October 18th, 2009 Comments Off
By Rick Wash
Users of home computer systems are becoming increasingly aware of the need for computer and information security systems. The market for security software for home users is growing rapidly, and includes anti-virus software, anti-spyware software, personal �rewall software, personal intrusion detection / prevention systems, computer login / password / fi�ngerprint systems, and intrusion recovery software. This software often requires security-relevant decisions be made by the home users, though most home users have little of the technical training and knowledge needed to make those decisions.
Though home computer users have little technical training, they do have some idea of the security threats they face and the potential countermeasures; indeed, the market for home security software is quite active. I conducted a series of 23 semi-interviews to better understand how home computer users think about security threats and security software. While home computer users did not have the complex, sophisticated mental models of computer security experts, they did have a couple of simple models that helped them make security-related decisions. These models led to a number of good security choices, but also led to a number of vulnerabilities that have been exploited by modern botnets. By understanding these mental models, home computer security technologies can be designed to address the vulnerabilities left by these models, and to take advantage of the knowledge that home users actually do possess.
Rick Wash. “Mental Models of Home Computer Security,” Extended Abstract at SOUPS (Symposium on Usable Privacy and Security) 2008 Poster Session. May 2008.
Download: PDF
October 18th, 2009 Comments Off
By Rick Wash
Home computer users frequently lack the skills necessary to ensure proper security. Hackers exploit this to control large networks of computers (‘botnets’) that are used for spam, extortion, and fraud. I integrate ideas from psychology and economics to design software that provides incentives that induce better security choices by home computer users.
Rick Wash, “Incentive Design for Home Computer Security.“ Extended Abstract at the ACM SIGCHI Conference on Computer-Human Interaction 2007 Doctoral Consortium. January 2007.
Download: PDF
October 18th, 2009 Comments Off
By Emilee Rader and Rick Wash
del.icio.us is a website for “social bookmarking” where users can store and access their bookmarks online, along with descriptive keywords or “tags.” When a user of del.icio.us logs in to their account and adds a bookmark, she may also tag that bookmark with any 10 or fewer single words that she feels are somehow related to that web page. Both the tags and the bookmarks are then publicly available; searching by a tag produces all of the bookmarked web pages ever tagged with that word. Because the tags are public, it is possible that users’ choices regarding what tags to apply could be influenced by the tagging practices of others, and a consensus might emerge for which tags should be used in a given context. However, it has long been accepted that people use language imprecisely, and meaning is negotiated on-the-fly during conversation. This imprecision is evident not only in communication, but also when people are asked to create keywords for recipes and names for common editing operations, and when user-generated index terms are compared with Library of Congress subject headings. In fact, the probability that two people will generate the same label for the same object is widely held to be less than 20%.
A question remains about whether users of del.icio.us practice social or selfish tagging. An analysis of bookmark, user and tag data for 349 web pages downloaded via del.icio.us was conducted to discover whether the “vocabulary problem” is present in the way users select tags for web pages. Results indicate that there is very little inter-user agreement, suggesting that most users consciously or inadvertently tag selfishly. These tagging practices have important implications for the findability of web pages in del.icio.us.
Emilee Rader and Rick Wash, “Tagging with Del.icio.us: Social or Selfish?“ Extended Abstract at Computer Supported Cooperative Work (CSCW) 06 Poster Session. November 2006.
Download: PDF, Poster
