Jan Tolsdorf scite author profile

Jan Tolsdorf

5Publications

52Citation Statements Received

129Citation Statements Given

How they've been cited

How they cite others

154

124

Affiliations

Hochschule Bonn-Rhein-Sieg, TH Köln - University of Applied Sciences

Publications

Order By: Most citations

Privacy Considerations for Risk-Based Authentication Systems

Wiefling

Tolsdorf

Iacono

2021

View full text Add to dashboard Cite

Risk-based authentication (RBA) extends authentication mechanisms to make them more robust against account takeover attacks, such as those using stolen passwords. RBA is recommended by NIST and NCSC to strengthen password-based authentication, and is already used by major online services. Also, users consider RBA to be more usable than two-factor authentication and just as secure. However, users currently obtain RBA's high security and usability benefits at the cost of exposing potentially sensitive personal data (e.g., IP address or browser information). This conflicts with user privacy and requires to consider user rights regarding the processing of personal data.We outline potential privacy challenges regarding different attacker models and propose improvements to balance privacy in RBA systems. To estimate the properties of the privacy-preserving RBA enhancements in practical environments, we evaluated a subset of them with long-term data from 780 users of a real-world online service. Our results show the potential to increase privacy in RBA solutions. However, it is limited to certain parameters that should guide RBA design to protect privacy. We outline research directions that need to be considered to achieve a widespread adoption of privacy preserving RBA with high user acceptance.

show abstract

Exploring mental models of the right to informational self-determination of office workers in Germany

Tolsdorf

Dehling

Reinhardt

et al. 2021

View full text Add to dashboard Cite

Applied privacy research has so far focused mainly on consumer relations in private life. Privacy in the context of employment relationships is less well studied, although it is subject to the same legal privacy framework in Europe. The European General Data Protection Regulation (GDPR) has strengthened employees’ right to privacy by obliging that employers provide transparency and intervention mechanisms. For such mechanisms to be effective, employees must have a sound understanding of their functions and value. We explored possible boundaries by conducting a semi-structured interview study with 27 office workers in Germany and elicited mental models of the right to informational self-determination, which is the European proxy for the right to privacy. We provide insights into (1) perceptions of different categories of data, (2) familiarity with the legal framework regarding expectations for privacy controls, and (3) awareness of data processing, data flow, safeguards, and threat models. We found that legal terms often used in privacy policies used to describe categories of data are misleading. We further identified three groups of mental models that differ in their privacy control requirements and willingness to accept restrictions on their privacy rights. We also found ignorance about actual data flow, processing, and safeguard implementation. Participants’ mindsets were shaped by their faith in organizational and technical measures to protect privacy. Employers and developers may benefit from our contributions by understanding the types of privacy controls desired by office workers and the challenges to be considered when conceptualizing and designing usable privacy protections in the workplace.

show abstract

In Our Employer We Trust: Mental Models of Office Workers’ Privacy Perceptions

Tolsdorf

Dehling

2020

View full text Add to dashboard Cite

A Case Study on the Implementation of the Right of Access in Privacy Dashboards

Tolsdorf

Fischer

Iacono

2021

View full text Add to dashboard Cite

Components and Architecture for the Implementation of Technology-Driven Employee Data Protection

Dehling

Feth

Polst

et al. 2021

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Jan Tolsdorf

Privacy Considerations for Risk-Based Authentication Systems

Exploring mental models of the right to informational self-determination of office workers in Germany

In Our Employer We Trust: Mental Models of Office Workers’ Privacy Perceptions

A Case Study on the Implementation of the Right of Access in Privacy Dashboards

Components and Architecture for the Implementation of Technology-Driven Employee Data Protection

Contact Info

Product

Resources

About