論文アブストラクト： End user license agreements, terms of service agreements and privacy policies all suffer from many of the same problems: people rarely read them and yet still agree to whatever is contained within them. There are many usability challenges with these policies: they are often lengthy, with jargon filled language that is difficult to quickly comprehend. However, these notices are the primary tool for users to understand the privacy implications of their digital activities and make informed decisions on which websites and software they use. Prior research has explored alternative designs for such notices, using more visual and structured interfaces for conveying information. We expand upon these results by exploring a comic-based interface, examining whether it can engage users to pay more attention to a terms of service agreement. Our results indicate that the comic version did hold user attention for longer than text-based alternatives, encouraging deeper investigation into comic-based interfaces.
論文アブストラクト： Despite significant advances in automated spam detection, some spam content manages to evade detection and engage users. While the spam supply chain is well understood through previous research, there is little understanding of spam consumers. We focus on the demand side of the spam equation examining what drives users to click on spam via a large-scale analysis of de-identified, aggregated Facebook log data (n=600,000). We find (1) that the volume of spam and clicking norms in a users' network are significantly related to individual consumption behavior; (2) that more active users are less likely to click, suggesting that experience and internet skill (weakly correlated with activity level) may create more savvy consumers; and (3) we confirm previous findings about the gender effect in spam consumption, but find this effect largely corresponds to spam topics. Our findings provide practical insights to reduce demand for spam content, thereby affecting spam profitability.
論文アブストラクト： Most smartphone apps collect and share information with various first and third parties; yet, such data collection practices remain largely unbeknownst to, and outside the control of, end-users. In this paper, we seek to understand the potential for tools to help people refine their exposure to third parties, resulting from their app usage. We designed an interactive, focus-plus-context display called X-Ray Refine (Refine) that uses models of over 1 million Android apps to visualise a person's exposure profile based on their durations of app use. To support exploration of mitigation strategies, emphRefine can simulate actions such as app usage reduction, removal, and substitution. A lab study of emphRefine found participants achieved a high-level understanding of their exposure, and identified data collection behaviours that violated both their expectations and privacy preferences. Participants also devised bespoke strategies to achieve privacy goals, identifying the key barriers to achieving them.
論文アブストラクト： Humans represent one of the most persistent vulnerabilities in many computing systems. Since human users are independent agents who make their own choices, closing these vulnerabilities means persuading users to make different choices. Focusing on one specific human choice -- clicking on a link in a phishing email -- we conducted an experiment to identify better ways to train users to make more secure decisions. We compared traditional facts-and-advice training against training that uses a simple story to convey the same lessons. We found a surprising interaction effect: facts-and-advice training works better than not training users, but only when presented by a security expert. Stories don't work quite as well as facts-and-advice, but work much better when told by a peer. This suggests that the perceived origin of training materials can have a surprisingly large effect on security outcomes.