GPII User Privacy Settings design

Jonathan Hung jhung at ocadu.ca
Tue Apr 30 14:10:08 EDT 2013


Hi everyone,

This morning, Arash, Colin, Dana, Joanna, and I met to discuss the work
that has started on the GPII user privacy settings. In a nutshell, GPII
user privacy settings is a facility that allows an end user to define and
control what part of their preference sets are accessible by third party
websites.

To date we (Arash and I) have done a quick competitive analysis of existing
privacy / security settings found in popular devices, applications, and
websites (see
http://wiki.fluidproject.org/display/fluid/GPII+User+Privacy+Settings+-+Competitive+Analysis).
We have identified a pain point when a user is asked to authorize another
entity access to personal information:

   - it is unclear how much personal information is going to be accessed
   and for what purposes
   - there is no obvious personal control over this agreement
   - declining the agreement often results in denied access to the desired
   feature

We have also started to do some early sketching of what the privacy system
may look like to an end user (see
http://wiki.fluidproject.org/display/fluid/GPII+User+Privacy+Settings+-+Sketches+and+Mind+Maps).
These early sketches depict an inverted relationship to traditional online
privacy:

   - the 3rd party site presents what information they require and why they
   need it
   - the user determines what personal information they will share and for
   how long (i.e. temporary or permanent).
   - users gain access to their desired 3rd party site based on their
   mutual agreement.

Work has begun on creating new scenarios based on the Sam use case for
Cloud for All<http://wiki.fluidproject.org/display/fluid/%28C4A%29+Use+Cases>.
These new scenarios will depict Sam accessing various online services and
how she negotiates a privacy relationship with each site. These use cases
will be located at this wiki page:
http://wiki.fluidproject.org/display/fluid/GPII+User+Privacy+Settings+-+Use+Cases.
We will also explore scenarios where Sam uses a public computer using her
Cloud for All credentials, and how privacy is managed in that case.

Work will continue on the design of the privacy system and how the user
will specify default privacy settings, how exceptions are created and
managed, and what the experience will be like in exceptional cases (i.e.
the user has declined a website all access to personal information). This
work will be tied very closely with the evolving use cases.

You can keep track of the ongoing work by watching the GPII User Privacy
Settings wiki page:
http://wiki.fluidproject.org/display/fluid/GPII+User+Privacy+Settings.

We welcome your comments and questions!

Cheers,

- Jon.

-- 

*JONATHAN HUNG*

INCLUSIVE DESIGNER, IDRC****

** **

*T:* 416 977 6000 x3951****

*F:* 416 977 9844****

*E:* jhung at ocadu.ca****

** **

*OCAD UNIVERSITY*****

Inclusive Design Research Centre****

205 Richmond Street W, Toronto, ON, M5V 1V3****

** **

www.ocadu.ca****

www.idrc.ocad.ca
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.idrc.ocad.ca/pipermail/fluid-work/attachments/20130430/5cbea190/attachment.html>


More information about the fluid-work mailing list