Change search
Link to record
Permanent link

Direct link
BETA
Publications (8 of 8) Show all publications
Karegar, F., Pettersson, J. S. & Fischer-Hübner, S. (2018). Fingerprint Recognition on Mobile Devices: Widely Deployed, Rarely Understood. In: ARES 2018 Proceedings of the 13th International Conference on Availability, Reliability and Security (ARES 2018).: . Paper presented at The 3rd SECPID Workshop in the 13th International Conference on Availability, Reliability and Security (ARES 2018), August 27-30, 2018, Hamburg, Germany.. New York, NY, USA: Association for Computing Machinery (ACM), Article ID 39.
Open this publication in new window or tab >>Fingerprint Recognition on Mobile Devices: Widely Deployed, Rarely Understood
2018 (English)In: ARES 2018 Proceedings of the 13th International Conference on Availability, Reliability and Security (ARES 2018)., New York, NY, USA: Association for Computing Machinery (ACM), 2018, article id 39Conference paper, Published paper (Refereed)
Abstract [en]

Only a few studies have addressed the users' conception of how fingerprint recognition used for different purposes on mobile devices works. This study contributes by investigating how different groups of individuals think that the fingerprint recognition works, why they think so, and also by pointing out differences in pin code and fingerprint issues. The study furthermore yields some results concerning individuals' attitudes towards how sensitive the use of fingerprint sensors is: non-users tended to be more afraid of third-party access than users. On the other hand, users tended to regard the fingerprint pattern as more sensitive than non-users.

This study also manages to give some methodological contributions, namely that mockup user interfaces do not bias the parameters studied in this paper (e.g. understanding of access to fingerprint data), and that self-estimation of knowledge in Computer Security is not a good indicator of respondents' understanding of fingerprint security and privacy. Moreover, people who connected a low degree of sensitivity to fingerprint patterns gave very different reasons for their estimation of sensitivity. This prompts for more research, as it is unclear if different groups would benefit from different information and modes of visualisation to understand what are the issues involved in fingerprint recognition on mobile devices.

Place, publisher, year, edition, pages
New York, NY, USA: Association for Computing Machinery (ACM), 2018
Keywords
Fingerprint Pattern, User Perception, Sensitive Information, Data Privacy
National Category
Computer Sciences Human Computer Interaction
Identifiers
urn:nbn:se:kau:diva-70227 (URN)10.1145/3230833.3234514 (DOI)000477981800077 ()978-1-4503-6448-5 (ISBN)
Conference
The 3rd SECPID Workshop in the 13th International Conference on Availability, Reliability and Security (ARES 2018), August 27-30, 2018, Hamburg, Germany.
Projects
CREDENTIAL
Funder
EU, Horizon 2020, 653454
Available from: 2018-11-21 Created: 2018-11-21 Last updated: 2019-11-01Bibliographically approved
Karegar, F., Gerber, N., Volkamer, M. & Fischer-Hübner, S. (2018). Helping John to Make Informed Decisions on Using Social Login. In: Proceedings of the 33th Symposium on Applied Computing (SAC 2018), Pau, F, April 9-13, 2018: . New York: ACM Publications
Open this publication in new window or tab >>Helping John to Make Informed Decisions on Using Social Login
2018 (English)In: Proceedings of the 33th Symposium on Applied Computing (SAC 2018), Pau, F, April 9-13, 2018, New York: ACM Publications, 2018Chapter in book (Other academic)
Place, publisher, year, edition, pages
New York: ACM Publications, 2018
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-65743 (URN)10.1145/3167132.3167259 (DOI)000455180700169 ()
Projects
Credential (4896)
Funder
EU, Horizon 2020
Available from: 2018-01-19 Created: 2018-01-19 Last updated: 2019-02-14Bibliographically approved
Karegar, F. (2018). Towards Improving Transparency, Intervenability, and Consent in HCI. (Licentiate dissertation). Karlstad University Press
Open this publication in new window or tab >>Towards Improving Transparency, Intervenability, and Consent in HCI
2018 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

Transparency of personal data processing is enforced by most Western privacy laws, including the new General Data Protection Regulation (GDPR) which will be effective from May 2018. The GDPR specifies that personal data shall be processed lawfully, fairly, and in a transparent manner. It strengthens people's rights for both ex-ante and ex-post transparency and intervenability. Equally important is the strict legal requirements for informed consent established by the GDPR.

On the other hand, the legal privacy principles have Human-Computer Interaction (HCI) implications. People should comprehend the principles, be aware of when the principles may be used, and be able to use them. Transparent information about personal data processing should be concise, intelligible, and provided in an easily accessible form, pursuant to the GDPR. Nonetheless, the answer to the question about how HCI implications can be addressed depends on the attempts to decrease the gap between legal and user-centric transparency, intervenability, and consent. Enhancing individuals' control in a usable way helps people to be aware of the flow of their personal information, control their data, make informed decisions, and finally preserve their privacy.

The objective of this thesis is to propose usable tools and solutions, to enhance people's control and enforce legal privacy principles, especially transparency, intervenability, and informed consent. To achieve the goal of the thesis, different ways to improve ex-ante transparency and informed consent are investigated by designing and testing new solutions to make effective consent forms. Moreover, ex-post transparency and intervenability are improved by designing a transparency enhancing tool and investigating users' perceptions of data portability and transparency in the tool. The results of this thesis contribute to the body of knowledge by mapping legal privacy principles to HCI solutions, unveiling HCI problems and answers when aiming for legal compliance, and proposing effective designs to obtain informed consent.    

Abstract [en]

The new General Data Protection Regulation (GDPR) strengthens people’s rights for transparency, intervenability, and consent. The legal privacy principles have Human-Computer Interaction (HCI) implications. Besides aiming for legal compliance, it is of paramount importance to investigate how to provide individuals with usable and user-centric transparency, intervenability, and consent.

The objective of this thesis is to propose usable tools and solutions, to enhance people's control and enforce legal privacy principles, especially transparency, intervenability, and informed consent. To achieve the goal of the thesis, different ways to improve ex-ante transparency and informed consent are investigated by designing and testing new solutions to make effective consent forms. Moreover, ex-post transparency and intervenability are improved by designing a transparency enhancing tool and investigating users' perceptions of data portability and transparency in the tool. The results of this thesis contribute to the body of knowledge by mapping legal privacy principles to HCI solutions, unveiling HCI problems and answers when aiming for legal compliance, and proposing effective designs to obtain informed consent.    

Place, publisher, year, edition, pages
Karlstad University Press, 2018. p. 39
Series
Karlstad University Studies, ISSN 1403-8099 ; 2018:9
Keywords
GDPR, Informed Consent, Intervenability, Transparency, Usable Privacy
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-66109 (URN)978-91-7063-838-1 (ISBN)978-91-7063-933-3 (ISBN)
Presentation
2018-03-15, 12 B 252, Universitetsgatan 2, Karlstad, 09:00 (English)
Opponent
Supervisors
Note

The 3. article was in manuscript form at the time of the licentiate defense: Karegar, F. / User Evaluations of an App Interface for Cloud-based Identity Management / / Manuskript (preprint)

Available from: 2018-02-22 Created: 2018-02-05 Last updated: 2019-06-10Bibliographically approved
Karegar, F., Lindegren, D., Pettersson, J. S. & Fischer-Hübner, S. (2018). User Evaluations of an App Interface for Cloud-Based Identity Management. In: Paspallis N., Raspopoulos M., Barry C., Lang M., Linger H., Schneider C. (Ed.), Advances in Information Systems Development: . Paper presented at 6th International Conference on Information Systems Development (ISD) held in Larnaca, Cyprus, September 6 - 8, 2017 (pp. 205-223). Cham: Springer, 26
Open this publication in new window or tab >>User Evaluations of an App Interface for Cloud-Based Identity Management
2018 (English)In: Advances in Information Systems Development / [ed] Paspallis N., Raspopoulos M., Barry C., Lang M., Linger H., Schneider C., Cham: Springer, 2018, Vol. 26, p. 205-223Conference paper, Published paper (Refereed)
Abstract [en]

Within a project developing cloud technology for identity access management, usability tests of the mock-up of a mobile app identity provider were conducted to assess Internet users’ consciousness of data disclosures in consent forms and their comprehension of the flow of authentication data. Results show that using one’s fingerprint for giving consent was easy, but most participants did not have a correct view of where the fingerprint data is used and what entities would have access to it. Familiarity with ID apps appeared to aggravate misunderstanding. In addition, participants could not well recall details of personal data releases and settings for disclosure options. An evaluation with a confirmation screen improved the recall rate slightly. However, some participants voiced a desire to have control over their data and expressed a wish to manually select mandatory information. This can be a way of slowing users down and make them reflect more.

Place, publisher, year, edition, pages
Cham: Springer, 2018
Series
Lecture Notes in Information Systems and Organisation, ISSN 2195-4968 ; 26
Keywords
Cloud computing, Identity management, Data disclosure, Usable privacy, Smartphone
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-67323 (URN)10.1007/978-3-319-74817-7_13 (DOI)978-3-319-74816-0 (ISBN)978-3-319-74817-7 (ISBN)
Conference
6th International Conference on Information Systems Development (ISD) held in Larnaca, Cyprus, September 6 - 8, 2017
Note

This article was published as manuscript in Farzaneh Karegars licentiate thesis. 

Available from: 2018-05-17 Created: 2018-05-17 Last updated: 2019-11-11Bibliographically approved
Karegar, F., Lindegren, D., Pettersson, J. S. & Fischer-Hübner, S. (2017). Assessments of a Cloud-Based Data Wallet for Personal Identity Management. In: Information Systems Development: Advances in Methods, Tools and Management (ISD2017 Proceedings): . Paper presented at 26th International Conference on Information Systems Development (ISD2017 Cyprus). Larnaca, Cyprus, September 6-8, 2017.
Open this publication in new window or tab >>Assessments of a Cloud-Based Data Wallet for Personal Identity Management
2017 (English)In: Information Systems Development: Advances in Methods, Tools and Management (ISD2017 Proceedings), 2017Conference paper, Published paper (Refereed)
Abstract [en]

Within a project developing cloud technology for identity access management, usability tests of mockups of a mobile app identity provider were conducted to assess users’ consciousness of data disclosures in consent forms and flow of authentication data. Results show that using one’s fingerprint for giving consent was easy, but most participants had not a correct view of where the fingerprint data is used and what entities would have access to it. Familiarity with ID apps appeared to aggravate misunderstanding. In addition, participants could not well recall details of personal data releases and settings for disclosure options. An evaluation with a confirmation screen slightly improved recall rate. However, some participants voiced a desire to have control over their data and expressed a wish to manually select mandatory information. This can be a way of slowing users down and make them reflect more.

Keywords
Cloud computing, Identity provider, Identity management, Smartphone, Data disclosure, Usability, Privacy
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-64550 (URN)978-9963-2288-3-6 (ISBN)
Conference
26th International Conference on Information Systems Development (ISD2017 Cyprus). Larnaca, Cyprus, September 6-8, 2017
Projects
CREDENTIAL
Funder
EU, Horizon 2020, 4896
Available from: 2017-10-16 Created: 2017-10-16 Last updated: 2019-10-28Bibliographically approved
Karegar, F., Pulls, T. & Fischer-Hübner, S. (2017). Visualizing Exports of Personal Data by Exercising the Right of Data Portability in the Data Track - Are People Ready for This?. In: Privacy and Identity Management. Facing up to Next Steps. Privacy and Identity 2016. IFIP Advances in Information and Communication Technology.: . Paper presented at The 11th International IFIP Summer School on Privacy and Identity Management, August 21-26, 2016, Karlstad, Sweden (pp. 164-181). Springer, 498
Open this publication in new window or tab >>Visualizing Exports of Personal Data by Exercising the Right of Data Portability in the Data Track - Are People Ready for This?
2017 (English)In: Privacy and Identity Management. Facing up to Next Steps. Privacy and Identity 2016. IFIP Advances in Information and Communication Technology., Springer, 2017, Vol. 498, p. 164-181Conference paper, Published paper (Refereed)
Abstract [en]

A transparency enhancing tool called Data Track has been developed at Karlstad University. The latest stand-alone version of the tool allows users to visualize their data exports. For analyzing the users’ perceptions of the Data Track in regard to transparency features and the concepts of data export and data portability, we have conducted a qualitative user study. We observed that although users had rather little interest in the visualization of derived data activities revealed in the Google location file, they were interested in other kinds of derived data like usage patterns for different service providers. Also, as earlier user studies revealed, we again confirmed that it is confusing for users to differentiate between locally and remotely stored and controlled data. Finally, in spite of being concerned about the security of the data exported to their machines, for exercising data portability rights pursuant to the General Data Protection Regulation, most participants would prefer to first export and edit the data before uploading it to another service provider and would appreciate using a tool such as the Data Track for helping them in this context.

Place, publisher, year, edition, pages
Springer, 2017
Series
IFIP Advances in Information and Communication Technology book series, ISSN 1868-4238
Keywords
Transparency Enhancing Tools, Data portability, visualization, Data Track
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-64555 (URN)10.1007/978-3-319-55783-0_12 (DOI)000460572100012 ()978-3-319-55782-3 (ISBN)978-3-319-55783-0 (ISBN)
Conference
The 11th International IFIP Summer School on Privacy and Identity Management, August 21-26, 2016, Karlstad, Sweden
Available from: 2017-10-16 Created: 2017-10-16 Last updated: 2019-09-05Bibliographically approved
Karegar, F., Striecks, C., Krenn, S., Hörandner, F., Lorünser, T. & Fischer-Hübner, S. (2016). Opportunities and challenges of CREDENTIAL: Towards a metadata-privacy respecting identity provider. In: Lehmann A., Whitehouse D., Fischer-Hübner S., Fritsch L., Raab C. (Ed.), Privacy and Identity Management. Facing up to Next Steps. Privacy and Identity 2016: . Paper presented at 11th International IFIP Summer School on Privacy and Identity Management, 21-26 August 2016, Karlstad, Sweden (pp. 76-91). Springer, 498
Open this publication in new window or tab >>Opportunities and challenges of CREDENTIAL: Towards a metadata-privacy respecting identity provider
Show others...
2016 (English)In: Privacy and Identity Management. Facing up to Next Steps. Privacy and Identity 2016 / [ed] Lehmann A., Whitehouse D., Fischer-Hübner S., Fritsch L., Raab C., Springer, 2016, Vol. 498, p. 76-91Conference paper, Published paper (Refereed)
Abstract [en]

This paper summarizes the results of a workshop at the IFIP Summer School 2016 introducing the EU Horizon 2020 project credential, i.e., Secure Cloud Identity Wallet. The contribution of this document is three-fold. First, it gives an overview of the credential project, its use-cases, and core technologies. Second, it explains the challenges of the project’s approach and summarizes the results of the parallel focus groups that were held during the workshop. Third, it focuses on a specific challenge—the protection of metadata in centralized identity providers—and suggests a potential architecture addressing this problem.

Place, publisher, year, edition, pages
Springer, 2016
Series
IFIP Advances in Information and Communication Technology book series (IFIPAICT), ISSN 1868-4238
Keywords
Metadata privacy, identity provisioning, data sharing
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-64552 (URN)10.1007/978-3-319-55783-0_7 (DOI)000460572100007 ()978-3-319-55783-0 (ISBN)978-3-319-55782-3 (ISBN)
Conference
11th International IFIP Summer School on Privacy and Identity Management, 21-26 August 2016, Karlstad, Sweden
Projects
CREDENTIAL
Funder
EU, Horizon 2020, 4896
Available from: 2017-10-16 Created: 2017-10-16 Last updated: 2019-11-19Bibliographically approved
Fischer-Hübner, S., Angulo, J., Karegar, F. & Pulls, T. (2016). Transparency, Privacy and Trust: Technology for Tracking and Controlling my Data Disclosures – Does this work?. In: Sheikh Mahbub Habib, Julita Vassileva, Sjouke Mauw, Max Mühlhäuser (Ed.), Proceedings of the 10th IFIPTM Conference 2016: Trust Management X. Paper presented at IFIPTM 2016 July 18-22 Darmstadt, Germany. Heidelberg: Springer Berlin/Heidelberg
Open this publication in new window or tab >>Transparency, Privacy and Trust: Technology for Tracking and Controlling my Data Disclosures – Does this work?
2016 (English)In: Proceedings of the 10th IFIPTM Conference 2016: Trust Management X / [ed] Sheikh Mahbub Habib, Julita Vassileva, Sjouke Mauw, Max Mühlhäuser, Heidelberg: Springer Berlin/Heidelberg, 2016Conference paper, Published paper (Refereed)
Place, publisher, year, edition, pages
Heidelberg: Springer Berlin/Heidelberg, 2016
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-43251 (URN)978-3-319-41354-9 (ISBN)
Conference
IFIPTM 2016 July 18-22 Darmstadt, Germany
Available from: 2016-06-16 Created: 2016-06-16 Last updated: 2018-07-02Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0003-2823-3837

Search in DiVA

Show all publications