About
83
Publications
15,160
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,923
Citations
Introduction
Skills and Expertise
Publications
Publications (83)
The behavior of the least-secure user can influence security and privacy outcomes for everyone else. Thus, it is important to understand the factors that influence the security and privacy of a broad variety of people. Prior work has suggested that users with differing socioeconomic status (SES) may behave differently; however, no research has exam...
International development banks provide low-interest loans to developing countries in an effort to stimulate social and economic development. These loans support key infrastructure projects including the building of roads, schools, and hospitals. However, despite the best efforts of development banks, these loan funds are often lost to fraud, corru...
Given a source image of a clothed person (an image subject), AI-based nudification applications can produce nude (undressed) images of that person. Moreover, not only do such applications exist, but there is ample evidence of the use of such applications in the real world and without the consent of an image subject. Still, despite the growing aware...
People are increasingly introduced to each other offline thanks to online platforms that make algorithmically-mediated introductions between their users. Such platforms include dating apps (e.g., Tinder) and in-person gig work websites (e.g., TaskRabbit, Care.com). Protecting the users of these online-offline systems requires answering calls from p...
Differential privacy is a popular privacy-enhancing technology that has been deployed both in industry and government agencies. Unfortunately, existing explanations of differential privacy fail to set accurate privacy expectations for data subjects, which depend on the choice of deployment model. We design and evaluate new explanations of different...
Recent breakthroughs in generative AI (GenAI) have fueled debates concerning the status of AI-generated creations under copyright law. This research investigates laypeople's perceptions ($N$ = 424) of AI-generated art concerning factors associated with copyright protection. Inspired by prior work suggesting that people show egocentric biases when e...
Voluntary donation of private information for altruistic purposes, such as advancing research, is common. However, concerns about data misuse and leakage may deter individuals from donating their information. While prior research has indicated that Privacy Enhancement Technologies (PETs) can alleviate these concerns, the extent to which these techn...
AI technology has enabled the creation of deepfakes: hyper-realistic synthetic media. We surveyed 315 individuals in the U.S. on their views regarding the hypothetical non-consensual creation of deepfakes depicting them, including deepfakes portraying sexual acts. Respondents indicated strong opposition to creating and, even more so, sharing non-co...
Despite recent widespread deployment of differential privacy, relatively little is known about what users think of differential privacy. In this work, we seek to explore users' privacy expectations related to differential privacy. Specifically, we investigate (1) whether users care about the protections afforded by differential privacy, and (2) whe...
Targeted advertising remains an important part of the free web browsing experience, where advertisers' targeting and personalization algorithms together find the most relevant audience for millions of ads every day. However, given the wide use of advertising, this also enables using ads as a vehicle for problematic content, such as scams or clickba...
Researchers use information about the amount of time people spend on digital media for a variety of purposes including to understand impacts on physical and mental health as well as attention and learning. To measure time spent on digital media, participants' self-estimation is a common alternative method if the platform does not allow external acc...
Differential privacy (DP) is a mathematical privacy notion increasingly deployed across government and industry. With DP, privacy protections are probabilistic: they are bounded by the privacy budget parameter, $\epsilon$. Prior work in health and computational science finds that people struggle to reason about probabilistic risks. Yet, communicati...
Critical theory is an approach to research focused on acknowledging and dismantling power structures. In this piece, we illustrate the ways in which security and privacy research already takes a critical approach and offer directions for increasing the criticality of our work along new dimensions.
TikTok is a relatively novel and widely popular media platform. In response to its expanding user base and cultural impact, researchers are turning to study the platform; however, TikTok, like many social media platforms, restricts external access to data. Prior works have acquired data from scraping the platform, user self-reports, and from accoun...
Many countries developed and deployed contact tracing apps to reduce the spread of the COVID-19 coronavirus. Prior research explored people's intent to install these apps, which is necessary to ensure effectiveness. However, adopting contact tracing apps is not enough on its own, and much less is known about how people actually use these apps. Expl...
Digital intimacy, engaged in by sex workers, clients, and others who share intimate content recreationally, has significant security and privacy risks, exacerbated by stigma. We present a commercial digital intimacy threat model and 10 research directions for safer digital intimacy.
The sex industry exists on a continuum based on the degree of work autonomy present in one's labor conditions: a high degree of autonomy exists on one side of the continuum where certain independent sex workers have a great deal of agency, while much less autonomy exists on the other side, where sex is traded under conditions of human trafficking....
Workers from a variety of industries rapidly shifted to remote work at the onset of the COVID-19 pandemic. While existing work has examined the impact of this shift on office workers, little work has examined how shifting from in-person to online work affected workers in the informal labor sector. We examine the impact of shifting from in-person to...
Recent events have placed a renewed focus on the issue of racial justice in the United States and other countries. One dimension of this issue that has received considerable attention is the security and privacy threats and vulnerabilities faced by the communities of color. Our study focuses on community-level advocates who organize workshops, clin...
People’s privacy sentiments influence changes in legislation as well as technology design and use. While single-point-in-time investigations of privacy sentiment offer useful insight, study of people’s privacy sentiments over time is also necessary to better understand and anticipate evolving privacy attitudes. In this work, we build off of a 2019...
Misinformation can be easily spread with the click of a button, but can cause irreversible harm and negatively impact news consumers’ ability to discern false information. Some prior work suggests that older adults may engage with (read, share, or believe) misinformation at higher rates than others. However, engagement explanations vary. In an effo...
A breadth of literature has examined how gig workers use online forums. The past literature focuses primarily on how gig workers for mainstream corporate platforms leverage forums. Yet, marginalization, stigma, censorship, and criminalization all shape how people, including gig workers, use digital technology. In this work, we seek to take a first...
Social media platforms are increasingly considering models to incentivize creators to publish high quality content on their platforms. As a result, social media content creation has transformed into a form of gig work for some creators. In order to better design social media platforms to support this labor, we need to understand professional creato...
Workers from a variety of industries rapidly shifted to remote work at the onset of the COVID-19 pandemic. While existing work has examined the impact of this shift on office workers, little work has examined how shifting from in-person to online work affected workers in the informal labor sector. We examine the impact of shifting from in-person to...
The sex industry exists on a continuum based on the degree of work autonomy present in labor conditions: a high degree exists on one side of the continuum where independent sex workers have a great deal of agency, while much less autonomy exists on the other side, where sex is traded under conditions of human trafficking. Organizations across North...
Digital technologies, the data they collect, and the ways in which that data is used increasingly effect our psychological, social, economic, medical, and safety-related well-being. While technology can be used to improve our well-being on all of these axes, it can also perpetrate harm. Prior research has focused near exclusively on privacy as a pr...
Although end-to-end encryption (E2EE) is more widely available than ever before, many users remain confused about its security properties. As a result, even users with access to E2EE tools turn to less secure alternatives for sending private information. To investigate these issues, we conducted a 357-participant online user study analyzing how exp...
An increasing number of data-driven decision aids are being developed to provide humans with advice to improve decision-making around important issues such as personal health and criminal justice. For algorithmic systems to support human decision-making effectively, people must be willing to use them. Yet, prior work suggests that accuracy and priv...
People's privacy sentiments drive changes in legislation and may influence their willingness to use a variety of technologies. While single-point-in-time investigations of privacy sentiment offer useful insight, longitudinal study of people's privacy sentiments is necessary to better understand and anticipate evolving privacy attitudes. In this wor...
Despite recent widespread deployment of differential privacy, relatively little is known about what users think of differential privacy. In this work, we seek to explore users' privacy expectations related to differential privacy. Specifically, we investigate (1) whether users care about the protections afforded by differential privacy, and (2) whe...
Accurately analyzing and modeling online browsing behavior play a key role in understanding users and technology interactions. In this work, we design and conduct a user study to collect browsing data from 31 participants continuously for 14 days and self-reported browsing patterns. We combine self-reports and observational data to provide an up-to...
Misinformation on social media has become a critical problem, particularly during a public health pandemic. Most social platforms today rely on users’ voluntary reports to determine which news stories to fact-check first. Despite the importance, no prior work has explored the potential biases in such a reporting process. This work proposes a novel...
COVID-19 exposure-notification apps have struggled to gain adoption. Existing literature posits as potential causes of this low adoption: privacy concerns, insufficient data transparency, and the type of appeal used to pitch the pro-social behavior of installing the app. In a field experiment,we advertised CovidDefense, Louisiana's COVID-19 exposur...
How do people in a precarious profession leverage technology to grow their business and improve their quality of life? Sex workers sit at the intersection of multiple marginalized identities and makeup a sizeable workforce: the United Nations estimates that at least42 million sex workers are conducting business across the globe.Yet, little research...
Hundreds of millions of people learn something new online every day. Simultaneously, the study of online education has blossomed within the human computer interaction community, with new systems, experiments, and observations creating and exploring previously undiscovered online learning environments. In this study we endeavor to characterize this...
Hundreds of millions of people learn something new online every day. Simultaneously, the study of online education has blossomed within the human computer interaction community, with new systems, experiments, and observations creating and exploring previously undiscovered online learning environments. In this study we endeavor to characterize this...
The COVID-19 global pandemic led governments, health agencies, and technology companies to work on solutions to minimize the spread of the disease. One such solution concerns contact-tracing apps whose utility is tied to widespread adoption. Using survey data collected a few weeks into lockdown measures in the United States, we explore Americans’ w...
The growth of misinformation technology necessitates the need to identify fake videos. One approach to preventing the consumption of these fake videos is provenance which allows the user to authenticate media content to its original source. This research designs and investigates the use of provenance indicators to help users identify fake videos. W...
A growing number of contact tracing apps are being developed to complement manual contact tracing. A key question is whether users will be willing to adopt these contact tracing apps. In this work, we survey over 4,500 Americans to evaluate (1) the effect of both accuracy and privacy concerns on reported willingness to install COVID19 contact traci...
Algorithms are increasingly involved in making decisions that affect human lives. Prior work has explored how people believe algorithmic decisions should be made, but there is little understanding of which individual factors relate to variance in these beliefs across people. As an increasing emphasis is put on oversight boards and regulatory bodies...
Threat modeling, a structured process for identifying risks and developing mitigation strategies, has never been systematically evaluated in a real environment. Our case study at the New York City Cyber Command-the primary digital defense organization for the most populous city in the United States-found tangible benefits.
Data brokers such as Acxiom and Experian are in the business of collecting and selling data on people; the data they sell is commonly used to feed marketing as well as political campaigns. Despite the ongoing privacy debate, there is still very limited visibility into data collection by data brokers. Recently, however, online advertising services s...
Social support can play a critical role in the development of Internet skills. Research on support-seeking for digital media use has primarily considered informal sources such as family and friends, and formal sources such as people employed to provide assistance. Yet, people may also seek support online. Social network sites and other online commu...
Many security experts bemoan that consumers behave insecurely. Yet, current approaches to improving behavior either fail to consider when people may be most receptive to an intervention, or only consider experiences of threat (e.g., getting hacked) when identifying opportune moments for behavior change. We instead explore how an exemplar, positive...
Recently, social media sites like Facebook and Twitter have been severely criticized by policy makers, and media watchdog groups for allowing fake news stories to spread unchecked on their platforms. In response, these sites are encouraging their users to report any news story they encounter on the site, which they perceive as fake. Stories that ar...
Targeted advertising is meant to improve the efficiency of matching advertisers to their customers. However, targeted advertising can also be abused by malicious advertisers to efficiently reach people susceptible to false stories, stoke grievances, and incite social conflict. Since targeted ads are not seen by non-targeted and non-vulnerable peopl...
Given the ever-rising frequency of malware attacks and other problems leading people to lose their files, backups are an important proactive protective behavior in which users can engage. Backing up files can prevent emotional and financial losses and improve overall user experience. Yet, we find that less than half of young adults perform mobile o...
The security field relies on user studies, often including survey questions, to query end users' general security behavior and experiences, or hypothetical responses to new messages or tools. Self-report data has many benefits -- ease of collection, control, and depth of understanding -- but also many well-known biases stemming from people's diffic...
Password reuse is widespread, so a breach of one provider's password database threatens accounts on other providers. When companies find stolen credentials on the black market and notice potential password reuse, they may require a password reset and send affected users a notification. Through two user studies, we provide insight into such notifica...
Security behaviors can help users avoid incidents, but can also increase costs, both to users -- in time and mental effort -- and to platforms -- in user engagement and engineering resources. As such, we should consider when it is most efficient and effective to encourage security behaviors. Recent work has shown that users attempt to make security...
Targeted advertising is meant to improve the efficiency of matching advertisers to their customers. However, targeted advertising can also be abused by malicious advertisers to efficiently reach people susceptible to false stories, stoke grievances, and incite social conflict. Since targeted ads are not seen by non-targeted and non-vulnerable peopl...
Digital security technology is able to identify and prevent many threats to users accounts. However, some threats remain that, to provide reliable security, require human intervention: e.g., through users paying attention to warning messages or completing secondary authentication procedures. While prior work has broadly explored people's mental mod...
Identifying security vulnerabilities in software is a critical task that requires significant human effort. Currently, vulnerability discovery is often the responsibility of software testers before release and white-hat hackers (often within bug bounty programs) afterward. This arrangement can be ad-hoc and far from ideal; for example, if testers c...
Accurately modeling human decision-making in security is critical to thinking about when, why, and how to recommend that users adopt certain secure behaviors. In this work, we conduct behavioral economics experiments to model the rationality of end-user security decision-making in a realistic online experimental system simulating a bank account. We...
Despite significant advances in automated spam detection, some spam content manages to evade detection and engage users. While the spam supply chain is well understood through previous research, there is little understanding of spam consumers. We focus on the demand side of the spam equation examining what drives users to click on spam via a large-...
As algorithms are increasingly used to make important decisions that affect human lives, ranging from social benefit assignment to predicting risk of criminal recidivism, concerns have been raised about the fairness of algorithmic decision making. Most prior works on algorithmic fairness normatively prescribe how fair decisions ought to be made. In...
As algorithms are increasingly used to make important decisions that affect human lives, ranging from social benefit assignment to predicting risk of criminal recidivism, concerns have been raised about the fairness of algorithmic decision making. Most prior works on algorithmic fairness normatively prescribe how fair decisions ought to be made. In...
Few users have a single, authoritative, source from whom they can request digital-security advice. Rather, digital-security skills are often learned haphazardly, as users filter through an overwhelming quantity of security advice. By understanding the factors that contribute to users' advice sources, beliefs, and security behaviors, we can help to...
The behavior of the least-secure user can influence security and privacy outcomes for everyone else. Thus, it is important to understand the factors that influence these outcomes across a broad variety of people. Prior work has suggested that users with differing socioeconomic status (SES) may behave differently; however, no research has examined h...
In 2012, women earned 18% of computer science degrees; African American and Hispanic students made up less than 20% of computing degree holders that year. Research shows that relatable role models and engaging curriculum are required to engage underrepresented students in computing. There is a need for engaging and relatable curriculum to be delive...
Users receive a multitude of digital- and physical-security advice every day. Indeed, if we implemented all the security advice we received, we would never leave our houses or use the Internet. Instead, users selectively choose some advice to accept and some (most) to reject; however, it is unclear whether they are effectively prioritizing what is...
Mentors-protégé relationships have been shown to improve retention of women and under-represented students in computing (Cohoon, 2011). Mentorship relationships are also the driving factor in female students' selection and completion of a computing career (Ashcraft, Eger, & Friend, 2012). More generally, mentor-protégé relationships are a significa...