An Empirical Study on Perceptually Masking Privacy in Graph Visualizations

Researchers such as sociologists create visualizations of multivariate node-link diagrams to present findings about the relationships in communities. Unfortunately, such visualizations can inadvertently expose the ostensibly private identities of the persons that make up the dataset. By purposely violating graph readability metrics for a small region of the graph, we conjecture that local, exposed privacy leaks may be perceptually masked from easy recognition. In particular, we consider three commonly known metrics-edge crossing, node clustering, and node-edge overlapping-as a strategy to hide leaks. We evaluate the effectiveness of violating these metrics by conducting a user study that measures subject performance at visually searching for and identifying a privacy leak. Results show that when more masking operations are applied, participants needed more time to locate the privacy leak, though exhaustive, brute force search can eventually find it. We suggest future directions on how perceptual masking can be a viable strategy, primarily where modifying the underlying network structure is unfeasible.