Towards Usable Privacy Management for IoT TAPs: Deriving Privacy Clusters and Preference Profiles

TL;DR

This paper proposes a method to improve privacy management in IoT Trigger-Action Platforms by deriving user privacy profiles through clustering based on privacy concerns and preferences, enabling more user-friendly controls.

Contribution

It introduces a semi-automatic approach to derive privacy clusters and profiles for IoT TAP users, validated through a large online study.

Findings

Identified three distinct privacy clusters among users.

Characterized privacy profiles based on data sharing preferences.

Provided a foundation for more usable privacy controls in TAPs.

Abstract

IoT Trigger-Action Platforms (TAPs) typically offer coarse-grained permission controls. Even when fine-grained controls are available, users are likely overwhelmed by the complexity of setting privacy preferences. This paper contributes to usable privacy management for TAPs by deriving privacy clusters and profiles for different types of users that can be semi-automatically assigned or suggested to them. We developed and validated a questionnaire, based on users' privacy concerns regarding confidentiality and control and their requirements towards transparency in TAPs. In an online study (N=301), where participants were informed about potential privacy risks, we clustered users by their privacy concerns and requirements into Basic, Medium and High Privacy clusters. These clusters were then characterized by the users' data sharing preferences, based on a factorial vignette approach, considering the data categories, the data recipient types, and the purpose of data sharing. Our findings show three distinct privacy profiles, providing a foundation for more usable privacy controls in TAPs.