Naïve Security in a Wi-Fi World

  • Colleen Swanson
  • Ruth Urner
  • Edward Lank
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 321)


Despite nearly ubiquitous access to wireless networks, many users still engage in risky behaviors, make bad choices, or are seemingly indifferent to the concerns that security and privacy researchers work diligently to address. At present, research on user attitudes toward security and privacy on public Wi-Fi networks is rare. This paper explores Wi-Fi security and privacy by analyzing users’ current actions and reluctance to change. Through interviews and concrete demonstrations of vulnerability, we show that users make security choices based on (often mistaken) analogy to the physical world. Moreover, despite increased awareness of vulnerability, users remain ingenuous, failing to develop a realistic view of risk. We argue that our data present a picture of users engaged in a form of naïve security. We believe our results will be beneficial to researchers in the area of security-tool design, in particular with respect to better informing user choices.


Wi-Fi hotspot security behavior privacy trust 


  1. 1.
    Ackerman, M.S., Cranor, L.F., Reagle, J.: Privacy in E-commerce: Examining User Scenarios and Privacy Preferences. In: ACM Electronic Commerce, EC 1999, pp. 1–8 (1999)Google Scholar
  2. 2.
    Acquisiti, A., Grossklags, J.: Privacy and Rationality in Individual Decision Making. In: IEEE Security and Privacy, pp. 26–33 (2005)Google Scholar
  3. 3.
    Adams, A., Sasse, M.A.: Users Are Not the Enemy. ACM Commun. 42(12), 40–46 (1999)CrossRefGoogle Scholar
  4. 4.
    Avrahami, D., Fogarty, J., Hudson, S.E.: Biases in Human Estimation of Interruptibility: Effects and Implications for Practice. In: CHI 2007, pp. 50–60 (2007)Google Scholar
  5. 5.
    Bunt, A., Conati, C., McGrenere, J.: Supporting Interface Customization Using a Mixed-initiative Approach. In: IUI 2007, pp. 92–101 (2007)Google Scholar
  6. 6.
    Dhamija, R., Tygar, J.D., Hearst, M.: Why Phishing Works. In: CHI 2006, pp. 581–590 (2006)Google Scholar
  7. 7.
    Dourish, P., Anderson, K.: Collective Information Practice: Exploring Privacy and Security as Social and Cultural Phenomena. Human-computer Interaction 21(3), 319–342 (2006)CrossRefGoogle Scholar
  8. 8.
    Dourish, P., Grinter, R., Delgado de la Flor, J., Joseph, M.: Security in the Wild: User Strategies for Managing Security as an Everyday, Practical Problem. Personal Ubiquitous Comput. 8(6), 391–401 (2004)CrossRefGoogle Scholar
  9. 9.
    Flinn, S., Lumsden, J.: User Perceptions of Privacy and Security on the Web. In: PST 2005 (2005),
  10. 10.
    Friedman, B., Hurley, D., Howe, D.C., Felten, E., Nissenbaum, H.: Users’ Conceptions of Web Security: A Comparative Study. In: CHI 2002 Extended Abstracts, pp. 746–747 (2002)Google Scholar
  11. 11.
    Hart, D.: Attitudes and Practices of Students towards Password Security. J. Comput. Small Coll. 23(5), 169–174 (2008)Google Scholar
  12. 12.
    Kindberg, T., O’Neill, E., Bevan, C., Kostakos, V., Stanton Fraser, D., Jay, T.: Measuring Trust in Wi-Fi Hotspots. In: CHI 2008, pp. 173–182 (2008)Google Scholar
  13. 13.
    Kindberg, T., Sellen, A., Geelhoed, E.: Security and Trust in Mobile Interactions: A Study of Users’ Perceptions and Reasoning. In: Davies, N., Mynatt, E.D., Siio, I. (eds.) UbiComp 2004. LNCS, vol. 3205, pp. 196–213. Springer, Heidelberg (2004)Google Scholar
  14. 14.
    Klasnja, P., Consolvo, S., Jung, J., Greenstein, B.M., LeGrand, L., Powledge, P., Wetherall, D.: When I am on Wi-Fi, I am Fearless: Privacy Concerns & Practices in Everyday Wi-Fi Use. In: CHI 2009, pp. 1993–2002 (2009)Google Scholar
  15. 15.
    Kowitz, B., Cranor, L.: Peripheral Privacy Notifications for Wireless Networks. In: WPES 2005, pp. 90–96. ACM, New York (2005)CrossRefGoogle Scholar
  16. 16.
    Marlinspike, Moxie.: Null Prefix Attacks against SSL/TLS Certificates (2009),
  17. 17.
    Sankarpandian, K., Little, T., Edwards, W.K.: Talc: Using Desktop Graffiti to Fight Software Vulnerability. In: CHI 2008, pp. 1055–1064 (2008)Google Scholar
  18. 18.
    Solove, Daniel J.: ‘I’ve Got Nothing to Hide’ and Other Misunderstandings of Privacy. San Diego Law Review, vol. 44 (2007),
  19. 19.
    Strauss, A., Corbin, J.M.: Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory, 3rd edn. Sage Publications, Thousand Oaks (2007)Google Scholar
  20. 20.
    Viseu, A., Clement, A., Aspinall, J.: Situating Privacy Online: Complex Perceptions and Everyday Practice. Information Communication and Society 7(1), 92–114 (2004)CrossRefGoogle Scholar
  21. 21.
    Wu, M., Miller, R.C., Garfinkel, S.L.: Do Security Toolbars Prevent Phishing Attacks? In: CHI 2006, pp. 601–610 (2006)Google Scholar

Copyright information

© IFIP 2010

Authors and Affiliations

  • Colleen Swanson
    • 1
  • Ruth Urner
    • 1
  • Edward Lank
    • 1
  1. 1.David C. Cheriton School of Computer ScienceUniversity of WaterlooWaterlooCanada

Personalised recommendations