Turtles, Locks, and Bathrooms: Understanding Mental Models of Privacy Through Illustration

Maggie Oates 1 , Yama Ahmadullah 2 , Abigail Marsh 3 , Chelse Swoopes 4 , Shikun Zhang 5 , Rebecca Balebako 6  and Lorrie Faith Cranor 7
  • 1 Carnegie Mellon University (CMU),
  • 2 CMU,
  • 3 CMU,
  • 4 CMU,
  • 5 CMU,
  • 6 CMU,
  • 7 CMU,


Are the many formal definitions and frameworks of privacy consistent with a layperson’s understanding of privacy? We explored this question and identified mental models and metaphors of privacy, conceptual tools that can be used to improve privacy tools, communication, and design for everyday users. Our investigation focused on a qualitative analysis of 366 drawings of privacy from laypeople, privacy experts, children, and adults. Illustrators all responded to the prompt “What does privacy mean to you?” We coded each image for content, identifying themes from established privacy frameworks and defining the visual and conceptual metaphors illustrators used to model privacy. We found that many non-expert drawings illustrated a strong divide between public and private physical spaces, while experts were more likely to draw nuanced data privacy spaces. Young children’s drawings focused on bedrooms, bathrooms, or cheating on schoolwork, and seldom addressed data privacy. The metaphors, themes, and symbols identified by these findings can be used for improving privacy communication, education, and design by inspiring and informing visual and conceptual strategies for reaching laypeople.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] A. Acquisti and J. Grossklags. Privacy and rationality in individual decision making. IEEE Security Privacy, 3(1):26–33, Jan. 2005.

  • [2] K. Backett-Milburn and L. McKie. A critical appraisal of the draw and write technique. Health Educ. Res., 14(3):387–398, June 1999.

  • [3] L. Baruh, E. Secinti, and Z. Cemalcilar. Online privacy concerns and privacy management: A Meta-Analytical review. Journal of Communication, 67(1):26–53, Feb. 2017.

  • [4] S. Blankenberger and K. Hahn. Effects of icon design on human-computer interaction. Int. J. Man. Mach. Stud., 35(3):363–377, Sept. 1991.

  • [5] F. Bowden, D. Lockton, R. Gheerawo, and C. Brass. Drawing energy: Exploring perceptions of the invisible. 2015.

  • [6] C. Bravo-Lillo, L. F. Cranor, J. Downs, and S. Komanduri. Bridging the gap in computer security warnings: A mental model approach. IEEE Secur. Privacy, 9(2):18–26, Mar. 2011.

  • [7] J. K. Burgoon, R. Parrott, B. A. Le Poire, D. L. Kelley, J. B. Walther, and D. Perry. Maintaining and restoring privacy through communication in different types of relationships. J. Soc. Pers. Relat., 6(2):131–158, May 1989.

  • [8] K. S. Byford. Privacy in cyberspace: constructing a model of privacy for the electronic communications environment. Rutgers Comput. Technol. Law J., 24(1):1–74, 1998.

  • [9] L. J. Camp. Mental models of privacy and security. IEEE Technology and Society Magazine, 28(3):37–46, Fall 2009.

  • [10] H. Christakos. New app privacy icons supplement traditional privacy notices, Nov. 2012. Accessed: 2017-10-20.

  • [11] J. Cohen. A coefficient of agreement for nominal scales. Educ. Psychol. Meas., 20(1):37–46, Apr. 1960.

  • [12] Creative Commons. Attribution 4.0 international. https://creativecommons.org/licenses/by/4.0/. Accessed: 2017-12-4.

  • [13] Deep Lab. Deep Lab and the Frank-Ratchye STUDIO for Creative Inquiry, Pittsburgh, 1 edition, 2014.

  • [14] P. Dourish, J. D. De La Flor, and M. Joseph. Security as a practical problem: Some preliminary observations of everyday mental models, 2003.

  • [15] J. S. Downs, M. B. Holbrook, and L. F. Cranor. Decision strategies and susceptibility to phishing. In Proceedings of the Second Symposium on Usable Privacy and Security, SOUPS ’06, pages 79–90, New York, NY, USA, 2006. ACM.

  • [16] L. Edwards and W. Abel. The use of privacy icons and standard contract terms for generating consumer trust and confidence in digital services. CREATe Working Paper, Oct. 2014.

  • [17] Electronic Privacy Information Center. Public opinion on privacy. https://www.epic.org/privacy/survey/#polls. Accessed: 2017-10-19.

  • [18] D. Gauntlett. Using creative visual research methods to understand media audiences. MedienPädagogik: Zeitschrift für Theorie und Praxis der Medienbildung, 9(0):1–32, Mar. 2005.

  • [19] Gigya. Survey report: How consumers feel about data privacy in 2017. http://www.gigya.com/resource/report/2017-state-of-consumer-privacy-trust/. Accessed: 2017-10-19.

  • [20] G. Gross. Disconnect’s new browser plugin translates complex privacy policies into simple icons. https://www.pcworld.com/article/2366840/new-software-targetshardtounderstand-privacy-policies.html, June 2014. Accessed: 2018-6-14.

  • [21] M. Guillemin. Understanding illness: Using drawings as a research method. journals.sagepub.com, 2004.

  • [22] J. Hartel. Adventures in visual analysis. Visual Methodologies, 5(1):80–91, Mar. 2017.

  • [23] J. Hartel. The iSquare protocol: combining research, art, and pedagogy through the draw-and-write technique. Qual. Res., Aug. 2017.

  • [24] C. J. Hoofnagle and J. King. What Californians understand about privacy offline. 2008.

  • [25] D. Jonassen and Y. H. Cho. Externalizing mental models with mindtools. In D. Ifenthaler, P. Pirnay-Dummer, and J. M. Spector, editors, Understanding Models for Learning and Instruction, pages 145–159. Springer US, Boston, MA, 2008.

  • [26] M. G. Jones and S. Rua. Conceptual representations of flu and microbial illness held by students, teachers, and medical professionals. School Science and Mathematics, 2008.

  • [27] R. Kang, L. Dabbish, N. Fruchter, and S. Kiesler. “My data just goes everywhere:” user mental models of the internet and implications for privacy and security. In Symposium on Usable Privacy and Security (SOUPS), pages 39–52. USENIX Association, 2015.

  • [28] Z. Kövecses. Metaphor: A Practical Introduction. Oxford University Press, Mar. 2010.

  • [29] P. Kumar, S. M. Naik, U. R. Devkar, M. Chetty, T. L. Clegg, and J. Vitak. ‘No telling passcodes out because they’re private’: Understanding children’s mental models of privacy and security online. Proc. ACM Hum.-Comput. Interact., 1(CSCW):64:1–64:21, 2017.

  • [30] P. Kumaraguru, L. F. Cranor, and E. Newton. Privacy perceptions in India and the United States: An interview study. In The 33rd Research Conference on Communication, Information and Internet Policy (TPRC), pages 23–25, 2005.

  • [31] M. Kwasny, K. Caine, W. A. Rogers, and A. D. Fisk. Privacy and technology: folk definitions and perspectives. In CHI’08 Extended Abstracts on Human Factors in Computing Systems, pages 3291–3296. ACM, 2008.

  • [32] C. Lang and H. Barton. Just untag it: Exploring the management of undesirable facebook photos. Comput. Human Behav., 43:147–155, Feb. 2015.

  • [33] S. Lederer, A. K. Dey, and J. Mankoff. Everyday privacy in ubiquitous computing environments. In Ubicomp Privacy Workshop, 2002.

  • [34] J. Lin, S. Amini, J. I. Hong, N. Sadeh, J. Lindqvist, and J. Zhang. Expectation and purpose: Understanding users’ mental models of mobile app privacy through crowdsourcing. In Proceedings of the 2012 ACM Conference on Ubiquitous Computing, UbiComp ’12, pages 501–510. ACM, 2012.

  • [35] C. Marchand, J. d’Ivernois, J. Assal, G. Slama, and R. Hivon. An analysis, using concept mapping, of diabetic patients’ knowledge, before and after patient education. Medical teacher, 24(1):90–99, 2002.

  • [36] M. L. McHugh. Interrater reliability: the kappa statistic. Biochem Med (Zagreb), page 276–282, Oct. 2012.

  • [37] E. McReynolds, S. Hubbard, T. Lau, A. Saraf, M. Cakmak, and F. Roesner. Toys that listen: A study of parents, children, and internet-connected toys. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, CHI ’17, pages 5197–5207. ACM, 2017.

  • [38] M. B. Miles, A. M. Huberman, and J. Saldaña. Qualitative data analysis: A methods sourcebook. Sage, Los Angeles, 3 edition, 2014.

  • [39] J. H. Moor. Towards a theory of privacy in the information age. SIGCAS Comput. Soc., 27(3):27–32, Sept. 1997.

  • [40] M. G. Morgan, B. Fischhoff, A. Bostrom, and C. J. Atman. Risk communication: A mental models approach. Cambridge University Press, 2002.

  • [41] MozillaWiki. Privacy icons. https://wiki.mozilla.org/Privacy_Icons. Accessed: 2017-12-17.

  • [42] H. Nissenbaum. Privacy as contextual integrity. Wash Law Rev., 2004.

  • [43] L. Palen and P. Dourish. Unpacking privacy for a networked world. In Proceedings of the SIGCHI conference on Human factors in computing systems, pages 129–136, 2003.

  • [44] Paper magazine. Nov. 2014. https://www.papermag.com/introducing-our-wintercover-star-kim-kardashian-1427448936.html.

  • [45] M. Parker, A. MacPhail, D. O’Sullivan, D. Chroinin, and E. McEvoy. ‘Drawing’ conclusions. Eur. Phys. Educ. Rev., Apr. 2017.

  • [46] P. J. Pridmore and R. G. Lansdown. Exploring children’s perceptions of health: does drawing really break down barriers? Health Educ. J., 56(3):219–230, Sept. 1997.

  • [47] Privacy Illustrated: What does privacy mean to you? https://cups.cs.cmu.edu/privacyillustrated/. Accessed: 2017-10-2.

  • [48] L. Rainie and J. Anderson. The fate of online trust in the next decade, Aug. 2017. Accessed: 2017-10-19.

  • [49] K. Renaud, M. Volkamer, and A. Renkema-Padmos. Why doesn’t jane protect her privacy? In International Symposium on Privacy Enhancing Technologies Symposium, pages 244–262, 2014.

  • [50] H. L. Roediger, 3rd. Memory metaphors in cognitive psychology. Mem. Cognit., 8(3):231–246, May 1980.

  • [51] P. Samuelson. Privacy as intellectual property? Stanford Law Rev., 52(5):1125–1173, 2000.

  • [52] D. J. Solove. Conceptualizing privacy. Calif. Law Rev., 90:1087, 2002.

  • [53] D. J. Solove. A taxonomy of privacy. University of Pennsylvania Law Review, 154(3):477–560, January 2006.

  • [54] S. Spiekermann and L. F. Cranor. Engineering privacy. IEEE Trans. Software Eng., 35(1):67–82, Jan. 2009.

  • [55] B. Ur, J. Bees, S. M. Segreti, L. Bauer, N. Christin, and L. F. Cranor. Do users’ perceptions of password security match reality? In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, pages 3748–3760. ACM, 2016.

  • [56] B. Ur, P. G. Leon, L. F. Cranor, R. Shay, and Y. Wang. Smart, useful, scary, creepy: Perceptions of online behavioral advertising. In Proceedings of the Eighth Symposium on Usable Privacy and Security, SOUPS ’12, pages 4:1–4:15, New York, NY, USA, 2012. ACM.

  • [57] S. D. Warren and L. D. Brandeis. The right to privacy. Harvard Law Review, 4(5):193–220, December 1890.

  • [58] R. Wash. Folk models of home computer security. In Proceedings of the Sixth Symposium on Usable Privacy and Security, page 11. ACM, 2010.

  • [59] A. Westin. Privacy and Freedom. Antheum, New York, 1970.

  • [60] Y. Yao, D. L. Re, and Y. Wang. Folk models of online behavioral advertising. In CSCW, pages 1957–1969, 2017.


Journal + Issues