The ones who are crazy enough to think they can change the world, are the ones who do. (4)

Research Projects

Principal Researcher


Abstract: With the rapid adoption of smart speakers in people’s homes, there is a corresponding increase in users’ privacy and security concerns. Our study focused on investigating users’ concerns with regard to housemates and external entities. We conducted semi-structured interviews with 26 participants living in 21 households. Our results suggest that users often have an inadequate understanding of what data their smart speakers make available to all users and what is kept private. Although participants expressed different privacy concerns about their housemates and external entities, they adopted similar, yet suboptimal, risk management strategies. We provide recommendations for future speaker design to support more optimal coping with the perceived risks.

Click to see the Manuscript.

Click to watch the video.

End users’ perceptions of breached credential warnings

Principal Researcher

Abstract: The widespread availability of usernames and passwords exposed by data breaches remains a big threat to users and companies. To better protect users’ credentials, companies have begun checking if their users’ credentials appear in breaches, and, if so, they deploy further protections (e.g., suggest for users to change their passwords). However, there has been no research conducted to understand end-users perceptions of breached credential warnings. This project aims at bridging these aforementioned knowledge gaps by aiming to (1) explore users’ understandings of the feature; (2) explore users’ (possible) concerns about the feature, and (3)identify users’ (possible) perceived challenges in terms of interacting with the feature.

Click to learn more.


People’s Adoption Intentions of COVID-19 Information Tracking Solutions

Principal Researcher

contact tracing.jpeg

Abstract: Numerous information-tracking solutions have been implemented worldwide to fight the COVID-19 pandemic. According to the data compiled by Top10VPN, 120 contact-tracing apps have been launched worldwide in 71 countries and regions. These information-tracking solutions have diverse goals, such as identifying close contacts of a COVID-positive person, restricting public gathering restrictions, locking down, monitoring social distancing, and enforcing the quarantine. To achieve these tracking goals, solutions may require users to provide various types of data, such as their names,  location information, and phone numbers; all information not required for the contact-tracing solutions that have been heavily investigated. Therefore, in this study, we explore people’s perceptions of this wider spectrum of information-tracking solutions that require different personal information from users and achieve different tracking goals. Find out more about the study here.

Users’ Expectations, Experiences, and Concerns About a COVID-19 Exposure Notification App

Principal Researcher

Abstract: Numerous smartphone apps have been implemented worldwide to help with contact tracing during the COVID-19 pandemic. The effectiveness of contact tracing apps is dependent on many issues, including the adoption rate, positive case reporting rate, and long-term usage of the app. With the novel coronavirus continuing to spread worldwide and the low adoption of contact tracing apps in many countries and regions, there is a need to investigate people’s desire for exposure notification as well as their experiences with contact tracing apps.  Therefore, in the study, we investigate the motivations and expectations of COVID Alert app users for learning about their exposure to COVID-19, their pre-installation behaviors, their mental models of the COVID Alert app, and their concerns about the app. Find out more about the study here.


The Burden of Ending Online Account Sharing



Abstract: Many people share online accounts, even in situations where high privacy and security are expected. Naturally, the sharing of these accounts does not endure forever. This paper reports the privacy and security challenges that people experience when they stop online account sharing. We conducted semi-structured interviews with 25 participants who stopped sharing at least one online account in the 12 months preceding the study. Our results suggest that users experience cognitive and psychosocial burdens when ending account sharing. We offer suggestions for how to improve the design of online accounts to support users better when they end account sharing. Click here to learn more.


Abstract: The availability of voice-user interfaces (VUIs) has grown dramatically in recent years. As more capable systems invite higher expectations, the conversational interactions that VUIs support introduces ambiguity in accountability: a user’s or system’s obligation or willingness to be responsible for the outcome of user-delegated tasks. When misconstrued, the impact ranges from inconvenience to deadly harm. This project explores how users’ accountability perceptions and expectations can be managed in voice interaction with smart home appliances. To explore links between the degree of automation, system accountability, and user satisfaction, we identified key design factors for VUI design through an exploratory study, articulated them in video prototypes of four new VUI mechanisms showing a user commanding an advanced appliance and encountering a problem, and deployed them in a second study. Click here to learn more.




Abstract: Bitcoin, although it accounts for over 35% of the market cap, is not the only popular currency any longer. According to publicly available Blockchain explorers, Ripple and Ethereum have over three times the amount of transactions Bitcoin has. One can therefore not simply dismiss other existing currencies, as it is currently the case in research. Cryptocurrencies are also used for different use cases and often have distinct features that are directly reflected in the users' behavior. This research project has therefore the goal to shed light on the different security mechanisms users apply when handling their cryptocurrencies and while interacting with the Blockchain. Click here to learn more.


Abstract: This study reports the security and privacy challenges and threats that people experience while working from home. We conducted semi-structured interviews with 24 participants working from home in the three weeks preceding the study. We asked questions related to participants’ challenges with telecommuting. Our results suggest that participants experienced challenges, threats, and potential outcomes of threats associated with the technological, human, organizational, and environmental dimensions. We also discovered two threat models: one in which the employer’s asset is at stake and another in which the employee’s privacy is compromised. We believe these insights can lead to better support for employees and possibly reduce cyber-attacks associated with telecommuting during the pandemic and beyond. Click here to learn more.


Abstract: This study systematizes and contextualizes the existing body of knowledge on technology's dual nature regarding sexual abuse: facilitator of it and assistant to its prevention, reporting, and restriction. By reviewing 224 research papers, we identified 10 characteristics of technology that facilitate sexual abuse: covertness, publicness, anonymity, evolution, boundlessness, reproducibility, accessibility, indispensability, malleability, and opaqueness. We also analyzed how technology assists victims and other stakeholders in coping with and responding to sexual abuse. Our research questions examined the challenges in using technology to address sexual abuse too. For instance, its use by victims can lead to revictimization. To address technology's challenges, we offer recommendations and suggest new research directions. These findings of the dual nature of technology can inform research and development toward better support for victims of sexual abuse.  



Abstract: The incumbent all-or-nothing model of access control on smartphones has been known to dissatisfy users, due to high overhead (both cognitive and physical) and lack of device-sharing support. Several alternative models have been proposed. However, their efficacy has not been evaluated and compared empirically, due to a lack of detailed quantitative data on users' authorization needs. This paper bridges this gap with a 30-day diary study. We probed a near-representative sample (N = 55) of US smartphone users to gather a comprehensive list of tasks they perform on their phones and their authorization needs for each task. Using this data, we quantify, for the first time, the efficacy of the all-or-nothing model, demonstrating frequent unnecessary or missed interventions (false positive rate (FPR) = 90%, false-negative rate (FNR) = 21%). In comparison, we show that app- or task-level models can improve the FPR up to 88% and the FNR up to 20%, albeit with a modest (up to 15%) increase in required upfront configuration. We also demonstrate that the context in which phone sharing happens is consistent up to 75% of the time, showing promise for context-based solutions.