Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
97 tokens/sec
GPT-4o
53 tokens/sec
Gemini 2.5 Pro Pro
44 tokens/sec
o3 Pro
5 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

SoK (or SoLK?): On the Quantitative Study of Sociodemographic Factors and Computer Security Behaviors (2404.10187v1)

Published 15 Apr 2024 in cs.CR, cs.CY, and cs.HC

Abstract: Researchers are increasingly exploring how gender, culture, and other sociodemographic factors correlate with user computer security and privacy behaviors. To more holistically understand relationships between these factors and behaviors, we make two contributions. First, we broadly survey existing scholarship on sociodemographics and secure behavior (151 papers) before conducting a focused literature review of 47 papers to synthesize what is currently known and identify open questions for future research. Second, by incorporating contemporary social and critical theories, we establish guidelines for future studies of sociodemographic factors and security behaviors that address how to overcome common pitfalls. We present a case study to demonstrate our guidelines in action, at-scale, that conduct a measurement study of the relationships between sociodemographics and de-identified, aggregated log data of security and privacy behaviors among 16,829 users on Facebook across 16 countries. Through these contributions, we position our work as a systemization of a lack of knowledge (SoLK). Overall, we find contradictory results and vast unknowns about how identity shapes security behavior. Through our guidelines and discussion, we chart new directions to more deeply examine how and why sociodemographic factors affect security behaviors.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (126)
  1. R. Bivens. The gender binary will not be deprogrammed: Ten years of coding gender on Facebook. New Media & Society, 2017.
  2. Exploring decision making with Android’s runtime permission dialogs using in-context surveys. In Proc. SOUPS, 2017.
  3. J. Bonneau. The science of guessing: analyzing an anonymized corpus of 70 million passwords. In Proc. IEEE S&P, 2012.
  4. A US-UK Usability Evaluation of Consent Management Platform Cookie Consent Interface Design on Desktop and Mobile. In Proc. CHI, 2023.
  5. Sorting Things Out: Classification and its Consequences. MIT Press, 2000.
  6. Replication: No One Can Hack My Mind Revisiting a Study on Expert and Non-Expert Security Practices and Advice. In Proc. SOUPS.
  7. Exploring Internet Security Perceptions and Practices in Urban Ghana. In SOUPS, 2014.
  8. Multiple password interference in text passwords and click-based graphical passwords. In Proc. CCS, 2009.
  9. H. Cho and A. Filippova. Networked Privacy Management in Facebook: A Mixed-Methods and Multinational Study. In Proc. CSCW, 2016.
  10. HARK No More: On the Preregistration of CHI Experiments. In Proc. CHI, 2018.
  11. P. H. Collins. Fighting Words: Black Women & The Search for Justice. Uniersity of Minnesota Press, 1998.
  12. K. P. Coopamootoo. Usage patterns of privacy-enhancing technologies. In Proc. CCS, 2020.
  13. "I feel invaded, annoyed, anxious and I may protect myself": Individuals’ Feelings about Online Tracking and their Protective Behaviour across Gender and Country. In Proc. USENIX Security, 2022.
  14. S. Costanza-Chock. Design Justice: Community-Led Practices to Build the Worlds We Need. MIT Press, 2020.
  15. Best Practices in Longitudinal Research. In CHI Extended Abstracts, 2009.
  16. K. W. Crenshaw. On intersectionality: Essential writings. The New Press, 2017.
  17. S. Cunningham. Causal inference: The mixtape. Yale University Press, 2021.
  18. A Typology of Perceived Triggers for End-User Security and Privacy Behaviors. In Proc. SOUPS, 2019.
  19. Breaking! A Typology of Security and Privacy News and How It’s Shared. In Proc. CHI, 2018.
  20. Lessons Learnt from Comparing WhatsApp Privacy Concerns Across Saudi and Indian Populations. In Proc. SOUPS, 2020.
  21. Why Phishing Works. In Proc. CHI, 2006.
  22. A Systematic Literature Review of Empirical Methods and Risk Representation in Usable Privacy and Security Research. ACM Transactions on Computer-Human Interaction (TOCHI), 2021.
  23. The pypdf library.
  24. What (or Who) Is Public? Privacy Settings and Social Media Content Sharing. In Proc. CSCW, 2017.
  25. "Like Lesbians Walking the Perimeter": Experiences of US LGBTQ+ Folks With Online Security, Safety, and Privacy Advice. In Proc. USENIX Security, 2022.
  26. J. Gerken. Longitudinal Research in Human-Computer Interaction. PhD thesis, Universität Konstanz, 2011.
  27. The network in the garden: an empirical analysis of social media in rural life. In Proc. CHI, 2008.
  28. Driving 2FA Adoption at Scale: Optimizing Two-Factor Authentication Notification Design Patterns. In Proc. USENIX Security, 2021.
  29. Away From Prying Eyes: Analyzing Usage and Understanding of Private Browsing. In Proc. SOUPS, 2018.
  30. Impact of Contextual Factors on Snapchat Public Sharing. In Proc. CHI, 2019.
  31. Keep on Lockin’ in the Free World: A Multi-National Comparison of Smartphone Locking. In Proc. CHI, 2016.
  32. E. Hargittai and Y. P. Hsieh. Succinct survey measures of web-use skills. Social Science Computer Review, 30(1):95–107, 2012.
  33. E. Hargittai and E. Litt. New Strategies for Employment? Internet Skills and Online Privacy Practices during People’s Job Search. IEEE Security & Privacy, 11(3):38–45, 2013.
  34. Your Photo is so Funny that I don’t Mind Violating Your Privacy by Sharing it: Effects of Individual Humor Styles on Online Photo-sharing Behaviors. In Proc. CHI, 2021.
  35. A Survey on the Geographic Diversity of Usable Privacy and Security Research. arXiv, 2023.
  36. Why They Ignore English Emails: The Challenges of Non-Native Speakers in Identifying Phishing Emails. In Proc. SOUPS, 2021.
  37. C. Herley. More is not the answer. IEEE Security and Privacy, January 2014.
  38. P. Hitlin. Research in the Crowdsourcing Age, a Case Study. Technical report, Pew Research Center, July 2016.
  39. A. L. Hoffmann. Terms of inclusion: Data, discourse, violence. New Media & Society, 2021.
  40. H. D. Horton. Critical demography: The paradigm of the future? In Sociological Forum, 1999.
  41. Viewing the Viewers: Publishers’ Desires and Viewers’ Privacy Concerns in Social Networks. In Proc. CSCW, 2017.
  42. “…No one Can Hack My Mind”: Comparing Expert and Non-Expert Security Practices. In SOUPS. USENIX Association, 2015.
  43. Risk-taking as a Learning Process for Shaping Teen’s Online Information Privacy Behaviors. In Proc. CSCW, 2015.
  44. The Expanding Focus of HCI: Case Culture. In Proc. NordiCHI, 2006.
  45. Privacy, Patriarchy, and Participation on Social Media. In Proc. DIS, 2019.
  46. Human factors in security research: Lessons learned from 2008-2018.
  47. J. J. Kaye. Self-reported password sharing strategies. In Proc. CHI, 2011.
  48. O. Keyes. The Misgendering Machines: Trans/HCI Implications of Automatic Gender Recognition. CSCW, 2018.
  49. You Keep Using That Word: Ways of Thinking about Gender in Computing Research. CSCW, 2021.
  50. I. Krumpal. Determinants of social desirability bias in sensitive surveys: a literature review. Quality & quantity, 47(4):2025–2047, 2013.
  51. J. Kruschke. Doing Bayesian data analysis: A tutorial with R, JAGS, and Stan. Academic Press, 2014.
  52. School of Phish: A Real-World Evaluation of Anti-Phishing Training. In Proc. SOUPS, 2009.
  53. Research Methods in Human-Computer Interaction. Morgan Kaufmann, 2017.
  54. Embracing Four Tensions in Human-Computer Interaction Research with Marginalized People. TOCHI, 28(2), 2021.
  55. How WEIRD is CHI? In Proc. CHI, 2021.
  56. Webcam Covering as Planned Behavior. In Proc. CHI, 2018.
  57. M. Madden. Privacy management on social media sites. Pew Internet Report, 24:1–20, 2012.
  58. M. Madden. Privacy, security, and digital inequality, 2017.
  59. A. Mathur and M. Chetty. Impact of User Characteristics on Attitudes Towards Automatic Mobile Application Updates. In Proc. SOUPS, 2017.
  60. Characterizing the Use of Browser-Based Blocking Extensions To Prevent Online Tracking. In Proc. SOUPS, 2018.
  61. Is psychology suffering from a replication crisis? what does “failure to replicate” really mean? American Psychologist, 70(6):487, 2015.
  62. Measuring Password Guessability for an Entire University. In Proc. CCS, 2013.
  63. K. S. McClure. Selecting and Describing Your Research Instruments, chapter Identifying and defining the constructs and variables to measure. American Psychological Association, 2020.
  64. “It’s stressful having all these phones”: Investigating Sex Workers’ Safety Goals, Risks, and Practices Online. In Proc. USENIX Security, 2021.
  65. Investigating the Computer Security Practices and Needs of Journalists. In Proc. USENIX Security, 2015.
  66. “I just stopped using one and started using the other”: Motivations, Techniques, and Challenges When Switching Password Managers. In Proc. CCS, 2023.
  67. A. J. Nederhof. Methods of coping with social desirability bias: A review. European Journal of Social Psychology, 15(3):263–280, 1985.
  68. E. B. of the American Anthropological Association. AAA Statement on Race.
  69. A Decade of Demographics in Computing Education Research: A Critical Review of Trends in Collection, Reporting, and Use. In Proc. ICER, 2022.
  70. K. Olmstead and A. Smith. What the public knows about cybersecurity. Pew Research Center, 22, 2017.
  71. Insights into User Behavior in Dealing with Internet Attacks. In NDSS, 2012.
  72. M. T. Orne. On the social psychology of the psychological experiment: With particular reference to demand characteristics and their implications. American psychologist, 17(11):776, 1962.
  73. A. A. C. Ortega. Toward critical demography 2.0. Human Geography, 2023.
  74. Share and Share Alike? An Exploration of Secure Behaviors in Romantic Relationships. In Proc. SOUPS, 2018.
  75. J. Pearl. Causal inference in statistics: An overview. Statistics Surveys, 2009.
  76. Causal inference in statistics: A primer. John Wiley & Sons, 2016.
  77. Let’s Go in for a Closer Look: Observing Passwords in Their Natural Habitat. In CCS, CCS, pages 295–310, New York, NY, USA, 2017. Association for Computing Machinery. event-place: Dallas, Texas, USA.
  78. Why people (don’t) use password managers effectively. In SOUPS, 2019.
  79. D. L. Poston, editor. Handbook of population. Springer, 2nd edition, 2019.
  80. Demography: measuring and modeling population processes. Blackwell, 2001.
  81. H. C. Purchase. Experimental human-computer interaction: a practical guide with visual examples. Cambridge University Press, 2012.
  82. E. M. Redmiles. Net Benefits: Digital Inequities in Social Capital, Privacy Preservation, and Digital Parenting Practices of US Social Media Users. In AAAI, 2018.
  83. A summary of survey methodology best practices for security and privacy researchers. 2017.
  84. Power in Computer Security and Privacy: A Critical Lens. IEEE Security & Privacy, March/April 2023.
  85. “I just want to feel safe”: A Diary Study of Safety Perceptions on Social Media. In Proc. ICWSM, 2019.
  86. Examining the Demand for Spam: Who Clicks? In Proc. CHI, 2018.
  87. How I Learned to be Secure: a Census-Representative Survey of Security Advice Sources and Behavior. In Proc. CCS, 2016.
  88. Where is the Digital Divide? A Survey of Security, Privacy, and Socioeconomics. In Proc. CHI, 2017.
  89. A Comprehensive Quality Evaluation of Security and Privacy Advice on the Web. In Proc. USENIX Security, 2020.
  90. A. Saini. Superior: The Return of Race Science. Penguin Random House, 2019.
  91. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278–1308, 1975.
  92. “Privacy is not for me, it’s for those rich women”: Performative Privacy Practices on Mobile Phones by Women in South Asia. In Proc. SOUPS, 2018.
  93. S. Sannon and A. Forte. Privacy Research with Marginalized Groups: What We Know, What’s Needed, and What’s Next. CSCW, 2022.
  94. HCI Gender Guidelines, 2020.
  95. How We’ve Taught Algorithms to See Identity: Constructing Race and Gender in Image Databases for Facial Analysis. CSCW, 2020.
  96. Intersectional HCI: Engaging identity through gender, race, and class. In Proc. CHI, 2017.
  97. J. C. Scott. Seeing like a State: How Certain Schemes to Improve the Human Condition Have Failed. Yale University Press, 2020.
  98. Predicting Impending Exposure to Malicious Content from User Behavior. In Proc. CCS, 2018.
  99. Encountering Stronger Password Requirements: User Attitudes and Behaviors. In Proc. SOUPS, 2010.
  100. Who Falls for Phish? A Demographic Analysis of Phishing Susceptibility and Effectiveness of Interventions. In Proc. CHI, 2010.
  101. Anti-Phishing Phil: The design and evaluation of a game that teaches people not to fall for phish. In ACM International Conference Proceeding Series, volume 229, pages 88–99, 2007.
  102. Psychology, Science, and Knowledge Construction: Broadening Perspectives from the Replication Crisis. Annual Review of Psychology, 69:487–510, 2018.
  103. W. Sigle. Demography’s theory and approach: (How) has the view from the margins changed? Population Studies, 75(sup1):235–251, 2021.
  104. Computer Security and Privacy for Refugees in the United States. In Proc. IEEE S&P, 2018.
  105. A. Smedley and B. D. Smedley. Race as biology is fiction, racism as a social problem is real: Anthropological and historical perspectives on the social construction of race. American Psychologist, 60(1):16, 2005.
  106. On the Challenges in Usable Security Lab Studies: Lessons Learned from Replicating a Study on SSL Warnings. In Proc. SOUPS, 2011.
  107. F. Stutzman and J. Kramer-Duffield. Friends Only: Examining a Privacy-Enhancing Behavior in Facebook. In Proc. CHI, 2010.
  108. M. I. Suárez and P. Slattery. Resisting erasure: Transgender, gender nonconforming, and nonbinary issues in curriculum studies. Journal of Curriculum and Pedagogy, 15(3):259–262, 2018.
  109. R. Sáenz and M. C. Morales. Handbook of Population, chapter Demography of Race and Ethnicity. Springer, 2nd edition, 2019.
  110. “It’s common and a part of being a content creator”: Understanding How Creators Experience and Cope with Hate and Harassment Online. In Proc. CHI, 2022.
  111. S. Tifferet. Gender differences in privacy tendencies on social network sites: A meta-analysis. Computers in Human Behavior, 93:1–12, 2019.
  112. Care Infrastructures for Digital Security in Intimate Partner Violence. In Proc. CHI, 2022.
  113. Structural equation modeling. Handbook of Psychology, Second Edition, 2, 2012.
  114. S. United Nations Educational and C. Organization. International Standard Classification of Education (ISCED) 2021.
  115. Modifying Smartphone User Locking Behavior. In Proc. SOUPS, 2013.
  116. VAWnet. Violence against trans and non-binary people.
  117. SoK: A Framework for Unifying At-Risk User Research. In Proc. IEEE S&P, 2022.
  118. R. Wash and E. Rader. Too Much Knowledge? Security Beliefs and Protective Behaviors Among United States Internet Users. In SOUPS, 2015.
  119. Skilled or Gullible? Gender Stereotypes Related to Computer Security and Privacy. In Proc. IEEE S&P, 2023.
  120. A. Whitten and J. D. Tygar. Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0. In USENIX Security, 1999.
  121. Infrastructuring Care: How Trans and Non-Binary People Meet Health and Well-Being Needs through Technology. In Proc. CHI, 2023.
  122. Gender roles, computer attitudes, and dyadic computer interaction performance in college students. Sex Roles, 29(7):515, 1993.
  123. H. Wimberly and L. M. Liebrock. Using fingerprint authentication to reduce system security: An empirical study. IEEE Security & Privacy, 2011.
  124. Research Contributions in Human-Computer Interaction. Interactions, 23(3):38–44, 2016.
  125. Distress Disclosure across Social Media Platforms during the COVID-19 Pandemic: Untangling the Effects of Platforms, Affordances, and Audiences. In Proc. CHI, 2021.
  126. Examining the Adoption and Abandonment of Security, Privacy, and Identity Theft Protection Practices. In Proc. CHI, 2020.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (6)
  1. Miranda Wei (5 papers)
  2. Jaron Mink (2 papers)
  3. Yael Eiger (2 papers)
  4. Tadayoshi Kohno (32 papers)
  5. Elissa M. Redmiles (24 papers)
  6. Franziska Roesner (23 papers)
Citations (2)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets