[PET] Negative Results in Security and Privacy

Sören Preibusch Soeren.Preibusch at cl.cam.ac.uk
Mon Jun 6 21:01:56 BST 2011


Adam, Matthew, Günter, Steven, and dear list,

Good point. We validated offline to the furthest possible extent -- in the
case of salary, this meant plausibility checks. In the absence of online
checks during submission, a malicious user could have submitted "asdgh" as
her salary without any penalty. None of such values was encountered. 

Regarding payment information, the majority of the participants paid cash to
the experimenter. Results are independent of the payment instrument.

No differences were found regarding the choice of DVD (type or base price),
and yes, these are important things to test for.

If we perform science rather than engineering, I would avoid the phrase "X
has shown that Y". In particular as previous studies did suffer from
experimenter bias as the (purchase and data) transaction was with the
laboratory staff rather than with a commercial data controller. Similarly,
results naturally differ if consumers have to make privacy decisions for
themselves or if they are guided by the privacy rating provided by an
intermediary, such as a product search engine or privacy seals (with all the
contradictions they include).

Sören

PS: square wheels work pretty well depending on the road
<http://en.wikipedia.org/wiki/File:Rolling-Square.gif>


-----Original Message-----
From: pet-bounces at lists.links.org [mailto:pet-bounces at lists.links.org] On
Behalf Of Adam Shostack
Sent: 30 May 2011 19:29
To: Discussion of privacy enhancing technologies
Subject: Re: [PET] Negative Results in Security and Privacy

Thanks for sharing this paper!

I don't think that the experiment allows us to make broad
generalizations.  In the "privacy sensitive" case you ask for date of
birth and monthly salary, but people could have lied about their
answers while saving a euro.  Additionally, since the participants
were already giving up privacy in providing payment information, the
additional intrusion may have seemed irrelevant.

I do think it's an interesting setup and probably worth further
investigation to tease out questions like what happens if subjects
could pay with cash, does the DVD subject matter impact their choices,
or what happens if the experimenters engaged in validation of the
information submitted?

Adam

On Mon, May 30, 2011 at 06:44:13PM +0100, Sören Preibusch wrote:
| When looking for negative results, inter alia, our recent field experiment
| did reveal: consumers do not prefer privacy-friendly retailers even if
| everything else is the same
| <http://ideas.repec.org/p/iza/izadps/dp5017.html>, "Unwillingness to Pay
for
| Privacy: A Field Experiment".
| 
| So, yes, such findings are relevant.
| 
| Sören
| 
| -----Original Message-----
| From: pet-bounces at lists.links.org [mailto:pet-bounces at lists.links.org] On
| Behalf Of Matthijs R. Koot
| Sent: 15 May 2011 17:16
| To: Discussion of privacy enhancing technologies
| Subject: [PET] Negative Results in Security and Privacy
| 
| Hi pet at lists.links.org,
| 
| Biomedicine has a Journal of Negative Results in Biomedicine:
| 
| http://www.jnrbm.com/
| 
| Could a "Journal of Negative Results in Security and Privacy" (and/or
| Surveillance) be viable? Topic for a panel discussion at PETS 2011?
| 
| Best regards,
| Matthijs R. Koot
| University of Amsterdam, NL
| _______________________________________________
| PET mailing list
| PET at lists.links.org
| http://lists.links.org/mailman/listinfo/pet
| 
| _______________________________________________
| PET mailing list
| PET at lists.links.org
| http://lists.links.org/mailman/listinfo/pet

_______________________________________________
PET mailing list
PET at lists.links.org
http://lists.links.org/mailman/listinfo/pet



More information about the PET mailing list