Characterizing user behavior and anticipating its effects on computer security with a Security Behavior Observatory - April 2022
PI(s), Co-PI(s), Researchers:
Lorrie Cranor, Nicolas Christin
Researchers: Sarah Pearman, Jeremy Thomas
HARD PROBLEM(S) ADDRESSED
This refers to Hard Problems, released November 2012.
The Security Behavior Observatory addresses the hard problem of "Understanding and Accounting for Human Behavior" by collecting data directly from people's own home computers, thereby capturing people's computing behavior "in the wild". This data is the closest to the ground truth of the users' everyday security and privacy challenges that the research community has ever collected. We expect the insights discovered by analyzing this data will profoundly impact multiple research domains, including but not limited to behavioral sciences, computer security & privacy, economics, and human-computer interaction.
PUBLICATIONS
N/A this quarter
PUBLIC ACCOMPLISHMENT HIGHLIGHTS
The purpose is to give our immediate sponsors a body of evidence that the funding they are providing is delivering results that "more than justify" the investment they are making.
The SBO addresses the hard problem of "Understanding and Accounting for Human Behavior" by collecting data directly from people's own home computers, thereby capturing people's computing behavior "in the wild."
- Paper Accepted: Adulthood is trying each of the same six passwords that you use for everything: The scarcity and ambiguity of security advice on social media. Sruti Bhagavatula, Lujo Bauer, and Apu Kapadia. To appear in CSCW 2022.
- In this project, we study the extent to which security- and privacy-related information is presented to users through their social media or "friends".
- This relates to the hard problem of understanding and accounting for real human behavior. By analyzing the actual social media logs of participants, we study the extent to which this information is exposed to users and how different aspects of this information impacts people's security behaviors measured across the type of browsing they do, password use habits, and other system-related behaviors.
- Paper Published: How Do Home Computer Users Browse the Web? Kyle Crichton, Nicolas Christin, and Lorrie Cranor. Published in the Feb 2022 issue of the ACM Transactions on the Web journal. https://dl.acm.org/doi/10.1145/3473343
- Using data collected through the SBO, we provide new insights into how users browse the internet
- First, we compare our data to previous studies conducted over the past two decades and identify changes in user browsing and navigation. Most notably, we observe a substantial increase in the use of multiple browser tabs to switch between pages.
- Using the more detailed information provided by the SBO, we identify and quantify a critical measurement error inherent in previous server-side measurements that do not capture when users switch between browser tabs. This issue leads to an incomplete picture of user browsing behavior and an inaccurate measurement of user navigation and dwell time.
- In addition, we observe that users exhibit a wide range of browsing habits that do not easily cluster into different categories, a common assumption made in research study design and software development.
- We find that browsing the web consumes the majority of users' time spent on their computer eclipsing the use of all other software on their machine.
- While browsing, we show that users spend the majority of their time browsing a few popular websites, but also spend a disproportionate amount of time on low-visited websites on the edges of the internet.
- We find that users navigating to these low-visited sites are much more likely to interact with riskier content like adware, alternative health and science information, and potentially illegal streaming and gambling sites.
- Finally, we identify the primary gateways that are used to navigate to these low-visited sites and discuss the implications for future research.
COMMUNITY ENGAGEMENTS
EDUCATIONAL ADVANCES (If Applicable)