07-22-11
Home is safer than the cloud! Privacy concerns for consumer cloud storage (Paper 13)
Cloud storage seems to promise access to your data from anywhere, security and backups managed for you, and other wonderful features. But there are some catches:
- Can the cloud provider view and modify my data? Can they sell it?
- Who is liable in case data is lost?
- Is the content in the cloud really secure from hackers, government agents, etc?
Prior studies have looked at enterprise concerns about cloud storage, but not end users; also many privacy studies focus on the U.S.
In this paper, the authors chose to examine the attitudes toward cloud storage of end users in Switzerland and in India. They conducted 36 semi-structured interviews in each country, asking about current practices, privacy perceptions, and rights and guarantees related to cloud storage. Based on the interview results, the authors formulated a 20-minute online survey containing multiple-choice and Likert questions on the same topics, with about 400 participants.
Current data storage practices and attitudes:
- More than 80% keep local backups of data they store on the internet
- About 80% also “try not to” store sensitive data online; Swiss are less comfortable than Indians storing sensitive information online
- A majority feel that if their data is hacked it’s their own fault for keeping the data on the internet in the first place
Attitudes toward privacy:
- No data is safe; anything can be hacked
- But I’m not very interesting so no one would bother
- Swiss are less accepting of government monitoring and surveillance than Indians are.
Consumer misperceptions:
- Don’t realize that the webmail provider can delete/disable your account at any time
- Don’t realize that the webmail provider can examine your attachments
- Don’t know what their rights are if data is lost
Recommendations:
- Provide stronger security mechanisms in the cloud
- Improve presentation of privacy policies
- Consumer protection rules, agencies for cloud storage
- Future work: investigate awareness of international laws
Read the full paper at http://cups.cs.cmu.edu/soups/2011/proceedings/a13_Sachdeva.pdf
PHOTOGRAPHY
RECENT
- Two new CUPS studies on online behavioral advertising
- Why Johnny Can’t Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising
- I Know Where You Live: Analyzing Privacy Protection in Public Databases
- Indirect Content Privacy Surveys: Measuring Privacy Without Asking About It (paper 15)
- Home is safer than the cloud! Privacy concerns for consumer cloud storage (Paper 13)
- Privacy: Is There An App For That? (Paper 12)
- ROAuth: Recommendation Based Open Authorization (Paper 11)