We aim to better understand the challenges that everyday people face when using their home computers over both the short- and long-term. Towards this goal, we are building and deploying data collection software that participants install on their computers, which provides metrics on a variety of computer and user behaviors.This data is then sent to our "Security Behavior Observatory." With this data, we hope to identify the causes and effects of usable privacy and security problems users encounter in daily everyday computing. This will provide insights to multiple research areas (e.g., behavioral economics, computer security, human-computer interaction, privacy, social sciences) on what areas most urgently need additional research as well as how we can better help users, developers, and organizations resolve these problems. (See our SBO website for information about participating in our studies.)
Hana Habib, Jessica Colnago, Vidya Gopalakrishnan, Sarah Pearman, Jeremy Thomas, Alessandro Acquisti, Nicolas Christin, and Lorrie Faith Cranor. Away From Prying Eyes: Analyzing Usage and Understanding of Private Browsing. Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018), Baltimore, MD, pp. 159-175.
Sruti Bhagavatula, Lujo Bauer, and Apu Kapadia. (How) Do People Change Their Passwords After a Breach? 2020 Workshop on Technology and Consumer Protection (ConPro '20), May 21, 2020.
Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, and Alain Forget. Let’s go in for a closer look: Observing passwords in their natural habitat. In Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS’17). 2017.
C. Canfield, A. Davis, B. Fischhoff, A. Forget, S. Pearman and J. Thomas Replication: Challenges in Using Data Logs to Validate Phishing Detection Ability Metrics. SOUPS 2017.
A. Forget, S. Pearman, J. Thomas, A. Acquisti, N. Christin, L. Cranor, S. Egelman, M. Harbach, and R. Telang. Do or Do Not, There Is No Try: User Engagement May Not Improve Security Outcomes. SOUPS 2016, Denver, CO, June 22-24, 2016, 97-111.
A. Forget, S. Komanduri, A. Acquisti, N. Christin, L.F. Cranor, and R. Telang. Security Behavior Observatory: Infrastructure for long-term monitoring of client machines. Technical Report CMU-CyLab-14-009, CyLab, Carnegie Mellon University, July 2014.