Evaluating the End-User Experience of Private Browsing Mode

Nowadays, all major web browsers have a private browsing mode. However, the mode's benefits and limitations are not particularly understood. Through the use of survey studies, prior work has found that most users are either unaware of private browsing or do not use it. Further, those who do use private browsing generally have misconceptions about what protection it provides. However, prior work has not investigated \emph{why} users misunderstand the benefits and limitations of private browsing. In this work, we do so by designing and conducting a three-part study: (1) an analytical approach combining cognitive walkthrough and heuristic evaluation to inspect the user interface of private mode in different browsers; (2) a qualitative, interview-based study to explore users' mental models of private browsing and its security goals; (3) a participatory design study to investigate why existing browser disclosures, the in-browser explanations of private browsing mode, do not communicate the security goals of private browsing to users. Participants critiqued the browser disclosures of three web browsers: Brave, Firefox, and Google Chrome, and then designed new ones. We find that the user interface of private mode in different web browsers violates several well-established design guidelines and heuristics. Further, most participants had incorrect mental models of private browsing, influencing their understanding and usage of private mode. Additionally, we find that existing browser disclosures are not only vague, but also misleading. None of the three studied browser disclosures communicates or explains the primary security goal of private browsing. Drawing from the results of our user study, we extract a set of design recommendations that we encourage browser designers to validate, in order to design more effective and informative browser disclosures related to private mode

How to make privacy policies both GDPR-compliant and usable

It is important for organisations to ensure that their privacy policies are General Data Protection Regulation (GDPR) compliant, and this has to be done by the May 2018 deadline. However, it is also important for these policies to be designed with the needs of the human recipient in mind. We carried out an investigation to find out how best to achieve this.We commenced by synthesising the GDPR requirements into a checklist-type format. We then derived a list of usability design guidelines for privacy notifications from the research literature. We augmented the recommendations with other findings reported in the research literature, in order to confirm the guidelines. We conclude by providing a usable and GDPR-compliant privacy policy template for the benefit of policy writers

Ignore These At Your Peril: Ten principles for trust design

Online trust has been discussed for more than 10 years, yet little practical guidance has emerged that has proven to be applicable across contexts or useful in the long run. 'Trustworthy UI design guidelines' created in the late 90ies to address the then big question of online trust: how to get shoppers online, are now happily employed by people preparing phishing scams. In this paper we summarize, in practical terms, a conceptual framework for online trust we've established in 2005. Because of its abstract nature it is still useful as a lens through which to view the current big questions of the online trust debate - large focused on usable security and phishing attacks. We then deduct practical 10 rules for providing effective trust support to help practitioners and researchers of usable security

Trans Time: Safety, Privacy, and Content Warnings on a Transgender-Specific Social Media Site

Trans people often use social media to connect with others, find and share resources, and post transition-related content. However, because most social media platforms are not built with trans people in mind and because online networks include people who may not accept one’s trans identity, sharing trans content can be difficult. We studied Trans Time, a social media site developed particularly for trans people to document transition and build community. We interviewed early Trans Time users (n = 6) and conducted focus groups with potential users (n = 21) to understand how a trans-specific site uniquely supports its users. We found that Trans Time has the potential to be a safe space, encourages privacy, and effectively enables its users to selectively view content using content warnings. Together, safety, privacy, and content warnings create an online space where trans people can simultaneously build community, find support, and express both the mundanity and excitement of trans life. Yet in each of these areas, we also learned ways that the site can improve. We provide implications for how social media sites may better support trans users, as well as insular communities of people from other marginalized groups.Institute for Research on Women and Gender (IRWG)Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/162569/1/HaimsonTransTime.pdfDescription of HaimsonTransTime.pdf : Main articleSEL

New financial order : recommendations by the Issing Committee ; preparing G-20 – London, April 2, 2009

Content A. EXECUTIVE SUMMARY, INCLUDING MAJOR RECOMMENDATIONS B. COMPLETE REPORT 1. INTRODUCTION 2. RISK MAP 2.1 Why a Risk Map is needed, and for what purpose 2.1.1 Creating a unified data base 2.1.2 Assessing systemic risk 2.1.3 Allowing for coordinated policy action 2.2 Recommendations 3. GLOBAL REGISTER FOR LOANS (CREDIT REGISTER) AND BONDS (SECURITIES REGISTER) 3.1 Objectives of a credit register 3.2 Credit registers in Europe (and beyond) 3.3 Suggestions for a supra-national Credit Register 3.4 Integrating a supra-national Securities Register 3.5 Recommendations 4. HEDGE FUNDS: REGULATION AND SUPERVISION 4.1 What are hedge funds (activities, location, size, regulation)? 4.2 What are the risks posed by hedge funds (systematic risks, interaction with prime brokers)? 4.3 Routes to better regulation (direct, indirect) 4.4 Recommendations 5. RATING AGENCIES: REGULATION AND SUPERVISION 5.1 The role of ratings in bond and structured finance markets, past and present 5.2 Elements of rating integrity (independence, compensation and incentives, transparency) 5.3 Recommendations (registration, transparency, annual report on rating performance) 6. PROCYCLICALITY: PROBLEMS AND POTENTIAL SOLUTIONS 6.1 What is meant by “procyclicality” and why is it a problem? 6.2 The roots of procyclicality and the lessons it suggests for policymakers 6.2.1 Underpinnings of the phenomenon 6.2.2 Lessons to be learned 6.3 Characteristics of a macrofinancial stability framework 6.4 Recommendations 7. THE ROLE OF INTERNATIONAL INSTITUTIONS AND FORA, IN PARTICULAR THE IMF, BIS AND FSF 7.1 Legitimacy 7.2 Re-focusing the work 7.3 Recommendation

How WEIRD is Usable Privacy and Security Research? (Extended Version)

In human factor fields such as human-computer interaction (HCI) and psychology, researchers have been concerned that participants mostly come from WEIRD (Western, Educated, Industrialized, Rich, and Democratic) countries. This WEIRD skew may hinder understanding of diverse populations and their cultural differences. The usable privacy and security (UPS) field has inherited many research methodologies from research on human factor fields. We conducted a literature review to understand the extent to which participant samples in UPS papers were from WEIRD countries and the characteristics of the methodologies and research topics in each user study recruiting Western or non-Western participants. We found that the skew toward WEIRD countries in UPS is greater than that in HCI. Geographic and linguistic barriers in the study methods and recruitment methods may cause researchers to conduct user studies locally. In addition, many papers did not report participant demographics, which could hinder the replication of the reported studies, leading to low reproducibility. To improve geographic diversity, we provide the suggestions including facilitate replication studies, address geographic and linguistic issues of study/recruitment methods, and facilitate research on the topics for non-WEIRD populations.Comment: This paper is the extended version of the paper presented at USENIX SECURITY 202