TY - GEN
T1 - Users Can Deduce Sensitive Locations Protected by Privacy Zones on Fitness Tracking Apps
AU - Mink, Jaron
AU - Yuile, Amanda Rose
AU - Pal, Uma
AU - Aviv, Adam J.
AU - Bates, Adam
N1 - Funding Information:
We would like to thank our reviewers for their valuable feedback, Wajih Ul Hassan for sharing and supporting our use of his Strava datasets, and Daniel Johnston, Dawei Wang, and Klaus Zou for their assistance in programming our survey software. This material is based upon work supported by the National Science Foundation under Grant Nos. CNS - 1951852 and 1955228, as well as the Graduate Research Fellowship Program under Grand No. DGE - 1746047. Any opinions, findings, conclusions, or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of their employers or the sponsors.
Publisher Copyright:
© 2022 ACM.
PY - 2022/4/29
Y1 - 2022/4/29
N2 - Fitness tracking applications allow athletes to record and share their exercises online, including GPS routes of their activities. However, sharing mobility data potentially raises real-world privacy and safety risks. One strategy to mitigate that risk is a "Privacy Zone,"which conceals portions of the exercise routes that fall within a certain radius of a user-designated sensitive location. A pressing concern is whether privacy zones are an effective deterrent against common attackers, such as a bike thief that carefully scrutinizes online exercise activities in search of their next target. Further, little is known about user perceptions of privacy zones or how they fit into the broader landscape of available privacy precautions. This work presents an online user study (N=603) that investigates the privacy concerns of fitness tracking users and evaluates the efficacy of privacy zones. Participants were first asked about their privacy behaviors with respect to fitness tracking applications. Next, participants completed an interactive task in which they attempted to deduce hidden locations protected by a privacy zone; we manipulated the number of displayed exercise activities that interacted with the privacy zone, as well as its size. Finally, participants were asked further questions about their impressions of privacy zones and use of other privacy precautions. We found that participants successfully inferred protected locations; for the most common privacy zone size, 68% of guesses fell within 50 meters of the hidden location when participants were shown just 3 activities. Further, we found that participants who viewed 3 activities were more confident about their success in the task compared to participants who viewed 1 activity. Combined, these results indicate that users' privacy-sensitive locations are at risk even when using a privacy zone. We conclude by considering the implications of our findings on related privacy features and discuss recommendations to fitness tracking users and services to improve the privacy and safety of fitness trackers.
AB - Fitness tracking applications allow athletes to record and share their exercises online, including GPS routes of their activities. However, sharing mobility data potentially raises real-world privacy and safety risks. One strategy to mitigate that risk is a "Privacy Zone,"which conceals portions of the exercise routes that fall within a certain radius of a user-designated sensitive location. A pressing concern is whether privacy zones are an effective deterrent against common attackers, such as a bike thief that carefully scrutinizes online exercise activities in search of their next target. Further, little is known about user perceptions of privacy zones or how they fit into the broader landscape of available privacy precautions. This work presents an online user study (N=603) that investigates the privacy concerns of fitness tracking users and evaluates the efficacy of privacy zones. Participants were first asked about their privacy behaviors with respect to fitness tracking applications. Next, participants completed an interactive task in which they attempted to deduce hidden locations protected by a privacy zone; we manipulated the number of displayed exercise activities that interacted with the privacy zone, as well as its size. Finally, participants were asked further questions about their impressions of privacy zones and use of other privacy precautions. We found that participants successfully inferred protected locations; for the most common privacy zone size, 68% of guesses fell within 50 meters of the hidden location when participants were shown just 3 activities. Further, we found that participants who viewed 3 activities were more confident about their success in the task compared to participants who viewed 1 activity. Combined, these results indicate that users' privacy-sensitive locations are at risk even when using a privacy zone. We conclude by considering the implications of our findings on related privacy features and discuss recommendations to fitness tracking users and services to improve the privacy and safety of fitness trackers.
KW - data sharing
KW - Fitness trackers
KW - online survey
KW - privacy
KW - privacy zones
UR - http://www.scopus.com/inward/record.url?scp=85130521336&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85130521336&partnerID=8YFLogxK
U2 - 10.1145/3491102.3502136
DO - 10.1145/3491102.3502136
M3 - Conference contribution
AN - SCOPUS:85130521336
T3 - Conference on Human Factors in Computing Systems - Proceedings
BT - CHI 2022 - Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems
PB - Association for Computing Machinery
T2 - 2022 CHI Conference on Human Factors in Computing Systems, CHI 2022
Y2 - 30 April 2022 through 5 May 2022
ER -