Understanding and Designing for End Users' Security Expectations presented at enigma 2017

by Franziska Roesner,

Summary : As technology designers, we must do two things to build systems that are both usable and meaningfully secure. First, we must work to understand the actual security and privacy needs and expectations of our target user groups. Second, we must think not only about how to communicate better with users superficially, but about how to (re)design our systems more fundamentally to better match their needs and expectations. In this talk, I will describe several case studies illustrating this approach, bringing together usable security and system design. Specifically, I will touch on lessons from our work on application permission granting in modern operating systems, privacy risks from third-party web tracking, and sensitive communications among journalists/sources and lawyers/clients.