Last Thursday afternoon, as the first day of this year’s Conference on Privacy Engineering Practice and Respect (PEPR) was nearing its close, Lorrie Cranor appeared on attendees’ screens sporting a black T-shirt that read in edgy script, “Privacy is not dead,” with her camera angled just right to ensure viewers could see that she was sitting on her toilet.
“Today, I’m talking to you from my third-floor bathroom,” she began. “I know this is an unusual place to record a presentation, but hey, this is an unusual presentation.”
Cranor, the director of CyLab and a professor in the departments of Engineering and Public Policy and the Institute for Software Research, believes that bathrooms—these very intimate spaces for people of all ages—are surprisingly useful for conveying concepts related to both privacy and usability.
The idea for using bathrooms to teach about privacy began back in 2014, when Cranor conducted a study in which she asked people ranging from age 5 to 91 to sketch drawings in response to the question, “What does privacy mean to you?” The study’s authors analyzed the illustrations to identify privacy themes and define the conceptual metaphors used to convey privacy. Illustrations included a wide range of concepts, including locks, doors, windows, and of course, over two dozen drawings of what might be the most quintessential private space: the bathroom.
While children drew bathrooms as a refuge from siblings, adults drew themselves sitting on toilets enjoying a quiet break.
“This is the only time during the day, where I am truly alone and nothing bothers me. No man, no children, no dogs,” one study participant said about a drawing of themselves sitting on a toilet reading a book.
Cranor’s PEPR talk then transitioned to recalling a conference she went to that same year in which rather convincing signs were posted around the conference announcing that the company “Quantified Toilets” had installed smart toilets that were analyzing biological waste and tracking individual data. Turns out, the company and website were part of a hoax, but the thought experiment was an eye-opening experience.
“While it wasn’t difficult to imagine these toilets existing in hospitals or in homes, the idea of putting them in public places was too far a stretch for many,” Cranor says.
The thought experiment later inspired Cranor to ask her students to propose a usable notice and consent for hypothetical smart toilets in public bathrooms. Interesting questions arose. Do people have to choose before they use the toilet? Can they choose before they flush? Can they revoke consent after they flush? The discussion opened up Pandora’s box of other legal and design considerations.
A large portion of Cranor’s talk focused on considerations in designing effective notice and consent experiences for bathrooms, such as the pros and cons of various forms of user studies.
“The logistics of conducting a user study in a bathroom are certainly more complicated than conducting a study online or in a lab,” Cranor said. “But an in-situ study is likely to reveal real-world factors that otherwise wouldn’t be observed.”
Cranor shared some photos she had collected of laughably un-usable or ineffective bathroom signs and confusing appliances she’d encountered over the years, as well as a few designs she really liked.
“These examples are great lessons for effective, and ineffective, privacy features and tools,” she said.
Cranor’s talk concluded with a few tips for designing privacy enhancing technologies. First, since privacy can often be too abstract for communicative icons, it’s sometimes useful to add words to icons. There also should be some sort of standardization of controls, so people don’t have to figure out new controls for every new system. Third: don’t hide privacy controls.
“Put controls or links to controls right where people will look when they’re ready to use them,” she said.
Lastly, she said, build privacy enhancing technologies that are simple, intuitive, attractive, and fail safe. And of course, be sure to test them with real users.