i3 Scholars: Devon Adams, Alseny Bah, Catherine Barwulor, Nureli Musabay, Kadeem Pitkin
Research Advisor: Elissa Redmiles, PhD candidate, University of Maryland
Video Abstract: Coming Soon
Ethics Emerging: The Story of Privacy and Security Perceptions in Virtual Reality
Devon Adams, Alseny Bah, Catherine Barwulor, Nureli Musabay, Kadeem Pitkin, Elissa M. Redmiles. The 2018 USENIX Symposium on Usable Privacy and Security (SOUPS). Baltimore, MD, USA.
Abstract: Virtual reality (VR) technology aims to transport the user to a virtual world, fully immersing them in an experience entirely separate from the real world. VR devices can use sensor data to draw deeply personal inferences (e.g., medical conditions, emotions) and can enable virtual crimes (e.g., theft, assault on virtual representations of the user) from which users have been shown to experience real, significant emotional pain. As such, VR may involve especially sensitive user data and interactions. To effectively mitigate such risks and design for safer experiences, we aim to understand end-user perceptions of VR risks and how, if at all, developers are considering and addressing those risks. In this paper, we present the first work on VR security and privacy perceptions: a mixed-methods study involving semi-structured interviews with 20 VR users and developers, a survey of VR privacy policies, and an ethics co-design study with VR developers. We establish a foundational understanding of perceived risks in VR; raise concerns about the state of VR privacy policies; and contribute a concrete VR developer “code of ethics”, created by developers, for developers.
Perceptions of the Privacy and Security of Virtual Reality
Devon Adams, Alseny Bah, Catherine Barwulor, Nureli Musabay, Kadeem Pitkin, Elissa M. Redmiles. iConference 2018. Sheffield, UK.
Abstract: Virtual Reality (VR) is projected to grow into a $100B industry in the next five years. While a preliminary body of research has begun to explore security vulnerabilities and privacy threats in VR, little prior work has explored how users of VR systems perceive these threats or how developers are coping with them. By understanding users’ and developers’ perceptions early in the VR adoption life-cycle, we have a unique opportunity to inform the development of policies, educational materials, and corporate best-practices to ensure the protection of VR users. In this poster, we present preliminary findings from semi-structured interviews with home VR users focused on their use of VR, their awareness of data collection and privacy/security threats, and potential tensions between users’ and developers’ understandings and mitigations of these threats.