TY - GEN
T1 - “Say I'm in public...I don't want my nudes to pop up.” User Threat Models for Using Vault Applications
AU - Geeng, Chris
AU - Chen, Natalie
AU - Turk, Kieron Ivy
AU - Hutson, Jevan
AU - McCoy, Damon
N1 - Publisher Copyright:
Copyright is held by the author/owner.
PY - 2024
Y1 - 2024
N2 - Vault apps and hidden albums are tools used to encrypt and hide sensitive photos, videos, and other files. While security researchers have analyzed how technically secure they are, there is little research to understand how and why users use vault apps, and whether these tools meet their needs. To understand user threat models for vault apps, we conducted semi-structured interviews (N = 18) with U.S. adult vault app users. We find our participants store intimate media, nonsexual body images, photos of partying and drinking, identification documents, and other sensitive files. Participants primarily used vault apps to prevent accidental content exposure from shoulder surfing or phone sharing, whether in public or with and around close ties. Vault apps were not used to prevent a technically proficient adversary from accessing their files. We find that vault apps prevent context collapse when sharing devices, similar to how privacy settings prevent context collapse on social media. We conclude with recommendations for research aligning with user threat models, and design recommendations for vault apps.
AB - Vault apps and hidden albums are tools used to encrypt and hide sensitive photos, videos, and other files. While security researchers have analyzed how technically secure they are, there is little research to understand how and why users use vault apps, and whether these tools meet their needs. To understand user threat models for vault apps, we conducted semi-structured interviews (N = 18) with U.S. adult vault app users. We find our participants store intimate media, nonsexual body images, photos of partying and drinking, identification documents, and other sensitive files. Participants primarily used vault apps to prevent accidental content exposure from shoulder surfing or phone sharing, whether in public or with and around close ties. Vault apps were not used to prevent a technically proficient adversary from accessing their files. We find that vault apps prevent context collapse when sharing devices, similar to how privacy settings prevent context collapse on social media. We conclude with recommendations for research aligning with user threat models, and design recommendations for vault apps.
UR - http://www.scopus.com/inward/record.url?scp=85204915607&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85204915607&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85204915607
T3 - Proceedings of the 20th Symposium on Usable Privacy and Security, SOUPS 2024
SP - 433
EP - 451
BT - Proceedings of the 20th Symposium on Usable Privacy and Security, SOUPS 2024
PB - USENIX Association
T2 - 20th Symposium on Usable Privacy and Security, SOUPS 2024
Y2 - 12 August 2024 through 13 August 2024
ER -