University of Chicago SUPERgroup

Usable Security and Privacy
Problem Set 2

Due in class, on paper at 3:00pm on Monday, April 10th.

Problem 1 (40 points)

Our class on April 5th presented a number of different research methods useful in usable privacy and security through the lens of Blase's research on passwords. For this part of your homework, pick a different research area within usable security and privacy that seems interesting to you (ideas are listed below). Then, for that single research area, think of separate research studies using each of the following five types of methods that you would be interested to conduct in that area:
(1) A survey
(2) A diary study
(3) Interviews
(4) A usability test
(5) Collecting observational or experimental data in the field.

For each of those fives types of studies you imagined, write a paragraph that states in one sentence what research question you hope to answer using that particular method, gives 3-4 sentences outlining the design of the study, and ends with one sentence explaining why you chose that particular method to investigate your stated research question.

Pick any usable privacy and security research area that is interesting to you. Suggested areas include the following: privacy on social networking sites; how users avoid (and remove) computer viruses; what role security concerns play in deciding whether to install a smartphone app; what people think private browsing mode does in their web browser; how people protect (or do not protect) photos they consider especially private; how parents help teenagers protect their privacy online; what people think about websites tracking their online activities; how users try to stay anonymous online; users' perceptions of the warnings that pop up when they install a program that they downloaded; users' perceptions of drones or self-driving vehicles; usage of anonymous apps like Yik Yak or Whisper.

Problem 2 (30 points)

The past few years have seen a number of privacy controversies related to transportation apps like Uber. For instance, Uber has made the news about God View mode, the broad tracking of customers' location data, and tracking users after rides have ended, among other issues.

Design a short (no more than 20-minute long) interview study exploring one or more research questions of interest to you in the area of security or privacy related to so-called "ride-sharing" apps. Potential topics include the convenience versus privacy tradeoff users perceive; awareness of these controversies; physical security concerns related to driving, or being driven around by, strangers; etc.

Turn in a 1 paragraph description of your research question(s), along with the final script you use for the interview. Include in your script everything you will say to the participant at any point in the interview, such as welcoming them at the beginning or thanking them and telling them the purpose of the study.

Problem 3 (30 points)

Actually conduct this interview with 3 pilot participants (and, if applicable, improve your script in between interviews). While you would not want to have your friends participate in a real study, it's perfectly fine to have your friends participate in a pilot study like this. Then, using the qualitative analysis techniques we've discussed in class, turn in 3 or 4 paragraphs describing the results.

(CMSC 33210 only!) Problem 4 (24 points)

Write 3-7 sentence summaries and short "highlights" for both the Bonneau reading assigned for April 5th and the Melicher et al. reading assigned for April 5th.

(CMSC 33210 only!) Problem 5 (76 points)

Facebook has a feature on its settings page with which users can "download their data" as an archive. Using whatever language/frameworks you prefer, write a script that, given such an archive, automatically generates an information visualization that summarizes what you deem important for the archive's owner to know about their Facebook privacy.

Print and submit one paragraph describing your goals in creating this visualization, as well as an example of your script's output running on either a real Facebook archive (feel free to manually sanitize the output) or synthetic test data. However, also email Blase your script(s) and instructions for running it so that the course staff can test it out on our own Facebook data.