CUPS - CyLab Usable Privacy and Security Laboratory - Carnegie Mellon University, 5000 Forbes Ave., Pittsburgh, PA 15213

Privacy decision making

While most people claim to be very concerned about their privacy, they do not consistently take actions to protect it. Web retailers detail their information practices in their privacy policies, but most of the time this information remains invisible to consumers. Our research focuses on understanding how individuals make privacy-related decisions, finding ways to make privacy information more usable to consumers, and using soft-paternalism to provide privacy nudges. CUPS researchers developed a "nutrition label" for privacy and a search engine for bank privacy policies. We are also studying user attitudes about privacy on social networks, privacy for mobile apps, and as the usability and effectiveness of online tracking opt-out tools. Our Usable Privacy Policy Project is developing approaches to extracting information from natural-language privacy policies and displaying that information in useful ways for users.

F. Schaub, R. Balebako, A. Durity, and L. Cranor. A Design Space for Effective Privacy Notices. SOUPS 2015.

H. Almuhimedi, F. Schaub, N. Sadeh, I. Adjerid, A. Acquisti, J. Gluck, L. F. Cranor, Y. Agarwal. Your Location has been Shared 5,398 Times!: A Field Study on Mobile App Privacy Nudging. CHI2015.

A. Rao, F. Schaub, N. Sadeh. What do they know about me? Contents and Concerns of Online Behavioral Profiles. PASSAT ’14. December 2014. J. R. Reidenberg, T. D. Breaux, L. F. Cranor, B. French, A. Grannis, J. T. Graves, F. Liu, A. M. McDonald, T. B. Norton, R. Ramanath, N. C. Russell, N. Sadeh, F. Schaub. Disagreeable Privacy Policies: Mismatches between Meaning and Users’ Understanding. 42nd Research Conference on Communication, Information and Internet Policy (TPRC ’14). September 2014.

L. Cranor, A. Durity, A. Marsh, and B. Ur. Parents' and Teens' Perspectives on Privacy in a Technology-Filled World. SOUPS 2014.

Y. Wang, P. Leon, A. Acquisti, L.F. Cranor, A. Forget, N. Sadeh. A Field Trial of Privacy Nudges for Facebook. ACM SIGCHI Conference on Human Factors in Computing Systems (CHI2014). [teaser video]

Rebecca Balebako, Abigail Marsh, Jialiu Lin, Jason Hong, Lorrie Faith Cranor. The Privacy and Security Behaviors of Smartphone App Developers. Workshop on Usable Security (USEC 2014). San Diego, CA, February 23, 2014.

Rebecca Balebako, Rich Shay, and Lorrie Faith Cranor. Is Your Inseam a Biometric? A Case Study on the Role of Usability Studies in Developing Public Policy. Workshop on Usable Security (USEC 2014). San Diego, CA, February 23, 2014.

Lujo Bauer, Lorrie Faith Cranor, Saranga Komanduri, Michelle L. Mazurek, Michael K. Reiter, Manya Sleeper, Blase Ur. The Post Anachronism: The Temporal Dimension of Facebook Privacy. Workshop on Privacy in the Electronic Society. Berlin, Germany. November 2013.

R. Balebako, R. Shay, and L.F. Cranor. Is Your Inseam a Biometric? Evaluating the Understandability of Mobile Privacy Notice Categories. CMU CyLab Technical Report CMU-CyLab-13-011.

P.G. Leon, B. Ur, Y. Wang, M. Sleeper, R. Balebako, R. Shay, L. Bauer, M. Christodorescu, L.F. Cranor. What Matters to Users? Factors that Affect Users' Willingness to Share Information with Online Advertisers. In Proceedings of the Eight Symposium On Usable Privacy and Security (SOUPS ’13), Newcastle, United Kingdom, 2013.

R. Balebako, J. Jung, W. Lu, L.F. Cranor, and C. Nguyen. "Little Brothers Watching You:" Raising Awareness of Data Leaks on Smartphones In Proceedings of the Eight Symposium On Usable Privacy and Security (SOUPS ’13), Newcastle, United Kingdom, 2013.

B. Ur and Y. Wang. A Cross-Cultural Framework for Protecting User Privacy in Online Social Media. In WWW Workshop on Privacy and Security in Online Social Media (PSOSM ’13), Rio de Janeiro, Brazil, 2013.

Y. Wang, P. Leon, L. Cranor, A. Acquisti, X. chen, and K. Scott. Privacy Nudges for Social Media: An Exploratory Facebook Study. In WWW Workshop on Privacy and Security in Online Social Media (PSOSM ’13), Rio de Janeiro, Brazil, 2013.

L.F. Cranor, K. Idouchi, P.G. Leon, M. Sleeper, B. Ur. Are They Actually Any Different? Comparing Thousands of Financial Institutions’ Privacy Practices. WEIS 2013.

P.G. Kelley, L.F. Cranor, and N. Sadeh. Privacy as Part of the App Decision-Making Process. CHI 2013.

M. Sleeper, J. Cranshaw, P.G. Kelley, B. Ur, A. Acquisti, L.F. Cranor, N. Sadeh. "I read my Twitter the next morning and was astonished": A conversational perspective on Twitter regrets. CHI 2013.

F. Stutzman, R. Gross, A. Acquisti. Silent Listeners: The Evolution of Privacy and Disclosure on Facebook. Journal of Privacy and Confidentiality: Vol. 4: Iss. 2, Article 2.

M. Sleeper, R. Balebako, S. Das, A.L. McConahy, J. Wiese, and L.F. Cranor. The Post that Wasn’t: Exploring Self-Censorship on Facebook. CSCW 2013, February 2013.

L.F. Cranor. Necessary But Not Sufficient: Standardized Mechanisms for Privacy Notice and Choice. Journal of Telecommunications and High Technology Law, Vol. 10, No. 2, 2012. [See also related blog post]

B. Ur, P.G. Leon, L.F. Cranor, R. Shay, and Y. Wang. Smart, Useful, Scary, Creepy: Perceptions of Online Behavioral Advertising, Technical Report CMU-CyLab-12-007, April 2, 2012. SOUPS 2012.

B. Ur, M. Sleeper, L.F. Cranor. {Privacy, Privacidad, Приватност} Policies in Social Media: Providing Translated Privacy Notice. PSOSM 2012.

R. Balebako, P.G. Leon, R. Shay, B. Ur, L.F. Cranor. Measuring the Effectiveness of Privacy Tools for Limiting Behavioral Advertising. W2SP 2012.

P.G. Leon, J. Cranshaw, L.F. Cranor, J. Graves, M. Hastak, B. Ur. What Do Online Behavioral Advertising Disclosures Communicate to Users?, Technical Report CMU-CyLab-12-008, April 2, 2012. WPES 2012.

L.F. Cranor. Can Users Control Online Behavioral Advertising Effectively? IEEE Security & Privacy. March/April 2012 (vol. 10 no. 2) pp. 93-96.

P.G. Leon, B. Ur, R. Balebako, L.F. Cranor, R. Shay, and Y. Wang. Why Johnny Can't Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising. CHI 2012. [Extended version available as CyLab tech report]

P.G. Kelley, S. Consolvo, L.F. Cranor, J. Jung, N. Sadeh, D. Wetherall. A Conundrum of Permissions: Installing Applications on an Android Smartphone. Workshop on Usable Security. March 2, 2012, Bonaire.

B. Ur and Y. Wang. Online Social Networks in a Post-Soviet State: How Hungarians Protect and Share on Facebook. iConference 2012.

P.G. Kelley, R. Brewer, Y. Mayer, L.F. Cranor, and N. Sadeh, An investigation into Facebook friend grouping. 13th IFIP TC 13 international Conference on Human-Computer interaction (INTERACT). Lisbon, Portugal, September 5-9, 2011, 216-233.

S. Komanduri, R. Shay, G. Norcie, B. Ur, L.F. Cranor. AdChoices? Compliance with Online Behavioral Advertising Notice and Choice Requirements. In I/S: A Journal of Law and Policy for the Information Society, 7:3 2011. [I/S]

J. Wiese, P.G. Kelley, L.F. Cranor, L. Dabbish, J.I. Hong and J. Zimmerman. Are You Close with Me? Are You Nearby? Investigating Social Groups, Closeness, and Willingness to Share UbiComp 2011.

Y. Wang, S. Komanduri, P.G. Leon, G. Norcie, A. Acquisti, L.F. Cranor. I regretted the minute I pressed share: A Qualitative Study of Regrets on Facebook. SOUPS 2011.

Y. Wang, G. Norcie, L.F. Cranor. Who Is Concerned about What? A Study of American, Chinese and Indian Users Privacy Concerns on Social Network Sites. 4th International Conference on Trust & Trustworthy Computing (TRUST 2011).

R. Balebako, P.G. Leon, H. Almuhimedi, P.G. Kelley, J. Mugan, A. Acquisti, L.F. Cranor, and N. Sadeh. Nudging Users Towards Privacy on Mobile Devices. The 2nd International Workshop on Persuasion, Influence, Nudge & Coercion through mobile devices, May 8, 2011, Vancouver, Canada (at CHI2011).

A. McDonald and L. Cranor. A Survey of the Use of Adobe Flash Local Shared Objects to Respawn HTTP Cookies. CyLab Technical Report, January 31, 2011.

P.G. Leon, L.F. Cranor, A.M. McDonald, and R. McGuire. Token Attempt: The Misrepresentation of Website Privacy Policies through the Misuse of P3P Compact Policy Tokens WPES 2010.

A.M. McDonald and L.F. Cranor. Beliefs and Behaviors: Internet Users' Understanding of Behavioral Advertising. 38th Research Conference on Communication, Information and Internet Policy. October 2, 2010.

A.M. McDonald and L.F. Cranor. Americans' Attitudes About Internet Behavioral Advertising Practices. WPES 2010.

B. Meeder, J. Tam, P.G. Kelley, and L.F. Cranor. RT @IWantPrivacy: Widespread Violation of Privacy Settings in the Twitter Social Network. Web 2.0 Security and Privacy 2010 (W2SP 2010). May 20, 2010.

A.M. McDonald and L.F. Cranor. An Empirical Study of How People Perceive Online Behavioral Advertising. Carnegie Mellon CyLab Technical Report CMU-CyLab-09-015, November 10, 2009.

P.G. Kelley, L.J. Cesca, J. Bresee, and L.F. Cranor. Standardizing Privacy Notices: An Online Study of the Nutrition Label Approach. CHI2010. [Originally published as Carnegie Mellon CyLab Technical Report CMU-CyLab-09-014, November 10, 2009.]

J.Y. Tsai. The Impact of Salient Privacy Information on Decision-Making, PhD Thesis, Engineering & Public Policy Department, Carnegie Mellon University, Pittsburgh, PA, August 2009.

A.M. McDonald, R.W. Reeder, P.G. Kelley, and L.F. Cranor. A comparative study of online privacy policies and formats. Privacy Enhancing Technologies Symposium 2009.

P. Kelley, J. Bresee, L. Cranor, and R. Reeder. A "Nutrition Label" for Privacy. SOUPS 2009

S. Egelman, J. Tsai, L. Cranor, and A. Acquisti. 2009. Timing Is Everything? The Effects of Timing and Placement of Online Privacy Indicators. CHI '09: Proceedings of the SIGCHI conference on Human Factors in Computing Systems.

A. McDonald and L. Cranor. The Cost of Reading Privacy Policies. I/S: A Journal of Law and Policy for the Information Society 2008 Privacy Year in Review issue. [Paper originally presented at TPRC 2008, Sept 26-28, 2008, Arlington, VA.]

L. Cranor, L., Egelman, S. Sheng, A. McDonald, and A. Chowdhury. P3P Deployment on Websites. Electronic Commerce Research and Applications, Volume 7, Issue 3, Autumn 2008, Pages 274-293.

J. Tsai, S. Egelman, L. Cranor, and A. Acquisti. The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study. Information Systems Research, published online February 2010. Winner of the Information Systems Research/Association for Information Systems' Best Published Paper Award 2012. [Paper first presented at the Workshop on the Economics of Information Security, June 7-8, 2007, Pittsburgh, PA.]

S. Egelman, L. Cranor, and A. Chowdhury. An Analysis of P3P-Enabled Web Sites among Top-20 Search Results. Proceedings of the Eighth International Conference on Electronic Commerce August 14-16, 2006, Fredericton, New Brunswick, Canada.

J. Gideon, S. Egelman, L. Cranor, and A. Acquisti. Power Strips, Prophylactics, and Privacy, Oh My! In Proceedings of the 2006 Symposium On Usable Privacy and Security, 12-14 July 2006, Pittsburgh, PA.

L. Cranor, P. Guduru, and M. Arjula. User Interfaces for Privacy Agents. ACM Transactions on Computer-Human Interaction, June 2006, pp 135-178.

P. Kumaraguru and L. Cranor. Privacy Indexes: A Survey of Westin's Studies. ISRI Technical Report. CMU-ISRI-05-138, 2005.

P. Kumaraguru and L. Cranor. Privacy in India: Attitudes and Awareness. In Proceedings of the 2005 Workshop on Privacy Enhancing Technologies (PET2005), 30 May - 1 June 2005, Dubrovnik, Croatia.

L. Cranor. Web Privacy with P3P (2002). Sebastopol, CA: O'Reilly & Associates, Inc.

Privacy policy