You are not your developer, either: A research agenda for usable security and privacy research beyond end users
While researchers have developed many tools, techniques, and protocols for improving
software security, exploits and breaches are only becoming more frequent. Some of this gap …
software security, exploits and breaches are only becoming more frequent. Some of this gap …
Comparing the usability of cryptographic apis
Potentially dangerous cryptography errors are well-documented in many applications.
Conventional wisdom suggests that many of these errors are caused by cryptographic …
Conventional wisdom suggests that many of these errors are caused by cryptographic …
SoK: secure messaging
Motivated by recent revelations of widespread state surveillance of personal communication,
many solutions now claim to offer secure and private messaging. This includes both a large …
many solutions now claim to offer secure and private messaging. This includes both a large …
" If HTTPS Were Secure, I Wouldn't Need 2FA"-End User and Administrator Mental Models of HTTPS
HTTPS is one of the most important protocols used to secure communication and is,
fortunately, becoming more pervasive. However, especially the long tail of websites is still …
fortunately, becoming more pervasive. However, especially the long tail of websites is still …
A secure data deduplication scheme for cloud storage
As more corporate and private users outsource their data to cloud storage providers, recent
data breach incidents make end-to-end encryption an increasingly prominent requirement …
data breach incidents make end-to-end encryption an increasingly prominent requirement …
Security developer studies with {GitHub} users: Exploring a convenience sample
The usable security community is increasingly considering how to improve security decision-
making not only for end users, but also for information technology professionals, including …
making not only for end users, but also for information technology professionals, including …
Signing in four public software package registries: Quantity, quality, and influencing factors
Many software applications incorporate open-source third-party packages distributed by
public package registries. Guaranteeing authorship along this supply chain is a challenge …
public package registries. Guaranteeing authorship along this supply chain is a challenge …
An empirical study of a decentralized identity wallet: Usability, security, and perspectives on user control
User-centric digital identity initiatives are emerging with a mission to shift control over online
identity disclosures to the individual. However, there is little representation of prospective …
identity disclosures to the individual. However, there is little representation of prospective …
Why Johnny still, still can't encrypt: Evaluating the usability of a modern PGP client
This paper presents the results of a laboratory study involving Mailvelope, a modern PGP
client that integrates tightly with existing webmail providers. In our study, we brought in pairs …
client that integrates tightly with existing webmail providers. In our study, we brought in pairs …
Why doesn't Jane protect her privacy?
End-to-end encryption has been heralded by privacy and security researchers as an
effective defence against dragnet surveillance, but there is no evidence of widespread end …
effective defence against dragnet surveillance, but there is no evidence of widespread end …