Users Can Deduce Sensitive Locations Protected by Privacy Zones on Fitness Tracking Apps

Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems Pub Date : 2022-04-29 DOI:10.1145/3491102.3502136

Jaron Mink, Amanda Rose Yuile, Uma Pal, Adam J. Aviv, Adam Bates

{"title":"Users Can Deduce Sensitive Locations Protected by Privacy Zones on Fitness Tracking Apps","authors":"Jaron Mink, Amanda Rose Yuile, Uma Pal, Adam J. Aviv, Adam Bates","doi":"10.1145/3491102.3502136","DOIUrl":null,"url":null,"abstract":"Fitness tracking applications allow athletes to record and share their exercises online, including GPS routes of their activities. However, sharing mobility data potentially raises real-world privacy and safety risks. One strategy to mitigate that risk is a “Privacy Zone,” which conceals portions of the exercise routes that fall within a certain radius of a user-designated sensitive location. A pressing concern is whether privacy zones are an effective deterrent against common attackers, such as a bike thief that carefully scrutinizes online exercise activities in search of their next target. Further, little is known about user perceptions of privacy zones or how they fit into the broader landscape of available privacy precautions. This work presents an online user study (N=603) that investigates the privacy concerns of fitness tracking users and evaluates the efficacy of privacy zones. Participants were first asked about their privacy behaviors with respect to fitness tracking applications. Next, participants completed an interactive task in which they attempted to deduce hidden locations protected by a privacy zone; we manipulated the number of displayed exercise activities that interacted with the privacy zone, as well as its size. Finally, participants were asked further questions about their impressions of privacy zones and use of other privacy precautions. We found that participants successfully inferred protected locations; for the most common privacy zone size, 68% of guesses fell within 50 meters of the hidden location when participants were shown just 3 activities. Further, we found that participants who viewed 3 activities were more confident about their success in the task compared to participants who viewed 1 activity. Combined, these results indicate that users’ privacy-sensitive locations are at risk even when using a privacy zone. We conclude by considering the implications of our findings on related privacy features and discuss recommendations to fitness tracking users and services to improve the privacy and safety of fitness trackers.","PeriodicalId":269130,"journal":{"name":"Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems","volume":"2012 6","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-04-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3491102.3502136","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Fitness tracking applications allow athletes to record and share their exercises online, including GPS routes of their activities. However, sharing mobility data potentially raises real-world privacy and safety risks. One strategy to mitigate that risk is a “Privacy Zone,” which conceals portions of the exercise routes that fall within a certain radius of a user-designated sensitive location. A pressing concern is whether privacy zones are an effective deterrent against common attackers, such as a bike thief that carefully scrutinizes online exercise activities in search of their next target. Further, little is known about user perceptions of privacy zones or how they fit into the broader landscape of available privacy precautions. This work presents an online user study (N=603) that investigates the privacy concerns of fitness tracking users and evaluates the efficacy of privacy zones. Participants were first asked about their privacy behaviors with respect to fitness tracking applications. Next, participants completed an interactive task in which they attempted to deduce hidden locations protected by a privacy zone; we manipulated the number of displayed exercise activities that interacted with the privacy zone, as well as its size. Finally, participants were asked further questions about their impressions of privacy zones and use of other privacy precautions. We found that participants successfully inferred protected locations; for the most common privacy zone size, 68% of guesses fell within 50 meters of the hidden location when participants were shown just 3 activities. Further, we found that participants who viewed 3 activities were more confident about their success in the task compared to participants who viewed 1 activity. Combined, these results indicate that users’ privacy-sensitive locations are at risk even when using a privacy zone. We conclude by considering the implications of our findings on related privacy features and discuss recommendations to fitness tracking users and services to improve the privacy and safety of fitness trackers.

查看原文本刊更多论文

用户可以在健身追踪应用上推断出受隐私区域保护的敏感位置

健身跟踪应用程序允许运动员在线记录和分享他们的锻炼，包括他们活动的GPS路线。然而，共享移动数据可能会增加现实世界的隐私和安全风险。减轻这种风险的一种策略是设立“隐私区”，将用户指定的敏感地点半径内的部分演习路线隐藏起来。一个紧迫的问题是，隐私区是否能有效地威慑普通的攻击者，比如一个自行车贼，他会仔细审查网上的运动活动，以寻找下一个目标。此外，我们对用户对隐私区域的看法以及它们如何适应现有隐私预防措施的更广泛范围知之甚少。这项工作提出了一项在线用户研究(N=603)，调查了健身追踪用户的隐私问题，并评估了隐私区的功效。参与者首先被问及他们在健身追踪应用程序方面的隐私行为。接下来，参与者完成了一个互动任务，在这个任务中，他们试图推断出被隐私区保护的隐藏地点;我们操纵了显示的运动活动的数量，这些活动与隐私区相互作用，以及它的大小。最后，参与者被进一步问及他们对隐私区和其他隐私预防措施的印象。我们发现参与者成功地推断出受保护的地点;对于最常见的隐私区大小，当参与者只看到3项活动时，68%的猜测落在隐藏位置50米内。此外，我们发现观看3项活动的参与者比观看1项活动的参与者更有信心完成任务。综上所述，这些结果表明，即使在使用隐私区时，用户的隐私敏感位置也处于危险之中。最后，我们考虑了我们的研究结果对相关隐私功能的影响，并讨论了对健身追踪用户和服务的建议，以改善健身追踪器的隐私和安全。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems

自引率

0.00%

发文量