Abstract
Despite nearly ubiquitous access to wireless networks, many users still engage in risky behaviors, make bad choices, or are seemingly indifferent to the concerns that security and privacy researchers work diligently to address. At present, research on user attitudes toward security and privacy on public Wi-Fi networks is rare. This paper explores Wi-Fi security and privacy by analyzing users’ current actions and reluctance to change. Through interviews and concrete demonstrations of vulnerability, we show that users make security choices based on (often mistaken) analogy to the physical world. Moreover, despite increased awareness of vulnerability, users remain ingenuous, failing to develop a realistic view of risk. We argue that our data present a picture of users engaged in a form of naïve security. We believe our results will be beneficial to researchers in the area of security-tool design, in particular with respect to better informing user choices.
Chapter PDF
References
Ackerman, M.S., Cranor, L.F., Reagle, J.: Privacy in E-commerce: Examining User Scenarios and Privacy Preferences. In: ACM Electronic Commerce, EC 1999, pp. 1–8 (1999)
Acquisiti, A., Grossklags, J.: Privacy and Rationality in Individual Decision Making. In: IEEE Security and Privacy, pp. 26–33 (2005)
Adams, A., Sasse, M.A.: Users Are Not the Enemy. ACM Commun. 42(12), 40–46 (1999)
Avrahami, D., Fogarty, J., Hudson, S.E.: Biases in Human Estimation of Interruptibility: Effects and Implications for Practice. In: CHI 2007, pp. 50–60 (2007)
Bunt, A., Conati, C., McGrenere, J.: Supporting Interface Customization Using a Mixed-initiative Approach. In: IUI 2007, pp. 92–101 (2007)
Dhamija, R., Tygar, J.D., Hearst, M.: Why Phishing Works. In: CHI 2006, pp. 581–590 (2006)
Dourish, P., Anderson, K.: Collective Information Practice: Exploring Privacy and Security as Social and Cultural Phenomena. Human-computer Interaction 21(3), 319–342 (2006)
Dourish, P., Grinter, R., Delgado de la Flor, J., Joseph, M.: Security in the Wild: User Strategies for Managing Security as an Everyday, Practical Problem. Personal Ubiquitous Comput. 8(6), 391–401 (2004)
Flinn, S., Lumsden, J.: User Perceptions of Privacy and Security on the Web. In: PST 2005 (2005), http://www.lib.unb.ca/Texts/PST/2005/
Friedman, B., Hurley, D., Howe, D.C., Felten, E., Nissenbaum, H.: Users’ Conceptions of Web Security: A Comparative Study. In: CHI 2002 Extended Abstracts, pp. 746–747 (2002)
Hart, D.: Attitudes and Practices of Students towards Password Security. J. Comput. Small Coll. 23(5), 169–174 (2008)
Kindberg, T., O’Neill, E., Bevan, C., Kostakos, V., Stanton Fraser, D., Jay, T.: Measuring Trust in Wi-Fi Hotspots. In: CHI 2008, pp. 173–182 (2008)
Kindberg, T., Sellen, A., Geelhoed, E.: Security and Trust in Mobile Interactions: A Study of Users’ Perceptions and Reasoning. In: Davies, N., Mynatt, E.D., Siio, I. (eds.) UbiComp 2004. LNCS, vol. 3205, pp. 196–213. Springer, Heidelberg (2004)
Klasnja, P., Consolvo, S., Jung, J., Greenstein, B.M., LeGrand, L., Powledge, P., Wetherall, D.: When I am on Wi-Fi, I am Fearless: Privacy Concerns & Practices in Everyday Wi-Fi Use. In: CHI 2009, pp. 1993–2002 (2009)
Kowitz, B., Cranor, L.: Peripheral Privacy Notifications for Wireless Networks. In: WPES 2005, pp. 90–96. ACM, New York (2005)
Marlinspike, Moxie.: Null Prefix Attacks against SSL/TLS Certificates (2009), http://www.thoughtcrime.org/papers/null-prefix-attacks.pdf
Sankarpandian, K., Little, T., Edwards, W.K.: Talc: Using Desktop Graffiti to Fight Software Vulnerability. In: CHI 2008, pp. 1055–1064 (2008)
Solove, Daniel J.: ‘I’ve Got Nothing to Hide’ and Other Misunderstandings of Privacy. San Diego Law Review, vol. 44 (2007), http://ssrn.com/abstract=998565
Strauss, A., Corbin, J.M.: Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory, 3rd edn. Sage Publications, Thousand Oaks (2007)
Viseu, A., Clement, A., Aspinall, J.: Situating Privacy Online: Complex Perceptions and Everyday Practice. Information Communication and Society 7(1), 92–114 (2004)
Wu, M., Miller, R.C., Garfinkel, S.L.: Do Security Toolbars Prevent Phishing Attacks? In: CHI 2006, pp. 601–610 (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 IFIP
About this paper
Cite this paper
Swanson, C., Urner, R., Lank, E. (2010). Naïve Security in a Wi-Fi World. In: Nishigaki, M., Jøsang, A., Murayama, Y., Marsh, S. (eds) Trust Management IV. IFIPTM 2010. IFIP Advances in Information and Communication Technology, vol 321. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13446-3_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-13446-3_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13445-6
Online ISBN: 978-3-642-13446-3
eBook Packages: Computer ScienceComputer Science (R0)