DREU ‘24 Project Idea Brainstorm
DREU ‘24 Project Idea Brainstorm
Data
- Readily available user-reported phishing emails from U Utah
- Take into account bias of sample (i.e., these are user-reported)
- What can be done with these phishing emails? (backwards way to think about it?)
- Studying emails qualitatively may say something interesting about the kind of phishing campaigns/attempts that are noticeable to ordinary users
- Potentially augment with collected data on attitudes towards phishing + experiments observing people who are under the impression they are being actively phished?
- Need to flesh out idea before jumping on data to test hypotheses
Ideas
- CAPTCHA usability
- Social engineering studies
- Something based on phishing
- Generalized phishing
- Spearphishing
- Note: keep ethics in mind, tricky to study
- Insider threats in organizational security
- Authentication mechanism usability
- Password usability (probably overdone)
- Passkey usability
- Do security keys enhance or weaken security given that users must protect physical access to their devices?
- SSO/OAuth usability
- MFA usability
- User attitudes towards importance of (web) privacy
- Overdone?
- Social media privacy
- Importance of being anonymous online?
- Cookie usage / consent
- Opinions on tracking / surveillance
- Awareness of fingerprinting (specifically browser fingerprinting)
- Feelings about targeted advertising
- Something with fingerprint / face as authentication mechanism
- Perceived security / privacy across environments and devices
- Confidence in email security
- E.g. do you feel more secure browsing a desktop on a home network than a phone on a cellular network? etc
- Something on open source intelligence
- eConsent
- How expectations vary between physical and virtual agreements?
- Users are “forced” into accepting privacy agreements for third party applications they wish to use… potentially conditions them into exercising less scrutiny when reviewing online terms/agreements?
