Financial Cryptography and Data Security '10

Invited Talk: Invited Talk: Lorrie Faith Cranor, CMU.  Users do the darndest things:
True stories from the CyLab Usable Privacy and Security Laboratory 
Wednesday (1/27), 09:30 - 10:30 - Conference room: Teide

How can we make security and privacy software more usable? The first
step is to study our users. Ideally, we would watch them interacting
with security or privacy software in situations where they face actual
risk. But everyday computer users don't sit around fiddling with
security software, and subjecting users to actual security attacks
raises ethical and legal concerns. Thus, it can be difficult to
observe users interacting with security and privacy software in their
natural habitat. At the CyLab Usable Privacy and Security Laboratory,
we've conducted a wide variety of studies aimed at understanding how
users think about security and privacy and how they interact with
security and privacy software. In this talk I'll give a behind the
scenes tour of some of the techniques we've used to study users both
in the laboratory and in the wild. I'll discuss the trials and
tribulations of designing and carrying out security and privacy user
studies, and highlight some of our surprising observations. Find out
what privacy-sensitive items you can actually get study participants
to purchase, how you can observe users' responses to a
man-in-the-middle attack without actually conducting such an attack,
why it's hard to get people to use high tech cell phones even when you
give them away, and what's actually in that box behind the couch in my
office.