See Me If You Can: A Multi-Layer Protocol for Bystander Privacy with Consent-Based RestorationThe growing popularity of wearable camera glasses raises pressing concerns about bystanders being recorded without their consent. Most existing privacy-enhancing technologies (PETs) rely on opt-out models that place the burden of privacy protection on bystanders. We conducted a qualitative study on wearers’ and bystanders’ perceptions of opt-in, privacy-by-default approaches for camera glasses. To enable this study, we designed and evaluated an opt-in privacy-by-default protocol. We then conducted semi-structured interviews with camera glass wearers and bystanders ($N=18$) to examine their perceptions of the protocol. Our findings show that bystanders viewed the opt-in protocol as essential and advocated for even stronger anonymization. Wearers appreciated the protocol’s safeguards but found it visually limiting, expressing desire for a context-dependent version that can be enabled in relevant scenarios. Our findings highlight the need for context-aware PETs that provide effective mechanisms for consent negotiation.2026YKYahya Khawaja et al.Lahore University of Management Sciences (Lahore, Punjab)Privacy by Design & User ControlContext-Aware ComputingSmart Home Privacy & SecurityCHI
Privacy & Safety Challenges of On-Body Interaction TechniquesOn-body computing systems offer new forms of interaction, but while they are increasingly integrated into everyday contexts, their unique privacy and safety challenges remain understudied. This paper examines these challenges through a two-round interview study with $N = 15$ experts in human-computer interaction, and privacy and safety, using speculative scenarios and adversarial roleplaying to elicit insights. Our findings reveal risks specific to on-body interactions, including over-collection of sensitive data, unwanted inferences, harm to bystanders, and threats to bodily autonomy and psychological well-being. Importantly, in the on-body context, privacy and safety concerns are deeply interconnected and cannot be addressed in isolation. We contribute an empirically grounded characterization of these entangled challenges and derive eight actionable design guidelines to support safer, more privacy-aware, on-body systems. This work informs future research and design in ubiquitous computing by highlighting the need for proactive and integrated approaches to privacy and safety in trustworthy on-body computing.2026DGDañiel Gerhardt et al.CISPA Helmholtz Center for Information SecurityContext-Aware ComputingPrivacy by Design & User ControlPrivacy Perception & Decision-MakingCHI
"That's another doom I haven't thought about": A User Study on AI Labels as a Safeguard Against Image-Based MisinformationAs generative AI is increasingly contributing to the spread of deceptively realistic misinformation, lawmakers have introduced regulations requiring the disclosure of AI-generated content. However, it is unclear if labels reduce the risk of users falling for AI-generated misinformation. To address this research gap, we study the effect of labels on users' perception and the implications of mislabeling, focusing on AI-generated images. We first explored users' opinions and expectations of labels using five focus groups. Although participants were wary of practical implementations, they considered labeling helpful in identifying AI-generated images and avoiding deception. Second, we conducted a survey with 1,354 participants to assess how labels affect users' ability to recognize misinformation. While labels reduced participants' belief in false claims supported by AI-generated images, we found evidence of overreliance, leading to unintended side effects: Participants were more susceptible to false claims accompanied by human-made images, and were more hesitant to believe true claims illustrated with labeled AI-generated images.2026SHSandra Höltervennhoff et al.CISPA Helmholtz Center for Information SecurityExplainable AI (XAI)AI Ethics, Fairness & AccountabilityDeepfake & Synthetic Media DetectionCHI
From Discovery to Decisions: Archetypal Journeys of Mobile App Users and Their Implications on PrivacyMobile permission decisions are often studied at the moment a permission request appears. However, our study shows that users’ choices are shaped much earlier, across a multi-stage journey that begins with app-need recognition and unfolds through app discovery, exploration, selection, installation, and first use. Drawing on interviews with 19 U.S.\ Android users, we map this process and identify four archetypal journeys that explain how early cues, such as discovery sources, app type, and social trust, shape later permission behavior. These insights align with theoretical models like Privacy Calculus, showing how users weigh perceived benefits and risks at each step, and complement Contextual Integrity theory, explaining how social norms and information flows shape expectations and constrain privacy agency across steps. We contribute an empirically grounded framework that clarifies why permission outcomes vary across contexts. Our results reframe mobile privacy as a sequential, path-dependent process, offering implications for future design and research.2026HRHTMA Riyadh et al.CISPA Helmholtz Center for Information SecurityPrivacy Perception & Decision-MakingMobile Notification & Attention ManagementPrivacy by Design & User ControlCHI
"Perfect is the Enemy of Good": The CISO's Role in Enterprise Security as a Business EnablerChief Information Security Officers (CISOs) are responsible for setting and executing organizations' information security strategies. This role has only grown in importance as a result of today's increasingly high-stakes threat landscape. To understand these key decision-makers, we interviewed 16 current and former CISOs to understand how they build a security strategy and the day-to-day obstacles that they face. Throughout, we find that the CISO role is strongly shaped by a business enablement perspective, driven by broad organizational goals beyond solely technical protection. Within that framing, we describe the most salient concerns for CISOs, isolate key decision-making factors they use when prioritizing security investments, and surface practical complexities and pain points that they face in executing their strategy. Our results surface opportunities to help CISOs better navigate the complex task of managing organizational risk, as well as lessons for how security tools can be made more deployable in practice.2025KRKimberly Ruth et al.Stanford UniversityCybersecurity Training & AwarenessCHI
A Qualitative Study of Adoption Barriers and Challenges for Passwordless Authentication in German Public AdministrationsPublic administrations provide critical services and manage sensitive data for a country's citizens. Recent phishing campaigns targeting public sector employees highlight their attractiveness as targets. Deploying state-of-the-art authentication technologies, such as FIDO2, can improve overall security. We conducted a mixed-methods study in Germany to understand better the practices and challenges of deploying passwordless authentication in the public sector. First, we conducted an online survey (N=108) among German public sector employees to gain insights into their experiences and challenges. Next, we partnered with an e-government vendor and performed an in-situ experiment. We let 11 employees from the public sector experience FIDO2 under real-world conditions. Our results show that only a minority of our participants were aware of current passwordless authentication procedures. In our experiment, FIDO2-based methods left an overall positive impression. Hierarchical and heterogeneous public sector structures and the need for more technical expertise and equipment were barriers to adoption.2025JHJan-Ulrich Holtgrave et al.CISPA Helmholtz Center for Information SecurityPasswords & AuthenticationPrivacy Perception & Decision-MakingCHI
A Qualitative Study on How Usable Security and HCI Researchers Judge the Size and Importance of Odds Ratio and Cohen's d Effect SizesResearchers often place a strong focus on statistical significance when reporting the results of statistical tests. However, effect sizes are reported less frequently, and interpretation in the context of the study and the research field is even rarer. These interpretations of effect sizes are, however, necessary to understand the practical importance of a result for the community. To explore how Usable Security & Privacy (USP) and HCI researchers interpret effect sizes and make judgments on practical importance, we conducted survey and interview studies with a total of 63 researchers at CHI and SOUPS 2023. Our studies focused on Cohen's d and odds ratios in two USP and one HCI scenario. We analyzed which artifacts researchers consider when judging effect size, and found misconceptions and variation between the participants, highlighting how difficult judging statistics can be. Based on our findings, we make concrete recommendations for improved reporting practices around effect sizes.2025AOAnna-Marie Ortloff et al.University of BonnUser Research Methods (Interviews, Surveys, Observation)Research Ethics & Open ScienceCHI
Understanding the Security Advice Mechanisms of Low Socioeconomic PakistanisLow socioeconomic populations face severe security challenges while being unable to access traditional written advice resources. We present the first study to explore the security advice landscape of low socioeconomic people in Pakistan. With 20 semi-structured interviews, we uncover how they learn and share security advice and what factors enable or limit their advice sharing. Our findings highlight that they heavily rely on community advice and intermediation to establish and maintain security-related practices (such as passwords). We uncover how shifting social environments shape advice dissemination, e.g., across different workplaces. Participants leverage their social structures to protect each other against threats that exploit their financial vulnerability and lack of digital literacy. However, we uncover barriers to social advice mechanisms, limiting their effectiveness, which may lead to increased security and privacy risks. Our results lay the foundation for rethinking security paradigms and advice for this vulnerable population.2025SHSumair Ijaz Hashmi et al.CISPA Helmholtz Center for Information Security; Saarland UniversityPrivacy by Design & User ControlDark Patterns RecognitionEmpowerment of Marginalized GroupsCHI
Permission Rationales in the Web Ecosystem: An Exploration of Rationale Text and Design PatternsModern web applications use features like camera and geolocation for personalized experiences, requiring user permission via browser prompts. To explain these requests, applications provide rationales—contextual information on why permissions are needed. Despite their importance, little is known about how often rationales appear on the web or their influence on user decisions. This paper presents the first large-scale study of how the web ecosystem handles permission rationales, covering three areas: (i) identifying webpages that use permissions, (ii) detecting and classifying permission rationales, and (iii) analyzing their attributes to understand their impact on user decisions. We examined over 770K webpages from Chrome telemetry, finding 3.6K unique rationale texts and 749 rationale UIs across 85K pages. We extracted key rationale attributes and assessed their effect on user behavior by cross-referencing them with Chrome telemetry data. Our findings reveal nine key insights, providing the first evidence of how different rationales affect user decisions.2025YEYusra Elbitar et al.CISPA Helmholtz Center for Information SecurityPasswords & AuthenticationPrivacy Perception & Decision-MakingCHI
A Comparative Long-Term Study of Fallback Authentication SchemesFallback authentication, the process of re-establishing access to an account when the primary authenticator is unavailable, holds critical significance. Approaches range from secondary channels like email and SMS to personal knowledge questions (PKQs) and social authentication. A key difference to primary authentication is that the duration between enrollment and authentication can be much longer, typically months or years. However, few systems have been studied over extended timeframes, making it difficult to know how well these systems truly help users recover their accounts. We also lack meaningful comparisons of schemes as most prior work examined two mechanisms at most. We report the results of a long-term user study of the usability of fallback authentication over 18 months to provide a fair comparison of the four most commonly used fallback authentication methods. We show that users prefer email and SMS-based methods, while mechanisms based on PKQs and trustees lag regarding successful resets and convenience.2024LLLeona Lassak et al.Ruhr University BochumPasswords & AuthenticationPrivacy Perception & Decision-MakingCHI
Analyzing Security and Privacy Advice During the 2022 Russian Invasion of Ukraine on TwitterThe Russian Invasion of Ukraine in 2022 resulted in a rapidly changing cyber threat environment globally and incentivized the sharing of security and privacy advice on social media. Previous research found a strong impact of online security advice on end-user behavior. Twitter is an important platform for sharing information in crises. We examined 306 tweets with security and privacy advice related to the Ukrainian war, and created a taxonomy of 224 unique pieces of advice in seven categories, targeted at individuals or organizations in Ukraine and elsewhere. While our findings include untargeted and generic advice known from previous research, we identify novel advice specific to the invasion, offers for individual consultation, and misinformation on security and privacy advice as a new threat. Our findings highlight the strengths and shortcomings of the security and privacy advice given online during the invasion and establish areas for improvements and future research.2024JSJuliane Schmüser et al.CISPAPrivacy by Design & User ControlPrivacy Perception & Decision-MakingOnline Harassment & Counter-ToolsCHI
Mental Models, Expectations and Implications of Client-Side Scanning: An Interview Study with ExpertsClient-Side Scanning (CSS) is discussed as a potential solution to contain the dissemination of child sexual abuse material (CSAM). A significant challenge associated with this debate is that stakeholders have different interpretations of the capabilities and frontiers of the concept and its varying implementations. In this paper, we explore stakeholders' understandings of the technology and the expectations and potential implications in the context of CSAM by conducting and analyzing 28 semi-structured interviews with a diverse sample of experts. We identified mental models of CSS and the expected challenges. Our results show that CSS is often a preferred solution in the child sexual abuse debate due to the lack of an alternative. Our findings illustrate the importance of further interdisciplinary discussions to define and comprehend the impact of CSS usage on society, particularly vulnerable groups such as children.2024DBDivyanshu Bhardwaj et al.CISPA Helmholtz Center for Information SecurityPrivacy by Design & User ControlPrivacy Perception & Decision-MakingTechnology Ethics & Critical HCICHI
In Focus, Out of Privacy: The Wearer's Perspective on the Privacy Dilemma of Camera GlassesThe rising popularity of camera glasses challenges societal norms of recording bystanders and thus requires efforts to mediate privacy preferences. We present the first study on the wearers' perspectives and explore privacy challenges associated with wearing camera glasses when bystanders are present. We conducted a micro-longitudinal diary study (N=15) followed by exit interviews with existing users and people without prior experience. Our results show that wearers consider the currently available privacy indicators ineffective. They believe the looks and interaction design of the glasses conceal the technology from unaware people. Due to the lack of effective privacy-mediating measures, wearers feel emotionally burdened with preserving bystanders' privacy. We furthermore elicit how this sentiment impacts their usage of camera glasses and highlight the need for technical and non-technical solutions. Finally, we compare the wearers' and bystanders' perspectives and discuss the design space of a future privacy-preserving ecosystem for wearable cameras.2024DBDivyanshu Bhardwaj et al.CISPA Helmholtz Center for Information SecurityPrivacy by Design & User ControlPrivacy Perception & Decision-MakingParticipatory DesignCHI
Understanding Users' Interaction with Login NotificationsLogin notifications intend to inform users about sign-ins and help them protect their accounts from unauthorized access. Notifications are usually sent if a login deviates from previous ones, potentially indicating malicious activity. They contain information like the location, date, time, and device used to sign in. Users are challenged to verify whether they recognize the login (because it was them or someone they know) or to protect their account from unwanted access. In a user study, we explore users' comprehension, reactions, and expectations of login notifications. We utilize two treatments to measure users' behavior in response to notifications sent for a login they initiated or based on a malicious actor relying on statistical sign-in information. We find that users identify legitimate logins but need more support to halt malicious sign-ins. We discuss the identified problems and give recommendations for service providers to ensure usable and secure logins for everyone.2024PMPhilipp Markert et al.Ruhr University BochumPrivacy by Design & User ControlPasswords & AuthenticationCHI
Investigating Security Folklore: A Case Study on the Tor over VPN PhenomenonUsers face security folklore in their daily lives in the form of security advice, myths, and word-of-mouth stories. Using a VPN to access the Tor network, i.e., Tor over VPN, is an interesting example of security folklore because of its inconclusive security benefits and its occurrence in pop-culture media. Following the Theory of Reasoned Action, we investigated the phenomenon with three studies: (1) we quantified the behavior on real-world Tor traffic and measured a prevalence of 6.23\%; (2) we surveyed users' intentions and beliefs, discovering that they try to protect themselves from the Tor network or increase their general security; and (3) we analyzed online information sources, suggesting that perceived norms and ease-of-use play a significant role while behavioral beliefs about the purpose and effect are less crucial in spreading security folklore. We discuss how to communicate security advice effectively and combat security misinformation and misconceptions.2023MFMatthias Fassl et al.Security and PrivacyCSCW
A Psychometric Scale to Measure Individuals' Value of Other People's Privacy (VOPP)Researchers invested enormous efforts to understand and mitigate the concerns of users as technologies collect their private data. However, users often undermine \emph{other} people's privacy when, e.g., posting other people's photos online, granting mobile applications to access contacts, or using technologies that continuously sense the surrounding. Research to understand technology adoption and behaviors related to collecting and sharing data about non-users has been severely lacking. An essential step to progress in this direction is to identify and quantify factors that affect technology's use. Toward this goal, we propose and validate a psychometric scale to measure how much an individual values \emph{other} people's privacy. We theoretically grounded the appropriateness and relevance of the construct and empirically demonstrated the scale's internal consistency and validity. This scale will advance the field by enabling researchers to predict behaviors, design adaptive privacy-enhancing technologies, and develop interventions to raise awareness and mitigate privacy risks.2023RHRakibul Hasan et al.Arizona State UniversityAI Ethics, Fairness & AccountabilityPrivacy by Design & User ControlPrivacy Perception & Decision-MakingCHI
Why I Can't Authenticate -- Understanding the Low Adoption of Authentication Ceremonies with AutoethnographyAuthentication ceremonies detect and mitigate Man-in-the-Middle (MitM) attacks on end-to-end encrypted messengers, such as Signal, WhatsApp, or Threema. However, prior work found that adoption remains low as non-expert users have difficulties using them correctly. Anecdotal evidence suggests that security researchers also have trouble authenticating others. Since their issues are probably unrelated to user comprehension or usability, the root causes may lie deeper. This work explores these root causes using autoethnography. The first author kept a five-month research diary of their experience with authentication ceremonies. The results uncover points of failure while planning and conducting authentication ceremonies. They include cognitive load, forgetfulness, social awkwardness, and explanations required by a communication partner. Additionally, this work identifies and discusses how sociocultural aspects affect authentication ceremonies. Lastly, this work discusses a design approach for cooperative security that employs cultural transcoding to improve sociocultural aspects of security by design.2023MFMatthias Fassl et al.CISPA Helmholtz Center for Information SecurityPasswords & AuthenticationPrivacy Perception & Decision-MakingDark Patterns RecognitionCHI
Investigating Car Drivers’ Information Demand after Safety and Security Critical IncidentsModern cars include a vast array of computer systems designed to remove the burden on drivers and enhance safety. As cars are evolving towards autonomy and taking over control, e.g. in the form of autopilots, it becomes harder for drivers to pinpoint the root causes of a car's malfunctioning. Drivers may need additional information to assess these ambiguous situations correctly. However, it is yet unclear which information is relevant and helpful to drivers in such situations. Hence, we conducted a mixed-methods online survey N=60 on Amazon MTurk where we exposed participants to two security- and safety-critical situations with one of three different explanations. We applied Thematic and Correspondence Analysis to understand which factors in these situations moderate drivers’ information demand. We identified a fundamental information demand across scenarios that is expanded by error-specific information types. Moreover, we found that it is necessary to communicate error sources, since drivers might not be able to identify them correctly otherwise. Thereby, malicious intrusions are typically perceived as more critical than technical malfunctions.2021LGLea Theresa Gröber et al.CISPA Helmholtz Center for Information Security, Saarland UniversityHead-Up Display (HUD) & Advanced Driver Assistance Systems (ADAS)In-Vehicle Haptic, Audio & Multimodal FeedbackAI-Assisted Decision-Making & AutomationCHI
Exploring User-Centered Security Design for Usable Authentication CeremoniesSecurity technology often follows a systems design approach that focuses on components instead of users. As a result, the users' needs and values are not sufficiently addressed, which has implications on security usability. In this paper, we report our lessons learned from applying a user-centered security design process to a well-understood security usability challenge, namely key authentication in secure instant messaging. Users rarely perform these key authentication ceremonies, which makes their end-to-end encrypted communication vulnerable. Our approach includes collaborative design workshops, an expert evaluation, iterative storyboard prototyping, and an online evaluation. While we could not demonstrate that our design approach resulted in improved usability or user experience, we found that user-centered prototypes can increase the users' comprehension of security implications. Hence, prototypes based on users' intuitions, needs, and values are useful starting points for approaching long-standing security challenges. Applying complementary design approaches may improve usability and user experience further.2021MFMatthias Fassl et al.CISPA Helmholtz Center for Information Security, Saarland UniversityPrivacy by Design & User ControlPasswords & AuthenticationCHI