considerations in online and mobile photo sharing. In Proceedings of the SIGCHI conference on Human factors in computing systems. 357--366.
[3]
Morgan G Ames, Janet Go, Joseph'Jofish' Kaye, and Mirjana Spasojevic. 2011. Understanding technology choices and values through social class. In Proceedings of the ACM 2011 conference on Computer supported cooperative work. 55--64.
[4]
Nazanin Andalibi, Oliver L Haimson, Munmun De Choudhury, and Andrea Forte. 2016. Understanding social media disclosures of sexual abuse through the lenses of support seeking and anonymity. In Proceedings of the 2016 CHI conference on human factors in computing systems. 3906--3918.
[5]
Louise Barkhuus. 2012. The mismeasurement of privacy: using contextual integrity to reconsider privacy in HCI. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. 367--376.
[6]
Susan B. Barnes. 2006. A Privacy Paradox: Social Networking in the United States. First Monday 11, 9 (2006).
[7]
Eric PS Baumer, Morgan G Ames, Jed R Brubaker, Jenna Burrell, and Paul Dourish. 2014. Refusing, limiting, departing: why we should study technology non-use. In CHI'14 Extended Abstracts on Human Factors in Computing Systems. 65--68.
[8]
Eric PS Baumer, Jenna Burrell, Morgan G Ames, Jed R Brubaker, and Paul Dourish. 2015. On the importance and implications of studying technology non-use. interactions 22, 2 (2015), 52--56.
[9]
Eric P.S. Baumer and Andrea Forte. 2017. Undoing the Privacy Paradox with Data Styles.
[10]
Eric PS Baumer, Xiaotong Xu, Christine Chu, Shion Guha, and Geri K Gay. 2017. When subjects interpret the data: Social media non-use as a case for adapting the delphi method to cscw. In Proceedings of the 2017 acm conference on computer supported cooperative work and social computing. 1527--1543.
[11]
Susanne Bodker and Clemens Nylandsted Klokmose. 2011. The human--artifact model: An activity theoretical approach to artifact ecologies. Human--Computer Interaction 26, 4 (2011), 315--371.
[12]
John J Borking. 2011. Why adopting privacy enhancing technologies (pets) takes so much time. In Computers, privacy and data protection: an element of choice. Springer, 309--341.
[13]
Pierre Bourdieu. 1973. Cultural reproduction and social reproduction. In Knowledge, education, and cultural change. Routledge.
[14]
Pierre Bourdieu. 1977. Outline of a Theory of Practice. In The new social theory reader. Routledge.
[15]
Pierre Bourdieu and Jean Claude Passeron. 1979. The inheritors: French students and their relation to culture. Univ of Chicago Pr.
[16]
Richard E Boyatzis. 1998. Transforming qualitative information: Thematic analysis and code development. sage.
[17]
Virginia Braun and Victoria Clarke. 2006. Using thematic analysis in psychology. Qualitative research in psychology 3, 2 (2006), 77--101.
[18]
Michael Brennan, Sadia Afroz, and Rachel Greenstadt. 2012. Adversarial stylometry: Circumventing authorship recognition to preserve privacy and anonymity. ACM Transactions on Information and System Security (TISSEC) 15, 3 (2012), 1--22.
[19]
Karoline Busse, Julia Schäfer, and Matthew Smith. 2019. Replication: No one can hack my mind revisiting a study on expert and non-expert security practices and advice. In Fifteenth Symposium on Usable Privacy and Security ({SOUPS} 2019). 117--136.
[20]
L Jean Camp. 2009. Mental models of privacy and security. IEEE Technology and society magazine 28, 3 (2009), 37--46.
[21]
Tristan Caulfield, Christos Ioannidis, and David Pym. 2016. On the Adoption of Privacy-enhancing Technologies. In Decision and Game Theory for Security, Quanyan Zhu, Tansu Alpcan, Emmanouil Panaousis, Milind Tambe, and William Casey (Eds.). Vol. 9996. Springer International Publishing, 175--194. https://doi.org/10.1007/978--3--319--47413--7_11 Series Title: Lecture Notes in Computer Science.
[22]
Tristan Caulfield, Christos Ioannidis, and David Pym. 2016. On the adoption of privacy-enhancing technologies. In International Conference on Decision and Game Theory for Security. Springer, 175--194.
[23]
Wen Yong Chua, Klarissa Ting-Ting Chang, and Maffee Peng-Hui Wan. 2014. Information Privacy Concerns among novice and Expert Users of SoLoMo. In PACIS.
[24]
Jeremy Clark, Paul C Van Oorschot, and Carlisle Adams. 2007. Usability of anonymous web browsing: an examination of tor interfaces and deployability. In Proceedings of the 3rd symposium on Usable privacy and security. 41--51.
[25]
Juliet Corbin and Anselm Strauss. 2014. Basics of qualitative research: Techniques and procedures for developing grounded theory. Sage publications.
[26]
Sauvik Das, Tiffany Hyun-Jin Kim, Laura A Dabbish, and Jason I Hong. 2014. The effect of social influence on security sensitivity. In 10th Symposium On Usable Privacy and Security (SOUPS 2014). 143--157.
[27]
Michael A DeVito, Jeremy Birnholtz, Jeffery T Hancock, Megan French, and Sunny Liu. 2018. How people form folk theories of social media feeds and what it means for how we study self-presentation. In Proceedings of the 2018 CHI conference on human factors in computing systems. 1--12.
[28]
Joan Morris DiMicco and David R Millen. 2007. Identity management: multiple presentations of self in facebook. In Proceedings of the 2007 international ACM conference on Supporting group work. 383--386.
[29]
Tamara Dinev and Paul Hart. 2006. An extended privacy calculus model for e-commerce transactions. Information systems research 17, 1 (2006), 61--80.
[30]
Robert Elliott and Ladislav Timulak. 2005. Descriptive and interpretive approaches to qualitative research. A handbook of research methods for clinical and health psychology 1, 7 (2005), 147--159.
[31]
Motahhare Eslami, Karrie Karahalios, Christian Sandvig, Kristen Vaccaro, Aimee Rickman, Kevin Hamilton, and Alex Kirlik. 2016. First I" like" it, then I hide it: Folk Theories of Social Feeds. In Proceedings of the 2016 cHI conference on human factors in computing systems. 2371--2382.
[32]
Ilker Etikan, Sulaiman Abubakar Musa, Rukayya Sunusi Alkassim, et al. 2016. Comparison of convenience sampling and purposive sampling. American journal of theoretical and applied statistics 5, 1 (2016), 1--4.
[33]
J. Evangelho. 2018. Why You Should Ditch Google Search And Use DuckDuckGo. Forbes (2018).
[34]
Andrea Forte, Nazanin Andalibi, and Rachel Greenstadt. 2017. Privacy, anonymity, and perceived risk in open collaboration: A study of Tor users and Wikipedians. In Proceedings of the 2017 ACM Conference on Computer Supported Cooperative Work and Social Computing. 1800--1811.
[35]
Kevin Gallagher. 2020. Measurement and Improvement of the Tor User Experience. Ph. D. Dissertation. New York University Tandon School of Engineering.
[36]
Kevin Gallagher, Sameer Patil, Brendan Dolan-Gavitt, Damon McCoy, and Nasir Memon. 2018. Peeling the Onion's User Experience Layer: Examining Naturalistic Use of the Tor Browser. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 1290--1305.
[37]
Kevin Gallagher, Sameer Patil, and Nasir Memon. 2017. New me: Understanding expert and non-expert perceptions and usage of the Tor anonymity network. In Thirteenth Symposium on Usable Privacy and Security ({SOUPS} 2017). 385--398.
[38]
Fernand Gobet and Morgan H. Ereku. 2016. What Is Expertise? Psychology Today (Feb. 2016).
[39]
Ian Goldberg. 2002. Privacy-enhancing technologies for the Internet, II: Five years later. In International Workshop on Privacy Enhancing Technologies. Springer, 1--12.
[40]
Ian Goldberg, David Wagner, and Eric Brewer. 1997. Privacy-enhancing technologies for the Internet. In Proceedings IEEE COMPCON 97. Digest of Papers. IEEE, 103--109.
[41]
Carla F Griggio, Midas Nouwens, and Clemens Nylandsted Klokmose. 2022. Caught in the Network: The Impact of WhatsApp's 2021 Privacy Policy Update on Users' Messaging App Ecosystems. In Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems. 1--23.
[42]
Frances S Grodzinsky and Herman T Tavani. 2011. Privacy in" the cloud" applying Nissenbaum's theory of contextual integrity. Acm Sigcas Computers and Society 41, 1 (2011), 38--47.
[43]
Greg Guest, Kathleen M MacQueen, and Emily E Namey. 2011. Applied thematic analysis. Sage Publications.
[44]
Eszter Hargittai and Eden Litt. 2013. New strategies for employment? internet skills and online privacy practices during people's job search. IEEE security & privacy 11, 3 (2013), 38--45.
[45]
Eszter Hargittai and Alice Marwick. 2016. ?What can I really do?" Explaining the privacy paradox with online apathy. International Journal of Communication 10 (2016), 21.
[46]
Iulia Ion, Rob Reeder, and Sunny Consolvo. 2015. ?... no one can hack my mind": Comparing Expert and Non-Expert Security Practices. In Eleventh Symposium On Usable Privacy and Security ({SOUPS} 2015). 327--346.
[47]
Adam N Joinson. 2008. Looking at, looking up or keeping up with people? Motives and use of Facebook. In Proceedings of the SIGCHI conference on Human Factors in Computing Systems. 1027--1036.
[48]
Heekyoung Jung, Erik Stolterman, Will Ryan, Tonya Thompson, and Marty Siegel. 2008. Toward a framework for ecologies of artifacts: how are digital artifacts interconnected within a personal life?. In Proceedings of the 5th Nordic conference on Human-computer interaction: building bridges. 201--210.
[49]
Ruogu Kang, Laura Dabbish, Nathaniel Fruchter, and Sara Kiesler. 2015. ?My Data Just Goes Everywhere:" User Mental Models of the Internet and Implications for Privacy and Security. In Eleventh Symposium On Usable Privacy and Security ({SOUPS} 2015). 39--52.
[50]
Spyros Kokolakis. 2017. Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon. 64 (2017), 122--134. https://doi.org/10.1016/j.cose.2015.07.002
[51]
Henrik Korsgaard, Peter Lyle, Joanna Saad-Sulonen, Clemens Nylandsted Klokmose, Midas Nouwens, and Susanne Bødker. 2022. Collectives and Their Artifact Ecologies. Proceedings of the ACM on Human-Computer Interaction 6, CSCW2 (2022), 1--26.
[52]
Priya Kumar, Shalmali Milind Naik, Utkarsha Ramesh Devkar, Marshini Chetty, Tamara L Clegg, and Jessica Vitak. 2017. 'No Telling Passcodes Out Because They're Private' Understanding Children's Mental Models of Privacy and Security Online. Proceedings of the ACM on Human-Computer Interaction 1, CSCW (2017), 1--21.
[53]
Cliff Lampe, Nicole B Ellison, and Charles Steinfield. 2008. Changes in use and perception of Facebook. In Proceedings of the 2008 ACM conference on Computer supported cooperative work. 721--730.
[54]
Airi Lampinen, Sakari Tamminen, and Antti Oulasvirta. 2009. All my people right here, right now: Management of group co-presence on a social networking site. In Proceedings of the ACM 2009 international conference on Supporting group work. 281--290.
[55]
Robert S Laufer and Maxine Wolfe. 1977. Privacy as a concept and a social issue: A multidimensional developmental theory. Journal of social Issues 33, 3 (1977), 22--42.
[56]
Jonathan Lazar, Jinjuan Heidi Feng, and Harry Hochheiser. 2017. Research methods in human-computer interaction. Morgan Kaufmann.
[57]
Alex Leavitt. 2015. " This is a Throwaway Account" Temporary Technical Identities and Perceptions of Anonymity in a Massive Online Community. In Proceedings of the 18th ACM Conference on Computer Supported Cooperative Work & Social Computing. 317--327.
[58]
Linda Lee, David Fifield, Nathan Malkin, Ganesh Iyer, Serge Egelman, and David Wagner. 2017. A usability evaluation of tor launcher. Proceedings on Privacy Enhancing Technologies 2017, 3 (2017), 90--109.
[59]
Peter Lyle, Henrik Korsgaard, and Susanne Bødker. 2020. What's in an ecology? A review of artifact, communicative, device and information ecologies. In Proceedings of the 11th Nordic Conference on Human-Computer Interaction: Shaping Experiences, Shaping Society. 1--14.
[60]
Alice Marwick, Claire Fontaine, and Danah Boyd. 2017. ?Nobody sees it, nobody gets mad": Social media, privacy, and personal responsibility among low-SES youth. Social Media Society 3, 2 (2017), 2056305117710455.
[61]
Nora McDonald and Andrea Forte. 2020. The Politics of Privacy Theories: Moving from Norms to Vulnerabilities. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems. 1--14.
[62]
Deirdre K. Mulligan, Colin Koopman, and Nick Doty. 2016. Privacy Is an Essentially Contested Concept: A Multi-Dimensional Analytic for Mapping Privacy. Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences 374, 2083 (Dec. 2016), 20160118. https://doi.org/10.1098/rsta.2016.0118
[63]
Mor Naaman, Jeffrey Boase, and Chih-Hui Lai. 2010. Is it really about me? Message content in social awareness streams. In Proceedings of the 2010 ACM conference on Computer supported cooperative work. 189--192.
[64]
William Lawrence Neuman. 2006. Workbook for Neumann Social research methods: qualitative and quantitative approaches. Allyn & Bacon.
[65]
Midas Nouwens, Carla F Griggio, and Wendy E Mackay. 2017. " WhatsApp is for family; Messenger is for friends" Communication Places in App Ecosystems. In Proceedings of the 2017 CHI conference on human factors in computing systems. 727--735.
[66]
Maggie Oates, Yama Ahmadullah, Abigail Marsh, Chelse Swoopes, Shikun Zhang, Rebecca Balebako, and Lorrie Faith Cranor. 2018. Turtles, locks, and bathrooms: Understanding mental models of privacy through illustration. Proceedings on Privacy Enhancing Technologies 2018, 4 (2018), 5--32.
[67]
Maggie Oates, Yama Ahmadullah, Abigail Marsh, Chelse Swoopes, Shikun Zhang, Rebecca Balebako, and Lorrie Faith Cranor. 2018. Turtles, Locks, and Bathrooms: Understanding Mental Models of Privacy Through Illustration. 2018, 4 (2018). https://content.sciendo.com/view/journals/popets/2018/4/article-p5.xml Place: Berlin Publisher: Sciendo.
[68]
Leysia Palen and Paul Dourish. 2003. Unpacking" privacy" for a networked world. In Proceedings of the SIGCHI conference on Human factors in computing systems. 129--136.
[69]
Yong Jin Park. 2013. Digital literacy and privacy behavior online. Communication Research 40, 2 (2013), 215--236.
[70]
Michael Quinn Patton. 2015. Qualitative research & evaluation methods: Integrating theory and practice. (2015).
[71]
Chanda Phelan, Cliff Lampe, and Paul Resnick. 2016. It's creepy, but it doesn't bother me. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems. 5240--5251.
[72]
Richard A Posner. 1981. The economics of privacy. The American economic review 71, 2 (1981), 405--409.
[73]
Emilee Rader and Janine Slaker. 2017. The importance of visibility for folk theories of sensor data. In Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017). 257--270.
[74]
Emilee Rader, Rick Wash, and Brandon Brooks. 2012. Stories as informal lessons about security. In Proceedings of the Eighth Symposium on Usable Privacy and Security. 1--17.
[75]
Ashwini Rao, Florian Schaub, Norman Sadeh, Alessandro Acquisti, and Ruogu Kang. 2016. Expecting the unexpected: Understanding mismatched privacy expectations online. In Twelfth Symposium on Usable Privacy and Security ({SOUPS} 2016). 77--96.
[76]
Scott Ruoti, Jeff Andersen, Daniel Zappala, and Kent Seamons. 2015. Why Johnny still, still can't encrypt: Evaluating the usability of a modern PGP client. arXiv preprint arXiv:1510.08555 (2015).
[77]
Shruti Sannon, Natalya N Bazarova, and Dan Cosley. 2018. Privacy lies: Understanding how, when, and why people lie to protect their privacy in multiple online contexts. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems. 1--13.
[78]
Christine Satchell and Paul Dourish. 2009. Beyond the user: use and non-use in HCI. In Proceedings of the 21st Annual Conference of the Australian Computer-Human Interaction Special Interest Group: Design: Open 24/7. 9--16.
[79]
Devansh Saxena, Patrick Skeba, Shion Guha, and Eric PS Baumer. 2020. Methods for Generating Typologies of Non/use. Proceedings of the ACM on Human-Computer Interaction 4, CSCW1 (2020), 1--26.
[80]
Steve Sheng, Levi Broderick, Colleen Alison Koranda, and Jeremy J Hyland. 2006. Why johnny still can't encrypt: evaluating the usability of email encryption software. In Symposium On Usable Privacy and Security. ACM, 3--4.
[81]
Pan Shi, Heng Xu, and Yunan Chen. 2013. Using contextual integrity to examine interpersonal information boundary on social network sites. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. 35--38.
[82]
Sarah Spiekermann. 2012. The challenges of privacy by design. Commun. ACM 55, 7 (2012), 38--40.
[83]
Frederic Stutzman and Woodrow Hartzog. 2012. Boundary regulation in social media. In Proceedings of the ACM 2012 conference on computer supported cooperative work. 769--778.
[84]
Eric C Turner and Subhasish Dasgupta. 2006. Privacy on the Web: An examination of user concerns, technology, and implications for business organizations and individuals. Information Systems Management (2006).
[85]
GW Van Blarkom, John J Borking, and JG Eddy Olk. 2003. Handbook of privacy and privacy-enhancing technologies. Privacy Incorporated Software Agent (PISA) Consortium, The Hague 198 (2003).
[86]
Alan F. Westin. 1967. Privacy and Freedom. Atheneum, New York.
[87]
Alan F. Westin and Louis Harris & Associates. 1991. Harris-Equifax Consumer Privacy Survey. Equifax, Inc., Atlanta, GA.
[88]
Alma Whitten and J Doug Tygar. 1999. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. In USENIX Security Symposium, Vol. 348. 169--184.
[89]
Sally ME Wyatt. 2003. Non-users also matter: The construction of users and non-users of the Internet. Now users matter: The co-construction of users and technology (2003), 67--79.
[90]
Sarita Yardi and Amy Bruckman. 2012. Income, race, and class: exploring socioeconomic differences in family technology use. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. 3041--3050.
[91]
Alyson Leigh Young and Anabel Quan-Haase. 2013. Privacy protection strategies on Facebook: The Internet privacy paradox revisited. Information, Communication & Society 16, 4 (2013), 479--500.
[92]
Yixin Zou, Kevin Roundy, Acar Tamersoy, Saurabh Shintre, Johann Roturier, and Florian Schaub. 2020. Examining the adoption and abandonment of security, privacy, and identity theft protection practices. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems. 1--15.
Index Terms
- On Being an Expert: Habitus as a Lens for Understanding Privacy Expertise
Recommendations
What Makes a Technology Privacy Enhancing? Laypersons’ and Experts’ Descriptions, Uses, and Perceptions of Privacy Enhancing Technologies
Information for a Better World: Normality, Virtuality, Physicality, InclusivityAbstractWhat makes a technology privacy-enhancing? In this study, we construct an explanation grounded in the technologies and practices that people report using to enhance their privacy. We conducted an online survey of privacy experts (i.e., privacy ...
Affordances for practice
This paper argues that Gibson's concept of affordance inserts a powerful conceptual lens for the study of sociomateriality as enacted in contemporary organizational practices. Our objective in this paper is to develop a comprehensive view of affordances ...
Sensible Privacy: How We Can Protect Domestic Violence Survivors Without Facilitating Misuse
WPES '14: Proceedings of the 13th Workshop on Privacy in the Electronic SocietyPrivacy is a concept with real life ties and implications. Privacy infringement has the potential to lead to serious consequences for the stakeholders involved, hence researchers and organisations have developed various privacy enhancing techniques and ...
Comments
Information & Contributors
Information
Published In
Copyright © 2024 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 26 April 2024
Published in PACMHCI Volume 8, Issue CSCW1
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 87Total Downloads
- Downloads (Last 12 months)87
- Downloads (Last 6 weeks)8
Reflects downloads up to 13 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in