{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,6]],"date-time":"2026-03-06T23:11:44Z","timestamp":1772838704046,"version":"3.50.1"},"reference-count":62,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2017,5,11]],"date-time":"2017-05-11T00:00:00Z","timestamp":1494460800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Intell. Syst. Technol."],"published-print":{"date-parts":[[2017,7,31]]},"abstract":"<jats:p>\n            The way users manage access to their information and computers has a tremendous effect on the overall security and privacy of individuals and organizations. Usually, access management is conducted using a\n            <jats:italic>choice architecture<\/jats:italic>\n            , a behavioral economics concept that describes the way decisions are framed to users. Studies have consistently shown that the design of choice architectures, mainly the selection of default options, has a strong effect on the final decisions users make by nudging them toward certain behaviors. In this article, we propose a method for optimizing access control choice architectures in online social networks. We empirically evaluate the methodology on Facebook, the world's largest online social network, by measuring how well the default options cover the existing user choices and preferences and toward which outcome the choice architecture nudges users. The evaluation includes two parts: (a) collecting access control decisions made by 266 users of Facebook for a period of 3 months; and (b) surveying 533 participants who were asked to express their preferences regarding default options. We demonstrate how optimal defaults can be algorithmically identified from users\u2019 decisions and preferences, and we measure how existing defaults address users\u2019 preferences compared with the optimal ones. We analyze how access control defaults can better serve existing users, and we discuss how our method can be used to establish a common measuring tool when examining the effects of default options.\n          <\/jats:p>","DOI":"10.1145\/3046676","type":"journal-article","created":{"date-parts":[[2017,5,11]],"date-time":"2017-05-11T12:51:05Z","timestamp":1494507065000},"page":"1-22","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":12,"title":["Analyzing and Optimizing Access Control Choice Architectures in Online Social Networks"],"prefix":"10.1145","volume":"8","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1663-9699","authenticated-orcid":false,"given":"Ron","family":"Hirschprung","sequence":"first","affiliation":[{"name":"Tel Aviv University, Tel Aviv, Israel"}]},{"given":"Eran","family":"Toch","sequence":"additional","affiliation":[{"name":"Tel Aviv University, Tel Aviv, Israel"}]},{"given":"Hadas","family":"Schwartz-Chassidim","sequence":"additional","affiliation":[{"name":"Tel Aviv University, Tel Aviv, Israel"}]},{"given":"Tamir","family":"Mendel","sequence":"additional","affiliation":[{"name":"Tel Aviv University, Tel Aviv, Israel"}]},{"given":"Oded","family":"Maimon","sequence":"additional","affiliation":[{"name":"Tel Aviv University, Tel Aviv, Israel"}]}],"member":"320","published-online":{"date-parts":[[2017,5,11]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1126\/science.aaa1465"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2501604.2501613"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2501604.2501608"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2005.9"},{"key":"e_1_2_1_5_1","volume-title":"Access Control Systems: Security, Identity Management and Trust Models","author":"Benantar Messaoud","unstructured":"Messaoud Benantar . 2006. Access Control Systems: Security, Identity Management and Trust Models . Springer Science 8 Business Media. Messaoud Benantar. 2006. Access Control Systems: Security, Identity Management and Trust Models. Springer Science 8 Business Media."},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1016\/0047-2727(77)90055-X"},{"key":"e_1_2_1_7_1","unstructured":"Wyatt Buchanan. 2011. Social-networking sites face new privacy battle. Retrieved from http:\/\/www.sfgate.com\/bayarea\/article\/Social-networking-sites-face-new-privacy-battle-2371641.php.  Wyatt Buchanan. 2011. Social-networking sites face new privacy battle. Retrieved from http:\/\/www.sfgate.com\/bayarea\/article\/Social-networking-sites-face-new-privacy-battle-2371641.php."},{"key":"e_1_2_1_8_1","unstructured":"California Bill. 2011. California Bill S.B. 242-Privacy Control Requirements for Social Networks. Retrieved from http:\/\/www.leginfo.ca.gov\/pub\/11-12\/bill\/sen\/sb_0201-0250\/sb_242_bill_20110525_amended_sen_v96.html.  California Bill. 2011. California Bill S.B. 242-Privacy Control Requirements for Social Networks. Retrieved from http:\/\/www.leginfo.ca.gov\/pub\/11-12\/bill\/sen\/sb_0201-0250\/sb_242_bill_20110525_amended_sen_v96.html."},{"key":"e_1_2_1_9_1","unstructured":"Canada's Justice Laws. 2010. Canada's Anti-Spam Legislation.  Canada's Justice Laws. 2010. Canada's Anti-Spam Legislation."},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1143120.1143124"},{"key":"e_1_2_1_11_1","unstructured":"Deloitte. 2013. 2013 TMT (Technology Media and Telecommunications) Global Security Study. Deloitte Touche Tohmatsu Limited (DTTL).  Deloitte. 2013. 2013 TMT (Technology Media and Telecommunications) Global Security Study. Deloitte Touche Tohmatsu Limited (DTTL)."},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/PerComW.2012.6197508"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1287\/isre.1060.0080"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1177\/0018720812464045"},{"key":"e_1_2_1_15_1","unstructured":"EU Directive 1995\/46\/EC. 1995. Directive 95\/46\/EC of the European Parliament and of the Council: On the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data.  EU Directive 1995\/46\/EC. 1995. Directive 95\/46\/EC of the European Parliament and of the Council: On the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data."},{"key":"e_1_2_1_16_1","unstructured":"EU Directive 2002\/58\/EC. 2002. Directive 2002\/58\/EC of the European Parliament and of the Council: On Concerning the Processing of Personal Data and the Protection of Privacy in the Electronic Communications Sector.  EU Directive 2002\/58\/EC. 2002. Directive 2002\/58\/EC of the European Parliament and of the Council: On Concerning the Processing of Personal Data and the Protection of Privacy in the Electronic Communications Sector."},{"key":"e_1_2_1_17_1","unstructured":"EU Directive 2011\/83\/EU. 2011. Directive 2011\/83\/EU of the European Parliament and of the Council: On Consumer Rights. Official Journal of the EU.  EU Directive 2011\/83\/EU. 2011. Directive 2011\/83\/EU of the European Parliament and of the Council: On Consumer Rights. Official Journal of the EU."},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2002.994366"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-94-007-7844-3_4"},{"key":"e_1_2_1_20_1","unstructured":"FTC-USA. 2011. Facebook Settles FTC Charges that it Deceived Consumers by Failing to Keep Privacy Promises. Federal Trade Commission. Accessed November 29. http:\/\/www.ftc.gov\/news-events\/press-releases\/2011\/11\/facebook-settles-ftc-charges-it-deceived-consumers-failing-keep.  FTC-USA. 2011. Facebook Settles FTC Charges that it Deceived Consumers by Failing to Keep Privacy Promises. Federal Trade Commission. Accessed November 29. http:\/\/www.ftc.gov\/news-events\/press-releases\/2011\/11\/facebook-settles-ftc-charges-it-deceived-consumers-failing-keep."},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2700472"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1015044207315"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1126\/science.1091721"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.2307\/1914185"},{"key":"e_1_2_1_25_1","volume-title":"Proceedings of the Symposium on Usable Privacy and Security (SOUPS\u201914)","author":"Kang Ruogu","year":"2014","unstructured":"Ruogu Kang , Stephanie Brown , Laura Dabbish , and Sara Kiesler . 2014 . Privacy attitudes of mechanical turk workers and the U.S. public . In Proceedings of the Symposium on Usable Privacy and Security (SOUPS\u201914) . Ruogu Kang, Stephanie Brown, Laura Dabbish, and Sara Kiesler. 2014. Privacy attitudes of mechanical turk workers and the U.S. public. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS\u201914)."},{"key":"e_1_2_1_26_1","volume-title":"Proceedings of the Symposium on Usable Privacy and Security (SOUPS\u201910)","author":"Kelley Patrick Gage","year":"2010","unstructured":"Patrick Gage Kelley . 2010 . Conducting usable privacy and security studies with Amazon's mechanical turk . In Proceedings of the Symposium on Usable Privacy and Security (SOUPS\u201910) . Patrick Gage Kelley. 2010. Conducting usable privacy and security studies with Amazon's mechanical turk. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS\u201910)."},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2013.06.003"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/2470654.2481369"},{"key":"e_1_2_1_29_1","volume-title":"Increasing Sharing Tendency Without Reducing Satisfaction: Finding the Best Privacy-settings User Interface for Social Networks","author":"Knijnenburg Bart Piet","unstructured":"Bart Piet Knijnenburg and Alfred Kobsa . 2014. Increasing Sharing Tendency Without Reducing Satisfaction: Finding the Best Privacy-settings User Interface for Social Networks . AIS Electronic Library (AISeL) . Bart Piet Knijnenburg and Alfred Kobsa. 2014. Increasing Sharing Tendency Without Reducing Satisfaction: Finding the Best Privacy-settings User Interface for Social Networks. AIS Electronic Library (AISeL)."},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2470654.2470684"},{"key":"e_1_2_1_31_1","volume-title":"Proceedings of the 10th Symposium on Usable Privacy and Security (SOUPS\u201914)","author":"Korff Stefan","year":"2014","unstructured":"Stefan Korff and Rainer B\u00f6hme . 2014 . Too much choice: End-user privacy decisions in the context of choice proliferation . In Proceedings of the 10th Symposium on Usable Privacy and Security (SOUPS\u201914) . Stefan Korff and Rainer B\u00f6hme. 2014. Too much choice: End-user privacy decisions in the context of choice proliferation. In Proceedings of the 10th Symposium on Usable Privacy and Security (SOUPS\u201914)."},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2010.307"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2013.161"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2068816.2068823"},{"key":"e_1_2_1_35_1","volume-title":"Privacy Management on Social Media Sites","author":"Madden Mary","unstructured":"Mary Madden . 2012. Privacy Management on Social Media Sites . Pew Research Center's Internet 8 American Life Project. Mary Madden. 2012. Privacy Management on Social Media Sites. Pew Research Center's Internet 8 American Life Project."},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/PerComW.2012.6197507"},{"key":"e_1_2_1_37_1","volume-title":"Shea","author":"Madrian Brigitte C.","year":"2000","unstructured":"Brigitte C. Madrian and Dennis F . Shea . 2000 . The power of suggestion: Inertia in 401(k) participation and savings behavior. National Bureau of Economic Research w7682. Brigitte C. Madrian and Dennis F. Shea. 2000. The power of suggestion: Inertia in 401(k) participation and savings behavior. National Bureau of Economic Research w7682."},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.3758\/s13428-011-0124-6"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1111\/j.1467-9280.2006.01721.x"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDSC.2001.918969"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/1056808.1057073"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/302979.302982"},{"key":"e_1_2_1_43_1","doi-asserted-by":"crossref","unstructured":"Shari Lawrence Pfleeger M. Angela Sasse and Adrian Furnham. 2014. From weakest link to security hero: Transforming staff security behavior. Homeland Security and Emergency Management 2014 11 4 489--510.  Shari Lawrence Pfleeger M. Angela Sasse and Adrian Furnham. 2014. From weakest link to security hero: Transforming staff security behavior. Homeland Security and Emergency Management 2014 11 4 489--510.","DOI":"10.1515\/jhsem-2014-0035"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-03168-7_1"},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/1753846.1753873"},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.485845"},{"key":"e_1_2_1_47_1","volume-title":"Crowdsourcing for survey research: Where Amazon mechanical turks deviates from conventional survey methods. Informatic","author":"Schaarschmidt Mario","unstructured":"Mario Schaarschmidt , Stefan Ivens , Dirk Homscheid , and Pascal Bilo . 2015. Crowdsourcing for survey research: Where Amazon mechanical turks deviates from conventional survey methods. Informatic . University of Koblenz-Landau . Mario Schaarschmidt, Stefan Ivens, Dirk Homscheid, and Pascal Bilo. 2015. Crowdsourcing for survey research: Where Amazon mechanical turks deviates from conventional survey methods. Informatic. University of Koblenz-Landau."},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1006\/obhd.1994.1046"},{"key":"e_1_2_1_49_1","volume-title":"Collective Choice and Social Welfare","author":"Amartya Kumar Sen","unstructured":"Kumar Sen Amartya . 1970. Collective Choice and Social Welfare . Vol. 11 . Elsevier . Kumar Sen Amartya. 1970. Collective Choice and Social Welfare. Vol. 11. Elsevier."},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cognition.2005.11.001"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1509\/jppm.10.114"},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/SocialCom.2013.48"},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.29012\/jpc.v4i2.620"},{"key":"e_1_2_1_54_1","unstructured":"Frederic Stutzman Jessica Vitak Nicole B. Ellison Rebecca Gray and Cliff Lampe. 2012. Privacy in interaction: Exploring disclosure and social capital in Facebook. In ICWSM.  Frederic Stutzman Jessica Vitak Nicole B. Ellison Rebecca Gray and Cliff Lampe. 2012. Privacy in interaction: Exploring disclosure and social capital in Facebook. In ICWSM."},{"key":"e_1_2_1_55_1","volume-title":"Sunstein","author":"Thaler Richard H.","year":"2008","unstructured":"Richard H. Thaler and Cass R . Sunstein . 2008 . Nudge : Improving decisions about health, wealth, and happiness. Yale University Press . Richard H. Thaler and Cass R. Sunstein. 2008. Nudge: Improving decisions about health, wealth, and happiness. Yale University Press."},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-10-0557-2_72"},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/1753846.1754133"},{"key":"e_1_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/1057977.1057979"},{"key":"e_1_2_1_59_1","volume-title":"The Can-Spam Act","author":"Public Law USA","year":"2003","unstructured":"USA Public Law . 2003. The Can-Spam Act 2003 . USA Public Law. 2003. The Can-Spam Act 2003."},{"key":"e_1_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1057\/ejis.2009.12"},{"key":"e_1_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/2811257"},{"key":"e_1_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2004.2"}],"container-title":["ACM Transactions on Intelligent Systems and Technology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3046676","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3046676","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:50:24Z","timestamp":1750218624000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3046676"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,5,11]]},"references-count":62,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2017,7,31]]}},"alternative-id":["10.1145\/3046676"],"URL":"https:\/\/doi.org\/10.1145\/3046676","relation":{},"ISSN":["2157-6904","2157-6912"],"issn-type":[{"value":"2157-6904","type":"print"},{"value":"2157-6912","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,5,11]]},"assertion":[{"value":"2016-03-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2017-01-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2017-05-11","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}