Archive for the 'Uncategorized' Category

Jul 17 2017

Facebook, verify your identity for us!

Published by under Uncategorized

If you were a large company, used by millions around the world, wouldn’t you want to verify your identity and hinder look-alike websites from stealing your users’ passwords?

If Twitter can do it, Facebook can too!

Jul 10 2017

Why does it keep changing?

Published by under Uncategorized

Who remembers the green bar?

Jun 26 2017

Mental Models

Published by under Uncategorized

What are mental models and how do they fit in to computer security?

Jun 25 2017

Improving tutorials on web certificates

Published by under Uncategorized

Second Generation Web Certificate Tutorial (currently being tested)

Jun 25 2017

Building tutorials on web certificates

Published by under Uncategorized

First Generation Web Certificate Tutorial

Jun 07 2017

Can we redesign certificates to make them easier to understand?

Published by under Uncategorized

Would you use a browser extension that provided you with summaries of website identity?

Jun 01 2017

What is a web certificate?

Published by under Uncategorized

What does that green lock mean next to the URL? Why do some websites have company names before the web address?

Apr 12 2017

Wahida Chowdhury, PhD

Published by under Uncategorized

Robert Biddle <>
Tue, 11 Apr 2017 16:10:55 -0400

Today, Wahida Chowdhury successfully defended her PhD thesis, with only
minor revisions required.
Congratulations, Wahida!

Wahida’s Thesis: Cognitive Rules and Online Privacy

Most studies of privacy assume that people are concerned about their online privacy, but few studies investigate why. Cognitive Science can advance our understanding by documenting the cognitive rules that influence people’s judgments about privacy – judgments about what kind of personal information to reveal to whom. The purpose of my dissertation was to explicate these cognitive rules.
Experiment 1 examined if the willingness to consent to share personal information varied with the kinds of personal information requested and the kinds of requestors. Fifty- four undergraduate students and 12 middle-aged adults rated their willingness to consent to the collection of 12 different kinds of personal information by five different kinds of organizations. Participants also wrote their reasons for consenting/not consenting to share personal information with each kind of organization. Results showed that the willingness to consent varied with the kinds of personal information requested, and the organization requesting the personal information. Reasons for consenting more often reflected self-interest and reasons for not consenting more often reflected moral reasons. Willingness-to-consent ratings were also correlated with personality variables. For example, the more participants rated themselves as anxious the less willing they were to consent to share personal information.

Experiment 2 explored possible double standards of willingness to consent judgments. The same participants as those in Experiment 1 rated whether or not other people should consent to the collection of the same kinds of personal information by the same kinds of organizations. Results showed that participants mostly made similar judgments about self and others’ privacy, but sometimes exhibited double standards. For example, participants who rated themselves as reserved rated that others should be less willing than themselves to consent to reveal personal information.

Experiment 3 examined if how willing people were to share personal information influenced judges’ impressions of them. A different sample of 51 undergraduate students was asked to form impressions of 12 anonymous participants from Experiment 1 (the targets), selected for their variations in willingness to consent to share personal information. Participants recorded their impressions of these 12 targets on scales related to trust, trustworthiness, honesty, friendliness, and likelihood of hiding information. The targets received less favorable impressions the less willing they were to share personal information.
Collectively, the experiments indicated that the cognitive rules for judgments about privacy served functions related to self-interest and morality, and were sensitive to the kinds of personal information requested and the nature of the requestor. Prescriptions of what others should be willing to share mostly mirrored people’s own willingness judgments, and the less willing others were to share requested information, the more negative impressions of them were formed. Conceptual and practical implications of the findings are discussed.

Jan 07 2016

Dan LeBlanc, PhD

Published by under Uncategorized


Robert Biddle <>
Tue, 5 Jan 2016 16:37:51 -0500

Today, Daniel LeBlanc successfully defended his PhD thesis, with only minor revisions required.
Congratulations Dan!
Robert Biddle

Dan's Thesis: Trust and Risk in Website Legitimacy and Software Applications


When people choose to visit a given website, they make a trust decision about the supplier and source. It appears that a large majority of users commonly place their trust in most, if not all, websites they encounter, and this causes significant security problems. Any solutions proposed to reduce the threat of malicious websites must include a consideration of the psycho- logical processes of the end users. This thesis presents several studies with the aim of understanding how people interpret the available information when making a trust decision. This understanding will better support users in making appropriate decisions and should inform better design of security mechanisms. It was found that users show some understanding of some of the key concepts in Internet security, and often make reasonable decisions. However, there are important anomalies. For example, many users had important misunderstandings about Malware, suggesting they had poor mental models about the capabilities of Malware and the capabilities of antivirus software applications in protecting them from threats online. Moreover, par- ticipants showed lack of confidence across a range of issues, but in practice they were still willing to make decisions even with this uncertainty. Some evidence was found which suggests that users employ heuristics in making such decisions and judgments under uncertainty.


Sep 08 2015

New Security Paradigms Workshop in Twente

Published by under Uncategorized

Screen Shot 2015-10-04 at 3.01.10 PM
The New Security Paradigms Workshop (NSPW) was in the Twente region of the Netherlands  this year. As usual, NSPW  invited new ideas, even if there are limitations or incomplete aspects, and everyone who does attended participate throughout. Robert Biddle presented collaborative work with Alain Forget and Sonia Chiasson, called CYOA: Choose Your Own Authentication.

Next »