The Myth of the Average User: Improving Privacy and Security Systems through Individualization

TitleThe Myth of the Average User: Improving Privacy and Security Systems through Individualization
Publication TypeConference Paper
Year of Publication2015
AuthorsEgelman, S., & Peer E.
Published inProceedings of the 2015 New Security Paradigms Workshop (NSPW ’15)
PublisherACM
Place PublishedNew York, NY, USA
Abstract

While individual differences in decision-making have been examined within the social sciences for several decades, they have only recently begun to be applied by computer scientists to examine privacy and security attitudes (and ultimately behaviors). Specifically, several researchers have shown how different online privacy decisions are correlated with the “Big Five” personality traits. In this paper, we show that the five factor model is actually a weak predictor of privacy attitudes, and that other well-studied individual differences in the psychology literature are much stronger predictors. Based on this result, we introduce the new paradigm of psychographic targeting of privacy and security mitigations: we believe that the next frontier in privacy and security research will be to tailor mitigations to users’ individual differences. We explore the extensive work on choice architecture and “nudges,” and discuss the possible ways it could be leveraged to improve security outcomes by personalizing privacy and security mitigations to specific user traits.

URLhttps://blues.cs.berkeley.edu/wp-content/uploads/2015/08/nspw.pdf
ICSI Research Group

Usable Security and Privacy