Vaniea, Kami

Kohlweiss, Markulf

Tahaei, Mohammad

other

2021-11-08T15:55:09Z

2021-11-08T15:55:09Z

2021-11-30

Computer programming operates and controls our personal devices, cars, and infrastructures. These programs are written by software developers who use tools, software development platforms, and online resources to build systems used by billions of people. As we move towards societies that rely on computer programs, the need for private and secure systems increases. Developers, the workforce behind the data economy, impact these systems’ privacy, and consequently, the users and society. Therefore, understanding the developer factor in software privacy provides invaluable inputs to software companies, regulators, and tool builders. This thesis includes six research papers that look at the developer factor in software privacy. We find that developers impact software privacy and are also influenced by external entities such as tools, platforms, academia, and regulators. For example, changes in regulations create challenges and hurdles for developers, such as creating privacy policies, managing permissions, and keeping user data private and secure. Developers interactions with tools and software development platforms, shape their understanding of what privacy means, such as consent and access control. Presentation of privacy information and options on platforms also heavily impact developers’ decisions for their users’ privacy, and platforms may sometimes nudge developers into sharing more of their users’ data by using design (dark) patterns. Other places developers learn about privacy include universities, though they may not learn how to include privacy in software. Some organisations are making efforts to champion privacy as a concept inside development teams, and we find that this direction shows promise as it gives developers direct access to a champion who cares about privacy. However, we also find that their organisation or the wider community may not always support these privacy champions. Privacy champions face an uphill battle to counter many of the same privacy misconceptions seen in the general population, such as the ‘I’ve got nothing to hide’ attitude. Overall, I find that research in developer-centred privacy is improving and that many of the approaches tried show promise. However, future work is still needed to understand how to best present privacy concepts to developers in ways that support their existing workflows.

https://hdl.handle.net/1842/38219

http://dx.doi.org/10.7488/era/1485

en

The University of Edinburgh

Mohammad Tahaei. ‘“I Don’t Know Too Much About It”: On the Security Mindsets of Future Software Creators’. In: Proceedings of the 2019 ACM Conference on Innovation and Technology in Computer Science Education. ITiCSE ’19. Aberdeen, Scotland UK: Association for Computing Machinery, 2019, p. 350. doi: 10.1145/3304221.3325592

Mohammad Tahaei, Alisa Frik, and Kami Vaniea. ‘Deciding on Personalized Ads: Nudging Developers About User Privacy’. In: Seventeenth Symposium on Usable Privacy and Security (SOUPS ’21). USENIX Association, 2021, pp. 1–24

Mohammad Tahaei, Alisa Frik, and Kami Vaniea. ‘Privacy Champions in Software Teams: Understanding Their Motivations, Strategies, and Challenges’. In: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. CHI ’21. New York, NY, USA: Association for Computing Machinery, 2021, pp. 1–15. doi: 10 . 1145 / 3411764 . 3445768

Mohammad Tahaei, Adam Jenkins, Kami Vaniea, and Maria K. Wolters. ‘“I Don’t Know Too Much About It”: On the Security Mindsets of Computer Science Students. 9th International Workshop, STAST 2019, Luxembourg City, Luxembourg, September 26, 2019, Revised Selected Papers’. In: Socio Technical Aspects in Security and Trust. Ed. by Thomas Groß and Tryfonas Theo. First Edition. Springer International Publishing, June 2021. doi: 10.1007/978-3-030-55958-8

Mohammad Tahaei and Kami Vaniea. ‘A Survey on Developer-Centred Se curity’. In: 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). June 2019, pp. 129–138. doi: 10.1109/EuroSPW.2019.00021

What Ad Networks Tell Developers About Privacy’. In: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems Extended Abstracts. CHI ’21 Extended Abstracts. New York, NY, USA: Association for Computing Machinery, 2021, pp. 1–12. doi: 10.1145/3411763.3451805

Mohammad Tahaei and Kami Vaniea. ‘Code-Level Dark Patterns: Exploring Ad Networks’ Misleading Code Samples with Negative Consequences for Users’. In: What Can CHI Do About Dark Patterns? Workshop at CHI ’21. 2021, pp. 1–5. url: http://hdl.handle.net/20.500.11820/ea71877b-4def-4c2c-aa45-e148122b4f3

Mohammad Tahaei, Kami Vaniea, Beznosov Konstantin, and Maria K. Wolters. ‘Security Notifications in Static Analysis Tools: Developers’ Atti tudes, Comprehension, and Ability to Act on Them’. In: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. CHI ’21. New York, NY, USA: Association for Computing Machinery, 2021, pp. 1–17. doi: 10.1145/3411764.3445616

Mohammad Tahaei, Kami Vaniea, and Naomi Saphra. ‘Understanding Privacy-Related Questions on Stack Overflow’. In: Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems. CHI ’20. Honolulu, HI, USA: Association for Computing Machinery, 2020, pp. 1–14. doi: 10.1145/3313831.3376768

developer factor

software privacy

privacy champions

privacy misconceptions

developer-centred privacy

Developer factor in software privacy

Developer factor in software privacy

Thesis or Dissertation

Doctoral

PhD Doctor of Philosophy