Categories
conferences trip report

Trip Report – LISA conference 2017

Posted on behalf of Lisa Rogers.

What conference did I go to?

I attended the USENIX Large Installation System Administration (LISA) conference. I was there to recruit participants for a study we are conducting on system administrators who handle software updates for multiple machines. This is a unusual and difficult target demographic to recruit for so I wanted to use the conference as a way to reach the right study population. I also wanted to gain further background information of the industry at large to inform our data collection and data analysis processes.

Where was the conference held?

In the Market District of San Francisco just across the street from the Bay.

What was my favorite part of the conference?

The community was incredibly welcoming. So many people took the time to talk to me about our research, and career paths, and even on blue sky topics such as the one discussion we had on the best way to RFID tag a moving entity like a cow. I had not ever been to a conference before with quite as much of an open source culture. It was fascinating hearing people from all facets of the industry have very frank conversations about their methods, corporate culture, and policy barriers.

What was my least favorite part of the conference?

That there were so many interesting things going on at the same time and I could not be at all of them! I am really glad they posted the talks online, but wish I had known they didn’t post the tutorials as well. I would have attended tutorials rather than talks if I had known.

What lessons did I learn from recruiting participants from a conference setting?

We set up a booth to attract potential participants to take our survey or sign up for an interview. This was pre-arranged with the conference organizers. We took care to make our booth colorful and to have lots of swag to use to compensate potential participants if they passed our table such as little LEGO packs and candy. I learned that the LEGOs we had at the table at the EXPO drew many more people than the phone incentive we were offering for participation in our survey. Also, I had put many chairs at the booth since the EXPO was mostly standing and these chairs were a big draw for people to sit down and take the survey. For the future, even if they are less expensive or fancy, tangible incentives such as our LEGOs or candy were much more enticing to participants than the chance of a big figure prize. Next time I would capitalize on that kind of incentive for study participation more, and perhaps do a daily raffle or the like on a smaller prize to draw people to the booth. I noticed that worked well for some of the other booths. Also, very few people wanted to use their limited conference time to complete the interview. It was a great place for recruiting for a short survey but not so much for conducting a longer style interview. I actually did, however, interview many people who signed up at the conference at a later stage, soon after I returned from the event.

Having a booth definitely changed the conference experience as well. Even when I was not at the EXPO, I had a hard time making it into talks, because people recognized me and would be curious to discuss our research. Given the purpose of my presence at the conference, I saw these as great opportunities as well. During my “Hallway Track” I learned everything from the basics of programming embedded RFIDs, to how to justify training budgets (especially once your company is acquired by a large company), to non traditional paths in DevOPs that leverage an HCI background.

Categories
trip report

Trip Report: Tor Meeting in Montreal 2017

Philipp Winter and I attended the 2017 Tor Meeting in Montreal. It is a “meeting of the core Tor team, developers, volunteers and invited guests in Montreal, to discuss plans, milestones, deadlines, and other important matters” (https://trac.torproject.org/projects/tor/wiki/org/meetings/2017Montreal). We attended because we are part of a team that is working on a project studying the usability of Tor’s Onion Services (see https://nymity.ch/onion-services/), and we wanted to share our preliminary results with the community and get feedback. The trip was productive, and it was a real treat to interact with knowledgeable and interesting people who are passionate about security, privacy, and online freedom.

Categories
conferences trip report usable security

SOUPS 2017 Trip Report

What conference did I go to?

I attended the USENIX Symposium on Usable Privacy and Security (SOUPS) 2017 in July, where I presented our paper on Automatic Application Software Updates on Android. Early in July, I blogged about our paper, and its results and implications. In this post, I’ll summarize my experiences at the conference, particularly highlighting papers and research that piqued my interest.

Where was the conference held?

The conference was held in Santa Clara, in sunny Northern California.

What were the three best talks I attended?

The conference featured papers tackling issues across a wide range of topics ranging from authentication, user behavior in security defense, specific sub-populations, and privacy. Although several of these talks were informative, I found the following three talks to be particularly interesting:

  1. How Effective is Anti-Phishing Training for Children?:
    1. This talk described the design of a phishing training intervention aimed at school children, and its evaluation over time. The authors found that the children who received the training got better at identifying phishing emails than those who didn’t; however, the training had no effect on identifying legitimate emails. Furthermore, the students who received the training performed no better than those didn’t four weeks after receiving the training, indicating a decay in performance.
    2. While both the methodology and results of the experiment were insightful, I found the discussion from the authors on ethics illuminating. For instance, the authors reported having to obtain informed consent from the parents of the children before launching the experiment, and also thinking through the ethics of their actions. I was pleasantly surprised to learn that they trained the control group—the group that did not receive the training—at the end of the experiment, and also debriefed the children and their families about the experiment.
  2. I feel stupid I can’t delete…: A Study of Users’ Cloud Deletion Practices and Coping Strategies.
    1. This talk described the findings from an exploratory study examining users’ motivations and mental models about deleting files from the Cloud. The authors discovered that users lack sufficient information about deletion and had incomplete and often incorrect mental models about how files are stored on the Cloud, which in turn led to sub-optimal actions.
    2. I found this talk particularly interesting because it tackles a previously unexplored problem in usable security. In wake of numerous high profile cases of iCloud leaks, this problem has become all the more important, and it seems like redesigning such deletion interfaces can be of help to users.
  3. The Importance of Visibility for Folk Theories of Sensor Data.
    1. This talk described users make decisions about privacy in the context of wearable devices. Specifically, the authors investigated the challenges users make to make informed privacy decisions given that they don’t really ‘see’ how their data is being collected and used.

What was my favorite part of the conference?

My favorite part of attending SOUPS is being able to meet and interact with the HCI and Privacy/Security community. The SOUPS organization invests heavily in its student body (e.g. by almost always offering travel grants), and this enables students—new and old—to continue participating.

What was my least favorite part of the conference?

None really. I wish the venue was closer to restaurants in the area.

Categories
conferences trip report

Citizen Lab Summer Institute 2017 Trip Report

Posted on behalf of Mark Martinez

What conference did I go to?

I went to the Citizen Lab Summer Institute 2017 (CLSI) conference held by the eponymous Citizen Lab that brings together not only computer scientists, but any actor that works in the privacy and security field. I went to conduct interviews for a research project headed by Marshini Chetty and Philipp Winter. The link to the research project and its description can be found here: Tor Interview Project

It was this intersection of political scientists, computer scientists and political activists that made this conference so unique. To see so much of the impact that privacy technology makes made me realize how important the work in ensuring anonymity in certain circumstances is. One of the first people to speak at the conference talked about how some of her colleagues were jailed in a foreign nation because of the human rights work that they were doing. It hit home as to why it’s so important to actually make sure that when a person wishes to remain anonymous they can because it can be an actual matter of life and death.

Where was the conference held?

The conference is held yearly at the Munk School of Global Affairs at the University of Toronto. It is held in the Citizen Lab which frequently publishes papers on privacy and security both in the industrial and government sector.

What were the three best talks I attended?

My favorite talk of the conference was the first talk that had each major party of the conference rise up and talk about what they are doing and who they are collaborating with. It was here that you got to see just how diverse the group of participants were. It seemed like there were actually no purely technical people: everybody worked on interesting and inter-disciplinary work. The work varied from human rights and combating censorship in nations to deconstructing applications that are widely used in some foreign countries and exposing major security flaws. The first day’s agenda and notes (as well as links to all talks) can be found at this link: Agenda and Notes

Another interesting talk was listening to how censorship affects multiple countries in different ways. Four people talked about how censorship affects diverse regions of the world like, Pakistan, Iran, Brazil and Latin America, and parts of Africa. These people talked about the work that they do to circumvent censorship like creating different ways for people to reach blocked websites such as by redirecting the traffic or even setting up satellite dishes that would allow people to obtain blocked information. One interesting note was that in the 2017 Iranian election there was no censorship of popular media because it was now the entire political spectrum that were using platforms like WhatsApp and not just younger liberal pockets of the populace. This talk’s information can be found here: WorldWide Censorship Notes

A very different talk that I attended was done in collaboration with Jason Li and Andrew Hilts. In this talk Jason took technical concepts from the crowd and within 10 minutes made them into comics. Jason took examples like phishing and Tor and made them into approachable and mildly humorous comics. Jason and Andrew went on to explain that one feature that the Citizen Lab performs is to take issues that are widely relevant to the public but that are easily lost in jargon and make them into comics. This talk’s information can be found here: Technical Problems into Comics

What was my favorite part of the conference?

The conference was an eye-opening experience. Although much of my time was spent doing interviews for the research study I was participating in, I was still able to see how much concrete impact is being made in the lives of people all over the world. Privacy and security is not just a matter of novelty or paranoia, but is something that is critical to the success of so many operations worldwide ranging from understanding what user agreements for apps are to protecting the lives of human rights activists that are under government scrutiny.