“My Activity” allows users to review what data Google has collected about them. © Maximilian Golla

IT Security Transparent data collection increases trust among users

Services like Google collect a lot of data about their users. Anyone can see the information that is stored about them. But that doesn’t scare users away. On the contrary.

If online services like Google are more transparent about what data they collect on their users, it can inspire more trust. This is the conclusion reached by researchers from Ruhr-Universität Bochum (RUB) and the Max Planck Institute for Security and Privacy (MPI-SP) in Bochum, together with colleagues from the The George Washington University. In an online study, they had 153 participants look at the data Google had stored about them and asked the participants before and after about their privacy concerns. They also examined whether the participants wanted to change their Google settings in the future after being confronted with the data stored about them.

Florian Farke and Professor Markus Dürmuth from the Horst Görtz Institute for IT Security at RUB and Dr. Maximilian Golla from MPI-SP, together with David Balash and Professor Adam Aviv from The George Washington University, will publish the results at the USENIX Security conference on 11 August 2021.

User profiles for advertising

“The web is financed by advertising. For it to be more targeted, large online services such as Google create profiles about their users,” explains Florian Farke. What YouTube video have you watched? What have you searched for on Google? What have you looked up on Google Maps? What places have you been? Google stores all this data and much more. Since 2016, users have been able to view their stored data in detail via the Google service “My Activity” (accessible via myactivity.google.com with a Google account).

“The online services then draw conclusions from the activities: For example, if you search for children’s toys, Google infers the parental status ‘Has children’ and marital status ‘In a relationship’,” elaborates Florian Farke. “Google learns these characteristics based on the activities it collects or infers them from people with similar activities,” adds David Balash.

Less concerned about data collection

After viewing their collected data, 40 per cent of the study participants said they were less concerned about Google’s data collection than before; only 15 per cent were more concerned. “We were surprised by the results,” says Florian Farke. “Google clearly benefits from offering such a privacy dashboard. It’s like a monster in a horror movie: the longer you don’t show it, the scarier it gets,” illustrates David Balash.

Among the participants who commented on the scope and detail of their collected data, a large proportion were surprised by the sheer volume of activities collected. In addition, 63 per cent of respondents were resigned and said they didn’t want to change their privacy settings. One of the study participants summed up their frustration as follows: “Google sells my information as a product. I am not really a customer. I am like a piece of corn that is sold on the commodities market. […]. I am then sold to the highest bidder several times.”

Suggestions for improved design

In their paper, the researchers also make suggestions on how to improve the design of transparency tools like My Activity to be less overwhelming for users. For example, by centralising the privacy controls of multiple web services. In the future, the researchers would like to explore how new transparency tools can be designed to better inform users about what data is being collected about them and how it is being used.

Funding

The project was partially funded by the SecHuman research training group of the State of North Rhine-Westphalia and the German Research Foundation in the Cluster of Excellence 2092 Cyber Security in the Age of Large-Scale Attackers (CASA).

Original publication

Florian M. Farke, David G. Balash, Maximilian Golla, Markus Dürmuth, Adam J. Aviv: Are privacy dashboards good for end users? Evaluating user perceptions and reactions to Google’s My Activity, 30th USENIX Security Symposium, 2021, Virtual Conference, download preprint

Press contact

Florian Farke
Mobile Security Research Group
Horst Görtz Institute for IT Security
Ruhr-Universität Bochum
Germany
Phone: +49 234 32 28669
Email: florian.farke@rub.de

Dr. Maximilian Golla
Max Planck Institute for Security and Privacy
Phone: +49 234 32 28667
Germany
Email: maximilian.golla@csp.mpg.de

Published

Wednesday
02 June 2021
8:32 am

By

Julia Weiler (jwe)

Translated by

Donata Zuber

Share