Newsportal - Ruhr-Universität Bochum
Transparent data collection increases trust among users
If online services like Google are more transparent about what data they collect on their users, it can inspire more trust. This is the conclusion reached by researchers from Ruhr-Universität Bochum (RUB) and the Max Planck Institute for Security and Privacy (MPI-SP) in Bochum, together with colleagues from the The George Washington University. In an online study, they had 153 participants look at the data Google had stored about them and asked the participants before and after about their privacy concerns. They also examined whether the participants wanted to change their Google settings in the future after being confronted with the data stored about them.
Florian Farke and Professor Markus Dürmuth from the Horst Görtz Institute for IT Security at RUB and Dr. Maximilian Golla from MPI-SP, together with David Balash and Professor Adam Aviv from The George Washington University, will publish the results at the USENIX Security conference on 11 August 2021.
User profiles for advertising
“The web is financed by advertising. For it to be more targeted, large online services such as Google create profiles about their users,” explains Florian Farke. What YouTube video have you watched? What have you searched for on Google? What have you looked up on Google Maps? What places have you been? Google stores all this data and much more. Since 2016, users have been able to view their stored data in detail via the Google service “My Activity” (accessible via myactivity.google.com with a Google account).
“The online services then draw conclusions from the activities: For example, if you search for children’s toys, Google infers the parental status ‘Has children’ and marital status ‘In a relationship’,” elaborates Florian Farke. “Google learns these characteristics based on the activities it collects or infers them from people with similar activities,” adds David Balash.
Less concerned about data collection
After viewing their collected data, 40 per cent of the study participants said they were less concerned about Google’s data collection than before; only 15 per cent were more concerned. “We were surprised by the results,” says Florian Farke. “Google clearly benefits from offering such a privacy dashboard. It’s like a monster in a horror movie: the longer you don’t show it, the scarier it gets,” illustrates David Balash.
Among the participants who commented on the scope and detail of their collected data, a large proportion were surprised by the sheer volume of activities collected. In addition, 63 per cent of respondents were resigned and said they didn’t want to change their privacy settings. One of the study participants summed up their frustration as follows: “Google sells my information as a product. I am not really a customer. I am like a piece of corn that is sold on the commodities market. […]. I am then sold to the highest bidder several times.”
Suggestions for improved design
In their paper, the researchers also make suggestions on how to improve the design of transparency tools like My Activity to be less overwhelming for users. For example, by centralising the privacy controls of multiple web services. In the future, the researchers would like to explore how new transparency tools can be designed to better inform users about what data is being collected about them and how it is being used.
The project was partially funded by the SecHuman research training group of the State of North Rhine-Westphalia and the German Research Foundation in the Cluster of Excellence 2092 Cyber Security in the Age of Large-Scale Attackers (CASA).
Florian M. Farke, David G. Balash, Maximilian Golla, Markus Dürmuth, Adam J. Aviv: Are privacy dashboards good for end users? Evaluating user perceptions and reactions to Google’s My Activity, 30th USENIX Security Symposium, 2021, Virtual Conference, download preprint
Mobile Security Research Group
Horst Görtz Institute for IT Security
Phone: +49 234 32 28669
Dr. Maximilian Golla
Max Planck Institute for Security and Privacy
Phone: +49 234 32 28667
2 June 2021