SOUPS 2010: A short report
By sylvie | July 19, 2010
And so I’m back, though not from outer space; from Redmond, Washington, where I was attending the annual Symposium On Usable Privacy and Security.
This year’s SOUPS was held on the Microsoft campus itself, or at least one of them in the Seattle area (so I’ve been told). And it really is a campus, just like a university campus, with a huge number of buildings regrouped in the same area of Bellevue/Redmond. Apparently, the building we were at was where they work on the XBox. Or maybe it was next to the buildings where they work on that project. At least, that’s what the taxi driver told me. I wouldn’t be surprised, as there was a guy testing the Xbox 360 Knect system (unfortunately, I was never able to get myself organized enough to become a participant). One nice thing about the building where we were was the large cafeteria, with a variety of food outlets where we could get lunch without leaving the campus. The Post-it wizard in Figure 1 was in one of the buildings right next to where the conference was.
Fig. 1. Eight-bit wizard made from Post-it notes. Somebody at Microsoft has a lot of patience
Wednesday was workshop day, and although I hadn’t signed up in advance, I ended up attending the Usable Security Experiment Reports (USER) Workshop, organized by Sonia Chiasson and Robert Biddle of Carleton University. This turned out to be of value to me as the workshop was all about the various experimental procedures that are used in usable security and their advantages and disadvantages. Some of the issues mentioned are typical of all research (e.g., laboratory experiments have low ecological validity), but most were specific to usable security (e.g., the difficulties associated with observing secure behaviour in the field). One lesson that I took away from the workshop was the fact that security is a secondary task and that people’s primary task is something else: I have to log in (secondary task) to the website so that I can access my email (primary task); I have to set up a secure wireless home system (secondary task) so that I can securily connect my laptop to the internet (secondary task) so that I can look at YouTube videos (primary task).
I also learned that some researchers are using Amazon’s Mechanical Turk as a source of participants for certain types of research. I’ll have to go read the paper but I have the impression this approach works best for studies where you’re trying to recruit people to fill out questionnaires. It’s not perfect - the population using Mechanical Turk is not a reflection of the population at large - but unless you’re Statistics Canada (or a large corporation), you’re always going to get bias when recruiting participants. The important thing is to be aware of the bias and mention it in your research report. For a researcher in my situation, with access to a very limited participant pool unless I associate myself with an academic researcher, Mechanical Turk may be a good source for recruiting participants. My immediate plan is to sign up for it myself and test it out for a couple of weeks to see how it works.
The day ended with a barbecue.
Thursday morning was dedicated to authentication, with the first session being on passwords and accounts and the second on authentication for mobile devices. As there is already a lot of research going on in the area of authentication, I don’t think I’m going to select this as my primary research subject. Although, you never know, I’ve gotten into research areas I didn’t expect to just from knowing people. Anyway, I think I missed a good opportunity for a question. I should have brought along my World of Warcraft authenticator and asked people’s opinion about this kind of system.
In the afternoon, the first session was on privacy policies and the second session was a discussion session where people split up into various groups and talked about different subjects. As there wasn’t anything on trust, I joined the discussion on usable security and privacy for mobile devices.
That evening, we went on a dinner cruise.
Fig. 2. The Carleton Contingent at the prow of the cruise ship
Fig. 3. View from the cruise ship: Mount Rainier and a bridge
Friday morning’s first session was all about security policies, models and decision making. Lots of really fascinating research presented here, from the difference between the security of government and university sites versus corporate sites (such as Amazon) (surprise! the corporate sites require less secure passwords than government or university sites); to the mental models that people have about viruses and hackers (key takeaway: always explain why you want people to take security action X because if it doesn’t correspond to their mental model, they won’t do it); to how to help people set up a secure wireless home network (dear Ho, Truong & Dearman, please make your system available to everyone); to how to make people read your EULAs (surprise! use good visual design).
The second session was all over the place: the impact of sharing location feedback on mobile devices; using mobile devices to make parents feel more secure about their teenager’s whereabouts (this paper left me very skeptical, but mostly because I believe that technology is not the answer for this issue; other people feel differently); and a field study of real world ATM use (interesting study if only for the whole problem of observing people use ATMs without actually observing their pins or creeping people out).
In the afternoon there was a panel on crowdsourcing and cloud computing which was interesting. Unfortunately, a lot of people had already left so there wasn’t as much interaction from the audience as there should have been.
The day ended with an ice cream social and a short visit to one of the Microsoft usability research labs. If they were planning on making me jealous, it worked.
If you’re interested in seeing more photos from SOUPS 2010, there is my set at Flickr as well as Mary Ellen Zurko’s. Oh, and Mary Ellen has one of me in there. How embarrassing.
Updated 26 July
For another view of SOUPS 2010, there is Dana Chisnell’s report on the symposium. Like me, she was a first-time attendee. Unlike me, Dana is already familiar with the area of usable security, so her insights are interesting.
Topics: Security, Symposium, SOUPS |
July 19th, 2010 at 9:41
I coulda met you!
July 19th, 2010 at 10:36
[…] Excerpt from: SOUPS 2010: A short report | Population of One By admin | category: CARLETON University | tags: attending-the-usable, CARLETON University, chance, creative, creative-process, neo-avant-garde, usable, visual | New books – Literary Studies, Music, Art and Visual Studies …U-Pass Protest « Charlie Taylor For MayorTheory Annoucements: [DMANET] Canadian Conference on Computational …Material World: Report on "Materiality and Cultural Translation"Chaos Lyceum: The Country Club.WIND Mobile | Carleton University Improvement! I now …Chaos Lyceum: DISGUSTINGSubjects included 310 participants | zhangyanbo1Carleton University Newsroom » News Archive » Carleton Confers …[talk] Cultural Resource Management Announcement - www.museum-ed.org […]
July 19th, 2010 at 11:19
[…] SOUPS 2010: A short report | Population of One sylvienoel.ca/blog/?p=1239 – view page – cached And so I’m back, though not from outer space; from Redmond, Washington, where I was attending the annual Symposium On Usable Privacy and Security. Tweets about this link […]
July 19th, 2010 at 11:56
[…] SOUPS 2010: A short report | Population of One […]
July 21st, 2010 at 13:12
Aw man. You’re in Seattle? Crap! Oh well, next time!
July 25th, 2010 at 10:58
[…] SOUPS 2010: A short report | Population of One […]
August 3rd, 2010 at 13:52
[…] SOUPS 2010: A short report | Population of One […]