Summary of My Past Research
When doing reappointment and promotion packages for faculty, you're expected to submit a summary of your research and accomplishments. Since I'm a full professor, I'm not required to do this anymore, but I thought it would still be a useful exercise, partly to help me reflect on my work but also to share with the world what I felt were some of my key accomplishments. So here are some highlights of my research and teaching over the past twenty years.
____________________
Pioneered research on protecting people from phishing scams. This research combined ideas from machine learning, decision sciences, learning science, and game design, and greatly expanded the field of usable privacy and security in its early days. The browser warnings in Microsoft Internet Explorer 8 were re-designed based on our research, and key ideas from our work are still present in all web browser warnings today. Our work detecting phishing web pages is one of the earliest and perhaps most cited papers in this area. We also pioneered games for cybersecurity and using simulated phishing to train people. Our team commercialized our anti-phishing research as Wombat Security Technologies. Wombat Security later expanded to all of cybersecurity training, and this kind of training is now considered a best practice for cybersecurity and common across all industries. Wombat Security had over 200 employees and 1000 customers when it was acquired by Proofpoint in 2018.
____________________
Deployed Livehoods, which was the first paper to use geotagged social media to understand the dynamics of cities, in terms of how people perceive cities, neighborhoods, and venues. The original Livehoods paper won the ICWSM test of time award in 2022. This work has been cited by scholars from a wide range of fields such as CS, HCI, Computer Graphics, Landscape and urban planning, Transportation Research, Applied Geography, Tourism Management, Nature Sustainability, Crime science, Privacy, Economics, Land Use Policy, and more.
____________________
Investigated Social Cybersecurity, which looked at how to adopt ideas from social psychology to positively influence people’s privacy and security behaviors. Won Honorable Mention for NSA Competition for Best Scientific Cybersecurity Paper for our work on using social proof to improve adoption of cybersecurity best practices. We also investigated related topics, such as how cybersecurity practices diffuse through social networks, how social influences can influence people's cybersecurity behaviors, and what kinds of cybersecurity-related news articles people share with others and why. Ideas from our work are being adopted by some web sites, for example social proof nudges for adoption of security practices.
Also led to the SA-6 survey instrument for assessing security attitudes (see SA-6 questions here) as well as development of the Security and Privacy Acceptance Framework (SPAF) for why users accept or reject security and privacy best practices. This last article is a good survey article for newcomers interested in social aspects of cybersecurity.
Lastly, our team also investigated what kinds of online accounts people share, both in the context of work settings as well as in romantic relationships.
____________________
Pioneered new system architectures and developer tools for smartphone privacy. This body of work included a large suite of analysis tools for Android to understand app behaviors, new programming models for privacy, a DARPA-funded Privacy Enhancements for Android, and privacy annotations to let developers give hints as to the behavior of their code. This work also led to new ways of evaluating privacy for smartphone apps in the form of measuring people’s expectations of privacy.
I have three summaries of our work that can give newcomers a good start:
- YouTube talk An Overview of Privacy for Mobile Sensing Systems
- Book chapter Designing for Privacy in Mobile Sensing Systems in the book Mobile Sensing in Psychology
- The Design of the User Interfaces for Privacy Enhancements for Android (arxiv), which has a good references section describing the range of work in this space
____________________
Deployed PrivacyGrade.org, a web site where we analyzed the privacy of over a million Android apps and assigned grades to them based on a model of people’s expectations of privacy. This site received a great deal of popular press, and had positive influence on developers, consumer advocacy groups, and internal research at Google.
____________________
Wrote The Design of Sites, one of the earliest books on user interface design patterns. This book sold over 80000 copies, was used in several courses, and has been translated into at least two other languages.
____________________
Developed WeAudit, a suite of tools for helping everyday people collectively audit algorithmic systems for bias and fairness. As part of this work, our team investigated how everyday people organically come together to audit these algorithmic systems, explored stakeholders' perspectives on the use of AI for homeless services (won CHI 2023 best paper), and developed ZenoML.com tool to help developers evaluate behaviors of their machine learning models.
____________________
Had success with many other odds and ends outside of my main areas of research, including:
- Software-defined cooking via a smart programmable microwave (featured in Communications of the ACM as a Research Highlight)
- Examined why people do or don't adopt COVID contact tracing smartphone apps
- New software architectures for privacy in smart homes
- Using passive RFIDs for sensing the shape of fabrics and structures
- Our team was fairly early in investigating the use of smartphones to help detect the onset of major depression. Part of this work involved using smartphones to monitor sleep length and sleep quality.
____________________
Co-founded the Master’s of Product Management (MSPM), a joint program between HCII and Tepper School of Business. The goal is to train managers that have a strong understanding of product design, business, and management skills.
____________________
Comments