A major component of this course is completing a semester-long project related to usable security and privacy.


Projects should generally be completed in groups of 2.

If there are compelling reasons, you can complete the project in a group of 3 (for example if it is especially ambitious or requires complementary skills) or solo (for example, students who have a specific topic in mind related to their thesis).


The only strict requirement is that your project has something to do with usability and security or privacy.

It is expected that most projects will constitute original research. Concretely, these are likely to involve some form of user study, survey, or interview. For inspiration, check out the papers we will be reading or other related papers.

Alternatively, groups can pursue a development project. These are projects where the primary output is not an answer to a research question but a product (e.g., app, extension, service, or some other type of software). The software needs to be related to security and privacy, and you must pay substantial attention to usability, for example by conducting a user study on the finished prototype. An example of a development project would be creating a browser extension that graded or summarized privacy policies for sites you visited and let users ask questions about it to an AI.

For both research and development projects, please ensure sufficient originality: there should not exist a paper answering the exact same question or a product offering the exact same service.

All projects and their procedures must receive instructor approval; this will happen at the project proposal stage.

Due / what to turn in

The project will be broken into a number of components, each with its own due date.