"Yeah, it does have a...Windows `98 Vibe'': Usability Study of Security Features in Programmable Logic Controllers

Programmable Logic Controllers (PLCs) drive industrial processes critical to society, e.g., water treatment and distribution, electricity and fuel networks. Search engines (e.g., Shodan) have highlighted that Programmable Logic Controllers (PLCs) are often left exposed to the Internet, one of the main reasons being the misconfigurations of security settings. This leads to the question -- why do these misconfigurations occur and, specifically, whether usability of security controls plays a part? To date, the usability of configuring PLC security mechanisms has not been studied. We present the first investigation through a task-based study and subsequent semi-structured interviews (N=19). We explore the usability of PLC connection configurations and two key security mechanisms (i.e., access levels and user administration). We find that the use of unfamiliar labels, layouts and misleading terminology exacerbates an already complex process of configuring security mechanisms. Our results uncover various (mis-) perceptions about the security controls and how design constraints, e.g., safety and lack of regular updates (due to long term nature of such systems), provide significant challenges to realization of modern HCI and usability principles. Based on these findings, we provide design recommendations to bring usable security in industrial settings at par with its IT counterpart

Multiuser Privacy and Security Conflicts in the Cloud

Collaborative cloud platforms make it easier and more convenient for multiple users to work together on files (GoogleDocs, Office365) and store and share them (Dropbox, OneDrive). However, this can lead to privacy and security conflicts between the users involved, for instance when a user adds someone to a shared folder or changes its permissions. Such multiuser conflicts (MCs), though known to happen in the literature, have not yet been studied in-depth. In this paper, we report a study with 1,050 participants about MCs they experienced in the cloud. We show what are the MCs that arise when multiple users work together in the cloud and how and why they arise, what is the prevalence and severity of MCs, what are their consequences on users, and how do users work around MCs. We derive recommendations for designing mechanisms to help users avoid, mitigate, and resolve MCs in the cloud

Voice App Developer Experiences with Alexa and Google Assistant: Juggling Risks, Liability, and Security

Voice applications (voice apps) are a key element in Voice Assistant ecosystems such as Amazon Alexa and Google Assistant, as they provide assistants with a wide range of capabilities that users can invoke with a voice command. Most voice apps, however, are developed by third parties - i.e., not by Amazon/Google - and they are included in the ecosystem through marketplaces akin to smartphone app stores but with crucial differences, e.g., the voice app code is not hosted by the marketplace and is not run on the local device. Previous research has studied the security and privacy issues of voice apps in the wild, finding evidence of bad practices by voice app developers. However, developers' perspectives are yet to be explored. In this paper, we report a qualitative study of the experiences of voice app developers and the challenges they face. Our findings suggest that: 1) developers face several risks due to liability pushed on to them by the more powerful voice assistant platforms, which are linked to negative privacy and security outcomes on voice assistant platforms; and 2) there are key issues around monetization, privacy, design, and testing rooted in problems with the voice app certification process. We discuss the implications of our results for voice app developers, platforms, regulators, and research on voice app development and certification.Comment: To be presented at USENIX Security 202

Reaching absent and refusing individuals during home-based HIV testing through self-testing-at what cost?

Introduction: In the HOSENG trial (NCT03598686), the secondary distribution of oral self-tests for persons absent or refusing to test during a home-based HIV testing campaign in rural Lesotho resulted in an increase in testing coverage of 21% compared to a testing campaign without secondary distribution. This study aims to determine the per patient costs of both HOSENG trial arms. Method: We conducted a micro-costing study to estimate the cost of home-based HIV testing with (HOSENG intervention arm) and without (HOSENG control arm) secondary self-test distribution from a provider's perspective. A mixture of top-down and bottom-up costing was used. We estimated both the financial and economic per patient costs of each possible testing cascade scenario. The costs were adjusted to 2018 US$. Results: The overall provider cost for delivering the home-based HIV testing with secondary distribution was US$36,481 among the 4,174 persons enumerated and 3,094 eligible for testing in the intervention villages compared to US$28,620 for 3,642 persons enumerated and 2,727 eligible for testing in the control. The cost per person eligible for testing was US$11.79 in the intervention vs. US$10.50 in the control. This difference was mainly driven by the cost of distributed oral self-tests. The cost per person tested was, however, lower in intervention villages (US$15.70 vs. US$22.15) due to the higher testing coverage achieved through self-test distribution. The cost per person confirmed new HIV+ was US$889.79 in the intervention and US$753.17 in the control. Conclusion: During home-based HIV testing in Lesotho, the secondary distribution of self-tests for persons absent or refusing to test during the visit reduced the costs per person tested and thus presents a promising add-on for such campaigns. Trial Registration:https://ClinicalTrials.gov/, identifier: NCT03598686

Co-creating a Transdisciplinary Map of Technology-mediated Harms, Risks and Vulnerabilities: Challenges, Ambivalences and Opportunities

The phrase "online harms" has emerged in recent years out of a growing political willingness to address the ethical and social issues associated with the use of the Internet and digital technology at large. The broad landscape that surrounds online harms gathers a multitude of disciplinary, sectoral and organizational efforts while raising myriad challenges and opportunities for the crossing entrenched boundaries. In this paper we draw lessons from a journey of co-creating a transdisciplinary knowledge infrastructure within a large research initiative animated by the online harms agenda. We begin with a reflection of the implications of mapping, taxonomizing and constructing knowledge infrastructures and a brief review of how online harm and adjacent themes have been theorized and classified in the literature to date. Grounded on our own experience of co-creating a map of online harms, we then argue that the map -- and the process of mapping -- perform three mutually constitutive functions, acting simultaneously as method, medium and provocation. We draw lessons from how an open-ended approach to mapping, despite not guaranteeing consensus, can foster productive debate and collaboration in ethically and politically fraught areas of research. We end with a call for CSCW research to surface and engage with the multiple temporalities, social lives and political sensibilities of knowledge infrastructures.Comment: 21 pages, 8 figures, to appear in The 26th ACM Conference On Computer-Supported Cooperative Work And Social Computing. October 13-18, 2023. Minneapolis, MN US

Offering ART refill through community health workers versus clinic-based follow-up after home-based same-day ART initiation in rural Lesotho: the VIBRA cluster-randomized clinical trial

BACKGROUND: Community-based antiretroviral therapy (ART) dispensing by lay workers is an important differentiated service delivery model in sub-Sahara Africa. However, patients new in care are generally excluded from such models. Home-based same-day ART initiation is becoming widespread practice, but linkage to the clinic is challenging. The pragmatic VIBRA (Village-Based Refill of ART) trial compared ART refill by existing lay village health workers (VHWs) versus clinic-based refill after home-based same-day ART initiation. METHODS AND FINDINGS: The VIBRA trial is a cluster-randomized open-label clinical superiority trial conducted in 249 rural villages in the catchment areas of 20 health facilities in 2 districts (Butha-Buthe and Mokhotlong) in Lesotho. In villages (clusters) randomized to the intervention arm, individuals found to be HIV-positive during a door-to-door HIV testing campaign were offered same-day ART initiation with the option of refill by VHWs. The trained VHWs dispensed drugs and scheduled clinic visits for viral load measurement at 6 and 12 months. In villages randomized to the control arm, participants were offered same-day ART initiation with clinic-based ART refill. The primary outcome was 12-month viral suppression. Secondary endpoints included linkage and 12-month engagement in care. Analyses were intention-to-treat. The trial was registered on ClinicalTrials.gov (NCT03630549). From 16 August 2018 until 28 May 2019, 118 individuals from 108 households in 57 clusters in the intervention arm, and 139 individuals from 130 households in 60 clusters in the control arm, were enrolled (150 [58%] female; median age 36 years [interquartile range 30-48]; 200 [78%] newly diagnosed). In the intervention arm, 48/118 (41%) opted for VHW refill. At 12 months, 46/118 (39%) participants in the intervention arm and 64/139 (46%) in the control arm achieved viral suppression (adjusted risk difference -0.07 [95% CI -0.20 to 0.06]; p = 0.256). Arms were similar in linkage (adjusted risk difference 0.03 [-0.10 to 0.16]; p = 0.630), but engagement in care was non-significantly lower in the intervention arm (adjusted risk difference -0.12 [-0.23 to 0.003]; p = 0.058). Seven and 0 deaths occurred in the intervention and control arm, respectively. Of the intervention participants who did not opt for drug refill from the VHW at enrollment, 41/70 (59%) mentioned trust or conflict issues as the primary reason. Study limitations include a rather small sample size, 9% missing viral load measurements in the primary endpoint window, the low uptake of the VHW refill option in the intervention arm, and substantial migration among the study population. CONCLUSIONS: The offer of village-based ART refill after same-day initiation led to similar outcomes as clinic-based refill. The intervention did not amplify the effect of home-based same-day ART initiation alone. The findings raise concerns about acceptance and safety of ART delivered by lay health workers after initiation in the community. TRIAL REGISTRATION: Registered with Clinicaltrials.gov (NCT03630549)

Effectiveness of a peer educator-coordinated preference-based differentiated service delivery model on viral suppression among young people living with HIV in Lesotho: the PEBRA cluster-randomized trial

BACKGROUND: Southern and Eastern Africa is home to more than 2.1 million young people aged 15 to 24 years living with HIV. As compared with other age groups, this population group has poorer outcomes along the HIV care cascade. Young people living with HIV and the research team co-created the PEBRA (Peer Educator-Based Refill of ART) care model. In PEBRA, a peer educator (PE) delivered services as per regularly assessed patient preferences for medication pick-up, short message service (SMS) notifications, and psychosocial support. The cluster-randomized trial compared PEBRA model versus standard clinic care (no PE and ART refill done by nurses) in 3 districts in Lesotho. METHODS AND FINDINGS: Individuals taking antiretroviral therapy (ART) aged 15 to 24 years at 20 clinics (clusters) were eligible. In the 10 clinics randomized to the intervention arm, participants were offered the PEBRA model, coordinated by a trained PE and supported by an eHealth application (PEBRApp). In the 10 control clusters, participants received standard nurse-coordinated care without any service coordination by a PE. The primary endpoint was 12-month viral suppression below 20 copies/mL. Analyses were intention-to-treat and adjusted for sex. From November 6, 2019 to February 4, 2020, we enrolled 307 individuals (150 intervention, 157 control; 218 [71%] female, median age 19 years [interquartile range, IQR, 17 to 22]). At 12 months, 99 of 150 (66%) participants in the intervention versus 95 of 157 (61%) participants in the control arm had viral suppression (adjusted odds ratio (OR) 1.27; 95% confidence interval [CI] [0.79 to 2.03]; p = 0.327); 4 of 150 (2.7%) versus 1 of 157 (0.6%) had died (adjusted OR 4.12; 95% CI [0.45 to 37.62]; p = 0.210); and 12 of 150 (8%) versus 23 of 157 (14.7%) had transferred out (adjusted OR 0.53; 95% CI [0.25 to 1.13]; p = 0.099). There were no significant differences between arms in other secondary outcomes. Twenty participants (11 in intervention and 9 in control) were lost to follow-up over the entire study period. The main limitation was that the data collectors in the control clusters were also young peers; however, they used a restricted version of the PEBRApp to collect data and thus were not able to provide the PEBRA model. The trial was prospectively registered on ClinicalTrials.gov (NCT03969030). CONCLUSIONS: Preference-based peer-coordinated care for young people living with HIV, compared to nurse-based care only, did not lead to conclusive evidence for an effect on viral suppression. TRIAL REGISTRATION: clinicaltrials.gov, NCT03969030, https://clinicaltrials.gov/ct2/show/NCT03969030

Assessment of a viral load result-triggered automated differentiated service delivery model for people taking ART in Lesotho (the VITAL study): study protocol of a cluster-randomized trial

INTRODUCTION: To sustainably provide good quality care to increasing numbers of people living with HIV (PLHIV) receiving antiretroviral therapy (ART) in resource-limited settings, care delivery must shift from a "one-size-fits-all" approach to differentiated service delivery models. Such models should reallocate resources from PLHIV who are doing well to groups of PLHIV who may need more attention, such as those with treatment failure. The VIral load Triggered ART care Lesotho (VITAL) trial assesses a viral load (VL)-, participant's preference-informed, electronic health (eHealth)-supported, automated differentiated service delivery model (VITAL model). With VITAL, we aim to assess if the VITAL model is at least non-inferior to the standard of care in the proportion of participants engaged in care with viral suppression at 24 months follow-up and if it is cost-saving. METHODS: The VITAL trial is a pragmatic, multicenter, cluster-randomized, non-blinded, non-inferiority trial with 1:1 allocation conducted at 18 nurse-led, rural health facilities in two districts of northern Lesotho, enrolling adult PLHIV taking ART. In intervention clinics, providers are trained to implement the VITAL model and are guided by a clinical decision support tool, the VITALapp. VITAL differentiates care according to VL results, clinical characteristics, sub-population and participants' and health care providers' preferences. EXPECTED OUTCOMES: Evidence on the effect of differentiated service delivery for PLHIV on treatment outcomes is still limited. This pragmatic cluster-randomized trial will assess if the VITAL model is at least non-inferior to the standard of care and if it is cost saving. TRIAL REGISTRATION: The study has been registered with clinicaltrials.gov (Registration number NCT04527874; August 27, 2020)