COMP 150-4: Human Factors in Security and Privacy

Note All topics for future dates are tentative.

Date	Topic	Readings/Assignments
Week 1
02/02	Introductions and Course Overview
02/04	Human Factors in Security and Privacy Overview	Required Reading: Zurko, Mary Ellen, and Richard T. Simon. User-centered security. NSPW. Vol. 96. 1996. Anne Adams and Martina Angela Sasse. 1999. Users are not the enemy. Commun. ACM 42, 12 (December 1999), 40-46. Optional Reading: Robert Morris and Ken Thompson. Password Security: A Case History. Commun. ACM 22, 11 (November 1979), 594-597. Textbook Reading: Lazar et al. Chapter 1: Introduction to HCI Research
Week 2
02/09	HCI Methods Overview and Validity	Required Reading: (interview) Ruba Abu-Salma, M. Angela Sasse, Joseph Bonneau, Anastasia Danilova, Alena Naiakshina, Matthew Smith. Obstacles to the Adoption of Secure Communication Tools. In Proceedings of IEEE SP 2017. (diary) Manya Sleeper, Rebecca Balebako, Sauvik Das, Amber McConahy, Jason Wiese, Lorrie Faith Cranor. The Post that Wasn't: Exploring Self-Censorship on Facebook. In Proceedings of CSCW 2013. Optional Reading: (how-to for qual analysis) Moira Maguire and Brid Delahunt. Doing a thematic analysis: A practical, step-by-step guide for learning and teaching scholars. (mixed-methods) Yang Wang, Saranga Komanduri, Pedro Giovanni Leon, Gregory Norcie, Alessandro Acquisti, and Lorrie Faith Cranor. "I regretted the minute I pressed share":A Qualitative Study of Regrets on Facebook. In Proceedings of SOUPS '11. (mixed-method) Lerner, Ada, Eric Zeng, and Franziska Roesner. Confidante: Usable encrypted email: A case study with lawyers and journalists. 2017 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 2017. (interview) Rick Wash. Folk Models of Home Computer Security. SOUPS 2010. (focus group/grounded-theory) Alexandra Mai, Katharina Pfeffer, Edgar Weippl, Katharina Krombholz. User Mental Models of Cryptocurrency Systems - A Grounded Theory Approach. SOUPS 2020. Textbook Reading: Lazer et al. Chapter 6: Diaries Lazer et al. Chapter 8: Interviews and Focus Groups Lazer et al. Chapter 11: Analyzing Qualitative Data Due: Homework 0
02/11	Qualitative Methods	Required Reading: Elissa M. Redmiles, Sean Kross, and Michelle L. Mazurek. How I Learned to be Secure: a Census-Representative Survey of Security Advice Sources and Behavior. In Proceedings of ACM CCS, 2016. Elissa M. Redmiles, Yasemin Acar, Sascha Fahl, and Michelle L. Mazurek. A Summary of Survey Methodology Best Practices for Security and Privacy Researchers. 2017. Optional Reading: Kumaraguru, Ponnurangam, Steve Sheng, Alessandro Acquisti, Lorrie Faith Cranor, and Jason Hong. Lessons from a real world evaluation of anti-phishing training. In 2008 eCrime Researchers Summit, pp. 1-12. IEEE, 2008. Redmiles, Elissa M., Sean Kross, and Michelle L. Mazurek. How well do my results generalize? Comparing security and privacy survey results from MTurk, web, and telephone samples. In 2019 IEEE Symposium on Security and Privacy. Kang, Ruogu, et al. Privacy attitudes of Mechanical Turk workers and the US public. Symposium on Usable Privacy and Security (SOUPS). 2014. Mazurek, Michelle L., et al. Measuring password guessability for an entire university. Proceedings of ACM CCS, 2013. Textbook: Lazer et al. Chapter 5: Surveys
Week 3
02/16	Presidents' Day (No Class)
02/18	Usable Encryption	Required Reading: James Mickens. This World of Ours. USENIX ;login:, January 2014. Alma Whitten and J.D. Tygar. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. In Proceedings of USENIX Security 1999 Optional Reading: Scott Ruoti, Jeff Andersen, Tyler Monson, Daniel Zappala, and Kent Seamons. A Comparative Usability Study of Key Management in Secure Email. In proceedings of 2018 SOUPS (SOUPS'18). Scott Ruoti, Jeff Andersen, Scott Heidbrink, Mark O'Neill, Elham Vaziripour, Justin Wu, Daniel Zappala, and Kent Seamons. "We're on the Same Page": A Usability Study of Secure Email Using Pairs of Novice Users. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (CHI '16).
Week 4
02/23	Usable Encryption (Continued) + Pitch Day!	Required Reading: Ruba Abu-Salma, M. Angela Sasse, Joseph Bonneau, Anastasia Danilova, Alena Naiakshina, and Matthew Smith. Obstacles to the Adoption of Secure Communication Tools. In proceedings of 2017 IEEE S&P (S&P '17). Wei Bai, Doowon Kim, Moses Namara, Yichen Qian, Patrick Gage Kelley, and Michelle L. Mazurek. An Inconvenient Trust: User Attitudes Toward Security and Usability Tradeoffs for Key-Directory Encryption Systems. In Proceedings of the 2016 USENIX Symposium on Usable Privacy and Security (SOUPS '16). Optional Reading: Wenley Tong, Sebastian Gold, Samuel Gichohi, Mihai Roman, and Jonathan Frankle. Why King George III Can Encrypt. Joshua Tan, Lujo Bauer, Joseph Bonneau, Lorrie Faith Cranor, Jeremy Thomas, and Blase Ur. Can Unicorns Help Users Compare Crypto Key Fingerprints?. In Proceedings of the 2017 ACM Conference on Human Factors in Computer Systems (CHI '17). Adrienne Porter Felt, Robert W. Reeder, Alex Ainslie, Helen Harris, Max Walker, Christopher Thompson, Mustafa Embre Acar, Elisabeth Morant, and Sunny Consolvo.Rethinking Connection Security Indicators. In Proceedings of the 2016 Symposium on Usable Security and Privacy (SOUPS '16). Elham Vaziripour, Devon Howard, Jake Tyler, Mark O'Neill, Justin Wu, Kent Seamons, and Daniel ZappalaI Don't Even Have to Bother Them!: Using Social Media to Automate the Authentication Ceremony in Secure Messaging. In Proceedings of the 2019 ACM Conference on Human Factors in Computer Systems (CHI '19). Due: Homework 1
02/25	Quantitative Methods	Required Reading: Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle Mazurek, Christian Stransky. You Get Where You're Looking For - The Impact of Information Sources on Code Security. In Proceedings of the 2016 IEEE Symposium on Seucirty and Privacy (S&P '16). Textbook: Lazar et al. Chapter 2: Experimental Design Lazer et al. Chapter 3: Experimental Research
Week 5
03/02	Quantitative Methods (Continued)
03/04	Ethics	Required Reading: Tom Jagatic, Nathaniel Johnson, Markus Jakobsson, and Filippo Menczer. Social Phishing. Communications of the ACM 50(10), pp. 94-100, 2007. Narayanan, A., & Zevenbergen, B. No Encore for Encore? Ethical questions for web-based censorship measurement. SSRN. 2015. Vitak, J., Shilton, K., & Ashktorab, Z. Beyond the Belmont principles: Ethical challenges, practices, and beliefs in the online data research community. In ACM CSCW, 2016. Optional Reading: The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research. Departmnet of Homeland Security. 2012. Casey Fiesler and Nicholas Proferes. “Participant” Perceptions of Twitter Research Ethics. Social Media and Society. 2018. Adam D. I. Kramer, Jamie E. Guillory, and Jeffrey T. Hancock. Experimental evidence of massive-scale emotional contagion through social networks. PNAS. 2014. Stuart E. Schechter, Rachna Dhamija, Andy Ozment, Ian Fischer. The Emperor's New Security Indicators: An Evaluation of Website Authentication and the Effect of Role Playing on Usability Studies. In Proceedings of IEEE SP 2007. Tarun Parwani, Ramin Kholoussi, and Panagiotis Karras. How to hack into Facebook without being a hacker. In Second International Workshop on Privacy and Security in Online Media (PSOSM). 2013. Sam Burnett, Nick Feamster. Encore: Lightweight Measurement of Web Censorship with Cross-Origin Requests. In ACM SIGCOMM, 2015. Simson L. Garfinkel. IRBs and Security Research: Myths, Facts, and Mission Creep. Naval Postgraduate School. 2008. Vitak, J., Proferes, N., Shilton, K., & Ashktorab, Z. Ethics Regulation in Social Computing Research: Examining the Role of Institutional Review Boards. Journal of Empirical Research on Human Research Ethics, 12(5), 372-382. 2017. Huahong Tu, Adam Doupé, Ziming Zhao,Gail-Joon Ahn. Users Really Do Answer Telephone Scams. In proceedings of USENIX Security, 2019. Cristian Bravo-Lillo, Serge Egelman, Cormac Herley, Stuart Schechter, and Janice Tsai. You needn’t build that: Reusable ethics-compliance infrastructure for human subjects research. In Cyber-security Research Ethics Dialog & Strategy Workshop. 2013.
Week 6
03/09	Passwords	Required Reading: Joseph Bonneau. The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords. In Proceedings of IEEE SP 2012. Michelle L. Mazurek, Saranga Komanduri, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Patrick Gage Kelley, Richard Shay, Blase Ur. Measuring Password Guessability for an Entire University. In Proceedings of CCS 2013. Blase Ur, Felicia Alfieri, Maung Aung, Lujo Bauer, Nicolas Christin, Jessica Colnago, Lorrie Faith Cranor, Henry Dixon, Pardis Emami Naeini, Hana Habib, Noah Johnson, and William Melicher.Design and Evaluations of a Data-Driven Password Meter. In Proceedings of the 2017 ACM Conference on Human Factors in Computer Systems (CHI '17). Optional Reading: Blase Ur, Fumiko Noma, Jonathan Bees, Sean M. Segreti, Richard Shay, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor. "I Added '!' at the End to Make It Secure": Observing Password Creation in the Lab. In the proceedings of SOUPS 2015. Rick Wash, Emilee Rader, Ruthie Berman, and Zac Wellmer. Understanding Password Choices: How Frequently Entered Passwords are Re-used Across Websites. In Proceedings of the SOUPS 2016. Joshua Tan, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. Practical Recommendations for Stronger, More Usable Passwords Combining Minimum-strength, Minimum-length, and Blocklist Requirements. In Proceedings of the 2020 ACM Conference on Computer and Communications Security (CCS '20). Sarah Pearman, Shikun Aerin Zhang, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. Why people (don’t) use password managers effectively. SOUPS 2019. Sanam Ghorbani Lyastani, Michael Schilling, Sascha Fahl, Michael Backes and Sven Bugiel. Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse. In proceedings of SOUPS 2018. Due: Initial Project Proposals
03/11	Mobile Authentication	Required Reading: Adam J. Aviv, Devon Budzitowski, and Ravi Kuber. 2015. Is Bigger Better? Comparing User-Generated Passwords on 3x3 vs. 4x4 Grid Sizes for Android's Pattern Unlock. In Proceedings of ACSAC 2015. P. Markert, D. V. Bailey, M. Golla, M. Duermuth, and A. J. Aviv. This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs. IEEE Symposium on Security and Privacy. May 2020. Optional Reading: Serge Egelman, Sakshi Jain, Rebecca S. Portnoff, Kerwell Liao, Sunny Consolvo, and David Wagner. 2014. Are You Ready to Lock? Understanding User Motivations for Smartphone Locking Behaviors. In Proceedings of CCS 2014. Yusuf Albayram, Mohammad Maifi Hasan Khan, Theodore Jensen, and Nhan Nguyen. "...better to use a lock screen than to worry about saving a few seconds of time": Effect of Fear Appeal in the Context of Smartphone Locking Behavior. In proceedings of SOUPS 2017.
Week 7
03/16	Phising and Security Training	Required Reading: Rick Wash and Molly M. Cooper. Who Provides Phishing Training? Facts, Stories, and People Like Me. In Proceedings of CHI 2018. Kanich, C., Kreibich, C., Levchenko, K., Enright, B., Voelker, G. M., Paxson, V., & Savage, S. Spamalytics: An empirical analysis of spam marketing conversion. In Proceedings of the CCS. 2008. Optional Reading: Amber van der Heijden and Luca Allodi. Cognitive Triaging of Phishing Attacks. In proceedings of USENIX Sec' 2019. Huahong Tu, Adam Doupé, Ziming Zhao,Gail-Joon Ahn. Users Really Do Answer Telephone Scams. In proceedings of USENIX Sec' 2019.
03/18	Privacy	Required Reading: Daniel Solove. 'I've Got Nothing to Hide' and Other Misunderstandings of Privacy. San Diego Law Review 44, 2007. Allison Woodruff, Vasyl Pihur, Alessandro Acquisti, Sunny Consolvo, Lauren Schmidt, Laura Brandimarte. Would a Privacy Fundamentalist Sell Their DNA for $1000... If Nothing Bad Happened Thereafter? A Study of the Westin Categories, Behavioral Intentions, and Consequences. In Proceedings of SOUPS 2014. Optional Reading: Nithya Sambasivan, Garen Checkley, Amna Batool, Nova Ahmed, David Nemer, Laura Sanely Gaytán-Lugo, Tara Matthews, Sunny Consolvo, Elizabeth Churchill. "Privacy is not for me, it's for those rich women": Performative Privacy Practices on Mobile Phones by Women in South Asia. In Proceedings of SOUPS 2018. Pardis Emami-Naeini, Yuvraj Agarwal, Lorrie Cranor, and Henry Dixon. Exploring How Privacy and Security Factor into IoT Device Purchase Behavior. CHI ’19.
03/19		Due: Updated Project Proposals
Week 8
03/23	Permissions	Required Reading Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, and David Wagner. 2012. Android permissions: user attention, comprehension, and behavior. In Proceedings of the Eighth Symposium on Usable Privacy and Security (SOUPS '12). Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David A. Wagner. Android permissions demystified. ACM Conference on Computer and Communications Security 2011. Primal Wijesekera, Arjun Baokar, Ashkan Hosseini, Serge Egelman, David A. Wagner, Konstantin Beznosov. Android Permissions Remystified: A Field Study on Contextual Integrity. In proceedings USENIX Security Symposium 2015. Optional Reading: Hazim Almuhimedi, Florian Schaub, Norman Sadeh, Idris Adjerid, Alessandro Acquisti, Joshua Gluck, Lorrie Faith Cranor, and Yuvraj Agarwal. 2015. Your Location has been Shared 5,398 Times!: A Field Study on Mobile App Privacy Nudging. In Proceedings of the 2015 ACM Conference on Human Factors in Computing Systems (CHI '15). Joel Reardon, Álvaro Feal, Primal Wijesekera, Amit Elazari Bar On, Narseo Vallina-Rodriguez, Serge Egelmanc. 50 Ways to Leak Your Data: An Exploration of Apps' Circumvention of the Android Permissions System. In Proceedings of USENIX Security 2019. Kristopher Micinski, Daniel Votipka, Rock Stevens, Nikolas Kofinas, Michelle L. Mazurek, and Jeffrey S. Foster. User Interactions and Permission Use on Android. In Proceedings of the 2017 ACM Conference on Human Factors in Computer Systems (CHI '17). Due: IRB Application IRB Application Form Informed Consent Template Submission Link
03/25	Spring Break (No Class)	Due: Homework 2
Week 9
03/30	Lightning Talks! -- 3 minute presentations about your project
04/01	Security Warnings	Required Reading: Devdatta Akhawe and Adrienne Porter Felt. Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness. In Proceedings of USENIX Security 2013. Adrienne Porter Felt, Robert W. Reeder, Alex Ainslie, Helen Harris, Max Walker, Christopher Thompson, Mustafa Emre Acer, Elisabeth Morant, Sunny Consolvo. Rethinking Connection Security Indicators. In Proceedings of SOUPS 2016. Due: Homework 3.1
Week 10
04/06	Online Tracking	Required Reading: What is GDPR, the EU's new data protection law? Martin Degeling, Christine Utz, Christopher Lentzsch, Henry Hosseini, Florian Schaub, and Thorsten Holz. We Value Your Privacy ... Now Take Some Cookies:Measuring the GDPR’s Impact on Web Privacy. In NDSS'19. Florian Schaub,Rebecca Balebako,Adam L. Durity,Lorrie Faith Cranor. A Design Space for Effective Privacy Notices. SOUPS 2015. Optional Reading: Hana Habib, Yixin Zou, Aditi Jannu, Neha Sridhar, Chelse Swoopes, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, Florian Schaub. An Empirical Analysis of Data Deletion and Opt-Out Choices on 150 Websites. SOUPS 2019. Christine Utz, Martin Degeling, Sascha Fahl, Florian Schaub, Thorsten Holz. (Un)informed Consent: Studying GDPR Consent Notices in the Field. Proceedings CCS'19.
04/08	Breach Notifications	Required Reading: Yixin Zou, Shawn Danino, Kaiwen Sun, and Florian Schaub. 2019. You `Might' Be Affected: An Empirical Analysis of Readability and Usability Issues in Data Breach Notifications. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems (CHI '19). Frank Li, Zakir Durumeric, Jakub Czyz, Mohammad Karami, Michael Bailey, Damon McCoy, Stefan Savage, and Vern Paxon. You've Got Vulnerability: Exploring Effective Vulnerability Notifications. In Proceedings of the 2016 USENIX Security Symposium (USENIX Sec '16). Optional Reading: Jun Ho Huh, Hyoungshick Kim, Swathi S.V.P. Rayala, Rakesh B. Bobba, and Konstantin Beznosov. 2017. I'm too Busy to Reset my LinkedIn Password: On the Effectiveness of Password Reset Emails. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (CHI '17).
Week 11
04/13	Developer Studies	Required Readings: Alena Naiakshina, Anastasia Danilova, Eva Gerlitz, Emanuel von Zezschwitz, Matthew Smith. "If you want, I can store the encrypted password": A Password-Storage Field Study with Freelance Developers. In Proceedings of the 2019 ACM Conference on Human Factors in Computer Systems (CHI '19). Matthew Green and Matthew Smith. Developers Are Not The Enemy! The need for usable security APIs. IEEE Transactions on Security and Privacy. Julie M. Haney, Mary F. Theofanos, Yasemin Acar, and Sandra Spickard Prettyamn. "We make it a big deal in the company": Security Mindsets in Organizations that Develop Cryptographic Products. In Proceedings of the 2018 USENIX Symposium on Usable Privacy and Security (SOUPS '18). Optional Readings: Michael Coblenz, Gauri Kambhatla, Paulette Koronkevich, Jenna L. Wise, Celeste Barnaby, Joshua Sunshine, Jonathan Aldrich, Brad A. Myers. PLIERS: A Process that Integrates User-Centered Methods into Programming Language Design. Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Matthew Smith. Deception Task Design in Developer Password Studies: Exploring a Student Sample. SOUPS 2018 Felix Fischer, Konstantin Böttinger, Huang Xiao, Christian Stransky, Yasemin Acar, Michael Backes, Sascha Fahl. Stack Overflow Considered Harmful? The Impact of Copy & Paste on Android Application Security. In Proceedings of the 2017 IEEE Symposium on Seucirty and Privacy (S&P '17). Peter Leo Gorski, Luigi Lo Iacono, Dominik Wermke, Christian Stransky, Sebastian Möller, Yasemin Acar, Sascha Fahl. Developers Deserve Security Warnings, Too: On the Effect of Integrated Security Advice on Cryptographic API Misuse. SOUPS 2018. Daniel Votipka, Kelsey R. Fulton, James Parker, Matthew Hou, Michelle L. Mazurek, Michael Hicks. Understanding security mistakes developers make: Qualitative analysis from Build It, Break It, Fix It. USENIX Security Symposium 2020.
04/15	Other Security Professionals	Required Reading Khaled Yakdan, Sergej Dechand, Elmar Gerhards-Padilla, and Matthew Smith. Helping Johnny to Analyze Malware: A Usability-Optimized Decompiler and Malware Analysis User Study. In Proceedings of the 2016 IEEE Symposium on Security and Privacy (S&P '16). Yan Shoshitaishvili, Michael Weissbacher, Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, and Giovanni Vigna. Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance In Proceedings of the 2017 ACM Conference on Computer and Communications Security (CCS '17). Rock Stevens, Daniel Votipka, Elissa M. Redmiles, Colin Ahern, Patrick Sweeney, and Michelle L. Mazurek. The Battle for New York: A Case Study of Applied Digital Threat Modeling at the Enterprise Level. In Proceedings of the 2018 USENIX Security Symposium (USENIX Sec '18). Optional reading: Daniel Votipka, Seth M. Rabin, Kristopher Micinski, Jeffrey S. Foster, and Michelle L. Mazurek. An Observational Investigation of Reverse Engineers’ Processes. In Proceedings of the 2020 USENIX Security Symposium (USENIX Sec '20). Faris Bugra Kokulu, Ananta Soneji, Tiffany Bao, Yan Shoshitaishvili, Ziming Zhao, Adam Doupe, and Gail-Joon Ahn. Matched and Mismatched SOCs: A Qualitative Study on Security Operations Center Issues. In Proceedings of the 2019 ACM Conference on Computer and Communications Security (CCS '19). Due: Homework 3.2-5
Week 12
04/20	Vulnerable Populations	Required Readings: Susan E. McGregor, Elizabeth Anne Watkins, Mahdi Nasrullah Al-Ameen, Kelly Caine, Franziska Roesner. When the Weakest Link is Strong: Secure Collaboration in the Case of the Panama Papers. In Proceedings of USENIX Security 2017. Tamy Guberek, Allison McDonald, Sylvia Simioni, Abraham H Mhaidli, Kentaro Toyama, Florian Schaub. Keeping a Low Profile? Technology, Risk and Privacy among Undocumented Immigrants. In Proceedings of CHI 2018. Diana Freed, Jackeline Palmer, Diana Minchala, Karen Levy, Thomas Ristenpart, and Nicola Dell. "A Stalker's Paradise": How Intimate Partners Abuse Technology. In proceedings of CHI'18. Optional Readings: Christine Chen, Nicola Dell, and Franziska Roesner. Computer Security and Privacy in the Interactions Between Victim Service Providers and Human Trafficking Survivors. In proceedings of USENIX Security 2019. Cheul Young Park, Cori Faklaris, Siyan Zhao, Alex Sciuto, Laura Dabbish, and Jason Hong. Share and Share Alike? An Exploration of Secure Behaviors in Romantic Relationships. In Proceedings of the 2018 USENIX Symposium on Usable Privacy and Security (SOUPS '1)8.
04/22	Vulnerable Populations (Continued)	Required Reading: Emily Tseng, Rosanna Bellini, Nora McDonald, Matan Danos, Rachel Greenstadt, Damon McCoy, Nicola Dell and Thomas Ristenpart. The Tools and Tactics Used in Intimate Partner Surveillance: An Analysis of Online Infidelity Forums. In proceedings of USENIX Security 2020. Tara Matthews, Kathleen O'Leary, Anna Turner, Manya Sleeper, Jill Palzkill Woelfer, Martin Shelton, Cori Manthorne, Elizabeth F. Churchill, and Sunny Consolvo. Stories from Survivors: Privacy & Security Practices when Coping with Intimate Partner Abuse In Proceedings of the 2017 ACM Conference on Human Factors in Computing Systems (CHI '17). Kurt Thomas, Devdatta Akhawe, Michael Bailey, Dan Boneh, Elie Bursztein, Sunny Consolvo, Nicola Dell, Zakir Durumeric, Patrick Gage Kelley, Deepak Kumar, Damon McCoy, Sarah Meiklejohn, Thomas Ristenpart, and Gianluca Stringhini. SoK: Hate, Harassment, and the Changing Landscape of Online Abuse. In Proceedings of the 2021 IEEE Symposium on Security and Privacy (S&P '21). Due: Homework 4
Week 13
04/27	Accessibility	Required Reading: Tousif Ahmed, Patrick Shaffer, Kay Connelly, David Crandall, Apu Kapadia. Addressing Physical Safety, Security, and Privacy for People with Visual Impairments. In Proceedings of SOUPS 2016. Jake Reichel, Fleming Peck, Mikako Inaba, Bisrat Moges, Brahmnoor Singh Chawla, and Marshini Chetty. 'I have too much respect for my elders': Understanding South African Mobile Users' Perceptions of Privacy and Current Behaviors on Facebook and WhatsApp. In Proceedings of the 2020 USENIX Security Symposium (USENIX Sec '20). Ogbonnaya-Ogburu, Ihudiya Finda, Angela DR Smith, Alexandra To, and Kentaro Toyama. Critical Race Theory for HCI. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, pp. 1-16. 2020. Optional Readings: Alisa Frik, Leysan Nurgalieva, Julia Bernd, Joyce S. Lee, Florian Schaub, Serge Egelman. Privacy and Security Threat Models and Mitigation Strategies of Older Adults. In proceedings of SOUPS 2019. Taslima Akter, Bryan Dosono, Tousif Ahmed, Apu Kapadia, and Bryan Semaan. "I am uncomfortable sharing what I can't see": Privacy Concerns of the Visually Impaired with Camera Based Assistive Applications. In the proceedings of USENIX Security 2020. Bryan Dosono, Jordan Hayes, Yang Wang. "I'm Stuck!": A Contextual Inquiry of People with Visual Impairments in Authentication. In Proceedings of SOUPS 2015. Hirak Ray, Flynn Wolf, Ravi Kuber, Adam J. Aviv. Why Older Adults (Don't) Use Password Managers. In the proceedings of the 2021 USENIX Security Symposium. Aug. 2021. Valerie Fanelle, Sepideh Karimi, Aditi Shah, Bharath Subramanian, and Sauvik Das. Blind and Human: Exploring More Usable Audio CAPTCHA Designs. SOUPS 2020.
04/29	Project Presentations
Week 14
05/04	Project Presentations
05/14	Final project reports due (submission link)