Understanding Privacy-Related Advice on Stack Overflow-Reference-Cited by-同舟云学术

Understanding Privacy-Related Advice on Stack Overflow

Published:2022-03-03 Issue:2 Volume:2022 Page:114-131
ISSN:2299-0984
Container-title:Proceedings on Privacy Enhancing Technologies
language:en
Short-container-title:

Author:

Tahaei Mohammad¹,Li Tianshi²,Vaniea Kami³

Affiliation:

1. University of Bristol

2. Carnegie Mellon University

3. University of Edinburgh

Abstract

Abstract Privacy tasks can be challenging for developers, resulting in privacy frameworks and guidelines from the research community which are designed to assist developers in considering privacy features and applying privacy enhancing technologies in early stages of software development. However, how developers engage with privacy design strategies is not yet well understood. In this work, we look at the types of privacy-related advice developers give each other and how that advice maps to Hoepman’s privacy design strategies. We qualitatively analyzed 119 privacy-related accepted answers on Stack Overflow from the past five years and extracted 148 pieces of advice from these answers. We find that the advice is mostly around compliance with regulations and ensuring confidentiality with a focus on the inform, hide, control, and minimize of the Hoepman’s privacy design strategies. Other strategies, abstract, separate, enforce, and demonstrate, are rarely advised. Answers often include links to official documentation and online articles, highlighting the value of both official documentation and other informal materials such as blog posts. We make recommendations for promoting the under-stated strategies through tools, and detail the importance of providing better developer support to handle third-party data practices.

Publisher

Privacy Enhancing Technologies Symposium Advisory Board

Subject

General Medicine

Link

https://www.sciendo.com/pdf/10.2478/popets-2022-0038

Reference69 articles.

1. [1] Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle L Mazurek, and Christian Stransky. You Get Where You’re Looking for: The Impact of Information Sources on Code Security. In 2016 IEEE Symposium on Security and Privacy (SP), pages 289–305. IEEE, May 2016. 10.1109/SP.2016.25.10.1109/SP.2016.25

2. [2] Nitin Agrawal, Reuben Binns, Max Van Kleek, Kim Laine, and Nigel Shadbolt. Exploring Design and Governance Challenges in the Development of Privacy-Preserving Computation. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems, CHI ’21, New York, NY, USA, 2021. ACM. 10.1145/3411764.3445677.10.1145/3411764.3445677

3. [3] Sami Alkhatib, Jenny Waycott, George Buchanan, Marthie Grobler, and Shuo Wang. Privacy by Design in Aged Care Monitoring Devices? Well, Not Quite Yet! In 32nd Australian Conference on Human-Computer Interaction, OzCHI ’20, page 492–505, New York, NY, USA, 2020. ACM. 10.1145/3441000.3441049.10.1145/3441000.3441049

4. [4] Miltiadis Allamanis and Charles Sutton. Why, when, and what: Analyzing Stack Overflow questions by topic, type, and code. In 2013 10th Working Conference on Mining Software Repositories (MSR), pages 53–56. IEEE, May 2013. 10.1109/MSR.2013.6624004.10.1109/MSR.2013.6624004

5. [5] Majed Almansoori, Jessica Lam, Elias Fang, Kieran Mulligan, Adalbert Gerald Soosai Raj, and Rahul Chatterjee. How Secure Are Our Computer Systems Courses? In Proceedings of the 2020 ACM Conference on International Computing Education Research, ICER ’20, page 271–281, New York, NY, USA, 2020. ACM. 10.1145/3372782.3406266.10.1145/3372782.3406266

Cited by 21 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Investigating Data Protection Compliance Challenges;International Journal of Innovative Science and Research Technology (IJISRT);2024-09-11

2. “Track every move”: Analyzing developers’ privacy discourse in GitHub README files;New Media & Society;2024-08-28

3. SoK: Technical Implementation and Human Impact of Internet Privacy Regulations;2024 IEEE Symposium on Security and Privacy (SP);2024-05-19

4. Encoding Privacy: Sociotechnical Dynamics of Data Protection Compliance Work;Proceedings of the CHI Conference on Human Factors in Computing Systems;2024-05-11

5. Analyzing Security and Privacy Advice During the 2022 Russian Invasion of Ukraine on Twitter;Proceedings of the CHI Conference on Human Factors in Computing Systems;2024-05-11