Publications

2024

• Not as easy as just update: Survey of System Administrators and Patching Behaviours
  A. Jenkins, L. Liu, M.K. Wolters, K. Vaniea; In Proceedings of the CHI Conference on Human Factors in Computing Systems (CHI '24). 2024 (To Appear).

2023

• DarkDialogs: Automated detection of 10 dark patterns on cookie dialogs
  D. Kirkman, K. Vaniea, D.W. Woods; In Proceedings of the 8th IEEE European Symposium on Security and Privacy (EuroSP'23). 2023.
• Data-Enhanced Design: Engaging Designers in Exploratory Sensemaking with Multimodal Data
  K. Gorkovenko, A.D.G. Jenkins, K. Vaniea, D. Murray-Rust; In International Journal of Design. 2023.
• Using Clustering Algorithms to Automatically Identify Phishing Campaigns
  K. Althobaiti, M.K. Wolters, N. Alsufyani, K. Vaniea; In IEEE Access. 2023.
• Embedding Privacy Into Design Through Software Developers: Challenges and Solutions
  M. Tahaei, K. Vaniea, A. Rashid; In IEEE Security & Privacy. 2023.
• Multi-User Smart Speakers - A Narrative Review of Concerns and Problematic Interactions
  N. Meng-Schneider, R. Yasa Kostas, K. Vaniea, M.K. Wolters; In Extended Abstracts of the 2023 CHI Conference on Human Factors in Computing Systems. 2023.
• To Patch, or not To Patch? That is the Question: A Case Study of System Administrators' Online Collaborative Behaviour
  A. Jenkins, M. Wolters, K. Vaniea; In arXiv. 2023.
• Twitter has a Binary Privacy Setting, are Users Aware of How It Works?
  D. Keküllüoğlu, K. Vaniea, M.K. Wolters, W. Magdy; In Proceedings of the 2023 ACM SIGCHI Conference on Computer-Supported Cooperative Work and Social Computing (CSCW23). 2023.
• ``I didn't click'': What users say when reporting phishing
  N. Pilavakis, A. Jenkins, N. Kokciyan, K. Vaniea; In Proceedings of the Symposium on Usable Privacy and Security (USEC'23). 2023.

2022

• Can I Borrow Your ATM? Using Virtual Reality for (Simulated) In Situ Authentication Research
  F. Mathis, K. Vaniea, M. Khamis; In Proceedings of IEEE Virtual Reality and 3D User Interfaces (VR). 2022.
• Context-based Clustering to Mitigate Phishing Attacks
  T. Saka, K. Vaniea, N. Kokciyan; In Proceedings of the 15th ACM Workshop on Artificial Intelligence and Security (AISec 2022). 2022.
• From an Authentication Question to a Public Social Event: Characterizing Birthday Sharing on Twitter
  D. Keküllüoğlu, W. Magdy, K. Vaniea; In Proceedings of The 16th International AAAI Conference on Weblogs and Social Media (ICWSM'22). 2022.
• Lessons Learned From Recruiting Participants With Programming Skills for Empirical Privacy and Security Studies
  M. Tahaei, K. Vaniea; In 1st International Workshop on Recruiting Participants for Empirical Software Engineering (RoPES'22). 2022.
• PhishED: Automated contextual feedback for reporting phishing
  A. Jenkins, N. Kokciyan, K. Vaniea; In Proceedings of the Symposium on Usable Privacy and Security Poster Track. 2022.
• Recruiting Participants with Programming Skills: A Comparison of Four Crowdsourcing Platforms and a CS Student Mailing List
  M. Tahaei, K. Vaniea; In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. 2022.
• Understanding Privacy-Related Advice on Stack Overflow
  M. Tahaei, T. Li, K. Vaniea; In Proceedings on Privacy Enhancing Technologies (PETS). 2022.
• Virtual Reality Observations: Using Virtual Reality to Augment Lab-Based Shoulder Surfing Research
  F. Mathis, J. O'Haganand, M. Khamis, K. Vaniea; In Proceedings of IEEE Virtual Reality and 3D User Interfaces (VR). 2022.

2021

• A Case Study of Phishing Incident Response in an Educational Organization
  K. Althobaiti, A. Jenkins, K. Vaniea; In Proceedings of the ACM Conference on Computer Supported Cooperative Work and Social Computing. 2021.
• Code-Level Dark Patterns: Exploring Ad~Networks' Misleading Code Samples with Negative Consequences for Users
  M. Tahaei, K. Vaniea; In ``What Can CHI Do About Dark Patterns?'' Workshop at CHI Conference on Human Factors in Computing Systems (CHI '21). 2021.
• Deciding on Personalized Ads: Nudging Developers About User Privacy
  M. Tahaei, A. Frik, K. Vaniea; In Symposium On Usable Privacy and Security (SOUPS). 2021.
• Fast and Secure Authentication in Virtual Reality using Coordinated 3D Manipulation and Pointing
  F. Mathis, J.H. Williamson, K. Vaniea, M. Khamis; In ACM Transactions on Computer-Human Interaction (TOCHI). 2021.
• I Don't Need an Expert! Making URL Phishing Features Human Comprehensible
  K. Althobaiti, N. Meng, K. Vaniea; In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. 2021.
• Observing Virtual Avatars: The Impact of Different Avatars on Identifying Users' Interaction
  F. Mathis, K. Vaniea, M. Khamis; In Proceedings of Mindtrek International Technology Conference. 2021.
• Owning and Sharing: Privacy Perceptions of Smart Speaker Users
  N. Meng, D. Keküllüoğlu, K. Vaniea; In Proceedings of the ACM Conference on Computer Supported Cooperative Work and Social Computing. 2021.
• Privacy Champions in Software Teams: Understanding Their Motivations, Strategies, and Challenges
  M. Tahaei, A. Frik, K. Vaniea; In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. 2021.
• Prototyping Usable Privacy and Security Systems: Insights from Experts
  F. Mathis, K. Vaniea, M. Khamis; In International Journal of Human--Computer Interaction. 2021.
• RepliCueAuth: Validating the Use of a lab-based Virtual Reality Setup for Evaluating Authentication Systems
  F. Mathis, K. Vaniea, M. Khamis; In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. 2021.
• Security Notifications in Static Analysis Tools: Developers' Attitudes, Comprehension, and Ability to Act on Them
  M. Tahaei, K. Vaniea, K. Beznosov, M.K. Wolters; In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. 2021.
• ``Developers are Responsible'': What Ad Networks Tell Developers About Privacy
  M. Tahaei, K. Vaniea; In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems Late Breaking Work. 2021.

2020

• Analysis of publicly available anti-phishing webpages: contradicting information, lack of concrete advice and very narrow attack vector
  M. Mossano, K. Vaniea, L. Aldag, R. Düzgün, P. Mayer, M. Volkamer; In Proceedings of the 5th IEEE European Workshop on Usable Security (EuroUSEC). 2020.
• Analysing Privacy Leakage of Life Events on Twitter
  D. Keküllüoglu, W. Magdy, K. Vaniea; In Proceedings of the 12th ACM Conference on Web Science. 2020.
• "Anyone Else Seeing this Error?": Community, System Administrators, and Patch Information
  A. Jenkins, P. Kalligeros, K. Vaniea, M.K. Wolters; In Proceedings of the European Symposium on Security and Privacy (EuroSP). 2020.
• What is this URL's Destination? Empirical Evaluation of Users' URL Reading
  Sara S. Albakry, Kami Vaniea, and Maria Wolters, In Conference on Human Factors In Computing Systems (CHI), 2020. (Survey Text)
• Understanding Privacy-Related Questions on Stack Overflow
  Mohammad Tahaei, Kami Vaniea and Naomi Saphra, In Conference on Human Factors In Computing Systems (CHI), 2020.
• RubikAuth: Fast and Secure Authentication in Virtual Reality
  Florian Mathis, John H Williamson, Kami Vaniea, Mohamed Khamis, In Conference on Human Factors In Computing Systems (CHI), 2020.

2019

• "I Don't Know Too Much About It": On the Security Mindsets of Computer Science Students
  Mohammad Tahaei, Adam Jenkins, Kami Vaniea and Maria Wolters, In the workshop on Socio-Technical Aspects in SecuriTy (STAST), September 2019.
• A Review of Human- and Computer-Facing URL Phishing Features
  Kholoud Althobaiti, Ghaidaa Rummani, and Kami Vaniea, In the European Workshop on Usable Security (USEC), June 2019.
• A Survey on Developer-Centred Security
  Mohammad Tahaei and Kami Vaniea, In the European Workshop on Usable Security (USEC), June 2019.
• Saudis' Conceptualisation of Disturbing Content on Social Media
  Sara Albakry, Aljawharah Alabdullaif, Kami Vaniea, and Maria Wolters. Workshop on HCI Research and Practice in the Arab World (ArabCHI), May 2019.

2018

• Automatic phishing detection versus user training, Is there a middle ground using XAI?
  Sara Albakry, and Kami Vaniea. In the Proceedings of the SICSA Workshop on Reasoning, Learning and Explainability. June 2018.
• Permission Impossible: Teaching Firewall Configuration in a Game Environment
  Sibylle Sehl and Kami Vaniea, In the European Workshop on Usable Security (USEC), 2018.
• Faheem: Explaining URLs to people using a Slack bot
  Kholoud Althobaiti, Kami Vaniea and Serena Zheng In the Symposium on Digital Behaviour Intervention for Cyber Security (AISB), 2018.

2017

• Capturing the Connections: Unboxing Internet of Things Devices
  Kami Vaniea, Ella Tallyn, and Chris Speed, arXiv:1708.00076, 2017.
• Was my message read?: Privacy and Signaling on Facebook Messenger
  Roberto Hoyle, Srijita Das, Apu Kapadia, Adam Lee, and Kami Vaniea In the ACM Conference on Human Factors in Computing Systems (CHI), 2017.
• Viewing the Viewers: Publishers' Desires and Viewers' Privacy Concerns in Social Networks
  Roberto Hoyle, Srijita Das, Apu Kapadia, Adam Lee, and Kami Vaniea In the 20th ACM Conference on Computer-Supported Cooperative Work and Social Computing, 2017. (Survey Instrument)

2016

• Debunking Security-Usability Tradeoff Myths
  Sasse, M. A., Smith, M., Herley, C., Lipford, H. & Vaniea, K. 25 Oct 2016 In : IEEE Security Privacy. 14, p. 33-39, 2016.
• Tales of Software Updates: The process of updating software
  Kami Vaniea, and Yasmeen Rashidi In CHI 2016: Conference on Human Factors In Computing Systems. (Survey Instrument)
• Understanding Saudis' privacy concerns when using WhatsApp
  Yasmeen Rashidi, Kami Vaniea and L. Jean Camp. In Proceedings of the Workshop on Usable Security (USEC). 2016.

2015

• Poster: A User Study of WhatsApp Privacy Settings Among Arab Users
  Yasmeen Rashidi, and Kami Vaniea Poster in IEEE Symposium on Security and Privacy, May 2015
• Factors Related to Privacy Concerns and Protection Behaviors Regarding Behavioral Advertising
  Donghee Yvette Wohn, Jacob Solomon, Dan Sarkar, and Kami Vaniea In Proceedings of the 33rd Annual ACM Conference Extended Abstracts on Human Factors in Computing Systems, April 2015

2014

• Computer Security Information in Stories, News Articles, and Education Documents
  Katie Hoban, Emilee Rader, Rick Wash, and Kami Vaniea Poster in SOUPS 2014: Symposium on Usable Privacy and Security, July 2014. [Distinguished Poster Award]
• Out of the Loop: How Automated Software Updates Cause Unintended Security Consequences
  Rick Wash, Emilee Rader, Kami Vaniea, and Michelle Rizor. In SOUPS 2014: Symposium on Usable Privacy and Security, July 2014.
• Betrayed By Updates: How Negative Experiences Affect Future Security
  Kami Vaniea, Emilee Rader, and Rick Wash. In CHI 2014: Conference on Human Factors in Computing Systems, April 2014. (Video Ad)

2012

• Studying access control usability in the lab: Lessons learned from four studies
  Kami Vaniea, Lujo Bauer, Lorrie Faith Cranor, and Michael K. Reiter. In LASER 2012: Learning from Authoritative Security Experimental Results, July 2012.
• Out of sight, out of mind: Effects of displaying access-control information near the item it controls
  Kami Vaniea, Lujo Bauer, Lorrie Faith Cranor, and Michael K. Reiter. In PST 2012: Conference on Privacy, Security, and Trust, July 2012.

2011

• More than skin deep: Measuring effects of the underlying model on access-control system usability
  Robert W. Reeder, Lujo Bauer, Lorrie Faith Cranor, Michael K. Reiter, and Kami Vaniea. In CHI 2011: Conference on Human Factors in Computing Systems, May 2011 (ACM)

2010

• Access control for home data sharing: Attitudes, needs and practices
  Michelle L. Mazurek, J.P. Arsenault, Joanna Bresee, Nitin Gupta, Iulia Ion, Christina Johns, Daniel Lee, Yuan Liang, Jenny Olsen, Brandon Salmon, Richard Shay, Kami Vaniea, Lujo Bauer, Lorrie Faith Cranor, Gregory R. Ganger, Michael K. Reiter. In the Proceedings of CHI '10: Proceedings of the 28th international conference on Human factors in computing systems.
  ( CMU Tech Report)

2009

• Real life challenges in access-control management
  Lujo Bauer, Lorrie Faith Cranor, Michael K. Reiter, and Kami Vaniea. In the Conference on Human Factors in Computing Systems (CHI 2009) (Talk Video)
• Effects of access-control policy conflict-resolution methods on policy-authoring usability.
  Lujo Bauer, Lorrie Cranor, Robert W. Reeder, Michael K. Reiter, and Kami Vaniea. Technical Report CMU-CyLab-09-006, CyLab, Carnegie Mellon University, March 2009.

2008

• Evaluating assistance of natural language policy authoring
  Kami Vaniea, Clare Marie-Karat, Joshua B. Gross, John Karat, and Carolyn Brodie. In Symposium On Usable Privacy and Security, July 2008.
• Access Control Policy Analysis and Visualization Tools for Security Professionals.
  Kami Vaniea, Qun Ni, Lorrie Cranor and Elisa Bertino. In USM'08: Workshop on Usable IT Security Management 2008, Carnegie Mellon University, Pittsburgh, PA, July 23-25, 2008.
• A user study of policy creation in a flexible access-control system
  Lujo Bauer, Lorrie Faith Cranor, Michael K. Reiter, and Kami Vaniea. In Conference on Human Factors in Computing Systems (CHI 2008)

2007

• Lessons learned from the deployment of a smartphone-based access-control system.
  Lujo Bauer, Lorrie Faith Cranor, Michael K. Reiter, and Kami Vaniea. In Symposium On Usable Privacy and Security, July 2007.
• User-controllable security and privacy for pervasive computing.
  Jason Cornwell, Ian Fette, Gary Hsieh, Madhu Prabaker, Jinghai Rao, Karen Tang, Kami Vaniea, Lujo Bauer, Lorrie Cranor, Jason Hong, Bruce McLaren, Mike Reiter, and Norman Sadeh. In Eighth IEEE Workshop on Mobile Computing Systems and Applications (HotMobile), February 2007.
• Comparing access-control technologies: a study of keys and smartphones
  Lujo Bauer, Lorrie Faith Cranor, Michael K. Reiter, and Kami Vaniea. Technical Report CMU-CYLAB-07-005, CyLab, Carnegie Mellon University, February 2007.

Non-peer reviewed papers written by me that may need some explanation.

• How to successfully prevent the flow of information in research presentations
  Kami Vaniea. In the Associaton for Computational Heresy Special Interest Group on Harry Q. Bovik (SIGBOVIK10), April 1st, 2010.
  
  Satirical paper on how to write a research presentation when your research results are neither interesting nor useful (Bovik Quadrent). Presented at SIGBOVIK 2010 on April Fools Day.

Interesting papers where I was involved in the research or development but not a full author

• The Impact of Expressiveness on the Effectiveness of Privacy Mechanisms for Location Sharing
  Michael Benisch, Patrick Gage Kelley, Norman Sadeh, Tuomas Sandholm, Lorrie Faith Cranor, Paul Hankes Drielsma, and Janice Tsai
• FoxTor
  Sasha Romanosky
  (Webpage)
• Visual Analysis of Human Dynamics: An Introduction to the Special Issue.
  Yang Cai and Judith D. Terrill. In Information Visualization, 2006.
• Understanding and Capturing People's Privacy Policies in a Mobile Social Networking Applications
  Norman Sadeh, Jason Hong, Lorrie Cranor, Ian Fette, Patrick Gage Kelley, Madhu Prabaker, Jinghai Rao
• NetState : A Network Version Tracking System
  Nancy Durgin, Yuqing Mai, Jamie Van Randwyk. In USENIX, 2005.
• Applying Collaborative Filtering for Efficient Document Search
  Seikyung Jung, Juntae Kim, Jonathan L Herlocker. In the Proceedings of the International Conference on Web Intelligence, 2004.
• Using Educational Robotics to Engage Inner-Cit Students with Technology
  Rachel Goldman, Amy Eguchi and Elizabeth Sklar. In Proceedings of the Sixth International Conference of the Learning Sciences, 2004.
• Learning While Teaching Robotics
  Elizabeth Sklar and Amy Eguchi. In AAAI Spring Symposium on Accessible Hands-on Artificial Intelligence and Robotics Education, 2004.