We aim to better understand the challenges that everyday people face when using their home computers over both the short- and long-term. Towards this goal, we are building and deploying data collection software that participants install on their computers, which provides metrics on a variety of computer and user behaviors.This data is then sent to our "Security Behavior Observatory." With this data, we hope to identify the causes and effects of usable privacy and security problems users encounter in daily everyday computing. This will provide insights to multiple research areas (e.g., behavioral economics, computer security, human-computer interaction, privacy, social sciences) on what areas most urgently need additional research as well as how we can better help users, developers, and organizations resolve these problems. (See our SBO website for information about participating in our studies.)
C. Canfield, A. Davis, B. Fischhoff, A. Forget, S. Pearman and J. Thomas Replication: Challenges in Using Data Logs to Validate Phishing Detection Ability Metrics. SOUPS 2017.
A. Forget, S. Pearman, J. Thomas, A. Acquisti, N. Christin, L. Cranor, S. Egelman, M. Harbach, and R. Telang. Do or Do Not, There Is No Try: User Engagement May Not Improve Security Outcomes. SOUPS 2016, Denver, CO, June 22-24, 2016, 97-111.
A. Forget, S. Komanduri, A. Acquisti, N. Christin, L.F. Cranor, and R. Telang. Security Behavior Observatory: Infrastructure for long-term monitoring of client machines. Technical Report CMU-CyLab-14-009, CyLab, Carnegie Mellon University, July 2014.