"We Hold Each Other Accountable": Unpacking How Social Groups Approach Cybersecurity and Privacy Together

Digital resources are often collectively owned and shared by small social groups (e.g., friends sharing Netflix accounts, roommates sharing game consoles, families sharing WhatsApp groups). Yet, little is known about (i) how these groups jointly navigate cybersecurity and privacy (S&P) decisions for shared resources, (ii) how shared experiences influence individual S&P attitudes and behaviors, and (iii) how well existing S&P controls map onto group needs. We conducted group interviews and a supplemental diary study with nine social groups (n=34) of varying relationship types. We identified why, how and what resources groups shared, their jointly construed threat models, and how these factors influenced group strategies for securing shared resources. We also identified missed opportunities for cooperation and stewardship among group members that could have led to improved S&P behaviors, and found that existing S&P controls often fail to meet the needs of these small social groups.

[1]  John Zimmerman,et al.  Are you close with me? are you nearby?: investigating social groups, closeness, and willingness to share , 2011, UbiComp '11.

[2]  Fefie Dotsika,et al.  Knowledge sharing: developing from within , 2007 .

[3]  Laura A. Dabbish,et al.  Share and Share Alike? An Exploration of Secure Behaviors in Romantic Relationships , 2018, SOUPS @ USENIX Security Symposium.

[4]  Paul Dourish,et al.  Unpacking "privacy" for a networked world , 2003, CHI '03.

[5]  Laura A. Dabbish,et al.  A Typology of Perceived Triggers for End-User Security and Privacy Behaviors , 2019, SOUPS @ USENIX Security Symposium.

[6]  Kori Inkpen Quinn,et al.  Yours, Mine and Ours? Sharing and Use of Technology in Domestic Environments , 2007, UbiComp.

[7]  Luis Francisco-Revilla,et al.  Netflix recommendations for groups , 2010, ASIST.

[8]  Laura A. Dabbish,et al.  Increasing Security Sensitivity With Social Proof: A Large-Scale Experimental Confirmation , 2014, CCS.

[9]  Edward W. Felten,et al.  Secrecy, flagging, and paranoia: adoption criteria in encrypted email , 2006, CHI.

[10]  Tara Matthews,et al.  "She'll just grab any device that's closer": A Study of Everyday Device & Account Sharing in Households , 2016, CHI.

[11]  Robert E. Kraut,et al.  Increasing commitment to online communities by designing for social presence , 2011, CSCW.

[12]  Laura A. Dabbish,et al.  Breaking! A Typology of Security and Privacy News and How It's Shared , 2018, CHI.

[13]  Gierad Laput,et al.  Thumprint: Socially-Inclusive Local Group Authentication Through Shared Secret Knocks , 2017, CHI.

[14]  Gunela Astbrink,et al.  Password sharing: implications for security design based on social practice , 2007, CHI.

[15]  Sauvik Das Social cybersecurity: Understanding and leveraging social influence to increase security sensitivity , 2016, it Inf. Technol..

[16]  Laura A. Dabbish,et al.  The Effect of Social Influence on Security Sensitivity , 2014, SOUPS.

[17]  Friedrich-Schiller-Universitat Jena Common Bond and Common Identity Groups on the Internet: Attachment and Normative Behavior in On-Topic and Off-Topic Chats , 2002 .

[18]  Rick Wash,et al.  Organization Interfaces—collaborative computing General Terms , 2022 .

[19]  CARLOS A. GOMEZ-URIBE,et al.  The Netflix Recommender System , 2015, ACM Trans. Manag. Inf. Syst..

[20]  RiedlJohn,et al.  Building member attachment in online communities , 2012 .

[21]  V. Braun,et al.  Using thematic analysis in psychology , 2006 .

[22]  Tara Matthews,et al.  Stories from Survivors: Privacy & Security Practices when Coping with Intimate Partner Abuse , 2017, CHI.

[23]  Elissa M. Redmiles,et al.  I Think They're Trying to Tell Me Something: Advice Sources and Selection for Digital Security , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[24]  Aarathi Prasad,et al.  Enabling Multi-user Controls in Smart Home Devices , 2017, IoT S&P@CCS.

[25]  Lujo Bauer,et al.  Access Control for Home Data Sharing: Attitudes, Needs and Practices , 2010, CHI.

[26]  Lorrie Faith Cranor,et al.  Teaching Johnny not to fall for phish , 2010, TOIT.

[27]  S. Shiffman,et al.  Ecological momentary assessment. , 2008, Annual review of clinical psychology.

[28]  Henriette Cramer,et al.  Caring About Sharing: Couples' Practices in Single User Device Access , 2016, GROUP.

[29]  Joseph Kaye Self-reported password sharing strategies , 2011, CHI.

[30]  Robert E. Kraut,et al.  Building Member Attachment in Online Communities: Applying Theories of Group Identity and Interpersonal Bonds , 2012, MIS Q..

[31]  Alastair McLellan,et al.  Caring about sharing. , 2013, The Health service journal.

[32]  Rick Wash,et al.  Stories as informal lessons about security , 2012, SOUPS.

[33]  Mark S. Ackerman,et al.  The Intellectual Challenge of CSCW: The Gap Between Social Requirements and Technical Feasibility , 2000, Hum. Comput. Interact..

[34]  P. Dourish Privacy , Security ... and Risk and Danger and Secrecy and Trust and Morality and Identity and Power : Understanding Collective Information Practices , 2005 .

[35]  Serge Egelman,et al.  Scaling the Security Wall: Developing a Security Behavior Intentions Scale (SeBIS) , 2015, CHI.

[36]  Laura A. Dabbish,et al.  The Role of Social Influence in Security Feature Adoption , 2015, CSCW.

[37]  Danah Boyd,et al.  Networked privacy: How teenagers negotiate context in social media , 2014, New Media Soc..