Chapter 3 (10.20.20): Three Basic Elements
It is the question that drives us… As the user, how do we protect our privacy in a gamified environment?
Even though we can find elements of gamification everywhere in our lives, from the media we consume to our shopping centers, there is little information out there regarding the opportunity for individuals to protect themselves in these specific instances. General circumstances, but in an enhanced, gamified environment, no.
It is therefore incumbent upon us as wise consumers of information, to take the appropriate steps.
The experience of gamification in society has been prevalent for the last ten years at least. That is to say that when we go out in society it is there. When we go to work it is there. When we go online, we can find dozens of articles preaching its benefit across any number of industries. We find it in social networks, we find it in healthy living apps, we even find it now with our financial institutions.
However, searching “how to protect your privacy in a gamified environment” yields little in the way of a fruitful result. As BCB Cyber prizes the development and capability of the individual, the user in these game environments, we turn to the three key components in designing a way for users to protect themselves: education, awareness, and action (or inaction as the case may be).
Education
I will be honest, while there is a lot of talk about privacy today, and much made of it in political circles, there are very few good guides for the individual. Sure, you can find Norton’s guide (and many others like it) that offer tips like beware of sharing too much personal information, use a VPN, or the ever-popular “be careful” where we click. But what happens when we are confronted with a “trusted” scenario, like the offerings our employer gives to us? Or do we even know when we are sharing personal information?
One of the few studies done on the subject, Gamification vs. Privacy: Identifying and Analysing the Major Concerns produced by researchers at the University of the Aegean in March 2019 establishes the fact that while yes, developers of this systems should develop solutions to aid in protecting and driving the opportunity for privacy and data protection for users, that it is also incumbent for the user to be actively engaged as well.
While the “how-to” section is a little light, the article does do a good job of highlighting a good point. At what points of contact are users most exposed?
By comparing the privacy requirements of Anonymity, Pseudonymity, Unlinkability, Undetectability, and Unobservability against game elements like avatars, challenges/competition (so touted by proponents of gamification), location, notifications, profiles, quizzes, roles, team functions, etc. In doing so, the researchers describe how in each instance the protection of privacy as identified by the five themes above is violated in all five instances or in several at once by their very nature. For example, one of the most perhaps unexpected instances occurs with our avatar.
By creating an avatar that is representative of our physical appearance, we unwittingly offer up our most defining features that can then be used in face recognition models. Even the avatar provides the possibility, that we can be identified by feature identification thereby eliminating the possibility of anonymity, pseudonymity, unlinkability, undetectability, and unobservability. For if each of our features provides a tell as to who we are, and if they didn’t how would we recognize each other on the street, these gamified environments provide far more telling data stories about our lives than we may realize.
Awareness
As gamified systems become more and more present in our lives both physical and digital it is incumbent upon the individual to be more aware than ever. Unfortunately, this also corresponds with a lack of privacy awareness, particularly in social networks.
For gamified environments, like social media, the biggest problem is that users prize convenience first, and tend to lack reservations about providing personally identifiable information (PII) on their profile. Unfortunately, users will place and extended trust in these environments, because it is their friends in social media, and their employer/insurer in gamified health environments, whom they believe already have this kind of information there is little hesitancy in providing it again. What ends up happening is this information is then extended far beyond the network, in both intended and unintended ways. For reference, Cambridge Analytica.
The ability for the user to be aware is not natural in these situations and as such presents a difficult roadblock. However, it will become a required skill to be learned if privacy is to be valued and maintained in the future. It is, unfortunately, incumbent upon the user to ensure this happens.
Action, Or Inaction, As the Case May Be
The awareness section above provides a great summary of an article created back in 2012 on the subject. Written by S. Srinivasan, a professor and chairman of Technology Studies at Texas A&M International University, and linked above (“particularly in social networks”), the article does offer some best practices regarding user opportunity to protect their privacy.
We offer a BCB Cyberized summary below:
- Belay the feeling of obligation; the article references friends and invitations, but we suggest further action to include not feeling obligated to submit information across gamified environments too. If the purpose is engagement, learning, and potential “other” benefit to the user, then the submission of PII should be a moot point. The benefit attained from an anonymous character would be the same.
- Question all weblinks and information sources. Always good cyber-hygiene, this suggestion should also be critically engaged within trusted environments. If we seek anonymity as users, and would therefore exist in cyberspace as something else, should the basic assumption then be that everyone else is as well and this includes their intentions?
- Question the information itself. While the dated article references attachments, the point is taken. Digital files themselves are suspect. As we engage in gamified environments, we as users should most notably always question the gamed element as well.
It should always be up to the user to determine how much is shared. Not the system within which they are operating. We are not against sharing so long as that it is user-defined. For it is their information!
While the gamified nature of the environments we find ourselves in daily are ever-growing, ever-changing, and evermore being articulated as “normal,” only we the user will choose whether or not to accept the invitation to play. Responsibility and accountability are, as ever, still on us. Caveat Emptor!