Our research on web-based threats to privacy and security involves performing human subjects experiments to examine how people respond to current mitigations, such as web browser security warnings and various privacy tools. We are also performing research to discover new threats to privacy, such as new ways for companies to perform online tracking, web-browser fingerprinting, and managing the disclosure of information on social networking websites.

We’re broadly interested in answering the following questions:

  • Why do users choose to ignore web browser security warnings?
  • Can we improve online security systems by catering risk communication to specific personas?
  • Can we subconsciously help people make better security decisions?
  • What methods can be used to fingerprint a web browser (thereby allowing online tracking) and how can these be mitigated?
  • What innate factors influence users’ online privacy preferences and behaviors?
  • How can we build systems that infer users’ online privacy preferences?