%0 Conference Proceedings
%T “Most Companies Share Whatever They Can to Make Money!”: Comparing User’s Perceptions with the Data Practices of IoT Devices
%+ Utah State University (USU)
%+ University of Waterloo [Waterloo]
%A Al-Ameen, Mahdi, Nasrullah
%A Chauhan, Apoorva
%A Ahsan, M.
%A Kocabas, Huzeyfe
%Z Part 9: Attitudes and Perceptions
%< avec comité de lecture
%( IFIP Advances in Information and Communication Technology
%B 14th International Symposium on Human Aspects of Information Security and Assurance (HAISA)
%C Mytilene, Lesbos, Greece
%Y Nathan Clarke
%Y Steven Furnell
%I Springer International Publishing
%3 Human Aspects of Information Security and Assurance
%V AICT-593
%P 329-340
%8 2020-07-08
%D 2020
%R 10.1007/978-3-030-57404-8_25
%K IoT
%K User study
%K Mismatched privacy perceptions
%Z Computer Science [cs]Conference papers
%X With the rapid deployment of Internet of Things (IoT) technologies, it has been essential to address the security and privacy issues through maintaining transparency in data practices, and designing new tools for data protection. To address these challenges, the prior research focused on identifying user’s privacy preferences in different contexts of IoT usage, user’s mental model of security threats, and their privacy practices for a specific type of IoT device (e.g., smart speaker). However, there is a dearth in existing literature to understand the mismatch between user’s perceptions and the actual data practices of IoT devices. Such mismatches could lead users unknowingly sharing their private information, exposing themselves to unanticipated privacy risks. To address these issues, we conducted a lab study with 42 participants, where we compared the data practices stated in the privacy policy of 28 IoT devices with the participants’ perceptions of data collection, sharing, and protection. Our findings provide insights into the mismatched privacy perceptions of users, which lead to our recommendations on designing simplified privacy notice by highlighting the unexpected data practices.
%G English
%Z TC 11
%Z WG 11.12
%2 https://inria.hal.science/hal-03657704/document
%2 https://inria.hal.science/hal-03657704/file/497442_1_En_25_Chapter.pdf
%L hal-03657704
%U https://inria.hal.science/hal-03657704
%~ IFIP
%~ IFIP-AICT
%~ IFIP-TC
%~ IFIP-TC11
%~ IFIP-HAISA
%~ IFIP-AICT-593
%~ IFIP-WG11-12