Digital Safety

会議の名前
CHI 2023
"There's so much responsibility on users right now:" Expert Advice for Staying Safer From Hate and Harassment
要旨

Online hate and harassment poses a threat to the digital safety of people globally. In light of this risk, there is a need to equip as many people as possible with advice to stay safer online. We interviewed 24 experts to understand what threats and advice internet users should prioritize to prevent or mitigate harm. As part of this, we asked experts to evaluate 45 pieces of existing hate-and-harassment-specific digital-safety advice to understand why they felt advice was viable or not. We find that experts frequently had competing perspectives for which threats and advice they would prioritize. We synthesize sources of disagreement, while also highlighting the primary threats and advice where experts concurred. Our results inform immediate efforts to protect users from online hate and harassment, as well as more expansive socio-technical efforts to establish enduring safety.

著者
Miranda Wei
University of Washington, Seattle, Washington, United States
Sunny Consolvo
Google, Mountain View, California, United States
Patrick Gage. Kelley
Google, Mountain View, California, United States
Tadayoshi Kohno
University of Washington, Seattle, Washington, United States
Franziska Roesner
University of Washington, Seattle, Washington, United States
Kurt Thomas
Google, Mountain View, California, United States
論文URL

https://doi.org/10.1145/3544548.3581229

動画
Analyzing the Use of Public and In-house Secure Development Guidelines in U.S. and Japanese Industries
要旨

Secure development guidelines contribute to improving software security from the development stage by making developers aware of the risks to be assumed, the necessary security countermeasures, and how to implement them. In this study, we investigated the actual utilization of guidelines and their usability in the industry through a survey of software development professionals in the U.S. and Japan (N=396 in the U.S. and N=474 in Japan). Our quantitative analysis revealed that “in-house” guidelines not examined in most existing studies are in fact widely utilized in the industry and also clarified how they are related to the use of public guidelines. In addition, we found that the practices for implementing guidelines recommended by existing studies are difficult for software development professionals with certain attributes, e.g., those who are working on small projects. The findings demonstrate the need for lightweight recommended practices taking into account organizational issues at industrial development sites that are easy for developers to implement.

著者
Fumihiro Kanei
NTT, Tokyo, Japan
Ayako A.. Hasegawa
NICT, Tokyo, Japan
Eitaro Shioji
NTT, Tokyo, Japan
Mitsuaki Akiyama
NTT, Tokyo, Japan
論文URL

https://doi.org/10.1145/3544548.3580705

動画
A Usability Evaluation of AFL and libFuzzer with CS Students
要旨

In top-tier companies and academia, fuzzing has established itself as a valuable tool for finding bugs. It is a tool created by experts for experts, and a lot of research is being invested into improving the power of fuzzing. However, the usability of fuzzing has not received much attention yet. To alleviate this, we evaluated the usability of two popular fuzzers: AFL and libFuzzer. In our fuzzing study, 47 computer science students each worked up to 20 hours in total. We found significant usability challenges for both fuzzers leading to only 17 participants who were able to finish all tasks. Even the successful participants struggled with some of the necessary steps and found them complex and confusing. While on the whole, AFL fared better than libFuzzer, both fuzzers have strengths and weaknesses and can be improved based on our results.

著者
Stephan Plöger
Fraunhofer FKIE, Bonn, Germany
Mischa Meier
University of Bonn, Bonn, Germany
Matthew Smith
University of Bonn, Bonn, Germany
論文URL

https://doi.org/10.1145/3544548.3581178

動画
Understanding Digital-Safety Experiences of Youth in the U.S.
要旨

The seamless integration of technology into the lives of youth has raised concerns about their digital safety. While prior work has explored youth experiences with physical, sexual, and emotional threats---such as bullying and trafficking---a comprehensive and in-depth understanding of the myriad threats that youth experience is needed. By synthesizing the perspectives of 36 youth and 65 adult participants from the U.S., we provide an overview of today's complex digital-safety landscape. We describe attacks youth experienced, how these moved across platforms and into the physical world, and the resulting harms. We also describe protective practices the youth and the adults who support them took to prevent, mitigate, and recover from attacks, and key barriers to doing this effectively. Our findings provide a broad perspective to help improve digital safety for youth and set directions for future work.

著者
Diana Freed
Cornell University, New York, New York, United States
Natalie N.. Bazarova
Cornell University, Ithaca, New York, United States
Sunny Consolvo
Google, Sunnyvale, California, United States
Eunice J. Han
Cornell University, Ithaca, New York, United States
Patrick Gage. Kelley
Google, Mountain View, California, United States
Kurt Thomas
Google, Mountain View, California, United States
Dan Cosley
National Science Foundation, Alexandria, Virginia, United States
論文URL

https://doi.org/10.1145/3544548.3581128

動画
Bottom-up Psychosocial Interventions for Interdependent Privacy: Effectiveness Based on Individual and Content Differences
要旨

Although a great deal of research has examined interventions to help users protect their own information online, less work has examined methods for reducing interdependent privacy (IDP) violations on social media (i.e., sharing of other people’s information). This study tested the effectiveness of concept-based (i.e., general information), fact-based (i.e., statistics), and narrative-based (i.e., stories) educational videos in altering IDP-relevant attitudes and multimedia sharing behaviors. Our study revealed concept and fact videos reduced sharing of social media content that portrayed people negatively. The narrative intervention backfired and increased sharing among participants who did not believe IDP violations to be especially serious; however, the narrative intervention decreased sharing for participants who rated IDP violations as more serious. Notably, our study found participants preferred narrative-based interventions with real world examples, despite other strategies more effectively reducing sharing. Implications for narrative transportation theory and advancing bottom-up (i.e., user-centered) psychosocial interventions are discussed.

著者
Renita Washburn
University of Central Florida, Orlando, Florida, United States
Tangila Islam Tanni
University of Central Florida, Orlando, Florida, United States
Yan Solihin
University of Central Florida, Orlando, Florida, United States
Apu Kapadia
Indiana University, Bloomington, Indiana, United States
Mary Jean Amon
University of Central Florida, Orlando, Florida, United States
論文URL

https://doi.org/10.1145/3544548.3581117

動画
Models of Applied Privacy (MAP): A Persona Based Approach to Threat Modeling
要旨

The paradigm of Privacy by Design aims to integrate privacy early in the product development life cycle. One element of this is to conduct threat modeling with developers to identify privacy threats that engender from the architecture design of the product. In this paper, we propose a systematic lightweight privacy threat modeling framework (MAP) based on attacker personas that is both easy to operationalize and scale. MAP leverages existing privacy threat frameworks to provide an operational roadmap based on relevant threat actors, associated threats, and resulting harm to individuals as well as organizations. We implement MAP as a persona picker tool that threat modelers can use as a menu select to identify, investigate, and remediate relevant threats based on product developer’s scope of privacy risk. We conclude by testing the framework using a repository of 207 privacy breaches extracted from the VERIS Community Database.

著者
Jayati Dev
Comcast, Philadelphia, Pennsylvania, United States
Bahman Rashidi
Comcast, Philadelphia, Pennsylvania, United States
Vaibhav Garg
Comcast, Philadelphia, Pennsylvania, United States
論文URL

https://doi.org/10.1145/3544548.3581484

動画