Abstract
We investigate cybersecurity toolkits, collections of public facing materials intended to help users achieve security online. Through a qualitative analysis of 41 online toolkits, we present a set of key design dimensions: agentive scale (who is responsible for security), achievability (can security be achieved), and interventional stage (when are security measures taken). Recognizing toolkits as socially and culturally situated, we surface ways in which toolkits construct security as a value and, in so doing, how they construct people as (in)secure users. We center the notion of differential vulnerabilities, an understanding of security that recognizes safety as socially contingent, adversaries as unstable figures, and risk as differentially applied based on markers of relational position (e.g. class, race, religion, gender, geography, experience). We argue that differential vulnerabilities provides a key design concern in future security resources, and a critical concept for security discourses.
- Norah Abokhodair, Adam Hodges, and Sarah Vieweg. 2017. Photo Sharing in the Arab Gulf: Expressing the Collective and Autonomous Selves. In Proceedings of the 2017 ACM Conference on Computer Supported Cooperative Work and Social Computing - CSCW '17, 696--711. Google ScholarDigital Library
- Sara Ahmed. 2014. The Cultural Politics of Emotion. Edinburgh University Press, Edinburgh.Google Scholar
- Madeleine Akrich. 1992. The De-Scription of Technical Objects. In Shaping Technology Building Society: Studies in Sociotechnical Change, Wiebe Bijker and John Law (eds.). MIT Press, 205--224.Google Scholar
- Jeffrey Bardzell and Shaowen Bardzell. 2015. The user reconfigured: on subjectivities of information. In Proceedings of The Fifth Decennial Aarhus Conference on Critical Alternatives (AA '15), 133--144. Google ScholarDigital Library
- Eric P S Baumer and Jed R Brubaker. 2017. Post-userism. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems - CHI '17, 6291--6303. Google ScholarDigital Library
- Bennet Berger. The Survival of a Counterculture: Ideological Work and Everyday Life Among Rural Communards. University of California Press, 1981.Google Scholar
- Michel de Certeau. 1984. The practice of everyday life. Berkeley: University of California Press.Google Scholar
- Danielle Keats Citron. 2014. Hate Crimes in Cyberspace, Harvard University Press.Google Scholar
- Sauvik Das, Adam D.I. Kramer, Laura A. Dabbish, and Jason I. Hong. 2015. The Role of Social Influence in Security Feature Adoption. In Proceedings of the 18th ACM Conference on Computer Supported Cooperative Work & Social Computing (CSCW '15), 1416--1426. Google ScholarDigital Library
- Christopher A. Le Dantec, Erika Shehan Poole, and Susan P. Wyche. 2009. Values as lived experience: Evolving value sensitive design in support of value discovery. In Proceedings of the 27th international conference on Human factors in computing systems - CHI 09, 1141. Google ScholarDigital Library
- Paul Dourish and Ken Anderson. 2006. Collective Information Practice: Exploring Privacy and Security as Social and Cultural Phenomena. Human-Computer Interaction 21, 3: 319--342. Google ScholarDigital Library
- Serge Egelman, Lorrie Faith Cranor, and Jason Hong. 2008. You've been warned: an empirical study of the effectiveness of web browser phishing warnings. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '08), 1065--1074.: Google ScholarDigital Library
- Serge Egelman, Serge, and Eyal Peer. 2015. The myth of the average user: Improving privacy and security systems through individualization. Proceedings of the 2015 New Security Paradigms Workshop. Google ScholarDigital Library
- Batya Friedman, Peter H. Kahn, and Alan Borning. 2008. Value Sensitive Design and Information Systems. In The Handbook of Information and Computer Ethics, Kenneth Einar Himma and Herman T. Tavani (eds.). John Wiley & Sons, Inc., 69--101.Google Scholar
- Jean Hardy and Silvia Lindtner. 2017. Constructing a Desiring User: Discourse, Rurality, and Design in Location-Based Social Networks. In Proceedings of the 2017 ACM Conference on Computer Supported Cooperative Work and Social Computing - CSCW '17, 13--25. Google ScholarDigital Library
- Lara Houston, Steven J Jackson, Daniela K Rosner, Syed Ishtiaque Ahmed, Meg Young, and Laewoo Kang. 2016. Values in Repair. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems - CHI '16, 1403--1414. Google ScholarDigital Library
- Tung-Hui Hu. 2015. A Prehistory of the Cloud. MIT Press. Google ScholarDigital Library
- Haiyan Jia, Pamela J. Wisniewski, Heng Xu, Mary Beth Rosson, and John M Carroll. 2015. Risk-taking as a Learning Process for Shaping Teen's Online Information Privacy Behaviors. In Proceedings of the 18th ACM Conference on Computer Supported Cooperative Work & Social Computing - CSCW '15, 583--599. Google ScholarDigital Library
- Cory Knobel and Geoffrey C. Bowker. 2011. Values in design. Communications of the ACM 54, 26. Google ScholarDigital Library
- Steven J. Jackson. 2014. Rethinking Repair. In Media Technologies: Essays on Communication, Materiality, and Society, Tarleton Gillespie, Pablo J. Boczkowski and Kirsten A. Foot (eds.). The MIT Press, 221--240.Google Scholar
- Nassim JafariNaimi, Lisa Nathan, and Ian Hargraves. 2015. Values as Hypotheses: Design, Inquiry, and the Service of Values. Design Issues 31, 4: 91--104.Google ScholarCross Ref
- Zeus Leonardo. 2004. The Color of Supremacy: Beyond the discourse of 'white privilege." Educational Philosophy and Theory 36, 2: 137--152.Google ScholarCross Ref
- Helen Nissenbaum. 2001. How computer systems embody values. Computer 34, 3: 120--119. Google ScholarDigital Library
- Helen Nissenbaum. 2005. Where Computer Security Meets National Security. Ethics of Information Technology 7, 2: 61--73. Google ScholarDigital Library
- Bryan D. Payne and W. Keith Edwards. 2008. A Brief Introduction to Usable Security. IEEE Internet Computing 12, 3: 13--21. Google ScholarDigital Library
- Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, and David Wagner. 2012. Android permissions: user attention, comprehension, and behavior. In Proceedings of the Eighth Symposium on Usable Privacy and Security (SOUPS '12), Article 3 , 14 pages. Google ScholarDigital Library
- Jennifer A. Rode. 2010. The roles that make the domestic work. In Proceedings of the 2010 ACM conference on Computer supported cooperative work (CSCW '10). 381--390. Google ScholarDigital Library
- Daniela K. Rosner and Morgan Ames. 2014. Designing for repair?: infrastructures and materialities of breakdown. In Proceedings of the 17th ACM conference on Computer supported cooperative work & social computing - CSCW '14, 319--331. Google ScholarDigital Library
- Katie Shilton, Jes A. Koepfler, and Kenneth R. Fleischmann. 2014. How to see values in social computing: Methods for Studying Values Dimensions. In Proceedings of the 17th ACM Conference on Computer Supported Cooperative Work & Social Computing (CSCW '14), 426--435. Google ScholarDigital Library
- Yang Wang. 2017. The Third Wave? Inclusive Privacy and Security. In Proceedings of the 2017 New Security Paradigms Workshop - NSPW 2017, 122--130. Google ScholarDigital Library
- Alma Whitten and J.D. Tygar. 1999. Why Johnny can't encrypt: A usability evaluation of PGP 5.0. In Proceedings of the 8th USENIX Security Symposium, 169--184. Google ScholarDigital Library
- Langdon Winner. 1980. Do Artifacts Have Politics? Daedalus 109, 1: 121--136.Google Scholar
- Steve Woolgar. 1990. Configuring the User: The Case of Usability Trials. The Sociological Review 38, 1_suppl: 58--99.Google ScholarCross Ref
- Shundan Xiao, Jim Witschey, and Emerson Murphy-Hill. 2014. Social influences on secure development tool adoption: why security tools spread. In Proceedings of the 17th ACM conference on Computer supported cooperative work & social computing (CSCW '14). 1095--1106. Google ScholarDigital Library
Index Terms
- Differential Vulnerabilities and a Diversity of Tactics: What Toolkits Teach Us about Cybersecurity
Recommendations
Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures
AbstractSide-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks ...
A Review on C3I Systems’ Security: Vulnerabilities, Attacks, and Countermeasures
Command, Control, Communication, and Intelligence (C3I) systems are increasingly used in critical civil and military domains for achieving information superiority, operational efficacy, and greater situational awareness. The critical civil and military ...
Exploiting Bluetooth Vulnerabilities in e-Health IoT Devices
ICFNDS '19: Proceedings of the 3rd International Conference on Future Networks and Distributed SystemsInternet of Things (IoT) is an interconnected network of heterogeneous things through the Internet. The current and next generation of e-health systems are dependent on IoT devices such as wireless medical sensors. One of the most important applications ...
Comments