Privacy and Freedom.

Smart speakers with voice assistants, like Amazon Echo and Google Home, provide benefits and convenience but also raise privacy concerns due to their continuously listening microphones. We studied people's reasons for and against adopting smart speakers, their privacy perceptions and concerns, and their privacy-seeking behaviors around smart speakers. We conducted a diary study and interviews with seventeen smart speaker users and interviews with seventeen non-users. We found that many non-users did not see the utility of smart speakers or did not trust speaker companies. In contrast, users express few privacy concerns, but their rationalizations indicate an incomplete understanding of privacy risks, a complicated trust relationship with speaker companies, and a reliance on the socio-technical context in which smart speakers reside. Users trade privacy for convenience with different levels of deliberation and privacy resignation. Privacy tensions arise between primary, secondary, and incidental users of smart speakers. Finally, current smart speaker privacy controls are rarely used, as they are not well-aligned with users' needs. Our findings can inform future smart speaker designs; in particular we recommend better integrating privacy controls into smart speaker interaction.

Alexa, Are You Listening?: Privacy Perceptions, Concerns and Privacy-seeking Behaviors with Smart Speakers

Advancements in information technology often task users with complex and consequential privacy and security decisions A growing body of research has investigated individuals’ choices in the presence of privacy and information security tradeoffs, the decision-making hurdles affecting those choices, and ways to mitigate such hurdles This article provides a multi-disciplinary assessment of the literature pertaining to privacy and security decision making It focuses on research on assisting individuals’ privacy and security choices with soft paternalistic interventions that nudge users toward more beneficial choices The article discusses potential benefits of those interventions, highlights their shortcomings, and identifies key ethical, design, and research challenges

https://dl.acm.org/doi/pdf/10.1145/3054926

Nudges for Privacy and Security: Understanding and Assisting Users’ Choices Online

Notifying users about a system's data practices is supposed to enable users to make informed privacy decisions. Yet, current notice and choice mechanisms, such as privacy policies, are often ineffective because they are neither usable nor useful, and are therefore ignored by users. Constrained interfaces on mobile devices, wearables, and smart home devices connected in an Internet of Things exacerbate the issue. Much research has studied usability issues of privacy notices and many proposals for more usable privacy notices exist. Yet, there is little guidance for designers and developers on the design aspects that can impact the effectiveness of privacy notices. In this paper, we make multiple contributions to remedy this issue. We survey the existing literature on privacy notices and identify challenges, requirements, and best practices for privacy notice design. Further, we map out the design space for privacy notices by identifying relevant dimensions. This provides a taxonomy and consistent terminology of notice approaches to foster understanding and reasoning about notice options available in the context of specific systems. Our systemization of knowledge and the developed design space can help designers, developers, and researchers identify notice and choice requirements and develop a comprehensive notice concept for their system that addresses the needs of different audiences and considers the system's limitations and opportunities for providing notice.

/pdf/a-design-space-for-effective-privacy-notices-i3j34990y3.pdf

A design space for effective privacy notices

Augmented Reality (AR) interfaces have been studied extensively over the last few decades, with a growing number of user-based experiments. In this paper, we systematically review 10 years of the most influential AR user studies, from 2005 to 2014. A total of 291 papers with 369 individual user studies have been reviewed and classified based on their application areas. The primary contribution of the review is to present the broad landscape of user-based AR research, and to provide a high-level view of how that landscape has changed. We summarize the high-level contributions from each category of papers, and present examples of the most influential user studies. We also identify areas where there have been few user studies, and opportunities for future research. Among other things, we find that there is a growing trend toward handheld AR user studies, and that most studies are conducted in laboratory settings and do not involve pilot testing. This research will be useful for AR researchers who want to follow best practices in designing their own AR user studies.

/pdf/a-systematic-review-of-10-years-of-augmented-reality-1zfm5ljlgk.pdf

A Systematic Review of 10 Years of Augmented Reality Usability Studies: 2005 to 2014

Smartphones have emerged as a likely application area for graphical passwords, because they are easier to input on touchscreens than text passwords. Extensive research on graphical passwords and the capabilities of modern smartphones result in a complex design space for graphical password schemes on smartphones. We analyze and describe this design space in detail. In the process, we identify and highlight interrelations between usability and security characteristics, available design features, and smartphone capabilities. We further show the expressiveness and utility of the design space in the development of graphical passwords schemes by implementing five different existing graphical password schemes on one smartphone platform. We performed usability and shoulder surfing experiments with the implemented schemes to validate identified relations in the design space. From our results, we derive a number of helpful insights and guidelines for the design of graphical passwords.

/pdf/exploring-the-design-space-of-graphical-passwords-on-1qcu9dzqxw.pdf

Exploring the design space of graphical passwords on smartphones

Learning to play the piano is a prolonged challenge for novices. It requires them to learn sheet music notation and its mapping to respective piano keys, together with articulation details. Smooth playing further requires correct finger postures. The result is a slow learning progress, often causing frustration and strain. To overcome these issues, we propose P.I.A.N.O., a piano learning system with interactive projection that facilitates a fast learning process. Note information in form of an enhanced piano roll notation is directly projected onto the instrument and allows mapping of notes to piano keys without prior sight-reading skills. Three learning modes support the natural learning process with live feedback and performance evaluation. We report the results of two user studies, which show that P.I.A.N.O. supports faster learning, requires significantly less cognitive load, provides better user experience, and increases perceived musical quality compared to sheet music notation and non-projected piano roll notation.

P.I.A.N.O.: Faster Piano Learning with Interactive Projection

Ubiquitous computing applications introduce multiple privacy challenges due to their sensing and actuation capabilities, which are often combined with ubiquitous interconnectivity. Because of the complexity of many ubicomp systems, users might have difficulties estimating the privacy implications of their actions and decisions. In this article, the authors discuss leveraging awareness about a user's context and respective context changes to dynamically support privacy decision making. They present an operationalization of Irwin Altman's privacy regulation theory for this purpose, describing how individual phases of the process can be supported. They also report on their experiences in developing context-adaptive privacy mechanisms for different applications and domains. This article is part of a special issue on privacy and security.

Context-Adaptive Privacy: Leveraging Context Awareness to Support Privacy Decision Making

Innovative ways to use ad hoc networking between vehicles are an active research topic and numerous proposals have been made for applications that make use of it. Due to the bandwidth-limited wireless communication medium, scalability is one crucial factor for the success of these future protocols. Data aggregation is one solution to accomplish such scalability. The goal of aggregation is to semantically combine information and only disseminate this combined information in larger regions. However, the integrity of aggregated information cannot be easily verified anymore. Thus, attacks are possible resulting in lower user acceptance of applications using aggregation or, even worse, in accidents due to false information crafted by a malicious user. Therefore, it is necessary to design novel mechanisms to protect aggregation techniques. However, high vehicle mobility, as well as tight bandwidth constraints, pose strong requirements on the efficiency of such mechanisms. We present new security mechanisms for semantic data aggregation that are suitable for use in vehicular ad hoc networks. Resilience against both malicious users of the system and wrong information due to faulty sensors are taken into consideration. The presented mechanisms are evaluated with respect to their bandwidth overhead and their effectiveness against possible attacks.

/pdf/resilient-secure-aggregation-for-vehicular-networks-3q85yavc4d.pdf

Resilient secure aggregation for vehicular networks

Network communication using unprotected air as a medium leads to unique challenges ensuring confidentiality, integrity and availability. While newer amendments of IEEE 802.11 provide acceptable confidentiality and integrity, availability is still questionable despite broad usage of Wi-Fi technologies for tasks where availability is critical. We will present new security weaknesses that we have identified in the 802.11 standard and especially the 802.11h amendment. Our results are underlined by an extensive analysis of attacks addressing the quiet information element and channel switch announcement in management frames. For some stations a complete DoS effect can be achieved with a single packet for more than one minute. This shows that the newly identified attacks are more efficient than earlier approaches like a deauthentication attack. Tests were performed with a large variety of network interface cards, mobile devices, and operating systems.

Bastian Könings

Papers

Exploring the design space of graphical passwords on smartphones

P.I.A.N.O.: Faster Piano Learning with Interactive Projection

Context-Adaptive Privacy: Leveraging Context Awareness to Support Privacy Decision Making

Resilient secure aggregation for vehicular networks

Channel switch and quiet attack: New DoS attacks exploiting the 802.11 standard