al.’s study design was hypothetical. In a study using Experience Sampling, Consolvo et al. showed that disclosure of location information is heavily influenced by additional factors, including the purpose of the disclosure . These differences suggest that personal privacy dynamics should be investigated with studies that closely simulate the experience of the users, rather than on a hypothetical basis.
3.1.4 Incidental Information Privacy
A common problem encountered when several individuals are viewing the same computer screen is that potentially private information, such as bookmarks or financial information, may be accidentally disclosed. These accidental disclosures can happen, for example, when projecting onto a shared display or when a bystander happens to see someone else’s screen (i.e., “shoulder surfing”).
In a scenario-based survey, Hawkey and Inkpen confirmed that incidental eavesdropping is a concern for a majority of the surveyed participants . Incidental eavesdropping relates to information that can be glanced from casually viewing the screen of a user or overhearing a conversation. Hawkey and Inkpen also investigated what kinds of information individuals may be comfortable having others see, specifically focusing on web browsers, past search engine queries and browser bookmarks. They showed that the comfort level of the user in displaying personal information in the presence of onlookers is impacted not just by the sensitivity of the information being displayed, and by the identity of the viewer (e.g., spouse, friend/relative, work colleague), but also by the amount of control on the input devices (mouse, keyboard) that the onlooker has.
Managing incidental information disclosures is an example of the interpersonal boundary definition process described by Palen and Dourish . Drawing from this approach, Grinter et al.  analyzed everyday security and privacy practices in an organizational setting, examining the problem of incidental privacy with respect to its physical and informational aspects. Through interviews, Grinter et al. observed that their interviewees employed subtle practices to achieve privacy and security goals, such as positioning a computer screen such that visitors in an office could not see it, or stacking papers according to a secret rationale.
The increasing use of IT in mobile and casual situations suggests that the potential for incidental information privacy breaches is likely to become more relevant in the future. It is likely that an increasing amount of research in HCI will focus on privacy with respect to incidental information, shared displays, and related topics.
3.1.5 Media Spaces
We next examine privacy preferences in the context of media spaces, which are physical spaces enhanced with multimedia communication or recording technologies such as videoconferencing and always-on multimedia links between remote locations. Privacy concerns were recognized early on in this domain. For example, Root discusses the design of Cruiser, a multimedia communication tool developed at Bell Research in the late 1980’s . Through observational research in office environments, Root noted that the activity of observing other people is typically symmetric, meaning that it is not possible to observe others without being seen. This principle was applied to the design of
end-user-privacy-in-human-computer-interaction-v57.docPage 22 of 85