The purpose of this post is to explain the privacy issues that are considered in designing LeapIn.it system. The following sections demonstrate the privacy related issues from five perspectives which are the personal information, information security, visibility of profile pages, privacy policy and cookie policy.
Personal information
In LeapIn.it, no personally identifiable information is collected from the users except their geographical location (which will be specific to the nearest city), which will be used for advertising purposes. Furthermore, the user will be asked before their location is tracked.
To use LeapIn.it!, a user only needs to provide a unique username and password. After that, they can create their own avatars that act as digital representations of themselves in the virtual world. The users are therefore anonymous – they can use the system without providing their real names or any personal information.
In a survey conducted on Facebook users to identify the level of sensitivity of the information which is taken from the users, it was shown that the participants considered email addresses to be the most sensitive piece of information as shown in Figure 1 [1]. This reaffirmed our decision to not ask for an email addresses from the users.
![Figure1: The level of sensitivity of the information shared by Facebook users [1]](http://blog.soton.ac.uk/orion/files/2014/04/figure1.png)
Security
In order to ensure that user information is kept secure, the data will be stored on a database with access restricted to only those who need it. To ensure that a user account can only be accessed by that user, the user sets a password for their account when registering. The password is stored on the database as a salted hash, preventing any damage done if the contents of the database were to be revealed.
Visibility
Users of leapin.it are given the option to control the visibility of their profiles, such that they can set it as public or private to restrict the access to their pages in the searches made by other users of the network. This is similar to the implementation by Facebook, which protects the privacy of the users as illustrated in Figure 2 [1] . In leapin.it, private profiles can only be seen by the members of the user’s friends list. Furthermore, users are provided with a feature that allows them to limit the visibility of their posts and hence increase the level of privacy. This is also relatively similar to what has been implemented in Facebook as shown in Figure 3,  Figure 4 and Figure 5 [1 and 2]. They can hide a post from their profile pages and show it in the relevant room and vice versa to give them more control over what they want their friends to know about them.
![Figure 2: Customization of search results in Facebook [1]](http://blog.soton.ac.uk/orion/files/2014/04/figure3.png)
![Figure 3: Customization of user's timeline in Facebook [1]](http://blog.soton.ac.uk/orion/files/2014/04/figure2.png)
![Figure 4: Visibility options of Facebook posts [2]](http://blog.soton.ac.uk/orion/files/2014/04/44.png)
![Figure 5: Choosing the audience for a post in Facebook [3]](http://blog.soton.ac.uk/orion/files/2014/04/55.png)
The information posted in a room can only be viewed by the users who scanned the QR code of that room and therefore limiting the scope of information sharing which has been expressed by the users of Facebook as a factor that increases their level of comfort and trust when using a social network [1].
Privacy Policy
LeapIn.it will provide users with a document entitled “Privacy Policy” which will detail what the user should expect from the service in protecting their privacy
It will be mentioned that the user’s information including their geographical locations will used within the system to improve the service by personalizing the delivered content and adverts. Although the users are anonymous in our system, they might choose to post information about themselves (e.g. photos or videos), therefore the privacy policy will mention that sharing this type of information is under the user’s responsibility.
The service will use the IP addresses for the users for the purpose of preventing spamming in the rooms and that will be mentioned in the terms of service section of our project. In addition, the privacy policy will mention all the data that might be received from the user when using the system such as their locations, IP addresses, their interests which might be inferred from the added rooms, date and time of using the system, their friends, their posts, the operating system of their smartphones etc. to help the users in being aware of what will be known about them in this social network.
If a user deletes his/her account, all the information associated with a particular user will be deleted permanently from the system. However, the users are given a feature that allows them to deactivate their accounts temporarily which means that their data will remain in the system but will not be shown to other users until the account becomes reactivated. Â In addition, a user might comment or like posts which are published in sponsored rooms and since these rooms are public rooms, these comments are visible to everyone inside the network and to increase the awareness of the users, this will be written in the privacy policy.
Cookie Policy
In the privacy policy of our system, it will be mentioned that cookies will be used only for authentication purposes and will not be passed to any advertisers or to third parties.
References:
[1]Grude, Amy, Matt Scholl, and Robert Thompson. “Privacy on FaceBook.”Computer Supported Cooperative Work 15.4 (2007).‏
[2]Sharing and Finding you on Facebook. [Online] Available: https://www.facebook.com/about/privacy/your-info-on-fb [Accessed: 7/4/2014].
Please comment with your real name using good manners.