Course calendar

Subject to change

Please keep in mind that the schedule may change as the course progresses, so please regularly check the course website for any changes.

Week	Day	Date	Class	Lecture	Discussion	Reading	Due
0	Thu	1/18	1	Usable security overview	Security	None
1	Mon	1/22	2	Privacy and context	Privacy mental models	- (Optional) Renaud et al. Why Doesn’t Jane Protect Her Privacy?
	Thu	1/25	3	- Introduction to usability		None	H1: ethics
2	Mon	1/29	4	- Usable encryption - Methods: cognitive walkthroughs	- Usable encryption	Whitten and Tygar, Why Johnny Can’t Encrypt	P1: project ideas
	Thu	2/1	5		- Passwords	Ur et al., “I Added ‘!’ at the End to Make It Secure”: Observing Password Creation in the Lab
3	Mon	2/5	6	Two-factor authentication	- Two-factor authentication - Password alternatives	Reese et al., A Usability Study of Five Two-Factor Authentication Methods	P2: project groups
	Tue	2/6					H2: cognitive walkthrough
	Thu	2/8	7		- Reflections: cognitive walkthrough - Password managers	Pearman et al., Why people (don’t) use password managers effectively
4	Mon	2/12	8		Phishing prevention	- Petelka et al., Put Your Warning Where Your Link Is: Improving and Evaluating Email Phishing Warnings - (Optional) Egelman et al., You’ve Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings
	Thu	2/15	9	Phishing	Security warnings and indicators	- Felt et al., Improving SSL Warnings: Comprehension and Adherence - (Optional) Kaiser et al., Adapting Security Warnings to Counter Online Disinformation
5	Mon	2/19	10		Mobile permissions	Cao et al., A Large Scale Study of User Behavior, Expectations and Engagement with Android Permissions
	Tue	2/20					P3: project related work
	Thu	2/22	11		Breach and compliance notifications	Stock et al., Didn’t You Hear Me? - Towards More Successful Web Vulnerability Notifications
6	Mon	2/26	12		Privacy in social media	Liu et al., Analyzing Facebook privacy settings: user expectations vs. reality
	Tue	2/27					P4: project proposal
	Thu	2/28	13		Web tracking	Wei et al., What Twitter Knows: Characterizing Ad Targeting Practices, User Perceptions, and Ad Explanations Through Users’ Own Twitter Data
7	Mon	3/4	14		Privacy policies and controls	Im et al., Less is Not More: Improving Findability and Actionability of Privacy Controls for Online Behavioral Advertising
	Thu	3/7	15		Deceptive design	- Mathur et al., Dark Patterns at Scale: Findings from a Crawl of 11K Shopping Websites - (Optional) Mathur et al., What Makes a Dark Pattern… Dark?: Design Attributes, Normative Considerations, and Measurement Methods	P5: project methods
8	Mon	3/11		Spring Break
	Thu	3/14		Spring Break
9	Mon	3/18	16		Smart home privacy	- Zeng & Roesner, Understanding and Improving Security and Privacy in Multi-User Smart Homes: A Design Exploration and In-Home User Study - (Optional) Emami-Naeini et al., Privacy Expectations and Preferences in an IoT World
	Thu	3/21	17		AR/VR privacy	Gallardo et al., Speculative Privacy Concerns about AR Glasses Data Collection
10	Mon	3/25	18		Usable anonymity and censorship circumvention	- Forte et al., Privacy, Anonymity, and Perceived Risk in Open Collaboration: A Study of Tor Users and Wikipedians - (Required! No write-up) review of Roberts, Censored: Distraction and Diversion Inside China’s Great Firewall
	Tue	3/26					H3: usability test
	Thu	3/28	19		Software developers	Palombo et al., An Ethnographic Understanding of Software (In)Security and a Co-Creation Model to Improve Secure Software Development
11	Mon	4/1	20		Security professionals	Alahmadi et al., 99% False Positives: A Qualitative Study of SOC Analysts’ Perspectives on Security Alarms
	Tue	4/2					H4: interview
	Thu	4/4	21		Vulnerable populations	Simko et al., Computer Security and Privacy for Refugees in the United States
12	Mon	4/8	22		Work period
	Tue	4/9
	Thu	4/11	23		Accessibility	Dosono et al., “I’m Stuck!”: A Contextual Inquiry of People with Visual Impairments in Authentication	H5: design exercise
13	Mon	4/15	24		Children and teens	Kumar et al., Co-Designing Online Privacy-Related Games and Stories with Children
	Thu	4/18	25		Older adults	Frik et al., Privacy and Security Threat Models and Mitigation Strategies of Older Adults	H6: survey
14	Mon	4/22	26		International & multicultural perspectives	Sambasivan et al., “They Don’t Leave Us Alone Anywhere We Go”: Gender and Digital Abuse in South Asia
	Thu	4/25	27		Project work period
15	Mon	4/29	28	Final project presentations			P7: project final presentations
	Thu	5/2			Reading day
16	Mon	5/6			Exam week		P8: project final report
	Thu	5/9			Exam week