Corpus ID: 224803749

What breach? Measuring online awareness of security incidents by studying real-world browsing behavior

  title={What breach? Measuring online awareness of security incidents by studying real-world browsing behavior},
  author={Sruti Bhagavatula and Lujo Bauer and Apu Kapadia},
Awareness about security and privacy risks is important for developing good security habits. Learning about real-world security incidents and data breaches can alert people to the ways in which their information is vulnerable online, thus playing a significant role in encouraging safe security behavior. This paper examines 1) how often people read about security incidents online, 2) of those people, whether and to what extent they follow up with an action, e.g., by trying to read more about the… Expand

Figures and Tables from this paper


"Should I Worry?" A Cross-Cultural Examination of Account Security Incident Response
This work conducts a series of qualitative interviews with users who had recently experienced suspicious login incidents on their real Facebook accounts in order to explore this process of account security incident response, finding a common process across participants from five countries. Expand
Away From Prying Eyes: Analyzing Usage and Understanding of Private Browsing
It is concluded that private browsing does mitigate participants’ concerns about their browsing activities being revealed to other users of their computer, but participants overestimate the protection from online tracking and targeted advertising. Expand
Data Breaches: User Comprehension, Expectations, and Concerns with Handling Exposed Data
It is found that users readily understand the risk of data breaches and have consistent expectations for technical and non-technical remediation steps, and participants are comfortable with applications that examine leaked data when the application has a direct, tangible security benefit. Expand
The Effect of Social Influence on Security Sensitivity
It was found that social processes played a major role in a large number of privacy and security-related behavior changes reported by the sample, probably because these processes were effective at raising security sensitivity. Expand
Breaking! A Typology of Security and Privacy News and How It's Shared
Age, gender and security behavioral intention strongly correlated with how people heard about and shared S&P news-e.g., males more often felt a personal responsibility to share, and older people were less likely to hear about S&p news through conversation. Expand
How I Learned to be Secure: a Census-Representative Survey of Security Advice Sources and Behavior
Evidence of a "digital divide" in security is found: the advice sources of users with higher skill levels and socioeconomic status differ from those with fewer resources, which may add to the vulnerability of already disadvantaged users. Expand
Identifying patterns in informal sources of security information
Differences in the security-related information available to users may prevent users from understanding the persistence and frequency of seemingly mundane threats, or from associating protective measures with the generalized threats the users are concerned about. Expand
Insights into User Behavior in Dealing with Internet Attacks
An online experiment platform built for testing the behavior of users when they are confronted with prevalent, concrete attack scenarios such as reflected cross-site scripting, session fixation, and file sharing scams is described and suggests that many non-technical users can exhibit performance comparable to security experts at averting relatively simple threats that they are frequently exposed to in everyday life. Expand
I Think They're Trying to Tell Me Something: Advice Sources and Selection for Digital Security
Interviews of a demographically broad pool of users resulted in several interesting findings, including that negative-security events portrayed in well-crafted fictional narratives with relatable characters may be effective teaching tools for both digital-and physical-security behaviors. Expand
Can People Self-Report Security Accurately?: Agreement Between Self-Report and Behavioral Measures
It is found that a relatively small number of behaviors -- mostly related to tasks that require users to take a specific, regular action -- have non-zero correlations and suggest that security research based on self-report is only reliable for certain behaviors. Expand