Security & Privacy Practices and Threat Models of Activists During a Political Revolution

Activism is a universal concept that has often played a major role in putting an end to injustices and human rights abuses globally. Political activism in specific is a modern day term coined to refer to a form of activism in which a group of people come into collision with a more omnipotent adversary - national or international governments - who often has a purview and control over the very telecommunications infrastructure that is necessary for activists in order to organize and operate. As technology and social media use have become vital to the success of activism movements in the twenty first century, our study focuses on surfacing the technical challenges and the defensive strategies that activists employ during a political revolution. We find that security and privacy behavior and app adoption is influenced by the specific societal and political context in which activists operate. In addition, the impact of a social media blockade or an internet blackout can trigger a series of anti-censorship approaches at scale and cripple activist's technology use. To a large extent the combination of low tech defensive strategies employed by activists were sufficient against the threats of surveillance, arrests and device confiscation. Throughout our results we surface a number of design principles but also some design tensions that could occur between the security and usability needs of different populations. And thus, we present a set of observations that can help guide technology designers and policy makers

SoK: Safer Digital-Safety Research Involving At-Risk Users

Research involving at-risk users -- that is, users who are more likely to experience a digital attack or to be disproportionately affected when harm from such an attack occurs -- can pose significant safety challenges to both users and researchers. Nevertheless, pursuing research in computer security and privacy is crucial to understanding how to meet the digital-safety needs of at-risk users and to design safer technology for all. To standardize and bolster safer research involving such users, we offer an analysis of 196 academic works to elicit 14 research risks and 36 safety practices used by a growing community of researchers. We pair this inconsistent set of reported safety practices with oral histories from 12 domain experts to contribute scaffolded and consolidated pragmatic guidance that researchers can use to plan, execute, and share safer digital-safety research involving at-risk users. We conclude by suggesting areas for future research regarding the reporting, study, and funding of at-risk user researchComment: 13 pages, 3 table