Lorrie Cranor

Carnegie Mellon University | CMU · Institute for Software Research

Digital financial services have catalyzed financial inclusion in Africa. Commonly implemented as a mobile wallet service referred to as mobile money (MoMo), the technology provides enormous benefits to its users, some of whom have long been unbanked. While the benefits of mobile money services have largely been documented, the challenges that arise...

A variety of methods and techniques are used in usable privacy and security (UPS) to study users’ experiences and behaviors. When applying empirical methods, researchers in UPS face specific challenges, for instance, to represent risk to research participants. This chapter provides an overview of the empirical research methods used in UPS and highl...

Assessing the usability of choice and consent mechanisms.

Android and iOS privacy labels confuse developers and end users.

Standardized privacy labels that succinctly summarize those data practices that people are most commonly concerned about offer the promise of providing users with more effective privacy notices than full-length privacy policies. With their introduction by Apple in iOS 14 and Google’s recent adoption in its Play Store, mobile app privacy labels are...

Privacy scales are frequently used to capture survey participants’ perspectives on privacy, but their utility hangs on their ability to reliably measure constructs associated with privacy. We investigate a set of common constructs (the intended objects of measurement by privacy scales) used in privacy surveys: privacy attitude, privacy preference,...

Inscrutable cookie banners torment users while failing to inform consent.

In this paper we describe the iterative evaluation and refinement of a consent flow for a chatbot being developed by a large U.S. health insurance company. This chatbot’s use of a cloud service provider triggers a requirement for users to agree to a HIPAA authorization. We highlight remote usability study and online survey findings indicating that...

Browsing privacy tools can help people protect their digital privacy. However, tools which provide the strongest protections—such as Tor Browser—have struggled to achieve widespread adoption. This may be due to usability challenges, misconceptions, behavioral biases, or mere lack of awareness. In this study, we test the effectiveness of nudging int...

We conducted an online survey and remote usability study to explore user needs related to advertising controls on Facebook and determine how well existing controls align with these needs. Our survey results highlight a range of user objectives related to controlling Facebook ads, including being able to select what ad topics are shown or what perso...

Exploring immersive theatre as a way to educate audiences and study their perceptions of privacy and technology ethics.

In the design of qualitative interview studies, researchers are faced with the challenge of choosing between many different methods of interviewing participants. This decision is particularly important when sensitive topics are involved. Even prior to the Covid-19 pandemic, considerations of cost, logistics, and participant anonymity have increasin...

Usable privacy and security researchers have developed a variety of approaches to represent risk to research participants. To understand how these approaches are used and when each might be most appropriate, we conducted a systematic literature review of methods used in security and privacy studies with human participants. From a sample of 633 pape...

Consumers are concerned about the security and privacy of their Internet of Things (IoT) devices. However, they cannot easily learn about their devices’ security protections and data practices before purchasing them. We designed a usable and informative IoT security and privacy label.

Privacy and security tools can help users protect themselves online. Unfortunately, people are often unaware of such tools, and have potentially harmful misconceptions about the protections provided by the tools they know about. Effectively encouraging the adoption of privacy tools requires insights into people’s tool awareness and understanding. T...

Cameras are everywhere, and are increasingly coupled with video analytics software that can identify our face, track our mood, recognize what we are doing, and more. We present the results of a 10-day in-situ study designed to understand how people feel about these capabilities, looking both at the extent to which they expect to encounter them as p...

Despite experts agreeing on many security best practices, there remains a gap between their advice and users' behavior. One example is the low adoption of secure mobile payments in the United States, despite widespread prevalence of credit and debit card fraud. Prior work has proposed nudging interventions to help users adopt security experts' reco...

Internet of Things (IoT) devices create new ways through which personal data is collected and processed by service providers. Frequently, end users have little awareness of, and even less control over, these devices’ data collection. IoT Personalized Privacy Assistants (PPAs) can help overcome this issue by helping users discover and, when availabl...

We conducted an in-lab user study with 24 participants to explore the usefulness and usability of privacy choices offered by websites. Participants were asked to find and use choices related to email marketing, targeted advertising, or data deletion on a set of nine websites that differed in terms of where and how these choices were presented. They...

Information about the privacy and security of Internet of Things (IoT) devices is not readily available to consumers who want to consider it before making purchase decisions. While legislators have proposed adding succinct, consumer accessible, labels, they do not provide guidance on the content of these labels. In this paper, we report on the resu...

Many websites offer visitors privacy controls and opt-out choices, either to comply with legal requirements or to address consumer privacy concerns. The way these control mechanisms are implemented can significantly affect individuals' choices and their privacy outcomes. We present an extensive content analysis of a stratified sample of 150 English...

Objective: We sought to present a model of privacy disposition and its development based on qualitative research on privacy considerations in the context of emerging health technologies. Materials and methods: We spoke to 108 participants across 44 interviews and 9 focus groups to understand the range of ways in which individuals value (or do no...

Despite growing concerns about security and privacy of Internet of Things (IoT) devices, consumers generally do not have access to security and privacy information when purchasing these devices. We interviewed 24 participants about IoT devices they purchased. While most had not considered privacy and security prior to purchase, they reported becomi...

As increasingly many Internet-of-Things (IoT) devices collect personal data, users face more privacy decisions. Personal privacy assistants can provide social cues and help users make informed decisions by presenting information about how others have decided in similar cases. To better understand which social cues are relevant and whose recommendat...

Are the many formal definitions and frameworks of privacy consistent with a layperson’s understanding of privacy? We explored this question and identified mental models and metaphors of privacy, conceptual tools that can be used to improve privacy tools, communication, and design for everyday users. Our investigation focused on a qualitative analys...

Previous research has suggested that people use the private browsing mode of their web browsers to conduct privacy-sensitive activities online, but have misconceptions about how it works and are likely to overestimate the protections it provides. To better understand how private browsing is used and whether users are at risk, we analyzed browsing d...

Advancements in information technology often task users with complex and consequential privacy and security decisions. A growing body of research has investigated individuals’ choices in the presence of privacy and information security trade-offs, the decision making hurdles affecting those choices, and ways to mitigate those hurdles. This article...

Despite the additional protection it affords, two-factor authentication (2FA) adoption reportedly remains low. To better understand 2FA adoption and its barriers, we observed the deployment of a 2FA system at Carnegie Mellon University (CMU). We explore user behaviors and opinions around adoption, surrounding a mandatory adoption deadline. Our resu...

As an industry researcher in 1997, I dove head first into the world of privacy when I joined an international working group that was developing a web privacy standard called the Platform for Privacy Preferences Project (P3P). Released in 2002, the P3P standard allowed websites to communicate about privacy in a computer-readable format that could be...

Text passwords---a frequent vector for account compromise, yet still ubiquitous---have been studied for decades by researchers attempting to determine how to coerce users to create passwords that are hard for attackers to guess but still easy for users to type and memorize. Most studies examine one password or a small number of passwords per user,...

Since the late 1970’s Dr. Alan Westin has conducted over 30 privacy surveys. For each o his surveys, Westing created one or more Privacy Indexes to summarise his results and to show trends in privacy concerns. Many Privacy researchers are interested in using these privacy indexes as benchmarks to which they can compare their own survey results. How...

Advancements in information technology often task users with complex and consequential privacy and security decisions. A growing body of research has investigated individuals’ choices in the presence of privacy and information security tradeoffs, the decision-making hurdles affecting those choices, and ways to mitigate such hurdles. This article pr...

With the rapid deployment of Internet of Things (IoT) technologies and the variety of ways in which IoT-connected sensors collect and use personal data, there is a need for transparency, control, and new tools to ensure that individual privacy requirements are met. To develop these tools, it is important to better understand how people feel about t...

Privacy notice and choice are essential aspects of privacy and data protection regulation worldwide. Yet, today's privacy notices and controls are surprisingly ineffective at informing users or allowing them to express choice. We analyze why existing privacy notices fail to inform users and tend to leave them helpless, and discuss principles for de...

General-purpose content-sharing platforms make it difficult for users to limit sharing to people interested in particular topics. Additional topic-based controls may allow users to better reach desired audiences. Designing such tools requires understanding current interest-based targeting techniques and the potential impact of additional mechanisms...

Privacy notice and choice are essential aspects of privacy and data protection regulation worldwide. Yet, today's privacy notices and controls are surprisingly ineffective at informing users or allowing them to express choice. Here, the authors analyze why existing privacy notices fail to inform users and tend to leave them helpless, and discuss pr...

Financial institutions in the United States are required by the Gramm-Leach-Bliley Act to provide annual privacy notices. In 2009, eight federal agencies jointly released a model privacy form for these disclosures. While the use of this model privacy form is not required, it has been widely adopted. We automatically evaluated 6,191 U.S. financial i...

Computer security problems often occur when there are disconnects between users' understanding of their role in computer security and what is expected of them. To help users make good security decisions more easily, we need insights into the challenges they face in their daily computer usage. We built and deployed the Security Behavior Observatory...

People share personal content online with varied audiences, as part of tasks ranging from conversational-style content sharing to collaborative activities. We use an interview- and diary-based study to explore: 1) what factors impact channel choice for sharing with particular audiences; and 2) what behavioral patterns emerge from the ability to com...

Recent research has improved our understanding of how to create strong, memorable text passwords. However, this research has generally been in the context of desktops and laptops, while users are increasingly creating and entering passwords on mobile devices. In this paper we study whether recent password guidance carries over to the mobile setting...

This panel will highlight and celebrate the life and work of John Karat, who passed away from pancreatic cancer last year. We will discuss his many contributions to the SIGCHI community, as well as the wider international community of people doing work in this area, focusing on both his scientific achievements and service contributions.

Password-composition policies are the result of service providers becoming increasingly concerned about the security of online accounts. These policies restrict the space of user-created passwords to preclude easily guessed passwords and thus make passwords more difficult for attackers to guess. However, many users struggle to create and recall the...

Although many users create predictable passwords, the extent to which users realize these passwords are predictable is not well understood. We investigate the relationship between users' perceptions of the strength of specific passwords and their actual strength. In this 165-participant online study, we ask participants to rate the comparative secu...

This monograph lays out a discussion framework for understanding the role of human-computer interaction (HCI) in public policymaking. We take an international view, discussing potential areas for research and application, and their potential for impact. Little has been written about the intersection of HCI and public policy; existing reports typica...

This monograph lays out a discussion framework for understanding the role of human-computer interaction (HCI) in public policymaking. It takes an international view, discussing potential areas for research and application and their potential for impact. The aim is to provide a solid foundation for discussion, cooperation and collaborative interacti...

In a series of experiments, we examined how the timing impacts the salience of smartphone app privacy notices. In a web survey and a field experiment, we isolated different timing conditions for displaying privacy notices: in the app store, when an app is started, during app use, and after app use. Participants installed and played a history quiz a...

Smartphone app updates are critical to user security and privacy. New versions may fix important security bugs, which is why users should usually update their apps. However, occasionally apps turn malicious or radically change features in a way users dislike. Users should not necessarily always update in those circumstances, but current update proc...

Parameterized password guessability—how many guesses a particular cracking algorithm with particular training data would take to guess a password—has become a common metric of password security. Unlike statistical metrics, it aims to model real-world attackers and to provide per-password strength estimates. We investigate how cracking approaches of...

Notifying users about a system's data practices is supposed to enable users to make informed privacy decisions. Yet, current notice and choice mechanisms, such as privacy policies , are often ineffective because they are neither usable nor useful, and are therefore ignored by users. Constrained interfaces on mobile devices, wearables, and smart hom...

Online advertisers track Internet users' activities to deliver targeted ads. To study how different factors affect users' attitudes towards this practice, we conducted a between-subjects online study (n=1,882). We elicited participants' comfort with sharing commonly collected types of information in scenarios with varying online advertisers' data p...

Online advertisers track Internet users' activities to deliver relevant ads. To study how different online advertisers' data practices affect users' comfort with sharing their information, we conducted a between-subjects online study with 1,882 participants. We asked participants about their comfort with sharing commonly collected types of informat...

Smartphone users are often unaware of the data collected by apps running on their devices. We report on a study that evaluates the benefits of giving users an app permission manager and sending them nudges intended to raise their awareness of the data collected by their apps. Our study provides both qualitative and quantitative evidence that these...

Users often struggle to create passwords under strict requirements. To make this process easier, some providers present real-time feedback during password creation, indicating which requirements are not yet met. Other providers guide users through a multi-step password-creation process. Our 6,435-participant online study examines how feedback and g...

Despite benefits and uses of social networking sites (SNSs) users are not always satisfied with their behaviors on the sites. These desires for behavior change both provide insight into users' perceptions of how SNSs impact their lives (positively or negatively) and can inform tools for helping users achieve desired behavior changes. We use a 604-p...

Users often make passwords that are easy for attackers to guess. Prior studies have documented features that lead to easily guessed passwords, but have not probed why users craft weak passwords. To understand the genesis of common password patterns and uncover average users’ misconceptions about password strength, we conducted a qualitative intervi...

We report on a user study that provides evidence that spaced repetition and a specific mnemonic technique enable users to successfully recall multiple strong passwords over time. Remote research participants were asked to memorize 4 Person-Action-Object (PAO) stories where they chose a famous person from a drop-down list and were given machine-gene...

Smartphone app developers make many privacy-related decisions on what data to collect about users and how that data is used. Based on interviews and a survey of app developers, the authors identify several hurdles preventing app developers from improved privacy behaviors. These include the difficulties of reading and writing privacy policies as wel...

Anecdotal evidence and scholarly research have shown that Internet users may regret some of their online disclosures. To help individuals avoid such regrets, we designed two modifications to the Facebook web interface that nudge users to consider the content and audience of their online disclosures more carefully. We implemented and evaluated these...

We present an architecture for the Security Behavior Observatory (SBO), a client-server infrastructure designed to collect a wide array of data on user and computer behavior from hundreds of participants over several years. The SBO infrastructure had to be carefully designed to fulfill several requirements. First, the SBO must scale with the desire...

To encourage strong passwords, system administrators employ password-composition policies, such as a traditional policy requiring that passwords have at least 8 characters from 4 character classes and pass a dictionary check. Recent research has suggested, however, that policies requiring longer passwords with fewer additional requirements can be m...