SOUPS: Usable Privacy & Security Forum

Updated 1 December 2025

SOUPS is an interdisciplinary research venue known for integrating human-computer interaction with privacy and security, emphasizing user-centric design and empirical evaluations.
The symposium has demonstrated robust growth through diverse collaborations, evolving from modest beginnings to a global forum with increasing publication and co-authorship metrics.
It advances actionable insights by integrating methodological innovations such as differential privacy, inclusive design, and explainable AI to tackle real-world security challenges.

The Symposium on Usable Privacy and Security (SOUPS) is an interdisciplinary research venue dedicated to advancing the empirical study and engineering of usable privacy and security systems. Launched in 2005, SOUPS catalyzed a scientific community at the intersection of human-computer interaction (HCI), security, and privacy, addressing design, adoption, and evaluation challenges that arise when sociotechnical factors shape security outcomes. Over its two-decade trajectory, SOUPS has developed a distinct scholarly identity, defined by its human-centric focus, methodological rigor, and unique position as a “team science” discipline characterized by large, diverse collaborations and cross-institutional networks (Chen et al., 24 Nov 2025).

1. Historical Development and Scientific Community Structure

SOUPS emerged as a response to the realization that technical solutions in security and privacy fail if they neglect users’ cognitive, social, and contextual needs. Utilizing automated DBLP-sourcing and bibliometrics, longitudinal analyses reveal that SOUPS grew from 12 papers and ∼130 institutional affiliations in 2005 to 42 papers and ∼260 contributing institutions in 2023, indicating an average annual growth rate $g \approx 6.5\%$ (Chen et al., 24 Nov 2025). Authorship expanded from 2.8 to 5.1 co-authors per paper, with female author representation rising from 20% to 46% over this period, substantially exceeding sister venues such as Financial Cryptography (cumulative 12.7%). The co-authorship network exhibits “small-world” topology (average path length $\langle \ell \rangle \approx 6.1$ ), high clustering ( $\langle C \rangle \approx 0.47$ ), and a modularity $Q \approx 0.3$ with 5–7 persistent topical clusters per five-year interval.

Thematic coherence increased from 0.12 to 0.25, reflecting a consolidation around key topics such as authentication, password design, phishing, privacy labels, security warnings, and accessibility (Chen et al., 24 Nov 2025). Renowned hubs include L. Cranor, A. Acquisti, and L. Bauer, who consistently act as structural bridges for interdisciplinary collaboration.

2. Core Research Domains and Methodological Innovations

SOUPS is distinguished by its multidisciplinary research agenda, foregrounding user-centered design and behavioral evaluation of security and privacy systems. The program encompasses:

Usability of Security Mechanisms: Empirical studies of authentication (passwords, graphical passwords, MFA), device-pairing protocols, access control, and privacy consent dialogs (Chen et al., 24 Nov 2025).
Privacy Engineering: Design and evaluation of privacy models, user interfaces, and consent mechanisms for both ordinary and high-risk populations, including vulnerable and marginalized groups (Gautam, 2020).
Formal Frameworks and Certification: Introduction of operational measurement models such as the Usable Privacy (UP) Cube, which extends EuroPriSe standards into a three-dimensional grid of data protection principles, data subject rights, and formalized usability criteria (effectiveness, efficiency, satisfaction) (Johansen et al., 2019).
Empirical Methodologies: SOUPS research routinely incorporates controlled A/B experiments, participatory design, cognitive walkthroughs, think-aloud protocols, longitudinal field tests, and the integration of automated task-logging and survey instrumentation to ground statistical inference and HCI metrics (Chen et al., 24 Nov 2025).

3. Advancing Inclusive and Practicable Privacy

SOUPS research redefines privacy and security as fundamentally socio-technical phenomena that require accounting for marginalized collective needs, not just individual cognitive ergonomics. Gautam et al. advance the model of “practicable privacy,” positing that a privacy practice $p \in P$ is only valid if it satisfies

$P^* = U \cap A \cap R$

where $U=$ {usable}, $A=$ {acceptable}, $R=$ {appropriable}, grounding each pillar in both operational and socio-political metrics (task completion, cultural acceptability, adaptability) (Gautam, 2020). Empirical studies with populations such as sex-trafficking survivors in Nepal reveal how—beyond individual usability—collectivist values, stigma dynamics, and physical space constraints dictate which privacy practices can be learned, enacted, and socially sustained.

This focus prompts a critical shift for SOUPS: research now investigates how privacy and security practices must be designed as appropriable by communities, not just comprehensible to isolated individuals.

4. Differential Privacy and Usability: Bridging Math and Practice

The adoption of advanced privacy technologies such as differential privacy (DP) exposes tensions between formal mathematical guarantees and the cognitive, communicative, and policy constraints faced by implementers and end-users. SOUPS-sponsored systematization-of-knowledge (SoK) and gap-analysis studies articulate core challenges:

Difficulty selecting appropriate $\epsilon$ (privacy-loss) parameters and communicating privacy-utility tradeoffs (e.g., error bars as $\epsilon$ varies) to both technical and nontechnical stakeholders (Dibia et al., 22 Dec 2024).
Gaps in tooling for composing, auditing, and documenting end-to-end DP deployments, especially those responsive to contextual and collective harms (Cummings et al., 17 Jun 2024).
Recommendations for layered UI design, inclusive communication (metaphor-driven explanations, risk diagrams), and the establishment of “privacy registries” and audit standards addressing global $\epsilon$ , governance, and recourse (Cummings et al., 17 Jun 2024, Dibia et al., 22 Dec 2024).

SOUPS research aligns on the necessity of integrating DP into mainstream UX, expanding from theoretical models to actionable, stakeholder-driven toolkits.

5. Inclusion, Accessibility, and Product Equity

SOUPS contributions decode the intrinsic link between accessibility, inclusion, and robust privacy/security outcomes. Evidence from systematic reviews of user experiences for disabled populations demonstrates that authentication mechanisms—CAPTCHAs, PINs, password flows—exhibit dramatically higher error rates (e.g., >80% failure for motor/vision impaired users on CAPTCHAs; mean 3× authentication time for Down syndrome users) (Zezulak et al., 2023). Adaptations such as multi-modal CAPTCHAs, audio/haptic feedback, and accessible password managers form a core inclusion toolkit.

A product-inclusion threat modeling approach formalizes the analysis by scoring each (asset, threat, environment) tuple with:

$R(T_j|E_p) = P(T_j|E_p) \times I(T_j)$

and iteratively refining product design to ensure equitable security across demographics (e.g., shared-device usage, ML fairness, connectivity constraints, socioeconomic status) (Kleidermacher et al., 20 Apr 2024).

SOUPS community guidelines therefore mandate:

Integrating ability-based design and value-sensitive design methodologies throughout the product lifecycle (Das et al., 2021).
Embedding inclusion metrics (e.g., accessibility feature adoption, fairness deltas in ML authentication) into both user testing and platform integration (Kleidermacher et al., 20 Apr 2024).

6. Explainable AI and Formal Verification in Usable Security

Frontier research at SOUPS addresses the rising influence of automated explainable systems. Human-centered explainable AI (HCXAI), as exemplified by the PRISMe policy-assessment tool, introduces adaptive LLM-driven explanations with formalized metrics for consistency, transparency, faithfulness, and uncertainty (entropy/confidence intervals) (Freiberger et al., 17 Apr 2025). A key finding is the diverse user information needs—some demand exhaustive evidence-backing; others favor minimalist, color-coded summaries.

Parallelly, the impact of formal verification on user trust and adoption is being addressed in proposed empirical programs, focusing on the communication, interpretation, and limitation of machine-checked proofs in real-world secure software UIs (Carreira et al., 2021).

7. Impact, Future Directions, and Open Challenges

SOUPS has established itself as the premier forum for rigorous, user-centered security and privacy science with demonstrable impact: highest-cited papers exceed 1,500 citations; solo-author SOUPS papers average 156.8 citations—far surpassing technical cryptography venues (Chen et al., 24 Nov 2025). SOUPS methodologies now guide tool certification (UP Cube for GDPR usability), field evaluations (differential privacy pilots), and the de-biasing of security for marginalized and global populations.

Unresolved challenges include:

Standardizing parameterization and auditing in privacy technologies for meaningful, inclusive deployment.
Bridging the lay–expert explanatory gap in automated assessment tools without reducing transparency or rigour.
Embedding inclusive threat modeling and accessibility as continuous processes rather than post hoc fixes.

Collectively, SOUPS exemplifies a sustained research community where HCI, statistical measurement, privacy engineering, and social theory converge to deliver usable, trustworthy, and equitable digital security at scale.