3.3.4 Identity Management and Anonymization
The concept of “privacy assistants” is also central to work by Rannenberg et al. and Jendricke and Gerd tom Markotten on reachability managers [166, 246]. Jendricke and Gerd tom Markotten claim that PETs can help people negotiate their privacy “boundary” by associating different privacy profiles with several digital “identities.”
In this model, users can dynamically define and select privacy profiles, for example, based on the current activity of the user, the web site visited, or the current desktop application used. The interface provides an unobtrusive cue of the current selected identity so that the user can continuously adjust her status. However, it is not clear whether a profile-based approach can simplify privacy preferences. Users may forget to switch profiles, as happens with profiles on cell phones and away messages on IM. Studying user interfaces for managing profiles of ubiquitous computing environments, Lederer et al. found that participants had difficulty predicting what information would actually be disclosed . Furthermore, Cadiz and Gupta, in their analysis of sharing preferences in collaborative settings, discovered that sharing personal information is a nuanced activity .
The concept of profiles has been further developed into the more general idea of “identity management.” Here, users have several identities, or “personas,” which can be used to perform different online transactions. For example, users could have an “anonymous persona” to surf general web sites, a “domestic persona” for accessing retail web sites, and an “office persona” for accessing corporate intranets. Decoupling personas from individuals can reduce the information collected about a single individual. However, identity management technologies are rather complex. So far, allowing easy definition of policies and simple awareness active personas has proven to be a difficult task.
Various designs for identity management have been developed. For example, Boyd’s Faceted Id/entity system uses a technique similar to Venn diagrams to explicitly specify different groups and people within those groups . The EU PRIME project has also explored various user interfaces for identity management, including menu-based approaches, textual/graphic interfaces, and more sophisticated animated representations that leverage a town map metaphor . Graphical metaphors are often used with other PETs, e.g., using images of keys, seals, and envelopes for email encryption. However, researchers agree that representing security and privacy concepts often fails due to their abstract nature. For example, Pettersson et al. evaluated alternative user interfaces for identity management, and concluded that it is difficult to develop a uniform and understandable vocabulary and set of icons that support the complex transactions involved in identity management and privacy management.
end-user-privacy-in-human-computer-interaction-v57.docPage 37 of 85