A HUMAN-CENTERED APPROACH TO IMPROVING THE USER EXPERIENCE OF SOFTWARE UPDATES

Software updates are critical to the security of software systems and devices. Yet users often do not install them in a timely manner, leaving their devices open to security exploits. This research explored a re-design of automatic software updates on desktop and mobile devices to improve the uptake of updates through three studies. First using interviews, we studied users’ updating patterns and behaviors on desktop machines in a formative study. Second, we distilled these findings into the design of a low-fi prototype for desktops, and evaluated its efficacy for automating updates by means of a think-aloud study. Third, we investigated individual differences in update automation on Android devices using a large scale survey, and interviews. In this thesis, I present the findings of all three studies and provide evidence for how automatic updates can be better appropriated to fit users on both desktops and mobile devices. Additionally, I provide user interface design suggestions for software updates and outline recommendations for future work to improve the user experience of software updates

You, Me, and IoT: How Internet-Connected Consumer Devices Affect Interpersonal Relationships

Internet-connected consumer devices have rapidly increased in popularity; however, relatively little is known about how these technologies are affecting interpersonal relationships in multi-occupant households. In this study, we conduct 13 semi-structured interviews and survey 508 individuals from a variety of backgrounds to discover and categorize how consumer IoT devices are affecting interpersonal relationships in the United States. We highlight several themes, providing large-scale exploratory data about the pervasiveness of interpersonal costs and benefits of consumer IoT devices. These results also inform follow-up studies and design priorities for future IoT technologies to amplify positive and reduce negative interpersonal effects.Comment: 26 pages, 5 figures, 5 tables. Updated version with additional examples and minor revisions. Original title: "You, Me, and IoT: How Internet-Connected Home Devices Affect Interpersonal Relationships

Dark Patterns at Scale: Findings from a Crawl of 11K Shopping Websites

Dark patterns are user interface design choices that benefit an online service by coercing, steering, or deceiving users into making unintended and potentially harmful decisions. We present automated techniques that enable experts to identify dark patterns on a large set of websites. Using these techniques, we study shopping websites, which often use dark patterns to influence users into making more purchases or disclosing more information than they would otherwise. Analyzing ~53K product pages from ~11K shopping websites, we discover 1,818 dark pattern instances, together representing 15 types and 7 broader categories. We examine these dark patterns for deceptive practices, and find 183 websites that engage in such practices. We also uncover 22 third-party entities that offer dark patterns as a turnkey solution. Finally, we develop a taxonomy of dark pattern characteristics that describes the underlying influence of the dark patterns and their potential harm on user decision-making. Based on our findings, we make recommendations for stakeholders including researchers and regulators to study, mitigate, and minimize the use of these patterns.Comment: 32 pages, 11 figures, ACM Conference on Computer-Supported Cooperative Work and Social Computing (CSCW 2019

Evaluating the End-User Experience of Private Browsing Mode

Nowadays, all major web browsers have a private browsing mode. However, the mode's benefits and limitations are not particularly understood. Through the use of survey studies, prior work has found that most users are either unaware of private browsing or do not use it. Further, those who do use private browsing generally have misconceptions about what protection it provides. However, prior work has not investigated \emph{why} users misunderstand the benefits and limitations of private browsing. In this work, we do so by designing and conducting a three-part study: (1) an analytical approach combining cognitive walkthrough and heuristic evaluation to inspect the user interface of private mode in different browsers; (2) a qualitative, interview-based study to explore users' mental models of private browsing and its security goals; (3) a participatory design study to investigate why existing browser disclosures, the in-browser explanations of private browsing mode, do not communicate the security goals of private browsing to users. Participants critiqued the browser disclosures of three web browsers: Brave, Firefox, and Google Chrome, and then designed new ones. We find that the user interface of private mode in different web browsers violates several well-established design guidelines and heuristics. Further, most participants had incorrect mental models of private browsing, influencing their understanding and usage of private mode. Additionally, we find that existing browser disclosures are not only vague, but also misleading. None of the three studied browser disclosures communicates or explains the primary security goal of private browsing. Drawing from the results of our user study, we extract a set of design recommendations that we encourage browser designers to validate, in order to design more effective and informative browser disclosures related to private mode

Identifying and measuring manipulative user interfaces at scale on the web

Powerful and otherwise trustworthy actors on the web gain from manipulating users and pushing them into making sub-optimal decisions. While prior work has documented examples of such manipulative practices, we lack a systematic understanding of their characteristics and their prevalence on the web. Building up this knowledge can lead to solutions that protect individuals and society from their harms. In this dissertation, I focus on manipulative practices that manifest in the user interface. I first describe the attributes of manipulative user interfaces. I show that these interfaces engineer users' choice architectures by either modifying the information available to users, or by modifying the set of choices available to users---eliminating and suppressing choices that disadvantage the manipulator. I then present the core contribution of this dissertation: automated methods that combine web automation and machine learning to identify manipulative interfaces at scale on the web. Using these methods, I conduct three measurements. First, I examine the extent to which content creators fail to disclose their endorsements on social media---misleading users into believing they are viewing unbiased, non-advertising content. Collecting and analyzing a dataset of 500K YouTube videos and 2 million Pinterest pins, I discover that ~90% of these endorsements go undisclosed. Second, I quantify the prevalence of dark patterns on shopping websites. Analyzing data I collected from 11K shopping websites, I discover 1,818 dark patterns on 1,254 websites that mislead, deceive, or coerce users into making more purchases or disclosing more information than they would otherwise. Finally, I quantify the prevalence of dark patterns and clickbait in political emails. Collecting and analyzing a dataset of over 100K emails from U.S. political campaigns and organizations in the 2020 election cycle, I find that that ~40% of emails sent by the median campaign/organization contain these manipulative interfaces. I conclude with how the lessons learned from these measurements can be used to build technical defenses and to lay out policy recommendations to mitigate the spread of these interfaces