Participatory Design for Security-Related User Interfaces

Weber, Susanne; Harbach, Marian; Wilhelm, Gottfried; Smith, Matthew; Friedrich-Wilhelms-UniversitBonn, Rheinische

doi:10.14722/usec.2015.23011

Cited by 13 publications

(9 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Using a provided laptop, participants explored a working prototype of Tracking Transparency populated with simulated data. We asked participants to think aloud as they explored and to suggest improvements [96].…”

Section: Interviewsmentioning

confidence: 99%

Oh, the Places You've Been! User Reactions to Longitudinal Transparency About Third-Party Web Tracking and Inferencing

Weinshel

Wei

Mondal

et al. 2019

Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

Internet companies track users' online activity to make inferences about their interests, which are then used to target ads and personalize their web experience. Prior work has shown that existing privacy-protective tools give users only a limited understanding and incomplete picture of online tracking. We present Tracking Transparency, a privacy-preserving browser extension that visualizes examples of long-term, longitudinal information that third-party trackers could have inferred from users' browsing. The extension uses a client-side topic modeling algorithm to categorize pages that users visit and combines this with data about the web trackers encountered over time to create these visualizations. We conduct a longitudinal field study in which 425 participants use one of six variants of our extension for a week. We find that, after using the extension, participants have more accurate perceptions of the extent of tracking and also intend to take privacy-protecting actions. CCS CONCEPTS• Security and privacy → Usability in security and privacy.

show abstract

Section: Interviewsmentioning

confidence: 99%

Oh, the Places You've Been! User Reactions to Longitudinal Transparency About Third-Party Web Tracking and Inferencing

Weinshel

Wei

Mondal

et al. 2019

Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

show abstract

“…Once a notice concept has been developed for each audience, individual notices can be designed and evaluated in a user-centered design process, or by engaging users in participatory design [130]. When conceptual notices for different audiences overlap in terms of timing, channel, modality and content, they can potentially be combined into a single notice serving multiple audiences, as long as the resulting notice meets the requirements of each audience group.…”

Section: User-centered Design and Evaluationmentioning

confidence: 99%

A Design Space for Effective Privacy Notices*

Schaub

Balebako

Durity

et al.

The Cambridge Handbook of Consumer Privacy

143

167

View full text Add to dashboard Cite

Notifying users about a system's data practices is supposed to enable users to make informed privacy decisions. Yet, current notice and choice mechanisms, such as privacy policies, are often ineffective because they are neither usable nor useful, and are therefore ignored by users. Constrained interfaces on mobile devices, wearables, and smart home devices connected in an Internet of Things exacerbate the issue. Much research has studied usability issues of privacy notices and many proposals for more usable privacy notices exist. Yet, there is little guidance for designers and developers on the design aspects that can impact the effectiveness of privacy notices. In this paper, we make multiple contributions to remedy this issue. We survey the existing literature on privacy notices and identify challenges, requirements, and best practices for privacy notice design. Further, we map out the design space for privacy notices by identifying relevant dimensions. This provides a taxonomy and consistent terminology of notice approaches to foster understanding and reasoning about notice options available in the context of specific systems. Our systemization of knowledge and the developed design space can help designers, developers, and researchers identify notice and choice requirements and develop a comprehensive notice concept for their system that addresses the needs of different audiences and considers the system's limitations and opportunities for providing notice.

show abstract

“…Akhawe et al [14] focused on the (in)effectiveness of different security warnings in browsers, which are strongly correlated to user experiences. Weber et al [15] used participatory design to improve security warnings. Felt et al [16] studied differences of SSL warnings between Google Chrome and Mozilla Firefox along with click-through rates.…”

Section: B Https From the End Users' Perspectivementioning

confidence: 99%

"If HTTPS Were Secure, I Wouldn't Need 2FA" - End User and Administrator Mental Models of HTTPS

Krombholz

Busse

Pfeffer

et al. 2019

2019 IEEE Symposium on Security and Privacy (SP)

Self Cite

View full text Add to dashboard Cite

HTTPS is one of the most important protocols used to secure communication and is, fortunately, becoming more pervasive. However, especially the long tail of websites is still not sufficiently secured. HTTPS involves different types of users, e.g., end users who are forced to make security decisions when faced with warnings or administrators who are required to deal with cryptographic fundamentals and complex decisions concerning compatibility.In this work, we present the first qualitative study of both end user and administrator mental models of HTTPS. We interviewed 18 end users and 12 administrators; our findings reveal misconceptions about security benefits and threat models from both groups. We identify protocol components that interfere with secure configurations and usage behavior and reveal differences between administrator and end user mental models.Our results suggest that end user mental models are more conceptual while administrator models are more protocol-based. We also found that end users often confuse encryption with authentication, significantly underestimate the security benefits of HTTPS. They also ignore and distrust security indicators while administrators often do not understand the interplay of functional protocol components. Based on the different mental models, we discuss implications and provide actionable recommendations for future designs of user interfaces and protocols.

show abstract

Participatory Design for Security-Related User Interfaces

Cited by 13 publications

References 12 publications

Oh, the Places You've Been! User Reactions to Longitudinal Transparency About Third-Party Web Tracking and Inferencing

Oh, the Places You've Been! User Reactions to Longitudinal Transparency About Third-Party Web Tracking and Inferencing

A Design Space for Effective Privacy Notices*

"If HTTPS Were Secure, I Wouldn't Need 2FA" - End User and Administrator Mental Models of HTTPS

Contact Info

Product

Resources

About