For many years, cookies have been widely used by websites, storing information about users' behaviour.While enabling additional functionality and potentially improving user experience, cookies, especially third parties for data analysis, can be a threat to privacy.The EU protection directive, among other prescriptions, require that the website providers inform users cookie use on their websites displaying so-called disclaimer.It remains an open question, however, what effect does disclaimer...

Abstract Although media reports often warn about risks associated with using privacy-threatening technologies, most lay users lack awareness of particular adverse consequences that could result from this usage. Since might lead them to underestimate the data collection, we investigate how perceive different abstract and specific privacy risks. To end, conducted a survey 942 participants in which asked rate nine risk scenarios terms probability severity. The included as well scenarios,...

Many EU data collectors rely on informed consent for processing, requiring users to after being informed. To do so, it is necessary have at least partially correct assumptions about what the software does. The introduction of official German contact tracing app, Corona-Warn-App (CWA), provides an interesting use case explore whether potential are capable with a reasonable amount effort by publishers software. We captured CWA users’ and non-users’ mental models collection processing in app...

Personal Privacy Assistants (PPAs) can support users in managing their privacy. Conducting a user study, we provide qualitative and quantitative insights into how imagine PPA PPAs designs appear for different groups. We highlight five aspects derived from the literature that are essential when designing PPA: What features should have? How learn users’ preferences? level of involvement its decisions Which vendor offer PPA? data willing to disclose Our results holistic view perceptions PPAs....

Albeit offering many benefits, smartphones can pose a severe privacy threat to users. While some users might simply be not aware of issues, others are highly motivated protect their data, but lack the ability and knowledge do so. We developed an Android-based application called "FoxIT", which provides with several education modules as well static smartphone app permission analysis increase both, awareness mobile conducted first evaluation FoxIT in two-week field study 31 were able show that...

Users make two privacy-related decisions when signing up for a new Service Provider (SP): (1) whether to use an existing Single Sign-On (SSO) account of Identity (IdP), or not, and (2) the information IdP is allowed share with SP under specific conditions. From privacy point view, social network-based SSO solutions (i.e. login) not recommended. This advice, however, comes at expense security, usability, functionality. Thus, in principle, it should be user consider all advantages...

End-to-end (E2E) encryption is an effective measure against privacy infringement. In 2016, it was introduced by WhatsApp for all users (of the latest app version) quasi overnight. However, unclear how non-expert perceived this change, whether they trust as a provider of E2E encryption, and their communication behavior changed. We conducted semi-structured interviews with twenty to answer these questions. found that about half participants even messages could still be eavesdropped, example...

Albeit people worldwide cry out for the protection of their privacy, they often fail to successfully protect private data. Possible reasons this failure that have been identified in previous research include a lack knowledge about possible privacy consequences, negative outcome rational cost-benefit analysis, and insufficient ability on users' side. However, these findings mainly base theoretical considerations or results from quantitative studies, no comprehensive explanation behavior has...

For many years, cookies have been widely used by websites, storing information about users’ behaviour. While enabling additional functionality and potentially improving user experience, can be a threat to privacy, especially third parties for data analysis. Websites providers are legally required inform users cookie use displaying so-called disclaimer. We conducted survey study in 2017 investigate how perceive this disclaimer whether it affects their actual found that while most participants...

Thermal attacks refer to the possibility of capturing heat traces that result from interacting with user interfaces reveal sensitive input, such as passwords. The technical feasibility and effectiveness thermal have already been demonstrated. Yet, several preconditions be met for successful attacks. In this paper, we investigate awareness which extent attack's are in users' daily lives. We present results an online study 101 participants showing users frequently at risk based on their...

Many websites contain services from third parties. Misconfigurations of these can lead to missing compliance with legal obligations and privacy risks for website users. Previous research indicates that one cause such issues is awareness. However, reasons the awareness other prevalence are not widely researched; includes owners’ dealing those issues. To shed light on issue, we analyze 1043 responses owners a notification about issue their using thematic analysis, following an exploratory...

Legal frameworks rely on users to make an informed decision about data collection, e.g., by accepting or declining the use of tracking technologies. In practice, however, hardly interact with consent notices a deliberate website per level, but usually accept decline optional technologies altogether in habituated behavior. We explored potential three different nudge types (color highlighting, social cue, timer) and default settings interrupt this auto-response experimental between-subject...

Purpose This paper aims to contribute the understanding of goal setting in organizations, especially regarding mitigation conflicting productivity and security goals. Design/methodology/approach describes results a survey with 200 German employees effects on employees’ compliance. Based results, concept for information goals organizations building actionable behavioral recommendations from awareness materials is developed. was evaluated three small- medium-sized (SMEs) overall 90 employees....

IoT devices are becoming more common and prevalent in private households. Since guests can be present IoT-equipped households, pose considerable privacy risks to them. In this paper, we an in-depth evaluation of protection for considering the perspectives hosts guests. First, interviewed 21 device owners about four classes mechanisms obtained from literature social aspects. Second, conducted online survey (N=264) that investigates perspective From our results, learn should not introduce...

Passwords and PINs are used to protect all kinds of services against adversaries in our everyday lives. To serve their purpose, passwords require a certain degree complexity which is often enforced through password policies. This results complicated passwords, might not only be hard for users create, but also remember. Furthermore, reuse they feel secure. We present scheme deterministic generation that solves these problems by assisting the user generating remembering passwords. The...

Using gamepad-driven devices like games consoles is an activity frequently shared with others. Thus, shoulder-surfing a serious threat. To address this threat, we present the first investigation of resistant text password entry on gamepads by (1) identifying requirements context; (2) assessing whether authentication schemes proposed in non-gamepad contexts can be viably adapted to meet these requirements; (3) proposing "Colorwheels", novel scheme specifically geared towards (4) using two...