This paper describes a system and user interface for helping people manage the revelation of their personal information to different parties. PRIME aims to be a privacy-enhancing system for identity management and is based on the idea that people choose different identities to present in different situations. The paper examines a role-centred design, [...]
Given that several speakers, papers, and posters mention phishing in this conference, some readers may enjoy reading this account.
Nathan Good presented a paper on EULAs and how users ignore them when installing software that contains spyware (e.g, P2P software).
I have been working on a concept of just-in-time click-through agreements, and recently got some interest from the legal community in the US.
An early paper on this is available at http://www.andrewpatrick.ca/jitcta/jitcta.html
An updated paper for a [...]
Nathan Good presented a user study of End-User License Agreements in which study participants were observed while installing software. Various test conditions displayed warnings, the EULA, and even a carefully handcrafted short version of the EULA, but most users ignored them and clicked through. Particularly interesting was the fact that users, when asked, [...]
This talk described a system for helping people create well-formed and enforceable privacy policies based on templates. The system uses natural language processing to parse ordinary text, so you can use it to edit a policy both in English and using a form with lists and buttons; the system keeps the two representations in [...]
This paper described two applications: Vavoom, a visualization of network activity during Web browsing, and Impromptu, a direct-manipulation interface for sharing files in workgroups.
Before the Opening Session, there were the tutorials. I attended Jason Hong’s User Interface Design, Prototyping, and Evaluation. It was a 105 slide, 3.5 hour condensation of his three day class, covering many aspects of techniques you can use to create usable interfaces. It’s an excellent overview with a lot [...]
This paper describes a user study inspired by Why Johnny Can’t Encrypt, in which the study participant is told they are working for a political campaign trying to use e-mail privately (without exposing their activities to opposing campaigns). The “Johnny 2″ study presented here used a similar scenario but added attackers. In the [...]
This paper described a graphical password technique where users were asked to click on 5 points in an image in the correct order.
There was some interesting discussion about how secure such as scheme is. I am left wondering if a simple eye-tracking study would reveal the dominant areas of a picture and then make a [...]
One of the things Bill Cheswick mentioned during his talk was that the battle for unguessable passwords is lost. According to him, it is time to stop complaining that people pick passwords that are vulnerable to dictionary attacks. It will never get better. Instead, he suggests not letting users pick passwords.
What do [...]
“Skinny-dipping with Microsoft” is what Bill calls using the Internet without a firewall installed. For his dad, this left his computer a “software toxic waste dump”. There are about 200 new viruses a day. There are even nice GUIs for making viruses (with clean user interfaces to boot!)
But despite having to dismiss [...]
Many thanks to Lorrie Cranor for organizing this badly needed conference. Lorrie started off the day with some motivation by noting the growing severity of security problems. After you’ve followed all of the common advice and installed virus scanners, firewall software, a pop-up blocker, a cookie management tool, spam filters, and maybe some [...]