Out of Your Hands: Privacy Challenges when Personal Devices are not in Users' Possession
The vast majority of North Americans own personal devices, such as smartphones and laptops. Much research has been conducted on protecting users’ privacy while using personal devices. On the other hand, the privacy implications of common everyday cases where users hand off their personal devices to untrusted individuals has not been well explored. This thesis looks at two such cases: when users dispose of their old devices and when users get their devices repaired. Through a survey and semi-structured interviews, we determine how old devices are disposed of, how users sanitize their devices prior to disposal, and what popular misconceptions lead to data leaks in disposed-of devices. We then investigate the privacy implications of device repair transactions by conducting a holistic four-part study. This thesis provides controls, suggestions and actions for the different stakeholders and regulatory agencies to improve the state of privacy for consumers.