I am happy to announce that we have a new paper accepted to SOUPS 2019, the Fifteenth Symposium on Usable Privacy and Security. The paper, written by Oshrat Ayalon and Eran Toch, will be presented at the symposium, at August 11–13, In Santa Clara, USA, Co-located with USENIX Security ’19.

The paper asks a pretty simple question: can we use A/B testing, a classic user-centered design method, to tackle privacy flaws in design processes? The answer is: that depends on the feature you want to test. Users are keen to detect and flag privacy intrusions in social settings, but not so much in other settings.The awesome Shany Peter actually implemented the system. More in the paper itself.

Evaluating Users’ Perceptions about a System’s Privacy:
Differentiating Social and Institutional Aspects

Abstract: System design has a crucial effect on users’ privacy, but privacy-by-design processes in organizations rarely involve end-users. To bridge this gap, we investigate how User-Centered Design (UCD) concepts can be used to test how users perceive their privacy in system designs. We describe a series of three online experiments, with 1,313 participants overall, in which we attempt to develop and validate the reliability of a scale for Users’ Perceived Systems’ Privacy (UPSP). We found that users’ privacy perceptions of information systems consist of three distinctive aspects: institutional, social and risk. We combined our scale with A/B testing methodology to compare different privacy design variants for given background scenarios. Our results point that A/B testing methodology and the scale are mostly applicable for evaluating privacy designs in the context of a social aspect.