Privacy expectations and challenges of smart home ecosystems
Doctoral thesis, 2021

Technology has long facilitated our lives. Nowadays, we increasingly embrace living in digital spaces. Sometimes we cannot avoid enrolling into them, if only because staying outside makes our lives more complicated.
One technology that has become almost universally accepted as unavoidable to fully participate as a person is the smartphone, but in their use we balance trading our privacy for convenience. To mitigate this, the evolution of smartphone privacy controls is an example of how researchers work to shield users from privacy risks. Another technology that enters our lives and homes is the Internet of Things (IoT). Unlike smartphones, the IoT has not converged in a few common platforms (like Android and iOS), but is spread out over numerous, separate ecosystems of individual vendors. In addition, IoT ecosystems are closed by design; both data collection and processing is realized by black-box devices and vendor backends. This makes it challenging to devise a unified privacy protection measure for the IoT that, for instance, smartphone users enjoy – a permission system.
Addressing this challenge, my thesis aims at providing an early foundation for designing an IoT permission system. It sets out to understand associated design challenges in several dimensions, from the perspectives of users and the technology.
The user side was studied with qualitative and mixed Human-Computer Interaction (HCI) methods, such as interviews and surveys. The exploration of the technology side involved mobile IoT companion apps and IoT devices themselves. The former was conducted through a combination of static and dynamic analysis. The latter was approached from the perspective of emulating the externally observable network behavior of the devices and the ecosystem.
The contributions of this work begin with providing empirical evidence on the understanding that IoT users have of the data processing practices of this technology as well as user expectations of such practices; both from a privacy perspective. Secondly, a thorough study of mobile IoT companion apps has shed light on how the effectively mandatory use of the apps factors into the information exposure of IoT users and how the users react to that. Finally, a system intended to facilitate the prototyping of IoT privacy tools, e.g. a permission system, is proposed.
The multi-faceted approach applied in this work to study design challenges of an IoT permission system intends to serve as a stepping stone for research aimed at supporting IoT users in making informed choices about their privacy.

privacy

privacy enhancing technologies

Internet of Things (IoT)

Room CSE 473, JUPITER building, HÖRSELGÅNGEN 5, CAMPUS LINDHOLMEN. **NOTE**: the physical seats in the room (limited to 8 people by the rules/regulations) are taken now (unless someone of those who have seats reserved won't make it) - please join remotely unless you've informed me to reserve a seat for you earlier.
Opponent: Prof. Florian Alt, Professor of Usable Security at the Bundeswehr University Munich

Author

Tomasz Kosinski

Chalmers, Computer Science and Engineering (Chalmers), Interaction Design (Chalmers)

"I don't own the data": End User Perceptions of Smart Home Device Data Practices and Risks

Symposium on Usable Privacy and Security (SOUPS),; (2019)p. 435-450

Paper in proceeding

Investigating Users' Preferences and Expectations for Always-Listening Voice Assistants

Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT),; Vol. 3(2019)p. 153:1-153:23

Journal article

Kosiński, T, Wijesekera, P, Fjeld, M, Scandariato, R. Fool me once: Privacy analysis of com- panion apps required to get the "smart" from IoT

Kosiński, T, Scandariato, R, Fjeld, M. SyntIoT: Privacy and security experimentation in consumer- oriented IoT ecosystems

We all use smartphones and sometimes actually use privacy settings. Privacy is not anyone's main concern after all. We are also increasingly using "smart" devices, such as lightbulbs or voice assistants. Where are their privacy settings? Do those who use these devices know that? Do you?
This thesis contains a thread of research conducted towards users getting (to know) privacy controls for "smart" devices. You will find parts talking about studies involving people as well as those detailing systems kind of work. We are not there yet but if you are up to the challenge of helping out, maybe reading this text can help you.

Subject Categories

Human Computer Interaction

Computer Science

ISBN

978-91-7905-541-7

Doktorsavhandlingar vid Chalmers tekniska högskola. Ny serie: 5008

Publisher

Chalmers University of Technology

Room CSE 473, JUPITER building, HÖRSELGÅNGEN 5, CAMPUS LINDHOLMEN. **NOTE**: the physical seats in the room (limited to 8 people by the rules/regulations) are taken now (unless someone of those who have seats reserved won't make it) - please join remotely unless you've informed me to reserve a seat for you earlier.

Online

Opponent: Prof. Florian Alt, Professor of Usable Security at the Bundeswehr University Munich

More information

Latest update

9/17/2021