Search results

The purpose of this paper is to analyse the problem of privacy disclosure of third party applications in online social networks (OSNs) through Facebook, investigate the limitations in the existing models to protect users privacy and propose a permission-based access control (PBAC) model, which gives users complete control over users’ data when accessing third party applications.

A practical model based on the defined permission policies is proposed to manage users information accessed by third party applications and improve user awareness in sharing sensitive information with them. This model is a combination of interfaces and internal mechanisms which can be adopted by any OSN having similar architecture to Facebook in managing third party applications, without much structural changes. The model implemented in Web interface connects with Facebook application programming interface and evaluates its efficacy using test cases.

The results show that the PBAC model can facilitate user awareness about privacy risks of data passed on to third party applications and allow users who are more concerned about their privacy from releasing such information to those applications.

The study provides further research in protecting users’ privacy in OSNs and thus avoid the risks associated with that, thereby increasing users’ trust in using OSNs.

The research has proven to be useful in improving user awareness on the risk associated with sharing private information on OSNs, and the practically implemented PBAC model guarantees full user privacy from unwanted disclosure of personal information to third party applications.

Web‐based social networks (WBSNs) are today one of the most relevant phenomena related to the advent of Web 2.0. The purpose of this paper is to discuss main security and privacy requirements arising in WBSNs, with a particular focus on access control, and to survey the main research activities carried out in the field. The social networking paradigm is today used not only for recreational purposes; it is also used at the enterprise level as a means to facilitate knowledge sharing and information dissemination both at the internet and at the intranet level. As a result of the widespread use of WBSN services, millions of individuals can today easily share personal and confidential information with an incredible amount of (possible unknown) other users. Clearly, this huge amount of information and the ease with which it can be shared and disseminated pose serious security and privacy concerns.

The paper discusses the main requirements related to access control and privacy enforcement in WBSNs. It presents the protection functionalities provided by today WBSNs and examines the main research proposals defined so far, in view of the identified requirements.

The area of access control and privacy for WBSNs is new and, therefore, many research issues still remain open. The paper provides an overview of some of these new issues.

The paper provides a useful discussion of the main security and privacy requirements arising in WBSNs, with a particular focus on access control. It also surveys the main research activities carried out in the field.

The concept and practice of e-services has become essential in business transactions. Yet there are still many organizations that have not developed e-services optimally. This is especially relevant in the context of Indonesian Airline companies. Therefore, many airline customers in Indonesia are still in doubt about it, or even do not use it. To fill this gap, this study attempts to develop a model for e-services adoption and empirically examines the factors influencing the airlines customers in Indonesia in using e-services offered by the Indonesian airline companies. Taking six Indonesian airline companies as a case example, the study investigated the antecedents of e-services usage of Indonesian airlines. This study further examined the impacts of motivation on customers in using e-services in the Indonesian context. Another important aim of this study was to investigate how ages, experiences and geographical areas moderate effects of e-services usage.

The study adopts a positivist research paradigm with a two-phase sequential mixed method design involving qualitative and quantitative approaches. An initial research model was first developed based on an extensive literature review, by combining acceptance and use of information technology theories, expectancy theory and the inter-organizational system motivation models. A qualitative field study via semi-structured interviews was then conducted to explore the present state among 15 respondents. The results of the interviews were analysed using content analysis yielding the final model of e-services usage. Eighteen antecedent factors hypotheses and three moderating factors hypotheses and 52-item questionnaire were developed. A focus group discussion of five respondents and a pilot study of 59 respondents resulted in final version of the questionnaire.

In the second phase, the main survey was conducted nationally to collect the research data among Indonesian airline customers who had already used Indonesian airline e-services. A total of 819 valid questionnaires were obtained. The data was then analysed using a partial least square (PLS) based structural equation modelling (SEM) technique to produce the contributions of links in the e-services model (22% of all the variances in e-services usage, 37.8% in intention to use, 46.6% in motivation, 39.2% in outcome expectancy, and 37.7% in effort expectancy). Meanwhile, path coefficients and t-values demonstrated various different influences of antecedent factors towards e-services usage. Additionally, a multi-group analysis based on PLS is employed with mixed results. In the final findings, 14 hypotheses were supported and 7 hypotheses were not supported.

The major findings of this study have confirmed that motivation has the strongest contribution in e-services usage. In addition, motivation affects e-services usage both directly and indirectly through intention-to-use. This study provides contributions to the existing knowledge of e-services models, and practical applications of IT usage. Most importantly, an understanding of antecedents of e-services adoption will provide guidelines for stakeholders in developing better e-services and strategies in order to promote and encourage more customers to use e-services. Finally, the accomplishment of this study can be expanded through possible adaptations in other industries and other geographical contexts.

This paper aims to design a secure and seamless system that ensures quick sharing of health-care data to improve the privacy of sensitive health-care data, the efficiency of health-care infrastructure, effective treatment given to patients and encourage the development of new health-care technologies by researchers. These objectives are achieved through the proposed system, a “privacy-aware data tagging system using role-based access control for health-care data.”

Health-care data must be stored and shared in such a manner that the privacy of the patient is maintained. The method proposed, uses data tags to classify health-care data into various color codes which signify the sensitivity of data. It makes use of the ARX tool to anonymize raw health-care data and uses role-based access control as a means of ensuring only authenticated persons can access the data.

The system integrates the tagging and anonymizing of health-care data coupled with robust access control policies into one architecture. The paper discusses the proposed architecture, describes the algorithm used to tag health-care data, analyzes the metrics of the anonymized data against various attacks and devises a mathematical model for role-based access control.

The paper integrates three disparate topics – data tagging, anonymization and role-based access policies into one seamless architecture. Codifying health-care data into different tags based on International Classification of Diseases 10th Revision (ICD-10) codes and applying varying levels of anonymization for each data tag along with role-based access policies is unique to the system and also ensures the usability of data for research.

The purpose of this paper is to build a research model that examines social media privacy concerns (SMPC) in relation to users’ trusting beliefs and risk beliefs.

An instrument with eight constructs (SMPC: collection, SMPC: secondary usage, SMPC: errors, SMPC: improper access, SMPC: control, SMPC: awareness, trusting beliefs and risk beliefs) was developed and administered to subjects from a mid-sized university in the USA. Collected data were analyzed using partial least square structural equation modeling.

The results showed that three of the six SMPC (i.e. secondary usage, improper access and awareness) were negatively and significantly associated with users’ trusting beliefs. In addition, three of the six SMPC (i.e. collection, errors and improper access) were positively and significantly associated with users’ risk beliefs.

Practical implications were aimed at the social media sites to design simple and straightforward privacy policy statements that are easy to understand; to safeguard users’ online privacy behaviors; and to develop mechanisms to protect personal information.

This study enhances the literature by contributing to a generalized knowledge of SMPC of users as they relate to their trusting beliefs and risk beliefs.

With the popularity of paid apps and increasing concerns about privacy hazards, this paper aims to investigate the impact of mobile services’ fee-charging models on consumers’ privacy concerns, and generate insights for app developers’ fee-charging strategies.

Three experimental studies including 550 participants were conducted. All studies were between-subjects designs and based on the context of financial mobile services. The implementations of fee-charging models were manipulated by both visualized and test-based stimuli.

The results reveal that consumers are less concerned about potential privacy violations when using subscription-based (vs. purchase-based) financial mobile services (study 1). This effect is mediated by consumers’ perceptions that app developers that charge subscription fees (vs. one-off prices) are more likely to be consumer-serving motivated (study 2 and 3).

This paper advances the current understanding of consumer response toward paid apps, by proposing and testing a novel attribution-based mechanism to explain why the implementation of a subscription-based versus purchase-based fee-charging model can result in more favorable consumer reactions. Furthermore, this paper identifies the implementation of contrasting fee-charging models as a market-related factor that affects the extent to which consumers are concerned about potential privacy violations, extending extant literature on consumer privacy concern.

Information dissemination has become a means of transparency for governments to enable the visions of e-government and smart government, and eventually gain, among others, the trust of various stakeholders such as citizens and enterprises. Information dissemination, on the other hand, may increase the chance of privacy breaches, which can undermine those stakeholders’ trust and thus the objectives of transparency. Moreover, fear of potential privacy breaches compels information disseminators to share minimum or no information. The purpose of this study is to address these contending issues of information disseminations, i.e. privacy versus transparency, when disseminating judicial information to gain (public) trust. Specifically, the main research questions are: What is the nature of the aforementioned “privacy–transparency” problem and how can we approach and address this class of problems?

To address these questions, the authors have carried out an explorative case study by reconsidering and analyzing a number of information dissemination cases within their research center for the past 10 years, reflecting upon the whole design research process, consulting peers through publishing a preliminary version of this contribution and embedding the work in an in-depth literature study on research methodologies, wicked problems and e-government topics.

The authors show that preserving privacy while disseminating information for transparency purposes is a typical wicked problem, propose an innovative designerly model called transitional action design research (TADR) to address the class of such wicked problems and describe three artifacts which are designed, intervened and evaluated according to the TADR model in a judicial research organization.

Classifying the privacy transparency problem in the judicial settings as wicked is new, the proposed designerly model is innovative and the realized artifacts are deployed and still operational in a real setting.

In the Web 2.0 era, users massively communicate through social networking services (SNS), often under false expectations that their communications and personal data are private. This paper aims to analyze privacy requirements of personal communications over a public medium.

This paper systematically analyzes SNS services as communication models and considers privacy as an attribute of users’ communication. A privacy threat analysis for each communication model is performed, based on misuse scenarios, to elicit privacy requirements per communication type.

This paper identifies all communication attributes and privacy threats and provides a comprehensive list of privacy requirements concerning all stakeholders: platform providers, users and third parties.

Elicitation of privacy requirements focuses on the protection of both the communication’s message and metadata and takes into account the public–private character of the medium (SNS platform). The paper proposes a model of SNS functionality as communication patterns, along with a method to analyze privacy threats. Moreover, a comprehensive set of privacy requirements for SNS designers, third parties and users involved in SNS is identified, including voluntary sharing of personal data, the role of the SNS platforms and the various types of communications instantiating in SNS.

Research on online user privacy shows that empirical evidence on how privacy literacy relates to users' information privacy empowerment is missing. To fill this gap, this paper investigated the respective influence of two primary dimensions of online privacy literacy – namely declarative and procedural knowledge – on online users' information privacy empowerment.

An empirical analysis is conducted using a dataset collected in Europe. This survey was conducted in 2019 among 27,524 representative respondents of the European population.

The main results show that users' procedural knowledge is positively linked to users' privacy empowerment. The relationship between users' declarative knowledge and users' privacy empowerment is partially supported. While greater awareness about firms and organizations practices in terms of data collections and further uses conditions was found to be significantly associated with increased users' privacy empowerment, unpredictably, results revealed that the awareness about the GDPR and user’s privacy empowerment are negatively associated. The empirical findings reveal also that greater online privacy literacy is associated with heightened users' information privacy empowerment.

While few advanced studies made systematic efforts to measure changes occurred on websites since the GDPR enforcement, it remains unclear, however, how individuals perceive, understand and apply the GDPR rights/guarantees and their likelihood to strengthen users' information privacy control. Therefore, this paper contributes empirically to understanding how online users' privacy literacy shaped by both users' declarative and procedural knowledge is likely to affect users' information privacy empowerment. The study empirically investigates the effectiveness of the GDPR in raising users' information privacy empowerment from user-based perspective. Results stress the importance of greater transparency of data tracking and processing decisions made by online businesses and services to strengthen users' control over information privacy. Study findings also put emphasis on the crucial need for more educational efforts to raise users' awareness about the GDPR rights/guarantees related to data protection. Empirical findings also show that users who are more likely to adopt self-protective approaches to reinforce personal data privacy are more likely to perceive greater control over personal data. A broad implication of this finding for practitioners and E-businesses stresses the need for empowering users with adequate privacy protection tools to ensure more confidential transactions.

Smartphone apps collect users' personal information, which triggers privacy concerns for app users. Consequently, app users restrict apps from accessing their personal information. This may impact the effectiveness of in-app advertising. However, research has not yet demonstrated what factors impact app users' decisions to use apps with restricted permissions. This study is aimed to bridge this gap.

Using a quantitative research method, the authors collected the data from 384 app users via a structured questionnaire. The data were analysed using AMOS and fuzzy-set qualitative comparative analysis (fsQCA).

The findings suggest privacy concerns and risks have a significant positive effect on app usage with restricted permissions, whilst reputation, trust and perceived benefits have significant negative impact on it. Some app-related factors, such as the number of apps installed and type of apps, also impact app usage with restricted permissions.

Based on the findings, the authors provided several implications for app stores, app developers and app marketers.

This study examines the factors that influence smartphone users' decisions to use apps with restricted permission requests. By doing this, the authors' study contributes to the consumer behaviour literature in the context of smartphone app usage. Also, by explaining the underlying mechanisms through which the principles of communication privacy management theory operate in smartphone app context, the authors' research contributes to the communication privacy management theory.