User Perceptions of Smart Home IoT Privacy

Smart home Internet of Things (IoT) devices are rapidly increasing in popularity, with more households including Internet-connected devices that continuously monitor user activities. In this study, we conduct eleven semi-structured interviews with smart home owners, investigating their reasons for purchasing IoT devices, perceptions of smart home privacy risks, and actions taken to protect their privacy from those external to the home who create, manage, track, or regulate IoT devices and/or their data. We note several recurring themes. First, users' desires for convenience and connectedness dictate their privacy-related behaviors for dealing with external entities, such as device manufacturers, Internet Service Providers, governments, and advertisers. Second, user opinions about external entities collecting smart home data depend on perceived benefit from these entities. Third, users trust IoT device manufacturers to protect their privacy but do not verify that these protections are in place. Fourth, users are unaware of privacy risks from inference algorithms operating on data from non-audio/visual devices. These findings motivate several recommendations for device designers, researchers, and industry standards to better match device privacy features to the expectations and preferences of smart home owners.Comment: 20 pages, 1 tabl

Strengthening children's privacy literacy through contextual integrity

Researchers and policymakers advocate teaching children about digital privacy, but privacy literacy has not been theorized for children. Drawing on interviews with 30 families, including 40 children, we analyze children’s perspectives on password management in three contexts -family life, friendship, and education- and develop a new approach to privacy literacy grounded in Nissenbaum’s contextual integrity framework. Contextual integrity equates privacy with appropriate flows of information, and we show how children’s perceptions of the appropriateness of disclosing a password varied across contexts. We explain why privacy literacy should focus on norms rather than rules and discuss how adults can use learning moments to strengthen children’s privacy literacy. We argue that equipping children to make privacy-related decisions serves them better than instructing them to follow privacy-related rules

How Do Tor Users Interact With Onion Services?

Onion services are anonymous network services that are exposed over the Tor network. In contrast to conventional Internet services, onion services are private, generally not indexed by search engines, and use self-certifying domain names that are long and difficult for humans to read. In this paper, we study how people perceive, understand, and use onion services based on data from 17 semi-structured interviews and an online survey of 517 users. We find that users have an incomplete mental model of onion services, use these services for anonymity and have varying trust in onion services in general. Users also have difficulty discovering and tracking onion sites and authenticating them. Finally, users want technical improvements to onion services and better information on how to use them. Our findings suggest various improvements for the security and usability of Tor onion services, including ways to automatically detect phishing of onion services, more clear security indicators, and ways to manage onion domain names that are difficult to remember.Comment: Appeared in USENIX Security Symposium 201

Developing locally relevant applications for rural South Afica: a telemedicine example

Within developing countries, there is a digital divide between rural and urban areas. In order to overcome this division, we need to provide locally relevant Information and Communication Technology (ICT) services to these areas. Traditional software development methodologies are not suitable for developing software for rural and underserviced areas because they cannot take into account the unique requirements and complexities of such areas. We set out to find the most appropriate way to engineer suitable software applications for rural communities. We developed a methodological framework for creating software applications for a rural community. We critically examined the restrictions that current South African telecommunications legislation places on software development for underserviced areas. Our socially aware computing framework for creating software applications uses principles from Action Research and Participatory Design as well as best practice guidelines; it helps us address all issues affecting the project success. The validity of our framework was demonstrated by using it to create Multi-modal Telemedicine Intercommunicator (MuTI). MuTI is a prototype system for remote health consultation for a rural community. It allowed for synchronous and asynchronous communications between a clinic in one village and a hospital in the neighbouring village, nearly 20 kilometers away, in the Eastern Cape province of South Africa. It used Voice over Internet Protocol (VoIP) combined with a store and forward approach for communication. MuTI was tested over a Wireless Fidelity (WiFi) network for several months. Our socially aware framework proved to be appropriate for developing locally relevant applications for rural areas in South Africa. We found that MuTI was an improvement on the previous telemedicine solution in the target community. Using the approach also led to several insights into best practice for ICT development projects. We also found that VoIP and WiFi are relevant technologies for rural regions and that further telecommunication liberalisation in South Africa is required in order to spur technological developments in rural and underserviced areas

A Comparison of Unified Modelling Language (UML) and Specification and Description Language (SDL)

This report serves as a basic introduction to the formal specification languages UML and SDL. It also includes a comparison of the two languages