@misc{hwang_trust_2025,
	title = {Trust and {Friction}: {Negotiating} {How} {Information} {Flows} {Through} {Decentralized} {Social} {Media}},
	shorttitle = {Trust and {Friction}},
	url = {http://arxiv.org/abs/2503.02150},
	doi = {10.48550/arXiv.2503.02150},
	abstract = {Decentralized social media protocols enable users in independent, user-hosted servers (i.e., instances) to interact with each other while they self-govern. This community-based model of social media governance opens up new opportunities for tailored decision-making about information flows -- i.e., what user data is shared to whom and when -- and in turn, for protecting user privacy. To better understand how community governance shapes privacy expectations on decentralized social media, we conducted a semi-structured interview with 23 users of the Fediverse, a decentralized social media network. Our findings illustrate important factors that shape a community's understandings of information flows, such as rules and proactive efforts from admins who are perceived as trustworthy. We also highlight ''governance frictions'' between communities that raise new privacy risks due to incompatibilities in values, security practices, and software. Our findings highlight the unique challenges of decentralized social media, suggest design opportunities to address frictions, and outline the role of participatory decision-making to realize the full potential of decentralization.},
	urldate = {2025-03-07},
	publisher = {arXiv},
	author = {Hwang, Sohyeon and Nanayakkara, Priyanka and Shvartzshnaider, Yan},
	month = mar,
	year = {2025},
	note = {arXiv:2503.02150},
	keywords = {Computer Science - Computers and Society, Computer Science - Human-Computer Interaction, Computer Science - Social and Information Networks},
}

Decentralized social media protocols enable users in independent, user-hosted servers (i.e., instances) to interact with each other while they self-govern. This community-based model of social media governance opens up new opportunities for tailored decision-making about information flows – i.e., what user data is shared to whom and when – and in turn, for protecting user privacy. To better understand how community governance shapes privacy expectations on decentralized social media, we conducted a semi-structured interview with 23 users of the Fediverse, a decentralized social media network. Our findings illustrate important factors that shape a community's understandings of information flows, such as rules and proactive efforts from admins who are perceived as trustworthy. We also highlight ''governance frictions'' between communities that raise new privacy risks due to incompatibilities in values, security practices, and software. Our findings highlight the unique challenges of decentralized social media, suggest design opportunities to address frictions, and outline the role of participatory decision-making to realize the full potential of decentralization.

@article{sanfilippo_comments_2025,
	title = {Comments on “{Ethical} {Guidelines} for {Research} {Using} {Pervasive} {Data}”},
	author = {Sanfilippo, Madelyn Rose and Abrams, Kyra M and Bambanek, John and Ocepek, Melissa G and Tither, Emmy and Wickett, Karen M and Zhou, Kyrie Zhixuan},
	year = {2025},
}

@article{berkholz_playing_2025,
	title = {Playing with {Privacy}: {Exploring} the {Social} {Construction} of {Privacy} {Norms} {Through} a {Card} {Game}},
	volume = {9},
	issn = {2573-0142},
	shorttitle = {Playing with {Privacy}},
	url = {https://dl.acm.org/doi/10.1145/3701202},
	doi = {10.1145/3701202},
	abstract = {Investigating digital privacy behavior requires consideration of its contextual nuances and the underlying social norms. This study delves into users' joint articulation of such norms by probing their implicit assumptions and "common sense" surrounding privacy conventions. To achieve this, we introduce 
              Privacy Taboo, 
              a card game designed to serve as a playful breaching interview method, fostering discourse on unwritten privacy rules. Through nine interviews involving pairs of participants (n=18), we explore the decision-making and collective negotiation of privacy's vagueness. Our findings demonstrate individuals' ability to articulate their information needs when consenting to fictive data requests, even when contextual cues are limited. By shedding light on the social construction of privacy, this research contributes to a more comprehensive understanding of usable privacy, thereby facilitating the development of democratic privacy frameworks. Moreover, we posit 
              Privacy Taboo 
              as a versatile tool adaptable to diverse domains of application and research.},
	language = {en},
	number = {GROUP},
	urldate = {2025-01-12},
	journal = {Proceedings of the ACM on Human-Computer Interaction},
	author = {Berkholz, Jenny and Rahman, Aniqa and Stevens, Gunnar},
	month = jan,
	year = {2025},
	pages = {1--23},
}

Investigating digital privacy behavior requires consideration of its contextual nuances and the underlying social norms. This study delves into users' joint articulation of such norms by probing their implicit assumptions and "common sense" surrounding privacy conventions. To achieve this, we introduce Privacy Taboo, a card game designed to serve as a playful breaching interview method, fostering discourse on unwritten privacy rules. Through nine interviews involving pairs of participants (n=18), we explore the decision-making and collective negotiation of privacy's vagueness. Our findings demonstrate individuals' ability to articulate their information needs when consenting to fictive data requests, even when contextual cues are limited. By shedding light on the social construction of privacy, this research contributes to a more comprehensive understanding of usable privacy, thereby facilitating the development of democratic privacy frameworks. Moreover, we posit Privacy Taboo as a versatile tool adaptable to diverse domains of application and research.

@inproceedings{liu_prevalence_2025,
	address = {Los Alamitos, CA, USA},
	title = {Prevalence {Overshadows} {Concerns}? {Understanding} {Chinese} {Users}' {Privacy} {Awareness} and {Expectations} {Towards} {LLM}-based {Healthcare} {Consultation}},
	url = {https://doi.ieeecomputersociety.org/10.1109/SP61157.2025.00092},
	doi = {10.1109/SP61157.2025.00092},
	abstract = {Large Language Models (LLMs) are increasingly gaining traction in the healthcare sector, yet expanding the threat of sensitive health information being easily exposed and accessed without authorization. These privacy risks escalate in regions like China, where privacy awareness is notably limited. While some efforts have been devoted to user surveys on LLMs in healthcare, users' perceptions of privacy remain unexplored. To fill this gap, this paper contributes the first user study (n=846) in China on privacy awareness and expectations in LLM-based healthcare consultations. Specifically, a healthcare chatbot is deployed to investigate users' awareness in practice. Information flows grounded in contextual integrity are then employed to measure users' privacy expectations. Our findings suggest that the prevalence of LLMs amplifies health privacy risks by raising users' curiosity and willingness to use such services, thus overshadowing privacy concerns. 77.3\% of participants are inclined to use such services, and 72.9\% indicate they would adopt the generated advice. Interestingly, a paradoxical “illusion” emerges where users' knowledge and concerns about privacy contradict their privacy expectations, leading to greater health privacy exposure. Our extensive discussion offers insights for future LLM-based healthcare privacy investigations and protection technology development.},
	booktitle = {2025 {IEEE} {Symposium} on {Security} and {Privacy} ({SP})},
	publisher = {IEEE Computer Society},
	author = {Liu, Zhihuang and Hu, Ling and Zhou, Tongqing and Tang, Yonghao and Cai, Zhiping},
	month = may,
	year = {2025},
	keywords = {contextual integrity, healthcare, large language models, privacy, user study},
	pages = {92--92},
}

Large Language Models (LLMs) are increasingly gaining traction in the healthcare sector, yet expanding the threat of sensitive health information being easily exposed and accessed without authorization. These privacy risks escalate in regions like China, where privacy awareness is notably limited. While some efforts have been devoted to user surveys on LLMs in healthcare, users' perceptions of privacy remain unexplored. To fill this gap, this paper contributes the first user study (n=846) in China on privacy awareness and expectations in LLM-based healthcare consultations. Specifically, a healthcare chatbot is deployed to investigate users' awareness in practice. Information flows grounded in contextual integrity are then employed to measure users' privacy expectations. Our findings suggest that the prevalence of LLMs amplifies health privacy risks by raising users' curiosity and willingness to use such services, thus overshadowing privacy concerns. 77.3% of participants are inclined to use such services, and 72.9% indicate they would adopt the generated advice. Interestingly, a paradoxical “illusion” emerges where users' knowledge and concerns about privacy contradict their privacy expectations, leading to greater health privacy exposure. Our extensive discussion offers insights for future LLM-based healthcare privacy investigations and protection technology development.

@article{susser_critical_2024,
	title = {Critical {Provocations} for {Synthetic} {Data}},
	volume = {22},
	copyright = {https://creativecommons.org/licenses/by-nc-nd/4.0},
	issn = {1477-7487},
	url = {https://ojs.library.queensu.ca/index.php/surveillance-and-society/article/view/18335},
	doi = {10.24908/ss.v22i4.18335},
	abstract = {Training artificial intelligence (AI) systems requires vast quantities of data, and AI developers face a variety of barriers to accessing the information they need. Synthetic data has captured researchers’ and industry’s imagination as a potential solution to this problem. While some of the enthusiasm for synthetic data may be warranted, in this short paper we offer critical counterweight to simplistic narratives that position synthetic data as a cost-free solution to every data-access challenge—provocations highlighting ethical, political, and governance issues the use of synthetic data can create. We question the idea that synthetic data, by its nature, is exempt from privacy and related ethical concerns. We caution that framing synthetic data in binary opposition to “real” measurement data could subtly shift the normative standards to which data collectors and processors are held. And we argue that by promising to divorce data from its constituents—the people it represents and impacts—synthetic data could create new obstacles to democratic data governance.},
	number = {4},
	urldate = {2024-12-12},
	journal = {Surveillance \& Society},
	author = {Susser, Daniel and Seeman, Jeremy},
	month = dec,
	year = {2024},
}

Training artificial intelligence (AI) systems requires vast quantities of data, and AI developers face a variety of barriers to accessing the information they need. Synthetic data has captured researchers’ and industry’s imagination as a potential solution to this problem. While some of the enthusiasm for synthetic data may be warranted, in this short paper we offer critical counterweight to simplistic narratives that position synthetic data as a cost-free solution to every data-access challenge—provocations highlighting ethical, political, and governance issues the use of synthetic data can create. We question the idea that synthetic data, by its nature, is exempt from privacy and related ethical concerns. We caution that framing synthetic data in binary opposition to “real” measurement data could subtly shift the normative standards to which data collectors and processors are held. And we argue that by promising to divorce data from its constituents—the people it represents and impacts—synthetic data could create new obstacles to democratic data governance.

@article{carreira_whos_nodate,
	title = {Who’s {Listening}? {Analyzing} {Privacy} {Preferences} in {Multi}-{User} {Smart} {Personal} {Assistants} {Settings}},
	author = {Carreira, Carolina and Berger, Cody and Shah, Khushi and Agarwal, Samridhi and Thakur, Yashasvi and McCall, McKenna and Christin, Nicolas and Cranor, Lorrie Faith},
}