Security and Privacy-Specific Social Desirability scale (SP-SDS) for end users without a background in computer science.
Social desirability bias can be a problem in human-subjects research, if participants give answers they believe researchers want to hear, instead of their true opinion. This is especially concerning for sensitive topics, which are prevalent in Usable Security and Privacy (USP) research, e.g. when asking users about their security habits, experiences of digital abuse or opinions on surveillance. While validated scales measuring general social desirability bias exist, it is unclear how applicable they are in USP. Besides the jarring context switch, it is uncertain how well social desirability of security and privacy related behavior matches general social desirability. To address this, we developed and validated a 13-item security and privacy-specific social desirability scale (SP-SDS) for end users without a background in computer science (total N=1167).
| abbrevation | statement | Socially desirable |
|---|---|---|
| data collected | I am always aware of what personal data is collected by the platforms I use and how it is used | 0.75 |
| different passwords | I use different passwords for all my accounts | 0.78 |
| ignore update | I never ignore software update reminders | 0.73 |
| ignore warnings | I never ignore security warnings on my computer | 0.79 |
| illegal movies* | If I knew I wouldn’t get caught, I would watch movies illegally | 0.79 |
| pirated software* | If I knew I wouldn’t get caught, I would use pirated software1 | 0.83 |
| policy access | I always read the privacy policy before giving an app/application access to my personal data | 0.72 |
| polite online | I am always just as polite online as I am in the real world | 0.84 |
| read policy | I always read the privacy policy completely before I agree to them | 0.68 |
| read terms | I always read the terms and conditions completely before I agree to them | 0.69 |
| reuse passwords | I never reuse passwords | 0.69 |
| secure passwords | I only use secure passwords (passwords that are long and complex) | 0.80 |
| troll comment | I have never considered posting a troll-comment2 | 0.74 |
Ratings of the SP-SDS for end users without a computer science background in the calibration study (N=867). Items coded “false” (marked with *) were recoded before analysis.
To calculate an SP-SDS score for a participant, each (if necessary recoded) item response is weighted by the proportion of participants in our sample, who think it is socially desirable. Since the maximum possible score is then 9.83, which makes interpretation unintuitive, we normalize the score, so the maximum possible value of the SP-SDS is 1 and the minimum is 0. To calculate the social desirability score of participant j, use the following formula with the weights from above:
Score(j) = ∑ 13
i=1 scoreji × pi
9.83
where scoreji = { 1 if j answers item i socially desirably
0 otherwise
where pi ∈ [0,1], the proportion of people who consider item i socially (un-)desirable. Scores can range from 0 to 1, with high scores indicating probably biased responses.