Category: Publications

“You’ve Got Your Nice List of Bugs, Now What?” Vulnerability Discovery and Management Processes in the Wild (SOUPS ’20)

AbstractOrganizational security teams have begun to specialize, and as a result, the existence of red, blue, and purple teams have been used as signals for an organization’s security maturity. There is also now a rise in the use of third-party contractors who offer services such as incident response or penetration testing. Additionally, bug bounty programs […]

Disaster Privacy/Privacy Disaster (JASIST ’20)

AbstractPrivacy expectations during disasters differ significantly from nonemergency situations. This paper explores the actual privacy practices of popular disaster apps, highlighting location information flows. Our empirical study compares content analysis of privacy policies and government agency policies, structured by the contextual integrity framework, with static and dynamic app analysis documenting the personal data sent by […]

Privacy Controls for Always-Listening Devices (NSPW ’19)

AbstractIntelligent voice assistants (IVAs) and other voice-enabled devices already form an integral component of the Internet of Things and will continue to grow in popularity. As their capabilities evolve, they will move beyond relying on the wake-words today’s IVAs use, engaging instead in continuous listening. Though potentially useful, the continuous recording and analysis of speech […]

Nudge Me Right: Personalizing Online Security Nudges to People’s Decision-Making Styles (CHB ’20)

AbstractNudges are simple and effective interventions that alter the architecture in which people make choices in order to help them make decisions that could benefit themselves or society. For many years, researchers and practitioners have used online nudges to encourage users to choose stronger and safer passwords. However, the effects of such nudges have been […]

Conducting Privacy-Sensitive Surveys: A Case Study of Civil Society Organizations (CHI Workshops ’20)

AbstractCompared to other organizations, civil society organizations (CSOs) often operate in elevated-risk contexts, and attacks against them carry much greater ramifications, including threats to freedom of expression, liberty, and life. We aim to capture the factors that affect the attitudes and intentions of CSO employees to engage in security and privacy behaviors by using a […]

The Price is (Not) Right: Comparing Privacy in Free and Paid Apps (PETS ’20)

AbstractIt is commonly assumed that “free” mobile apps come at the cost of consumer privacy and that paying for apps could offer consumers protection from behavioral advertising and long-term tracking. This work empirically evaluates the validity of this assumption by comparing the privacy practices of free apps and their paid premium versions, while also gauging […]

Investigating Users’ Preferences and Expectations for Always-Listening Voice Assistants (IMWUT ’19)

AbstractMany consumers now rely on different forms of voice assistants, both stand-alone devices and those built into smartphones. Currently, these systems react to specific wake-words, such as “Alexa,” “Siri,” or “Ok Google.” However, with advancements in natural language processing, the next generation of voice assistants could instead always listen to the acoustic environment and proactively […]

Privacy and Security Threat Models and Mitigation Strategies of Older Adults (SOUPS ’19)

AbstractOlder adults (65+) are becoming primary users of emerging smart systems, especially in health care. However, these technologies are often not designed for older users and can pose serious privacy and security concerns due to their novelty, complexity, and propensity to collect and communicate vast amounts of sensitive information. Efforts to address such concerns must […]

Privacy Attitudes of Smart Speaker Users (PETS ’19)

AbstractAs devices with always-on microphones located in people’s homes, smart speakers have significant privacy implications. We surveyed smart speaker owners about their beliefs, attitudes, and concerns about the recordings that are made and shared by their devices. To ground participants’ responses in concrete interactions, rather than collecting their opinions abstractly, we framed our survey around […]

Information Design in An Aged Care Context (PervasiveHealth ’19)

AbstractThe adoption of technological solutions for aged care is rapidly increasing in developed countries. New technologies facilitate the sharing of health information among the “care triad”: the elderly care recipient, their family, and care staff. In order to develop user-centered technologies for this population, we believe that it is necessary to first examine their views […]