ABSTRACT
While individual differences in decision-making have been examined within the social sciences for several decades, they have only recently begun to be applied by computer scientists to examine privacy and security attitudes (and ultimately behaviors). Specifically, several researchers have shown how different online privacy decisions are correlated with the "Big Five" personality traits. In this paper, we show that the five factor model is actually a weak predictor of privacy attitudes, and that other well-studied individual differences in the psychology literature are much stronger predictors. Based on this result, we introduce the new paradigm of psychographic targeting of privacy and security mitigations: we believe that the next frontier in privacy and security research will be to tailor mitigations to users' individual differences. We explore the extensive work on choice architecture and "nudges," and discuss the possible ways it could be leveraged to improve security outcomes by personalizing privacy and security mitigations to specific user traits.
- I. Ajzen. The theory of planned behavior. Organizational behavior and human decision processes, 50(2):179--211, 1991.Google Scholar
- D. Akhawe and A. P. Felt. Alice in warningland: A large-scale field study of browser warning effectiveness. In Proceedings of the 22nd USENIX Security Symposium, 2013. Google ScholarDigital Library
- H. Almuhimedi, F. Schaub, N. Sadeh, I. Adjerid, A. Acquisti, J. Gluck, L. Cranor, and Y. Agarwal. Your location has been shared 5,398 times! a field study on mobile app privacy nudging. Technical Report CMU-ISR-14-116, Carnegie Mellon University, 2014.Google Scholar
- K. C. Appelt, K. F. Milch, M. Handgraaf, and E. U. Weber. The decision making individual differences inventory and guidelines for the study of individual differences in judgment and decision-making research. Judgment and Decision Making, 6(3):252--262, April 2011.Google Scholar
- M. Arianezhad, L. J. Camp, T. Kelley, and D. Stebila. Comparative eye tracking of experts and novices in web single sign-on. In Proceedings of the Third ACM Conference on Data and Application Security and Privacy, CODASPY '13, pages 105--116, New York, NY, USA, 2013. ACM. Google ScholarDigital Library
- R. Balebako, P. G. Leon, H. Almuhimedi, P. G. Kelley, J. Mugan, A. Acquisti, L. F. Cranor, and N. Sadeh. Nudging users towards privacy on mobile devices. In CHI 2011 workshop article, 2011.Google Scholar
- W. K. Balzer. User's manual for the Job Descriptive Index (JDI; 1997 revision) and the Job in General (JIG) scales. Bowling Green State University, 1997.Google Scholar
- A. Beautement, M. A. Sasse, and M. Wonham. The compliance budget: Managing security behaviour in organisations. In Proceedings of the 2008 Workshop on New Security Paradigms, NSPW '08, pages 47--58, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
- A. Besmer, J. Watson, and H. R. Lipford. The impact of social navigation on privacy policy configuration. In Proceedings of the Sixth Symposium on Usable Privacy and Security, SOUPS '10, pages 7:1--7:10, New York, NY, USA, 2010. ACM. Google ScholarDigital Library
- A.-R. Blais and E. U. Weber. A domain-specific risk-taking (dospert) scale for adult populations. Judgment and Decision Making, 1(1):33--47, 2006.Google ScholarCross Ref
- J. Block. A contrarian view of the five-factor approach to personality description. Psychological bulletin, 117(2):187, 1995.Google ScholarCross Ref
- J. Blythe, J. Camp, and V. Garg. Targeted risk communication for computer security. In Proceedings of the 16th International Conference on Intelligent User Interfaces, IUI '11, pages 295--298, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
- L. Boone and D. Kurtz. Contemporary Marketing. Cengage Learning, 2013.Google Scholar
- T. Buchanan, C. Paine, A. N. Joinson, and U.-D. Reips. Development of measures of online privacy concern and protection for use on the internet. Journal of the American Society for Information Science and Technology, 58(2):157--165, 2007. Google ScholarDigital Library
- J. T. Cacioppo, R. E. Petty, and C. Feng Kao. The efficient assessment of need for cognition. Journal of personality assessment, 48(3):306--307, 1984.Google Scholar
- J. T. Cacioppo, R. E. Petty, and K. J. Morris. Effects of need for cognition on message evaluation, recall, and persuasion. Journal of personality and social psychology, 45(4):805, 1983.Google Scholar
- T. L. Childers, M. J. Houston, and S. E. Heckler. Measurement of individual differences in visual versus verbal information processing. Journal of Consumer Research, pages 125--134, 1985.Google ScholarCross Ref
- D. L. Costa and M. E. Kahn. Energy conservation "nudges" and environmentalist ideology: Evidence from a randomized residential electricity field experiment. Journal of the European Economic Association, 11(3):680--702, 2013.Google ScholarCross Ref
- P. T. Costa and R. R. McCrae. The revised neo personality inventory (neo-pi-r). The SAGE handbook of personality theory and assessment, 2:179--198, 2008.Google Scholar
- K. E. Courtney, R. Arellano, E. Barkley-Levenson, A. Gálvan, R. A. Poldrack, J. MacKillop, J. David Jentsch, and L. A. Ray. The relationship between measures of impulsivity and alcohol misuse: an integrative structural equation modeling approach. Alcoholism: Clinical and Experimental Research, 36(6):923--931, 2012.Google ScholarCross Ref
- L. F. Cranor. A framework for reasoning about the human in the loop. In Proceedings of the 1st Conference on Usability, Psychology, and Security, Berkeley, CA, 2008. USENIX Association. Google ScholarDigital Library
- S. Egelman, L. F. Cranor, and J. Hong. You've been warned: An empirical study of the effectiveness of web browser phishing warnings. In Proceeding of The 26th SIGCHI Conference on Human Factors in Computing Systems, CHI '08, pages 1065--1074, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
- S. Egelman and E. Peer. Scaling the Security Wall: Developing a Security Behavior Intentions Scale (SeBIS). In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI '15, New York, NY, USA, 2015. ACM. To appear. Pre-print available at: http://guanotronic.com/~serge/papers/chi15-sebis.pdf. Google ScholarDigital Library
- S. Egelman and S. Schechter. The importance of being earnest {in security warnings}. In Financial Cryptography and Data Security, 2013.Google ScholarCross Ref
- S. Egelman, A. Sotirakopoulos, I. Muslukhov, K. Beznosov, and C. Herley. Does my password go up to eleven? the impact of password meters on password selection. In Proceedings of the ACM Computer-Human Interaction Conference, 2013. Google ScholarDigital Library
- A. P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner. Android permissions: user attention, comprehension, and behavior. In Proceedings of the Eighth Symposium on Usable Privacy and Security, SOUPS '12, New York, NY, USA, 2012. ACM. Google ScholarDigital Library
- A. P. Felt, R. W. Reeder, H. Almuhimedi, and S. Consolvo. Experimenting at scale with google chrome's ssl warning. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI '14, pages 2667--2670, New York, NY, USA, 2014. ACM. Google ScholarDigital Library
- D. Florencio and C. Herley. A large-scale study of web password habits. In WWW '07: Proceedings of the 16th International Conference on the World Wide Web, pages 657--666, New York, NY, USA, 2007. ACM Press. Google ScholarDigital Library
- A. Forget, S. Komanduri, A. Acquisti, N. Christin, L. F. Cranor, and R. Telang. Security behavior observatory: Infrastructure for long-term monitoring of client machines. Technical Report CMU-CyLab-14-009, Carnegie Mellon CyLab, 2014.Google Scholar
- S. Frederick. Cognitive reflection and decision making. Journal of Economic perspectives, pages 25--42, 2005.Google Scholar
- K. M. Galotti, E. Ciner, H. E. Altenbaumer, H. J. Geerts, A. Rupp, and J. Woulfe. Decision-making styles in a real-life decision: Choosing a college major. Personality and Individual Differences, 41(4):629--639, 2006.Google ScholarCross Ref
- V. Garg, L. J. Camp, K. Connelly, and L. Lorenzen-Huber. Risk communication design: Video vs. text. In Proceedings of the 12th International Conference on Privacy Enhancing Technologies, PETS'12, pages 279--298, Berlin, Heidelberg, 2012. Springer-Verlag. Google ScholarDigital Library
- D. G. Goldstein, E. J. Johnson, and W. F. Sharpe. Choosing outcomes versus choosing products: Consumer-focused retirement investment advice. Journal of Consumer Research, 35(3):440--456, 2008.Google ScholarCross Ref
- S. D. Gosling, P. J. Rentfrow, and W. B. Swann Jr. A very brief measure of the big-five personality domains. J. of Research in Personality, 37(6):504--528, 2003.Google ScholarCross Ref
- L. Gou, M. X. Zhou, and H. Yang. Knowme and shareme: Understanding automatically discovered personality traits from social media and user sharing preferences. In Proc. of the 32nd Annual ACM Conf. on Human Factors in Computing Systems, CHI '14, pages 955--964, New York, NY, USA, 2014. ACM. Google ScholarDigital Library
- C. P. Haugtvedt, R. E. Petty, and J. T. Cacioppo. Need for cognition and advertising: Understanding the role of personality variables in consumer behavior. Journal of Consumer Psychology, 1(3):239--260, 1992.Google ScholarCross Ref
- D. L. Hoffman, P. K. Kopalle, and T. P. Novak. The "right" consumers for better concepts: Identifying consumers high in emergent nature to develop new product concepts. Journal of Marketing Research, 47(5):854--865, 2010.Google ScholarCross Ref
- L. M. Hough. The `big five' personality variables--construct confusion: Description versus prediction. Human Performance, 5(1-2):139--155, 1992.Google ScholarCross Ref
- S. Issenberg. Born This Way. New York Magazine, April 12 2012. http://nymag.com/news/features/liberals-conservatives-2012-4/.Google Scholar
- D. Jeske, L. Coventry, P. Briggs, and A. van Moorsel. Nudging whom how: It proficiency, impulse control and secure behaviour. Networks, 49:18, 2014.Google Scholar
- L. K. John, A. Acquisti, and G. Loewenstein. Strangers on a plane: context-dependent willingness to divulge sensitive information. Journal of Consumer Research, 37(5):858--873, 2011.Google ScholarCross Ref
- E. J. Johnson and D. Goldstein. Do defaults save lives? Science, 302(5649):1338--1339, 2003.Google ScholarCross Ref
- E. J. Johnson, S. B. Shu, B. G. Dellaert, C. Fox, D. G. Goldstein, G. Häubl, R. P. Larrick, J. W. Payne, E. Peters, D. Schkade, et al. Beyond nudges: Tools of a choice architecture. Marketing Letters, 23(2):487--504, 2012.Google ScholarCross Ref
- J. Joireman, M. J. Shaffer, D. Balliet, and A. Strathman. Promotion orientation explains why future-oriented people exercise and eat healthy evidence from the two-factor consideration of future consequences-14 scale. Personality and Social Psychology Bulletin, 38(10):1272--1287, 2012.Google ScholarCross Ref
- T. A. Judge and J. E. Bono. Five-factor model of personality and transformational leadership. Journal of applied psychology, 85(5):751, 2000.Google Scholar
- I. A. Junglas, N. A. Johnson, and C. Spitzmuller. Personality traits and concern for privacy: an empirical study in the context of location-based services. European Journal of Information Systems, 17(4):387--402, print 2008.Google ScholarCross Ref
- T. Kelley, L. J. Camp, S. Lien, and D. Stebila. Self-identified experts lost on the interwebs: The importance of treating all results as learning experiences. In Proceedings of the 2012 Workshop on Learning from Authoritative Security Experiment Results, LASER '12, pages 47--54, New York, NY, USA, 2012. ACM. Google ScholarDigital Library
- M. L. Korzaan and K. T. Boswell. The influence of personality traits and information privacy concerns on behavioral intentions. Journal of Computer Information Systems, 48(4):15--24, 2008.Google Scholar
- P. Kotler and K. Keller. Marketing Management. Pearson Prentice Hall, 2006.Google Scholar
- P. Kumaraguru and L. F. Cranor. Privacy indexes: A survey of westin's studies. Technical Report CMU-ISRI-5-138, Carnegie Mellon University, December 2005. http://reports-archive.adm.cs.cmu.edu/anon/isri2005/CMU-ISRI-05-138.pdf.Google Scholar
- P. Kumaraguru and L. F. Cranor. Privacy Indexes: A Survey of Westin's Studies. Technical Report CMU-ISRI-5-138, Carnegie Mellon University, December, 2005. http://reports-archive.adm.cs.cmu.edu/anon/isri2005/abstracts/05-138.html.Google Scholar
- I. P. Levin, G. J. Gaeth, J. Schreiber, and M. Lauriola. A new look at framing effects: Distribution of effect sizes, individual differences, and independence of types of effects. Organizational Behavior and Human Decision Processes, 88(1):411--429, 2002.Google ScholarCross Ref
- I. P. Levin, S. L. Schneider, and G. J. Gaeth. All frames are not created equal: A typology and critical analysis of framing effects. Organizational behavior and human decision processes, 76(2):149--188, 1998.Google Scholar
- I. M. Lipkus, G. Samsa, and B. K. Rimer. General performance on a numeracy scale among highly educated samples. Medical Decision Making, 21(1):37--44, 2001.Google ScholarCross Ref
- D. J. MacInnis, C. Moorman, and B. J. Jaworski. Enhancing and measuring consumers' motivation, opportunity, and ability to process brand information from ads. The J. of Marketing, pages 32--53, 1991.Google ScholarCross Ref
- B. C. Madrian and D. F. Shea. The power of suggestion: Inertia in 401 (k) participation and savings behavior. Technical report, National bureau of economic research, 2000.Google Scholar
- N. K. Malhotra, S. S. Kim, and J. Agarwal. Internet users' information privacy concerns (iuipc): The construct, the scale, and a causal model. Information Systems Research, 15(4):336--355, December 2004. Google ScholarDigital Library
- A. Martins, N. Ramalho, and E. Morin. A comprehensive meta-analysis of the relationship between emotional intelligence and health. Personality and individual differences, 49(6):554--564, 2010.Google Scholar
- M. Matsunaga. How to factor-analyze your data right: Do's, don'ts, and how-to's. International Journal of Psychological Research, 3(1):97--110, 2010.Google ScholarCross Ref
- A. M. McDonald and L. F. Cranor. Americans' attitudes about internet behavioral advertising practices. In Proceedings of the 9th annual ACM workshop on Privacy in the electronic society, WPES '10, pages 63--72, New York, NY, USA, 2010. ACM. Google ScholarDigital Library
- A. M. McDonald and L. F. Cranor. Beliefs and behaviors: Internet users' understanding of behavioral advertising. In 38th Research Conference on Communication, Information and Internet Policy (Telecommunications Policy Research Conference), October 2 2010.Google Scholar
- O. H. Mowrer. Learning theory and behavior. John Wiley & Sons Inc, 1960.Google ScholarCross Ref
- D. A. Norman. The way i see it: When security gets in the way. interactions, 16(6):60--63, Nov. 2009. Google ScholarDigital Library
- J. H. Patton, M. S. Stanford, et al. Factor structure of the barratt impulsiveness scale. Journal of clinical psychology, 51(6):768--774, 1995.Google Scholar
- D. M. Pedersen. Personality correlates of privacy. The Journal of Psychology, 112(1):11--14, 1982.Google ScholarCross Ref
- E. Peters, D. Västfjäll, P. Slovic, C. Mertz, K. Mazzocco, and S. Dickert. Numeracy and decision making. Psychological Science, 17(5):407--413, 2006.Google ScholarCross Ref
- R. W. Reeder, L. Bauer, L. F. Cranor, M. K. Reiter, K. Bacon, K. How, and H. Strong. Expandable grids for visualizing and authoring computer security policies. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI '08, pages 1473--1482, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
- V. F. Reyna, W. L. Nelson, P. K. Han, and N. F. Dieckmann. How numeracy influences risk comprehension and medical decision making. Psychological bulletin, 135(6):943, 2009.Google ScholarCross Ref
- M. K. Rothbart, S. A. Ahadi, and D. E. Evans. Temperament and personality: origins and outcomes. Journal of personality and social psychology, 78(1):122, 2000.Google Scholar
- R. J. Schneider and L. M. Hough. Personality and industrial/organizational psychology. International review of industrial and organizational psychology, 10:75--130, 1995.Google Scholar
- S. G. Scott and R. A. Bruce. Decision-making style: The development and assessment of a new measure. Educational and psychological measurement, 55(5):818--831, 1995.Google Scholar
- S. M. Smith and I. P. Levin. Need for cognition and choice framing effects. Journal of Behavioral Decision Making, 9(4):283--290, 1996.Google ScholarCross Ref
- W. R. Smith. Product differentiation and market segmentation as alternative marketing strategies. Journal of Marketing, 21(1):pp. 3--8, 1956.Google ScholarCross Ref
- A. Sotirakopoulos, K. Hawkey, and K. Beznosov. On the challenges in usable security lab studies: Lessons learned from replicating a study on ssl warnings. In Proceedings of the 2011 Symposium on Usable Privacy and Security (SOUPS '11), Jun 2011. Google ScholarDigital Library
- K. E. Stanovich and R. F. West. Individual differences in rational thought. Journal of experimental psychology: general, 127(2):161, 1998.Google Scholar
- R. Strahan and K. C. Gerbasi. Short, homogeneous versions of the marlowe-crowne social desirability scale. Journal of clinical psychology, 1972.Google Scholar
- J. Sunshine, S. Egelman, H. Almuhimedi, N. Atri, and L. F. Cranor. Crying wolf: an empirical study of ssl warning effectiveness. In Proceedings of the 18th USENIX Security Symposium, SSYM'09, pages 399--416, Berkeley, CA, USA, 2009. USENIX Association. Google ScholarDigital Library
- R. Thaler and C. Sunstein. Nudge: Improving decisions about health, wealth, and happiness. Yale University Press, New Haven and London, 2008.Google Scholar
- A. Tversky and D. Kahneman. The framing of decisions and the psychology of choice. Science, 211(4481):453--458, January 1981.Google ScholarCross Ref
- United States Computer Emergency Readiness Team. Tips. https://www.us-cert.gov/ncas/tips. Accessed: September 12, 2014.Google Scholar
- B. Ur, P. G. Leon, L. F. Cranor, R. Shay, and Y. Wang. Smart, useful, scary, creepy: perceptions of online behavioral advertising. In Proceedings of the Eighth Symposium on Usable Privacy and Security, page 4. ACM, 2012. Google ScholarDigital Library
- Verizon. Security. http://www.verizon.com/Support/Residential/Internet/FiosInternet/General+Support/Security/Security.htm, 2014. Accessed: September 12, 2014.Google Scholar
- Y. Wang, P. G. Leon, A. Acquisti, L. F. Cranor, A. Forget, and N. Sadeh. A field trial of privacy nudges for facebook. In Proceedings of the 32nd annual ACM conference on Human factors in computing systems, pages 2367--2376. ACM, 2014. Google ScholarDigital Library
- Y. Wang, P. G. Leon, X. Chen, S. Komanduri, G. Norcie, K. Scott, A. Acquisti, L. F. Cranor, and N. Sadeh. The second wave of global privacy protection: From facebook regrets to facebook privacy nudges. Ohio State Law Journal, 74:1307--1335, 2013.Google Scholar
- Y. Wang, P. G. Leon, K. Scott, X. Chen, A. Acquisti, and L. F. Cranor. Privacy nudges for social media: an exploratory facebook study. In Proceedings of the 22nd international conference on World Wide Web companion, pages 763--770. International World Wide Web Conferences Steering Committee, 2013. Google ScholarDigital Library
- M. S. Wogalter. Communication-Human Information Processing (C-HIP) Model. In M. S. Wogalter, editor, Handbook of Warnings, pages 51--61. Lawrence Erlbaum Associates, 2006.Google ScholarCross Ref
- A. Woodruff, V. Pihur, S. Consolvo, L. Brandimarte, and A. Acquisti. Would a privacy fundamentalist sell their dna for $1000...if nothing bad happened as a result? the westin categories, behavioral intentions, and consequences. In Proceedings of the 2014 Symposium on Usable Privacy and Security, pages 1--18. USENIX Association, 2014.Google Scholar
- M. Wu, R. C. Miller, and S. L. Garfinkel. Do security toolbars actually prevent phishing attacks? In CHI '06: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pages 601--610, New York, NY, USA, 2006. ACM. Google ScholarDigital Library
- H. Xu, T. Dinev, J. Smith, and P. Hart. Information privacy concerns: Linking individual perceptions with institutional privacy assurances. Journal of the Association for Information Systems, 12(12):1, 2011.Google ScholarCross Ref
- H. Xu, X. R. Luo, J. M. Carroll, and M. B. Rosson. The personalization privacy paradox: An exploratory study of decision making process for location-aware marketing. Decision Support Systems, 51(1):42--52, 2011. Google ScholarDigital Library
- J. Yan, N. Liu, G. Wang, W. Zhang, Y. Jiang, and Z. Chen. How much can behavioral targeting help online advertising? In Proceedings of the 18th international conference on World wide web, pages 261--270. ACM, 2009. Google ScholarDigital Library
- J. Zaslow. If tivo thinks you are gay, here's how to set it straight. The Wall Street Journal, 2002. http://www.wsj.com/articles/SB1038261936872356908.Google Scholar
- Y. Zhang and R. Buda. Moderating effects of need for cognition on responses to positively versus negatively framed advertising messages. Journal of Advertising, 28(2):1--15, 1999.Google ScholarCross Ref
- M. E. Zurko and R. T. Simon. User-centered security. In NSPW '96: Proceedings of the 1996 Workshop on New Security Paradigms, pages 27--33, New York, NY, USA, 1996. ACM Press. Google ScholarDigital Library
- The Myth of the Average User: Improving Privacy and Security Systems through Individualization
Recommendations
Busting the one-voice-fits-all myth: Effects of similarity and customization of voice-assistant personality
Highlights- Automated personality matching of extroverted users to extroverted voice assistants increases attractiveness.
AbstractDespite the increasing sophistication of voice assistant (VA) technology, most major VAs subscribe to a one-voice-fits-all model of interaction. This study examines if offering users a VA similar to them, or letting users customize the ...
Do Facebook profile pictures reflect user's personality?
We investigate the motivations behind choice of Facebook profile picture.Users tend to choose profile pictures that make them look attractive.Profile picture has an influence on their choice of profile picture.Facebook profile picture reflects user's ...
De-correlating User Profiles: Exploring Anonymity Tools
MEDES '14: Proceedings of the 6th International Conference on Management of Emergent Digital EcoSystemsThe privacy of cloud users is at risk. Privacy invasive profiling technologies are becoming more powerful than ever. Users are not only identifiable through their explicitly disclosed data but also through aggregate analysis of metadata - i.e. data ...
Comments