conferences presentations publication

User Perceptions of Smart Home Internet of Things (IoT) Privacy

Posted on behalf of Serena Zheng, Noah Apthorpe, Marshini Chetty, and Nick Feamster.

Our work on “User Perceptions of Smart Home Internet of Things (IoT) Privacy” will be presented at the ACM Conference on Computer-Supported Cooperative Work and Social Computing (CSCW) on November 6th, 2018. We briefly summarize our findings below.

What did we do? Smart home Internet of Things (IoT) devices are rapidly increasing in popularity, with more households including Internet-connected appliances that continuously monitor user activities. We wanted to investigate how users perceive the privacy implications of smart home technology and what role privacy considerations play in device purchasing and use decisions.

How did we do it? We conducted 11 interviews of early adopters of smart home technology in the United States, investigating their reasons for purchasing IoT devices, perceptions of smart home privacy risks, and actions taken to protect their privacy from entities external to the home who create, manage, track, or regulate IoT devices and/or their data.

What did we find? We identified four common themes across interview responses:

  1. Convenience and connectedness are priorities for smart home device users. These values often outweigh other concerns about IoT devices, including obsolescence, security, and privacy.
  2. User opinions about who should have access to their smart home data (e.g., manufacturers, Internet service providers, and governments) depend on perceived benefit to the user.  
  3. User assumptions about privacy protections are contingent on their trust of IoT device manufacturers, although they do not know whether these companies actually perform data encryption or anonymization.
  4. Users are less concerned about privacy risks from devices, such as lightbulbs and thermostats, that do not record audio or video, despite research showing that metadata from such devices can be used to infer home occupancy, work routines, sleeping patterns, and other user activities.

What are the implications of this work? These themes motivate recommendations for smart home device designers, researchers, regulators, and industry standards bodies. Participants’ desires for convenience and trust in IoT device manufacturers limit their willingness to take action to verify or enforce smart home data privacy. This means that privacy notifications and settings must be exceptionally clear and convenient, especially for smart home devices without screens. Improved cybersecurity and privacy regulation, combined with industry standards outlining best privacy practices, would also reduce the burden on users to manage their own privacy. We encourage follow-up studies examining the effects of smart home devices on privacy between individuals within a household and comparing perceptions of smart home privacy in different countries.

For more details about our interview findings and corresponding recommendations, please read this related blog post or the full paper.

conferences trip report

Trip Report – LISA conference 2017

Posted on behalf of Lisa Rogers.

What conference did I go to?

I attended the USENIX Large Installation System Administration (LISA) conference. I was there to recruit participants for a study we are conducting on system administrators who handle software updates for multiple machines. This is a unusual and difficult target demographic to recruit for so I wanted to use the conference as a way to reach the right study population. I also wanted to gain further background information of the industry at large to inform our data collection and data analysis processes.

Where was the conference held?

In the Market District of San Francisco just across the street from the Bay.

What was my favorite part of the conference?

The community was incredibly welcoming. So many people took the time to talk to me about our research, and career paths, and even on blue sky topics such as the one discussion we had on the best way to RFID tag a moving entity like a cow. I had not ever been to a conference before with quite as much of an open source culture. It was fascinating hearing people from all facets of the industry have very frank conversations about their methods, corporate culture, and policy barriers.

What was my least favorite part of the conference?

That there were so many interesting things going on at the same time and I could not be at all of them! I am really glad they posted the talks online, but wish I had known they didn’t post the tutorials as well. I would have attended tutorials rather than talks if I had known.

What lessons did I learn from recruiting participants from a conference setting?

We set up a booth to attract potential participants to take our survey or sign up for an interview. This was pre-arranged with the conference organizers. We took care to make our booth colorful and to have lots of swag to use to compensate potential participants if they passed our table such as little LEGO packs and candy. I learned that the LEGOs we had at the table at the EXPO drew many more people than the phone incentive we were offering for participation in our survey. Also, I had put many chairs at the booth since the EXPO was mostly standing and these chairs were a big draw for people to sit down and take the survey. For the future, even if they are less expensive or fancy, tangible incentives such as our LEGOs or candy were much more enticing to participants than the chance of a big figure prize. Next time I would capitalize on that kind of incentive for study participation more, and perhaps do a daily raffle or the like on a smaller prize to draw people to the booth. I noticed that worked well for some of the other booths. Also, very few people wanted to use their limited conference time to complete the interview. It was a great place for recruiting for a short survey but not so much for conducting a longer style interview. I actually did, however, interview many people who signed up at the conference at a later stage, soon after I returned from the event.

Having a booth definitely changed the conference experience as well. Even when I was not at the EXPO, I had a hard time making it into talks, because people recognized me and would be curious to discuss our research. Given the purpose of my presence at the conference, I saw these as great opportunities as well. During my “Hallway Track” I learned everything from the basics of programming embedded RFIDs, to how to justify training budgets (especially once your company is acquired by a large company), to non traditional paths in DevOPs that leverage an HCI background.

conferences trip report usable security

SOUPS 2017 Trip Report

What conference did I go to?

I attended the USENIX Symposium on Usable Privacy and Security (SOUPS) 2017 in July, where I presented our paper on Automatic Application Software Updates on Android. Early in July, I blogged about our paper, and its results and implications. In this post, I’ll summarize my experiences at the conference, particularly highlighting papers and research that piqued my interest.

Where was the conference held?

The conference was held in Santa Clara, in sunny Northern California.

What were the three best talks I attended?

The conference featured papers tackling issues across a wide range of topics ranging from authentication, user behavior in security defense, specific sub-populations, and privacy. Although several of these talks were informative, I found the following three talks to be particularly interesting:

  1. How Effective is Anti-Phishing Training for Children?:
    1. This talk described the design of a phishing training intervention aimed at school children, and its evaluation over time. The authors found that the children who received the training got better at identifying phishing emails than those who didn’t; however, the training had no effect on identifying legitimate emails. Furthermore, the students who received the training performed no better than those didn’t four weeks after receiving the training, indicating a decay in performance.
    2. While both the methodology and results of the experiment were insightful, I found the discussion from the authors on ethics illuminating. For instance, the authors reported having to obtain informed consent from the parents of the children before launching the experiment, and also thinking through the ethics of their actions. I was pleasantly surprised to learn that they trained the control group—the group that did not receive the training—at the end of the experiment, and also debriefed the children and their families about the experiment.
  2. I feel stupid I can’t delete…: A Study of Users’ Cloud Deletion Practices and Coping Strategies.
    1. This talk described the findings from an exploratory study examining users’ motivations and mental models about deleting files from the Cloud. The authors discovered that users lack sufficient information about deletion and had incomplete and often incorrect mental models about how files are stored on the Cloud, which in turn led to sub-optimal actions.
    2. I found this talk particularly interesting because it tackles a previously unexplored problem in usable security. In wake of numerous high profile cases of iCloud leaks, this problem has become all the more important, and it seems like redesigning such deletion interfaces can be of help to users.
  3. The Importance of Visibility for Folk Theories of Sensor Data.
    1. This talk described users make decisions about privacy in the context of wearable devices. Specifically, the authors investigated the challenges users make to make informed privacy decisions given that they don’t really ‘see’ how their data is being collected and used.

What was my favorite part of the conference?

My favorite part of attending SOUPS is being able to meet and interact with the HCI and Privacy/Security community. The SOUPS organization invests heavily in its student body (e.g. by almost always offering travel grants), and this enables students—new and old—to continue participating.

What was my least favorite part of the conference?

None really. I wish the venue was closer to restaurants in the area.

conferences trip report

Citizen Lab Summer Institute 2017 Trip Report

Posted on behalf of Mark Martinez

What conference did I go to?

I went to the Citizen Lab Summer Institute 2017 (CLSI) conference held by the eponymous Citizen Lab that brings together not only computer scientists, but any actor that works in the privacy and security field. I went to conduct interviews for a research project headed by Marshini Chetty and Philipp Winter. The link to the research project and its description can be found here: Tor Interview Project

It was this intersection of political scientists, computer scientists and political activists that made this conference so unique. To see so much of the impact that privacy technology makes made me realize how important the work in ensuring anonymity in certain circumstances is. One of the first people to speak at the conference talked about how some of her colleagues were jailed in a foreign nation because of the human rights work that they were doing. It hit home as to why it’s so important to actually make sure that when a person wishes to remain anonymous they can because it can be an actual matter of life and death.

Where was the conference held?

The conference is held yearly at the Munk School of Global Affairs at the University of Toronto. It is held in the Citizen Lab which frequently publishes papers on privacy and security both in the industrial and government sector.

What were the three best talks I attended?

My favorite talk of the conference was the first talk that had each major party of the conference rise up and talk about what they are doing and who they are collaborating with. It was here that you got to see just how diverse the group of participants were. It seemed like there were actually no purely technical people: everybody worked on interesting and inter-disciplinary work. The work varied from human rights and combating censorship in nations to deconstructing applications that are widely used in some foreign countries and exposing major security flaws. The first day’s agenda and notes (as well as links to all talks) can be found at this link: Agenda and Notes

Another interesting talk was listening to how censorship affects multiple countries in different ways. Four people talked about how censorship affects diverse regions of the world like, Pakistan, Iran, Brazil and Latin America, and parts of Africa. These people talked about the work that they do to circumvent censorship like creating different ways for people to reach blocked websites such as by redirecting the traffic or even setting up satellite dishes that would allow people to obtain blocked information. One interesting note was that in the 2017 Iranian election there was no censorship of popular media because it was now the entire political spectrum that were using platforms like WhatsApp and not just younger liberal pockets of the populace. This talk’s information can be found here: WorldWide Censorship Notes

A very different talk that I attended was done in collaboration with Jason Li and Andrew Hilts. In this talk Jason took technical concepts from the crowd and within 10 minutes made them into comics. Jason took examples like phishing and Tor and made them into approachable and mildly humorous comics. Jason and Andrew went on to explain that one feature that the Citizen Lab performs is to take issues that are widely relevant to the public but that are easily lost in jargon and make them into comics. This talk’s information can be found here: Technical Problems into Comics

What was my favorite part of the conference?

The conference was an eye-opening experience. Although much of my time was spent doing interviews for the research study I was participating in, I was still able to see how much concrete impact is being made in the lives of people all over the world. Privacy and security is not just a matter of novelty or paranoia, but is something that is critical to the success of so many operations worldwide ranging from understanding what user agreements for apps are to protecting the lives of human rights activists that are under government scrutiny.



BEAMing into CHI 2017

The Princeton HCI group enjoyed the CHI 2017 conference in Denver, Colorado two weeks ago. Katie and Janet attended in person and Marshini BEAMed in to attend via Telepresence. Here’s what Marshini had to say about telepresence:

It was really exciting to sign up last-minute to attend the CHI conference via telepresence. I attended Ben Schneiderman’s plenary talk on Tuesday, networked and attended several talk sessions on that day, and was fortunate to attend the conference and watch our collaborators Victoria Chang and Pramod Chundury present our CHI 2017 paper on Drones, Privacy, and Security late on Thursday. Here are my quick thoughts on using the BEAM!

The pros:

  • Navigation: The BEAM was extremely easy to navigate and move around without bumping into objects or people. There are two cameras – a forward facing camera to allow you to see a fish eye view of what’s in front of you and to the periphery of your vision and then a camera facing downward towards the wheels. The downward facing camera allows you to see where you’re rolling the BEAM and helps with avoiding objects, treading on toes, and general navigation. I operated the BEAM from my mobile phone using my fingers and from my desktop using my mouse. The desktop experience was far superior because of the larger screen and I preferred the control of my mouse over my finger but both modes were very easy.
  • Networking: The best part of using the BEAM was feeling present at the conference and meeting up with colleagues and friends (old and new) as if I was there. I found the face to face interaction with others almost as good as being there in person since the BEAM moving around and general shape appeared to lend me a physical presence that made others feel more comfortable to interact with me. This stands in contrast to my experiences with attending events via teleconference alone. I “bumped” into and reconnected with several colleagues and met a few new faces, many of which followed up with me post-conference as would typically occur with in person attendance.  Since the screen on the BEAM is so large, it was easy for others to recognize me and I also added my name and affiliation in a status tag to be more easily recognizable in lieu of a conference badge. I also felt post-conference as if I had attended CHI which again was not something I expected – rolling around the venue gave me a good sense of what it was like being there in the venue – I even learned my way around by the third day of using the BEAM.
  • Talks: It was great to feel present at the talks I attended and to interact with attendees. I usually found a spot near the front of the room to get the best possible view and I even watched another talk given remotely by telepresence (Evan Golub from Human Computer Interaction Laboratory) about telepresence which was fun and somewhat unusual.
  • Teleconference support, chairs, and student volunteers: From the minute I signed up for telepresence, the support was amazing. The chairs ensured that the process of learning how to use the BEAM was smooth and help was always just a few seconds or minutes away. Without the volunteers and support, it would have been difficult to navigate the entire conference venue with elevators and places with sporadic connectivity but the telepresence team with its accompanying Slack channel was key!
  • CHI and normal life intermingled: It was great to be able to attend sessions, pop out in Princeton for lunch, and take care of meetings on the days I chose not to attend,. This intermingling of conference days with day-to-day life would not have been possible without telepresence. Also, it was great to cut out the hassles of travel – flights, hotels, and taxis while still getting value out of the conference.

The cons:

  • Cost: While I knew what I was getting myself in for by being forewarned of the costs of using the BEAM, I did feel being charged the full conference fee was probably not fair for the experience. After all, I did require quite a bit of assistance from student volunteers to get me from floor to floor, I could not take advantage of the conference food (what is a conference without snacks!), and telepresence is still not the same as being there in person.
  • Talks: Despite being able to attend talks, I lost out on important information. For instance, I found that even if I zoomed into the slides, I could not quite clearly see them so it would have been more helpful if there were slides available for the talk session ahead of time. If I zoomed into the speaker instead, that was marginally better but often the sound quality varied depending on the room, with some rooms offering better sound and others not as much. Also, when zooming in, I lost the context of the room and could not tell who was coming into the room or coming close to me which was at times unnerving (Were people watching my enlarged face on my BEAM?).
  • Sitting in one place: On Thursday in particular, I attended several sessions in a row and I did find myself becoming tired of sitting at my desktop. This is a peril of remote attendance in general even via teleconference but it would have been nice to be more active during the attendance (time for a standing desk with a treadmill perhaps?).

Overall, I had a great time with telepresence and I would consider using it again if the circumstances required it.