Trio of talks: actionable security and privacy, security and privacy perceptions in South Asia, and reproductive security and privacy on TikTok in the post-Roe era

Add to your list(s) Download to your calendar using vCal

• Anna Lena Rotthaler (Paderborn University), Deepthi Munagara (Paderborn University), and Rachel Rodriguez Gonzalez (Paderborn University and The George Washington University)
• Monday 04 August 2025, 13:00-15:00
• Webinar & FW11, Computer Laboratory, William Gates Building..

If you have a question about this talk, please contact Alexandre Pauwels.

”It’s time. Time for digital security.”: An End User Study on Actionable Security and Privacy Advice

Anna Lena Rotthaler, Paderborn University

Anna Lena is a third-year PhD student whose research focuses on making security and privacy advice more usable for end users.

Digital security advice is the focus of much research, with unsatisfying results: End users do not follow experts’ security advice, and users and experts struggle to prioritize existing advice. Several studies point out that users are overwhelmed by the amount of available security advice, and make recommendations on how to improve existing advice. Nevertheless, we still do not know how to effectively give security advice. Inspired by daily habit apps, we developed a set of 30 pieces of short and actionable advice, and the Security App, an Android smartphone app to provide this advice to end users, to reduce mental effort, and to build secure habits. We conducted a 30-day online end-user (N=74) study to evaluate whether the set of advice is actionable and meaningful to users, whether users adopt the advice, and whether the app has an impact on security awareness and behavior. Our results show that the app is an appropriate tool to provide security advice to end users. Participants perceive the majority of tasks as comprehensible, actionable, and useful, and we show that the app in fact introduces secure behaviors. Our results can serve as a basis for future research on security advice and creating secure habits, and the possibility to effectively teach secure behavior.

Digital security and privacy perceptions in South Asian contexts: Case studies on UPI and Facebook matrimony groups

Deepthi Munagara, Paderborn University

Deepthi Mungara is a second year PhD student at Paderborn University whose work focuses on digital security and privacy in South Asian contexts and she also works on security testing.

In this talk, Deepthi presents two case studies that examine how cultural norms and digital literacy shape user experiences with security and privacy on digital platforms. The first study explores India’s Unified Payments Interface (UPI), revealing gaps between user concerns and the security advice provided by apps, banks, and regulators, based on interviews and a content analysis. The second study investigates Facebook matrimony groups in Pakistan, where users—navigating cultural taboos and legal restrictions—employ cautious privacy strategies to avoid risks like identity theft, blackmail, and social judgment. Across both studies, Deepthi highlights how users’ decisions are deeply influenced by cultural, social, and informational contexts, and she calls for clearer, culturally informed communication and stronger platform-level protections to support user security and trust.

Reproductive Security & Privacy Advice on TikTok in the post-Roe Era

Rachel Rodriguez Gonzalez, Paderborn University and The George Washington University

In summer 2022, the Supreme Court of the United States overturned Roe v. Wade, a seminal case that linked the right to privacy to the right to reproductive self determination at the federal level. Reproductive self determination in the US is now regulated at the state level, with vast differences across states. With the current landscape of online tracking and selling data, people who may become pregnant are at risk of prosecution based on data from their digital footprint, including online searches, period trackers, and fitness trackers. After the overturn of Roe v. Wade, social media creators reacted on TikTok, including by giving privacy advice regarding reproductive health under the new legal situation. To create a future advice landscape that empowers users to protect their security and privacy after significant shifts in legislation, we need to understand the landscape of security and privacy advice: how general-purpose advice was adapted to reproductive health, what domain-specific advice emerged, and whether, collectively, this advice is sound, actionable, and effective. We report on an in-depth analysis of 92 TikTok videos giving advice on reproductive security and privacy in reaction to the overturn of Roe v. Wade. We find that content creators connected general-purpose security advice (like using encrypted messengers) to reproductive privacy, and that domain-specific advice (like ceasing the use of period tracking apps) emerged. Though each piece of advice was often sound, it collectively lacked nuance, actionability, completeness, and practicality due to the complexities of the legal, technical, and interpersonal threat landscape. Based on our analysis, we provide recommendations for advice-givers, social media platforms, and the security community towards stronger, more actionable, and more complete communication of domain-specific security and privacy advice.

This talk is part of the Computer Laboratory Security Seminar series.

This talk is included in these lists:

• All Talks (aka the CURE list)
• Cambridge talks
• Computer Laboratory Security Seminar
• Department of Computer Science and Technology talks and seminars
• Interested Talks
• School of Technology
• Security-related talks
• Trust & Technology Initiative - interesting events
• Webinar & FW11, Computer Laboratory, William Gates Building.
• bld31
• yk449

Note that ex-directory lists are not shown.