Rebecca S. Portnoff
Serge Egelman
ABSTRACT
Most laptops and personal computers have webcams with LED indicators to notify users when they are recording. Because hackers use surreptitiously captured webcam recordings to extort users, we explored the effectiveness of these indicators under varying circumstances and how they could be improved. We observed that, on average, fewer than half of our participants (45%) noticed the existing indicator during computer-based tasks. When seated in front of the computer performing a paper-based task, only 5% noticed the indicator. We performed a followup experiment to evaluate a new indicator and observed that adding onscreen glyphs had a significant impact on both computer-based and non-computer-based tasks (93% and 59% noticed the new indicator, respectively). We discuss how our results can be integrated into current systems, as well as future ubiquitous computing systems.
- Abowd, G. D., and Mynatt, E. D. Charting past, present, and future research in ubiquitous computing. ACM Transactions on Computer-Human Interaction (TOCHI) 7, 1 (2000), 29--58. Google Scholar
Digital Library
- Amer, T., and Maris, J.-M. B. Signal Words and Signal Icons in Application Control and Information Technology Exception Messages-Hazard Matching and Habituation Effects. Journal of Information Systems 21, 2 (2007), 1--25.Google Scholar
- Anderson, N. How an Omniscient Internet "Sextortionist" Ruined the Lives of Teen girls. http://arstechnica.com/tech-policy/2011/09/howan-omniscient-internet-sextortionist-ruinedlives/, September 7 2011. Accessed: September 6, 2014.Google Scholar
- Anderson, N. Meet the Men Who Spy on Women through Their Webcams. http://arstechnica.com/tech-policy/2013/03/ratbreeders-meet-the-men-who-spy-on-womenthrough-their-webcams/, March 10 2013. Accessed: September 5, 2014.Google Scholar
- Anliker, U., LUnited Kingdomowicz, P., Troester, G., Schwartz, S. J., and DeVaul, R. W. The WearARM: Modular, High Performance, Low Power Computing Platform Designed for Integration into Everyday Clothing. In Wearable Computers, 2001. Proceedings. Fifth International Symposium on, IEEE (2001), 167--168. Google ScholarDigital Library
- Azuma, R., Baillot, Y., Behringer, R., Feiner, S., Julier, S., and MacIntyre, B. Recent Advances in Augmented Reality. Computer Graphics and Applications, IEEE 21, 6 (2001), 34--47. Google ScholarDigital Library
- Azuma, R. T., et al. A Survey of Augmented Reality. Presence 6, 4 (1997), 355--385.Google Scholar
- Bellotti, V., and Sellen, A. Design for Privacy in Ubiquitous Computing Environments. In Proceedings of the Third European Conference on Computer-Supported Cooperative Work 13-17 September 1993, Milan, Italy ECSCW'93, Springer (1993), 77--92. Google ScholarDigital Library
- Brocker, M., and Checkoway, S. iSeeYou: Disabling the MacBook Webcam Indicator LED. In Proceedings of the 23rd USENIX Security Symposium, USENIX Association (2014). Google ScholarDigital Library
- Cannella, S., Polivy, D. J., Shin, M., Straub, C., and Tamassia, R. Secure Visualization of Authentication Information: A Case Study. In Visual Languages and Human Centric Computing, 2004 IEEE Symposium on, IEEE (2004), 35--37. Google ScholarDigital Library
- Chan, M., Campo, E., Est'eve, D., and Fourniols, J.-Y. Smart Homes-Current Features and Future Perspectives. Maturitas 64, 2 (2009), 90--97.Google ScholarCross Ref
- Chan, M., Est'eve, D., Escriba, C., and Campo, E. A Review of Smart Homes-Present State and Future Challenges. Computer methods and programs in biomedicine 91, 1 (2008), 55--81. Google ScholarDigital Library
- Check Point Software Technologies Ltd. Are You Being Watched Through Your Webcam? http://www.zonealarm.com/blog/2013/10/are-youbeing-watched-through-your-webcam/, October 2 2013. Accessed: September 6, 2014.Google Scholar
- Chen, Y., and Jones, G. J. Augmenting Human Memory Using Personal Lifelogs. In Proceedings of the 1st Augmented Human International Conference, ACM (2010), 24. Google ScholarDigital Library
- Costanza, E., Inverso, S. A., Pavlov, E., Allen, R., and Maes, P. Eye-q: Eyeglass Peripheral Display for Subtle Intimate Notifications. In Proceedings of the 8th conference on Human-computer interaction with mobile devices and services, ACM (2006), 211--218. Google ScholarDigital Library
- Cranor, L. F. What Do They Indicate?: Evaluating Security and Privacy Indicators. Interactions 13, 3 (2006), 45--47. Google ScholarDigital Library
- DeVaul, R. W., Corey, V. R., et al. The Memory Glasses: Subliminal vs. Overt Memory Support with Imperfect Information. In 2012 16th International Symposium on Wearable Computers, IEEE Computer Society (2003), 146--146. Google ScholarDigital Library
- Dickie, C., Vertegaal, R., Fono, D., Sohn, C., Chen, D., Cheng, D., Shell, J. S., and Aoudeh, O. Augmenting and Sharing Memory with eyeBlog. In Proceedings of the the 1st ACM workshop on Continuous archival and retrieval of personal experiences, ACM (2004), 105--109. Google ScholarDigital Library
- Dobuzinskis, A. California Man Agrees to Plead Guilty to Extortion of Miss Teen USA. http://www.reuters.com/article/2013/10/31/ususa-missteen-extortion-idUSBRE99U1G520131031, October 31 2013. Accessed: September 5, 2014.Google Scholar
- Dourish, P., Grinter, R. E., De La Flor, J. D., and Joseph, M. Security in the Wild: User Strategies for Managing Security as an Everyday, Practical Problem. Personal and Ubiquitous Computing 8, 6 (2004), 391--401.Google ScholarCross Ref
- Eddy, N. Notebook sales outpace desktop sales. http://www.eweek.com/c/a/Midmarket/NotebookSales-Outpace-Desktop-Sales/, December 24 2008. Accessed: September 9, 2014.Google Scholar
- Edwards, W. K., and Grinter, R. E. At Home with Ubiquitous Computing: Seven Challenges. In Ubicomp 2001: Ubiquitous Computing, Springer (2001), 256--272. Google ScholarDigital Library
- Egelman, S., Cranor, L. F., and Hong, J. You've been warned: an empirical study of the effectiveness of web browser phishing warnings. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ACM (2008), 1065--1074. Google ScholarDigital Library
- Egelman, S., Tsai, J., Cranor, L. F., and Acquisti, A. Timing is Everything?: The Effects of Timing and Placement of Online Privacy Indicators. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ACM (2009), 319--328. Google ScholarDigital Library
- Electronic Frontier Foundation. Laptop Camera Cover Set. https://supporters.eff.org/shop/laptopcamera-cover-set. Accessed: September 6, 2014.Google Scholar
- Felt, A. P., Chin, E., Hanna, S., Song, D., and Wagner, D. Android permissions demystified. In Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS '11, ACM (New York, NY, USA, 2011), 627--638. Google ScholarDigital Library
- Filkins, D. What we left behind. The New Yorker (AprilGoogle Scholar
- 2014). 28. Frederick, S. Cognitive reflection and decision making. Journal of Economic perspectives (2005), 25--42.Google Scholar
- Friedman, B., Hurley, D., Howe, D. C., Felten, E., and Nissenbaum, H. Users' conceptions of web security: A comparative study. In CHI '02 Extended Abstracts on Human Factors in Computing Systems, CHI EA '02, ACM (New York, NY, USA, 2002), 746--747. Google ScholarDigital Library
- Hill, K. Lower Merion School District and Blake Robbins Reach a Settlement in Spycamgate. http://www.forbes.com/sites/kashmirhill/2010/ 10/11/lower-merion-school-district-and-blakerobbins-reach-a-settlement-in-spycamgate/, October 11 2010. Accessed: September 9, 2014.Google Scholar
- Hoyle, R., Templeman, R., Armes, S., Anthony, D., Crandall, D., and Kapadia, A. Privacy Behaviors of Lifeloggers Using Wearable Cameras. In Ubicomp 2014: Ubiquitous Computing (2014). Google ScholarDigital Library
- Kalnikaite, V., Sellen, A., Whittaker, S., and Kirk, D. Now Let Me See Where I Was: Understanding How Lifelogs Mediate Memory. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ACM (2010), 2045--2054. Google ScholarDigital Library
- Langheinrich, M. Privacy by Design-Principles of Privacy-Aware Ubiquitous Systems. In Ubicomp 2001: Ubiquitous Computing, Springer (2001), 273--291. Google ScholarDigital Library
- Logitech Forum: Can I Turn off the Red LED? http://forums.logitech.com/t5/Webcams/Can-Iturn-off-red-LED/m-p/277305#M52816. Accessed: 2014-09-06.Google Scholar
- Palen, L., and Dourish, P. Unpacking Privacy for a Networked World. In Proceedings of the SIGCHI conference on Human factors in computing systems, ACM (2003), 129--136. Google ScholarDigital Library
- Patton, J. H., Stanford, M. S., et al. Factor structure of the barratt impulsiveness scale. Journal of clinical psychology 51, 6 (1995), 768--774.Google ScholarCross Ref
- Rouse, R. A. Is someone watching you through your webcam? http://campatch.com/wpcontent/uploads/2012/05/CamPatch-AcademyStudy-on-Webcam-Hacking-Awareness-May2012.pdf, May 2012.Google Scholar
- Schechter, S. E., Dhamija, R., Ozment, A., and Fischer, I. The Emperor's New Security Indicators. In IEEE Symposium on Security and Privacy (2007), 51--65. Google ScholarDigital Library
- Stewart, D. W., and Martin, I. M. Intended and Unintended consequences of Warning Messages: A Review and Synthesis of Empirical Research. Journal of Public Policy & Marketing (1994), 1--19.Google Scholar
- Whalen, T., and Inkpen, K. M. Gathering Evidence: Use of Visual Security Cues in Web Browsers. In Proceedings of Graphics Interface 2005, Canadian Human-Computer Communications Society (2005), 137--144. Google ScholarDigital Library
Index Terms
- Somebody's Watching Me?: Assessing the Effectiveness of Webcam Indicator Lights
Recommendations
Towards a Typology of Interdisciplinarity in Cybersecurity: Trade, Choice, and Agnostic-Antagonist
NSPW '23: Proceedings of the 2023 New Security Paradigms WorkshopCybersecurity research increasingly involves non-engineering disciplines, such as psychology, social science and law [41]. In this paper, we argue that cybersecurity research is not only reshaped through new methods and concepts of these adjacent fields,...
"I personally relate it to the traffic light": a user study on security & privacy indicators in a secure email system committed to privacy by default
SAC '21: Proceedings of the 36th Annual ACM Symposium on Applied ComputingImproving the usability and adoption of secure (i.e. end-to-end encrypted) email systems has been a notorious challenge for over two decades. One of the open questions concerns the amount and format of information that should be communicated to users to ...
Saccadic delays on targets while watching videos
ETRA '12: Proceedings of the Symposium on Eye Tracking Research and ApplicationsTo observe whether there is a difference in eye gaze between doing a task, and watching a video of the task, we recorded the gaze of 17 subjects performing a simple surgical eye-hand coordination task. We also recorded eye gaze of the same subjects ...
Comments