While individual differences in decision-making have been examined within the social sciences for several decades, they have only recently begun to be applied by computer scientists to examine privacy and security attitudes (and ultimately behaviors). Specifically, several researchers have shown how different online privacy decisions are correlated with the “Big Five” personality traits. In this paper, we show that the five factor model is actually a weak predictor of privacy attitudes, and that other well-studied individual differences in the psychology literature are much stronger predictors. Based on this result, we introduce the new paradigm of psychographic targeting of privacy and security mitigations: we believe that the next frontier in privacy and security research will be to tailor mitigations to users’ individual differences. We explore the extensive work on choice architecture and “nudges,” and discuss the possible ways it could be leveraged to improve security outcomes by personalizing privacy and security mitigations to specific user traits.
Serge Egelman and Eyal Peer. The Myth of the Average User: Improving Privacy and Security Systems through Individualization. In Proceedings of the 2015 New Security Paradigms Workshop (NSPW ’15). ACM, New York, NY, USA. 2015.