Users Can Deduce Sensitive Locations
Protected by Privacy Zones on Fitness Tracking Apps
1
Jaron Mink, Amanda Rose Yuile, Uma Pal, Adam J Aviv, Adam Bates
2
Allows users to record exercises such as runs and bike rides
Can be shared with other app users and on social media
Fitness tracking applications
3
Theft1
Physical Safety2
[1] Philippe Tremblay. 2018. Thieves allegedly use Strava to identify and steal cyclist’s $21,000 bike collection. tinyurl.com/2p8pje89
[2] Olivia Nuzzi. 2020. What It’s Like to Get Doxed for Taking a Bike Ride. https://tinyurl.com/2p828z39
Fitness apps pose privacy risks
4
Privacy Zone (PZ)
5
Technically Skilled User
(Hassan et al.
USENIX 2018)
Typical User
(This work)
6
RQ1: What are users’ general perceptions and behaviors regarding privacy when using fitness apps?
RQ2: How effective are privacy zones at protecting users’ sensitive locations against other users?
RQ3: How do users perceive the utility and effectiveness of privacy zones?
Research questions
Pre-Task Survey
Privacy Zone Task
Post-Task Survey
Pre-Task Survey
7
RQ1: What are users’ general perceptions and behaviors regarding privacy when using fitness apps?
RQ2: How effective are privacy zones at protecting users’ sensitive locations against other users?
RQ3: How do users perceive the utility and effectiveness of privacy zones?
Pre-Task Survey
Privacy Zone Task
Post-Task Survey
Research questions
8
3. Place Pin
2. Place PZ
1. Select PZ Size
Dependent Variable (Guess Error):
- 12 measurements per participant
- distance(True Center, Inferred Center)
Treatments:
- Number of Routes: (1 v 3 routes)
- Size of Privacy Zone: (1/8th, 3/8th, 5/8th mi)
Pre-Task Survey
Privacy Zone Task
Post-Task Survey
Methodology: inference task
9
Privacy Zone Task
Post-Task Survey
More routes and smaller radii decrease guess error
Pre-Task Survey
3-Route is smaller than 1-Route
10
Privacy Zone Task
Post-Task Survey
More routes and smaller radii decrease guess error
Pre-Task Survey
1/8th mi is smaller than 5/8th mi
11
Privacy Zone Task
Post-Task Survey
More routes and smaller radii decrease guess error
Pre-Task Survey
User 3-Route success rate: 63%
User 1-Route success rate: 25%
Algorithm 3-Route success rate: 97%
The relation between
1/8th and 5/8th is smaller
in 3-Route than in
1-Route
12
Privacy Zone Efficacy
Future Privacy Preference
Privacy Zone Task
Privacy Zone Usability
Methodology: privacy zone perceptions
Post-Task Survey
Pre-Task Survey
13
Attacker-Perspective
“How often do you think that you were correct when identifying the location with the pin?”
Defender-Perspective
“Based on your experiences with this task, how effective are Privacy Zones at protecting sensitive locations?”
66% (1 route) ~= 63% (3 route)
43% (1 route) <* 63% (3 routes)
Privacy Zone Task
Post-Task Survey
Pre-Task Survey
All:
By Route:
48%: Somewhat or very often
65%: Somewhat or very confident
PZ efficacy depends on perspective and task condition
14
Recommendations for:
Privacy Features
Users
Fitness Tracking
Applications
Investigate new defenses according to inference strategies and unaddressed concerns
Better inform users of
risks and privacy methods
Better protect user privacy given inference strategies and other user protection strategies
15
jaronmm2@illinois.edu @JaronMink jaronm.ink
Prior Perceptions & Behavior: (see paper for details)
Efficacy of privacy zones:
Perceptions of privacy zones:
Takeaways
Jaron Mink
Amanda Rose Yuile
Uma Pal
Adam J. Aviv
Adam Bates