ABCDEFGHIJ
1
WeekSessionDateTopicReadingReading CommentariesIn-Class Discussion Lead/PresentationNotes
2
111/10Course IntroductionWe will go over the course material, discuss the syllabus, and talk about our expectations/goals for this semester.
3
221/15No Class: Martin Luther King Jr. Day holiday
4
Definititons and Ground Knowldege
5
231/17What is Privacy?R1: Woodruff, Allison, Vasyl Pihur, Sunny Consolvo, Laura Brandimarte, and Alessandro Acquisti. "Would a Privacy Fundamentalist Sell Their DNA for $1000... If Nothing Bad Happened as a Result? The Westin Categories, Behavioral Intentions, and Consequences." In 10th Symposium On Usable Privacy and Security (SOUPS 2014), pp. 1-18. 2014.

R2: Whitten, Alma, and J. Doug Tygar. "Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0." In USENIX security symposium, vol. 348, pp. 169-184. 1999.
Commentaries due by 7 p.m. on 1/16.
6
341/22What is Security?R1: Nanayakkara, P., Smart, M. A., Cummings, R., Kaptchuk, G., & Redmiles, E. M. (2023). What are the chances? explaining the epsilon parameter in differential privacy. In 32nd USENIX Security Symposium (USENIX Security 23) (pp. 1613-1630).

R2: Barbosa, Natã M., Zhuohao Zhang, and Yang Wang. "Do Privacy and Security Matter to Everyone? Quantifying and Clustering {User-Centric} Considerations About Smart Home Device Adoption." In Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020), pp. 417-435. 2020.
Commentaries due by 7 p.m. on 1/21.
7
351/24Why Should We (Really) Care About People in Privacy and Security?R1: Cranor, Lorrie F. "A framework for reasoning about the human in the loop." (2008).

R2:
Distler, Verena, Matthias Fassl, Hana Habib, Katharina Krombholz, Gabriele Lenzini, Carine Lallemand, Lorrie Faith Cranor, and Vincent Koenig. "A systematic literature review of empirical methods and risk representation in usable privacy and security research." ACM Transactions on Computer-Human Interaction (TOCHI) 28, no. 6 (2021): 1-50.
Commentaries due by 7 p.m. on 1/23.
8
User Research Methods and Ethics
9
461/29Designing Effective and Ethical Interview Studies and Focus GroupsR1: McDonald, Nora, Benjamin Mako Hill, Rachel Greenstadt, and Andrea Forte. "Privacy, anonymity, and perceived risk in open collaboration: A study of service providers." In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, pp. 1-12. 2019.

R2:
Hang, Alina, Alexander De Luca, Matthew Smith, Michael Richter, and Heinrich Hussmann. "Where Have You Been? Using {Location-Based} Security Questions for Fallback Authentication." In Eleventh Symposium On Usable Privacy and Security (SOUPS 2015), pp. 169-183. 2015.
Commentaries due by 7 p.m. on 1/28.
Discussion lead presentaion due by 10 p.m. on 1/28.
10
471/31Designing Effective and Ethical SurveysR1: Cao, Weicheng, Chunqiu Xia, Sai Teja Peddinti, David Lie, Nina Taft, and Lisa M. Austin. "A large scale study of user behavior, expectations and engagement with Android permissions." In 30th USENIX Security Symposium (USENIX Security 21), pp. 803-820. 2021.

R2:
Kariryaa, Ankit, Gian-Luca Savino, Carolin Stellmacher, and Johannes Schöning. "Understanding users' knowledge about the privacy and security of browser extensions." In Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021), pp. 99-118. 2021.
Commentaries due by 7 p.m. on 1/30.
Discussion lead presentaion due by 10 p.m. on 1/30.
11
582/5Overview of Qualitative Analysis MethodsR1: Pattnaik, Nandita, Shujun Li, and Jason RC Nurse. "Perspectives of non-expert users on cyber security and privacy: An analysis of online discussions on twitter." Computers & Security 125 (2023): 103008.

R2:
McDonald, Nora, Sarita Schoenebeck, and Andrea Forte. "Reliability and inter-rater reliability in qualitative research: Norms and guidelines for CSCW and HCI practice." Proceedings of the ACM on human-computer interaction 3, no. CSCW (2019): 1-23.
Commentaries due by 7 p.m. on 2/4.
Discussion lead presentaion due by 10 p.m. on 2/4.
12
592/7Overview of Quantitative Analysis MethodsR1: Rader, Emilee. "Data privacy and pluralistic ignorance." In Nineteenth Symposium on Usable Privacy and Security (SOUPS 2023), pp. 457-471. 2023.

R2:
Farke, Florian M., David G. Balash, Maximilian Golla, Markus Dürmuth, and Adam J. Aviv. "Are privacy dashboards good for end users? Evaluating user perceptions and reactions to Google's My Activity." In 30th USENIX Security Symposium (USENIX Security 21), pp. 483-500. 2021.
Commentaries due by 7 p.m. on 2/6.
Discussion lead presentaion due by 10 p.m. on 2/6.
13
6102/12Class Activity on User Research MethodsTo prepare for the exam, we will be practicing some user research methods in the class.
14
Midterm Exam
15
6112/14In-Class MidtermThe midterm will cover sessions 1 to the end of 10.
16
Project Milestone Check-In
17
7122/19Project Pitch DayPitch presentation due by 10 p.m. on 2/18.
18
Equity and Inclusivity in Security and Privacy
19
7132/21Security and Privacy for Kids and Senior AdultsR1: Theofanos, Mary, Yee-Yin Choong, and Olivia Murphy. "'Passwords Keep Me Safe'–Understanding What Children Think about Passwords." In 30th USENIX Security Symposium (USENIX Security 21), pp. 19-35. 2021.

R2:
Frik, Alisa, Leysan Nurgalieva, Julia Bernd, Joyce Lee, Florian Schaub, and Serge Egelman. "Privacy and security threat models and mitigation strategies of older adults." In Fifteenth symposium on usable privacy and security (SOUPS 2019), pp. 21-40. 2019.
Commentaries due by 7 p.m. on 2/20.
Discussion lead presentaion due by 10 p.m. on 2/20.
20
8142/26Security and Privacy for Victim-Survivors of Intimate Partner ViolenceR1: Wei, Miranda, Eric Zeng, Tadayoshi Kohno, and Franziska Roesner. "{Anti-Privacy} and {Anti-Security} Advice on {TikTok}: Case Studies of {Technology-Enabled} Surveillance and Control in Intimate Partner and {Parent-Child} Relationships." In Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022), pp. 447-462. 2022.

R2:
Havron, Sam, Diana Freed, Rahul Chatterjee, Damon McCoy, Nicola Dell, and Thomas Ristenpart. "Clinical computer security for victims of intimate partner violence." In 28th USENIX security symposium (USENIX Security 19), pp. 105-122. 2019.
Commentaries due by 7 p.m. on 2/25.
Discussion lead presentaion due by 10 p.m. on 2/25.
21
8152/28Role of Security and Privacy in ActivismR1: Boyd, Maia J., Jamar L. Sullivan Jr, Marshini Chetty, and Blase Ur. "Understanding the security and privacy advice given to black lives matter protesters." In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems, pp. 1-18. 2021.

R2:
Slupska, Julia, Selina Cho, Marissa Begonia, Ruba Abu-Salma, Nayanatara Prakash, and Mallika Balakrishnan. "" They Look at Vulnerability and Use That to Abuse You'': Participatory Threat Modelling with Migrant Domestic Workers." In 31st USENIX Security Symposium (USENIX Security 22), pp. 323-340. 2022.
Commentaries due by 7 p.m. on 2/27.
Discussion lead presentaion due by 10 p.m. on 2/27.
22
9163/4Gender and Sexuality in Security and PrivacyR1: Coopamootoo, Kovila PL, and Magdalene Ng. "" Un-Equal Online Safety?" A Gender Analysis of Security and Privacy Protection Advice and Behaviour Patterns." arXiv preprint arXiv:2305.03680 (2023).

R2:
McDonald, Allison, Catherine Barwulor, Michelle L. Mazurek, Florian Schaub, and Elissa M. Redmiles. "" It's stressful having all these phones": Investigating Sex Workers' Safety Goals, Risks, and Practices Online." In 30th USENIX Security Symposium (USENIX Security 21), pp. 375-392. 2021.
Commentaries due by 7 p.m. on 3/3.
Discussion lead presentaion due by 10 p.m. on 3/3.
23
Developing Usable Security and Privacy Tools - Part 1
24
9173/6Privacy Notice and ChoiceR1: Stegman, Jonah, Patrick J. Trottier, Caroline Hillier, Hassan Khan, and Mohammad Mannan. "" My Privacy for their Security": Employees' Privacy Perspectives and Expectations when using Enterprise Security Software." In 32nd USENIX Security Symposium (USENIX Security 23), pp. 3583-3600. 2023.

R2:
Schaub, Florian, Rebecca Balebako, Adam L. Durity, and Lorrie Faith Cranor. "A design space for effective privacy notices." In Eleventh symposium on usable privacy and security (SOUPS 2015), pp. 1-17. 2015.
Commentaries due by 7 p.m. on 3/5.
Discussion lead presentaion due by 10 p.m. on 3/5.
25
10183/11No Class: Spring Break
26
10193/13
27
11203/18Project Milestone Check-InNo class. The status report and short (6 - 8 minutes) presentations due by 10 p.m. on 3/19.
28
Developing Usable Security and Privacy Tools - Part 2
29
11213/20Security and Privacy WarningsR1: Kaiser, Ben, Jerry Wei, Eli Lucherini, Kevin Lee, J. Nathan Matias, and Jonathan Mayer. "Adapting security warnings to counter online disinformation." In 30th USENIX Security Symposium (USENIX Security 21), pp. 1163-1180. 2021.

R2:
Huang, Yue, Borke Obada-Obieh, and Konstantin Beznosov. "Users' Perceptions of Chrome Compromised Credential Notification." In Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022), pp. 155-174. 2022.
Commentaries due by 7 p.m. on 3/19.
Discussion lead presentaion due by 10 p.m. on 3/19.
30
12223/25Access Control and AuthenticationR1: Koushki, Masoud Mehrabi, Yue Huang, Julia Rubin, and Konstantin Beznosov. "Neither Access nor Control: A Longitudinal Investigation of the Efficacy of User {Access-Control} Solutions on Smartphones." In 31st USENIX Security Symposium (USENIX Security 22), pp. 917-935. 2022.
R2:
He, Weijia, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus Dürmuth, Earlence Fernandes, and Blase Ur. "Rethinking Access Control and Authentication for the Home Internet of Things (IoT)." In 27th USENIX Security Symposium (USENIX Security 18), pp. 255-272. 2018.
Commentaries due by 7 p.m. on 3/24.
Discussion lead presentaion due by 10 p.m. on 3/24.
31
12233/27Usable Security for DevelopersR1: Li, Tianshi, Elizabeth Louie, Laura Dabbish, and Jason I. Hong. "How developers talk about personal data and what it means for user privacy: A case study of a developer forum on reddit." Proceedings of the ACM on Human-Computer Interaction 4, no. CSCW3 (2021): 1-28.

R2:
Gardner, Jack, Yuanyuan Feng, Kayla Reiman, Zhi Lin, Akshath Jain, and Norman Sadeh. "Helping mobile application developers create accurate privacy labels." In 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp. 212-230. IEEE, 2022.
Commentaries due by 7 p.m. on 3/26.
Discussion lead presentaion due by 10 p.m. on 3/26.
32
Security and Privacy Awareness and Education
33
13244/1Security and Privacy Advice and Phishing PreventionR1: Reinheimer, Benjamin, Lukas Aldag, Peter Mayer, Mattia Mossano, Reyhan Duezguen, Bettina Lofthouse, Tatiana Von Landesberger, and Melanie Volkamer. "An investigation of phishing awareness and education over time: When and how to best remind users." In Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020), pp. 259-284. 2020.

R2:
Lastdrager, Elmer, Inés Carvajal Gallardo, Pieter Hartel, and Marianne Junger. "How Effective is {Anti-Phishing} Training for Children?." In Thirteenth symposium on usable privacy and security (soups 2017), pp. 229-239. 2017.
Commentaries due by 7 p.m. on 3/31.
Discussion lead presentaion due by 10 p.m. on 3/31.
34
Emerging Topics In Usable Security and Privacy
35
13254/3Deceptive Patterns In Security and PrivacyR1: Di Geronimo, L., Braz, L., Fregnan, E., Palomba, F., & Bacchelli, A. (2020, April). UI dark patterns and where to find them: a study on mobile applications and user perception. In Proceedings of the 2020 CHI conference on human factors in computing systems (pp. 1-14).

R2:
Bongard-Blanchy, K., Rossi, A., Rivas, S., Doublet, S., Koenig, V., & Lenzini, G. (2021, June). ” I am Definitely Manipulated, Even When I am Aware of it. It’s Ridiculous!”-Dark Patterns from the End-User Perspective. In Designing Interactive Systems Conference 2021 (pp. 763-776).
Commentaries due by 7 p.m. on 4/2.
Discussion lead presentaion due by 10 p.m. on 4/2.
36
14264/8Usable Security for AI-Enabled Technologies (e.g., Social Robots)R1: Kelley, Patrick Gage, Celestina Cornejo, Lisa Hayes, Ellie Shuo Jin, Aaron Sedley, Kurt Thomas, Yongwei Yang, and Allison Woodruff. "" There will be less privacy, of course": How and why people in 10 countries expect {AI} will affect privacy in the future." In Nineteenth Symposium on Usable Privacy and Security (SOUPS 2023), pp. 579-603. 2023.

R2:
Henkel, Zachary, Kenna Baugus, Cindy L. Bethel, and David C. May. "User expectations of privacy in robot assisted therapy." Paladyn, Journal of Behavioral Robotics 10, no. 1 (2019): 140-159.
Commentaries due by 7 p.m. on 4/7.
Discussion lead presentaion due by 10 p.m. on 4/7.
37
14274/10Usable Security for Extended RealityR1: Adams, Devon, Alseny Bah, Catherine Barwulor, Nureli Musaby, Kadeem Pitkin, and Elissa M. Redmiles. "Ethics emerging: the story of privacy and security perceptions in virtual reality." In Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018), pp. 427-442. 2018.

R2:
Cheng, Kaiming, Jeffery F. Tian, Tadayoshi Kohno, and Franziska Roesner. "Exploring user reactions and mental models towards perceptual manipulation attacks in mixed reality." In USENIX Security, vol. 18. 2023.
Commentaries due by 7 p.m. on 4/9.
Discussion lead presentaion due by 10 p.m. on 4/9.
38
Project Milestone Check-In
39
15284/15Final Project PresentationFinal project report due by 7 p.m. on 4/21.
Final presentation due by 10 p.m. on 4/14.
40
15294/17Final Project PresentationFinal project report due by 7 p.m. on 4/21.
Final presentation due by 10 p.m. on 4/16.