Weighing Context and Tradeoffs: How Suburban Adults Selected Their Online Security Posture

Authors
Scott Ruoti, Tyler Monson, Justin Wu, Kent Seamons, and Daniel Zappala

Abstract
Understanding how people behave when faced with complex security situations is essential to designing usable security tools. To better understand users' perceptions of their digital lives and how they managed their online security posture, we conducted a series of 23 semi-structured interviews with mostly middle-aged parents from suburban Washington state. Using a grounded theory methodology, we analyzed the interview data and found that participants chose their security posture based on the immense value the Internet provides and their belief that no combination of technology could make them perfectly safe. Within this context, users have a four-stage process for determining which security measures to adopt: learning, evaluation of risks, estimation of impact, and weighing trade-offs to various coping strategies. Our results also revealed that a majority of participants understand the basic principles of symmetric encryption. We found that participants' misconceptions related to browser-based TLS indicators lead to insecure behavior, and it is the permanence of encrypted email that causes participants to doubt that it is secure. We conclude with a discussion of possible responses to this research and avenues for future research.

Reference
Scott Ruoti, Tyler Monson, Justin Wu, Kent Seamons, and Daniel Zappala. 2017. Weighing context and tradeoffs: how suburban adults selected their online security posture. In Proceedings of the 13th Symposium on Usable Privacy and Security. USENIX.

Downloads


Data Usage Policy

This data is intended to be used for usage in academic research. No attempt should be made to deanonymize users.

Data Contents

The data includes the transcripts from each interview. For each transcript, PII information has been removed. Interview comments are highlighted in blue. Also included is the interview guide and category graphs created as part of selective coding. Unfortunately, the original demographic worksheet and TLS image pages were lost. If desired, these can be reconstructed from the paper’s appendix which includes the contents of both these items.