“A Framework for Reasoning about Social Influences on Security and Privacy Adoption” – new for CHI 2024

This framework gives structure to what is known in the literature and the SIGCHI community about the social-psychological drivers of security and privacy adoption.

Pleased to be getting a publication out from my thesis work! This short paper and poster recaps the initial work to synthesize a framework that provides structure to the growing literature on social cybersecurity.

Many usable security solutions exist (such as using password managers or reporting phishing scams), but people often are not fully aware of what they do or use them regularly. A conceptual model of the adoption process will help us to identify where people get stuck and how to leverage social influences to encourage secure behaviors. We will be able to form and test hypotheses and improve our designs.

Toward this goal, we have developed a framework that synthesizes our design ideation, expertise, prior work, and new interview data (N=17) into a six-step adoption process with path relationships, associated social influences, and obstacles. 

This work contributes a prototype framework that accounts for social influences by step. It adds to what is known in the literature and the SIGCHI community about the social-psychological drivers of security adoption.

Future work (from my lab, but hopefully others’ too) should establish whether this process is the same regardless of culture, demographic variation, or work vs. home context, and whether it is a reliable theoretical basis and method for designing experiments and focusing efforts where they are likely to be most productive.

  • Cori Faklaris, Laura Dabbish, and Jason I. Hong. 2024. A Framework for Reasoning about Social Influences on Security and Privacy Adoption. In Extended Abstracts of the ACM Conference on Human Factors in Computing Systems (CHI EA 2024), May 11-16, 2024, Honolulu, HI, USA. ACM, New York, NY, USA, 13 pages. Available at: https://corifaklaris.com/files/framework_chi2024.pdf

Bytes of Good Live podcast: Talking ‘Social Cybersecurity’ with Hack4Impact

One upside of video calls during the COVID-19 pandemic has been that I can attend or speak at virtually any location or event, without having to travel or move my schedule around too much. It’s helped me get more comfortable with public speaking, and exposed me to different audiences for my work.

In my latest public appearance: I appeared this spring with fellow CMU grad student Tom Magelinski at Bytes of Good Live, organized by Hack4Impact, a student-run nonprofit that promotes software for social good. We talked about our Social Cybersecurity research and what we know of careers in cybersecurity. The recording is available on YouTube, or click on the preview shown below to go to the video. Let me know what you think!

Alipay and WeChat Pay are everywhere in China – new paper for CSCW 2020 + reflections on cross-cultural research

This is a super-weird week to be submitting the camera-ready version of this research paper for publication at CSCW 2020. On Thursday, the “Executive Order Addressing the Threat Posed by WeChat” set a countdown of 45 days until the Tencent app would be “banned,” along with ByteDance’s TikTok. It recognizes what we document – the central role that these apps’ financial transactions play in the U.S.-intertwined Chinese economy.

Of course: I agree that apps such these, and Alipay and WeChat Pay, collect a lot of data about us while we go about using them for both fun and serious self-expression, and that this data is obtainable through various processes by the government of the country in which their parent companies are headquartered. I’ve long worried about our data security and privacy with regards to a constellation of mobile social media and short-form video apps, along with mobile payment options such as Apple Pay, Google Wallet Google Pay, PayPal, Venmo, Zelle, Square Cash, and Facebook’s Messenger and Novi. (Disclosure: I work at Facebook this summer, on marketing/ad data literacy.)

I felt a grief, however, at thinking of our global internet shrinking just a bit more from fully embracing the marvel of how newly connected so many of us can live and work despite our physical boundaries and limitations. The pandemic has sharpened my keen appreciation for how WeChat and other social media help family and friends bridge great distances, and for how much education, business and other knowledge work depends on reliable and usable communication software being available to everyone, everywhere.

It has been a joy and fascination to help pilot and design research into a very different manifestation of internet-enhanced life than the one I know in the U.S., directed by lead author Hong Shen (also a graduate of the University of Illinois College of Media) and with fellow HCII Phd researcher Haojian Jin and my awesome advisors, Laura Dabbish and Jason Hong. In China, you don’t have to go out with your wallet, just your phone! Even street vendors have QR codes for you to scan! Which gives rise to new forms of communication, such as attaching a message with a transfer equal to a penny! and new threat models, such as thieves coming in the night and replacing the QR code printout with their own!

And that was just from the pilot interviews. Read the preprint version of the paper for specifics on what my Chinese co-authors discovered when they conducted a survey (n=466) and interviews (n=12) in China about the advantages and the pitfalls of moving to a largely mobile and cashless economy.

I spoke up about my interest in the project in part thanks to Dan Grover, whose blogging (in English, thankfully 🙂 ) about his experience of working at WeChat as a product manager had piqued my interest in the various advances in the Chinese social media ecosystem. I couldn’t agree with him more in his tweeted responses to the EO on Thursday night: