Author: serge

“What Can’t Data Be Used For?” Privacy Expectations about Smart TVs in the U.S. (EuroUSEC ’18)

Abstract Smart TVs have rapidly become the most common smart appliance in typical households. In the U.S., most television sets on the market have advanced sensors not traditionally found on conventional TVs, such as a microphone for voice commands or a camera for photo or video input. These new sensors enable features that are convenient, […]

“Won’t Somebody Think of the Children?” Examining COPPA Compliance at Scale (PETS ’18)

Abstract We present a scalable dynamic analysis framework that allows for the automatic evaluation of the privacy behaviors of Android apps. We use our system to analyze mobile apps’ compliance with the Children’s Online Privacy Protection Act (COPPA), one of the few stringent privacy laws in the U.S. Based on our automated analysis of 5,855 […]

Quantifying Users’ Beliefs about Software Updates (USEC ’18)

AbstractSoftware updates are critical to the performance, compatibility, and security of software systems. However, users do not always install updates, leaving their machines vulnerable to attackers’ exploits. While recent studies have highlighted numerous reasons why users ignore updates, little is known about how prevalent each of these beliefs is. Gaining a better understanding of the […]

Contextualizing Privacy Decisions for Better Prediction (and Protection) (CHI ’18)

Abstract Modern mobile operating systems implement an ask-on-first-use policy to regulate applications’ access to private user data: the user is prompted to allow or deny access to a sensitive resource the first time an app attempts to use it. Prior research shows that this model may not adequately capture user privacy preferences because subsequent requests […]

An Experience Sampling Study of User Reactions to Browser Warnings in the Field (CHI ’18)

Abstract Web browser warnings should help protect people from malware, phishing, and network attacks. Adhering to warnings keeps people safer online. Recent improvements in warning design have raised adherence rates, but they could still be higher. And prior work suggests many people still do not understand them. Thus, two challenges remain: increasing both comprehension and […]

A Usability Evaluation of Tor Launcher (PETS ’17)

Abstract Although Tor has state-of-the art anti-censorship measures, users in heavily censored environments will likely not be able to connect to Tor because they cannot make the correct decisions during the configuration process. We perform the first usability evaluation of Tor Launcher, the graphical user interface (GUI) that Tor Browser uses to configure connections to […]

Let’s Go in for a Closer Look: Observing Passwords in Their Natural Habitat (CCS ’17)

Abstract Text passwords—a frequent vector for account compromise, yet still ubiquitous—have been studied for decades by researchers attempting to determine how to coerce users to create passwords that are hard for attackers to guess but still easy for users to type and memorize. Most studies examine one password or a small number of passwords per […]

TurtleGuard: Helping Android Users Apply Contextual Privacy Preferences (SOUPS ’17)

Abstract Current mobile platforms provide privacy management interfaces to regulate how applications access sensitive data. Prior research has shown how these interfaces are insufficient from a usability standpoint: they do not account for context. In allowing for more contextual decisions, machine-learning techniques have shown great promise for designing systems that automatically make privacy decisions on […]

The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences (Oakland ’17)

Abstract Current smartphone operating systems regulate application permissions by prompting users on an ask-on-first-use basis. Prior research has shown that this method is ineffective because it fails to account for context: the circumstances under which an application first requests access to data may be vastly different than the circumstances under which it subsequently requests access. […]

Personalized Security Messaging: Nudges for Compliance with Browser Warnings (EuroUSEC ’17)

Abstract Decades of psychology and decision-making research show that everyone makes decisions differently; yet security messaging is still one-size-fits-all. This suggests that we can improve outcomes by delivering information relevant to how each individual makes decisions. We tested this hypothesis by designing messaging customized for stable personality traits—specifically, the five dimensions of the General Decision-Making […]