Author: serge

Somebody’s Watching Me? Assessing the Effectiveness of Webcam Indicator Lights (CHI ’15)

Abstract Most laptops and personal computers have webcams with LED indicators to notify users when they are recording. Because hackers use surreptitiously captured webcam recordings to extort users, we explored the effectiveness of these indicators under varying circumstances and how they could be improved.  We observed that, on average, fewer than half of our participants […]

Is This Thing On? Crowdsourcing Privacy Indicators for Ubiquitous Sensing Platforms (CHI ’15)

Abstract We are approaching an environment where ubiquitous computing devices will constantly accept input via audio and video channels: kiosks that determine demographic information of passersby, gesture controlled home entertainment systems and audio controlled wearable devices are just a few examples. To enforce the principle of least privilege, recent proposals have suggested technical approaches to […]

Scaling the Security Wall: Developing a Security Behavior Intentions Scale (SeBIS) (CHI ’15)

Abstract Despite the plethora of security advice and online education materials offered to end-users, there exists no standard measurement tool for end-user security behaviors.  We present the creation of such a tool.  We surveyed the most common computer security advice that experts offer to end-users in order to construct a set of Likert scale questions […]

Fingerprinting Web Users through Font Metrics (FC ’15)

Abstract We describe a web browser fingerprinting technique based on measuring the onscreen dimensions of font glyphs. Font rendering in web browsers is affected by many factors—browser version, what fonts are installed, and hinting and antialiasing settings, to name a few—that are sources of fingerprintable variation in end-user systems. We show that even the relatively crude tool of measuring […]

Are you ready to lock? understanding user motivations for smartphone locking behaviors (CCS ’14)

Abstract In addition to storing a plethora of sensitive personal and work information, smartphones also store sensor data about users and their daily activities. In order to understand users’ behaviors and attitudes towards the security of their smartphone data, we conducted 28 qualitative interviews. We examined why users choose (or choose not) to employ locking […]

The effect of developer-specified explanations for permission requests on smartphone user behavior (CHI ’14)

Abstract In Apple’s iOS 6, when an app requires access to a protected resource (e.g., location or photos), the user is prompted with a permission request that she can allow or deny. These permission request dialogs include space for developers to optionally include strings of text to explain to the user why access to the […]

The importance of being earnest [in security warnings] (FC ’13)

Abstract In response to the threat of phishing, web browsers display warnings when users arrive at suspected phishing websites. Previous research has offered guidance to improve these warnings. We performed a laboratory study to investigate how the choice of background color in the warning and the text describing the recommended course of action impact a […]

When it’s better to ask forgiveness than get permission: attribution mechanisms for smartphone resources (SOUPS ’13)

Abstract Smartphone applications pose interesting security problems because the same resources they use to enhance the user experience may also be used in ways that users might find objectionable. We performed a set of experiments to study whether attribution mechanisms could help users understand how smartphone applications access device resources. First, we performed an online […]

Does my password go up to eleven?: the impact of password meters on password selection (CHI ’13)

Abstract Password meters tell users whether their passwords are “weak” or “strong.” We performed a laboratory experiment to examine whether these meters influenced users’ password selections when they were forced to change their real passwords, and when they were not told that their passwords were the subject of a study. We observed that the presence […]

My profile is my password, verify me!: the privacy/convenience tradeoff of facebook connect (CHI ’13)

Abstract We performed a laboratory experiment to study the privacy tradeoff offered by Facebook Connect: disclosing Facebook profile data to third-party websites for the convenience of logging in without creating separate accounts. We controlled for trustworthiness and amount of information each website requested, as well as the consent dialog layout. We discovered that these factors […]