Serge Egelman

Akshay Dan Bhavish Juleemun

Dagstuhl Reports, 2024

The Medium is the Message: How Secure Messaging Apps Leak Sensitive Data to Push Notification Services.

[BibT_eX]

[DOI]

Nikita Samarin

Alex Sanchez

Trinity Chung

CoRR, 2024

2023

Lessons in VCR Repair: Compliance of Android App Developers with the California Consumer Privacy Act (CCPA).

[BibT_eX]

[DOI]

Proc. Priv. Enhancing Technol., July, 2023

A Model of Contextual Factors Affecting Older Adults' Information-Sharing Decisions in the U.S.

[BibT_eX]

[DOI]

Alisa Frik

Julia Bernd

ACM Trans. Comput. Hum. Interact., February, 2023

Log: It's Big, It's Heavy, It's Filled with Personal Data! Measuring the Logging of Sensitive Information in the Android Ecosystem.

[BibT_eX]

[DOI]

Proceedings of the 32nd USENIX Security Symposium, 2023

Security and Privacy Failures in Popular 2FA Apps.

[BibT_eX]

[DOI]

Proceedings of the 32nd USENIX Security Symposium, 2023

In the Room Where It Happens: Characterizing Local Communication and Threats in Smart Homes.

[BibT_eX]

[DOI]

Proceedings of the 2023 ACM on Internet Measurement Conference, 2023

2022

Developers Say the Darnedest Things: Privacy Compliance Processes Followed by Developers of Child-Directed Apps.

[BibT_eX]

[DOI]

Noura Alomar

Proc. Priv. Enhancing Technol., 2022

Can Humans Detect Malicious Always-Listening Assistants? A Framework for Crowdsourcing Test Drives.

[BibT_eX]

[DOI]

Proc. ACM Hum. Comput. Interact., 2022

Runtime Permissions for Privacy in Proactive Intelligent Assistants.

[BibT_eX]

[DOI]

Proceedings of the Eighteenth Symposium on Usable Privacy and Security, 2022

Challenges in inferring privacy properties of smart devices: towards scalable multi-vantage point testing methods.

[BibT_eX]

[DOI]

Proceedings of the 3rd International CoNEXT Student Workshop, 2022

2020

The Price is (Not) Right: Comparing Privacy in Free and Paid Apps.

[BibT_eX]

[DOI]

Amit Elazari Bar On

Kenneth A. Bamberger

Proc. Priv. Enhancing Technol., 2020

Disaster privacy/privacy disaster.

[BibT_eX]

[DOI]

Madelyn R. Sanfilippo

J. Assoc. Inf. Sci. Technol., 2020

Conducting Privacy-Sensitive Surveys: A Case Study of Civil Society Organizations.

[BibT_eX]

[DOI]

CoRR, 2020

Nudge me right: Personalizing online security nudges to people's decision-making styles.

[BibT_eX]

[DOI]

Comput. Hum. Behav., 2020

Empirical Measurement of Systemic 2FA Usability.

[BibT_eX]

[DOI]

Proceedings of the 29th USENIX Security Symposium, 2020

Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheck.

[BibT_eX]

[DOI]

Proceedings of the 29th USENIX Security Symposium, 2020

"You've Got Your Nice List of Bugs, Now What?" Vulnerability Discovery and Management Processes in the Wild.

[BibT_eX]

[DOI]

Proceedings of the Sixteenth Symposium on Usable Privacy and Security, 2020

Decentralized backup and recovery of TOTP secrets.

[BibT_eX]

[DOI]

Proceedings of the 7th Annual Symposium on Hot Topics in the Science of Security, 2020

2019

50 Ways to Leak Your Data: An Exploration of Apps' Circumvention of the Android Permissions System.

[BibT_eX]

[DOI]

Privacy Attitudes of Smart Speaker Users.

[BibT_eX]

[DOI]

Proc. Priv. Enhancing Technol., 2019

Investigating Users' Preferences and Expectations for Always-Listening Voice Assistants.

[BibT_eX]

[DOI]

Heather Richter Lipford

Proc. ACM Interact. Mob. Wearable Ubiquitous Technol., 2019

Privacy and Security Threat Models and Mitigation Strategies of Older Adults.

[BibT_eX]

[DOI]

Proceedings of the Fifteenth Symposium on Usable Privacy and Security, 2019

Information Design in An Aged Care Context: Views of Older Adults on Information Sharing in a Care Triad.

[BibT_eX]

[DOI]

Proceedings of the 13th EAI International Conference on Pervasive Computing Technologies for Healthcare, 2019

Privacy controls for always-listening devices.

[BibT_eX]

[DOI]

Proceedings of the NSPW '19: New Security Paradigms Workshop, 2019

A Promise Is A Promise: The Effect of Commitment Devices on Computer Security Intentions.

[BibT_eX]

[DOI]

Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, 2019

2018

"Won't Somebody Think of the Children?" Examining COPPA Compliance at Scale.

[BibT_eX]

[DOI]

Proc. Priv. Enhancing Technol., 2018

Dynamically Regulating Mobile Application Permissions.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2018

Cybercasing 2.0: You Get What You Pay For.

[BibT_eX]

[DOI]

Michael Carl Tschantz

Nicholas Weaver

CoRR, 2018

Quantifying Users' Beliefs about Software Updates.

[BibT_eX]

[DOI]

CoRR, 2018

The Accuracy of the Demographic Inferences Shown on Google's Ad Settings.

[BibT_eX]

[DOI]

Michael Carl Tschantz

Proceedings of the 2018 Workshop on Privacy in the Electronic Society, 2018

Contextualizing Privacy Decisions for Better Prediction (and Protection).

[BibT_eX]

[DOI]

Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, 2018

An Experience Sampling Study of User Reactions to Browser Warnings in the Field.

[BibT_eX]

[DOI]

Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, 2018

2017

A Usability Evaluation of Tor Launcher.

[BibT_eX]

[DOI]

Proc. Priv. Enhancing Technol., 2017

The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences.

[BibT_eX]

[DOI]

Proceedings of the 2017 IEEE Symposium on Security and Privacy, 2017

Turtle Guard: Helping Android Users Apply Contextual Privacy Preferences.

[BibT_eX]

[DOI]

Proceedings of the Thirteenth Symposium on Usable Privacy and Security, 2017

Let's Go in for a Closer Look: Observing Passwords in Their Natural Habitat.

[BibT_eX]

[DOI]

Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017

2016

The Anatomy Of Smartphone Unlocking: Why and How Android Users Around the World Lock their Phones.

[BibT_eX]

[DOI]

GetMobile Mob. Comput. Commun., 2016

Recovering High-Value Secrets with SGX and Social Authentication.

[BibT_eX]

[DOI]

Proceedings of the Who Are You?! Adventures in Authentication, 2016

Do or Do Not, There Is No Try: User Engagement May Not Improve Security Outcomes.

[BibT_eX]

[DOI]

Proceedings of the Twelfth Symposium on Usable Privacy and Security, 2016

The Teaching Privacy Curriculum.

[BibT_eX]

[DOI]

Proceedings of the 47th ACM Technical Symposium on Computing Science Education, 2016

Keep on Lockin' in the Free World: A Multi-National Comparison of Smartphone Locking.

[BibT_eX]

[DOI]

Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, 2016

The Anatomy of Smartphone Unlocking: A Field Study of Android Lock Screens.

[BibT_eX]

[DOI]

Marian Harbach

Alexander De Luca

Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, 2016

Behavior Ever Follows Intention?: A Validation of the Security Behavior Intentions Scale (SeBIS).

[BibT_eX]

[DOI]

Marian Harbach

Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, 2016

2015

Predicting privacy and security attitudes.

[BibT_eX]

[DOI]

SIGCAS Comput. Soc., 2015

Teaching Privacy: Multimedia Making a Difference.

[BibT_eX]

[DOI]

IEEE Multim., 2015

Risk Perceptions for Wearable Devices.

[BibT_eX]

[DOI]

CoRR, 2015

Android Permissions Remystified: A Field Study on Contextual Integrity.

[BibT_eX]

[DOI]

Proceedings of the 24th USENIX Security Symposium, 2015

Teaching Privacy: What Every Student Needs to Know (Abstract Only).

[BibT_eX]

[DOI]

Gerald Friedland

Daniel D. Garcia

Proceedings of the 46th ACM Technical Symposium on Computer Science Education, 2015

The Myth of the Average User: Improving Privacy and Security Systems through Individualization.

[BibT_eX]

[DOI]

Proceedings of the 2015 New Security Paradigms Workshop, 2015

HCI in Business: A Collaboration with Academia in IoT Privacy.

[BibT_eX]

[DOI]

Proceedings of the HCI in Business - Second International Conference, 2015

Fingerprinting Web Users Through Font Metrics.

[BibT_eX]

[DOI]

David Fifield

Proceedings of the Financial Cryptography and Data Security, 2015

Somebody's Watching Me?: Assessing the Effectiveness of Webcam Indicator Lights.

[BibT_eX]

[DOI]

Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, 2015

Scaling the Security Wall: Developing a Security Behavior Intentions Scale (SeBIS).

[BibT_eX]

[DOI]

Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, 2015

Is This Thing On?: Crowdsourcing Privacy Indicators for Ubiquitous Sensing Platforms.

[BibT_eX]

[DOI]

Raghudeep Kannavara

Richard Chow

Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, 2015

2014

Reflections on U-PriSM 2: The Second Workshop on Usable Privacy and Security for Mobile Devices.

[BibT_eX]

[DOI]

Int. J. Mob. Hum. Comput. Interact., 2014

The effect of developer-specified explanations for permission requests on smartphone user behavior.

[BibT_eX]

[DOI]

Proceedings of the CHI Conference on Human Factors in Computing Systems, 2014

Are You Ready to Lock?

[BibT_eX]

[DOI]

Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014

Crowdsourcing in HCI Research.

[BibT_eX]

[DOI]

Ed H. Chi

Steven Dow

Proceedings of the Ways of Knowing in HCI, 2014

2013

When it's better to ask forgiveness than get permission: attribution mechanisms for smartphone resources.

[BibT_eX]

[DOI]

Proceedings of the Symposium On Usable Privacy and Security, 2013

Markets for zero-day exploits: ethics and implications.

[BibT_eX]

[DOI]

Cormac Herley

Paul C. van Oorschot

Proceedings of the New Security Paradigms Workshop, 2013

U-PriSM 2: the second usable privacy and security for mobile devices workshop.

[BibT_eX]

[DOI]

Proceedings of the 15th International Conference on Human-Computer Interaction with Mobile Devices and Services, 2013

The Importance of Being Earnest [In Security Warnings].

[BibT_eX]

[DOI]

Stuart E. Schechter

Proceedings of the Financial Cryptography and Data Security, 2013

Does my password go up to eleven?: the impact of password meters on password selection.

[BibT_eX]

[DOI]

Andreas Sotirakopoulos

Ildar Muslukhov

Konstantin Beznosov

Cormac Herley

Proceedings of the 2013 ACM SIGCHI Conference on Human Factors in Computing Systems, 2013

My profile is my password, verify me!: the privacy/convenience tradeoff of facebook connect.

[BibT_eX]

[DOI]

Proceedings of the 2013 ACM SIGCHI Conference on Human Factors in Computing Systems, 2013

Choice Architecture and Smartphone Privacy: There's a Price for That.

[BibT_eX]

[DOI]

Adrienne Porter Felt

Proceedings of the Economics of Information Security and Privacy, 2013

2012

Helping Users Create Better Passwords.

[BibT_eX]

[DOI]

Choice Architecture and Smartphone Privacy: There's a Price for That.

[BibT_eX]

[DOI]

Adrienne Porter Felt

Proceedings of the 11th Annual Workshop on the Economics of Information Security, 2012

How to Ask for Permission.

[BibT_eX]

[DOI]

Proceedings of the 7th USENIX Workshop on Hot Topics in Security, 2012

Facebook and privacy: it's complicated.

[BibT_eX]

[DOI]

Maritza L. Johnson

Steven M. Bellovin

Proceedings of the Symposium On Usable Privacy and Security, 2012

Android permissions: user attention, comprehension, and behavior.

[BibT_eX]

[DOI]

Proceedings of the Symposium On Usable Privacy and Security, 2012

It's Not Stealing If You Need It: A Panel on the Ethics of Performing Research Using Public Data of Illicit Origin.

[BibT_eX]

[DOI]

Proceedings of the Financial Cryptography and Data Security, 2012

I've got 99 problems, but vibration ain't one: a survey of smartphone users' concerns.

[BibT_eX]

[DOI]

Adrienne Porter Felt

Proceedings of the SPSM'12, 2012

2011

The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study.

[BibT_eX]

[DOI]

Inf. Syst. Res., 2011

It's All about the Benjamins: An Empirical Study on Incentivizing Users to Ignore Security Advice.

[BibT_eX]

[DOI]

Proceedings of the Financial Cryptography and Data Security, 2011

Of passwords and people: measuring the effect of password-composition policies.

[BibT_eX]

[DOI]

Proceedings of the International Conference on Human Factors in Computing Systems, 2011

Oops, I did it again: mitigating repeated access control errors on facebook.

[BibT_eX]

[DOI]

Andrew Oates

Shriram Krishnamurthi

Proceedings of the International Conference on Human Factors in Computing Systems, 2011

2010

Please Continue to Hold: An Empirical Study on User Tolerance of Security Delays.

[BibT_eX]

[DOI]

Shriram Krishnamurthi

Proceedings of the 9th Annual Workshop on the Economics of Information Security, 2010

This is your data on drugs: lessons computer security can learn from the drug war.

[BibT_eX]

[DOI]

David Molnar

Nicolas Christin

Proceedings of the 2010 Workshop on New Security Paradigms, 2010

2009

Crying Wolf: An Empirical Study of SSL Warning Effectiveness.

[BibT_eX]

[DOI]

Proceedings of the 18th USENIX Security Symposium, 2009

It's No Secret. Measuring the Security and Reliability of Authentication via "Secret" Questions.

[BibT_eX]

[DOI]

Stuart E. Schechter

A. J. Bernheim Brush

Proceedings of the 30th IEEE Symposium on Security and Privacy (SP 2009), 2009

The impact of privacy indicators on search engine browsing patterns.

[BibT_eX]

[DOI]

Proceedings of the 5th Symposium on Usable Privacy and Security, 2009

It's not what you know, but who you know: a social approach to last-resort authentication.

[BibT_eX]

[DOI]

Stuart E. Schechter

Robert W. Reeder

Proceedings of the 5th Symposium on Usable Privacy and Security, 2009

Timing is everything?: the effects of timing and placement of online privacy indicators.

[BibT_eX]

[DOI]

Proceedings of the 27th International Conference on Human Factors in Computing Systems, 2009

2008

P3P deployment on websites.

[BibT_eX]

[DOI]

Electron. Commer. Res. Appl., 2008

Family accounts: a new paradigm for user accounts within the home environment.

[BibT_eX]

[DOI]

A. J. Bernheim Brush

Kori M. Inkpen

Proceedings of the 2008 ACM Conference on Computer Supported Cooperative Work, 2008

You've been warned: an empirical study of the effectiveness of web browser phishing warnings.

[BibT_eX]

[DOI]

Lorrie Faith Cranor

Jason I. Hong

Proceedings of the 2008 Conference on Human Factors in Computing Systems, 2008

2007

Phinding Phish: An Evaluation of Anti-Phishing Toolbars.

[BibT_eX]

[DOI]

Proceedings of the Network and Distributed System Security Symposium, 2007

Security user studies: methodologies and best practices.

[BibT_eX]

[DOI]

Proceedings of the Extended Abstracts Proceedings of the 2007 Conference on Human Factors in Computing Systems, 2007

2006

Soups 2006.

[BibT_eX]

[DOI]

Janice Y. Tsai

IEEE Secur. Priv., 2006

Power strips, prophylactics, and privacy, oh my!

[BibT_eX]

[DOI]

Proceedings of the 2nd Symposium on Usable Privacy and Security, 2006

An analysis of P3P-enabled web sites among top-20 search results.

[BibT_eX]

[DOI]

Lorrie Faith Cranor

Abdur Chowdhury

Proceedings of the 8th International Conference on Electronic Commerce: The new e-commerce, 2006

2004

Suing Spammers for Fun and Profit.

[BibT_eX]

[DOI]