Privacy expectations and challenges of smart home ecosystems
Doctoral thesis, 2021
One technology that has become almost universally accepted as unavoidable to fully participate as a person is the smartphone, but in their use we balance trading our privacy for convenience. To mitigate this, the evolution of smartphone privacy controls is an example of how researchers work to shield users from privacy risks. Another technology that enters our lives and homes is the Internet of Things (IoT). Unlike smartphones, the IoT has not converged in a few common platforms (like Android and iOS), but is spread out over numerous, separate ecosystems of individual vendors. In addition, IoT ecosystems are closed by design; both data collection and processing is realized by black-box devices and vendor backends. This makes it challenging to devise a unified privacy protection measure for the IoT that, for instance, smartphone users enjoy – a permission system.
Addressing this challenge, my thesis aims at providing an early foundation for designing an IoT permission system. It sets out to understand associated design challenges in several dimensions, from the perspectives of users and the technology.
The user side was studied with qualitative and mixed Human-Computer Interaction (HCI) methods, such as interviews and surveys. The exploration of the technology side involved mobile IoT companion apps and IoT devices themselves. The former was conducted through a combination of static and dynamic analysis. The latter was approached from the perspective of emulating the externally observable network behavior of the devices and the ecosystem.
The contributions of this work begin with providing empirical evidence on the understanding that IoT users have of the data processing practices of this technology as well as user expectations of such practices; both from a privacy perspective. Secondly, a thorough study of mobile IoT companion apps has shed light on how the effectively mandatory use of the apps factors into the information exposure of IoT users and how the users react to that. Finally, a system intended to facilitate the prototyping of IoT privacy tools, e.g. a permission system, is proposed.
The multi-faceted approach applied in this work to study design challenges of an IoT permission system intends to serve as a stepping stone for research aimed at supporting IoT users in making informed choices about their privacy.
privacy enhancing technologies
Internet of Things (IoT)
Chalmers, Computer Science and Engineering (Chalmers), Interaction design
"I don't own the data": End User Perceptions of Smart Home Device Data Practices and Risks
Symposium on Usable Privacy and Security (SOUPS),; (2019)p. 435-450
Paper in proceeding
Investigating Users' Preferences and Expectations for Always-Listening Voice Assistants
Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT),; Vol. 3(2019)p. 153:1-153:23
Kosiński, T, Wijesekera, P, Fjeld, M, Scandariato, R. Fool me once: Privacy analysis of com- panion apps required to get the "smart" from IoT
Kosiński, T, Scandariato, R, Fjeld, M. SyntIoT: Privacy and security experimentation in consumer- oriented IoT ecosystems
This thesis contains a thread of research conducted towards users getting (to know) privacy controls for "smart" devices. You will find parts talking about studies involving people as well as those detailing systems kind of work. We are not there yet but if you are up to the challenge of helping out, maybe reading this text can help you.
Human Computer Interaction
Doktorsavhandlingar vid Chalmers tekniska högskola. Ny serie: 5008
Room CSE 473, JUPITER building, HÖRSELGÅNGEN 5, CAMPUS LINDHOLMEN. **NOTE**: the physical seats in the room (limited to 8 people by the rules/regulations) are taken now (unless someone of those who have seats reserved won't make it) - please join remotely unless you've informed me to reserve a seat for you earlier.
Opponent: Prof. Florian Alt, Professor of Usable Security at the Bundeswehr University Munich