A Privacy-Focused Systematic Analysis of Online Status Indicators

Abstract

Abstract Online status indicators (or OSIs, i.e., interface elements that communicate whether a user is online) can leak potentially sensitive information about users. In this work, we analyze 184 mobile applications to systematically characterize the existing design space of OSIs. We identified 40 apps with OSIs across a variety of genres and conducted a design review of the OSIs in each, examining both Android and iOS versions of these apps. We found that OSI design decisions clustered into four major categories, namely: appearance, audience, settings, and fidelity to actual user behavior. Less than half of these apps allow users change the default settings for OSIs. Informed by our findings, we discuss: 1) how these design choices support adversarial behavior, 2) design guidelines for creating consistent, privacy-conscious OSIs, and 3) a set of novel design concepts for building future tools to augment users’ ability to control and understand the presence information they broadcast. By connecting the common design patterns we document to prior work on privacy in social technologies, we contribute an empirical understanding of the systematic ways in which OSIs can make users more or less vulnerable to unwanted information disclosure.