Related papers: Tricking Johnny into Granting Web Permissions
Many Android applications embed webpages via WebView components and execute JavaScript code within Android. Hybrid applications leverage dedicated APIs to load a resource and render it in a WebView. Furthermore, Android objects can be…
We need to rethink our approach to defend privacy on the internet. Currently, policymakers focus heavily on the idea of informed consent as a means to defend privacy. For instance, in many countries the law requires firms to obtain an…
User facing 'platform safety technology' encompasses an array of tools offered by platforms to help people protect themselves from harm, for example allowing people to report content and unfollow or block other users. These tools are an…
Is it possible to predict the affect of a user just by observing her behavioral interaction through a video? How can we, for instance, predict a user's arousal in games by merely looking at the screen during play? In this paper we address…
The current "notice and consent" paradigm is broken: consent dialogues are often manipulative, and users cannot realistically read or understand every privacy policy. While recent LLM-based tools empower users seeking active control, many…
We present a study of how local frames (i.e., iframes loading content like "about:blank") are mishandled by a wide range of popular Web security and privacy tools. As a result, users of these tools remain vulnerable to the very attack…
Precise access control decisions are crucial for the security of both traditional applications and emerging agent-based systems. Typically, these decisions are made by users during app installation or at runtime. However, due to the…
The proliferation of web applications has essentially transformed modern browsers into small but powerful operating systems. Upon visiting a website, user devices run implicitly trusted script code, the execution of which is confined within…
Determining how voice assistants should broker consent to share data with third party software has proven to be a complex problem. Devices often require users to switch to companion smartphone apps in order to navigate permissions menus for…
Due to Android's open source feature and low barriers to entry for developers, millions of developers and third-party organizations have been attracted into the Android ecosystem. However, over 90 percent of mobile malware are found…
Thanks to the advance of technology, all kinds of applications are becoming more complete and capable of performing complex tasks that save much of our time. But to perform these tasks, applications require that some personal information…
Selecting a UI element is a fundamental operation on webpages, and the ease of tapping a target object has a significant impact on usability. It is thus important to analyze existing UIs in order to design better ones. However, tools…
The web is used daily by billions. Even so, users are not protected from many threats by default. This position paper builds on previous web privacy and security research and introduces JShelter, a webextension that fights to return the…
Learning to communicate through interaction, rather than relying on explicit supervision, is often considered a prerequisite for developing a general AI. We study a setting where two agents engage in playing a referential game and, from…
As a step towards studying human-agent collectives we conduct an online game with human participants cooperating on a network. The game is presented in the context of achieving group formation through local coordination. The players set…
Many people are unaware of the digital dangers that lie around each cyber-corner. Teaching people how to recognize dangerous situations is crucial, especially for those who work on or with computers. We postulated that interactive graphic…
Traditionally, the efficiency and effectiveness of search systems have both been of great interest to the information retrieval community. However, an in-depth analysis of the interaction between the response latency and users' subjective…
When using security questions most users still trade-off security for the convenience of memorability. This happens because most users find strong answers to security questions difficult to remember. Previous research in security education…
Web Application Firewalls (WAFs) have been introduced as essential and popular security gates that inspect incoming HTTP traffic to filter out malicious requests and provide defenses against a diverse array of web-based threats. Evading…
Browser extensions have been established as a common feature present in modern browsers. However, some extension systems risk exposing APIs which are too permissive and cohesive with the browser's internal structure, thus leaving a hole for…