Mobile apps which support women’s health have developed rapidly alongside the increasing de-stigmatisation of female reproductive wellbeing. However, the ubiquity of these apps has advanced the practice of intimate surveillance and the commodification of sensitive user data. While the overturning of Roe v. Wade has prompted reflection on the privacy and safety implications of female mobile health (mHealth) apps, the privacy practices of these apps have yet to be thoroughly examined in a post-Roe world. We investigated the privacy practices of~20 popular female mHealth apps, combining a thematic analysis of Data safety sections and privacy policies with a privacy-focused usability inspection. Our findings revealed problematic practices, including inconsistencies across privacy policy content and privacy-related app features, flawed consent and data deletion mechanisms, and covert gathering of sensitive data. We present recommendations for improving privacy practices, and call for a dedicated focus not only on user privacy, but also safety.
doi.org/10.1145/3613904.3642521
The privacy practices of transformative fandom are of interest to HCI researchers both for the community's high proportion of queer members and for the community's sophisticated privacy norms and behaviors. We investigated fans' use of single-serving websites on Carrd.co ("Carrds") as personal profiles linked from Twitter accounts. We scraped Twitter to gather 5252 Carrds from fans in a variety of fandoms, which we analyzed using a combination of keyword searches and hand-coding. Fans' Carrds frequently disclose queer identity, and articulate a complex system of community values and boundary management. Inspired by how these findings aren't well-explained by individual theories of privacy, we articulate first steps towards a theory of collective privacy based in a communal process of values construction, trust building, and personal disclosure that we believe helps us to understand the sophisticated nature of fans' observed behaviors.
doi.org/10.1145/3613904.3642664
I argue that epistemologies of workplace surveillance are shifting in fundamental ways, and so critiques must shift accordingly. I begin the paper by relating Scientific Management to Human-Centred Computing's ways of knowing through a study of 'metaverse' virtual reality workplaces. From this, I develop two observations. The first is that today's workplace measurement science does not resemble the science that Taylor developed for Scientific Management. Contemporary workplace science is more passive, more intermediated and less controlled. The second observation is that new forms of workplace measurement challenge the norms of empirical science. Instead of having credentialed human witnesses observe phenomena and agree facts about them, we instead make outsourced, uncredentialed stochastic machine witnesses responsible for producing facts about work. With these observations in mind, I assert that critiques of workplace surveillance still framed by Taylorism will not be fit for interrogating workplace surveillance practices of the future.
doi.org/10.1145/3613904.3642206
Computer Emergency Response Teams (CERTs) provide advisory, preventive and reactive cybersecurity services for authorities, citizens, and businesses. However, their responsibility of monitoring, analyzing, and communicating cyber threats have become challenging due to the growing volume and varying quality of information disseminated through public channels. Based on a design case study conducted from 2021 to 2023, this paper combines three iterations of expert interviews, design workshops and cognitive walkthroughs to design an automated, cross-platform and real-time cybersecurity dashboard. By adopting the notion of cyber situational awareness, the study extracts user requirements and design heuristics for enhanced threat awareness and mission awareness in CERTs, discussing the aspects of source integration, data management, customizable visualization, relationship awareness, information assessment, software integration, (inter-)organizational collaboration, and communication of stakeholder warnings.
doi.org/10.1145/3613904.3642368
The Russian Invasion of Ukraine in 2022 resulted in a rapidly changing cyber threat environment globally and incentivized the sharing of security and privacy advice on social media. Previous research found a strong impact of online security advice on end-user behavior. Twitter is an important platform for sharing information in crises. We examined 306 tweets with security and privacy advice related to the Ukrainian war, and created a taxonomy of 224 unique pieces of advice in seven categories, targeted at individuals or organizations in Ukraine and elsewhere. While our findings include untargeted and generic advice known from previous research, we identify novel advice specific to the invasion, offers for individual consultation, and misinformation on security and privacy advice as a new threat. Our findings highlight the strengths and shortcomings of the security and privacy advice given online during the invasion and establish areas for improvements and future research.
doi.org/10.1145/3613904.3642826
The rising popularity of camera glasses challenges societal norms of recording bystanders and thus requires efforts to mediate privacy preferences. We present the first study on the wearers' perspectives and explore privacy challenges associated with wearing camera glasses when bystanders are present. We conducted a micro-longitudinal diary study (N=15) followed by exit interviews with existing users and people without prior experience. Our results show that wearers consider the currently available privacy indicators ineffective. They believe the looks and interaction design of the glasses conceal the technology from unaware people. Due to the lack of effective privacy-mediating measures, wearers feel emotionally burdened with preserving bystanders' privacy. We furthermore elicit how this sentiment impacts their usage of camera glasses and highlight the need for technical and non-technical solutions. Finally, we compare the wearers' and bystanders' perspectives and discuss the design space of a future privacy-preserving ecosystem for wearable cameras.
doi.org/10.1145/3613904.3642242
End-to-end encrypted email can help users prevent unauthorized access of their sensitive information. However, many users struggle to utilize encryption tools due to usability issues and low understanding. Thus, we designed video messaging interventions to persuade users to use email encryption software (Virtru). Our first intervention combined Protection Motivation Theory with Anticipated Regret (PMT+AR), and was designed to help participants understand the benefits of using encrypted email. Our second intervention also included Action Planning (PMT+AR+AP), and was designed to help participants recognize opportunities to use encrypted email. We conducted online interviews with 121 participants and used a follow-up survey to evaluate our interventions. Pre-intervention, participants believed that Gmail encrypted standard email content by default. Post-intervention, both messages made participants more likely to utilize encrypted email in a simulated information sharing scenario compared to Control. Our results suggest that our interventions can help people adopt protective technologies and address their misconceptions about them.
doi.org/10.1145/3613904.3642524