The head or the heart? Measuring the impact of media quality

The number of multimedia applications is constantly increasing. Subjective methods are typically used to determine the level of media quality required in applications, yet recent findings have shown that these have limitations. This paper introduces an objective method for assessing media quality measunng physiological indicators of stress. An experiment examining the impact of video frame rate is presented. With low frame rates, physiological measurements indicated that users were under strain, even though subjectively most reported no differences between low and high frame rates. We conclude that the evaluation of media quality should not be conducted using solely subjective methods

Privacy Unraveling Around Explicit HIV Status Disclosure Fields in the Online Geosocial Hookup App Grindr

mHealth applications ("apps") must be searched for and downloaded prior to use, creating a potential barrier to uptake. Integrating health interventions into existing online social environments removes this barrier. However, little is known about the effects of linking sensitive health information to existing online identities. Our qualitative analysis of online comments (n=192) explores the user views of an HIV intervention integrated into the geosocial hookup app Grindr. We find some HIV positive users report keeping their status private to reduce their stigma exposure, whilst others report publicly disclosing their status to avoid being stigmatised by others. Where users keep their status private, we find concerns that social assumptions may develop around these non-disclosures, creating a privacy unraveling effect which restricts disclosure choice. Using Peppet's four proposed limits to privacy unraveling, we develop a set of descriptive conceptual designs to explore the privacy respecting potential of these limits within this context and propose further research to address this privacy challenge

Security Champions Without Support: Results from a Case Study with OWASP SAMM in a Large-Scale E-Commerce Enterprise

Developer-centered security research has identified a variety of reasons why software developers do not follow recommended security practices: lack of knowledge, outdated information sources, time pressure, and low usability of security mechanisms and tools. Contextual factors play an important role in security, but few studies have investigated security interventions with developers in organizational settings. In this case study, we track the impact of appointing security champions in a large e-commerce company with five software development teams, using the OWASP Security Assurance Maturity Model (OWASP SAMM) to measure the extent to which security practices were adopted. We also elicited the experiences of the security champions and developers in each team in 15 qualitative interviews. The results of the OWASP SAMM assessment show the adoption of secure practices varied widely between the different teams. Results from the interviews revealed different levels of security knowledge and commitment to the role between the security champions - but they agree in their perceived lack of support from company security experts and management. We conclude that secure software development requires more than appointing individuals such as security champions - to transform software development practices requires an organization-wide commitment, including access to resources and support

Distance education via IP videoconferencing: Results from a national pilot project

Internet Protocol (IP)-based videoconferencing technology can offer a low-cost means of collaboration and resource sharing on a national or global scale. This is potentially of interest to many users, especially in non-profit sectors such as education and healthcare. However, it has been questioned whether a best-effort network service can provide the reliability and quality required to support teaching and learning activities. To evaluate the technology, a 9-month pilot project of distributed teaching activities between 13 UK universities was set up. We present and discuss the issues involved in gathering and analysing data in a large-scale project with real users engaged in learning activities. The results suggest that incorrect equipment set-up and user behaviours cause most of the perceived problems, rather than network irregularities

“As Usual, I Needed Assistance of a Seeing Person”: Experiences and Challenges of People with Disabilities and Authentication Methods

According to the World Health organization, about 16% of the world’s population live with a disability. While they could benefit from digital products and services, users with disabilities often face severe accessibility issues: tasks can only be completed with difficulty, a considerable investment of time, or with assistance of technologies or other people. Further, to access these products and services, they need to authenticate. The accessibility of authentication methods for users with disabilities has not been studied in depth. We use an accessible study design to conduct 13 semi-structured interviews with people with physical, hearing, visual, cognitive, or multiple impairments to better understand the accessibility issues they face when using knowledge- or token-based, and biometric authentication. Our qualitative content analysis shows that none of the commonly available authentication methods is fully accessible to participants, causing them to abandon services or develop workarounds that reduce their own security and privacy. Our results also reveal the role of assistive technologies and human assistants in the authentication experience of users with disabilities. We conclude by encouraging fellow researchers and practitioners to reflect on assisted access when designing security mechanisms, to include people with disabilities using accessible study designs, and to keep in mind that accessible security is about more than usability – to further benefit users without disabilities as well

Building a National E-Service using Sentire Experience Report on the Use of Sentire: A Volere-Based Requirements Framework Driven by Calibrated Personas and Simulated User Feedback

Abstract-User experience (UX) is difficult to quantify and thus more challenging to require and guarantee. It is also difficult to gauge the potential impact on users' lived experience, especially at the earlier stages of the development life cycle, particularly before hi fidelity prototypes are developed. We believe that the enrolment process is a major hurdle for e-government service adoption and badly designed processes might result in negative repercussions for both the policy maker and the different user groups involved; non-adoption and resentment are two risks that may result in low return on investment (ROI), lost political goodwill and ultimately a negative lived experience for citizens. Identity assurance requirements need to balance out the real value of the assets being secured (risk) with the user groups' acceptance thresholds (based on a continuous cost-benefit exercise factoring in cognitive and physical workload). Sentire is a persona-centric requirements framework built on and extending the Volere requirements process with UX-analytics, reusable user behavioural models and simulated user feedback through calibrated personas. In this paper we present a story on how Sentire was adopted in the development of a national public-facing e-service. Daily journaling was used throughout the project and a custom built cloud-based CASE tool was used to manage the whole process. This paper outlines our experiences and lessons learnt

Navigating Haystacks at 70 mph: Intelligent Search for Intelligent In-Car Services

ABSTRACT With an explosion of in-car services, it has become not only difficult but unsafe for drivers to search and access large amounts of information using current interaction paradigms. In this paper, we present a novel approach for visualizing and exploring search results, and the potential benefits of its application to the current in-car environment. We have iteratively developed and tested a prototype system that enables the seamless and personalized exploration of information spaces. In a number of eye-tracking studies, we analyzed user satisfaction and task performance for factual and explorative search tasks. We found that most participants were faster, made fewer errors and found the system easier to use than traditional ones. We believe that this approach would improve the traditional in-car interfaces -to search and access large number of services with rich information. This would reduce driver inattention to the road and improve road safety

"Make Them Change it Every Week!": A Qualitative Exploration of Online Developer Advice on Usable and Secure Authentication

Usable and secure authentication on the web and beyond is mission-critical. While password-based authentication is still widespread, users have trouble dealing with potentially hundreds of online accounts and their passwords. Alternatives or extensions such as multi-factor authentication have their own challenges and find only limited adoption. Finding the right balance between security and usability is challenging for developers. Previous work found that developers use online resources to inform security decisions when writing code. Similar to other areas, lots of authentication advice for developers is available online, including blog posts, discussions on Stack Overflow, research papers, or guidelines by institutions like OWASP or NIST. We are the first to explore developer advice on authentication that affects usable security for end-users. Based on a survey with 18 professional web developers, we obtained 406 documents and qualitatively analyzed 272 contained pieces of advice in depth. We aim to understand the accessibility and quality of online advice and provide insights into how online advice might contribute to (in)secure and (un)usable authentication. We find that advice is scattered and that finding recommendable, consistent advice is a challenge for developers, among others. The most common advice is for password-based authentication, but little for more modern alternatives. Unfortunately, many pieces of advice are debatable (e.g., complex password policies), outdated (e.g., enforcing regular password changes), or contradicting and might lead to unusable or insecure authentication. Based on our findings, we make recommendations for developers, advice providers, official institutions, and academia on how to improve online advice for developers.Comment: Extended version of the paper that appears at ACM CCS 2023. 18 pages, 4 figures, 11 table