Tech Pains: Characterizations of Lived Cybersecurity Experiences

The permeation of technology into every facet of life has profoundly shifted the nature and ramifications of cybersecurity incidents. As a consequence, a complete and refined characterization of these adverse events necessitates a sociotechnical approach that takes into account the subjective lived experiences of the victims. Although researchers have examined such experiences pertaining to specific types of incidents, a broad understanding of the harmful impact of cybersecurity incidents requires an investigation of how people characterize and cope with these adverse experiences in general. To that end, we conducted semi-structured interviews with 21 individuals who reported a variety of cybersecurity incidents, consequences, and coping mechanisms. We found that the experiences can be characterized along a bounded to fuzzy spectrum. As the majority of current cybersecurity efforts focus on relatively bounded incidents, we make the case that fuzzy incidents deserve similar attention because their harmful impacts are deeper and longer-lasting. Our insight can be applied to improve and personalize the delivery of cybersecurity interventions.

[1]  Yang Wang,et al.  "I regretted the minute I pressed share": a qualitative study of regrets on Facebook , 2011, SOUPS.

[2]  Nicola Dell,et al.  The Spyware Used in Intimate Partner Violence , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[3]  M. Moreno,et al.  "Facebook depression?" social networking site use and depression in older adolescents. , 2012, The Journal of adolescent health : official publication of the Society for Adolescent Medicine.

[4]  Nicolas Christin,et al.  Do or Do Not, There Is No Try: User Engagement May Not Improve Security Outcomes , 2016, SOUPS.

[5]  Won Kim,et al.  The dark side of the Internet: Attacks, costs and responses , 2011, Inf. Syst..

[6]  Xiongfei Cao,et al.  Consequences of Cyberbullying and Social Overload while Using SNSs: A Study of Users’ Discontinuous Usage Behavior in SNSs , 2020, Inf. Syst. Frontiers.

[7]  Shian-Shyong Tseng,et al.  The mediating effect of anti-phishing self-efficacy between college students' internet self-efficacy and anti-phishing behavior and gender difference , 2016, Comput. Hum. Behav..

[8]  Drew P. Cingel,et al.  The Mobile Generation: Youth and Adolescent Ownership and Use of New Media , 2014 .

[9]  Sameer Patil,et al.  Reasons, rewards, regrets: privacy considerations in location sharing as an interactive practice , 2012, SOUPS.

[10]  Chris Kanich,et al.  No Please, After You: Detecting Fraud in Affiliate Marketing Networks , 2015, WEIS.

[11]  Lujo Bauer,et al.  A Field Study of Computer-Security Perceptions Using Anti-Virus Customer-Support Chats , 2019, CHI.

[12]  Angelos D. Keromytis,et al.  Where's Wally?: Precise User Discovery Attacks in Location Proximity Services , 2015, CCS.

[13]  Alessandro Acquisti,et al.  Information revelation and privacy in online social networks , 2005, WPES '05.

[14]  Elissa M. Redmiles,et al.  How I Learned to be Secure: a Census-Representative Survey of Security Advice Sources and Behavior , 2016, CCS.

[15]  P. N. Ramachandran Nair,et al.  What Is on the Horizon? , 2014, Journal of conservative dentistry : JCD.

[16]  Nick Nikiforakis,et al.  Dial One for Scam: Analyzing and Detecting Technical Support Scams , 2016, ArXiv.

[17]  Sadie Creese,et al.  Cyber Harm: Concepts, Taxonomy and Measurement , 2016 .

[18]  Mary Frances Theofanos,et al.  Security Fatigue , 2016, IT Professional.

[19]  Yang Zhang,et al.  walk2friends: Inferring Social Links from Mobility Profiles , 2017, CCS.

[20]  Roxana Geambasu,et al.  XRay: Enhancing the Web's Transparency with Differential Correlation , 2014, USENIX Security Symposium.

[21]  Tyler Moore,et al.  Measuring the Cost of Cybercrime , 2012, WEIS.

[22]  Evangelos P. Markatos,et al.  Using social networks to harvest email addresses , 2010, WPES '10.

[23]  Francis T. McAndrew,et al.  Who does what on Facebook? Age, sex, and relationship status as predictors of Facebook use , 2012, Comput. Hum. Behav..

[24]  Lorrie Faith Cranor,et al.  School of phish: a real-world evaluation of anti-phishing training , 2009, SOUPS.

[25]  Rick Wash,et al.  Too Much Knowledge? Security Beliefs and Protective Behaviors Among United States Internet Users , 2015, SOUPS.

[26]  Fabrício Benevenuto,et al.  Measuring the Facebook Advertising Ecosystem , 2019, NDSS.

[27]  I. Pantic,et al.  Internet Use, Facebook Intrusion, and Depression: Results of a Cross-Sectional Study , 2015, European Psychiatry.

[28]  Joseph Bonneau,et al.  "I was told to buy a software or lose my computer. I ignored it": A study of ransomware , 2019, SOUPS @ USENIX Security Symposium.

[29]  Nora A Draper,et al.  The Tradeoff Fallacy: How Marketers are Misrepresenting American Consumers and Opening Them Up to Exploitation , 2015 .

[30]  Peter Caputi,et al.  Comparison of older and younger adults' attitudes towards and abilities with computers: Implications for training and learning , 2010, Br. J. Educ. Technol..

[31]  Ross J. Anderson,et al.  It's All Over but the Crying: The Emotional and Financial Impact of Internet Fraud , 2015, IEEE Security & Privacy.

[32]  E. Hargittai Digital Na(t)ives? Variation in Internet Skills and Uses among Members of the “Net Generation”* , 2010 .

[33]  Marcus Pendleton,et al.  A Survey on Systems Security Metrics , 2016, ACM Comput. Surv..

[34]  Cliff Lampe,et al.  Classification and Its Consequences for Online Harassment , 2017, Proc. ACM Hum. Comput. Interact..

[35]  Arvind Narayanan,et al.  Online Tracking: A 1-million-site Measurement and Analysis , 2016, CCS.

[36]  Chris Kanich,et al.  Fifteen minutes of unwanted fame: detecting and characterizing doxing , 2017, Internet Measurement Conference.

[37]  Elissa M. Redmiles,et al.  Security When it is Welcome: Exploring Device Purchase as an Opportune Moment for Security Behavior Change , 2019, Proceedings 2019 Workshop on Usable Security.

[38]  D. Hawthorn,et al.  Interface design and engagement with older people , 2007, Behav. Inf. Technol..

[39]  G. Loewenstein,et al.  What Is Privacy Worth? , 2013, The Journal of Legal Studies.

[40]  Elissa M. Redmiles,et al.  "I Just Want to Feel Safe": A Diary Study of Safety Perceptions on Social Media , 2019, ICWSM.

[41]  Nasir D. Memon,et al.  New Me: Understanding Expert and Non-Expert Perceptions and Usage of the Tor Anonymity Network , 2017, SOUPS.

[42]  Piotr Sapiezynski,et al.  Investigating sources of PII used in Facebook’s targeted advertising , 2019, Proc. Priv. Enhancing Technol..

[43]  Nicola Dell,et al.  Clinical Computer Security for Victims of Intimate Partner Violence , 2019, USENIX Security Symposium.

[44]  Chris Kanich,et al.  Characterizing the impact of malware infections and remediation attempts through support forum analysis , 2017, 2017 APWG Symposium on Electronic Crime Research (eCrime).

[45]  Edson C. Tandoc,et al.  Facebook use, envy, and depression among college students: Is facebooking depressing? , 2015, Comput. Hum. Behav..

[46]  Laura A. Dabbish,et al.  "My Data Just Goes Everywhere: " User Mental Models of the Internet and Implications for Privacy and Security , 2015, SOUPS.

[47]  Sunny Consolvo,et al.  "...No one Can Hack My Mind": Comparing Expert and Non-Expert Security Practices , 2015, SOUPS.

[48]  Norbert Zeh,et al.  Categorizing Online Harassment on Twitter , 2019, PKDD/ECML Workshops.

[49]  Arturo Azcorra,et al.  Understanding the Detection of View Fraud in Video Content Portals , 2016, WWW.

[50]  Chris Kanich,et al.  Every Second Counts: Quantifying the Negative Externalities of Cybercrime via Typosquatting , 2015, 2015 IEEE Symposium on Security and Privacy.

[51]  A. Strauss,et al.  Grounded Theory in Practice , 1997 .

[52]  Stefan Savage,et al.  Affiliate Crookies: Characterizing Affiliate Marketing Abuse , 2015, Internet Measurement Conference.

[53]  Nicola Dell,et al.  “A Stalker's Paradise”: How Intimate Partner Abusers Exploit Technology , 2018, CHI.

[54]  Sotiris Ioannidis,et al.  Please Forget Where I Was Last Summer: The Privacy Risks of Public Location (Meta)Data , 2019, NDSS.

[55]  James Nicholson,et al.  "If It's Important It Will Be A Headline": Cybersecurity Information Seeking in Older Adults , 2019, CHI.

[56]  Samantha R Rosenthal,et al.  Negative Experiences on Facebook and Depressive Symptoms Among Young Adults. , 2016, The Journal of adolescent health : official publication of the Society for Adolescent Medicine.

[57]  Michael Carl Tschantz,et al.  Automated Experiments on Ad Privacy Settings , 2014, Proc. Priv. Enhancing Technol..

[58]  Eric Gilbert,et al.  The Bag of Communities: Identifying Abusive Behavior Online with Preexisting Internet Data , 2017, CHI.