Remote Presentations: Highlight on Security and Privacy

会議の名前
CHI 2024
Exploring Privacy Practices of Female mHealth Apps in a Post-Roe World
要旨

Mobile apps which support women’s health have developed rapidly alongside the increasing de-stigmatisation of female reproductive wellbeing. However, the ubiquity of these apps has advanced the practice of intimate surveillance and the commodification of sensitive user data. While the overturning of Roe v. Wade has prompted reflection on the privacy and safety implications of female mobile health (mHealth) apps, the privacy practices of these apps have yet to be thoroughly examined in a post-Roe world. We investigated the privacy practices of~20 popular female mHealth apps, combining a thematic analysis of Data safety sections and privacy policies with a privacy-focused usability inspection. Our findings revealed problematic practices, including inconsistencies across privacy policy content and privacy-related app features, flawed consent and data deletion mechanisms, and covert gathering of sensitive data. We present recommendations for improving privacy practices, and call for a dedicated focus not only on user privacy, but also safety.

著者
Lisa Mekioussa. Malki
King's College London, London, United Kingdom
Ina Kaleva
King's College London, London, United Kingdom
Dilisha Patel
UCL, London, United Kingdom
Mark Warner
University College London, London, London, United Kingdom
Ruba Abu-Salma
King's College London, London, United Kingdom
論文URL

https://doi.org/10.1145/3613904.3642521

動画
Counting Carrds: Investigating Personal Disclosure and Boundary Management in Transformative Fandom
要旨

The privacy practices of transformative fandom are of interest to HCI researchers both for the community's high proportion of queer members and for the community's sophisticated privacy norms and behaviors. We investigated fans' use of single-serving websites on Carrd.co ("Carrds") as personal profiles linked from Twitter accounts. We scraped Twitter to gather 5252 Carrds from fans in a variety of fandoms, which we analyzed using a combination of keyword searches and hand-coding. Fans' Carrds frequently disclose queer identity, and articulate a complex system of community values and boundary management. Inspired by how these findings aren't well-explained by individual theories of privacy, we articulate first steps towards a theory of collective privacy based in a communal process of values construction, trust building, and personal disclosure that we believe helps us to understand the sophisticated nature of fans' observed behaviors.

著者
Kelly Wang
Northeastern University, Boston, Massachusetts, United States
Dan Bially Levy
Macalester College, St. Paul, Minnesota, United States
Kien T. Nguyen
Macalester College, Saint Paul, Minnesota, United States
Ada Lerner
Northeastern University, Boston, Massachusetts, United States
Abigail Marsh
Macalester College, Saint Paul, Minnesota, United States
論文URL

https://doi.org/10.1145/3613904.3642664

動画
Stochastic Machine Witnesses at Work: Today's Critiques of Taylorism are Inadequate for Workplace Surveillance Epistemologies of the Future
要旨

I argue that epistemologies of workplace surveillance are shifting in fundamental ways, and so critiques must shift accordingly. I begin the paper by relating Scientific Management to Human-Centred Computing's ways of knowing through a study of 'metaverse' virtual reality workplaces. From this, I develop two observations. The first is that today's workplace measurement science does not resemble the science that Taylor developed for Scientific Management. Contemporary workplace science is more passive, more intermediated and less controlled. The second observation is that new forms of workplace measurement challenge the norms of empirical science. Instead of having credentialed human witnesses observe phenomena and agree facts about them, we instead make outsourced, uncredentialed stochastic machine witnesses responsible for producing facts about work. With these observations in mind, I assert that critiques of workplace surveillance still framed by Taylorism will not be fit for interrogating workplace surveillance practices of the future.

著者
Sandy J. J.. Gould
Cardiff University, Cardiff, United Kingdom
論文URL

https://doi.org/10.1145/3613904.3642206

動画
‘We Do Not Have the Capacity to Monitor All Media’: A Design Case Study on Cyber Situational Awareness in Computer Emergency Response Teams
要旨

Computer Emergency Response Teams (CERTs) provide advisory, preventive and reactive cybersecurity services for authorities, citizens, and businesses. However, their responsibility of monitoring, analyzing, and communicating cyber threats have become challenging due to the growing volume and varying quality of information disseminated through public channels. Based on a design case study conducted from 2021 to 2023, this paper combines three iterations of expert interviews, design workshops and cognitive walkthroughs to design an automated, cross-platform and real-time cybersecurity dashboard. By adopting the notion of cyber situational awareness, the study extracts user requirements and design heuristics for enhanced threat awareness and mission awareness in CERTs, discussing the aspects of source integration, data management, customizable visualization, relationship awareness, information assessment, software integration, (inter-)organizational collaboration, and communication of stakeholder warnings.

受賞
Best Paper
著者
Marc-André Kaufhold
Technische Universität Darmstadt, Darmstadt, Germany
Thea Riebe
Technische Universität Darmstadt, Darmstadt, Germany
Markus Bayer
Technical University of Darmstadt, Darmstadt, Germany
Christian Reuter
Technische Universität Darmstadt, Darmstadt, Germany
論文URL

https://doi.org/10.1145/3613904.3642368

動画
Analyzing Security and Privacy Advice During the 2022 Russian Invasion of Ukraine on Twitter
要旨

The Russian Invasion of Ukraine in 2022 resulted in a rapidly changing cyber threat environment globally and incentivized the sharing of security and privacy advice on social media. Previous research found a strong impact of online security advice on end-user behavior. Twitter is an important platform for sharing information in crises. We examined 306 tweets with security and privacy advice related to the Ukrainian war, and created a taxonomy of 224 unique pieces of advice in seven categories, targeted at individuals or organizations in Ukraine and elsewhere. While our findings include untargeted and generic advice known from previous research, we identify novel advice specific to the invasion, offers for individual consultation, and misinformation on security and privacy advice as a new threat. Our findings highlight the strengths and shortcomings of the security and privacy advice given online during the invasion and establish areas for improvements and future research.

受賞
Honorable Mention
著者
Juliane Schmüser
CISPA, Hannover, Germany
Harshini Sri Ramulu
Paderborn University, Paderborn, Germany
Noah Wöhler
CISPA, Hannover, Germany
Christian Stransky
Leibniz University Hannover, Hannover, Lower Saxony, Germany
Felix Bensmann
Leibniz Institute for Social Sciences, Cologne, Germany
Dimitar Dimitrov
GESIS - Leibniz Institute for the Social Sciences, Cologne, Germany
Sebastian Schellhammer
Leibniz Institute for Social Sciences, Cologne, Germany
Dominik Wermke
CISPA Helmholtz Center for Information Security, Hannover, Germany
Stefan Dietze
GESIS - Leibniz Institute for the Social Sciences, Cologne, Germany
Yasemin Acar
Paderborn University, Paderborn, Germany
Sascha Fahl
CISPA Helmholtz Center for Information Security, Hannover, Germany
論文URL

https://doi.org/10.1145/3613904.3642826

動画
In Focus, Out of Privacy: The Wearer's Perspective on the Privacy Dilemma of Camera Glasses
要旨

The rising popularity of camera glasses challenges societal norms of recording bystanders and thus requires efforts to mediate privacy preferences. We present the first study on the wearers' perspectives and explore privacy challenges associated with wearing camera glasses when bystanders are present. We conducted a micro-longitudinal diary study (N=15) followed by exit interviews with existing users and people without prior experience. Our results show that wearers consider the currently available privacy indicators ineffective. They believe the looks and interaction design of the glasses conceal the technology from unaware people. Due to the lack of effective privacy-mediating measures, wearers feel emotionally burdened with preserving bystanders' privacy. We furthermore elicit how this sentiment impacts their usage of camera glasses and highlight the need for technical and non-technical solutions. Finally, we compare the wearers' and bystanders' perspectives and discuss the design space of a future privacy-preserving ecosystem for wearable cameras.

受賞
Honorable Mention
著者
Divyanshu Bhardwaj
CISPA Helmholtz Center for Information Security, Saarbrücken, Germany
Alexander Ponticello
CISPA Helmholtz Center for Information Security, Saarbrücken, Germany
Shreya Tomar
Indraprastha Institute of Information Technology, Delhi, New Delhi, India
Adrian Dabrowski
CISPA Helmholtz Center for Information Security, Saarbrücken, Germany
Katharina Krombholz
Saarland Informatics Campus, Saarbrücken, Germany
論文URL

https://doi.org/10.1145/3613904.3642242

動画
The Impact of Risk Appeal Approaches on Users’ Sharing Confidential Information
要旨

End-to-end encrypted email can help users prevent unauthorized access of their sensitive information. However, many users struggle to utilize encryption tools due to usability issues and low understanding. Thus, we designed video messaging interventions to persuade users to use email encryption software (Virtru). Our first intervention combined Protection Motivation Theory with Anticipated Regret (PMT+AR), and was designed to help participants understand the benefits of using encrypted email. Our second intervention also included Action Planning (PMT+AR+AP), and was designed to help participants recognize opportunities to use encrypted email. We conducted online interviews with 121 participants and used a follow-up survey to evaluate our interventions. Pre-intervention, participants believed that Gmail encrypted standard email content by default. Post-intervention, both messages made participants more likely to utilize encrypted email in a simulated information sharing scenario compared to Control. Our results suggest that our interventions can help people adopt protective technologies and address their misconceptions about them.

著者
Elham Al Qahtani
University of Jeddah, Jeddah, Saudi Arabia
Peter Story
Clark University, Worcester, Massachusetts, United States
Mohamed Shehab
University of North Carolina at Charlotte, Charlotte, North Carolina, United States
論文URL

https://doi.org/10.1145/3613904.3642524

動画