Scott Lederer, Jason Hong, Anind Dey, and James Landay
Personal and Ubiquitous Computing
People cannot participate in meaningful privacy practices without understanding the extent of a technical system’s alignment with the relevant practice and without opportunities to conduct discernible social action through intuitive engagement of the system. It is a challenge for designers of interactive systems to empower understanding and action through the limited technical mechanisms of feedback and control. To help meet this challenge, we present five pitfalls to avoid when designing interactive systems with personal privacy implications, on or off the desktop. These pitfalls are: obscuring potential information flow, obscuring actual information flow, emphasizing configuration over action, lacking coarse-grained control, and inhibiting existing practice. These pitfalls are based on the literature, on analyses of existing privacy-affecting systems, and on our own experiences designing a user interface for managing privacy in ubiquitous computing. We illustrate how some existing research and commercial systems—our prototype included—fall into these pitfalls, and how some avoid them. We suggest that privacy-affecting systems that avoid these pitfalls can help their users appropriate and engage them in alignment with relevant privacy practice.