Conference Paper

A Stalker's Paradise: How Intimate Partner Abusers Exploit Technology

April 2018

DOI:10.1145/3173574.3174241

Conference: the 2018 CHI Conference

Authors:

Jackeline Palmer

City University of New York - Hunter College

Show all 6 authorsHide

This paper describes a qualitative study with 89 participants that details how abusers in intimate partner violence (IPV) contexts exploit technologies to intimidate, threaten, monitor, impersonate, harass, or otherwise harm their victims. We show that, at their core, many of the attacks in IPV contexts are technologically unsophisticated from the perspective of a security practitioner or researcher. For example, they are often carried out by a UI-bound adversary - an adversarial but authenticated user that interacts with a victim»s device or account via standard user interfaces - or by downloading and installing a ready-made application that enables spying on a victim. Nevertheless, we show how the sociotechnical and relational factors that characterize IPV make such attacks both extremely damaging to victims and challenging to counteract, in part because they undermine the predominant threat models under which systems have been designed. We discuss the nature of these new IPV threat models and outline opportunities for HCI research and design to mitigate these attacks.

SoK: Safer Digital-Safety Research Involving At-Risk Users

Preprint

Full-text available

Sep 2023

Research involving at-risk users -- that is, users who are more likely to experience a digital attack or to be disproportionately affected when harm from such an attack occurs -- can pose significant safety challenges to both users and researchers. Nevertheless, pursuing research in computer security and privacy is crucial to understanding how to meet the digital-safety needs of at-risk users and to design safer technology for all. To standardize and bolster safer research involving such users, we offer an analysis of 196 academic works to elicit 14 research risks and 36 safety practices used by a growing community of researchers. We pair this inconsistent set of reported safety practices with oral histories from 12 domain experts to contribute scaffolded and consolidated pragmatic guidance that researchers can use to plan, execute, and share safer digital-safety research involving at-risk users. We conclude by suggesting areas for future research regarding the reporting, study, and funding of at-risk user research

Analyzing the Patterns and Behavior of Users When Detecting and Preventing Tech-enabled Stalking

Conference Paper

Full-text available

Jan 2023

Survivor-Centered Transformative Justice: An Approach to Designing Alongside Domestic Violence Stakeholders in US Muslim Communities

Preprint

Full-text available

Feb 2023

While domestic violence (DV) is prevalent in all socioeconomic settings, identity highly impacts how one experiences and recovers from abuse. This work examines US-based Muslim women's challenges when seeking help and healing from domestic violence. Through participatory interviews with 23 participants within the DV ecosystem, we find that victim-survivors' autonomy is compromised throughout the abuse, within their immediate communities, and when involving the criminal justice system. To address such harms, we adapt a survivor-centered transformative justice (SCTJ) approach, a framework to discern individual and systemic harm, to understand how to design alongside victim-survivors, and to focus on victim-survivors' autonomy. We explain under what conditions an SCTJ approach may be productive for designers. We use insights from our interviews to highlight intervention areas for reducing harm, repairing harm, and promoting healing for victim-survivors. Lastly, we offer guidelines to design for harm reduction, accountability, and systemic change.

Understanding and Improving Consumers' Adoption of Online Privacy-Protective Behaviors

Thesis

Jan 2022

Yixin Zou

As much as consumers express desires to safeguard their online privacy, they often fail to do so effectively in reality. In my dissertation, I combine qualitative, quantitative, and design methods to uncover the challenges consumers face in adopting online privacy behaviors, then develop and evaluate different context-specific approaches to encouraging adoption. By examining consumer reactions to data breaches, I find how consumers' assessment of risks and decisions to take action could be subject to bounded rationality and potential biases. My analysis of data breach notifications provides another lens for interpreting inaction: unclear risk communications and overwhelming presentations of recommended actions in these notifications introduce more barriers to action. I then turn to investigate a broader set of privacy, security, and identity theft protection practices; the findings further illuminate individual differences in adoption and how impractical advice could lead to practice abandonment. Leveraging these insights, I investigate how to help consumers adopt online privacy-protective behaviors in three studies: (1) a user-centered design process that identified icons to help consumers better find and exercise privacy controls, (2) a qualitative study with multiple stakeholders to reimagine computer security customer support for serving survivors of intimate partner violence, and (3) a longitudinal experiment to evaluate nudges that encourage consumers to change passwords after data breaches, taking inspiration from the Protection Motivation Theory. These three studies demonstrate how developing support solutions for consumers requires varying approaches to account for the specific context and population studied. My dissertation further suggests the importance of critically reflecting on when and how to encourage adoption. While inaction could be misguided sometimes, it could also result from rational cost-benefit deliberations or resignation in the face of practical constraints.

You Can (Not) Say What You Want: Using Algospeak to Contest and Evade Algorithmic Content Moderation on TikTok

Article

Full-text available

Aug 2023

Social media users have long been aware of opaque content moderation systems and how they shape platform environments. On TikTok, creators increasingly utilize algospeak to circumvent unjust content restriction, meaning, they change or invent words to prevent TikTok’s content moderation algorithm from banning their video (e.g., “le$bean” for “lesbian”). We interviewed 19 TikTok creators about their motivations and practices of using algospeak in relation to their experience with TikTok’s content moderation. Participants largely anticipated how TikTok’s algorithm would read their videos, and used algospeak to evade unjustified content moderation while simultaneously ensuring target audiences can still find their videos. We identify non-contextuality, randomness, inaccuracy, and bias against marginalized communities as major issues regarding freedom of expression, equality of subjects, and support for communities of interest. Using algospeak, we argue for a need to improve contextually informed content moderation to valorize marginalized and tabooed audiovisual content on social media.

Technological Innovations for Tackling Domestic Violence

Article

Full-text available

Jan 2023

Abbas Z. Kouzani

Domestic violence is an issue of great importance that transcends socioeconomic backgrounds and cultural boundaries. It stems from factors such as power struggle, mental health issue, financial hardship, substance abuse, among others. Technology can play a vital role in not only detecting and mitigating instances of domestic violence, but also providing essential support and resources to its victims. This review paper examines the latest technological innovations in tackling domestic violence. It describes a range of technology platforms and tools, and discusses their capabilities and shortcomings. Firstly, the review methodology is given including aims and objectives of the review, search strategy, and selection of sources. Next, technological innovations in the context of domestic violence are defined. Then, the paper presents technological approaches developed to tackle domestic violence through: (i) analysis of data shared through digital platforms is presented, (ii) analysis of data captured by ambient sensors, (iii) analysis of data captured by smartphones, (iv) analysis of data captured by wearable sensors, (v) protecting online activities, (vi) preventing non-contact harassment, (vii) anti-stalking and monitoring measures, and (viii) virtual reality approaches. Next, discussions on the capabilities and applications of these technological innovations across different aspects of domestic violence are presented. The paper also addresses the challenges and limitations associated with these innovations, and gives future directions and recommendations for further research and development.

The Spread of Digital Intimate Partner Violence: Ethical Challenges for Business, Workplaces, Employers and Management partner violence (IPV) · Sexual violence · Workplace policy on violence · Workplace violence · Gender-based violence

Article

Full-text available

Jun 2023
J BUS ETHICS

In recent decades, huge technological changes have opened up possibilities and potentials for new socio-technological forms of violence, violation and abuse, themselves intersectionally gendered, that form part of and extend offline intimate partner violence (IPV). Digital IPV (DIPV)-the use of digital technologies in and for IPV-takes many forms, including: cyber-stalking, internet-based abuse, non-consensual intimate imagery, and reputation abuse. IPV is thus now in part digital, and digital and non-digital violence may merge and reinforce each other. At the same time, technological and other developments have wrought significant changes in the nature of work, such as the blurring of work/life boundaries and routine use of digital technologies. Building on feminist theory and research on violence, and previous research on the ethics of digitalisation, this paper examines the ethical challenges raised for business, workplaces, employers and management by digital IPV. This includes the ethical challenges arising from the complexity and variability of DIPV across work contexts, its harmful impacts on employees, productivity, and security, and the prospects for proactive ethical responses in workplace policy and practice for victim/survivors, perpetrators, colleagues, managers, and stakeholders. The paper concludes with contributions made and key issues for the future research agenda.

Technology-Facilitated Harm and Abuse in Intimate Relationships

Chapter

Full-text available

Jun 2023

Safeguarding patients from technology-facilitated abuse in clinical settings: A narrative review

Article

Full-text available

Jan 2023

Safeguarding vulnerable patients is a key responsibility of healthcare professionals. Yet, existing clinical and patient management protocols are outdated as they do not address the emerging threats of technology-facilitated abuse. The latter describes the misuse of digital systems such as smartphones or other Internet-connected devices to monitor, control and intimidate individuals. The lack of attention given to how technology-facilitated abuse may affect patients in their lives, can result in clinicians failing to protect vulnerable patients and may affect their care in several unexpected ways. We attempt to address this gap by evaluating the literature that is available to healthcare practitioners working with patients impacted by digitally enabled forms of harm. A literature search was carried out between September 2021 and January 2022, in which three academic databases were probed using strings of relevant search terms, returning a total of 59 articles for full text review. The articles were appraised according to three criteria: (a) the focus on technology-facilitated abuse; (b) the relevance to clinical settings; and (c) the role of healthcare practitioners in safeguarding. Of the 59 articles, 17 articles met at least one criterion and only one article met all three criteria. We drew additional information from the grey literature to identify areas for improvement in medical settings and at-risk patient groups. Technology-facilitated abuse concerns healthcare professionals from the point of consultation to the point of discharge, as a result clinicians need to be equipped with the tools to identify and address these harms at any stage of the patient’s journey. In this article, we offer recommendations for further research within different medical subspecialities and highlight areas requiring policy development in clinical environments.

Analysis of Non-Experts' Security- and Privacy-Related Questions on a Q&A Site

Article

Sep 2023

Although security and privacy technologies are incorporated into every device and service, the complexity of these concepts confuses non-expert users. Prior research has shown that non-expert users ask strangers for advice about digital media use online. In this study, to clarify the security and privacy concerns of non-expert users in their daily lives, we investigated security- and privacy-related question posts on a Question-and-Answer (Q&A) site for non-expert users. We conducted a thematic analysis of 445 question posts. We identified seven themes among the questions and found that users asked about cyberattacks the most, followed by authentication and security software. We also found that there was a strong demand for answers, especially for questions related to privacy abuse and account/device management. Our findings provide key insights into what non-experts are struggling with when it comes to privacy and security and will help service providers and researchers make improvements to address these concerns.

A Systematic Review of Ethical Concerns with Voice Assistants

Conference Paper

Full-text available

Aug 2023

Since Siri’s release in 2011 there have been a growing number of AI-driven domestic voice assistants that are increasingly being integrated into devices such as smartphones and TVs. But as their presence has expanded, a range of ethical concerns have been identified around the use of voice assistants, such as the privacy implications of having devices that are always listening and the ways that these devices are integrated into the existing social order of the home. This has created a burgeoning area of research across a range of fields including computer science, social science, and psychology. This paper takes stock of the foundations and frontiers of this work through a systematic literature review of 117 papers on ethical concerns with voice assistants. In addition to analysis of nine specific areas of concern, the review measures the distribution of methods and participant demographics across the literature. We show how some concerns, such as privacy, are operationalized to a much greater extent than others like accessibility, and how study participants are overwhelmingly drawn from a small handful of Western nations. In so doing we hope to provide an outline of the rich tapestry of work around these concerns and highlight areas where current research efforts are lacking

Towards Equitable Privacy

Preprint

Full-text available

Jul 2023

Ensuring equitable privacy experiences remains a challenge, especially for marginalised and vulnerable populations (MVPs) who often hesitate to participate or use digital services due to concerns about the privacy of their sensitive information. In response, security research has emphasised the importance of inclusive security and privacy practices to facilitate meaningful engagement of MVPs online. However, research in this area is still in its early stages, with other MVPs yet to be considered (such as low-income groups, and refugees), novel engagement methods yet to be explored, and limited support for software developers in building applications and services for MVPs. In 2022, we initiated a UK Research Council funded Equitable Privacy project to address these gaps. Our goal is to prioritise the privacy needs and requirements of MVPs in the design and development of software applications and services. We design and implement a new participatory research approach -- community studybeds -- in collaboration with third-sector organisations that support MVPs to identify and tackle the challenges these groups encounter. In this paper, we share the initial reflections and experiences of the Equitable Privacy project, particularly emphasising the utilisation of our community studybeds.

Intersectional Thinking about PETs: A Study of Library Privacy

Article

Full-text available

Apr 2023

This qualitative study examines the privacy challenges perceived by librarians who afford access to physical and electronic spaces and are in a unique position of safeguarding the privacy of their patrons. As internet “service providers,” librarians represent a bridge between the physical and internet world, and thus offer a unique sight line to the convergence of privacy, identity, and social disadvantage. Drawing on interviews with 16 librarians, we describe how they often interpret or define their own rules when it comes to privacy to protect patrons who face challenges that stem from structures of inequality outside their walls. We adopt the term “intersectional thinking” to describe how librarians reported thinking about privacy solutions, which is focused on identity and threats of structural discrimination (the rules, norms, and other determinants of discrimination embedded in institutions and other societal structures that present barriers to certain groups or individuals), and we examine the role that low/no-tech strategies play in ameliorating these threats. We then discuss how librarians act as "privacy intermediaries" for patrons, the potential analogue for this role for developers of systems, the power of low/no-tech strategies, and implications for design and research of privacy-enhancing technologies (PETs).

Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversations

Preprint

Feb 2023

The computer security research community regularly tackles ethical questions. The field of ethics / moral philosophy has for centuries considered what it means to be "morally good" or at least "morally allowed / acceptable". Among philosophy's contributions are (1) frameworks for evaluating the morality of actions -- including the well-established consequentialist and deontological frameworks -- and (2) scenarios (like trolley problems) featuring moral dilemmas that can facilitate discussion about and intellectual inquiry into different perspectives on moral reasoning and decision-making. In a classic trolley problem, consequentialist and deontological analyses may render different opinions. In this research, we explicitly make and explore connections between moral questions in computer security research and ethics / moral philosophy through the creation and analysis of trolley problem-like computer security-themed moral dilemmas and, in doing so, we seek to contribute to conversations among security researchers about the morality of security research-related decisions. We explicitly do not seek to define what is morally right or wrong, nor do we argue for one framework over another. Indeed, the consequentialist and deontological frameworks that we center, in addition to coming to different conclusions for our scenarios, have significant limitations. Instead, by offering our scenarios and by comparing two different approaches to ethics, we strive to contribute to how the computer security research field considers and converses about ethical questions, especially when there are different perspectives on what is morally right or acceptable.

"There's so much responsibility on users right now:" Expert Advice for Staying Safer From Hate and Harassment

Preprint

Full-text available

Feb 2023

Online hate and harassment poses a threat to the digital safety of people globally. In light of this risk, there is a need to equip as many people as possible with advice to stay safer online. We interviewed 24 experts to understand what threats and advice internet users should prioritize to prevent or mitigate harm. As part of this, we asked experts to evaluate 45 pieces of existing hate-and-harassment-specific digital-safety advice to understand why they felt advice was viable or not. We find that experts frequently had competing perspectives for which threats and advice they would prioritize. We synthesize sources of disagreement, while also highlighting the primary threats and advice where experts concurred. Our results inform immediate efforts to protect users from online hate and harassment, as well as more expansive socio-technical efforts to establish enduring safety.

How Americans Assess Intimate Partner Violence- Evidence from a Survey Experiment

Article

Full-text available

Jan 2023

Most Americans view intimate partner violence as wrong. Less is known, however, about how the general population evaluates threats from romantic partners. When do third parties support interventions such as police involvement, restraining orders, or prohibiting the abuser from owning a gun? Through a survey-based experiment, participants reacted to a separated dating relationship scenario in which three elements were manipulated: the race of the couple, the medium of communication between the perpetrator and the victim, and whether the male character referenced a gun. Using a structural equation model, the authors find that the inclusion of a gun dramatically increases concern, which in turn fosters support for interventions. However, participants’ race and gender and the race of the couple shape these effects. When the victims in the separated dating scenario are Black, participants were less likely to call for the abuser to be prohibited from owning a gun, even when they have expressed concern about the situation. This suggests that although a gun has a clear and strong effect, racial and gender effects are more complex.

Understanding how technology can support social-emotional learning of children: a dyadic trauma-informed participatory design with proxies

Conference Paper

Full-text available

Feb 2023

Trauma-informed design is an important yet challenging area due to required expertise for careful engagement with the vulnerable and traumatized person, particularly with children. While technologies have the potential to generate value for the person with experience of trauma, the risk of exposing them to additional trauma due to research and design has ethical implications. We explore this space by engaging with therapists and social workers as dyads of proxies for parents and children with a history of trauma. We conducted a study as a participatory workshop with proxies to understand how technology could support parents in coaching social-emotional learning during episodes of high intensity emotion and difficult behavior by the child. Our findings identified design qualities to embed in SEL technology, and three roles that parents can play in implementing SEL strategies at home. We contribute a set of seven methodological guidelines for dyadic trauma-informed participatory design with proxies.

Sub-Standards and Mal-Practices: Misinformation's Role in Insular, Polarized, and Toxic Interactions

Preprint

Jan 2023

How do users and communities respond to news from unreliable sources? How does news from these sources change online conversations? In this work, we examine the role of misinformation in sparking political incivility and toxicity on the social media platform Reddit. Utilizing the Google Jigsaw Perspective API to identify toxicity, hate speech, and other forms of incivility, we find that Reddit comments posted in response to misinformation articles are 71.4% more likely to be toxic than comments responding to authentic news articles. Identifying specific instances of commenters' incivility and utilizing an exponential random graph model, we then show that when reacting to a misinformation story, Reddit users are more likely to be toxic to users of different political beliefs than in other settings. Finally, utilizing a zero-inflated negative binomial regression, we identify that as the toxicity of subreddits increases, users are more likely to comment on misinformation-related Reddit submissions.

Reporting non-consensual pornography: clarity, efficiency and distress

Article

Full-text available

Jan 2023
MULTIMED TOOLS APPL

According to recent legislative initiatives, non-consensual pornography is a crime in several countries and social media providers have a duty to provide their users easy to use mechanisms to report abuses. In this paper, we analyse the state of the art of the interfaces for reporting non-consensual pornography from the victim’s perspective. Firstly, we analysed 45 content sharing platforms where aggressors might post non-consensual pornography. The analysis identified three distinct interaction styles for reporting the crime: Scriptum (a text-field where the user verbally describes the abuse), Bonam (a multilayered menu that includes a correct option), and Malam (a multilayered menu that does not include a correct option). Secondly, we conducted a within-subject study to evaluate the experience elicited by these interaction styles. Participants (N = 39) were given a scenario and asked to report six blurred images as non-consensual pornography using a medium-fidelity prototype. The results exposed complex trade-offs between clarity, efficiency, and distress among the different interaction styles. These trade-offs open foundational research directions transcending boundaries between human-computer interaction and multimedia studies and interfacing computer science research with the law.

No Privacy Among Spies: Assessing the Functionality and Insecurity of Consumer Android Spyware Apps

Article

Full-text available

Jan 2023

Consumer mobile spyware apps covertly monitor a user's activities (i.e., text messages, phone calls, e-mail, location, etc.) and transmit that information over the Internet to support remote surveillance. Unlike conceptually similar apps used for state espionage, so-called "stalkerware" apps are mass-marketed to consumers on a retail basis and expose a far broader range of victims to invasive monitoring. Today the market for such apps is large enough to support dozens of competitors, with individual vendors reportedly monitoring hundreds of thousands of phones. However, while the research community is well aware of the existence of such apps, our understanding of the mechanisms they use to operate remains ad hoc. In this work, we perform an in-depth technical analysis of 14 distinct leading mobile spyware apps targeting Android phones. We document the range of mechanisms used to monitor user activity of various kinds (e.g., photos, text messages, live microphone access) — primarily through the creative abuse of Android APIs. We also discover previously undocumented methods these apps use to hide from detection and to achieve persistence. Additionally, we document the measures taken by each app to protect the privacy of the sensitive data they collect, identifying a range of failings on the part of spyware vendors (including privacy-sensitive data sent in the clear or stored in the cloud with little or no protection).

Seeing Through Things: Exploring the Design Space of Privacy-Aware Data-Enabled Objects

Article

Full-text available

Dec 2022

Increasing amounts of sensor-augmented research objects have been used in design research. We call these objects Data-Enabled Objects, which can be integrated into daily activities capturing data about people’s detailed whereabouts, behaviours and routines. These objects provide data perspectives on everyday life for contextual design research. However, data-enabled objects are still computational devices with limited privacy awareness and nuanced data sharing. To better design data-enabled objects, we explore privacy design spaces by inviting 18 teams of undergraduate design students to re-design the same type of sensor-enabled home research camera. We developed the Connected Peekaboo Toolkit (CPT) to support the design teams in designing, building, and directly deploying their prototypes in real home studies. We conducted Thematic Analysis to analyse their outcomes which led us to interpret that privacy is not just an obstacle but can be a driver by unfolding an exploration of possible design spaces for data-enabled objects.

Seeing through Things: Exploring the Design Space of Privacy-Aware Data-Enabled Objects

Preprint

Full-text available

Dec 2022

Increasing amounts of sensor-augmented research objects have been used in design research. We call these objects Data-Enabled Objects, which can be integrated into daily activities capturing data about people's detailed whereabouts, behaviours and routines. These objects provide data perspectives on everyday life for contextual design research. However, data-enabled objects are still computational devices with limited privacy awareness and nuanced data sharing. To better design data-enabled objects, we explore privacy design spaces by inviting 18 teams of undergraduate design students to re-design the same type of sensor-enabled home research camera. We developed the Connected Peekaboo Toolkit (CPT) to support the design teams in designing, building, and directly deploying their prototypes in real home studies. We conducted Thematic Analysis to analyse their outcomes which led us to interpret that privacy is not just an obstacle but can be a driver by unfolding an exploration of possible design spaces for data-enabled objects.

Gender and IoT Research Report: The Rise of the Internet of Things and Implications for Technology-Facilitated Abuse

Article

Nov 2018

Digital privacy is a sexual health necessity: a community-engaged qualitative study of virtual sex work and digital autonomy in Senegal

Article

Nov 2023

Juliana Friend

The COVID-19 pandemic highlighted the harm reduction potential of virtual sex work (VSW) such as video or audio calls with clients. VSW limits exposure to COVID-19 and STIs. However, sex workers using digital technologies face high risks of technology-facilitated intimate partner violence (IPV), such as non-consensual distribution of intimate images. This study explored perceived risks and benefits of VSW, including the salience of STI harm reduction. Ethnographic interviews and participant observation with self-identified cis women sex workers in Dakar between January 2018 and August 2019 informed a further period of focused data collection in June 2022, in which two key research participants and the author devised a goal of concrete community benefit: a list of contextually relevant digital privacy precautions and resources. Brainstorming this list during workshops with 18 sex workers provided prompts for participant perspectives. While participants generally preferred VSW, citing STI prevention as a key reason, most resumed in-person sex work after COVID-19 curfews lifted; social risks of digital privacy breach and potential outing outweighed physical risks of contracting STIs. Participants proposed privacy features for mobile applications to make VSW viable and benefit from STI prevention. Their reflections call on tech companies to embed values of informed consent and privacy into platform design, shifting the burden of protecting privacy from individuals to companies. This study addresses a gap in technology-facilitated IPV research, which has concentrated on Euro-American contexts. Participant perspectives can inform action in technology policy sectors to advance criminalised communities' rights to sexual health, privacy, and autonomy.

Can’t Keep Them Away: The Failures of Anti-stalking Protocols in Personal Item Tracking Devices

Conference Paper

Jan 2023

A number of technology companies have introduced personal item tracking devices to allow people to locate and keep track of items such as keys and phones. However, these devices are not always used for their intended purpose: they have been used in cases of domestic abuse and stalking to track others without their consent. In response, manufacturers introduced a range of anti-stalking features designed to detect and mitigate misuse of their products. In this paper, we explore common implementations of these anti-stalking features and analyse their limitations. In other research, we identified that very few people use anti-stalking features, even when they know that someone might be tracking them and are incentivised to evade them. In this paper, we additionally identify several failures of the features that prevent them from performing their intended purpose even if they were in use. It is impossible for anti-stalking features to identify the difference between ‘bad’ tracking and ‘good’ tracking. Furthermore, some features work on some types of phones for some types of tracking devices, but not all work on all phones for all trackers. Some anti-stalking features are not enabled by default, and some require manual intervention to scan for devices. We provide suggestions for how these features could be improved, as well as ideas for additional anti-stalking features that could help mitigate the issues discussed in this paper.

DeTagTive: Linking MACs to Protect Against Malicious BLE Trackers

Conference Paper

Sep 2023

Sociotechnical Harms of Algorithmic Systems: Scoping a Taxonomy for Harm Reduction

Conference Paper

Aug 2023

Empirical Research Methods in Usable Privacy and Security

Chapter

Full-text available

Mar 2023

A variety of methods and techniques are used in usable privacy and security (UPS) to study users’ experiences and behaviors. When applying empirical methods, researchers in UPS face specific challenges, for instance, to represent risk to research participants. This chapter provides an overview of the empirical research methods used in UPS and highlights associated opportunities and challenges. This chapter also draws attention to important ethical considerations in UPS research with human participants and highlights possible biases in study design.

The Role of Technology in Stalking and Coercive Control Among Young People

Chapter

Aug 2023

This chapter introduces readers to the role of technology in facilitating and enhancing stalking and coercive and controlling practices. By way of introduction, the chapter details how a growing range of internet enabled digital devices have facilitated greater interconnectivity that transcends physical boundaries. Discussion develops to explore the ways in which young people engage with information and communication technologies and how this enhances the capabilities of individuals to engage in, and be a victim of, stalking and coercive and controlling behaviours. Drawing on studies centred on survivor and practitioner testimony, the chapter illustrates how the unique characteristics of information communication can be weaponised. Discussion develops to critically consider the implications of technology facilitated stalking and coercive and controlling behaviour for policy and practice. Legal, technological and educational responses to prevent and mitigate harm are given consideration, as is the role of state agencies, private organisations and citizenry.KeywordsStalkingCoercive controlCyber stalkingICT facilitated abuseImage based abuseSurveillanceVictims and survivors

"In Eighty Percent of the Cases, I Select the Password for Them": Security and Privacy Challenges, Advice, and Opportunities at Cybercafes in Kenya

Conference Paper

May 2023

Mapping the Interdisciplinary Research on Non-consensual Pornography: Technical and Quantitative Perspectives

Article

Jul 2023

The phenomenon of the non-consensual distribution of intimate or sexually explicit digital images of adults, a.k.a. non-consensual pornography (NCP) or revenge pornography is under the spotlight for the toll is taking on society. Law enforcement statistics confirm a dramatic global rise in abuses. For this reason, the research community is investigating different strategies to fight and mitigate the abuses and their effects. Since the phenomenon involves different aspects of personal and social interaction among users of social media and content sharing platforms, in the literature it is addressed under different academic disciplines. However, while most of the literature reviews focus on non-consensual pornography either from a social science or psychological perspective, to the best of our knowledge a systematic review of the research on the technical aspects of the problem is still missing. In this work, we present a Systematic Mapping Study (SMS) of the literature, looking at this interdisciplinary phenomenon through a technical lens. Therefore, we focus on the cyber side of the crime of non-consensual pornography with the aim of describing the state-of-the-art and the future lines of research from a technical and quantitative perspective.

Broadening Privacy and Surveillance: Eliciting Interconnected Values with a Scenarios Workbook on Smart Home Cameras

Conference Paper

Jul 2023

Understanding Women's Perspectives on Smart Home Security Systems in Patriarchal Societies of Malawi.

Conference Paper

Jul 2023

A Workshop-Based Method for Navigating Value Tensions in Collectively Speculated Worlds

Conference Paper

Jul 2023

Towards Examining The Security Cost of Inexpensive Smart Home IoT Devices

Article

Full-text available

Apr 2023

Towards Examining The Security Cost of Inexpensive Smart Home IoT Devices

Conference Paper

Full-text available

Jun 2023

A myriad of security challenges has accompanied the rapid proliferation of internet-of-things (IoT) smart-home devices. While smart-home security cameras, locks, digital speakers , and thermostats offer the promise of security, their naive implementations often introduce vulnerability into our digitally connected lives. We argue that the consumer demand for inexpensive IoT has led to a supply of grossly insecure devices. To examine this hypothesis, we examine the security of five inexpensive IoT devices from three separate vendors. In all five devices, our work uncovers immature software security efforts. Our findings discover new vulnerabilities, document legacy vulnerabilities due to software bill of materials (SBOM) issues, explore security mitigations in firmware, and examine the unsecured communication within the ecosystems of the devices. Our analysis discusses the root causes of these vulnerabilities. While these results indicate a snapshot of an immature and naive state of IoT software, there are several software development lifecycle processes that vendors can immediately implement to overcome the root causes of these vulnerabilities. Index Terms-internet of things, security and privacy, secure software development

Survivor-Centered Transformative Justice: An Approach to Designing Alongside Domestic Violence Stakeholders in US Muslim Communities

Conference Paper

Apr 2023

EquityWare: Co-Designing Wearables With And For Low Income Communities In The U.S.

Conference Paper

Apr 2023

Paying the Price: When Intimate Partners Use Technology for Financial Harm

Conference Paper

Apr 2023

Rosanna Bellini

“There’s so much responsibility on users right now:” Expert Advice for Staying Safer From Hate and Harassment

Conference Paper

Apr 2023

Click Here to Exit: An Evaluation of Quick Exit Buttons

Conference Paper

Apr 2023

“I Did Watch ‘The Handmaid's Tale’”: Threat Modeling Privacy Post-Roe in the United States

Article

Mar 2023

Now that the protections of Roe v. Wade are no longer available throughout the United States, the free flow of personal data can be used by legal authorities to provide evidence of felony. However, we know little about how impacted individuals approach their reproductive privacy in this new landscape. We conducted interviews with 15 individuals who may get/were pregnant to address this gap. While nearly all reported deleting period tracking apps, they were not willing to go much further, even while acknowledging the risks of generating data. Quite a few considered a more inhospitable, Handmaid's Tale like climate in which their medical history and movements would put them in legal peril but felt that, by definition, this reality was insuperable, and also that they were not the target—the notion that privileged location, stage of life did not make them the focus of government or vigilante efforts. We also found that certain individuals (often younger and/or with reproductive risks) were more attuned to the need to modify their technology or equipped to employ high and low-tech strategies. Using an intersectional lens, we discuss implications for media advocacy and propose privacy intermediation to frame our thinking about reproductive privacy.

iRogue: Identifying Rogue Behavior from App Reviews

Preprint

Full-text available

Mar 2023

An app user can access information of other users or third parties. We define rogue mobile apps as those that enable a user (abuser) to access information of another user or third party (victim), in a way that violates the victim's privacy expectations. Such apps are dual-use and their identification is nontrivial. We propose iRogue, an approach for identifying rogue apps based on their reviews, posted by victims, abusers, and others. iRogue involves training on deep learning features extracted from their 1,884 manually labeled reviews. iRogue first identifies how alarming a review is with respect to rogue behavior and, second, generates a rogue score for an app. iRogue predicts 100 rogue apps from a seed dataset curated following a previous study. Also, iRogue examines apps in other datasets of scraped reviews, and predicts an additional 139 rogue apps. On labeled ground truth, iRogue achieves the highest recall, and outperforms baseline approaches that leverage app descriptions and reviews. A qualitative analysis of alarming reviews reveals rogue functionalities. App users, platforms, and developers should be aware of such apps and their functionalities and take measures to curb privacy risk.

RADTEC: Re-authentication of IoT Devices with Machine Learning

Conference Paper

Jan 2023

Nothing Is Good Enough: Fast and Cheap Are Undervalued as Influencers of Security Tool Adoption

Article

Jan 2023

Adam Shostack

Properties of practices in industrial use are rarely studied. Security workers satisfice, selecting a tool that’s “good enough,” and in practice, that turns out to be nothing at all. This article advocates valuing lightweight methods and presents studies and evaluation criteria for such tools.

Fast, Cheap and Good: Lightweight Methods Are Undervalued

Preprint

Full-text available

Dec 2022

Adam Shostack

Engineering techniques to address the endless parade of security issues are an important area of research. Properties of practices in industrial use are rarely studied. Security workers satisfice. There is a widespread perception that security work must be cumbersome, and thus there's no value to assessing levels of effort. This is complemented by a belief that the nth day of work will produce value equal to the first. These perceptions impact both practice and research. This paper expands the acceptable paradigms for security analysis to include the fast, cheap and good enough. "Nothing" is often enough for industry. This paper makes a case for valuing lightweight ("fast and cheap") methods, presents a set of case studies and evaluation criteria for such tools, including card decks and role playing games.

Ethical Challenges in the Use of Digital Technologies: AI and Big Data

Chapter

Jan 2023

This chapter looks at the normative and applied ethical standpoint and application of real-world technology challenges, with regard to Big Data (BD) and Artificial Intelligence (AI) domains and use-cases. In particular, how ethical technology design and utility can aid government policy makers, senior-management, software developers, and academic researchers in the quest for new knowledge and effective solutions. We discuss how biases are introduced by design in the workplace through technology and policy decision-making, how legal protections can become ambiguous through lack of definition, thus enhancing cyber-criminality, and demonstrate weakness in how the General Data Protection Regulations (GDPR) may adapt in light of new social phenomena and cultural change. We then propose legal applications with technical solutions that benefit societies in the addressing of core social operational/organisational themes and objectives, such as equality, diversity, gender pay-gap, racism, and the encouragement in the recruitment of women. This is undertaken from a combination of BD and AI ethical application perspectives, with a set of amalgamated criteria, the findings of which help identify factors for utilising in the design of a more ethically sound User Interface (UI). Three additional key socially controversial use-cases are presented (i.e., cyberstalking, sharenting, and, recruitment bias) and assessed alongside the set criteria to highlight current techno-social challenges, metrics, and applications that augment swift action in the mitigation of individual user risk. Thus, an ethically based UI Data Pipeline (VDaaS) is proposed in ensuring ethical, legal, technical objectives, and operations are met from a user perspective.KeywordsEthicsAIBig DataGDPRBiasPrivacy

APPlied stalking: What the next generation of stalking victims consider to be ‘stalking’ and why victims report their experiences to the police

Article

Jan 2023
J CRIM JUST

Foregrounding Women's Safety in Mobile Social Matching and Dating Apps: A Participatory Design Study

Article

Dec 2022

The design of social matching and dating apps has changed continually through the years, marked notably by a shift to mobile devices, and yet user safety has not historically been a driver of design despite mounting evidence of sexual and other harms. This paper presents a participatory design study with women-a demographic at disproportionate risk of harm through app-use-about how mobile social matching apps could be designed to foreground their safety. Findings indicate that participants want social matching apps to augment women's abilities for self-protection, reflected in three new app roles: 1) the cloaking device, through which the social matching app helps women dynamically manage visibility to geographically nearby users, 2) the informant, through which the app helps women predict risk of harm associated with a recommended social opportunity, and 3) the guardian, through which the app monitors a user's safety during face-to-face meetings and augments their response to risk.

What Social Media Could Be: Normative Frameworks for Evaluating Digital Public Spaces

Article

Dec 2022

Increasing attention has been placed to the societal downsides of social media, and appropriately so. Less attention has been paid to the qualities to which social media should aspire. We contend that this is critically important. Not only must social media, and social media scholars, identify and reduce negative outcomes, but we must also critically engage with what is desirable. The purpose of this theoretical essay is to propose a normative framework for digital public spaces. We lay out four categories, and 14 sub-categories, of normative ideals to which social media could aspire. It is our hope that chronicling these qualities will allow scholars to more critically reflect on their normative assumptions when they research social media and will encourage practitioners to think about how social media could be built with these ideals in mind.

The National Intimate Partner and Sexual Violence Survey (NISVS): 2010-2012 State Report

Book

Full-text available

Apr 2017

Identifying Women's Experiences With and Strategies for Mitigating Negative Effects of Online Harassment

Conference Paper

Full-text available

Feb 2017

The popularity, availability, and ubiquity of information and communication technologies create new opportunities for online harassment. The present study evaluates factors associated with young adult women's online harassment experiences through a multi-factor measure accounting for the frequency and severity of negative events. Findings from a survey of 659 undergraduate and graduate students highlight the relationship between harassment, well-being, and engagement in strategies to manage one's online identity. We further identify differences in harassment experiences across three popular social media platforms: Facebook, Twitter, and Instagram. We conclude by discussing this study's contribution to feminist theory and describing five potential design interventions derived from our data that may minimize these negative experiences, mitigate the psychological harm they cause, and provide women with more proactive ways to regain agency when using communication technologies.

Development of a brief measure of intimate partner violence experiences: The Composite Abuse Scale (Revised)-Short Form (CASR-SF)

Article

Full-text available

Dec 2016

Objectives Approaches to measuring intimate partner violence (IPV) in populations often privilege physical violence, with poor assessment of other experiences. This has led to underestimating the scope and impact of IPV. The aim of this study was to develop a brief, reliable and valid self-report measure of IPV that adequately captures its complexity. Design Mixed-methods instrument development and psychometric testing to evolve a brief version of the Composite Abuse Scale (CAS) using secondary data analysis and expert feedback. Setting Data from 5 Canadian IPV studies; feedback from international IPV experts. Participants 31 international IPV experts including academic researchers, service providers and policy actors rated CAS items via an online survey. Pooled data from 6278 adult Canadian women were used for scale development. Primary/secondary outcome measures Scale reliability and validity; robustness of subscales assessing different IPV experiences. Results A 15-item version of the CAS has been developed (Composite Abuse Scale (Revised)—Short Form, CASR-SF), including 12 items developed from the original CAS and 3 items suggested through expert consultation and the evolving literature. Items cover 3 abuse domains: physical, sexual and psychological, with questions asked to assess lifetime, recent and current exposure, and abuse frequency. Factor loadings for the final 3-factor solution ranged from 0.81 to 0.91 for the 6 psychological abuse items, 0.63 to 0.92 for the 4 physical abuse items, and 0.85 and 0.93 for the 2 sexual abuse items. Moderate correlations were observed between the CASR-SF and measures of depression, post-traumatic stress disorder and coercive control. Internal consistency of the CASR-SF was 0.942. These reliability and validity estimates were comparable to those obtained for the original 30-item CAS. Conclusions The CASR-SF is brief self-report measure of IPV experiences among women that has demonstrated initial reliability and validity and is suitable for use in population studies or other studies. Additional validation of the 15-item scale with diverse samples is required.

Doxing: a conceptual analysis

Article

Full-text available

Sep 2016
Ethics Inform Tech

David M. Douglas

Doxing is the intentional public release onto the Internet of personal information about an individual by a third party, often with the intent to humiliate, threaten, intimidate, or punish the identified individual. In this paper I present a conceptual analysis of the practice of doxing and how it differs from other forms of privacy violation. I distinguish between three types of doxing: deanonymizing doxing, where personal information establishing the identity of a formerly anonymous individual is released; targeting doxing, that discloses personal information that reveals specific details of an individual’s circumstances that are usually private, obscure, or obfuscated; and delegitimizing doxing, which reveals intimate personal information that damages the credibility of that individual. I also describe how doxing differs from blackmail and defamation. I argue that doxing may be justified in cases where it reveals wrongdoing (such as deception), but only if the information released is necessary to reveal that such wrongdoing has occurred and if it is in the public interest to reveal such wrongdoing. Revealing additional information, such as that which allows an individual to be targeted for harassment and intimidation, is unjustified. I illustrate my discussion with the examples of the alleged identification of the creator of Bitcoin, Satoshi Nakamoto, by Newsweek magazine, the identification of the notorious Reddit user Violentacrez by the blog Gawker, and the harassment of game developer Zoe Quinn in the ‘GamerGate’ Internet campaign.

Designing Cyberbullying Mitigation and Prevention Solutions through Participatory Design With Teenagers

Conference Paper

Full-text available

May 2016

While social media platforms enable individuals to easily communicate and share experiences, they have also emerged as a tool for cyberbullying. Teenagers represent an especially vulnerable population for negative emotional responses to cyberbullying. At the same time, attempts to mitigate or prevent cyberbullying from occurring in these networked spaces have largely failed because of the complexity and nuance with which young people bully others online. To address challenges related to designing for cyberbullying intervention and mitigation, we detail findings from participatory design work with two groups of high school students in spring 2015. Over the course of five design sessions spanning five weeks, participants shared their experiences with cyberbullying and iteratively designed potential solutions. We provide an in-depth discussion of the range of cyberbullying mitigation solutions participants designed. We focus on challenges participants' identified in designing for cyberbullying support and prevention and present a set of five potential cyberbullying mitigation solutions based on the results of the design sessions.

Cecil: A Moment or a Movement? Analysis of Media Coverage of the Death of a Lion, Panthera Leo

Article

Full-text available

Apr 2016

The killing of a satellite-tagged male lion by a trophy hunter in Zimbabwe in July 2015 provoked an unprecedented media reaction. We analyse the global media response to the trophy hunting of the lion, nicknamed "Cecil", a study animal in a long-term project run by Oxford University's Wildlife Conservation Research Unit (WildCRU). We collaborated with a media-monitoring company to investigate the development of the media coverage spatially and temporally. Relevant articles were identified using a Boolean search for the terms Cecil AND lion in 127 languages. Stories about Cecil the Lion in the editorial media increased from approximately 15 per day to nearly 12,000 at its peak, and mentions of Cecil the Lion in social media reached 87,533 at its peak. We found that, while there were clear regional differences in the level of media saturation of the Cecil story, the patterns of the development of the coverage of this story were remarkably similar across the globe, and that there was no evidence of a lag between the social media and the editorial media. Further, all the main social media platforms appeared to react in synchrony. This story appears to have spread synchronously across media channels and geographically across the globe over the span of about two days. For lion conservation in particular, and perhaps for wildlife conservation more generally, we speculate that the atmosphere may have been changed significantly. We consider the possible reasons why this incident provoked a reaction unprecedented in the conservation sector.

First Steps in Quantifying Toxicity and Verbal Violence on Twitter

Conference Paper

Full-text available

Feb 2016

Online harassment is a continuing problem, endemic to many social media platforms and other means of web-based communications, and few means exist to analyze web content for instances of verbal violence and aggression. We are developing a scale of online aggression that can be applied to Twitter posts (tweets) and that is based on existing measures of trait aggression and cyberbullying. For the purpose of testing and validating our scale, we are relying on Mechanical Turk, an Amazon Web Service, through which we can enlist and pay workers to code our dataset of tweets. Preliminary results suggest that aggression in tweets is difficult for human coders to identify and that we have not reached consensus about what constitutes harassment online. We discuss our preliminary results and propose next steps such as scale modification and automated classifier development.

Goldilocks and the two mobile devices: Going beyond all-or-nothing access to a device's applications

Article

Full-text available

Jul 2012

Most mobile phones and tablets support only two access control device states: locked and unlocked. We investigated how well all or-nothing device access control meets the need of users by interviewing 20 participants who had both a smartphone and tablet. We find all-or-nothing device access control to be a remarkably poor fit with users' preferences. On both phones and tablets, participants wanted roughly half their applications to be available even when their device was locked and half protected by authentication. We also solicited participants' interest in new access control mechanisms designed specifically to facilitate device sharing. Fourteen participants out of 20 preferred these controls to existing security locks alone. Finally, we gauged participants' interest in using face and voice biometrics to authenticate to their mobile phone and tablets; participants were surprisingly receptive to biometrics, given that they were also aware of security and reliability limitations.

The global prevalence of intimate partner homicide: A systematic review

Article

Full-text available

Jun 2013
LANCET

Homicide is an important cause of premature mortality globally, but evidence for the magnitude of homicides by intimate partners is scarce and hampered by the large amount of missing information about the victim-offender relationship. The objective of the study was to estimate global and regional prevalence of intimate partner homicide. A systematic search of five databases (Medline, Global Health, Embase, Social Policy, and Web of Science) yielded 2167 abstracts, and resulted in the inclusion of 118 full-text articles with 1122 estimates of the prevalence of intimate partner homicide after double-blind screening. All studies were included that reported the number or proportion of women or men who were murdered by an intimate partner in a country, province, or town, using an inclusive definition of an intimate partner. Additionally, a survey of official sources of 169 countries provided a further 53 estimates. We selected one estimate per country-year using a quality assessment decision algorithm. The median prevalence of intimate partner homicide was calculated by country and region overall, and for women and men separately. Data were obtained for 66 countries. Overall 13·5% (IQR 9·2-18·2) of homicides were committed by an intimate partner, and this proportion was six times higher for female homicides than for male homicides (38·6%, 30·8-45·3, vs 6·3%, 3·1-6·3). Median percentages for all (male and female) and female intimate partner homicide were highest in high-income countries (all, 14·9%, 9·2-18·2; female homicide, 41·2%, 30·8-44·5) and in southeast Asia (18·8%, 11·3-18·8; 58·8%, 58·8-58·8). Adjustments to account for unknown victim-offender relationships generally increased the prevalence, suggesting that results presented are conservative. At least one in seven homicides globally and more than a third of female homicides are perpetrated by an intimate partner. Such violence commonly represents the culmination of a long history of abuse. Strategies to reduce homicide risk include increased investment in intimate partner violence prevention, risk assessments at different points of care, support for women experiencing intimate partner violence, and control of gun ownership for people with a history of violence. Improvements in country-level data collection and monitoring systems are also essential, because data availability and quality varied strongly across regions. WHO, Sigrid Rausing Trust, and the UK Economic and Social Research Council.

The Global Prevalence of Intimate Partner Violence Against Women

Article

Full-text available

Jun 2013
SCIENCE

Data from 81 countries was used to estimate global prevalence of intimate partner violence against women.

Mental and Physical Health and Intimate Partner Violence against Women: A Review of the Literature

Article

Full-text available

Jan 2013

Associations between intimate partner violence (IPV) and poor physical and mental health of women have been demonstrated in the international and national literature across numerous studies. This paper presents a review of the literature on this topic. The 75 papers included in this review cover both original research studies and those which undertook secondary analyses of primary data sources. The reviewed research papers published from 2006 to 2012 include quantitative and qualitative studies from Western and developing countries. The results show that while there is variation in prevalence of IPV across various cultural settings, IPV was associated with a range of mental health issues including depression, PTSD, anxiety, self-harm, and sleep disorders. In most studies, these effects were observed using validated measurement tools. IPV was also found to be associated with poor physical health including poor functional health, somatic disorders, chronic disorders and chronic pain, gynaecological problems, and increased risk of STIs. An increased risk of HIV was reported to be associated with a history of sexual abuse and violence. The implications of the study findings in relation to methodological issues, clinical significance, and future research direction are discussed.

Why Johnny still can't encrypt: evaluating the usability of email encryption software

Article

Full-text available

Our research seeks to understand the current usability situation of email encryption software, particularly PGP 9 in comparison to previous studies of PGP 5. We designed a pilot study to find current problems in the following areas: create a key pair, get public keys, verify public keys, encrypt an email, sign an email, decrypt an email, verify a digital signature, and save a backup of public and private keys.

Can I Borrow Your Phone?: Understanding Concerns When Sharing Mobile Phones

Conference Paper

Full-text available

Apr 2009

Mobile phones are becoming increasingly personalized in terms of the data they store and the types of services they provide. At the same time, field studies have reported that there are a variety of situations in which it is natural for people to share their phones with others. However, most mobile phones support a binary security model that offers all-or-nothing access to the phone. We interviewed 12 smartphone users to explore how security and data privacy concerns affected their willingness to share their mobile phones. The diversity of guest user categorizations and associated security constraints expressed by the participants suggests the need for a security model richer than today's binary model. Author Keywords Mobile phone sharing, phone privacy, phone security.

Access Control for Home Data Sharing: Attitudes, Needs and Practices

Conference Paper

Full-text available

Apr 2010

As digital content becomes more prevalent in the home, non-technical users are increasingly interested in sharing that content with others and accessing it from multiple devices. Not much is known about how these users think about controlling access to this data. To better understand this, we conducted semi-structured, in-situ interviews with 33 users in 15 households. We found that users create ad-hoc access-control mechanisms that do not always work; that their ideal policies are complex and multi-dimensional; that a priori policy specification is often insufficient; and that people's mental models of access control and security are often misaligned with current systems. We detail these findings and present a set of associated guidelines for designing usable access-control systems for the home environment.

xShare: supporting impromptu sharing of mobile phones

Conference Paper

Full-text available

Jun 2009

Loaded with personal data, e.g. photos, contacts, and call history, mobile phones are truly personal devices. Yet it is often necessary or desirable to share our phones with others. This is especially true as mobile phones are integrating features conventionally provided by other dedicated devices, from MP3 players to games consoles. Unfortunately, when we lend our phones to others, we give away complete access because existing phones assume a single user and provide little protection for private data and applications. In this work, we present xShare, a protection solution to address this problem. xShare allows phone owners to rapidly specify what they want to share and place the phone into a restricted mode where only the data and applications intended for sharing can be accessed. We first present findings from two motivational user studies based on which we provide the design requirements of xShare. We then present the design of xShare based on file-level access control. We describe the implementation of xShare on Windows Mobile and report a comprehensive usability evaluation of the implementation, including mea-surements and user studies. The evaluation demonstrates that our xShare implementation has negligible overhead for interactive phone usage, is extremely favored by mobile users, and provides robust protection against attacks by experienced Windows Mobile users and developers.

Family accounts: A new paradigm for user accounts within the home environment

Conference Paper

Full-text available

Nov 2008

In this paper we present Family Accounts, a new user account model for shared home computers. We conducted a study with sixteen families, eight who used individual profiles at home, and eight who shared a single profile. Our results demonstrate that Family Accounts is a good compromise between a single shared profile and individual profiles for each family member. In particular, we observed that because Family Accounts allowed individuals to switch profiles without forcing them to interrupt their tasks, family members tended to switch to their own profiles only when a task required some degree of privacy or personalization.

The trouble with login: On usability and computer security in ubiquitous computing

Article

Full-text available

Nov 2005

Jakob E. Bardram

Logging in by typing usernames and passwords is by far the most common way to access modern computer systems. However, such contemporary user authentication mechanisms are inappropriate in a ubiquitous computing environment, where users constantly are accessing a wide range of different devices. This paper introduces new concepts for user authentication in ubiquitous computing, such as the notion of proximity-based user authentication and silent login. The design of these new mechanisms is part of the design of a ubiquitous computing infrastructure for hospitals, which is grounded in field studies of medical work in hospitals. The paper reports from field studies of clinicians using an electronic patient record (EPR) and describes severe usability problems associated with its login procedures. The EPR’s login mechanisms do not recognize the nature of medical work as being nomadic, interrupted, and cooperative around sharing common material. The consequence is that login is circumvented and security is jeopardized.

Understanding Turning Points in Intimate Partner Violence: Factors and Circumstances Leading Women Victims Toward Change

Article

Full-text available

Feb 2010
J WOMENS HEALTH

When counseling women experiencing intimate partner violence (IPV), healthcare providers can benefit from understanding the factors contributing to a women's motivation to change her situation. We wished to examine the various factors and situations associated with turning points and change seeking in the IPV situation. We performed qualitative analysis on data from 7 focus groups and 20 individual interviews with women (61 participants) with past and/or current histories of IPV. The turning points women identified fell into 5 major themes: (1) protecting others from the abuse/abuser; (2) increased severity/humiliation with abuse; (3) increased awareness of options/access to support and resources; (4) fatigue/recognition that the abuser was not going to change; and (5) partner betrayal/infidelity. Women experiencing IPV can identify specific factors and events constituting turning points or catalyst to change in their IPV situation. These turning points are dramatic shifts in beliefs and perceptions of themselves, their partners, and/or their situation that alter the women's willingness to tolerate the situation and motivate them to consider change. When counseling women experiencing IPV, health providers can incorporate understanding of turning points to motivate women to move forward in their process of changing their IPV situation.

Risk Factors for Femicide in Abusive Relationships: Results From a Multisite Case Control Study

Article

Full-text available

Aug 2003

This 11-city study sought to identify risk factors for femicide in abusive relationships. Proxies of 220 intimate partner femicide victims identified from police or medical examiner records were interviewed, along with 343 abused control women. Preincident risk factors associated in multivariate analyses with increased risk of intimate partner femicide included perpetrator's access to a gun and previous threat with a weapon, perpetrator's stepchild in the home, and estrangement, especially from a controlling partner. Never living together and prior domestic violence arrest were associated with lowered risks. Significant incident factors included the victim having left for another partner and the perpetrator's use of a gun. Other significant bivariate-level risks included stalking, forced sex, and abuse during pregnancy. There are identifiable risk factors for intimate partner femicides.

Digital Technologies and Intimate Partner Violence: A Qualitative Analysis with Multiple Stakeholders

Article

Dec 2017

Digital technologies, including mobile devices, cloud computing services, and social networks, play a nuanced role in intimate partner violence (IPV) settings, including domestic abuse, stalking, and surveillance of victims by abusive partners. However, the interactions among victims of IPV, abusers, law enforcement, counselors, and others --- and the roles that digital technologies play in these interactions --- are poorly understood. We present a qualitative study that analyzes the role of digital technologies in the IPV ecosystem in New York City. Findings from semi-structured interviews with 40 IPV professionals and nine focus groups with 32 survivors of IPV reveal a complex set of socio-technical challenges that stem from the intimate nature of the relationships involved and the complexities of managing shared social circles. Both IPV professionals and survivors feel that they do not possess adequate expertise to be able to identify or cope with technology-enabled IPV, and there are currently insufficient best practices to help them deal with abuse via technology. We also reveal a number of tensions and trade-offs in negotiating technology's role in social support and legal procedures. Taken together, our findings contribute a nuanced understanding of technology's role in the IPV ecosystem and yield recommendations for HCI and technology experts interested in aiding victims of abuse.

Stalking the stalkers – detecting and deterring stalking behaviours using technology: A review

Article

Sep 2017
COMPUT SECUR

The Internet age has brought with it a slew of tools and research which allow stalkers, from ex-lovers to complete strangers, to follow a person's life in great detail without their consent. The converse side of the issue, the ability of a target to detect and track stalking behaviour, has not received nearly as much attention, with privacy and security research largely discussing other threat models. This article reviews the current literature on the subject and explores the disparity between technologies used by stalkers and technologies used against stalkers, then suggests some research avenues which may help correct this imbalance.

Stories from Survivors: Privacy & Security Practices when Coping with Intimate Partner Abuse

Conference Paper

May 2017

We present a qualitative study of the digital privacy and security motivations, practices, and challenges of survivors of intimate partner abuse (IPA). This paper provides a framework for organizing survivors' technology practices and challenges into three phases: physical control, escape, and life apart. This three-phase framework combines technology practices with three phases of abuse to provide an empirically sound method for technology creators to consider how survivors of IPA can leverage new and existing technologies. Overall, our results suggest that the usability of and control over privacy and security functions should be or continue to be high priorities for technology creators seeking ways to better support survivors of IPA.

Technology, stalking and domestic violence victims

Article

Jan 2006
Miss Law J

The Abuse of Technology in Domestic Violence and Stalking

Article

May 2016

Delanie Woodlock

We focus on an emerging trend in the context of domestic violence—the use of technology to facilitate stalking and other forms of abuse. Surveys with 152 domestic violence advocates and 46 victims show that technology—including phones, tablets, computers, and social networking websites—is commonly used in intimate partner stalking. Technology was used to create a sense of the perpetrator’s omnipresence, and to isolate, punish, and humiliate domestic violence victims. Perpetrators also threatened to share sexualized content online to humiliate victims. Technology-facilitated stalking needs to be treated as a serious offense, and effective practice, policy, and legal responses must be developed.

"She'll just grab any device that's closer": A Study of Everyday Device & Account Sharing in Households

Conference Paper

May 2016

Many technologies assume a single user will use an account or device. But account and device sharing situations (when 2+ people use a single device or account) may arise during everyday life. We present results from a multiple-methods study of device and account sharing practices among household members and their relations. Among our findings are that device and account sharing was common, and mobile phones were often shared despite being considered "personal" devices. Based on our study results, we organize sharing practices into a taxonomy of six sharing types--distinct patterns of what, why, and how people shared. We also present two themes that cut across sharing types: that (1) trust in sharees and (2) convenience highly influenced sharing practices. Based on these findings, we discuss implications for study and technology design.

Dear Diary: Teens Reflect on Their Weekly Online Risk Experiences

Conference Paper

May 2016

In our study, 68 teens spend two months reflecting on their weekly online experiences and report 207 separate risk events involving information breaches, online harassment, sexual solicitations, and exposure to explicit content. We conduct a structured, qualitative analysis to characterize the salient dimensions of their risk experiences, such as severity, level of agency, coping strategies, and whether the teens felt like the situation had been resolved. Overall, we found that teens can potentially benefit from lower risk online situations, which allow them to develop crucial interpersonal skills, such as boundary setting, conflict resolution, and empathy. We can also use the dimensions of risk described in this paper to identify potentially harmful risk trajectories before they become high-risk situations. Our end goal is to find a way to empower and protect teens so that they can benefit from online engagement.

The Dark Side of the Online Self: A Pragmatist Critique of the Growing Plague of Revenge Porn

Article

Jul 2014

Scott R. Stroud

This study seeks to understand and critique the growing online trend of “revenge porn,” or the intentional embarrassment of identifiable individuals through the posting of nude images online. This posting of intimate pictures, often done out of motives of revenge for perceived relational scorn, is enhanced by the varying levels of online anonymity. Using the theoretical framework of John Dewey's pragmatism, this study both analyzes this understudied but complex new problem precipitated by the conditions of the online self and establishes the groundwork for the use of pragmatist ethics in other areas of communication ethics.

Common Sense Reasoning for Detection, Prevention, and Mitigation of Cyberbullying

Article

Sep 2012

Cyberbullying (harassment on social networks) is widely recognized as a serious social problem, especially for adolescents. It is as much a threat to the viability of online social networks for youth today as spam once was to email in the early days of the Internet. Current work to tackle this problem has involved social and psychological studies on its prevalence as well as its negative effects on adolescents. While true solutions rest on teaching youth to have healthy personal relationships, few have considered innovative design of social network software as a tool for mitigating this problem. Mitigating cyberbullying involves two key components: robust techniques for effective detection and reflective user interfaces that encourage users to reflect upon their behavior and their choices. Spam filters have been successful by applying statistical approaches like Bayesian networks and hidden Markov models. They can, like Google’s GMail, aggregate human spam judgments because spam is sent nearly identically to many people. Bullying is more personalized, varied, and contextual. In this work, we present an approach for bullying detection based on state-of-the-art natural language processing and a common sense knowledge base, which permits recognition over a broad spectrum of topics in everyday life. We analyze a more narrow range of particular subject matter associated with bullying (e.g. appearance, intelligence, racial and ethnic slurs, social acceptance, and rejection), and construct BullySpace, a common sense knowledge base that encodes particular knowledge about bullying situations. We then perform joint reasoning with common sense knowledge about a wide range of everyday life topics. We analyze messages using our novel AnalogySpace common sense reasoning technique. We also take into account social network analysis and other factors. We evaluate the model on real-world instances that have been reported by users on Formspring, a social networking website that is popular with teenagers. On the intervention side, we explore a set of reflective user-interaction paradigms with the goal of promoting empathy among social network participants. We propose an “air traffic control”-like dashboard, which alerts moderators to large-scale outbreaks that appear to be escalating or spreading and helps them prioritize the current deluge of user complaints. For potential victims, we provide educational material that informs them about how to cope with the situation, and connects them with emotional support from others. A user evaluation shows that in-context, targeted, and dynamic help during cyberbullying situations fosters end-user reflection that promotes better coping strategies.

Truth, Lies, and 'Doxxing': The Real Moral of the Gawker/Reddit Story

Article

Jan 2012

danah boyd

Mobiflage: Deniable Storage Encryptionfor Mobile Devices

Article

May 2014

Data confidentiality can be effectively preserved through encryption. In certain situations, this is inadequate, as users may be coerced into disclosing their decryption keys. Steganographic techniques and deniable encryption algorithms have been devised to hide the very existence of encrypted data. We examine the feasibility and efficacy of deniable encryption for mobile devices. To address obstacles that can compromise plausibly deniable encryption (PDE) in a mobile environment, we design a system called Mobiflage. Mobiflage enables PDE on mobile devices by hiding encrypted volumes within random data in a devices free storage space. We leverage lessons learned from deniable encryption in the desktop environment, and design new countermeasures for threats specific to mobile systems. We provide two implementations for the Android OS, to assess the feasibility and performance of Mobiflage on different hardware profiles. MF-SD is designed for use on devices with FAT32 removable SD cards. Our MF-MTP variant supports devices that instead share a single internal partition for both apps and user accessible data. MF-MTP leverages certain Ext4 file system mechanisms and uses an adjusted data-block allocator. These new techniques for soring hidden volumes in Ext4 file systems can also be applied to other file systems to enable deniable encryption for desktop OSes and other mobile platforms.

A High-Tech Twist on Abuse: Technology, Intimate Partner Stalking, and Advocacy

Article

The cognitive walkthrough method: A practitioner''s guide

Article

Jun 1994

Battered Women and Learned Helplessness

Article

Victimology

Lenore E. A. Walker

Suggests the construct of learned helplessness (LH) as a psychological rationale for why battered women become victims. Published literature and the author's clinical experiences in the US and Great Britain provide material for analysis and treatment recommendations. The LH theory has 3 basic components: (a) information about what should happen (the contingency), (b) cognitive representation about the contingency, and (c) behavior. It is suggested that the sex-role socialization process may be responsible for the LH behavior seen in adult women, specifically battered women. The LH theory proposes that the only successful treatment to reverse the cognitive, emotional, and motivational deficits is to learn under which conditions responses will be effective in producing results. The existence of a 3-phase cycle of violence has been isolated from the stories of battered women: tension-building, explosion of acute battering incidents, and calm, loving respite. The phases vary in time and intensity both within the same couple and between different couples. (33 ref) (PsycINFO Database Record (c) 2012 APA, all rights reserved)

The New Age of Stalking: Technological Implications for Stalking

Article

Nov 2010
JUVENILE FAM COURT J

Technology has led to tremendous advancements in our society but has also brought more danger to victims of stalking and given more tools for stalkers to use. New technology has made it more difficult for prosecutors and judges to hold stalkers accountable for their crimes, and without an understanding of how technology is misused by stalkers to track and monitor their victims, many victims don't get the justice they deserve. This article addresses the tremendous impact of technology on stalking, especially within the context of intimate partner stalking.

Yours, Mine and Ours? Sharing and Use of Technology in Domestic Environments

Conference Paper

Sep 2007

Domestic technologies have been a popular area of study for ubiquitous computing researchers, however there is relatively little recent data on how families currently use and share technologies in domestic environments. This paper presents results from an empirical study of 15 families in the U.S in early 2007. We examined the types of technologies families own, including TVs, music players, phones and computers; where they were situated within the home; and the degree of shared ownership and use. Our results call attention to the prevalence of shared usage of technology in domestic environments and also suggest opportunistic spaces for ubiquitous computing technology. While not all ubiquitous computing technologies for domestic environments will be shared, the diverse ways families chose to share their computers suggest that future devices might better match how families wish to use shared technology by supporting both the shared usage model of appliances and the ability to access a personal profile.

TreasurePhone: Context-Sensitive User Data Protection on Mobile Phones

Conference Paper

May 2010

Due to increased input and output capabilities, mobile phones hold many different kinds of (mostly private) data. The need for finer grained profiles and integrated data security on mobile phones has already been documented extensively (e.g. [1]). However, there are no appropriate concepts and implementations yet to handle and limit access to data on mobile phones. TreasurePhone has been designed to address this specific problem. It protects the users’ mobile phone data based on their current context. Privacy protection is realized by spheres, which represent the users’ context-specific need for privacy. That is, users can define which data and services are accessible in which sphere. TreasurePhone exploits context information to support authentication and automatic activation of spheres by locations and actions. We conducted a user study with 20 participants to gain insights on how well users accept such a concept. One of the main goals was to find out whether such privacy features are appreciated by the users even though they make interaction slower and might hinder fast access to specific data. Additionally, we showed that integration of context information significantly increases ease-of-use of the system.

Domestic violence and information communication technologies

Article

Sep 2011

Physical violence against women is pervasive through out the world and domestic violence has been a longstanding issue in feminist activism and research. Yet, these experiences are often not represented in technological research or design. In the move to consider HCI at the margins, in this paper, we ask: how have ICTs affected the experiences of domestic violence survivors? We interviewed female survivors living in a domestic violence shelter about their experiences with technology. Participants reported that they were harassed with mobile phones, experienced additional harassment (but also support) via social networking sites, and tried to resist using their knowledge of security and privacy.

Finding usability problems through heuristic evaluation

Conference Paper

Jan 1992

Jakob Nielsen

Usability specialists were better than non-specialists at performing heuristic evaluation, and “double experts” with specific expertise in the kind of interface being evaluated performed even better. Major usability problems have a higher probability than minor problems of being found in a heuristic evaluation, but more minor problems are found in absolute numbers. Usability heuristics relating to exits and user errors were more difficult to apply than the rest, and additional measures should be taken to find problems relating to these heuristics. Usability problems that relate to missing interface elements that ought to be introduced were more difficult to find by heuristic evaluation in interfaces implemented as paper prototypes but were as easy as other problems to find in running systems.

Intimate Partner Violence Screening Tools

Article

Jun 2009

Intimate partner violence (IPV) screening remains controversial. Major medical organizations mandate screening, whereas the U.S. Preventive Services Task Force (USPSTF) cautions that there is insufficient evidence to recommend for or against screening. An effective IPV screening program must include a screening tool with sound psychometric properties. A systematic review was conducted to summarize IPV screening tools tested in healthcare settings, providing a discussion of existing psychometric data and an assessment of study quality. From the end of 2007 through 2008, three published literature databases were searched from their start through December 2007; this search was augmented with a bibliography search and expert consultation. Eligible studies included English-language publications describing the psychometric testing of an IPV screening tool in a healthcare setting. Study quality was judged using USPSTF criteria for diagnostic studies. Of 210 potentially eligible studies, 33 met inclusion criteria. The most studied tools were the Hurt, Insult, Threaten, and Scream (HITS, sensitivity 30%-100%, specificity 86%-99%); the Woman Abuse Screening Tool (WAST, sensitivity 47%, specificity 96%); the Partner Violence Screen (PVS, sensitivity 35%-71%, specificity 80%-94%); and the Abuse Assessment Screen (AAS, sensitivity 93%-94%, specificity 55%-99%). Internal reliability (HITS, WAST); test-retest reliability (AAS); concurrent validity (HITS, WAST); discriminant validity (WAST); and predictive validity (PVS) were also assessed. Overall study quality was fair to good. No single IPV screening tool had well-established psychometric properties. Even the most common tools were evaluated in only a small number of studies. Sensitivities and specificities varied widely within and between screening tools. Further testing and validation are critically needed.

Intimate Partner Violence, Technology, and Stalking

Article

Sep 2007

This research note describes the use of a broad range of technologies in intimate partner stalking, including cordless and cellular telephones, fax machines, e-mail, Internet-based harassment, global positioning systems, spy ware, video cameras, and online databases. The concept of "stalking with technology" is reviewed, and the need for an expanded definition of cyberstalking is presented. Legal issues and advocacy-centered responses, including training, legal remedies, public policy issues, and technology industry practices, are discussed.

StegFS: A Steganographic File System for Linux

Conference Paper

Apr 2000

. Cryptographic file systems provide little protection against legal or illegal instruments that force the owner of data to release decryption keys for stored data once the presence of encrypted data on an inspected computer has been established. We are interested in how cryptographic file systems can be extended to provide additional protection for such a scenario and we have extended the standard Linux file system (Ext2fs) with a plausible-deniability encryption function. Even though it is obvious that our computer has harddisk encryption software installed and might contain some encrypted data, an inspector will not be able to determine whether we have revealed the access keys to all security levels or only those to a few selected ones. We describe the design of our freely available implementation of this steganographic file system and discuss its security and performance characteristics. 1 Introduction Various implementations of cryptographic file systems have been ma...

Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0

Article

Aug 1999

User errors cause or contribute to most computer security failures, yet user interfaces for security still tend to be clumsy, confusing, or near-nonexistent. Is this simply due to a failure to apply standard user interface design techniques to security? We argue that, on the contrary, effective security requires a different usability standard, and that it will not be achieved through the user interface design techniques appropriate to other types of consumer software. To test this hypothesis, we performed a case study of a security program which does have a good user interface by general standards: PGP 5.0. Our case study used a cognitive walkthrough analysis together with a laboratory user test to evaluate whether PGP 5.0 can be successfully used by cryptography novices to achieve effective electronic mail security. The analysis found a number of user interface design flaws that may contribute to security failures, and the user test demonstrated that when our test participants were g...

Thematic analysis. In Encyclopedia of critical psychology

Victoria Clarke
Virginia Braun

Victoria Clarke and Virginia Braun. 2014. Thematic analysis. In Encyclopedia of critical psychology. Springer, 1947-1952.

Family accounts: a new paradigm for user accounts within the home environment

Serge Egelman
Kori M Brush
Inkpen

Pathways: How women leave violent men

Shirley Patton

Shirley Patton. 2003. Pathways: How women leave violent men. (2003).

Through a feminist lens. Current controversies in family violence

Jan 2005

A Kersti
Yllo
Yllo Kersti A

Kersti A Yllo. 2005. Through a feminist lens. Current controversies in family violence (2005).

The global prevalence of intimate partner violence against women

M Karen
Joelle Yt Devries
Claudia Mak
Max Garcia-Moreno
Petzold
C James
Gail Child
Stephen Falder
Lim

Karen M Devries, Joelle YT Mak, Claudia Garcia-Moreno, Max Petzold, James C Child, Gail Falder, Stephen Lim, Loraine J Bacchus, Rebecca E Engell, Lisa Rosenfeld, and others. 2013. The global prevalence of intimate partner violence against women. Science 340, 6140 (2013), 1527-1528.

Cyber-stalking: the Regulation of Harassment on the Internet

Jan 1998
29

Louise Ellison
Yaman Akdeniz
Ellison Louise

Louise Ellison and Yaman Akdeniz. 1998. Cyber-stalking: the Regulation of Harassment on the Internet. Criminal Law Review 29 (1998), 29-48.

Intimate partner violence screening tools: a systematic review

Jacky M Rebecca F Rabin
Jacquelyn C Jennings
Megan H Campbell
Bair-Merritt

Rebecca F Rabin, Jacky M Jennings, Jacquelyn C Campbell, and Megan H Bair-Merritt. 2009. Intimate partner violence screening tools: a systematic review. American journal of preventive medicine 36, 5 (2009), 439-445.

Domestic violence in the digital age: Towards the creation of a comprehensive cyberstalking statute

Jan 2013
116

Aily Shimizu
Shimizu Aily

Aily Shimizu. 2013. Domestic violence in the digital age: Towards the creation of a comprehensive cyberstalking statute. Berkeley J. Gender L. & Just. 28 (2013), 116.

A Stalker's Paradise: How Intimate Partner Abusers Exploit Technology

Abstract

No full-text available

Recommended publications

Designing Personalized User Experiences in eCommerce

Machine Learning and Knowledge Extraction: First IFIP TC 5, WG 8.4, 8.9, 12.9 International Cross-Do...