HCI Bibliography Home | HCI Conferences | SOUPS Archive | Detailed Records | RefWorks | EndNote | Hide Abstracts
SOUPS Tables of Contents: 0506070809101112131415

Proceedings of the 2012 Symposium on Usable Privacy and Security

Fullname:Proceedings of the Eighth Symposium on Usable Privacy and Security
Editors:Lorrie Faith Cranor
Location:Washington, DC
Dates:2012-Jul-11 to 2012-Jul-13
Standard No:ISBN: 978-1-4503-1532-6; ACM DL: Table of Contents; hcibib: SOUPS12
Links:Conference Website
Summary:Welcome to the Eighth Symposium On Usable Privacy and Security! This year's program features 14 technical papers, one workshop, one tutorial, 14 posters, 13 posters published in the past year at other conferences, a panel, lightning talks and demo session, and an invited talk. On Thursday evening SOUPS 2012 attendees will enjoy a dinner at the Microsoft DC office.
    This year we received 67 technical paper submissions. The program committee provided two rounds of reviews. In the first round papers received an average of three reviews. In the second round, papers that had received one or more reviews better than "weak reject" in the first round received additional reviews. The goal of the second round was to ensure that a consistent standard of acceptance could be applied across all papers and, to this end, papers received as many as six reviews. We held an in-person program committee meeting on May 11. Fourteen papers were selected for presentation and publication.
  1. Mobile privacy and security
  2. User perceptions
  3. Authentication
  4. Online social networks
  5. Access control

Mobile privacy and security

Measuring user confidence in smartphone security and privacy BIBAFull-Text 1
  Erika Chin; Adrienne Porter Felt; Vyas Sekar; David Wagner
In order to direct and build an effective, secure mobile ecosystem, we must first understand user attitudes toward security and privacy for smartphones and how they may differ from attitudes toward more traditional computing systems. What are users' comfort levels in performing different tasks? How do users select applications? What are their overall perceptions of the platform? This understanding will help inform the design of more secure smartphones that will enable users to safely and confidently benefit from the potential and convenience offered by mobile platforms.
   To gain insight into user perceptions of smartphone security and installation habits, we conduct a user study involving 60 smartphone users. First, we interview users about their willingness to perform certain tasks on their smartphones to test the hypothesis that people currently avoid using their phones due to privacy and security concerns. Second, we analyze why and how they select applications, which provides information about how users decide to trust applications. Based on our findings, we present recommendations and opportunities for services that will help users safely and confidently use mobile applications and platforms.
Goldilocks and the two mobile devices: going beyond all-or-nothing access to a device's applications BIBAFull-Text 2
  Eiji Hayashi; Oriana Riva; Karin Strauss; A. J. Bernheim Brush; Stuart Schechter
Most mobile phones and tablets support only two access control device states: locked and unlocked. We investigated how well all or-nothing device access control meets the need of users by interviewing 20 participants who had both a smartphone and tablet. We find all-or-nothing device access control to be a remarkably poor fit with users' preferences. On both phones and tablets, participants wanted roughly half their applications to be available even when their device was locked and half protected by authentication. We also solicited participants' interest in new access control mechanisms designed specifically to facilitate device sharing. Fourteen participants out of 20 preferred these controls to existing security locks alone. Finally, we gauged participants' interest in using face and voice biometrics to authenticate to their mobile phone and tablets; participants were surprisingly receptive to biometrics, given that they were also aware of security and reliability limitations.
Android permissions: user attention, comprehension, and behavior BIBAFull-Text 3
  Adrienne Porter Felt; Elizabeth Ha; Serge Egelman; Ariel Haney; Erika Chin; David Wagner
Android's permission system is intended to inform users about the risks of installing applications. When a user installs an application, he or she has the opportunity to review the application's permission requests and cancel the installation if the permissions are excessive or objectionable. We examine whether the Android permission system is effective at warning users. In particular, we evaluate whether Android users pay attention to, understand, and act on permission information during installation. We performed two usability studies: an Internet survey of 308 Android users, and a laboratory study wherein we interviewed and observed 25 Android users. Study participants displayed low attention and comprehension rates: both the Internet survey and laboratory study found that 17% of participants paid attention to permissions during installation, and only 3% of Internet survey respondents could correctly answer all three permission comprehension questions. This indicates that current Android permission warnings do not help most users make correct security decisions. However, a notable minority of users demonstrated both awareness of permission warnings and reasonable rates of comprehension. We present recommendations for improving user attention and comprehension, as well as identify open challenges.

User perceptions

Smart, useful, scary, creepy: perceptions of online behavioral advertising BIBAFull-Text 4
  Blase Ur; Pedro Giovanni Leon; Lorrie Faith Cranor; Richard Shay; Yang Wang
We report results of 48 semi-structured interviews about online behavioral advertising (OBA). We investigated non-technical users' attitudes about and understanding of OBA, using participants' expectations and beliefs to explain their attitudes. Participants found OBA to be simultaneously useful and privacy invasive. They were surprised to learn that browsing history is currently used to tailor advertisements, yet they were aware of contextual targeting.
   Our results identify mismatches between participants' mental models and current approaches for providing users with notice and choice about OBA. Participants misinterpreted icons intended to notify them about behavioral targeting and expected that they could turn to their browser or antivirus software to control OBA. Participants had strong concerns about data collection, and the majority of participants believed that advertisers collect personally identifiable information. They also misunderstood the role of advertising networks, basing their opinions of an advertising network on that company's non-advertising activities. Participants' attitudes towards OBA were complex and context-dependent. While many participants felt tailored advertising could benefit them, existing notice and choice mechanisms are not effectively reaching users.
Reasons, rewards, regrets: privacy considerations in location sharing as an interactive practice BIBAFull-Text 5
  Sameer Patil; Greg Norcie; Apu Kapadia; Adam J. Lee
Rapid growth in the usage of location-aware mobile phones has enabled mainstream adoption of location-sharing services (LSS). Integration with social-networking services (SNS) has further accelerated this trend. To uncover how these developments have shaped the evolution of LSS usage, we conducted an online study (N = 362) aimed at understanding the preferences and practices of LSS users in the US. We found that the main motivations for location sharing were to connect and coordinate with one's social and professional circles, to project an interesting image of oneself, and to receive rewards offered for 'checking in.' Respondents overwhelmingly preferred sharing location only upon explicit action. More than a quarter of the respondents recalled at least one instance of regret over revealing their location. Our findings suggest that privacy considerations in LSS are affected due to integration within SNS platforms and by transformation of location sharing into an interactive practice that is no longer limited only to finding people based on their whereabouts. We offer design suggestions, such as delayed disclosure and conflict detection, to enhance privacy-management capabilities of LSS.
Stories as informal lessons about security BIBAFull-Text 6
  Emilee Rader; Rick Wash; Brandon Brooks
Non-expert computer users regularly need to make security-relevant decisions; however, these decisions tend not to be particularly good or sophisticated. Nevertheless, their choices are not random. Where does the information come from that these non-experts base their decisions upon? We argue that much of this information comes from stories they hear from other people. We conducted a survey to ask open- and closed-ended questions about security stories people hear from others. We found that most people have learned lessons from stories about security incidents informally from family and friends. These stories impact the way people think about security, and their subsequent behavior when making security-relevant decisions. In addition, many people retell these stories to others, indicating that a single story has the potential to influence multiple people. Understanding how non-experts learn from stories, and what kinds of stories they learn from, can help us figure out new methods for helping these people make better security decisions.


Correct horse battery staple: exploring the usability of system-assigned passphrases BIBAFull-Text 7
  Richard Shay; Patrick Gage Kelley; Saranga Komanduri; Michelle L. Mazurek; Blase Ur; Timothy Vidas; Lujo Bauer; Nicolas Christin; Lorrie Faith Cranor
Users tend to create passwords that are easy to guess, while system-assigned passwords tend to be hard to remember. Passphrases, space-delimited sets of natural language words, have been suggested as both secure and usable for decades. In a 1,476-participant online study, we explored the usability of 3- and 4-word system-assigned passphrases in comparison to system-assigned passwords composed of 5 to 6 random characters, and 8-character system-assigned pronounceable passwords. Contrary to expectations, system-assigned passphrases performed similarly to system-assigned passwords of similar entropy across the usability metrics we examined. Passphrases and passwords were forgotten at similar rates, led to similar levels of user difficulty and annoyance, and were both written down by a majority of participants. However, passphrases took significantly longer for participants to enter, and appear to require error-correction to counteract entry mistakes. Passphrase usability did not seem to increase when we shrunk the dictionary from which words were chosen, reduced the number of words in a passphrase, or allowed users to change the order of words.
Do you see your password?: applying recognition to textual passwords BIBAFull-Text 8
  Nicholas Wright; Andrew S. Patrick; Robert Biddle
Text-based password systems are the authentication mechanism most commonly used on computer systems. Graphical passwords have recently been proposed because the pictorial-superiority effect suggests that people have better memory for images. The most widely advocated graphical password systems are based on recognition rather than recall. This approach is favored because recognition is a more effective manner of retrieval than recall, exhibiting greater accuracy and longevity of material. However, schemes such as these combine both the use of graphical images and the use of recognition as a retrieval mechanism. This paper reports on a study that sought to address this confound by exploring the recognition of text as a novel means of authentication. We hypothesized that there would be significant differences between text recognition and text recall conditions. Our study, however, showed that the conditions were comparable; we found no significant difference in memorability. Furthermore, text recognition required more time to authenticate successfully.

Online social networks

Facebook and privacy: it's complicated BIBAFull-Text 9
  Maritza Johnson; Serge Egelman; Steven M. Bellovin
We measure users' attitudes toward interpersonal privacy concerns on Facebook and measure users' strategies for reconciling their concerns with their desire to share content online. To do this, we recruited 260 Facebook users to install a Facebook application that surveyed their privacy concerns, their friend network compositions, the sensitivity of posted content, and their privacy-preserving strategies. By asking participants targeted questions about people randomly selected from their friend network and posts shared on their profiles, we were able to quantify the extent to which users trust their "friends" and the likelihood that their content was being viewed by unintended audiences. We found that while strangers are the most concerning audience, almost 95% of our participants had taken steps to mitigate those concerns. At the same time, we observed that 16.5% of participants had at least one post that they were uncomfortable sharing with a specific friend -- someone who likely already had the ability to view it -- and that 37% raised more general concerns with sharing their content with friends. We conclude that the current privacy controls allow users to effectively manage the outsider threat, but that they are unsuitable for mitigating concerns over the insider threat -- members of the friend network who dynamically become inappropriate audiences based on the context of a post.
Are privacy concerns a turn-off?: engagement and privacy in social networks BIBAFull-Text 10
  Jessica Staddon; David Huffaker; Larkin Brown; Aaron Sedley
We describe survey results from a representative sample of 1,075 U. S. social network users who use Facebook as their primary network. Our results show a strong association between low engagement and privacy concern. Specifically, users who report concerns around sharing control, comprehension of sharing practices or general Facebook privacy concern, also report consistently less time spent as well as less (self-reported) posting, commenting and "Like"ing of content. The limited evidence of other significant differences between engaged users and others suggests that privacy-related concerns may be an important gate to engagement. Indeed, privacy concern and network size are the only malleable attributes that we find to have significant association with engagement. We manually categorize the privacy concerns finding that many are nonspecific and not associated with negative personal experiences. Finally, we identify some education and utility issues associated with low social network activity, suggesting avenues for increasing engagement amongst current users.
Helping Johnny 2.0 to encrypt his Facebook conversations BIBAFull-Text 11
  Sascha Fahl; Marian Harbach; Thomas Muders; Matthew Smith; Uwe Sander
Several billion Facebook messages are sent every day. While there are many solutions to email security whose usability has been extensively studied, little work has been done in the area of message security for Facebook and even less on the usability aspects in this area. To evaluate the need for such a mechanism, we conducted a screening study with 514 participants, which showed a clear desire to protect private messages on Facebook. We therefore proceeded to analyse the usability of existing approaches and extracted key design decisions for further evaluation. Based on this analysis, we conducted a laboratory study with 96 participants to analyse different usability aspects and requirements of a Facebook message encryption mechanism. Two key findings of our study are that automatic key management and key recovery capabilities are important features for such a mechanism. Following on from these studies, we designed and implemented a usable service-based encryption mechanism for Facebook conversations. In a final study with 15 participants, we analysed the usability of our solution. All participants were capable of successfully encrypting their Facebook conversations without error when using our service, and the mechanism was perceived as usable and useful. The results of our work suggest that in the context of the social web, new security/usability trade-offs can be explored to protect users more effectively.

Access control

+Your circles: sharing behavior on Google+ BIBAFull-Text 12
  Jason Watson; Andrew Besmer; Heather Richter Lipford
Users are sharing and consuming enormous amounts of information through online social network interaction every day. Yet, many users struggle to control what they share to their overlapping social spheres. Google+ introduces circles, a mechanism that enables users to group friends and use these groups to control their social network feeds and posts. We present the results of a qualitative interview study on the sharing perceptions and behavior of 27 Google+ users. These results indicate that many users have a clear understanding of circles, using them to target information to those most interested in it. Yet, despite these positive perceptions, there is only moderate use of circles to control information flow. We explore reasons and risks associated with these behaviors and provide insight on the impact and open questions of this privacy mechanism.
The PViz comprehension tool for social network privacy settings BIBAFull-Text 13
  Alessandra Mazzia; Kristen LeFevre; Eytan Adar
Users' mental models of privacy and visibility in social networks often involve subgroups within their local networks of friends. Many social networking sites have begun building interfaces to support grouping, like Facebook's lists and "Smart Lists," and Google+'s "Circles." However, existing policy comprehension tools, such as Facebook's Audience View, are not aligned with this mental model. In this paper, we introduce PViz, an interface and system that corresponds more directly with how users model groups and privacy policies applied to their networks. PViz allows the user to understand the visibility of her profile according to automatically-constructed, natural sub-groupings of friends, and at different levels of granularity. Because the user must be able to identify and distinguish automatically-constructed groups, we also address the important sub-problem of producing effective group labels. We conducted an extensive user study comparing PViz to current policy comprehension tools (Facebook's Audience View and Custom Settings page). Our study revealed that PViz was comparable to Audience View for simple tasks, and provided a significant improvement for complex, group-based tasks, despite requiring users to adapt to a new tool. Utilizing feedback from the user study, we further iterated on our design, constructing PViz 2.0, and conducted a follow-up study to evaluate our refinements.
Relating declarative semantics and usability in access control BIBAFull-Text 14
  Vivek Krishnan; Mahesh V. Tripunitara; Kinson Chik; Tony Bergstrom
Usability is widely recognized as a problem in the context of the administration of access control systems. We seek to relate the notion of declarative semantics, a recurring theme in research in access control, with usability. We adopt the concrete context of POSIX ACLs and the traditional interface for it that comprises two utilities getfacl and setfacl whose natural semantics is operational. We have designed and implemented an alternate interface that we call askfacl whose natural semantics is declarative. We discuss our design of askfacl. We then discuss a human-subject usability study that we have designed and conducted that compares the two interfaces. Our results measurably demonstrate the goodness of declarative semantics in access control.