CHI 2020 Paper CHI 2020, April 25–30, 2020, Honolulu, HI, USA Online Privacy Heuristics that Predict Information Disclosure S. Shyam Sundar Jinyoung Kim Penn State University Penn State University University Park, PA, University Park, PA, USA USA sss12@psu.edu juk3151120@gmail.com ABSTRACT Online users’ attitudes toward privacy are context- dependent. Studies show that contextual cues are quite influential in motivating users to disclose personal information. Increasingly, these cues are embedded in the interface, but the mechanisms of their effects (e.g., unprofessional design contributing to more disclosure) are not fully understood. We posit that each cue triggers a specific “cognitive heuristic” that provides a rationale for decision-making. Using a national survey (N = 786) that elicited participants’ disclosure intentions in common online scenarios, we identify 12 distinct heuristics relevant to privacy, and demonstrate that they are systematically associated with information disclosure. Data show that those with a higher accessibility to a given heuristic are more likely to disclose information. Design implications for protection of online privacy and security are discussed. Author Keywords Information privacy; cognitive heuristics; information disclosure; online decision-making CSS Concepts • Security and privacy~Human and societal aspects of security and privacy • Human-centered computing~Human computer interaction (HCI) INTRODUCTION In their review of the literature on online privacy, Acquisti and his colleagues [2] conclude that user attitudes are quite “malleable,” as they let cues in the interaction context dictate whether or not to disclose personal information. For example, individuals disclose more intimate details in a warm room with soft lighting compared to a cold room with fluorescent lighting [9]. That is, their privacy-related decision-making is influenced by cues in their surroundings. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Permissions@acm.org. CHI '20, April 25–30, 2020, Honolulu, HI, USA © 2020 Association for Computing Machinery. ACM ISBN 978-1-4503-6708-0/20/04…$15.00 https://doi.org/10.1145/3313831.3376854 Mary Beth Rosson Maria D. Molina Penn State University Penn State University University Park, PA, University Park, PA, USA USA mrosson@psu.edu mdm63@psu.edu Increasingly, the cues driving privacy behaviors are appearing on the interfaces of online systems. For example, banking and investment websites often feature the symbol of a lock to assure users about the safety and security of their personal financial information. Dating and employment sites tell us how many other users filled out particular fields, as a way of persuading users to reveal more. However, it is not known whether such cues are effective. What we know is that certain cues on the interface, in the form of default settings and source identity, tend to influence privacy-related decisions [31]. One study found that survey respondents were more likely to admit to even incriminating behaviors when the interface featured a cartoon image of a devil, asking with a wicked smile, “How BAD Are U???”, compared to one featuring an emblem of Carnegie Mellon University, ostensibly conducting an “Executive Council Survey on Ethical Behavior” [19]. The former interface was designed to look “unprofessional” whereas the latter was designed to appear “professional” by the researchers. Respondents’ tendency to reveal more in the former condition was attributed to suppression of privacy concerns caused by the unprofessional design, but it is still not clear why or what about the design cue led to this suppression. We propose that there is an internal logic to how each contextual cue contributes to privacy-related decision- making. In the experiment described above, it is likely that the cause of privacy-concern suppression was not the unprofessional nature of the interface design, but rather the relative lack of accountability for their admitted actions. This is because the source was an unknown entity, not an official organization such as a University, and the study participants were not primed with the words “ethical behavior” at the outset of the questionnaire. In fact, a case could be made for the university logo cue in the professional condition being responsible for suppressing disclosure, considering that study participants were all students of Carnegie Mellon University. Reminding them that the source of the survey was an official entity of their university may have made them more accountable and thereby inhibited their disclosure. In this way, cues on the interface may trigger a specific “cognitive heuristic” (or mental shortcut) that provides a rationale for decision-making. The primary research question we seek to address in this study is whether cognitive heuristics (or general rules of Paper 725 Page 1