Online hate and harassment poses a threat to the digital safety of people globally. In light of this risk, there is a need to equip as many people as possible with advice to stay safer online. We interviewed 24 experts to understand what threats and advice internet users should prioritize to prevent or mitigate harm. As part of this, we asked experts to evaluate 45 pieces of existing hate-and-harassment-specific digital-safety advice to understand why they felt advice was viable or not. We find that experts frequently had competing perspectives for which threats and advice they would prioritize. We synthesize sources of disagreement, while also highlighting the primary threats and advice where experts concurred. Our results inform immediate efforts to protect users from online hate and harassment, as well as more expansive socio-technical efforts to establish enduring safety.
Secure development guidelines contribute to improving software security from the development stage by making developers aware of the risks to be assumed, the necessary security countermeasures, and how to implement them. In this study, we investigated the actual utilization of guidelines and their usability in the industry through a survey of software development professionals in the U.S. and Japan (N=396 in the U.S. and N=474 in Japan). Our quantitative analysis revealed that “in-house” guidelines not examined in most existing studies are in fact widely utilized in the industry and also clarified how they are related to the use of public guidelines. In addition, we found that the practices for implementing guidelines recommended by existing studies are difficult for software development professionals with certain attributes, e.g., those who are working on small projects. The findings demonstrate the need for lightweight recommended practices taking into account organizational issues at industrial development sites that are easy for developers to implement.
In top-tier companies and academia, fuzzing has established itself as a valuable tool for finding bugs.
It is a tool created by experts for experts, and a lot of research is being invested into improving the power of fuzzing.
However, the usability of fuzzing has not received much attention yet.
To alleviate this, we evaluated the usability of two popular fuzzers: AFL and libFuzzer.
In our fuzzing study, 47 computer science students each worked up to 20 hours in total.
We found significant usability challenges for both fuzzers leading to only 17 participants who were able to finish all tasks.
Even the successful participants struggled with some of the necessary steps and found them complex and confusing.
While on the whole, AFL fared better than libFuzzer, both fuzzers have strengths and weaknesses and can be improved based on our results.
The seamless integration of technology into the lives of youth has raised concerns about their digital safety. While prior work has explored youth experiences with physical, sexual, and emotional threats---such as bullying and trafficking---a comprehensive and in-depth understanding of the myriad threats that youth experience is needed. By synthesizing the perspectives of 36 youth and 65 adult participants from the U.S., we provide an overview of today's complex digital-safety landscape. We describe attacks youth experienced, how these moved across platforms and into the physical world, and the resulting harms. We also describe protective practices the youth and the adults who support them took to prevent, mitigate, and recover from attacks, and key barriers to doing this effectively. Our findings provide a broad perspective to help improve digital safety for youth and set directions for future work.
Although a great deal of research has examined interventions to help users protect their own information online, less work has examined methods for reducing interdependent privacy (IDP) violations on social media (i.e., sharing of other people’s information). This study tested the effectiveness of concept-based (i.e., general information), fact-based (i.e., statistics), and narrative-based (i.e., stories) educational videos in altering IDP-relevant attitudes and multimedia sharing behaviors. Our study revealed concept and fact videos reduced sharing of social media content that portrayed people negatively. The narrative intervention backfired and increased sharing among participants who did not believe IDP violations to be especially serious; however, the narrative intervention decreased sharing for participants who rated IDP violations as more serious. Notably, our study found participants preferred narrative-based interventions with real world examples, despite other strategies more effectively reducing sharing. Implications for narrative transportation theory and advancing bottom-up (i.e., user-centered) psychosocial interventions are discussed.
The paradigm of Privacy by Design aims to integrate privacy early in the product development life cycle. One element of this is to conduct threat modeling with developers to identify privacy threats that engender from the architecture design of the product. In this paper, we propose a systematic lightweight privacy threat modeling framework (MAP) based on attacker personas that is both easy to operationalize and scale. MAP leverages existing privacy threat frameworks to provide an operational roadmap based on relevant threat actors, associated threats, and resulting harm to individuals as well as organizations. We implement MAP as a persona picker tool that threat modelers can use as a menu select to identify, investigate, and remediate relevant threats based on product developer’s scope of privacy risk. We conclude by testing the framework using a repository of 207 privacy breaches extracted from the VERIS Community Database.