Research Projects
Principal Researcher
Abstract: With the rapid adoption of smart speakers in people’s homes, there is a corresponding increase in users’ privacy and security concerns. Our study focused on investigating users’ concerns with regard to housemates and external entities. We conducted semi-structured interviews with 26 participants living in 21 households. Our results suggest that users often have an inadequate understanding of what data their smart speakers make available to all users and what is kept private. Although participants expressed different privacy concerns about their housemates and external entities, they adopted similar, yet suboptimal, risk management strategies. We provide recommendations for future speaker design to support more optimal coping with the perceived risks.
You can find more information in the paper:
Huang Yue, (LinkedIn), Borke Obada-Obieh, and Konstantin Beznosov, “Amazon vs. my brother: How users of shared smart speakers perceive and cope with privacy risks.” Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (CHI 2020), *Honorable mention award.
The following video provides a quick overview of the research. You can also watch the video on Youtube.
End users’ perceptions of breached credential warnings
Principal Researcher
Abstract: The widespread availability of usernames and passwords exposed by data breaches remains a big threat to users and companies. To better protect users’ credentials, companies have begun checking if their users’ credentials appear in breaches, and, if so, they deploy further protections (e.g., suggest that users to change their passwords). However, there has been no research conducted to understand end-users perceptions of breached credential warnings. This project aims at bridging these aforementioned knowledge gaps by aiming to (1) explore users’ understandings of the feature; (2) explore users’ (possible) concerns about the feature, and (3) identify users’ (possible) perceived challenges in terms of interacting with the feature.
You can find more information in the paper:
Huang Yue, (LinkedIn), Borke Obada-Obieh, and Konstantin Beznosov, “Users’ Perceptions of Chrome’s Compromised Credential Notification.” In Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022).
The following video provides a quick overview of the research. You can also watch the video on YouTube.
People’s Adoption Intentions of COVID-19 Information Tracking Solutions
Principal Researcher
Abstract: Numerous information-tracking solutions have been implemented worldwide to fight the COVID-19 pandemic. According to the data compiled by Top10VPN, 120 contact-tracing apps have been launched worldwide in 71 countries and regions. These information-tracking solutions have diverse goals, such as identifying close contacts of a COVID-positive person, restricting public gathering restrictions, locking down, monitoring social distancing, and enforcing the quarantine. To achieve these tracking goals, solutions may require users to provide various types of data, such as their names, location information, and phone numbers; all information not required for the contact-tracing solutions that have been heavily investigated. Therefore, in this study, we explore people’s perceptions of this wider spectrum of information-tracking solutions that require different personal information from users and achieve different tracking goals.
You can find more information in the paper:
Huang Yue, (LinkedIn), Borke Obada-Obieh, Elissa M Redmiles, Satya Lokam, Konstantin Beznosov, “COVID-19 Information-Tracking Solutions: A Qualitative Investigation of the Factors Influencing People’s Adoption Intention” In ACM SIGIR Conference on Human Information Interaction and Retrieval (CHIIR 2022)
The following video provides a quick overview of the research. You can also watch the video on YouTube.
Users’ Expectations, Experiences, and Concerns About a COVID-19 Exposure Notification App
Principal Researcher
Abstract: Numerous smartphone apps have been implemented worldwide to help with contact tracing during the COVID-19 pandemic. The effectiveness of contact tracing apps is dependent on many issues, including the adoption rate, positive case reporting rate, and long-term usage of the app. With the novel coronavirus continuing to spread worldwide and the low adoption of contact tracing apps in many countries and regions, there is a need to investigate people’s desire for exposure notification as well as their experiences with contact tracing apps. Therefore, in the study, we investigate the motivations and expectations of COVID Alert app users for learning about their exposure to COVID-19, their pre-installation behaviors, their mental models of the COVID Alert app, and their concerns about the app.
Image credit: https://twitter.com/cds_gc/status/1289226205858680833
You can find more information in the paper:
Huang Yue (LinkedIn), Borke Obada-Obieh, Satya Lokam, Konstantin Beznosov, “Users’ Expectations, Experiences, and Concerns With COVID Alert, an Exposure-Notification App.” Computer Supported Cooperative Work (CSCW 2022)
The following video provides a quick overview of the research. You can also watch the video on YouTube.
The Burden of Ending Online Account Sharing
Co-researcher
Image credit: https://help.netflix.com/en/node/412
Abstract: Many people share online accounts, even in situations where high privacy and security are expected. Naturally, the sharing of these accounts does not endure forever. This paper reports the privacy and security challenges that people experience when they stop online account sharing. We conducted semi-structured interviews with 25 participants who stopped sharing at least one online account in the 12 months preceding the study. Our results suggest that users experience cognitive and psychosocial burdens when ending account sharing. We offer suggestions for how to improve the design of online accounts to support users better when they end account sharing.
You can find more information in the paper:
Borke Obada-Obieh, Yue Huang (LinkedIn), Konstantin Beznosov, “The burden of ending online account sharing,” Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems.
Watch this YouTube video to learn more about this research.
Co-researcher
Abstract: This study reports the security and privacy challenges and threats that people experience while working from home. We conducted semi-structured interviews with 24 participants working from home in the three weeks preceding the study. We asked questions related to participants’ challenges with telecommuting. Our results suggest that participants experienced challenges, threats, and potential outcomes of threats associated with the technological, human, organizational, and environmental dimensions. We also discovered two threat models: one in which the employer’s asset is at stake and another in which the employee’s privacy is compromised. We believe these insights can lead to better support for employees and possibly reduce cyber-attacks associated with telecommuting during the pandemic and beyond.
You can find more information in the paper:
Borke Obada-Obieh, Yue Huang (LinkedIn), Konstantin Beznosov, “Challenges and Threats of Mass Telecommuting: A Qualitative Study of Workers,” Proceedings of Seventeenth Symposium on Usable Privacy and Security ({SOUPS} 2021).
Watch this YouTube video to learn more about this research.
Co-researcher
As peer-to-peer (P2P) marketplaces have grown rapidly, concerns related to trust, privacy, and safety (TPS) have also increased. While previous studies have explored these aspects in various P2P marketplaces, there has been limited research on Facebook Marketplace (FM), which is distinguished by dramatic growth and intricate entanglement with the Facebook social networking site (SNS). To address this knowledge gap, we conducted interviews with 42 FM users in the US and Canada, investigating TPS factors associated with trading decisions. We identified four categories of factors: pre-existing concerns, signals, interactions, and perceived benefits. We uncover the challenges arising from the interplay of these factors, offer design recommendations for SNS–based marketplaces like FM, and suggest directions for future research. Our study advances the understanding of decision-making processes in SNS–based marketplaces, informs future design improvements for such platforms, and ultimately contributes to a better user experience related to trust, privacy, and safety.
You can find more information in the paper:
Azadeh Mokhberi, Yue Huang (LinkedIn), Guillaume Humbert, Borke Obada-Obieh Masoud Mehrabi Koushki, Konstantin Beznosov, “Trust, Privacy, and Safety Factors Associated with Decision Making in P2P Markets Based on Social Networks: A Case Study of Facebook Marketplace in USA and Canada,” Proceedings of the 2024 CHI Conference on Human Factors in Computing Systems.
Download this file to learn more about this research.
Download this video to learn more about this research.
Co-researcher
Abstract: This study systematizes and contextualizes the existing body of knowledge on technology's dual nature regarding sexual abuse: facilitator of it and assistant to its prevention, reporting, and restriction. By reviewing 224 research papers, we identified 10 characteristics of technology that facilitate sexual abuse: covertness, publicness, anonymity, evolution, boundlessness, reproducibility, accessibility, indispensability, malleability, and opaqueness. We also analyzed how technology assists victims and other stakeholders in coping with and responding to sexual abuse. Our research questions examined the challenges in using technology to address sexual abuse too. For instance, its use by victims can lead to revictimization. To address technology's challenges, we offer recommendations and suggest new research directions. These findings of the dual nature of technology can inform research and development toward better support for victims of sexual abuse.
You can find more information in the paper:
Borke Obada-Obieh, Yue Huang (LinkedIn), Lucrezia Spagnolo, Konstantin Beznosov, “SoK: The Dual Nature of Technology in Sexual Abuse,” Proceedings of 2022 IEEE Symposium on Security and Privacy (SP)
Watch this YouTube video to learn more about this research.
Co-researcher
Abstract: The incumbent all-or-nothing model of access control on smartphones has been known to dissatisfy users, due to high overhead (both cognitive and physical) and lack of device-sharing support. Several alternative models have been proposed. However, their efficacy has not been evaluated and compared empirically, due to a lack of detailed quantitative data on users' authorization needs. This paper bridges this gap with a 30-day diary study. We probed a near-representative sample (N = 55) of US smartphone users to gather a comprehensive list of tasks they perform on their phones and their authorization needs for each task. Using this data, we quantify, for the first time, the efficacy of the all-or-nothing model, demonstrating frequent unnecessary or missed interventions (false positive rate (FPR) = 90%, false-negative rate (FNR) = 21%). In comparison, we show that app- or task-level models can improve the FPR up to 88% and the FNR up to 20%, albeit with a modest (up to 15%) increase in required upfront configuration. We also demonstrate that the context in which phone sharing happens is consistent up to 75% of the time, showing promise for context-based solutions.
You can find more information in the paper:
Masoud Mehrabi Koushki, Yue Huang (LinkedIn), Julia Rubin, Konstantin Beznosov “Neither Access nor Control: A Longitudinal Investigation of the Efficacy of User {Access-Control} Solutions on Smartphones,” 31st USENIX Security Symposium (USENIX Security 22)
Watch this YouTube video to learn more about this research.
Co-researcher
Abstract: The availability of voice-user interfaces (VUIs) has grown dramatically in recent years. As more capable systems invite higher expectations, the conversational interactions that VUIs support introduces ambiguity in accountability: a user’s or system’s obligation or willingness to be responsible for the outcome of user-delegated tasks. When misconstrued, the impact ranges from inconvenience to deadly harm. This project explores how users’ accountability perceptions and expectations can be managed in voice interaction with smart home appliances. To explore links between the degree of automation, system accountability, and user satisfaction, we identified key design factors for VUI design through an exploratory study, articulated them in video prototypes of four new VUI mechanisms showing a user commanding an advanced appliance and encountering a problem, and deployed them in a second study.
You can find more information in the paper:
Soheil Kianzad, Yelim Kim, Julia Ann Barakso Lindsay, Yue Huang (LinkedIn), Julian Benavides Benavides, Rock Leung, Karon E MacLean, “Accountability-Aware Design of Voice User Interfaces for Home Appliances,” Graphics Interface 2021
Watch this YouTube video to learn more about this research.
Co-researcher
Image credit: https://www.reuters.com/technology/cryptocurrencies-selloff-widens-bitcoin-down-nearly-4-ether-6-2021-09-07/
Abstract: Bitcoin, although it accounts for over 35% of the market cap, is not the only popular currency any longer. According to publicly available Blockchain explorers, Ripple and Ethereum have over three times the amount of transactions Bitcoin has. One can therefore not simply dismiss other existing currencies, as it is currently the case in research. Cryptocurrencies are also used for different use cases and often have distinct features that are directly reflected in the users' behavior. This research project has therefore the goal to shed light on the different security mechanisms users apply when handling their cryptocurrencies and while interacting with the Blockchain.
You can find more information in the paper:
Artemij Voskobojnikov, Borke Obada-Obieh, Yue Huang (LinkedIn), Konstantin Beznosov, “Surviving the cryptojungle: Perception and management of risk among North American cryptocurrency (non) users” International Conference on Financial Cryptography and Data Security.
Watch this YouTube video to learn more about this research.