1 / 17

Jon Howell & Stuart Schechter Microsoft Research

What You See Is What They Get Protecting users from unwanted use of microphones , cameras, and other sensors. Jon Howell & Stuart Schechter Microsoft Research. Who’s watching you?. user’s model is not “ I trust chatroulette ”, but

brent-vinson
Download Presentation

Jon Howell & Stuart Schechter Microsoft Research

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What You See Is What They GetProtecting users from unwanted use ofmicrophones, cameras, and other sensors Jon Howell & Stuart Schechter Microsoft Research

  2. Who’s watching you?

  3. user’s model is not “I trust chatroulette”, but I don’t mind chatroulette taking my picture when I know I’m chatting. can’t trust app to describe activity must rely on user display effective access policy [Reeder]

  4. strawpersons • dialog box every time • annoying • LED / static icon • fades into visual clutter • too late

  5. the Sensor-Access Widget • live feedback • absence implies privacy • shows effective access policy • access control point • configuration control point

  6. What You See Is What They Get

  7. Policies • Hide Widget and Allow (HWA) • Show Widget and Allow (SWA) • Show Widget and Allow After Input and Delay (SWAAID) • Show Widget and Deny (SWD) • Hide Widget and Deny (HWD)

  8. SWAAID Show Widget and Allow After Input and Delay • Show Widget: The widget appears unobstructedin the requesting application’s display • Input: The user has directed a click or keystrokeat the requesting application • Delay A five-second waiting period sincevisibility and input were satisfied 5 4 3 2 1

  9. Policies • Hide Widget and Allow (HWA) • Show Widget and Allow (SWA) • Show Widget and Allow After Input and Delay (SWAAID) • Show Widget and Deny (SWD) • Hide Widget and Deny (HWD) data accessible without user veto access requires hassling user

  10. other devices microphone accelerometer location

  11. limitations • conveying subtle threats • inadequate fidelity • display crowding • accidental input

  12. Summary • the Sensor-Access Widget mechanism • live data stream of your environment • what you see is what they get • Show Widget and Allow After Input and Delay(SWAAID) policy • a good default: • doesn’t hassle user • avoids inadvertent privacy leaks

More Related