What did I really vote for? On the usability of verifiable e-voting schemes

E-voting has been embraced by a number of countries, delivering benefits in terms of efficiency and accessibility. End-to-end verifiable e-voting schemes facilitate verification of the integrity of individual votes during the election process. In particular, methods for cast-as-intended verification enable voters to confirm that their cast votes have not been manipulated by the voting client. A well-known technique for effecting cast-as-intended verification is the Benaloh Challenge. The usability of this challenge is crucial because voters have to be actively engaged in the verification process. In this paper, we report on a usability evaluation of three different approaches of the Benaloh Challenge in the remote e-voting context. We performed a comparative user study with 95 participants. We conclude with a recommendation for which approaches should be provided to afford verification in real-world elections and suggest usability improvements

Privacy Friendly Apps-Making Developers Aware of Privacy Violations

Android devices are widely used on a daily basis. As those devices can open doors for attackers and companies to privacy sensitive data, developers have to be aware of potential risks. We introduce the project of Privacy Friendly Apps, explain its design principles and describe some of its resulted apps. The long-term goal of this project is twofold: (1) raise awareness of developers regarding potential privacy violations posed through unnecessarily overprivileged apps; (2) compile a list of common errors and mistakes that lead to unintended privacy violations

Does This App Respect My Privacy? Design and Evaluation of Information Materials Supporting Privacy-Related Decisions of Smartphone Users

Over the years, the wide-spread usage of smartphones leads to large amounts of personal data being stored by them. These data, in turn, can be accessed by the apps installed on the smartphones, and potentially misused, jeopardizing the privacy of smartphone users. While the app stores provide indicators that allow an estimation of the privacy risks of individual apps, these indicators have repeatedly been shown as too confusing for the lay users without technical expertise. We have developed an information flyer with the goal of providing decision support for these users and enabling them make more informed decisions regarding their privacy upon choosing and installing smartphone apps. Our flyer is based on previous research in mental models of smartphone privacy and security and includes heuristics for choosing privacy-friendlier apps used by IT-Security experts. It also addresses common misconceptions of users regarding smartphones. The flyer was evaluated in a user study. The results of the study show, that the users who read the flyer tend to take privacy-relevant factors into account by relying on the heuristics in the flyer more often. Hence, the flyer succeeds in supporting users in making more informed privacy-related decisions

Comparative Usability Evaluation of Cast-as-Intended Verification Approaches in Internet Voting

Internet Voting promises benefits like the support for voters from abroad and an overall improved accessibility. But it is accompanied by security risks like the manipulation of votes by malware. Enabling the voters to verify that their voting device casts their intended votes is a possible solution to address such a manipulation - the so-called cast-as-intended verifiability. Several different approaches for providing cast-as-intended verifiability have been proposed or put into practice. Each approach makes various assumptions about the voters' capabilities that are required in order to provide cast-as-intended verifiability. In this paper we investigate these assumptions of four chosen cast-as-intended approaches and report the impact if those are violated.Our findings indicate that the assumptions of cast-as-intended approaches (e.g. voters being capable of comparing long strings) have an impact on the security of the Internet Voting systems. We discuss this impact and provide recommendations how to address the identified assumptions and give important directions in future research on usable and verifiable Internet Voting systems

DeepFakes for Privacy: Investigating Perceptions and Effectiveness of State-of-the-Art Privacy-Enhancing Face Obfuscation Methods

There are many contexts in which a person’s face needs to be obfuscated for privacy, such as in social media posts. We present a user-centered analysis of the effectiveness of DeepFakes for obfuscation using synthetically generated faces, and compare it with state-of-the-art obfuscation methods: blurring, masking, pixelating, and replacement with avatars. For this, we conducted an online survey (N=110) and found that DeepFake obfuscation is a viable alternative to state-of-the-art obfuscation methods; it is as effective as masking and avatar obfuscation in concealing the identities of individuals in photos. At the same time, DeepFakes blend well with surroundings and are as aesthetically pleasing as blurring and pixelating. We discuss how DeepFake obfuscation can enhance privacy protection without negatively impacting the photo’s aesthetics

Intelligent Music Interfaces: When Interactive Assistance and Augmentation Meet Musical Instruments

The interactive augmentation of musical instruments to foster self-expressiveness and learning has a rich history. Over the past decades, the incorporation of interactive technologies into musical instruments emerged into a new research field requiring strong collaboration between different disciplines. The workshop "Intelligent Music Interfaces"consequently covers a wide range of musical research subjects and directions, including (a) current challenges in musical learning, (b) prototyping for improvements, (c) new means of musical expression, and (d) evaluation of the solutions

Privacy-Sovereign Interaction : Enabling Privacy-Sovereignty for End-Users in the Digital Era

As a result of the ongoing digitization, people are increasingly interacting with digital data. Since these data can contain sensitive personal information, the privacy of users plays a central role in the digitization. However, current technologies often do not reflect the capabilities and knowledge of their users sufficiently or do not offer options for individual privacy protection. As a result, users can be overwhelmed when trying to enforce personal privacy preferences or can have difficulties making privacy decisions. Consequently, the privacy-sovereignty of users in the digital world is limited. This thesis investigates mechanisms and principles that enable users to interact sovereignly in the digital world in the scope of information privacy. The three main contributions of this thesis are as follows: The first main contribution explores privacy protection through two-factor authentication. First, user experiences and preferences are captured in an interview study. Based on the results, requirements for usable and customizable two-factor authentication are described. A concept for two-factor authentication utilizing individualizable 3D-printed objects is developed, implemented, and evaluated to realize these requirements. The second main contribution explores individual verifiability of private data in the context of Internet voting. First, a categorization of existing cryptographic schemes that particularly considers voters is developed. Then, the categories of schemes are evaluated in a user study. Interface realizations of the category that performed best in this investigation are evaluated in more depth and refined in three consecutive studies. The third main contribution deals with the data of people in environments that are equipped with IoT devices. First, individual perceptions and mental models of privacy in these environments are examined. Based on this, a concept for personal privacy assistance based on privacy profiles is presented and investigated in a large scale study. All contributions were specifically investigated in the context of privacy-sovereign interaction. The results presented in this thesis are empirically supported by fifteen studies

The Nerd Factor: The Potential of S&P Adepts to Serve as a Social Resource in the User’s Quest for More Secure and Privacy-Preserving Behavior

There are several ways to inform individuals about secure and privacy-preserving behavior in private social environments. Experts who are versed in security and privacy (S&P), who might be social peers, such as family members or friends, can provide advice or give recommendations. In this paper, we specifically investigate how S&P adepts inform peers in their private social environment about security and privacy. For this, we first conducted thirteen in-depth interviews with S&P adepts, revealing 1) their own S&P behavior and strategies in their personal lives, 2) obstacles in S&P conversations with peers, 3) situations in which S&P adepts intervene in the behavior of others, and 4) the perception of S&P adepts and stereotypes. Based on the interview results, we conducted three co-design workshop sessions with S&P adepts to explore options to better support S&P adepts informing their peers about secure and privacy-preserving behavior