Peering Through the Cloud—Investigating the Perceptions and Behaviors of Cloud Storage Users

Wu, Justin Chun

01 October 2016

We present the results of a survey and interviews focused on user perceptions and behaviors with respect to cloud storage services. In particular, we study behaviors such as which services are used, what types of data are stored, and how collaboration and sharing are performed. We also investigate user attitudes toward cloud storage on topics such as payment, privacy, security, and robustness. We find that users are drawn to cloud storage because it enables robust, ubiquitous access to their files, as well as enabling sharing and collaborative efforts. However, users' preferred medium for file sharing continues to be email, due to its ubiquity and role as "lowest common denominator." Privacy and security are of great concern to users, and though users vocally describe feeling "safe" on the cloud, this is because they actively filter the content they store in cloud services. Payment is a sensitive issue, with users exhibiting a strong aversion to any form of direct payment, preferring even disliked alternative funding mechanisms such as targeted advertising. Finally, the cloud serves as an important backup location for users, although space limitations prevent them from using it as a full backup solution.

cloud storage

personal data

privacy

Computer Sciences

INSTAGRAM’S LIMINAL SPACES FOR ONLINE IMPRESSION MANAGEMENT: AN INVESTIGATION OF FINSTA ACCOUNT USAGE

Unknown Date

This thesis examines the multifarious presentation of one’s identity on a singular social network site through their usage of both “finsta” and “rinsta” accounts on Instagram. A rinsta is one’s primary and more public Instagram account. A finsta is a highly privatized secondary Instagram account that functions as a liminal space for users’ impression management engagements. In-depth interviews were conducted with participants who identified as having created a finsta account and thematic analysis was subsequently employed to understand how they conceptualized their motivations and behaviors within their constructed networks. It was found that users were motivated to create and maintain a finsta by a desire for privacy, social inclusion, and the freedom to generate content that would be considered socially unacceptable on rinsta. This socially unacceptable content was often humorous or emotionally expressive. Finstas are also characterized by in-depth communal interactions in comparison with the more superficial interactions on rinsta. / Includes bibliography. / Thesis (MA)--Florida Atlantic University, 2021. / FAU Electronic Theses and Dissertations Collection

Finsta

Instagram (Online social network)

Privacy

Mobilní aplikace pro anonymní komunikaci / Mobile application for anonymous communication

Krajanec, Štefan

January 2021

Instant messaging applications noted significant grow especially in the last decade. In fact, the Internet communication is cheap and convenient way how to communicate with distant people. However, this grow of user communication and data exchange through the online world impacts user security and privacy, as it was also shown recently by WhatsApp privacy issues. Firstly this article evaluates security and privacy issues of current mobile messaging applications. Secondly, we design our basic open source solution with the focus on security, privacy, and user centric features. Furthermore, we provide proof-of-concept implementation of our system

Leaving a Lasting Impression: The Role of Foundational Family, Privacy, and Gender Messages on Coming Out Disclosures

Motto, Justin Stewart

January 2018

This dissertation investigates the influence of family messages about gender, free expression, conformity, and privacy on coming out disclosures, a difficult experience in today’s society. Using communication privacy management theory, this study explored how heteronormative beliefs, family privacy boundaries, and family communication patterns relate to disclosure concerns. A total of 218 self-identified lesbian, gay, bisexual, and transgender (LGBT) participants were recruited using convenience and snowball sampling techniques. Participants completed an online survey to measure family privacy orientations, family communication patterns, heteronormative attitudes and beliefs, and disclosure concerns. Six linear regression analyses were performed. The findings suggest that both family privacy orientations and family communication patterns contribute to concerns about disclosing one’s sexual orientation. The study did not find heteronormative beliefs and attitudes to play a significant role in disclosure concerns. Additional findings indicate that family communication patterns inform family privacy orientations, which suggest a more complicated chain of influence. The findings of the study highlight the influence of early communication on LGBT individuals’ long-term ability to communicate about their sexual orientation.

Coming out (Sexual orientation)

Heterosexism.

Privacy.

Families.

Use of Impression Management Strategies in Response to a Feedback Intervention

Nelson, Jacob Scott

January 2019

Providing performance feedback in a way that leads to improved performance is an integral aspect to the success of an organization. Past research shows the feedback does not always improve employee performance. Characteristics of feedback can direct attention away from improved performance and toward attention to the self. This study examined the impact of characteristics of feedback delivery on individuals’ tendency to use impression management strategies (exemplification, self-promotion, ingratiation, supplication). The results indicate that participants did not use impression management differently when feedback was delivered publicly versus privately. However, participants reported a higher likelihood to use ingratiation and self-promotion strategies after receiving negative than positive feedback. Discussion of results, along with limitations and directions for future research, are discussed.

feedback intervention

impression management

privacy

valence

Advancing information privacy concerns evaluation in personal data intensive services

Rohunen, A. (Anna)

04 December 2019

Abstract When personal data are collected and utilised to produce personal data intensive services, users of these services are exposed to the possibility of privacy losses. Users’ information privacy concerns may lead to non-adoption of new services and technologies, affecting the quality and the completeness of the collected data. These issues make it challenging to fully reap the benefits brought by the services. The evaluation of information privacy concerns makes it possible to address these concerns in the design and the development of personal data intensive services. This research investigated how privacy concerns evaluations should be developed to make them valid in the evolving data collection contexts. The research was conducted in two phases: employing a mixed-method research design and using a literature review methodology. In Phase 1, two empirical studies were conducted, following a mixed-method exploratory sequential design. In both studies, the data subjects’ privacy behaviour and privacy concerns that were associated with mobility data collection were first explored qualitatively, and quantitative instruments were then developed based on the qualitative results to generalise the findings. Phase 2 was planned to provide an extensive view on privacy behaviour and some possibilities to develop privacy concerns evaluation in new data collection contexts. Phase 2 consisted of two review studies: a systematic literature review of privacy behaviour models and a review of the EU data privacy legislation changes. The results show that in evolving data collection contexts, privacy behaviour and concerns have characteristics that differ from earlier ones. Privacy concerns have aspects specific to these contexts, and their multifaceted nature appears emphasised. Because privacy concerns are related to other privacy behaviour antecedents, it may be reasonable to incorporate some of these antecedents into evaluations. The existing privacy concerns evaluation instruments serve as valid starting points for evaluations in evolving personal data collection contexts. However, these instruments need to be revised and adapted to the new contexts. The development of privacy concerns evaluation may be challenging due to the incoherence of the existing privacy behaviour research. More overarching research is called for to facilitate the application of the existing knowledge. / Tiivistelmä Kun henkilötietoja kerätään ja hyödynnetään dataintensiivisten palveluiden tuottamiseen, palveluiden käyttäjien tietosuoja saattaa heikentyä. Käyttäjien tietosuojahuolet voivat hidastaa uusien palveluiden ja teknologioiden käyttöönottoa sekä vaikuttaa kerättävän tiedon laatuun ja kattavuuteen. Tämä hankaloittaa palveluiden täysimittaista hyödyntämistä. Tietosuojahuolten arviointi mahdollistaa niiden huomioimisen henkilötietoperusteisten palveluiden suunnittelussa ja kehittämisessä. Tässä tutkimuksessa selvitettiin, kuinka tietosuojahuolten arviointia tulisi kehittää muuttuvissa tiedonkeruuympäristöissä. Kaksivaiheisessa tutkimuksessa toteutettiin aluksi empiirinen monimenetelmällinen tutkimus ja tämän jälkeen systemaattinen kirjallisuustutkimus. Ensimmäisessä vaiheessa tehtiin kaksi empiiristä tutkimusta monimenetelmällisen tutkimuksen tutkivan peräkkäisen asetelman mukaisesti. Näissä tutkimuksissa selvitettiin ensin laadullisin menetelmin tietosuojakäyttäytymistä ja tietosuojahuolia liikkumisen dataa kerättäessä. Laadullisten tulosten pohjalta kehitettiin kvantitatiiviset instrumentit tulosten yleistettävyyden tutkimiseksi. Tutkimuksen toisessa vaiheessa toteutettiin kaksi katsaustyyppistä tutkimusta, jotta saataisiin kattava käsitys tietosuojakäyttäytymisestä sekä mahdollisuuksista kehittää tietosuojahuolten arviointia uusissa tiedonkeruuympäristöissä. Nämä tutkimukset olivat systemaattinen kirjallisuuskatsaus tietosuojakäyttäytymisen malleista sekä katsaus EU:n tietosuojalainsäädännön muutoksista. Tutkimuksen tulokset osoittavat, että kehittyvissä tiedonkeruuympäristöissä tietosuojakäyttäytyminen ja tietosuojahuolet poikkeavat aikaisemmista ympäristöistä. Näissä ympäristöissä esiintyy niille ominaisia tietosuojahuolia ja huolten monitahoisuus korostuu. Koska tietosuojahuolet ovat kytköksissä muihin tietosuojakäyttäytymistä ennustaviin muuttujiin, arviointeihin voi olla aiheellista sisällyttää myös näitä muuttujia. Olemassa olevia tietosuojahuolten arviointi-instrumentteja on perusteltua käyttää arvioinnin lähtökohtana myös kehittyvissä tiedonkeruuympäristöissä, mutta niitä on mukautettava uusiin ympäristöihin soveltuviksi. Arvioinnin kehittäminen voi olla haasteellista, sillä aikaisempi tietosuojatutkimus on epäyhtenäistä. Jotta sitä voidaan soveltaa asianmukaisesti arviointien kehittämisessä, tutkimusta on vietävä kokonaisvaltaisempaan suuntaan.

information privacy

mixed-method research

personal data

personal data intensive services

privacy behaviour

privacy concerns

privacy concerns evaluation

dataintensiiviset palvelut

henkilötiedot

monimenetelmällinen tutkimus

tietosuoja

tietosuojahuolet

tietosuojahuolten arviointi

tietosuojakäyttäytyminen

Fine-Grained Anomaly Detection For In Depth Data Protection

Shagufta Mehnaz (9012230)

23 June 2020

Data represent a key resource for all organizations we may think of. Thus, it is not surprising that data are the main target of a large variety of attacks. Security vulnerabilities and phishing attacks make it possible for malicious software to steal business or privacy sensitive data and to undermine data availability such as in recent ransomware attacks.Apart from external malicious parties, insider attacks also pose serious threats to organizations with sensitive information, e.g., hospitals with patients’ sensitive information. Access control mechanisms are not always able to prevent insiders from misusing or stealing data as they often have data access permissions. Therefore, comprehensive solutions for data protection require combining access control mechanisms and other security techniques,such as encryption, with techniques for detecting anomalies in data accesses. In this the-sis, we develop fine-grained anomaly detection techniques for ensuring in depth protection of data from malicious software, specifically, ransomware, and from malicious insiders.While anomaly detection techniques are very useful, in many cases the data that is used for anomaly detection are very sensitive, e.g., health data being shared with untrusted service providers for anomaly detection. The owners of such data would not share their sensitive data in plain text with an untrusted service provider and this predicament undoubtedly hinders the desire of these individuals/organizations to become more data-driven. In this thesis, we have also built a privacy-preserving framework for real-time anomaly detection.

Computer System Security

anomaly detection

Data Privacy

How Private is Private?: Effects of Degree of Information Sharing on Group Ideation

Stewart, Michael Clark

17 June 2013

Many Computer-Supported Cooperative Work (CSCW) applications go to great lengths to maximize transparency by making available participants\' actions and respective application states to all others in real-time. Designers might intend to enhance coordination through increased transparency, but what other outcomes might be influenced by these choices? We developed two versions of a CSCW application to support a group idea generation task for collocated groups. One version had diminished transparency in comparison to the other. We studied the effects of this varied transparency on the groups\' generativity and collaboration. We found that in modulating transparency there was a trade-off between generativity and collaboration. Groups with diminished transparency felt that their groupmates built on their ideas more, but groups with increased transparency were more generative. These findings are tentative but suggest that the full story of group vs. solitary, private vs. public manipulations of technology, at least in the area of idea generation, is not yet sufficiently theorized or understood. / Master of Science

Collaboration

Micro-Coordination

Public

Private

Privacy

Är människor medvetna om sin personliga Integritet på Internet?

Norberg, Anton, Svefelt, Jesper

January 2020

Denna studie har haft som syfte att undersöka samt bilda en förståelse över hur medvetna folk är om sin integritet på Internet Sverige. Metoden för studien bygger på en litteraturstudie av relevant litteratur inom det aktuella forskningsområdet, samt ett frågeformulär som distribuerats på olika sociala medier. Resultatet samt analys av denna studie visar på att de personer som deltagit i frågeformuläret till stor del inte är medvetna om sin integritet. Många påstår sig vara medveten medan deras agerande på digitala plattformar visar på det motsatta genom till exempel val av webbläsare samt andra verktyg för ökat integritetsskydd. / The purpose of this study was to investigate and form an understanding how aware people are of their privacy on the Internet. The method for the study is based on a literature study of relevant literature in the current research area, as well as a questionnaire distributed on various social media channels. The result and analysis of this study shows that the people who participated in the questionnaire are largely unaware of their integrity. People claim to be aware while their actions on digital platforms show the opposite through, for example, the choice of browsers and other tools for increased privacy protection.

Personlig integritet

Privacy

Engineering and Technology

Teknik och teknologier

Sécurité et protection de la vie privée dans les systèmes RFID / Security and privacy in RFID systems

Elkhiyaoui, Kaoutar

12 September 2012

Vu que les tags RFID sont actuellement en phase de large déploiement dans le cadre de plusieurs applications (comme les paiements automatiques, le contrôle d'accès à distance, et la gestion des chaînes d’approvisionnement), il est important de concevoir des protocoles de sécurité garantissant la protection de la vie privée des détenteurs de tags RFID. Or, la conception de ces protocoles est régie par les limitations en termes de puissance et de calcul de la technologie RFID, et par les modèles de sécurité qui sont à notre avis trop forts pour des systèmes aussi contraints que les tags RFID. De ce fait, on limite dans cette thèse le modèle de sécurité; en particulier, un adversaire ne peut pas observer toutes les interactions entre tags et lecteurs. Cette restriction est réaliste notamment dans le contexte de la gestion des chaînes d’approvisionnement qui est l’application cible de ce travail. Sous cette hypothèse, on présente quatre protocoles cryptographiques assurant une meilleure collaboration entre les différents partenaires de la chaîne d’approvisionnement. D’abord, on propose un protocole de transfert de propriété des tags RFID, qui garantit l’authentification des tags en temps constant alors que les tags implémentent uniquement des algorithmes symétriques, et qui permet de vérifier l'authenticité de l’origine des tags. Ensuite, on aborde le problème d'authenticité des produits en introduisant deux protocoles de sécurité qui permettent à un ensemble de vérificateurs de vérifier que des tags “sans capacité de calcul” ont emprunté des chemins valides dans la chaîne d’approvisionnement. Le dernier résultat présenté dans cette thèse est un protocole d’appariement d’objets utilisant des tags “sans capacité de calcul”, qui vise l’automatisation des inspections de sécurité dans la chaîne d’approvisionnement lors du transport des produits dangereux. Les protocoles introduits dans cette thèse utilisent les courbes elliptiques et les couplages bilinéaires qui permettent la construction des algorithmes de signature et de chiffrement efficaces, et qui minimisent donc le stockage et le calcul dans les systèmes RFID. De plus, la sécurité de ces protocoles est démontrée sous des modèles formels bien définis qui prennent en compte les limitations et les contraintes des tags RFID, et les exigences strictes en termes de sécurité et de la protection de la vie privée des chaines d’approvisionnement. / While RFID systems are one of the key enablers helping the prototype of pervasive computer applications, the deployment of RFID technologies also comes with new privacy and security concerns ranging from people tracking and industrial espionage to produ ct cloning and denial of service. Cryptographic solutions to tackle these issues were in general challenged by the limited resources of RFID tags, and by the formalizations of RFID privacy that are believed to be too strong for such constrained devices. It follows that most of the existing RFID-based cryptographic schemes failed at ensuring tag privacy without sacrificing RFID scalability or RFID cost effectiveness. In this thesis, we therefore relax the existing definitions of tag privacy to bridge the gap between RFID privacy in theory and RFID privacy in practice, by assuming that an adversary cannot continuously monitor tags. Under this assumption, we are able to design sec ure and privacy preserving multi-party protocols for RFID-enabled supply chains. Namely, we propose a protocol for tag ownership transfer that features constant-time authentication while tags are only required to compute hash functions. Then, we tackle the problem of product genuineness verification by introducing two protocols for product tracking in the supply chain that rely on storage only tags. Finally, we present a solution for item matching that uses storage only tags and aims at the automation of safety inspections in the supply chain.The protocols presented in this manuscript rely on operations performed in subgroups of elliptic curves that allow for the construction of short encryptions and signatures, resulting in minimal storage requirements for RFID tags. Moreover, the privacy and the security of these protocols are proven under well defined formal models that take into account the computational limitations of RFID technology and the stringent privacy and security requirements of each targeted supply chain application.

RFID

Protection vie privée

RFID

Privacy protection