Usable privacy for digital transactions Exploring the usability aspects of three privacy enhancing mechanisms

Detta är en avhandling från Karlstad : Karlstads universitet

Sammanfattning: The amount of personal identifiable information that people distribute over different online services has grown rapidly and considerably over the last decades. This has led to increased probabilities for identity theft, profiling and linkability attacks, which can in turn not only result in a threat to people’s personal dignity, finances, and many other aspects of their lives, but also to societies in general. Methods and tools for securing people’s online activities and protecting their privacy on the Internet, so called Privacy Enhancing Technologies (PETs), are being designed and developed. However, these technologies are often seen by ordinary users as complicated and disruptive of their primary tasks. In this licentiate thesis, I investigate the usability aspects of three main privacy and security enhancing mechanisms. These mechanisms have the goal of helping and encouraging users to protect their privacy on the Internet as they engage in some of the steps necessary to complete a digital transaction. The three mechanisms, which have been investigated within the scope of different research projects, comprise of (1) graphical visualizations of service providers’ privacy policies and user-friendly management and matching of users’ privacy preferences “on the fly”, (2) methods for helping users create appropriate mental models of the data minimization property of anonymous credentials, and (3) employing touch-screen biometrics as a method to authenticate users into mobile devices and verify their identities during a digital transaction. Results from these investigations suggest that these mechanisms can make digital transactions privacy-friendly and secure while at the same time delivering convenience and usability for ordinary users.