Exposure: Conveying and Controlling Privacy Exposure

With the advent of sensor-rich mobile devices such as smartphones, an increasing number of people are sharing personal “contextual” information like location, activity, and health/fitness information with members of their social network. To enhance privacy for people sharing such information, a large body of research has focused on ways for users to specify who should be authorized to access their information. This research improves end-user privacy by addressing the related question of “Who is accessing my information and to what extent?”. Providing users with an accurate sense of their “exposure” will enable them to better control how their contextual information is shared and will help mitigate emerging privacy risks.

This research advances the state of the art in privacy by formalizing the notion of exposure-awareness research, and by investigating metrics that can be used to quantify a person?s exposure, developing usable feedback models and visualizations that leverage these metrics to convey exposure, and creating exposure control extensions to established policy architectures to help users control exposure and refine their data sharing policies over time. The proposed research will thus allow ordinary people to proactively rein in the amount of personal information shared online, and will reduce the privacy risks for the large population of users who are increasingly using social-networking applications to share personal contextual information.


Apu Kapadia, Indiana University
Adam J. Lee, University of Pittsburgh

Research Scientist
Sameer Patil,  Helsinki Institute for Information Technology (HIIT)

PhD Students
Roberto Hoyle
Greg Norcie

REU Undergrads
Paul Whalen
Steven Armes


Robert Templeman, Roberto Hoyle, Apu Kapadia, and David Crandall, 
Reactive Security: Responding to Visual Stimuli from Wearable Cameras,”
To appear in the Workshop on Usable Privacy & Security for wearable and domestic ubIquitous DEvices (UPSIDE ’14), 
Seattle, WA, USA, Sep 14, 2014.

Roberto Hoyle, Robert Templeman, Steven Armes, Denise Anthony, David Crandall, and Apu Kapadia,
Privacy Behaviors of Lifeloggers using Wearable Cameras,”
To appear in The ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp ’14),
Seattle, WA, USA, September 13–17, 2014.

Luke Hutton, Tristan Henderson, and Apu Kapadia, 
Short Paper: “Here I am, now pay me!”: Privacy Concerns in Incentivised Location-Sharing Systems,”
In Proceedings of The 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec ’14),
pp. 81–86, Oxford, UK, July 23–25, 2014.

Sameer Patil, Roman Schlegel, Apu Kapadia, and Adam J. Lee,
Reflection or Action?: How Feedback and Control Affect Location Sharing Decisions,”
In Proceedings of The ACM SIGCHI Conference on Human Factors in Computing Systems (CHI ’14),
pp. 101–110, Toronto, Canada, Apr 26–May 1, 2014.

Robert Templeman, Mohammed Korayem, David Crandall, and Apu Kapadia,
PlaceAvoider: Steering First-Person Cameras away from Sensitive Spaces,”
In Proceedings of The 21st Annual Network & Distributed System Security Symposium (NDSS ’14),
San Diego, CA, February 23–26, 2014.

Vaibhav Garg, Sameer Patil, Apu Kapadia, and L. Jean Camp,
Peer-produced Privacy Protection,”
In Proceedings of the IEEE International Symposium on Technology and Society (ISTAS ’13),
pp. 147–154, Toronto, Canada, June 27–29, 2013.

Roberto Hoyle, Sameer Patil, Dejanae White, Jerald Dawson, Paul Whalen, and Apu Kapadia,
“Attire: Conveying Information Exposure through Avatar Apparel (Demo)” ,
In Proceedings of The 2012 ACM Conference on Computer Supported Cooperative Work Companion (CSCW ’13),
pp. 19–22, San Antonio, Texas, USA, February 23–27, 2013.

Sameer Patil, Greg Norcie, Apu Kapadia, and Adam J. Lee,
Reasons, Rewards, Regrets: Privacy Considerations in Location Sharing as an Interactive Practice,”
In Proceedings of The Eighth Symposium on Usable Privacy and Security (SOUPS ’12),
Article 5, 15 pages, Washington DC, July 11–13, 2012.

Sameer Patil, Yann Le Gall, Adam J. Lee, and Apu Kapadia,
My Privacy Policy: Exploring End-user Specification of Free-form Location Access Rules,”
In Proceedings of the Workshop on Usable Security (USEC ’12),
pp. 86–97, Bonaire, March 2, 2012. © Springer-Verlag, LNCS 7398.

Yann Le Gall, Adam J. Lee, and Apu Kapadia,
PlexC: A Policy Language for Exposure Control,”
In Proceedings of The 17th ACM Symposium on Access Control Models and Technologies (SACMAT ’12),
pp. 219–228, Newark, NJ, USA, June 20–22, 2012.

Sameer Patil, Greg Norcie, Apu Kapadia, and Adam J. Lee,
“Check out where I am!”: Location Sharing Motivations, Preferences, and Practices,
In Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems Extended Abstracts (CHI EA ’12),
pp. 1997–2002, Austin, TX, May 5–10, 2012.

Sameer Patil and Apu Kapadia,
Are You Exposed? Conveying Information Exposure (Extended Abstract),”
In Proceedings of The 2012 ACM Conference on Computer Supported Cooperative Work Companion (CSCW ’12),
pp. 191–194, Seattle, WA, February 11–15, 2012.

Roman Schlegel, Apu Kapadia, and Adam J. Lee,
Eyeing your Exposure: Quantifying and Controlling Information Sharing for Improved Privacy,”
In Proceedings of the 2011 Symposium on Usable Privacy and Security (SOUPS ’11),
Article 14, 14 pages, Pittsburgh, Pennsylvania, July 20–22, 2011.


This material is based upon work supported by the National Science Foundation under Grant Nos. 1016603 and 1017229, and US DHS grant no. 2006-CS-001-000001, under the auspices of the Institute for Information Infrastructure Protection (I3P). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation, US DHS or the I3P.