User Studies on the Internet Steven M. Bellovin https://www.cs.columbia.edu/~smb.

Slides:

Advertisements

Similar presentations

1 of 20 Running a Usability Study Considering a Museum website from the perspective of usability Figuring out what needs fixing and how to fix it.

Advertisements

Online Holiday Shopping Brings Great Deals – and Fraud This lesson is part of the iKeepCurrent TM Program, provided by iKeepSafe TM.

Consumers & Online Privacy: Agenda Background and objectives General attitudes to the internet Attitudes to online data and privacy Attitudes to.

Students’ online profiles for employability and community Frances Chetwynd, Karen Kear, Helen Jefferis and John Woodthorpe The Open University.

Information on Information. Overview Awareness  Social Networks  How information that is displayed or given can affect you  Predators and how to keep.

1 Maritza Johnson Ph.D. candidate in Computer Science Research Computer security and human factors Paper Computer security research with human subjects.

Web Security A how to guide on Keeping your Website Safe. By: Robert Black.

OASIS PKI Action Plan – Overcoming Obstacles to PKI Deployment and Usage Steve Hanna, Co-Chair, OASIS PKI Technical Committee.

Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Designing user studies February.

How To Protect Your Privacy and Avoid Identity Theft Online.

Software Development Unit 2 Databases What is a database? A collection of data organised in a manner that allows access, retrieval and use of that data.

QuizPic Daniel Smith. Introduction I am going to review an educational app called QuizPic.

E-Safety at MPL and beyond…... What are the risks our children face? Understanding the potential risks and encouraging safe and responsible use of the.

How To Protect Your Privacy and Avoid Identity Theft Online.

E safety. Ads It’s always best to not click on ads when you see them, and it’s always a good idea to ignore them, but if there are too many you can always.

Introduction Our Topic: Mobile Security Why is mobile security important?

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.

Topic: Security / Privacy “Your Apps Are Watching You” Source: The Wall Street Journal Online Presented By: Corey Campbell.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

JMU GenCyber Boot Camp Summer, Cyberspace Risks and Defenses Facebook Snapchat P2P filesharing Apps Craigslist Scams JMU GenCyber Boot Camp© 2015.

Programming and Application Packages

From Sample to Population Often we want to understand the attitudes, beliefs, opinions or behaviour of some population, but only have data on a sample.

Computer Basics 4 By: Mr. Stanford. Computer Foundations Although it may be hard to imagine, not too long ago, personal computers did not exist. Since.

WXET1143 Lecture7: , Chat and Messaging. Introduction  Electronic mail is everywhere.  Now many people in business, government, and education use.

Reliability & Desirability of Data

Using Internet Information Effectively in Marketing Floyd Memorial Library Greenport, NY Nov. 7, 2011.

Jan 11 Encryption and Hacking. Your Answer Encryption is used to keep information safe from unauthorised users. The best way to keep the system safe is.

By Joe and Josh.. Would you leave your front door open? Letting strangers see every thing about you by giving away your details online is probably the.

A Comparative Usability Study of Two-Factor Authentication Emiliano de Cristofaro 1, Honglu Du 2, Julien Freudiger 2, Gregory Norcie 3 UCL 1, PARC 2, Indiana.

Computer Science 101 Modeling and Simulation. Scientific Method Observe behavior of a system and formulate an hypothesis to explain it Design and carry.

Team 16 : MedFRS Device Diagnostic Software Misha DowdProject Manager Delnaz GundeviaLife Cycle Planner Anfal Abdul JaleelSystem Architect Nanda Kishore.

Chapter Four Managing Marketing Information. Copyright 2007, Prentice Hall, Inc.4-2 The Importance of Marketing Information  Companies need information.

Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.

Older Adults and Internet Use: (Some of) What we know Mary Madden, Senior Researcher Pew Research Center October 21, 2013 University of Michigan.

Unit 2 (task 28) In this PowerPoint I will tell you about 7 important IT job roles and if a candidate might want one what he would have to do to get one.

Intermediate 2 Software Development Process. Software You should already know that any computer system is made up of hardware and software. The term hardware.

ITGS Databases.

OARN Database UPDATE – SEPTEMBER We’re Live – and Testing  The site is up and running in Google’s data centers:  The site has been secured: 

A library is primarily set up to acquire, organized, store and make accessible to the users, within the quickest possible time all forms of information.

AARP Social Communication: Seven (or so) Secrets Karin Miller Communications Director AARP Tennessee 1.

CP476 Internet Computing CGI1 Cookie –Cookie is a mechanism for a web server recall info of accessing of a client browser –A cookie is an object sent by.

8 October 2015 Preliminary Results from a Survey of State DOT Website Infrastructure A.J. Million, Ph.D. candidate, School of Information Science & Learning.

CSIRO Insert presentation title, do not remove CSIRO from start of footer Experimental Design Why design? removal of technical variance Optimizing your.

Usability Engineering Dr. Dania Bilal IS 592 Spring 2005.

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

1 3 Computing System Fundamentals 3.6 Errors Prevention and Recovery.

Individual Project 1 Sarah Pritchard. Fran, a customer of your company, would like to visit your company’s website from her home computer… How does your.

Finding a PersonBOS Finding a Person! Building an algorithm to search for existing people in a system Rahn Lieberman Manager Emdeon Corp (Emdeon.com)

PRIVACY, LAW & ETHICS MBA 563. Source: eMarketing eXcellence Chaffey et al. BH Overview: Establishing trust and confidence in the online world.

CHAPTER 2 Laws of Security. Introduction Laws of security enable user make the judgment about the security of a system. Some of the “laws” are not really.

“I’m hacking it!”.  Imagine that you’re hacking away on a web app that uses the Wicket web framework. You want to know how to create a form so that the.

Computer Laws Data Protection Act 1998 Computer Misuse Act 1990.

Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.

RTI International RTI International is a trade name of Research Triangle Institute. CONFIDENTIAL Chronic Illness in Second Life: Virtual Communities.

1. Guard your privacy. What people know about you is up to you. 2. Protect your reputation. Self-reflect before you self-reveal. What’s funny or edgy.

Data Protection Act The Kingsway School. What is Covered? The act was made law in 1984 and was updated in It covers the storage of personal data.

Instructor: Chris Trenkov Hands-on Course Python for Absolute Beginners (Spring 2015) Class #003 (February 14, 2015)

This presentation deals with any kind of information you put online. It relates to e- mails, texts, social networking and the sharing of pictures and.

Predicting and Adapting to Poor Speech Recognition in a Spoken Dialogue System Diane J. Litman AT&T Labs -- Research

By Lloyd and Jamie Brought to you by I safe. How to keep from being bullied (online) 1 don’t give out personal info such as passwords, pins, address,

Challenge/Response Authentication

How to use the internet safely and How to protect my personal data?

Testing More In CS430.

How to use the internet safely and How to protect my personal data?

1. Welcome to Software Construction

Attributes of Information

Commercial Revolution

Apps: Facebook & Netflix By Nathan Sutherland

Presentation transcript:

User Studies on the Internet Steven M. Bellovin

Goals Study how users control their privacy on Facebook Recruit subjects via the Internet In other words, using the Internet to study behavior on the Internet (Experiments done by PhD student Maritza Johnson) smb 2

Facebook Vastly popular – 800 million users Every item you post has its own privacy setting: shared with friends, friends of friends, “network”, or the world Custom settings are also possible Questions to study: Do users care about privacy? Is the interface usable? If not, can we improve it? smb 3

Do Facebook Users Care About Privacy? Yes, they say so Confirmed by later Pew Foundation Survey More important, people do take certain privacy-protecting actions But – they rarely change permission settings smb 4

Is There Really a Problem? In a study of CU undergraduates, every single subject confirmed at least one error in their permission settings Not surprisingly, people’s attitudes about privacy vary with subject matter But our subjects rarely fixed the problems… Hypothesis: permission-setting mechanisms are too complex smb 5

Another Experiment Show subjects who can see what If they’re unhappy about it, ask if they want to fix the problem, and tell them exactly how to do so Result: improved behavior; more people fixed the problematic permissions Still nowhere near perfect – but since people take other privacy-preserving measures (e.g., “untagging” photographs), we conclude that the permission- setting interface is fundamentally broken smb 6

Finding Experimental Subjects Advertising: Craig’s List and via Google Ad Words Amazon’s “Mechanical Turk” People paid to do all sorts of things, including – in our case – going through our study “Mechanical Turk” name comes from fake chess-playing automaton Research Match Consortium of universities; used to match volunteers with IRB-approved studies smb 7

Conducting Research over the Net: Issues Demographic mix Verifying demographic information, especially age Terms of service for Facebook and Amazon Limitations of the experimental environment smb 8

Demographic Mix Does our pool of subjects match Facebook’s user population, in age, gender, educational level, etc.? Research Match did better – but we had some problems with non-uniform dropouts smb 9

Verifying Demographic Information Hard to verify subject-supplied data: “On the Internet, no one knows you’re a dog” Must have age for consent purposes! Is Facebook’s assertion good enough? It’s probably reasonably accurate but by no means perfect Research Match doesn’t verify self-reported demographic data, either (It also sends far too much for our purposes – we weren’t doing a study where medical conditions are relevant) smb 10

Terms of Service Various services limit what you’re allowed to do Amazon: You may not ask Turkers to install software on their machines Makes sense from a computer security perspective, but limits the types of experiments we can do Facebook: users may not share passwords smb 11

Environment Limitations Facebook apps could not encrypt data – gave us no safe way to transmit data to Columbia for more detailed analysis or reanalysis Facebook apps cannot directly access object permissions – forced clumsy workarounds, and (in one study) forced us to limit our population to Columbia students Apps cannot modify permissions – no way to experiment with better user interface A front end? Maybe – but that would require subjects to enter their Facebook passwords into our code, which is risky for both us and them smb 12