• Publications
  • Influence
Hackers vs. Testers: A Comparison of Software Vulnerability Discovery Processes
TLDR
We report on a semi-structured interview study with both testers and hackers, focusing on how each group finds vulnerabilities, how they develop their skills, and the challenges they face. Expand
  • 35
  • 3
  • PDF
A Summary of Survey Methodology Best Practices for Security and Privacy Researchers
“Given a choice between dancing pigs and security, users will pick dancing pigs every time,” warns an oft-cited quote from well-known security researcher Bruce Schneier [132]. This issue ofExpand
  • 26
  • 3
Human Perceptions of Fairness in Algorithmic Decision Making: A Case Study of Criminal Risk Prediction
TLDR
We collected and analyzed fairness perceptions from a survey of 576 people. Expand
  • 73
  • 2
  • PDF
How I Learned to be Secure: a Census-Representative Survey of Security Advice Sources and Behavior
TLDR
This paper rigorously investigates how users' security beliefs, knowledge, and demographics correlate with their sources of security advice, and how all these factors influence security behaviors. Expand
  • 65
  • 2
  • PDF
I Think They're Trying to Tell Me Something: Advice Sources and Selection for Digital Security
TLDR
We conducted 25 semi-structured interviews of a demographically broad pool of users and found that participants evaluated digital- and physical-security advice based on their intuitive assessment of the advice content, and rejected advice for many reasons, including finding that the advice contains too much marketing material. Expand
  • 51
  • 2
  • PDF
Exploring User Perceptions of Discrimination in Online Targeted Advertising
TLDR
Targeted online advertising can improve users’ online shopping experiences, it can also have negative effects. Expand
  • 36
  • 2
  • PDF
Where is the Digital Divide?: A Survey of Security, Privacy, and Socioeconomics
TLDR
We use logistic regression to investigate how users’ advice sources, SES, and resources relate to the security and privacy experiences they report. Expand
  • 22
  • 2
  • PDF
How good is good enough for COVID19 apps? The influence of benefits, accuracy, and privacy on willingness to adopt
TLDR
We survey over 4,500 Americans to evaluate (1) the effect of both accuracy and privacy concerns on reported willingness to install COVID19 contact tracing apps and (2) how different groups of users weight accuracy vs. privacy. Expand
  • 18
  • 2
  • PDF
Examining the Demand for Spam: Who Clicks?
TLDR
We examine the demand side of the spam equation examining what drives users to click on spam via a large-scale analysis of de-identified, aggregated Facebook log data. Expand
  • 10
  • 2
  • PDF
How Well Do My Results Generalize? Comparing Security and Privacy Survey Results from MTurk and Web Panels to the U.S.
Security and privacy researchers often rely on data collected from Amazon Mechanical Turk (MTurk) to evaluate security tools, to understand users’ privacy preferences, to measure online behavior, andExpand
  • 18
  • 1