conferences trip report usable security

SOUPS 2017 Trip Report

What conference did I go to?

I attended the USENIX Symposium on Usable Privacy and Security (SOUPS) 2017 in July, where I presented our paper on Automatic Application Software Updates on Android. Early in July, I blogged about our paper, and its results and implications. In this post, I’ll summarize my experiences at the conference, particularly highlighting papers and research that piqued my interest.

Where was the conference held?

The conference was held in Santa Clara, in sunny Northern California.

What were the three best talks I attended?

The conference featured papers tackling issues across a wide range of topics ranging from authentication, user behavior in security defense, specific sub-populations, and privacy. Although several of these talks were informative, I found the following three talks to be particularly interesting:

  1. How Effective is Anti-Phishing Training for Children?:
    1. This talk described the design of a phishing training intervention aimed at school children, and its evaluation over time. The authors found that the children who received the training got better at identifying phishing emails than those who didn’t; however, the training had no effect on identifying legitimate emails. Furthermore, the students who received the training performed no better than those didn’t four weeks after receiving the training, indicating a decay in performance.
    2. While both the methodology and results of the experiment were insightful, I found the discussion from the authors on ethics illuminating. For instance, the authors reported having to obtain informed consent from the parents of the children before launching the experiment, and also thinking through the ethics of their actions. I was pleasantly surprised to learn that they trained the control group—the group that did not receive the training—at the end of the experiment, and also debriefed the children and their families about the experiment.
  2. I feel stupid I can’t delete…: A Study of Users’ Cloud Deletion Practices and Coping Strategies.
    1. This talk described the findings from an exploratory study examining users’ motivations and mental models about deleting files from the Cloud. The authors discovered that users lack sufficient information about deletion and had incomplete and often incorrect mental models about how files are stored on the Cloud, which in turn led to sub-optimal actions.
    2. I found this talk particularly interesting because it tackles a previously unexplored problem in usable security. In wake of numerous high profile cases of iCloud leaks, this problem has become all the more important, and it seems like redesigning such deletion interfaces can be of help to users.
  3. The Importance of Visibility for Folk Theories of Sensor Data.
    1. This talk described users make decisions about privacy in the context of wearable devices. Specifically, the authors investigated the challenges users make to make informed privacy decisions given that they don’t really ‘see’ how their data is being collected and used.

What was my favorite part of the conference?

My favorite part of attending SOUPS is being able to meet and interact with the HCI and Privacy/Security community. The SOUPS organization invests heavily in its student body (e.g. by almost always offering travel grants), and this enables students—new and old—to continue participating.

What was my least favorite part of the conference?

None really. I wish the venue was closer to restaurants in the area.