Contributions to Chi 2024
19 April 2024
Our group contributes this year 3 full papers and various late breaking works, workshop papers and demonstrations to the ACM CHI Conference on Human Factors in Computing Systems.
Full Paper:
Do You Need to Touch? Exploring Correlations between Personal Attributes and Preferences for Tangible Privacy Mechanisms
This paper explores how personal attributes, such as age, gender, technological expertise, or "need for touch", correlate with people's preferences for properties of tangible privacy protection mechanisms, for example, physically covering a camera. For this, we conducted an online survey (N = 444) where we captured participants' preferences of eight established tangible privacy mechanisms well-known in daily life, their perceptions of effective privacy protection, and personal attributes. We found that the attributes that correlated most strongly with participants' perceptions of the established tangible privacy mechanisms were their "need for touch" and previous experiences with the mechanisms. We use our findings to identify desirable characteristics of tangible mechanisms to better inform future tangible, digital, and mixed privacy protections. We also show which individuals benefit most from tangibles, ultimately motivating a more individual and effective approach to privacy protection in the future.
Priyasha Chatterjee Sarah Delgado Rodriguez und Karola Marky. Do You Need to Touch? Exploring Correlations between Personal Attributes and Preferences for Tangible Privacy Mechanisms. In Proceedings of the 2024 CHI Conference on Human Factors in Computing Systems. CHI '24. Association for Computing Machinery, New York, NY, USA. [Download Bibtex] |
The Effects of Group Discussion and Role-playing Training on Self-efficacy, Support-seeking, and Reporting Phishing Emails: Evidence from a Mixed-design Experiment
Organizations rely on phishing interventions to enhance employees' vigilance and safe responses to phishing emails that bypass technical solutions. While various resources are available to counteract phishing, studies emphasize the need for interactive and practical training approaches. To investigate the effectiveness of such an approach, we developed and delivered two anti-phishing trainings, group discussion and role-playing, at a European university. We conducted a pre-registered experiment (N = 105), incorporating repeated measures at three time points, a control group, and three in-situ phishing tests. Both trainings enhanced employees' anti-phishing self-efficacy and support-seeking intention in within-group analyses. Only the role-playing training significantly improved support-seeking intention when compared to the control group. Participants in both trainings reported more phishing tests and demonstrated heightened vigilance to phishing attacks compared to the control group. We discuss practical implications for evaluating and improving phishing interventions and promoting safe responses to phishing threats within organizations.
Xiaowei Chen, Margault Sacré, Gabriele Lenzini, Samuel Greiff, Anastasia Sergeeva und Verena Distler. The Effects of Group Discussion and Role-playing Training on Self-efficacy, Support-seeking, and Reporting Phishing Emails: Evidence from a Mixed-design Experiment. [Download Bibtex] |
Decide Yourself or Delegate - User Preferences Regarding the Autonomy of Personal Privacy Assistants in Private IoT-Equipped Environments
Personalized privacy assistants (PPAs) communicate privacy-related decisions of their users to Internet of Things (IoT) devices. There are different ways to implement PPAs by varying the degree of autonomy or decision model. This paper investigates user perceptions of PPA autonomy models and privacy profiles -- archetypes of individual privacy needs -- as a basis for PPA decisions in private environments (e.g., a friend's home). We first explore how privacy profiles can be assigned to users and propose an assignment method. Next, we investigate user perceptions in 18 usage scenarios with varying contexts, data types and number of decisions in a study with 1126 participants. We found considerable differences between the profiles in settings with few decisions. If the number of decisions gets high ($>$ 1/h), participants exclusively preferred fully autonomous PPAs. Finally, we discuss implications and recommendations for designing scalable PPAs that serve as privacy interfaces for future IoT devices.
Karola Marky, Alina Stöver, Sarah Prange, Kira Bleck, Paul Gerber Verena Zimmermann, Florian Müller, Florian Alt und Max Mühlhäuser. Decide Yourself or Delegate - User Preferences Regarding the Autonomy of Personal Privacy Assistants in Private IoT-Equipped Environments. In Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems. CHI ’24. Association for Computing Machinery, New York, NY, USA. [Download Bibtex] [Video] |
Late Breaking Works:
Where Do You Look When Unlocking Your Phone? A Field Study of Gaze Behaviour During Smartphone Unlock
Eye gaze has emerged as a promising avenue for implicit authentication/identification on smartphones, offering the potential for seamless user identification and two-factor authentication. However, a crucial gap exists in understanding eye gaze behaviour specifically during smartphone unlocks. This lack of understanding is magnified by scenarios where users’ faces are not fully visible in front cameras, leading to inaccurate gaze estimation. In this work, we conducted a 24-hour in-the-wild study tracking 21 users’ eye gaze during smartphone unlocks. Our findings highlight substantial eye gaze behaviour variations influenced by authentication methods, physical activity, and environment. Our findings provide insights to enhance and adapt implicit user identification/authentication systems based on gaze tracking on smartphones taking into consideration different users’ behaviour, and environmental effects
Abdrabou Yasmeen, Omelina Tatiana, Dietz Felix, Khamis Mohamed, Alt Florian und Hassib Mariam. Where Do You Look When Unlocking Your Phone? A Field Study of Gaze Behaviour During Smartphone Unlock. In CHI Conference on Human Factors in Computing Systems (CHI EA ’24). CHI EA '24. Honolulu, HI, USA. [Download Bibtex] |
Workshop paper and demonstrations:
Exploring Vulnerabilities in Remote VR User Studies
This position paper explores the possibilities and challenges of using Virtual Reality (VR) in remote user studies. Highlighting the immersive nature of VR, the paper identifies key vulnerabilities, including varying technical proficiency, privacy concerns, ethical considerations, and data security risks. To address these issues, proposed mitigation strategies encompass compre- hensive onboarding, prioritized informed consent, implementing privacy-by-design principles, and adherence to ethical guidelines. Secure data handling, including encryption and disposal protocols, is advocated. In conclusion, while remote VR studies present unique opportunities, carefully considering and implementing mitigation strategies is essential to uphold reliability, ethical integrity, and security, ensuring responsible and effective use of VR in user research. Ongoing efforts are crucial for adapting to the evolving landscape of VR technology in user studies.
Viktorija Paneva und Florian Alt. Exploring Vulnerabilities in Remote VR User Studies. CHI EA '24. Honolulu, HI, USA. [Download Bibtex] |
Designing and Evaluating Scalable Privacy Awareness and Control User
Mixed Reality (MR) headsets hold immense potential for various industries but raise significant privacy concerns due to their data collection capabilities. This paper outlines a research roadmap to address these concerns. Firstly, understanding users' privacy needs and mental models is crucial for designing effective privacy-preserving user interfaces. Secondly, creating usable privacy control UIs for MR applications is essential to empower users to make informed decisions effortlessly. Thirdly, evaluating the usability and effectiveness of these interfaces is necessary to ensure their efficacy. Finally, establishing real-world testbeds for long-term evaluation of privacy interfaces in users' everyday lives is crucial. By embedding privacy considerations into MR design and development, this research aims to contribute to a responsible and sustainable XR landscape, where innovation coexists harmoniously with privacy and ethical principles.
Viktorija Paneva Marvin Strauss und Stefan Schneegass. Designing and Evaluating Scalable Privacy Awareness and Control User. CHI EA '24. Honolulu, HI, USA. [Download Bibtex] |
BikECG - A VR Bicycle Simulator Concept that Integrates Physiological Data and Tele-Cycling
Different fitness levels during group cycling tours pose a challenge and have a negative impact on fairness, motivation and inclusivity within the cycling community. To solve this problem, we present a novel, physiology-adaptive Virtual Reality (VR) bike simulator concept. Using a road bike mounted on a Wahoo KICKR Smart Trainer and a Varjo XR-3 HMD, we implemented a VR bicycle simulator using Python and Unity 3D. Real-time ECG data acquisition via a Polar H10 chest strap enhances adaptive capabilities and provides a versatile framework for investigating the dynamic relationship between virtual experiences and physiological responses. This collaborative project, involving two universities, aims to explore tele-cycling and physiologically adaptive scenarios, with a second simulator under construction to expand the possibilities. The integration of real-time physiological monitoring improves the adaptability of the simulation, making it a valuable tool for studying human responses in VR-based cycling scenarios.
Felix Dietz Oliver Hein. BikECG - A VR Bicycle Simulator Concept that Integrates Physiological Data and Tele-Cycling. CHI EA '24. Honolulu, HI, USA. [Download Bibtex] |