Sunny Consolvo
Sunny is a researcher at Google where she spends most of her time focusing on digital-safety topics.
Authored Publications
Google Publications
Other Publications
Sort By
Practicing Information Sensibility: How Gen Z Engages with Online Information
Amelia Hassoun
Ian Beacock
Beth Goldberg
Patrick Gage Kelley
Daniel M. Russell
ACM CHI Conference on Human Factors in Computing Systems (2023)
Preview abstract
Assessing the trustworthiness of information online is complicated. Literacy-based paradigms are both widely used to help and widely critiqued. We conducted a study with 35 Gen Zers from across the U.S. to understand how they assess information online. We found that they tended to encounter—rather than search for—information, and that those encounters were shaped more by social motivations than by truth-seeking queries. For them, information processing is fundamentally a social practice. Gen Zers interpreted online information together, as aspirational members of social groups. Our participants sought information sensibility: a socially-informed awareness of the value of information encountered online. We outline key challenges they faced and practices they used to make sense of information. Our findings suggest that like their information sensibility practices, solutions and strategies to address misinformation should be embedded in social contexts online.
View details
Preview abstract
Online hate and harassment poses a threat to the digital safety of people globally. In light of this risk, there is a need to equip as many people as possible with advice to stay safer online. We interviewed 24 experts to understand what threats and advice internet users should prioritize to prevent or mitigate harm. As part of this, we asked experts to evaluate 45 pieces of existing hate-and-harassment-specific digital-safety advice to understand why they felt advice was viable or not. We find that experts frequently had competing perspectives for which threats and advice they would prioritize. We synthesize sources of disagreement, while also highlighting the primary threats and advice where experts concurred. Our results inform immediate efforts to protect users from online hate and harassment, as well as more expansive socio-technical efforts to establish enduring safety.
View details
"Millions of people are watching you": Understanding the digital safety needs of creators
Patrawat Samermit
Patrick Gage Kelley
Tara Matthews
Vanessia Wu
(2023)
Preview abstract
Online content creators---who create and share their content on platforms such as Instagram, TikTok, Twitch, and YouTube---are uniquely at-risk of increased digital-safety threats due to their public prominence, the diverse social norms of wide-ranging audiences, and their access to audience members as a valuable resource. We interviewed 23 creators to understand their digital-safety experiences. This includes the security, privacy, and abuse threats they have experienced across multiple platforms and how the threats have changed over time. We also examined the protective practices they have employed to stay safer, including tensions in how they adopt the practices. We found that creators have diverse threat models that take into consideration their emotional, physical, relational, and financial safety. Most adopted protections---including distancing from technology, moderating their communities, and seeking external or social support---only after experiencing a serious safety incident. Lessons from their experiences help us better prepare and protect creators and ensure a diversity of voices are present online.
View details
Understanding Digital-Safety Experiences of Youth in the U.S.
Diana Freed
Natalie N. Bazarova
Eunice Han
Patrick Gage Kelley
Dan Cosley
The ACM CHI Conference on Human Factors in Computing Systems, ACM (2023)
Preview abstract
The seamless integration of technology into the lives of youth has raised concerns about their digital safety. While prior work has explored youth experiences with physical, sexual, and emotional threats—such as bullying and trafficking—a comprehensive and in-depth understanding of the myriad threats that youth experience is needed. By synthesizing the perspectives of 36 youth and 65 adult participants from the U.S., we provide an overview of today’s complex digital-safety landscape. We describe attacks youth experienced, how these moved across platforms and into the physical world, and the resulting harms. We also describe protective practices the youth and the adults who support them took to prevent, mitigate, and recover from attacks, and key barriers to doing this effectively. Our findings provide a broad perspective to help improve digital safety for youth and set directions for future work.
View details
“I just wanted to triple check ... they were all vaccinated” — Supporting Risk Negotiation in the Context of COVID-19
Jennifer Brown
Jennifer C. Mankoff
Margaret E. Morris
Paula S. Nurius
Savanna Yee
ACM Transactions on Computer-Human Interaction (2022)
Preview abstract
During the COVID-19 pandemic, risk negotiation became an important precursor to in-person contact. For young adults, social planning generally occurs through computer-mediated communication. Given the importance of social connectedness for mental health and academic engagement, we sought to understand how young adults plan in-person meetups over computer-mediated communication in the context of the pandemic. We present a qualitative study that explores young adults’ risk negotiation during the COVID-19 pandemic, a period of conflicting public health guidance. Inspired by cultural probe studies, we invited participants to express their preferred precautions for one week as they planned in-person meetups. We interviewed and surveyed participants about their experiences. Through qualitative analysis, we identify strategies for risk negotiation, social complexities that impede risk negotiation, and emotional consequences of risk negotiation. Our findings have implications for AI-mediated support for risk negotiation and assertive communication more generally. We explore tensions between risks and potential benefits of such systems.
View details
SoK: A Framework for Unifying At-Risk User Research
Noel Warford
Tara Matthews
Kaitlyn Yang
Omer Akgul
Patrick Gage Kelley
Nathan Malkin
Michelle L. Mazurek
(2022)
Preview abstract
At-risk users are people who experience risk factors that augment or amplify their chances of being digitally attacked and/or suffering disproportionate harms. In this systematization work, we present a framework for reasoning about at-risk users based on a wide-ranging meta-analysis of 95 papers. Across the varied populations that we examined (e.g., children, activists, people with disabilities), we identified 10 unifying contextual risk factors—such as marginalization and access to a sensitive resource—that augment or amplify digital-safety risks and their resulting harms. We also identified technical and non-technical practices that at-risk users adopt to attempt to protect themselves from digital-safety risks. We use this framework to discuss barriers that limit at-risk users’ ability or willingness to take protective actions. We believe that researchers and technology creators can use our framework to identify and shape research investments to benefit at-risk users, and to guide technology design to better support at-risk users.
View details
“Why wouldn’t someone think of democracy as a target?”: Security practices & challenges of people involved with U.S. political campaigns
Patrick Gage Kelley
Tara Matthews
Lee Carosi Dunn
Proceedings of the USENIX Security Symposium (2021)
Preview abstract
People who are involved with political campaigns face increased digital security threats from well-funded, sophisticated attackers, especially nation-states. Improving political campaign security is a vital part of protecting democracy. To identify campaign security issues, we conducted qualitative research with 28 participants across the U.S. political spectrum to understand the digital security practices, challenges, and perceptions of people involved in campaigns. A main, overarching finding is that a unique combination of threats, constraints, and work culture lead people involved with political campaigns to use technologies from across platforms and domains in ways that leave them—and democracy—vulnerable to security attacks. Sensitive data was kept in a plethora of personal and work accounts, with ad hoc adoption of strong passwords, two-factor authentication, encryption, and access controls. No individual company, committee, organization, campaign, or academic institution can solve the identified problems on their own. To this end, we provide an initial understanding of this complex problem space and recommendations for how a diverse group of experts can begin working together to improve security for political campaigns.
View details
Designing Toxic Content Classification for a Diversity of Perspectives
Deepak Kumar
Patrick Gage Kelley
Joshua Mason
Zakir Durumeric
Michael Bailey
(2021)
Preview abstract
In this work, we demonstrate how existing classifiers for identifying toxic comments online fail to generalize to the diverse concerns of Internet users. We survey 17,280 participants to understand how user expectations for what constitutes toxic content differ across demographics, beliefs, and personal experiences. We find that groups historically at-risk of harassment—such as people who identify as LGBTQ+ or young adults—are more likely to to flag a random comment drawn from Reddit, Twitter, or 4chan as toxic, as are people who have personally experienced harassment in the past. Based on our findings, we show how current one-size-fits-all toxicity classification algorithms, like the Perspective API from Jigsaw, can improve in accuracy by 86% on average through personalized model tuning. Ultimately, we highlight current pitfalls and new design directions that can improve the equity and efficacy of toxic content classifiers for all users.
View details
SoK: Hate, Harassment, and the Changing Landscape of Online Abuse
Devdatta Akhawe
Michael Bailey
Dan Boneh
Nicola Dell
Zakir Durumeric
Patrick Gage Kelley
Deepak Kumar
Damon McCoy
Sarah Meiklejohn
Thomas Ristenpart
Gianluca Stringhini
(2021)
Preview abstract
We argue that existing security, privacy, and anti-abuse protections fail to address the growing threat of online hate and harassment. In order for our community to understand and address this gap, we propose a taxonomy for reasoning about online hate and harassment. Our taxonomy draws on over 150 interdisciplinary research papers that cover disparate threats ranging from intimate partner violence to coordinated mobs. In the process, we identify seven classes of attacks---such as toxic content and surveillance---that each stem from different attacker capabilities and intents. We also provide longitudinal evidence from a three-year survey that hate and harassment is a pervasive, growing experience for online users, particularly for at-risk communities like young adults and people who identify as LGBTQ+. Responding to each class of hate and harassment requires a unique strategy and we highlight five such potential research directions that ultimately empower individuals, communities, and platforms to do so.
View details
College from home during COVID-19: A mixed-methods study of heterogeneous experiences
Margaret E. Morris
Kevin S. Kuehn
Jennifer Brown
Paula S. Nurius
Han Zhang
Yasaman S. Sefidgar
Xuhai Xu
Eve A. Riskin
Anind K. Dey
Jennifer C. Mankoff
Proceedings of the ACM on Human Computer Interaction (PACM HCI), ACM (2021)
Preview abstract
This mixed-method study examined the experiences of college students during the COVID-19 pandemic through surveys, experience sampling data collected over two academic quarters (Spring 2019 n1 = 253; Spring 2020 n2 = 147), and semi-structured interviews with 27 undergraduate students. There were no marked changes in mean levels of depressive symptoms, anxiety, stress, or loneliness between 2019 and 2020, or over the course of the Spring 2020 term. Students in both the 2019 and 2020 cohort who indicated psychosocial vulnerability at the initial assessment showed worse psychosocial functioning throughout the entire Spring term relative to other students. However, rates of distress increased faster in 2020 than in 2019 for these individuals. Across individuals, homogeneity of variance tests and multi-level models revealed significant heterogeneity, suggesting the need to examine not just means but the variations in individuals’ experiences. Thematic analysis of interviews characterizes these varied experiences, describing the contexts for students' challenges and strategies. This analysis highlights the interweaving of psychosocial and academic distress: Challenges such as isolation from peers, lack of interactivity with instructors, and difficulty adjusting to family needs had both an emotional and academic toll. Strategies for adjusting to this new context included initiating remote study and hangout sessions with peers, as well as self-learning. In these and other strategies, students used technologies in different ways and for different purposes than they had previously. Supporting qualitative insight about adaptive responses were quantitative findings that students who used more problem-focused forms of coping reported fewer mental health symptoms over the course of the pandemic, even though they perceived their stress as more severe. These findings underline the need for interventions oriented towards problem-focused coping and suggest opportunities for peer role modeling.
View details
Tough Times at Transitional Homeless Shelters: Considering the Impact of Financial Insecurity on Digital Security and Privacy
Tara Matthews
Jill Palzkill Woelfer
Martin Shelton
Andrew Oplinger
Andreas Schou
Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems
Preview abstract
Addressing digital security and privacy issues can be particularly difficult for users who face challenging circumstances. We performed semi-structured interviews with residents and staff at 4 transitional homeless shelters in the U.S. San Francisco Bay Area (n=15 residents, 3 staff) to explore their digital security and privacy challenges. Based on these interviews, we outline four tough times themes -- challenges experienced by our financially insecure participants that impacted their digital security and privacy -- which included: (1) limited financial resources, (2) limited access to reliable devices and Internet, (3) untrusted relationships, and (4) ongoing stress. We provide examples of how each theme impacts digital security and privacy practices and needs. We then use these themes to provide a framework outlining opportunities for technology creators to better support users facing security and privacy challenges related to financial insecurity.
View details
"They Don't Leave Us Alone Anywhere We Go": Gender and Digital Abuse in South Asia
Nithya Sambasivan
Amna Batool
Nova Ahmed
Tara Matthews
Sane Gaytán
David Nemer
(2019) (to appear)
Preview abstract
South Asia faces one of the largest gender gaps online globally, and online safety is one of the main barriers to gender-equitable Internet access [GSMA, 2015]. To better understand the gendered risks and coping practices online in South Asia, we present a qualitative study of the online abuse experiences and coping practices of 199 people who identified as women and 6 NGO staff from India, Pakistan, and Bangladesh, using a feminist analysis. We found that a majority of our participants regularly contended with online abuse, experiencing three major abuse types: cyberstalking, impersonation, and personal content leakages. Consequences of abuse included emotional harm, reputation damage, and physical and sexual violence. Participants coped through informal channels rather than through technological protections or law enforcement. Altogether, our findings point to opportunities for designs, policies, and algorithms to improve women's safety online in South Asia.
View details
Towards gender-equitable privacy and security in South Asia
Amna Batool
David Nemer
Nithya Sambasivan
Nova Ahmed
Sane Gaytán
Tara Matthews
IEEE Security & Privacy (2019)
Preview abstract
2017 marked the year when half the world went online. But women remain under-represented on the Internet. Nearly two-thirds of countries have more men than women online [1]. South Asia has one of the largest gender gaps when it comes to mobile and Internet access: 29% of users from India are women and they are 26% less likely than South Asian men to own a phone [2]. A large and growing population of nearly 760 million women live in India, Bangladesh, and Pakistan [3-5]. As a result a growing affordability and ease of access, women will comprise a significant proportion of new Internet users. As the gaps close online, there is enormous potential for security and privacy technologies to turn towards gender-equitable designs and enable women to equitably participate online.
View details
An Experience Sampling Study of User Reactions to Browser Warnings in the Field
Nathan Malkin
Serge Egelman
CHI (2018)
Preview abstract
Web browser warnings should help protect people from malware, phishing, and network attacks. Adhering to warnings keeps people safer online. Recent improvements in warning design have raised adherence rates, but they could still be higher. And prior work suggests many people still do not understand them. Thus, two challenges remain: increasing both comprehension and adherence rates. To dig deeper into user decision making and comprehension of warnings, we performed an experience sampling study of web browser security warnings, which involved surveying over 6,000 Chrome and Firefox users in situ to gather reasons for adhering or not to real warnings. We find these reasons are many and vary with context. Contrary to older prior work, we do not find a single dominant failure in modern warning design---like habituation---that prevents effective decisions. We conclude that further improvements to warnings will require solving a range of smaller contextual misunderstandings.
View details
“Privacy is not for me, it’s for those rich women”: Performative Privacy Practices on Mobile Phones by Women in South Asia
Amna Batool
David Nemer
Nithya Sambasivan
Nova Ahmed
Sane Gaytán
Tara Matthews
Symposium on Usable Privacy and Security (SOUPS) 2018 (2018)
Preview abstract
Women in South Asia own fewer personal devices like laptops and phones than women elsewhere in the world. Further, cultural expectations influence how mobile phones are shared with and digital activities are scrutinized by family members. In this paper, we report on a qualitative study conducted in India, Pakistan, and Bangladesh about how women perceive, manage, and control their personal privacy on shared phones. We describe a set of five performative practices our participants employed to maintain individuality and privacy, despite frequent borrowing and monitoring of their devices by family and social relations. These practices involved management of phone and app locks, content deletion, technology avoidance, and use of private modes. We present design opportunities for maintaining privacy on shared devices that are mindful of the social norms and values in the South Asian countries studied, including to improve discovery of privacy controls, offer content hiding, and provide algorithmic understanding of multiple-user use cases. Our suggestions have implications for enhancing the agency of user populations whose social norms shape their phone use.
View details
Privacy and security experiences and practices of survivors of intimate partner abuse
Cori Manthorne
Jill Palzkill Woelfer
Martin Shelton
Tara Matthews
IEEE Security & Privacy Magazine (2017)
Preview abstract
Recognizing how intimate partner abuse’s three phases—physical control, escape from abuser, and life apart—affect survivors’ technology use can help technology creators better understand and support this population’s digital security and privacy needs.
View details
Stories from survivors: Privacy & security practices when coping with intimate partner abuse
Tara Matthews
Jill Palzkill Woelfer
Martin Shelton
Cori Manthorne
CHI '17 Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, ACM, New York, NY, USA (2017), pp. 2189-2201
Preview abstract
We present a qualitative study of the digital privacy and security motivations, practices, and challenges of survivors of intimate partner abuse (IPA). This paper provides a framework for organizing survivors' technology practices and challenges into three phases: physical control, escape, and life apart. This three-phase framework combines technology practices with three phases of abuse to provide an empirically sound method for technology creators to consider how survivors of IPA can leverage new and existing technologies. Overall, our results suggest that the usability of and control over privacy and security functions should be or continue to be high priorities for technology creators seeking ways to better support survivors of IPA.
View details
Preview abstract
Users often don’t follow expert advice for staying secure online, but the reasons for users’ noncompliance are only partly understood. More than 200 security experts were asked for the top three pieces of advice they would give non-tech-savvy users. The results suggest that, although individual experts give thoughtful, reasonable answers, the expert community as a whole lacks consensus.
View details
“She’ll just grab any device that’s closer”: A Study of Everyday Device & Account Sharing in Households
Tara Matthews
Kerwell Liao
Marianne Berkovich
Proceedings of the ACM Conference on Human Factors in Computing Systems, ACM (2016) (to appear)
Preview abstract
Many technologies assume a single user will use an account or device. But account and device sharing situations (when 2+ people use a single device or account) may arise during everyday life. We present results from a multiple-methods study of device and account sharing practices among household members and their relations. Among our findings are that device and account sharing was common, and mobile phones were often shared despite being considered “personal” devices. Based on our study results, we organize sharing practices into a taxonomy of six sharing types — distinct patterns of what, why, and how people shared. We also present two themes that cut across sharing types: that (1) trust in sharees and (2) convenience highly influenced sharing practices. Based on these findings, implications for study and technology design.
View details
Rethinking Connection Security Indicators
Helen Harris
Max Walker
Chris Thompson
Elisabeth Morant
SOUPS (2016)
Preview abstract
We propose a new set of browser security indicators, based on user research and an understanding of the design challenges faced by browsers. To motivate the need for new security indicators, we critique existing browser security indicators and survey 1,329 people about Google Chrome's indicators. We then evaluate forty icons and seven complementary strings by surveying thousands of respondents about their perceptions of the candidates. Ultimately, we select and propose three indicators. Our proposed indicators have been adopted by Google Chrome, and we hope to motivate others to update their security indicators as well.
View details
Attitudes Toward Vehicle-Based Sensing and Recording
Sebastian Schnorf
Brian Kemler
Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing, ACM, pp. 1017-1028
Preview abstract
Vehicles increasingly include features that rely on hi-tech sensors and recording; however, little is known of public attitudes toward such recording. We use two studies, an online survey (n=349) and an interview-based study (n=15), to examine perceptions of vehicle-based sensing and recording. We focus on: 1) how vehicle-based recording and sensing may differ from perceptions of current recording; 2) factors that impact comfort with vehicle-based recording for hypothetical drivers versus bystanders; and 3) perceptions of potential privacy-preserving techniques. We find that vehicle-based recording challenges current mental models of recording awareness. Comfort tends to depend on perceived bene-
fits, which can vary by stakeholder type. Perceived privacy in spaces near cars can also impact comfort and reflect mental models of private spaces as well as the range of potentially sensitive activities people perform in and near cars. Privacy-preserving techniques may increase perceived comfort but
may require addressing trust and usability issues.
View details
“...no one can hack my mind”: Comparing Expert and Non-Expert Security Practices
Iulia Ion
Proceedings of the Eleventh Symposium On Usable Privacy and Security, USENIX (2015), pp. 327-346
Preview abstract
The state of advice given to people today on how to stay safe online has plenty of room for improvement. Too many things are asked of them, which may be unrealistic, time consuming, or not really worth the effort. To improve the security advice, our community must find out what practices people use and what recommendations, if messaged well, are likely to bring the highest benefit while being realistic to ask of people. In this paper, we present the results of a study which aims to identify which practices people do that they consider most important at protecting their security online. We compare self-reported security practices of non-experts to those of security experts (i.e., participants who reported having five or more years of experience working in computer security). We report on the results of two online surveys—one with 231 security experts and one with 294 MTurk participants—on what the practices and attitudes of each group are. Our findings show a discrepancy between the security practices that experts and non-experts report taking. For instance, while experts most frequently report installing software updates, using two-factor authentication and using a password manager to stay safe online, non-experts report using antivirus software, visiting only known websites, and changing passwords frequently.
View details
Improving SSL Warnings: Comprehension and Adherence
Somas Thyagaraja
Alan Bettes
Helen Harris
Jeff Grimes
Proceedings of the Conference on Human Factors and Computing Systems, ACM (2015)
Preview abstract
Browsers warn users when the privacy of an SSL/TLS connection might be at risk. An ideal SSL warning would empower users to make informed decisions and, failing that, guide confused users to safety. Unfortunately, users struggle to understand and often disregard real SSL warnings. We report on the task of designing a new SSL warning, with the goal of improving comprehension and adherence.
We designed a new SSL warning based on recommendations from warning literature and tested our proposal with microsurveys and a field experiment. We ultimately failed at our goal of a well-understood warning. However, nearly 30% more total users chose to remain safe after seeing our warning. We attribute this success to opinionated design, which promotes safety with visual cues. Subsequently, our proposal was released as the new Google Chrome SSL warning. We raise questions about warning comprehension advice and recommend that other warning designers use opinionated design.
View details
A Comparison of Questionnaire Biases Across Sample Providers
Aaron Sedley
Victoria Sosik
American Association for Public Opinion Research, 2015 Annual Conference (2015)
Preview abstract
Survey research, like all methods, is fraught with potential sources of error that can significantly affect the validity and reliability of results. There are four major types of error common to surveys as a data collection method: (1) coverage error arising from certain segments of a target population being excluded, (2) nonresponse error where not all those selected for a sample respond, (3) sampling error which results from the fact that surveys only collect data from a subset of the population being measured, and (4) measurement error. Measurement error can arise from the wording and design of survey questions (i.e., instrument error), as well as the variability in respondent ability and motivation (i.e., respondent error) [17].
This paper focuses primarily on measurement error as a source of bias in surveys. It is well established that instrument error [34, 40] and respondent error (e.g., [21]) can yield meaningful differences in results. For example, variations in response order, response scales, descriptive text, or images used in a survey can lead to instrument error which can result in skewed response distributions. Certain types of questions can trigger other instrument error biases, such as the tendency to agree with statements presented in an agree/disagree format (acquiescence bias) or the hesitancy to admit undesirable behaviors or overreport desirable behaviors (social desirability bias). Respondent error is largely related to the amount of cognitive effort required to answer a survey and arises when respondents are either unable or unwilling to exert the required effort [21].
Such measurement error has been compared across survey modes, such as face-to-face, telephone, and Internet (e.g., [9, 18]), but little work has compared different Internet samples, such as crowdsourcing task platforms (e.g., Amazon’s Mechanical Turk), paywall surveys (e.g., Google Consumer Surveys), opt-in panels (e.g., Survey Sampling International), and probability based panels (e.g., the Gfk KnowledgePanel). Because these samples differ in recruiting, context, and incentives, respondents may be more or less motivated to effortfully respond to questions, leading to different degrees of bias in different samples. The specific instruments deployed to respondents in these different modes can also exacerbate the situation by requiring more or less cognitive effort to answer satisfactorily.
The present study has two goals:
Investigate the impact of question wording on response distributions in order to measure the strength of common survey biases arising from instrument and respondent error
Compare the variance in the degree of these biases across Internet survey samples with differing characteristics in order to determine whether certain types of samples are more susceptible to certain biases than others.
View details
Your Reputation Precedes You: History, Reputation, and the Chrome Malware Warning
Hazim Almuhimedi
Proceedings of the Symposium On Usable Privacy and Security: SOUPS '14, USENIX (2014)
Preview abstract
Several web browsers, including Google Chrome and Mozilla Firefox, use malware warnings to stop people from visiting infectious websites. However, users can choose to click through (i.e., ignore) these malware warnings. In Google Chrome, users click through a fifth of malware warnings on average. We investigate factors that may contribute to why people ignore such warnings. First, we examine field data to see how browsing history affects click-through rates. We find that users consistently heed warnings about websites that they have not visited before. However, users respond unpredictably to warnings about websites that they have previously visited. On some days, users ignore more than half of warnings about websites they've visited in the past. Next, we present results of an online, survey-based experiment that we ran to gain more insight into the effects of reputation on warning adherence. Participants said that they trusted high-reputation websites more than the warnings; however, their responses suggest that a notable minority of people could be swayed by providing more information. We provide recommendations for warning designers and pose open questions about the design of malware warnings.
View details
“My religious aunt asked why I was trying to sell her viagra”: Experiences with account hijacking
Richard Shay
Iulia Ion
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems: CHI '14, ACM, New York, NY, USA (2014), pp. 2657-2666
Preview abstract
With so much of our lives digital, online, and not entirely under our control, we risk losing access to our communications, reputation, and data. Recent years have brought a rash of high-profile account compromises, but account hijacking is not limited to high-profile accounts. In this paper, we report results of a survey about people’s experiences with and attitudes toward account hijacking. The problem is widespread; 30% of our 294 participants had an email or social networking account accessed by an unauthorized party. Five themes emerged from our results: (1) compromised accounts are often valuable to victims, (2) attackers are mostly unknown, but sometimes known, to victims, (3) users acknowledge some responsibility for keeping their accounts secure, (4) users’ understanding of important security measures is incomplete, and (5) harm from account hijacking is concrete and emotional. We discuss implications for designing security mechanisms to improve chances for user adoption.
View details
Designing for Healthy Lifestyles: Design Considerations for Mobile Technologies to Encourage Consumer Health and Wellness
Predrag Klasnja
David W. McDonald
James A. Landay
Foundations and Trends® in Human-Computer Interaction, vol. 6 (2014), 167–315
Preview abstract
As the rates of lifestyle diseases such as obesity, diabetes, and heart disease continue to rise, the development of effective tools that can help people adopt and sustain healthier habits is becoming ever more important. Mobile computing holds great promise for providing effective support for helping people manage their health in everyday life. Yet, for this promise to be realized, mobile wellness systems need to be well designed, not only in terms of how they implement specific behavior-change techniques but also, among other factors, in terms of how much burden they put on the user, how well they integrate into the user’s daily life, and how they address the user’s privacy concerns. Designing for all of these constraints is difficult, and it is often not clear what tradeoffs particular design decisions have on how a wellness application is experienced and used. In this monograph, we provide an account of different design approaches to common features of mobile wellness applications and we discuss the tradeoffs inherent in those approaches. We also outline the key challenges that HCI researchers and designers will need to address to move the state of the art for mobile wellness technologies forward.
View details
Would a Privacy Fundamentalist Sell Their DNA for $1000...If Nothing Bad Happened as a Result? The Westin Categories, Behavioral Intentions, and Consequences
Allison Woodruff
Vasyl Pihur
Lauren Schmidt
Laura Brandimarte
Alessandro Acquisti
Proceedings of the Symposium On Usable Privacy and Security: SOUPS '14, USENIX (2014)
Preview abstract
Westin's Privacy Segmentation Index has been widely used to measure privacy attitudes and categorize individuals into three privacy groups: fundamentalists, pragmatists, and unconcerned. Previous research has failed to establish a robust correlation between the Westin categories and actual or intended behaviors. Unexplored however is the connection between the Westin categories and individuals' responses to the consequences of privacy behaviors. We use a survey of 884 Amazon Mechanical Turk participants to investigate the relationship between the Westin Privacy Segmentation Index and attitudes and behavioral intentions for both privacy-sensitive scenarios and privacy-sensitive consequences. Our results indicate a lack of correlation between the Westin categories and consequences. We discuss potential implications of this attitude-consequence gap.
View details
Helping You Protect You
M. Angela Sasse
Charles C. Palmer
Markus Jakobsson
Rick Wash
L. Jean Camp
IEEE (2014), pp. 39-42
Preview abstract
Guest editors M. Angela Sasse and Charles C. Palmer speak with security practitioners (L. Jean Camp, Sunny Consolvo, Markus Jakobsson, and Rick Wash) about what companies are doing to keep customers secure, and what users can do to stay safe.
View details
Online Microsurveys for User Experience Research
Preview
Victoria Schwanda Sosik
Gueorgi Kossinets
Kerwell Liao
Paul McDonald
Aaron Sedley
CHI '14 Extended Abstracts on Human Factors in Computing Systems (2014)
Are You Ready to Lock? Understanding User Motivations for Smartphone Locking Behaviors
Preview
Serge Egelman
Sakshi Jain
Rebecca Pottenger
Kerwell Liao
David Wagner
Proceedings of the ACM Conference on Computer and Communications Security: CCS '14, ACM (2014)
Exploring the Benefits and Uses of Web Analytics Tools for Non-Transactional Websites
Preview
Jessica Staddon
ACM Conference on Designing Interactive Systems: DIS '14 (2014)
Experimenting At Scale With Google Chrome's SSL Warning
Hazim Almuhimedi
ACM CHI Conference on Human Factors in Computing Systems (2014)
Preview abstract
Web browsers shown HTTPS authentication warnings (i.e., SSL warnings) when the integrity and confidentiality of users' interactions with websites are at risk. Our goal in this work is to decrease the number of users who click through the Google Chrome SSL warning. Prior research showed that the Mozilla Firefox SSL warning has a much lower click-through rate (CTR) than Chrome. We investigate several factors that could be responsible: the use of imagery, extra steps before the user can proceed, and style choices. To test these factors, we ran six experimental SSL warnings in Google Chrome 29 and measured 130,754 impressions.
View details
ShutEye: encouraging awareness of healthy sleep recommendations with a mobile, peripheral display
Jared Bauer
Benjamin Greenstein
Jonathan W. Schooler
Eric Wu
Nathaniel F. Watson
Julie A. Kientz
CHI (2012), pp. 1401-1410
Attitudes toward online availability of US public records
Sean A. Munson
Daniel Avrahami
James Fogarty
Batya Friedman
Ian E. Smith
DG.O (2011), pp. 2-9
Barriers to Physical Activity: A Study of Self-Revelation in an Online Community
Opportunities for computing technologies to support healthy sleep behaviors
Facebook for health: opportunities and challenges for driving behavior change
Margaret E. Morris
Sean A. Munson
Kevin Patrick
Janice Y. Tsai
Adam D. I. Kramer
CHI Extended Abstracts (2011), pp. 443-446
Living in a glass house: a survey of private moments in the home
Eun Kyoung Choe
Jaeyeon Jung
Beverly L. Harrison
Julie A. Kientz
Ubicomp (2011), pp. 41-44
How to evaluate technologies for health behavior change in HCI research
"Is it normal to be this sore?": using an online forum to investigate barriers to physical activity
The Wi-Fi privacy ticker: improving awareness & control of personal information exposure on Wi-Fi
Jaeyeon Jung
Ben Greenstein
Pauline Powledge
Gabriel Maganis
Daniel Avrahami
UbiComp (2010), pp. 321-330
Designing for Behavior Change in Everyday Life
Theory-driven design strategies for technologies that support behavior change in everyday life
"When I am on Wi-Fi, I am fearless": privacy concerns and practices in everyday Wi-Fi use
Predrag V. Klasnja
Jaeyeon Jung
Benjamin Greenstein
Louis LeGrand
Pauline Powledge
David Wetherall
CHI (2009), pp. 1993-2002
Designing for persuasion: mobile services for health behavior change
Engagement by design
UbiGreen: investigating a mobile tool for tracking and supporting green transportation habits
Jon Froehlich
Tawanna Dillahunt
Predrag V. Klasnja
Jennifer Mankoff
Beverly L. Harrison
James A. Landay
CHI (2009), pp. 1043-1052
Goal-setting considerations for persuasive technologies that encourage physical activity
Exploring Privacy Concerns about Personal Sensing
Predrag V. Klasnja
Tanzeem Choudhury
Richard Beckwith
Jeffrey Hightower
Pervasive (2009), pp. 176-183
Interacting with eHealth: towards grand challenges for HCI
m. c. schraefel
Paul André
Ryen White
Desney S. Tan
Tim Berners-Lee
Robert Jacobs
Isaac S. Kohane
Christopher A. Le Dantec
Lena Mamykina
Gary Marsden
Ben Shneiderman
Peter Szolovits
Daniel J. Weitzner
CHI Extended Abstracts (2009), pp. 3309-3312
Activity sensing in the wild: a field trial of ubifit garden
David W. McDonald
Tammy Toscos
Mike Y. Chen
Jon Froehlich
Beverly L. Harrison
Predrag V. Klasnja
Anthony LaMarca
Louis LeGrand
Ryan Libby
Ian E. Smith
James A. Landay
CHI (2008), pp. 1797-1806
Flowers or a robot army?: encouraging awareness & activity with personal, mobile displays
Predrag V. Klasnja
David W. McDonald
Daniel Avrahami
Jon Froehlich
Louis LeGrand
Ryan Libby
Keith Mosher
James A. Landay
UbiComp (2008), pp. 54-63
The Mobile Sensing Platform: An Embedded Activity Recognition System
Tanzeem Choudhury
Gaetano Borriello
Dirk Hähnel
Beverly L. Harrison
Bruce Hemingway
Jeffrey Hightower
Predrag V. Klasnja
Karl Koscher
Anthony LaMarca
James A. Landay
Louis LeGrand
Jonathan Lester
Ali Rahimi
Adam D. Rea
Danny Wyatt
IEEE Pervasive Computing, vol. 7 (2008), pp. 32-41
MyExperience: a system for in situ tracing and capturing of user feedback on mobile phones
Jon Froehlich
Mike Y. Chen
Beverly L. Harrison
James A. Landay
MobiSys (2007), pp. 57-70
Conducting In Situ Evaluations for and With Ubiquitous Computing Technologies
Beverly L. Harrison
Ian E. Smith
Mike Y. Chen
Katherine Everitt
Jon Froehlich
James A. Landay
Int. J. Hum. Comput. Interaction, vol. 22 (2007), pp. 103-118
Development of a Privacy Addendum for Open Source Licenses: Value Sensitive Design in Industry
Batya Friedman
Ian E. Smith
Peter H. Kahn Jr.
Jaina Selawski
Ubicomp (2006), pp. 194-211
Design requirements for technologies that encourage physical activity
Mobility Detection Using Everyday GSM Traces
Timothy Sohn
Alex Varshavsky
Anthony LaMarca
Mike Y. Chen
Tanzeem Choudhury
Ian E. Smith
Jeffrey Hightower
William G. Griswold
Eyal de Lara
Ubicomp (2006), pp. 212-224
Evaluating an ambient display for the home
The Drop: pragmatic problems in the design of a compelling, pervasive game
Social Disclosure of Place: From Location Technology to Communication Practices
Ian E. Smith
Anthony LaMarca
Jeffrey Hightower
James Scott
Timothy Sohn
Jeff Hughes
Giovanni Iachello
Gregory D. Abowd
Pervasive (2005), pp. 134-151
Location disclosure to social relations: why, when, & what people want to share
Ian E. Smith
Tara Matthews
Anthony LaMarca
Jason Tabert
Pauline Powledge
CHI (2005), pp. 81-90
Place Lab: Device Positioning Using Radio Beacons in the Wild
Anthony LaMarca
Yatin Chawathe
Jeffrey Hightower
Ian E. Smith
James Scott
Timothy Sohn
James Howard
Jeff Hughes
Fred Potter
Jason Tabert
Pauline Powledge
Gaetano Borriello
Pervasive (2005), pp. 116-133
Self-Mapping in 802.11 Location Systems
Control, Deception, and Communication: Evaluating the Deployment of a Location-Enhanced Messaging Service
Giovanni Iachello
Ian E. Smith
Gregory D. Abowd
Jeff Hughes
James Howard
Fred Potter
James Scott
Timothy Sohn
Jeffrey Hightower
Anthony LaMarca
Ubicomp (2005), pp. 213-231
Learning and Recognizing the Places We Go
Jeffrey Hightower
Anthony LaMarca
Ian E. Smith
Jeff Hughes
Ubicomp (2005), pp. 159-176
Developing privacy guidelines for social location disclosure applications and services
The CareNet Display: Lessons Learned from an In Home Evaluation of an Ambient Display
Toward a Framework for Evaluating Ubiquitous Computing Applications
Technology for Care Networks of Elders
Peter Roessler
Brett E. Shelton
Anthony LaMarca
Sara A. Bly
IEEE Pervasive Computing, vol. 3 (2004), pp. 22-29
Some Assembly Required: Supporting End-User Sensor Installation in Domestic Ubiquitous Computing Environments
User Study Techniques in the Design and Evaluation of a Ubicomp Environment
