Using personal examples to improve risk communication for security and privacy decisions

Conference on Human Factors in Computing Systems - Proceedings

Volumn , Issue , 2014, Pages 2647-2656

  Harbach, Marian ^a   Hettig, Markus ^a   Weber, Susanne ^a   Smith, Matthew ^a  

^a LEIBNIZ UNIVERSITY HANNOVER   (Germany)

Author keywords

Android; Consequences; Examples; Permissions; Personalization; Privacy; Risks; Usable Security

Indexed keywords

DATA PRIVACY; HUMAN ENGINEERING; RISKS; ROBOTS; SECURITY OF DATA; SECURITY SYSTEMS;

ANDROID; CONSEQUENCES; EXAMPLES; PERMISSIONS; PERSONALIZATIONS; USABLE SECURITY;

COMPUTER PRIVACY;

EID: 84900411644     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2556288.2556978     Document Type: Conference Paper

References (25)

1. Au, K. W. Y., Zhou, Y. F., Huang, Z., and Lie, D. PScout: Analyzing the Android Permission Specification. In Proc. CCS (2012)
2. Besmer, A., Lipford, H. R., Shehab, M., and Cheek, G. Social Applications: Exploring A More Secure Framework. In Proc. SOUPS (2009)
3. Blackwell, A. F., Church, L., and Green, T. The Abstract is 'an Enemy'. In Proc. Psychology of Programming Interest Group (PPIG) Workshop (2008)
4. Bravo-Lillo, C., Cranor, L., Downs, J., and Komanduri, S. What Is Still Wrong With Security Warnings: A Mental Models Approach. In Proc. SOUPS (2010)
5. Bravo-Lillo, C., Cranor, L., Downs, J., and Komanduri, S. Bridging the Gap in Computer Security Warnings: A Mental Model Approach. Security Privacy, IEEE 9, 2 (2011), 18-26
6. Bravo-Lillo, C., Cranor, L. F., Downs, J., Komanduri, S., Reeder, R. W., Schechter, S., and Sleeper, M. Your Attention Please: Designing Security-Decision UIs to Make Genuine Risks Harder to Ignore. In Proc. SOUPS (2013)
7. Bravo-Lillo, C., Cranor, L. F., Downs, J., Komanduri, S., and Sleeper, M. Improving Computer Security Dialogs. In Proc. INTERACT (2011)
8. Cranor, L. A Framework for Reasoning About the Human in the Loop. UPSEC (2008)
9. De Paula, R., Ding, X., Dourish, P., Nies, K., Pillet, B., Redmiles, D., Ren, J., Rode, J., et al. Two Experiences Designing for Effective Security. In Proc. SOUPS (2005)
10. Egelman, S. My Profile Is My Password, Verify Me! The Privacy/Convenience Tradeoff of Facebook Connect. In Proc. CHI (2013)
11. Egelman, S., Cranor, L. F., and Hong, J. You've Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings. In Proc. CHI (2008)
12. Felt, A. P., Chin, E., Hanna, S., and Wagner, D. Android Permissions Demystified. In Proc. CCS (2011)
13. Felt, A. P., Ha, E., Egelman, S., Haney, A., Chin, E., and Wagner, D. Android Permissions: User Attention, Comprehension, and Behavior. In Proc. SOUPS (2012)
14. Harbach, M., Fahl, S., Yakovleva, P., and Smith, M. Sorry, I Don't Get It: An Analysis of Warning Message Texts. In Proc USEC (2013)
15. Hayashi, E., Riva, O., Strauss, K., Brush, A. J. B., and Schechter, S. Goldilocks and the Two Mobile Devices: Going Beyond All-Or-Nothing Access to a Device's Applications. In Proc. SOUPS (2012)
16. Inglesant, P., Sasse, M. A., Chadwick, D., and Shi, L. L. Expressions of Expertness. In Proc. SOUPS (2008)
17. Karat, C.-M., Karat, J., Brodie, C., and Feng, J. Evaluating Interfaces for Privacy Policy Rule Authoring. In Proc. CHI (2006)
18. Kelley, P. G., Cranor, L. F., and Sadeh, N. Privacy as Part of the App Decision-Making Process. In Proc. CHI (2013)
19. Kumaraguru, P., and Cranor, L. F. Privacy indexes: A Survey of Westin's Studies. Tech. Rep. CMU-ISRI-5-138, Carnegie Mellon University, 2005
20. Pandita, R., Xiao, X., Yang, W., Enck, W., and Xie, T. WHYPER: Towards Automating Risk Assessment of Mobile Applications. In Proc. USENIX Security Symposium (2013)
21. Rader, E., Wash, R., and Brooks, B. Stories as Informal Lessons About Security. In Proc. SOUPS (2012)
22. Raja, F., Hawkey, K., Hsu, S., Wang, K., and Beznosov, K. A Brick Wall, a Locked Door, and a Bandit: A Physical Security Metaphor for Firewall Warnings. In Proc. SOUPS (2011)
23. Sunshine, J., Egelman, S., Almuhimedi, H., Atri, N., and Cranor, L. F. Crying Wolf: An Empirical Study of SSL Warning Effectiveness. In Proc. USENIX Security Symposium (2009)
24. Wogalter, M., Dejoy, D. M., and Laughery, K. R. A Consolidated Communication-Human Information Processing (C-HIP) Model. Warnings and Risk Communication (1999), 15-23
25. Wogalter, M. S., Racicot, B. M., Kalsher, M. J., and Noel Simpson, S. Personalization of Warning Signs: The Role of Perceived Relevance on Behavioral Compliance. International Journal of Industrial Ergonomics 14, 3 (1994).