Digital resources are often collectively owned and shared by small social groups (e.g., friends sharing Netflix accounts, roommates sharing game consoles, families sharing WhatsApp groups). Yet, little is known about (i) how these groups jointly navigate cybersecurity and privacy (S&P) decisions for shared resources, (ii) how shared experiences influence individual S&P attitudes and behaviors, and (iii) how well existing S&P controls map onto group needs. We conducted group interviews and a supplemental diary study with nine social groups (n=34) of varying relationship types. We identified why, how and what resources groups shared, their jointly construed threat models, and how these factors influenced group strategies for securing shared resources. We also identified missed opportunities for cooperation and stewardship among group members that could have led to improved S&P behaviors, and found that existing S&P controls often fail to meet the needs of these small social groups.
https://doi.org/10.1145/3313831.3376605
The ACM CHI Conference on Human Factors in Computing Systems (https://chi2020.acm.org/)