ABSTRACT
Digital resources are often collectively owned and shared by small social groups (e.g., friends sharing Netflix accounts, roommates sharing game consoles, families sharing WhatsApp groups). Yet, little is known about (i) how these groups jointly navigate cybersecurity and privacy (S&P) decisions for shared resources, (ii) how shared experiences influence individual S&P attitudes and behaviors, and (iii) how well existing S&P controls map onto group needs. We conducted group interviews and a supplemental diary study with nine social groups (n=34) of varying relationship types. We identified why, how and what resources groups shared, their jointly construed threat models, and how these factors influenced group strategies for securing shared resources. We also identified missed opportunities for cooperation and stewardship among group members that could have led to improved S&P behaviors, and found that existing S&P controls often fail to meet the needs of these small social groups.
Supplemental Material
Available for Download
The zip file contains the supplementary materials PDF which includes the screener questionnaire, interview questions, diary study questions, phone interview questions, Paco app image, as well as the demographics table of our participants. The zip file also contains a zip file containing the source code for the supplementary materials.
- Mark S. Ackerman. 2000. The Intellectual Challenge of CSCW: The Gap Between Social Requirements and Technical Feasibility. Human-Computer Interaction 15, 2--3 (sep 2000), 179--203. DOI: http://dx.doi.org/10.1207/S15327051HCI1523_5Google ScholarDigital Library
- Steve Berry, Steven Fazzio, Yongyi Zhou, Bethany Scott, and Luis Francisco-Revilla. 2010. Netflix recommendations for groups. Proceedings of the American Society for Information Science and Technology 47, 1 (nov 2010), 1--3. DOI: http://dx.doi.org/10.1002/meet.14504701402Google ScholarCross Ref
- Virginia Braun and Victoria Clarke. 2006. Using thematic analysis in psychology. Qualitative Research in Psychology 3, 2 (jan 2006), 77--101. DOI: http://dx.doi.org/10.1191/1478088706qp063oaGoogle ScholarCross Ref
- A. J. Bernheim Brush and Kori M. Inkpen. 2007. Yours, Mine and Ours? Sharing and Use of Technology in Domestic Environments. In UbiComp 2007: Ubiquitous Computing. Springer Berlin Heidelberg, Berlin, Heidelberg, 109--126. DOI: http://dx.doi.org/10.1007/978--3--540--74853--3_7Google ScholarCross Ref
- Sauvik Das. 2016. Social cybersecurity: Understanding and leveraging social influence to increase security sensitivity. it-Information Technology 58, 5 (2016), 237--245.Google Scholar
- Sauvik Das, Laura A Dabbish, and Jason I Hong. 2019. A Typology of Perceived Triggers for End-User Security and Privacy Behaviors. In Proceedings of the Fifteenth Symposium on Usable Privacy and Security (SOUPS '19). 19.Google Scholar
- Sauvik Das, Tiffany Hyun-Jin Kim, Laura A Dabbish, and Jason I Hong. 2014a. USENIX Association Tenth Symposium On Usable Privacy and Security 143 The Effect of Social Influence on Security Sensitivity. In 12th USENIX security symposium. USENIX Association, 143--157. https://www.usenix.org/system/ files/conference/soups2014/soups14-paper-das.pdfGoogle Scholar
- Sauvik Das, Adam D.I. Kramer, Laura A. Dabbish, and Jason I. Hong. 2014b. Increasing Security Sensitivity With Social Proof: A Large-Scale Experimental Confirmation. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS '14). ACM, NY, NY, USA, 739--749. DOI: http://dx.doi.org/10.1145/2660267.2660271Google ScholarDigital Library
- Sauvik Das, Adam D.I. Kramer, Laura A. Dabbish, and Jason I. Hong. 2015. The Role of Social Influence in Security Feature Adoption. In Proceedings of the 18th ACM Conference on Computer Supported Cooperative Work & Social Computing - CSCW '15. 1416--1426. DOI: http://dx.doi.org/10.1145/2675133.2675225Google ScholarDigital Library
- Sauvik Das, Gierad Laput, Chris Harrison, and Jason I Hong. 2017. Thumprint: Socially-inclusive local group authentication through shared secret knocks. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems. ACM, 3764--3774.Google ScholarDigital Library
- Sauvik Das, Joanne Lo, Laura Dabbish, and Jason I. Hong. 2018. Breaking! A Typology of Security and Privacy News and How It's Shared. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems (CHI '18). ACM, NY, NY, USA, Article 1, 12 pages. DOI: http://dx.doi.org/10.1145/3173574.3173575Google ScholarDigital Library
- Paul Dourish and Ken Anderson. 2005. Privacy, Security ... and Risk and Danger and Secrecy and Trust and Morality and Identity and Power: Understanding Collective Information Practices. ISR Technical Report UCI-ISR-05--1 (2005), 1--19.Google Scholar
- Serge Egelman, A.J. Bernheim Brush, and Kori M. Inkpen. 2008. Family accounts. In Proceedings of the ACM 2008 conference on Computer supported cooperative work - CSCW '08. ACM Press, New York, New York, USA, 669. DOI: http://dx.doi.org/10.1145/1460563.1460666Google ScholarDigital Library
- Serge Egelman and Eyal Peer. 2015. Scaling the Security Wall. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems CHI '15. ACM Press, New York, New York, USA, 2873--2882. DOI: http://dx.doi.org/10.1145/2702123.2702249Google ScholarDigital Library
- Rosta Farzan, Laura A. Dabbish, Robert E. Kraut, and Tom Postmes. 2011. Increasing Commitment to Online Communities by Designing for Social Presence. In Proceedings of the ACM 2011 Conference on Computer Supported Cooperative Work (CSCW '11). ACM, NY, NY, USA, 321--330. DOI: http://dx.doi.org/10.1145/1958824.1958874Google ScholarDigital Library
- Shirley Gaw, Edward W Felten, and Patricia Fernandez-Kelly. 2006. Secrecy, flagging, and paranoia. In Proceedings of the SIGCHI conference on Human Factors in computing systems - CHI '06. ACM Press, New York, New York, USA, 591. DOI: http://dx.doi.org/10.1145/1124772.1124862Google ScholarDigital Library
- Carlos A Gomez-Uribe and Neil Hunt. 2016. The netflix recommender system: Algorithms, business value, and innovation. ACM Transactions on Management Information Systems (TMIS) 6, 4 (2016), 13.Google ScholarDigital Library
- Maia Jacobs, Henriette Cramer, and Louise Barkhuus. 2016. Caring About Sharing. In Proceedings of the 19th International Conference on Supporting Group Work GROUP '16. ACM Press, New York, New York, USA, 235--243. DOI: http://dx.doi.org/10.1145/2957276.2957296Google ScholarDigital Library
- William Jang, Adil Chhabra, and Aarathi Prasad. 2017. Enabling multi-user controls in smart home devices. In Proceedings of the 2017 Workshop on Internet of Things Security and Privacy. ACM, 49--54.Google ScholarDigital Library
- Joseph 'Jofish' Kaye. 2011. Self-reported password sharing strategies. In Proceedings of the 2011 annual conference on Human factors in computing systems CHI '11. ACM Press, New York, New York, USA, 2619. DOI: http://dx.doi.org/10.1145/1978942.1979324Google ScholarDigital Library
- Ponnurangam Kumaraguru, Steve Sheng, Alessandro Acquisti, Lorrie Faith Cranor, and Jason Hong. 2010. Teaching Johnny not to fall for phish. ACM Transactions on Internet Technology (TOIT) 10, 2 (2010), 7.Google ScholarDigital Library
- LifeLock. 2017. Equifax Data Breach Affects Millions of Consumers. Here's What to Do. (2017). https://www.lifelock.com/ learn-data-breaches-equifax-data-breach-2017.html Accessed: 2019-04-03.Google Scholar
- Alice E Marwick and Danah Boyd. 2014. Networked privacy: How teenagers negotiate context in social media. New media & society 16, 7 (2014), 1051--1067.Google Scholar
- Tara Matthews, Kerwell Liao, Anna Turner, Marianne Berkovich, Robert Reeder, and Sunny Consolvo. 2016. "She'll just grab any device that's closer". In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems - CHI '16. ACM Press, New York, New York, USA, 5921--5932. DOI: http://dx.doi.org/10.1145/2858036.2858051Google ScholarDigital Library
- Tara Matthews, Kathleen O'Leary, Anna Turner, Manya Sleeper, Jill Palzkill Woelfer, Martin Shelton, Cori Manthorne, Elizabeth F Churchill, and Sunny Consolvo. 2017. Stories from survivors: Privacy & security practices when coping with intimate partner abuse. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems. ACM, 2189--2201.Google ScholarDigital Library
- Michelle L. Mazurek, J. P. Arsenault, Joanna Bresee, Nitin Gupta, Iulia Ion, Christina Johns, Daniel Lee, Yuan Liang, Jenny Olsen, Brandon Salmon, Richard Shay, Kami Vaniea, Lujo Bauer, Lorrie Faith Cranor, Gregory R. Ganger, and Michael K. Reiter. 2010. Access Control for Home Data Sharing: Attitudes, Needs and Practices. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '10). ACM, NY, NY, USA, 645--654. DOI: http://dx.doi.org/10.1145/1753326.1753421Google ScholarDigital Library
- Leysia Palen and Paul Dourish. 2003. Unpacking "privacy" for a networked world. In Proceedings of the conference on Human factors in computing systems CHI '03. ACM Press, New York, New York, USA, 129. DOI: http://dx.doi.org/10.1145/642611.642635Google ScholarDigital Library
- Cheul Young Park, Cori Faklaris, Siyan Zhao, Alex Sciuto, and Laura Dabbish. 2018. Share and Share Alike? An Exploration of Secure Behaviors in Romantic Relationships. In USENIX Symposium on Usable Privacy and Security (SOUPS). https://www.usenix.org/ conference/soups2018/presentation/parkGoogle Scholar
- Keith Patrick and Fefie Dotsika. 2007. Knowledge sharing: developing from within. The Learning Organization 14, 5 (2007), 395--406. DOI: http://dx.doi.org/10.1108/09696470710762628Google ScholarCross Ref
- Emilee Rader, Rick Wash, and Brandon Brooks. 2012. Stories As Informal Lessons About Security. In Proceedings of the Eighth Symposium on Usable Privacy and Security (SOUPS '12). ACM, NY, NY, USA, Article 6, 17 pages. DOI: http://dx.doi.org/10.1145/2335356.2335364Google ScholarDigital Library
- Elissa M. Redmiles, Amelia R. Malone, and Michelle L. Mazurek. 2016. I Think They're Trying to Tell Me Something: Advice Sources and Selection for Digital Security. In 2016 IEEE Symposium on Security and Privacy (SP). IEEE, 272--288. DOI: http://dx.doi.org/10.1109/SP.2016.24Google ScholarCross Ref
- Yuqing Ren, F. Maxwell Harper, Sara Drenner, Loren Terveen, Sara Kiesler, John Riedl, and Robert E. Kraut. 2012. Building Member Attachment in Online Communities: Applying Theories of Group Identity and Interpersonal Bonds. MIS Quarterly 36, 3 (2012), 841--864. http://www.jstor.org/stable/41703483Google ScholarDigital Library
- Kai Sassenberg. 2002. Common bond and common identity groups on the Internet: Attachment and normative behavior in on-topic and off-topic chats. Group Dynamics: Theory, Research, and Practice 6 (03 2002), 27--37. DOI: http://dx.doi.org/10.1037/1089--2699.6.1.27Google ScholarCross Ref
- Saul Shiffman, Arthur A. Stone, and Michael R. Hufford. 2008. Ecological Momentary Assessment. Annual Review of Clinical Psychology 4, 1 (2008), 1--32. DOI: http://dx.doi.org/10.1146/annurev.clinpsy.3.022806.091415 PMID: 18509902.Google ScholarCross Ref
- Supriya Singh, Anuja Cabraal, Catherine Demosthenous, Gunela Astbrink, and Michele Furlong. 2007. Password sharing. In Proceedings of the SIGCHI conference on Human factors in computing systems - CHI '07. ACM Press, New York, New York, USA, 895. DOI: http://dx.doi.org/10.1145/1240624.1240759Google ScholarDigital Library
- TechCrunch. 2018. Everything you need to know about Facebook´ Zs data breach affecting 50M users. (2018). https://tinyurl.com/y8mpmxyt Accessed: 2019-04-03.Google Scholar
- Rick Wash. 2010. Folk models of home computer security. In Proceedings of the Sixth Symposium on Usable Privacy and Security - SOUPS '10. ACM Press, New York, New York, USA, 1. DOI: http://dx.doi.org/10.1145/1837110.1837125Google ScholarDigital Library
- Jason Wiese, Patrick Gage Kelley, Lorrie Faith Cranor, Laura Dabbish, Jason I. Hong, and John Zimmerman. 2011. Are you close with me? are you nearby?. In Proceedings of the 13th international conference on Ubiquitous computing - UbiComp '11. ACM Press, New York, New York, USA, 197. DOI: http://dx.doi.org/10.1145/2030112.2030140Google ScholarDigital Library
Index Terms
- "We Hold Each Other Accountable": Unpacking How Social Groups Approach Cybersecurity and Privacy Together
Recommendations
Breaking! A Typology of Security and Privacy News and How It's Shared
CHI '18: Proceedings of the 2018 CHI Conference on Human Factors in Computing SystemsNews coverage of security and privacy (S&P) events is pervasive and may affect the salience of S&P threats to the public. To better understand this coverage and its effects, we asked: What types of S&P news come into people's awareness? How do people ...
To Self-Persuade or be Persuaded: Examining Interventions for Users’ Privacy Setting Selection
CHI '22: Proceedings of the 2022 CHI Conference on Human Factors in Computing SystemsUser adoption of security and privacy (S&P) best practices remains low, despite sustained efforts by researchers and practitioners. Social influence is a proven method for guiding user S&P behavior, though most work has focused on studying peer ...
Analysis of privacy in online social networks of runet
SIN '10: Proceedings of the 3rd international conference on Security of information and networksIn recent years, social networking sites (SNSs) gained high popularity among Internet users as they combine the best of both worlds: befriending people outside real life situations and staying in touch with people already known. An important aspect of ...
Comments