Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 7 of 7
Full-Text Articles in Physical Sciences and Mathematics
Is It The Typeset Or The Type Of Statistics? Disfluent Font And Self-Disclosure, Rebecca Balebako, Eyal Peer, Laura Brandimarte, Lorrie Faith Cranor, Alessandro Acquisti
Is It The Typeset Or The Type Of Statistics? Disfluent Font And Self-Disclosure, Rebecca Balebako, Eyal Peer, Laura Brandimarte, Lorrie Faith Cranor, Alessandro Acquisti
Lorrie F Cranor
Background. The security and privacy communities have become increasingly interested in results from behavioral economics and psychology to help frame decisions so that users can make better privacy and security choices. One such result in the literature suggests that cognitive disfluency (presenting questions in a hard-to-read font) reduces self-disclosure. (A. L. Alter and D. M. Oppenheimer. Suppressing secrecy through metacognitive ease cognitive fluency encourages self-disclosure. Psychological science, 20(11):1414-1420, 2009) Aim. To examine the replicability and reliability of the effect of disfluency on self-disclosure, in order to test whether such approaches might be used to promote safer security and privacy behaviors. …
A Field Trial Of Privacy Nudges For Facebook, Yang Wang, Pedro Giovanni Leon, Alessandro Acquisti, Lorrie Faith Cranor, Alain Forget, Norman Sadeh
A Field Trial Of Privacy Nudges For Facebook, Yang Wang, Pedro Giovanni Leon, Alessandro Acquisti, Lorrie Faith Cranor, Alain Forget, Norman Sadeh
Lorrie F Cranor
Anecdotal evidence and scholarly research have shown that Internet users may regret some of their online disclosures. To help individuals avoid such regrets, we designed two modifications to the Facebook web interface that nudge users to consider the content and audience of their online disclosures more carefully. We implemented and evaluated these two nudges in a 6-week field trial with 28 Facebook users. We analyzed participants' interactions with the nudges, the content of their posts, and opinions collected through surveys. We found that reminders about the audience of posts can prevent unintended disclosures without major burden; however, introducing a time …
Guess Again (And Again And Again): Measuring Password Strength By Simulating Password-Cracking Algorithms (Cmu-Cylab-11-008), Patrick Kelley, Saranga Komanduri, Michelle L. Mazurek, Richard Shay, Tim Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Julio Lopez
Guess Again (And Again And Again): Measuring Password Strength By Simulating Password-Cracking Algorithms (Cmu-Cylab-11-008), Patrick Kelley, Saranga Komanduri, Michelle L. Mazurek, Richard Shay, Tim Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Julio Lopez
Lorrie F Cranor
Text-based passwords remain the dominant authentication method in computer systems, despite significant advancement in attackers’ capabilities to perform password cracking. In response to this threat, password composition policies have grown increasingly complex. However, there is insufficient research defining metrics to characterize password strength and evaluating password-composition policies using these metrics. In this paper, we describe an analysis of 12,000 passwords collected under seven composition policies via an online study. We develop an efficient distributed method for calculating how effectively several heuristic password-guessing algorithms guess passwords. Leveraging this method, we investigate (a) the resistance of passwords created under different conditions to …
From Facebook Regrets To Facebook Privacy Nudges, Yang Wang, Pedro Giovanni Leon, Xiaoxuan Chen, Saranga Komanduri, Gregory Norcie, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh
From Facebook Regrets To Facebook Privacy Nudges, Yang Wang, Pedro Giovanni Leon, Xiaoxuan Chen, Saranga Komanduri, Gregory Norcie, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh
Lorrie F Cranor
As social networking sites (SNSs) gain in popularity, instances of regrets following online (over)sharing continue to be reported. In June 2010, a pierogi mascot for the Pittsburgh Pirates was fired because he posted disparaging comments about the team on his Facebook page. More recently, a high school teacher was forced to resign because she posted a picture on Facebook in which she was holding a glass of wine and a mug of beer. These incidents illustrate how, in addition to fostering socialization and interaction between friends and strangers, the ease and immediacy of communication that SNSs make possible can sometimes …
A Survey Of The Use Of Adobe Flash Local Shared Objects To Respawn Http Cookies (Cmu-Cylab-11-001), Aleecia M. Mcdonald, Lorrie Faith Cranor
A Survey Of The Use Of Adobe Flash Local Shared Objects To Respawn Http Cookies (Cmu-Cylab-11-001), Aleecia M. Mcdonald, Lorrie Faith Cranor
Lorrie F Cranor
Website developers can use Adobe’s Flash Player product to store information locally on users’ disks with Local Shared Objects (LSOs). LSOs can be used to store state information and user identifiers, and thus can be used for similar purposes as HTTP cookies. In a paper by Soltani et al, researchers documented at least four instances of “respawning,” where users deleted their HTTP cookies only to have the HTTP cookies recreated based on LSO data. In addition, the Soltani team found half of the 100 most popular websites used Flash technologies to store information about users. Both respawning and using LSOs …
An Empirical Analysis Of Phishing Blacklists, Steve Sheng, Brad Wardman, Gary Warner, Lorrie Faith Cranor, Jason Hong, Chengshan Zhang
An Empirical Analysis Of Phishing Blacklists, Steve Sheng, Brad Wardman, Gary Warner, Lorrie Faith Cranor, Jason Hong, Chengshan Zhang
Lorrie F Cranor
In this paper, we study the effectiveness of phishing blacklists. We used 191 fresh phish that were less than 30 minutes old to conduct two tests on eight anti-phishing toolbars. We found that 63% of the phishing campaigns in our dataset lasted less than two hours. Blacklists were ineffective when protecting users initially, as most of them caught less than 20% of phish at hour zero. We also found that blacklists were updated at different speeds, and varied in coverage, as 47% - 83% of phish appeared on blacklists 12 hours from the initial test. We found that two tools …
The Privacy And Security Behaviors Of Smartphone App Developers, Rebecca Balebako, Abigail Marsh, Jialiu Lin, Jason I. Hong, Lorrie Faith Cranor
The Privacy And Security Behaviors Of Smartphone App Developers, Rebecca Balebako, Abigail Marsh, Jialiu Lin, Jason I. Hong, Lorrie Faith Cranor
Lorrie F Cranor
Smartphone app developers have to make many privacy-related decisions about what data to collect about endusers, and how that data is used. We explore how app developers make decisions about privacy and security. Additionally, we examine whether any privacy and security behaviors are related to characteristics of the app development companies. We conduct a series of interviews with 13 app developers to obtain rich qualitative information about privacy and security decision-making. We use an online survey of 228 app developers to quantify behaviors and test our hypotheses about the relationship between privacy and security behaviors and company characteristics. We find …