Abstract: Experts recommend a plethora of advice for staying safe online, yet people still use weak passwords, fall for scams, or ignore software updates. Such inconsistent adoption of protective behaviors is understandable given the need to navigate other priorities and constraints in everyday life. Yet when the actions taken are insufficient to mitigate potential risks, it leaves people – especially those already marginalized – vulnerable to dire consequences from financial loss to abuse and harassment.

 

In this talk, I share my research on improving people’s security and privacy behaviors in three contexts: understanding consumer reactions to data breaches, designing icons that convey privacy controls, and supporting survivors of tech-enabled abuse. (1) Data breaches are affecting millions of U.S. consumers. I empirically show consumers’ low awareness of data breaches, rational justifications and biases behind inaction, and implications for improving breach notifications to better motivate action. (2) Public policy is essential in incentivizing companies to implement better data practices, but policymaking needs to be informed by evidence from research. I co-led a series of user studies that resulted in a user-tested icon for conveying the “do not sell my personal information” opt-out, now part of the California Consumer Privacy Act (CCPA). (3) Different populations face different challenges and constraints, requiring special considerations in developing and deploying interventions. Drawing on findings from focus groups, I discuss guidelines for computer security support agents to help survivors of tech-enabled abuse with care and caution. Altogether, I highlight the impact of my research on technology, public policy, and educational efforts. I also discuss how I apply this interdisciplinary, human-centered approach in solving security and privacy challenges to future work such as improving expert advice and developing trauma-informed computing systems.

Short Bio: Yixin Zou (she/her) is a Ph.D. Candidate at the University of Michigan, School of Information. Her research interests span human-computer interaction, cybersecurity, and privacy, with an emphasis on improving people’s adoption of protective behaviors and supporting at-risk populations (e.g., survivors of intimate partner violence and older adults) in protecting their digital safety. Her research has received a Best Paper Award at the Symposium on Usable Privacy and Security (SOUPS) and two Honorable Mentions at the ACM Conference on Human Factors in Computing Systems (CHI). She has been an invited speaker at the US Federal Trade Commission's Privacy Con, and she co-led the research effort that produced the opt-out icon in the California Consumer Privacy Act (CCPA). She has also collaborated with industry partners at Norton Life Lock and Mozilla, and her research at Mozilla has directly influenced the product development of Firefox Monitor. Before joining the University of Michigan, she received a Bachelor’s degree in Advertising from the University of Illinois at Urbana-Champaign.