Toward Gender-Equitable Privacy and Security in South Asia

Sambasivan, Nithya; Ahmed, Nova; Batool, Amna; Bursztein, Elie; Churchill, Elizabeth F.; Gaytán-Lugo, Laura S.; Matthews, Tara; Nemar, David; Thomas, Kurt; Consolvo, Sunny

doi:10.1109/msec.2019.2912727

Cited by 19 publications

(26 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Scheuerman et al [80] also provided a framework for assessing the severity of threats based on such harms. Thomas et al [91], Sambasivan et al [76], and Levy and Schneier [51] detailed how attacks vary based on the capabilities of attackers, such as having intimate access to a target, or privileged access to a target's devices or data. Our at-risk framework differs in that we isolate the contextual risk factors that may make at-risk users particularly vulnerable to such attacks, threats, or harms.…”

Section: B Previous Taxonomies Of Attacks Threats and Harmsmentioning

confidence: 99%

“…These threats were typified by a broad set of potential attackers, and contending with this type of hate and harassment may generally lead to emotional distress [13,92,96]. For this factor, past research has described the perception that anyone may be a potential attacker [79], exacerbated by the fact that attackers may hide behind anonymous identities [76,92].…”

Section: A Societal Factorsmentioning

confidence: 99%

“…Given that this factor is associated with stigmatized information, attackers may also coerce at-risk users by threatening to leak information that could be harmful. This can lead to reputation damage [96,100] or sexual violence [35,76]. For example, attackers may threaten to "out" transgender individuals [50] or, in conservative regions, may threaten to leak chat logs between a man and a woman to damage the woman's reputation [76,96].…”

Section: A Societal Factorsmentioning

confidence: 99%

“…This can lead to reputation damage [96,100] or sexual violence [35,76]. For example, attackers may threaten to "out" transgender individuals [50] or, in conservative regions, may threaten to leak chat logs between a man and a woman to damage the woman's reputation [76,96]. Algorithmic bias may also create or exacerbate digital-safety risks in this space.…”

Section: A Societal Factorsmentioning

confidence: 99%

See 3 more Smart Citations

SoK: A Framework for Unifying At-Risk User Research

Warford¹,

Matthews²,

Yang³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

At-risk users are people who experience elevated digital security, privacy, and safety threats because of what they do, who they are, where they are, or who they are with. In this systematization work, we present a framework for reasoning about at-risk users based on a wide-ranging meta-analysis of 85 papers. Across the varied populations that we examined (e.g., children, activists, women in developing regions), we identified 10 unifying contextual risk factors-such as oppression or stigmatization and access to a sensitive resource-which augment or amplify digital-safety threats and their resulting harms. We also identified technical and non-technical practices that at-risk users adopt to attempt to protect themselves from digital-safety threats. We use this framework to discuss barriers that limit at-risk users' ability or willingness to take protective actions. We believe that the security, privacy, and human-computer interaction research and practitioner communities can use our framework to identify and shape research investments to benefit at-risk users, and to guide technology design to better support at-risk users. RQ1: Contextual risk factors. What factors-such as aperson's relationships, personal circumstances, or situation in society-contribute to digital-safety threats for at-risk users? RQ2: Interactions. How do these contextual risk factors interact to elevate the risk or severity of digitalsafety threats for at-risk users? RQ3: Protective practices. What protective practices are common across at-risk users when attempting to address their digital-safety needs? RQ4: Barriers. What barriers do at-risk users encounter in protecting themselves from digital-safety threats?Based on an analysis across 31 distinct population categories (e.g., activists, refugees, children), we identified 10 contextual risk factors that cross-cut at-risk populations, yielding a clearly-defined set of circumstances that the digital-safety community can consider in research, design, and development to support at-risk users. We also found that at-risk users currently rely on varied, often ad-hoc protective practices, ranging from leaning on social connections, to distancing themselves from technology, to relying on a patchwork of technical strategies to try to minimize risks and harms. Our atrisk framework is comprised of these contextual risk factors and protective practices. We use our framework to discuss barriers that limit or prevent at-risk users from enacting digital protections, and show how competing priorities, a lack of digital safety awareness, and broken technology assumptions compound the challenges at-risk users face.We advocate for the digital-safety community to consider at-risk users' needs in risk modeling and design. Our framework provides a blueprint for addressing these issues through research, 1 education support, and technology development, to 1 While ethical best practices for engaging in at-risk user research are critical-e.g., in order to avoid further harming research participantsdefining these best p...

show abstract

Section: B Previous Taxonomies Of Attacks Threats and Harmsmentioning

confidence: 99%

Section: A Societal Factorsmentioning

confidence: 99%

Section: A Societal Factorsmentioning

confidence: 99%

Section: A Societal Factorsmentioning

confidence: 99%

See 2 more Smart Citations

SoK: A Framework for Unifying At-Risk User Research

Warford¹,

Matthews²,

Yang³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…For example, IBM recently released five "coercive control resistant" design principles, which are intended to prevent developments from being used for domestic abuse (Nuttall et al, 2020). Google's Security & Privacy Research & Design Group has produced various outputs on the issue of tech abuse (Matthews et al, 2017a(Matthews et al, , 2017bSambasivan & et al, 2019aSambasivan & et al, , 2019bSambasivan & et al, , 2019c and, prompted by research findings, taken action against some spyware apps that were available on its app store (Chatterjee et al, 2018). Kaspersky, F-Secure and other anti-virus and cybersecurity providers have recently established a dedicated "Coalition against Stalkerware".…”

Section: Figurementioning

confidence: 99%