Session:「Privacy Behaviours」

Increasing User Attention with a Comic-based Policy

論文URL: http://dl.acm.org/citation.cfm?doid=3173574.3173774

論文アブストラクト: End user license agreements, terms of service agreements and privacy policies all suffer from many of the same problems: people rarely read them and yet still agree to whatever is contained within them. There are many usability challenges with these policies: they are often lengthy, with jargon filled language that is difficult to quickly comprehend. However, these notices are the primary tool for users to understand the privacy implications of their digital activities and make informed decisions on which websites and software they use. Prior research has explored alternative designs for such notices, using more visual and structured interfaces for conveying information. We expand upon these results by exploring a comic-based interface, examining whether it can engage users to pay more attention to a terms of service agreement. Our results indicate that the comic version did hold user attention for longer than text-based alternatives, encouraging deeper investigation into comic-based interfaces.

日本語のまとめ:

多くの人々が同意書や利用規約などのポリシーを読まずに同意してしまっている。その解決策として、コミック形式のポリシーを提案した。ポリシーを読んだ時間・アイトラッカー・クイズのスコアによってそのポリシーを評価した。

Examining the Demand for Spam: Who Clicks?

論文URL: http://dl.acm.org/citation.cfm?doid=3173574.3173786

論文アブストラクト: Despite significant advances in automated spam detection, some spam content manages to evade detection and engage users. While the spam supply chain is well understood through previous research, there is little understanding of spam consumers. We focus on the demand side of the spam equation examining what drives users to click on spam via a large-scale analysis of de-identified, aggregated Facebook log data (n=600,000). We find (1) that the volume of spam and clicking norms in a users' network are significantly related to individual consumption behavior; (2) that more active users are less likely to click, suggesting that experience and internet skill (weakly correlated with activity level) may create more savvy consumers; and (3) we confirm previous findings about the gender effect in spam consumption, but find this effect largely corresponds to spam topics. Our findings provide practical insights to reduce demand for spam content, thereby affecting spam profitability.

日本語のまとめ:

今回は、スパムを送る側ではなく、スパムをクリックする側に焦点を当てた。60万件のFacebookログデータを使って、スパムをクリックするユーザとスパムの内容の関係を調査した。

X-Ray Refine: Supporting the Exploration and Refinement of Information Exposure Resulting from Smartphone Apps

論文URL: http://dl.acm.org/citation.cfm?doid=3173574.3173967

論文アブストラクト: Most smartphone apps collect and share information with various first and third parties; yet, such data collection practices remain largely unbeknownst to, and outside the control of, end-users. In this paper, we seek to understand the potential for tools to help people refine their exposure to third parties, resulting from their app usage. We designed an interactive, focus-plus-context display called X-Ray Refine (Refine) that uses models of over 1 million Android apps to visualise a person's exposure profile based on their durations of app use. To support exploration of mitigation strategies, emphRefine can simulate actions such as app usage reduction, removal, and substitution. A lab study of emphRefine found participants achieved a high-level understanding of their exposure, and identified data collection behaviours that violated both their expectations and privacy preferences. Participants also devised bespoke strategies to achieve privacy goals, identifying the key barriers to achieving them.

日本語のまとめ:

スマホアプリの中には、第三者にユーザ情報を漏洩するものがある。それに対し、X-Ray Refineという、アプリの使用量削減・削除・置き換えをシミュレートすることができるアプリを設計し評価した。

Who Provides Phishing Training?: Facts, Stories, and People Like Me

論文URL: http://dl.acm.org/citation.cfm?doid=3173574.3174066

論文アブストラクト: Humans represent one of the most persistent vulnerabilities in many computing systems. Since human users are independent agents who make their own choices, closing these vulnerabilities means persuading users to make different choices. Focusing on one specific human choice -- clicking on a link in a phishing email -- we conducted an experiment to identify better ways to train users to make more secure decisions. We compared traditional facts-and-advice training against training that uses a simple story to convey the same lessons. We found a surprising interaction effect: facts-and-advice training works better than not training users, but only when presented by a security expert. Stories don't work quite as well as facts-and-advice, but work much better when told by a peer. This suggests that the perceived origin of training materials can have a surprisingly large effect on security outcomes.

日本語のまとめ:

フィッシングメールを使って、より安全な意思決定をするためのトレーニング方法を見つけようとした。大学職員に対しフィッシングメールを送り付け、引っかかった人に対し色々な種類のトレーニング文を送ってどれが効果的か検証した。