Talking to the Overlooked: A Nationwide Telephone Survey with Four Groups Under-represented in Privacy and Security Studies

Online surveys - a primary research tool in the field of usable security and privacy research - frequently rely on web-panel platforms. However, these platforms tend not to generalize well to specific user groups. Our study addresses this research gap by studying security and privacy perceptions of four under-represented groups. We conducted telephone interviews with n = 1003 participants in Germany: (I) teenagers aged 14-17, (II) older adults 70+, (III) people with low formal education, and (IV) people with migration background. We found these groups to be under-represented in our online comparison survey. We further identified target group-specific perceptions for each group compared to the general population, e.g., regarding their experiences with cybercrime, and provide detailed insight into the privacy and security knowledge and behavior of each group. Our findings underscore the effectiveness of telephone interviews and lay the foundation for further research on these groups

The Paradox of Social Media Security: A Study of IT Students’ Perceptions versus Behavior on Using Facebook

Social media plays an essential role in the modern society, enabling people to be better connected to each other and creating new opportunities for businesses. At the same time, social networking sites have become major targets for cyber-security attacks due to their massive user base. Many studies investigated the security vulnerabilities and privacy issues of social networking sites and made recommendations on how to mitigate security risks. Users are an integral part of any security mix. In this thesis, we explore the relationship between users’ security perceptions and their actual behavior on social networking sites. Protection motivation theory (PMT), initially developed to study fear appeals, has been widely used to examine people’s behavior in information security domains. We propose that PMT theory can also be adapted to explain and predict social media users’ behaviors that have security implications. We use a web-based survey to measure users’ security awareness on social networking sites and collect data on their actual behavior

Secure webs and buying intention: the moderating role of usability

El presente trabajo ha planteado un modelo conceptual a fin de mostrar como los antecedentes de la intención de compra se ven reforzados en contextos de Webs altamente usables. Específicamente, el trabajo analiza en profundidad el rol moderador de la usabilidad en la explicación de la conexión entre seguridad de una Web e intención de compra. Entre ambos extremos (seguridad e intención de compra), se han incluido diversas variables para explicar mejor su conexión. Para ello, ha sido diseñada una Web ficticia de ropa dirigida al segmento joven de clase media. A fin de alterar la usabilidad de la Web se han realizado dos tipos de manipulaciones: la velocidad y la facilidad de uso de la Web. Las dos Webs creadas (alta usabilidad y baja usabilidad) fueron visitadas por un total de 170 encuestados que fueron compensados con un USB valorado en 15 euros. Los resultados muestran que la seguridad percibida en la Web acarrea tres interesantes efectos (especialmente para la Web altamente usable): (i) mejora las actitudes agrado, (ii) reduce el nivel de riesgo percibido; (iii) aumenta la confianza. Los dos últimos efectos, a su vez, acaban aumentando la intención de compra.. Por último, se ha demostrado que la usabilidad, efectivamente, refuerza las relaciones consideradas en el modelo propuesto para explicar la intención de compra.A conceptual model has been proposed to show how buying intention antecedents are reinforced in highly usable contexts. Specifically, this paper deeply analyses the moderator role of system variables (usability) on explaining the relationship between Web security and buying intention. Between both extremes (security and buying intention), several relationships have also been stated to better explain this effect. An “ideal” fictitious Website was designed for a non existent clothing company directed at the segment of middle class consumers. In order to alter Web usability, two blocks of changes were made, one concerning Website speed and the other related to ease of use. Our experiment sample consisted of 170 respondents who participated in exchange for a pen-drive (USB) valued at 15 euros. The results show that improving website security has three interesting effects (especially in high usable contexts): (i) it improves pleasure attitudes, (ii) reduces the level of perceived risk and (iii) increases trust. Secondly, it has been found that to increase buying intention, two actions must be taken: (i) to diminish perceived risk and (ii) to improve users’ pleasure attitudes towards the Website. Finally, usability has been found to have a moderating role in all the relationships considered (reinforcing them)

User Perceptions of Smart Home IoT Privacy

Smart home Internet of Things (IoT) devices are rapidly increasing in popularity, with more households including Internet-connected devices that continuously monitor user activities. In this study, we conduct eleven semi-structured interviews with smart home owners, investigating their reasons for purchasing IoT devices, perceptions of smart home privacy risks, and actions taken to protect their privacy from those external to the home who create, manage, track, or regulate IoT devices and/or their data. We note several recurring themes. First, users' desires for convenience and connectedness dictate their privacy-related behaviors for dealing with external entities, such as device manufacturers, Internet Service Providers, governments, and advertisers. Second, user opinions about external entities collecting smart home data depend on perceived benefit from these entities. Third, users trust IoT device manufacturers to protect their privacy but do not verify that these protections are in place. Fourth, users are unaware of privacy risks from inference algorithms operating on data from non-audio/visual devices. These findings motivate several recommendations for device designers, researchers, and industry standards to better match device privacy features to the expectations and preferences of smart home owners.Comment: 20 pages, 1 tabl

Evaluating the End-User Experience of Private Browsing Mode

Nowadays, all major web browsers have a private browsing mode. However, the mode's benefits and limitations are not particularly understood. Through the use of survey studies, prior work has found that most users are either unaware of private browsing or do not use it. Further, those who do use private browsing generally have misconceptions about what protection it provides. However, prior work has not investigated \emph{why} users misunderstand the benefits and limitations of private browsing. In this work, we do so by designing and conducting a three-part study: (1) an analytical approach combining cognitive walkthrough and heuristic evaluation to inspect the user interface of private mode in different browsers; (2) a qualitative, interview-based study to explore users' mental models of private browsing and its security goals; (3) a participatory design study to investigate why existing browser disclosures, the in-browser explanations of private browsing mode, do not communicate the security goals of private browsing to users. Participants critiqued the browser disclosures of three web browsers: Brave, Firefox, and Google Chrome, and then designed new ones. We find that the user interface of private mode in different web browsers violates several well-established design guidelines and heuristics. Further, most participants had incorrect mental models of private browsing, influencing their understanding and usage of private mode. Additionally, we find that existing browser disclosures are not only vague, but also misleading. None of the three studied browser disclosures communicates or explains the primary security goal of private browsing. Drawing from the results of our user study, we extract a set of design recommendations that we encourage browser designers to validate, in order to design more effective and informative browser disclosures related to private mode

Security and Online learning: to protect or prohibit

The rapid development of online learning is opening up many new learning opportunities. Yet, with this increased potential come a myriad of risks. Usable security systems are essential as poor usability in security can result in excluding intended users while allowing sensitive data to be released to unacceptable recipients. This chapter presents findings concerned with usability for two security issues: authentication mechanisms and privacy. Usability issues such as memorability, feedback, guidance, context of use and concepts of information ownership are reviewed within various environments. This chapter also reviews the roots of these usability difficulties in the culture clash between the non-user-oriented perspective of security and the information exchange culture of the education domain. Finally an account is provided of how future systems can be developed which maintain security and yet are still usable

Modelling and testing consumer trust dimensions in e-commerce

Prior research has found trust to play a significant role in shaping purchase intentions of a consumer. However there has been limited research where consumer trust dimensions have been empirically defined and tested. In this paper we empirically test a path model such that Internet vendors would have adequate solutions to increase trust. The path model presented in this paper measures the three main dimensions of trust, i.e. competence, integrity, and benevolence. And assesses the influence of overall trust of consumers. The paper also analyses how various sources of trust, i.e. consumer characteristics, firm characteristic, website infrastructure and interactions with consumers, influence dimensions of trust. The model is tested using 365 valid responses. Findings suggest that consumers with high overall trust demonstrate a higher intention to purchase online