Heather Richter Lipford

Contextual gaps: privacy issues on Facebook

Social networking sites like Facebook are rapidly gaining in popularity. At the same time, they seem to present significant privacy issues for their users. We analyze two of Facebooks’s more recent features, Applications and News Feed, from the perspective enabled by Helen Nissenbaum’s treatment of privacy as “contextual integrity.” Offline, privacy is mediated by highly granular social contexts. Online contexts, including social networking sites, lack much of this granularity. These contextual gaps are at the root of many of the sites’ privacy issues. Applications, which nearly invisibly shares not just a users’, but a user’s friends’ information with third parties, clearly violates standard norms of information flow. News Feed is a more complex case, because it involves not just questions of privacy, but also of program interface and of the meaning of “friendship” online. In both cases, many of the privacy issues on Facebook are primarily design issues, which could be ameliorated by an interface that made the flows of information more transparent to users.

Game2Learn: improving the motivation of CS1 students

Games are increasingly being used for education and training in a variety of areas. We are developing a game to teach introductory computer science concepts, called Game2Learn, to increase student motivation and engagement in learning CS1, which are critical for recruiting students into computer science. We evaluated student feedback and performance of initial prototypes to examine the Game2Learn concept and provide design guidelines for ongoing game development. In this paper, we present the results of this study, which demonstrate that students can have fun programming within a game, and that in-game rewards and punishments are vital to the motivation and potential learning of students.

Visual vs. compact: a comparison of privacy policy interfaces

In this paper, we compare the impact of two different privacy policy representations -- AudienceView and Expandable Grids -- on users modifying privacy policies for a social network site. Despite the very different interfaces, there were very few differences in user performance. However, users had clear, and different, preferences and acknowledged the tradeoffs between the two representations. Our results imply that while either interface would be a usable option for policy settings, a combination may appeal to a wider audience and offer the best of both worlds.

Evaluating the relationship between user interaction and financial visual analysis

It has been widely accepted that interactive visualization techniques enable users to more effectively form hypotheses and identify areas for more detailed investigation. There have been numerous empirical user studies testing the effectiveness of specific visual analytical tools. However, there has been limited effort in connecting a userpsilas interaction with his reasoning for the purpose of extracting the relationship between the two. In this paper, we present an approach for capturing and analyzing user interactions in a financial visual analytical tool and describe an exploratory user study that examines these interaction strategies. To achieve this goal, we created two visual tools to analyze raw interaction data captured during the user session. The results of this study demonstrate one possible strategy for understanding the relationship between interaction and reasoning both operationally and strategically.

Facebook apps and tagging: The trade-off between personal privacy and engaging with friends

The use of social network sites offers many potential social benefits, but also raises privacy concerns and challenges for users. The trade‐off users have to make between using sites such as Facebook to connect with their friends versus protecting their personal privacy is not well understood. Furthermore, very little behavioral research has focused on how personal privacy concerns are related to information disclosures made by ones friends. Our survey study of 116 Facebook users shows that engaging with friends through tagging activity and third‐party application use is associated with higher levels of personal Facebook usage and a stronger emotional attachment to Facebook. However, users who have high levels of personal privacy concern and perceive a lack of effectiveness in Facebooks privacy policies tend to engage less frequently in tagging and app activities with friends, respectively. Our model and results explore illustrate the complexity of the trade‐off between privacy concerns, engaging with friends through tagging and apps, and Facebook usage.

Evaluating interactive support for secure programming

Implementing secure code is an important and oft-overlooked non-functional requirement. Secure programming errors are a subset of program errors that result in many common privacy and security breaches in commercial software. We are seeking to provide interactive support for secure programming in the development environment. In this paper, we have evaluated our prototype tool, ASIDE, which provides real-time warnings and code generation to reduce secure programming errors introduced by programmers. We evaluate the potential use and effectiveness of ASIDE on both novice and professional developers in two comparison user studies. Our results demonstrate that the interactive support can help address this important non-functional requirement, and suggest guidelines for such tools to support programmers.

Questions developers ask while diagnosing potential security vulnerabilities with static analysis

Security tools can help developers answer questions about potential vulnerabilities in their code. A better understanding of the types of questions asked by developers may help toolsmiths design more effective tools. In this paper, we describe how we collected and categorized these questions by conducting an exploratory study with novice and experienced software developers. We equipped them with Find Security Bugs, a security-oriented static analysis tool, and observed their interactions with security vulnerabilities in an open-source system that they had previously contributed to. We found that they asked questions not only about security vulnerabilities, associated attacks, and fixes, but also questions about the software itself, the social ecosystem that built the software, and related resources and tools. For example, when participants asked questions about the source of tainted data, their tools forced them to make imperfect tradeoffs between systematic and ad hoc program navigation strategies.

Charting new ground: modeling user behavior in interactive geovisualization

Geovisualization has traditionally played a critical role in analysis and decision-making, but recent developments have also brought a revolution in widespread online access to geographic data and integration tools, particularly for map-based interfaces. This next generation of geovisualization applications is often characterized by high interactivity and strong end-user participation in both development and use. Building the most effective tools to support user-centered geographic visualization faces a significant challenge, though: very little is known about how people interact with maps. To date, map use research has typically focused on higher order use goals or cognitive interpretations of static map representations. Our research employs Human-Computer Interaction approaches in order to investigate user behaviors that contribute to interactive map use and understanding. This paper describes our approach to studying geovisualization interaction and presents our pilot user studies and initial interaction model. By building a better understanding of how people interact with map interfaces, we will be able to design better user-centered geographic visualizations and learn how to best customize these applications to specific user groups.

Supporting secure programming in web applications through interactive static analysis

Many security incidents are caused by software developers’ failure to adhere to secure programming practices. Static analysis tools have been used to detect software vulnerabilities. However, their wide usage by developers is limited by the special training required to write rules customized to application-specific logic. Our approach is interactive static analysis, to integrate static analysis into Integrated Development Environment (IDE) and provide in-situ secure programming support to help developers prevent vulnerabilities during code construction. No additional training is required nor are there any assumptions on ways programs are built. Our work is motivated in part by the observation that many vulnerabilities are introduced due to failure to practice secure programming by knowledgeable developers. We implemented a prototype interactive static analysis tool as a plug-in for Java in Eclipse. Our technical evaluation of our prototype detected multiple zero-day vulnerabilities in a large open source project. Our evaluations also suggest that false positives may be limited to a very small class of use cases.

Reconciling privacy with social media

Social media is one way that individuals share information, present themselves, and manage their social interactions in both personal and professional contexts. While social media benefits have been examined in the literature, relatively little attention has been paid to the relationship of privacy to these benefits. Privacy has traditionally been framed as a way for individuals to protect themselves from the consequences of too much information disclosure. However, privacy can be a means to enhance social media outcomes and is essential for coordinating cooperative relationships. In this workshop we seek to: a) broaden the lens of social media privacy research to examine the benefits and outcomes of interactional privacy as they relate to social media goals; and b) discuss the design of social media interfaces that are responsive to both relational and privacy needs.