Research Projects

Principal Researcher

SSSS.jpeg

Abstract: With the rapid adoption of smart speakers in people’s homes, there is a corresponding increase in users’ privacy and security concerns. Our study focused on investigating users’ concerns with regard to housemates and external entities. We conducted semi-structured interviews with 26 participants living in 21 households. Our results suggest that users often have an inadequate understanding of what data their smart speakers make available to all users and what is kept private. Although participants expressed different privacy concerns about their housemates and external entities, they adopted similar, yet suboptimal, risk management strategies. We provide recommendations for future speaker design to support more optimal coping with the perceived risks.

You can find more information in the paper:

Huang Yue, (LinkedIn), Borke Obada-Obieh, and Konstantin Beznosov, Amazon vs. my brother: How users of shared smart speakers perceive and cope with privacy risks. Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (CHI 2020), *Honorable mention award. 

The following video provides a quick overview of the research. You can also watch the video on Youtube.

End users’ perceptions of breached credential warnings

Principal Researcher

Abstract: The widespread availability of usernames and passwords exposed by data breaches remains a big threat to users and companies. To better protect users’ credentials, companies have begun checking if their users’ credentials appear in breaches, and, if so, they deploy further protections (e.g., suggest that users to change their passwords). However, there has been no research conducted to understand end-users perceptions of breached credential warnings. This project aims at bridging these aforementioned knowledge gaps by aiming to (1) explore users’ understandings of the feature; (2) explore users’ (possible) concerns about the feature, and (3) identify users’ (possible) perceived challenges in terms of interacting with the feature.

googlealert_edited.jpg
You can find more information in the paper:

Huang Yue, (LinkedIn), Borke Obada-Obieh, and Konstantin Beznosov, “Users’ Perceptions of Chrome’s Compromised Credential Notification.” In Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022).

The following video provides a quick overview of the research. You can also watch the video on YouTube.

People’s Adoption Intentions of COVID-19 Information Tracking Solutions

Principal Researcher

contact tracing.jpeg

Abstract: Numerous information-tracking solutions have been implemented worldwide to fight the COVID-19 pandemic. According to the data compiled by Top10VPN, 120 contact-tracing apps have been launched worldwide in 71 countries and regions. These information-tracking solutions have diverse goals, such as identifying close contacts of a COVID-positive person, restricting public gathering restrictions, locking down, monitoring social distancing, and enforcing the quarantine. To achieve these tracking goals, solutions may require users to provide various types of data, such as their names,  location information, and phone numbers; all information not required for the contact-tracing solutions that have been heavily investigated. Therefore, in this study, we explore people’s perceptions of this wider spectrum of information-tracking solutions that require different personal information from users and achieve different tracking goals. 

You can find more information in the paper:

Huang Yue, (LinkedIn), Borke Obada-Obieh, Elissa M Redmiles, Satya Lokam, Konstantin Beznosov, COVID-19 Information-Tracking Solutions: A Qualitative Investigation of the Factors Influencing People’s Adoption Intention In ACM SIGIR Conference on Human Information Interaction and Retrieval (CHIIR 2022)

The following video provides a quick overview of the research. You can also watch the video on YouTube.

Users’ Expectations, Experiences, and Concerns About a COVID-19 Exposure Notification App

Principal Researcher

Abstract: Numerous smartphone apps have been implemented worldwide to help with contact tracing during the COVID-19 pandemic. The effectiveness of contact tracing apps is dependent on many issues, including the adoption rate, positive case reporting rate, and long-term usage of the app. With the novel coronavirus continuing to spread worldwide and the low adoption of contact tracing apps in many countries and regions, there is a need to investigate people’s desire for exposure notification as well as their experiences with contact tracing apps.  Therefore, in the study, we investigate the motivations and expectations of COVID Alert app users for learning about their exposure to COVID-19, their pre-installation behaviors, their mental models of the COVID Alert app, and their concerns about the app.

covidapp_edited.jpg
You can find more information in the paper:

Huang Yue (LinkedIn), Borke Obada-Obieh, Satya Lokam, Konstantin Beznosov, Users’ Expectations, Experiences, and Concerns With COVID Alert, an Exposure-Notification App.” Computer Supported Cooperative Work (CSCW 2022)

The following video provides a quick overview of the research.  You can also watch the video on YouTube.

The Burden of Ending Online Account Sharing

Co-researcher

nexflix.png

Abstract: Many people share online accounts, even in situations where high privacy and security are expected. Naturally, the sharing of these accounts does not endure forever. This paper reports the privacy and security challenges that people experience when they stop online account sharing. We conducted semi-structured interviews with 25 participants who stopped sharing at least one online account in the 12 months preceding the study. Our results suggest that users experience cognitive and psychosocial burdens when ending account sharing. We offer suggestions for how to improve the design of online accounts to support users better when they end account sharing. 

You can find more information in the paper:

Borke Obada-Obieh, Yue Huang (LinkedIn), Konstantin Beznosov, The burden of ending online account sharing, Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems.

Watch this YouTube video to learn more about this research. 

Co-researcher

Abstract: This study reports the security and privacy challenges and threats that people experience while working from home. We conducted semi-structured interviews with 24 participants working from home in the three weeks preceding the study. We asked questions related to participants’ challenges with telecommuting. Our results suggest that participants experienced challenges, threats, and potential outcomes of threats associated with the technological, human, organizational, and environmental dimensions. We also discovered two threat models: one in which the employer’s asset is at stake and another in which the employee’s privacy is compromised. We believe these insights can lead to better support for employees and possibly reduce cyber-attacks associated with telecommuting during the pandemic and beyond. 

telecommuniting.png
You can find more information in the paper:

Borke Obada-Obieh, Yue Huang (LinkedIn), Konstantin Beznosov, Challenges and Threats of Mass Telecommuting: A Qualitative Study of Workers, Proceedings of Seventeenth Symposium on Usable Privacy and Security ({SOUPS} 2021).

Watch this YouTube video to learn more about this research. 

Co-researcher

Abstract: This study systematizes and contextualizes the existing body of knowledge on technology's dual nature regarding sexual abuse: facilitator of it and assistant to its prevention, reporting, and restriction. By reviewing 224 research papers, we identified 10 characteristics of technology that facilitate sexual abuse: covertness, publicness, anonymity, evolution, boundlessness, reproducibility, accessibility, indispensability, malleability, and opaqueness. We also analyzed how technology assists victims and other stakeholders in coping with and responding to sexual abuse. Our research questions examined the challenges in using technology to address sexual abuse too. For instance, its use by victims can lead to revictimization. To address technology's challenges, we offer recommendations and suggest new research directions. These findings of the dual nature of technology can inform research and development toward better support for victims of sexual abuse.  

sexual.jpeg
You can find more information in the paper:

Borke Obada-Obieh, Yue Huang (LinkedIn), Lucrezia Spagnolo, Konstantin Beznosov, SoK: The Dual Nature of Technology in Sexual Abuse, Proceedings of 2022 IEEE Symposium on Security and Privacy (SP)

Watch this YouTube video to learn more about this research. 

Co-researcher

phone.jpg

Abstract: The incumbent all-or-nothing model of access control on smartphones has been known to dissatisfy users, due to high overhead (both cognitive and physical) and lack of device-sharing support. Several alternative models have been proposed. However, their efficacy has not been evaluated and compared empirically, due to a lack of detailed quantitative data on users' authorization needs. This paper bridges this gap with a 30-day diary study. We probed a near-representative sample (N = 55) of US smartphone users to gather a comprehensive list of tasks they perform on their phones and their authorization needs for each task. Using this data, we quantify, for the first time, the efficacy of the all-or-nothing model, demonstrating frequent unnecessary or missed interventions (false positive rate (FPR) = 90%, false-negative rate (FNR) = 21%). In comparison, we show that app- or task-level models can improve the FPR up to 88% and the FNR up to 20%, albeit with a modest (up to 15%) increase in required upfront configuration. We also demonstrate that the context in which phone sharing happens is consistent up to 75% of the time, showing promise for context-based solutions.

You can find more information in the paper:

Masoud Mehrabi Koushki, Yue Huang (LinkedIn), Julia Rubin, Konstantin Beznosov Neither Access nor Control: A Longitudinal Investigation of the Efficacy of User {Access-Control} Solutions on Smartphones, 31st USENIX Security Symposium (USENIX Security 22)

Watch this YouTube video to learn more about this research. 

Co-researcher

Abstract: The availability of voice-user interfaces (VUIs) has grown dramatically in recent years. As more capable systems invite higher expectations, the conversational interactions that VUIs support introduces ambiguity in accountability: a user’s or system’s obligation or willingness to be responsible for the outcome of user-delegated tasks. When misconstrued, the impact ranges from inconvenience to deadly harm. This project explores how users’ accountability perceptions and expectations can be managed in voice interaction with smart home appliances. To explore links between the degree of automation, system accountability, and user satisfaction, we identified key design factors for VUI design through an exploratory study, articulated them in video prototypes of four new VUI mechanisms showing a user commanding an advanced appliance and encountering a problem, and deployed them in a second study. 

VUI.png
You can find more information in the paper:

Soheil Kianzad, Yelim Kim, Julia Ann Barakso Lindsay, Yue Huang (LinkedIn), Julian Benavides Benavides, Rock Leung, Karon E MacLean, Accountability-Aware Design of Voice User Interfaces for Home Appliances, Graphics Interface 2021

Watch this YouTube video to learn more about this research. 

Co-researcher

currency.jpeg

Abstract: Bitcoin, although it accounts for over 35% of the market cap, is not the only popular currency any longer. According to publicly available Blockchain explorers, Ripple and Ethereum have over three times the amount of transactions Bitcoin has. One can therefore not simply dismiss other existing currencies, as it is currently the case in research. Cryptocurrencies are also used for different use cases and often have distinct features that are directly reflected in the users' behavior. This research project has therefore the goal to shed light on the different security mechanisms users apply when handling their cryptocurrencies and while interacting with the Blockchain. 

You can find more information in the paper:

Artemij Voskobojnikov, Borke Obada-Obieh, Yue Huang (LinkedIn), Konstantin Beznosov, Surviving the cryptojungle: Perception and management of risk among North American cryptocurrency (non) users International Conference on Financial Cryptography and Data Security.

Watch this YouTube video to learn more about this research.