Understanding and minimizing identity exposure in ubiquitous computing environments

Abstract

Various miniaturized computing devices that store our identities are emerging rapidly. They allow our identity information to be easily exposed and accessed via wireless networks. When identity information is associated with our personal and context information that is gathered by ubiquitous computing devices, personal privacy might be unprecedentedly sacrificed. People, however, have different privacy protection skills, awareness, and privacy preferences. Individuals can be uniquely identified on the basis of only a few identity elements used in combination. To the best of our knowledge, this is the first study to understand the following issues and their relations: a) what identity elements people think are important; b) what actions people claim to take to protect their identities and privacy; c) privacy concerns; d) how people expose their identities in ubiquitous computing environments; and e) how our rational identity exposure model can help to minimize identity exposure. We build a simulated ubiquitous computing shopping system, called InfoSource. It consists of two applications and our rational identity exposure model. We present our experiments and statistical analysis results. Our data show that exposure decisions depend on participants' attitudes about maintaining privacy, but they do not depend on participants' concerns and claimed actions related to identity exposure. Our RationalExposure model helped participants to minimize unnecessary exposures.