Investigating Teenagers' Ability to Detect Phishing Messages line 1: 1st Given Name Surname line 2: dept. name of organization (of Affiliation) line 3: name of organization (of Affiliation) line 4: City, Country line 5: email address or ORCID line 1: 2nd Given Name Surname line 2: dept. name of organization (of Affiliation) line 3: name of organization (of Affiliation) line 4: City, Country line 5: email address or ORCID line 1: 3rd Given Name Surname line 2: dept. name of organization (of Affiliation) line 3: name of organization
Abstract:Habituation is a key factor behind the lack of attention towards permission authorization dialogs during third party application installation. Various solutions have been proposed to combat the problem of achieving attention switch towards permissions. However, users continue to ignore these dialogs, and authorize dangerous permissions, which leads to security and privacy breaches. We leverage eye-tracking to approach this problem, and propose a mechanism for enforcing user attention towards application permissions before users are able to authorize them. We deactivate the dialog's decision buttons initially, and use feedback from the eye-tracker to ensure that the user has looked at the permissions. After determining user attention, the buttons are activated. We implemented a prototype of our approach as a Chrome browser extension, and conducted a user study on Facebook's application authorization dialogs. Using participants' permission identification, eye-gaze fixations, and authorization decisions, we evaluate participants' attention towards permissions. The participants who used our approach on authorization dialogs were able to identify the permissions better, compared to the rest of the participants, even after the habituation period. Their average number of eye-gaze fixations on the permission text was significantly higher than the other group participants. However, examining the rate in which participants denied a dangerous and unnecessary permission, the hypothesized increase from the control group to the treatment group was not statistically significant.
Privacy laws in South Asian countries are still at a nascent stage. Therefore, South Asian websites are susceptible to user privacy violation. This paper presents an assessment of website privacy policies from 10 sectors in the three largest South Asian economies, namely, India, Pakistan, and Bangladesh. Using a manual qualitative analysis on a dataset of 284 popular websites, we assessed the policies based on accessibility, readability, and compliance with 11 privacy principles. Our findings show that overall, the privacy statement accessibility, and privacy compliance of websites from the three countries is low especially in the education, healthcare, and government sectors. Readability is quite low for websites in all 10 sectors of the three countries. Privacy compliance in each country is the highest for the principles of data processing and third-party transfer, whereas it is the lowest for protection of children's data, data retention and portability. Indian websites performed comparatively better amongst the three countries on all three metrics, followed by Pakistan, and Bangladesh. Based on our results, we provide recommendations involving all stakeholders (i.e., website owners, privacy regulators, and users) to help improve privacy protection of user data in South Asia.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.