What's New?

Our book, The Design of Sites, has been translated into Korean. Interestingly, the book is much thicker than the English version by about 1.5cm despite having roughly the same number of pages. I hope they gave me a good translated Korean name too (unlike the Chinese version, which assigned me a new Chinese name).

I have a post on BLOG@CACM entitled Password Policies are Getting Out of Control. It's the most-read and most-commented blog post on CACM so far. It also made it onto reddit, with 250+ comments. So, it clearly struck a nerve.

Our group had two papers accepted to Ubicomp 2011.

• Are you close with me? Are you nearby? Investigating social groups, closeness, and willingness to share
• Understanding How Visual Representations of Location Feeds Affect End-User Privacy Concerns

Teaching Designing Human-Centered Systems, our intro to HCI course for non-majors. I'm trying several new ideas this year, including parallel prototypes, more competitive analysis, more war stories from industry, and more quotes from Steve Jobs.

And the year is done for our current MHCI master's students! What a fantastic group of students this year, please check out the capstone projects they did this year.

I survived the Lower Youghiogheny river rapids, Class III and IV rapids. I even managed not to get knocked out of the raft, at one point being the only person left (though to be fair, my friend did dive out of the raft to avoid knocking me out too :)

Our group had one paper accepted to SOUPS 2011, Smartening the Crowds: Computational Techniques for Improving Human Verification to Fight Phishing Scams. Yes, smartening is a real word.

Our group had one paper accepted to Mobisys 2011, Caché: Caching Location-Enhanced Content to Improve User Privacy

Participated in a panel on the State of the Mobile Net 2011, part of the Congressional Internet Caucus. Basically, I got to tell people about the current state of mobile privacy and the challenges involved. I even got interrupted midway by Senator Patrick Leahy (he's much taller in person than you might guess).

Our group had four papers accepted to CHI 2011.

• Making Sense of Large Network Data: Combining Rich User Interaction and Machine Learning
• I'm the Mayor of My House: Examining Why People Use foursquare - a Social-Driven Location Sharing Application
• Security through a different kind of obscurity: Evaluating Distortion in Graphical Authentication Schemes
• A Diary Study of Password Usage in Daily Life

Our group had one paper accepted to HotMobile 2011, Undistracted Driving: A Mobile Phone that Doesn’t Distract

Gave a talk at the CyLab Seminar on Location Privacy for Mobile Computing.

Why is Great Design so Hard? This is a blog entry I wrote up for Communications of the ACM.

Our group had four papers accepted to Ubicomp 2010.

• Rethinking Location Sharing: Exploring the Implications of Social-Driven vs. Purpose-Driven Location Sharing
• Modeling People's Place Naming Preferences in Location Sharing
• Bridging the Gap Between Physical Location and Online Social Networks
• Empirical Models of Privacy in Location Sharing

Paper on applying machine learning to blacklists to improve phishing accepted to ESORICS 2010. I think this work has the lowest false positives to date of any published work using heuristics to detect phish, while having a fairly good true positive rate.

Presented Teaching Johnny Not to Fall for Phish at the ISSA CISO forum.
      Talk: PPT

Presented Statistical Analysis of Phished eMail Users, Intercepted by the APWG/CMU Phishing Education Landing Page at the APWG Counter E-Crime Operations Summit. This work was also featured in Brian Kreb's' blog krebsonsecurity.com.
      Talk: PPT

I was a panelist for a University Lecture Series panel entitled Hacking Comes of Age: Climategate, Cyber-Espionage and iWar.

I was a panelist for an RSA 2010 panel entitled Social Networking - Your Personal and Business Information in the Wild.

I received a 2010 Sloan Research Foundation Fellowship.

My current research interests are in:

• ubiquitous computing, especially mobile social computing and context-aware computing
• usable privacy and security for ubicomp and cloud computing environments

I used to do research in anti-phishing, sketch-based interfaces, design patterns, web usability and visualization tools, and rapid prototyping tools for the web and for ubicomp.

I work a lot with the CUPS lab (CMU Usable Privacy and Security) and the Mobile Commerce Lab. I'm also an associate editor for IEEE Pervasive (heading up the conference reports column). I'm a co-founder of Wombat Security Technologies, and am also an Alfred P. Sloan Research Fellow.

Our research group has been generously funded through a number of sources, including the National Science Foundation, DARPA, the Army Research Office, Microsoft, Nokia Research, Intel, Google, Portugal Telecom, CMU Cylab, the Institute for the Study of Entrepreneurship, Innovation, and Technology, and the Alfred P. Sloan Foundation.

Here is a wordle that summarizes my current research:

The Research Team

I work with an amazingly talented group of PhD students and post-docs:

• Polo Chau, co-advised with Christos Faloutsos, working on infoviz and discovery for large-scale graphs
• Jialiu Lin, co-advised with Norman Sadeh, working on privacy and security of mobile apps
• Jason Wiese, co-advised with John Zimmerman, working on understanding social relationships using smartphone and social network data
• Eiji Hayashi, working on streamlining authentication in ubicomp and cloud computing environments
• Shah Amini, working on privacy and security for mobile apps
• Guang Xiang, co-advised with Carolyn Rose
• Sauvik Das, working on streamlining authentication in ubicomp and cloud computing environments

Some Stuff I Helped Create

Web Design Patterns

• Customer-Centered Design (Chap1 of our book, The Design of Sites)
• Pattern H1 - Process Funnel

Design Patterns for Ubiquitous Computing

• Ubicomp Design Patterns (45 design patterns)
• Bus maps for the Ubicomp Patterns (shows how patterns are related)

Rapid Prototyping and Evaluation Tools

• Topiary Location-enhanced App Prototyping Tool (source and executable)
• DENIM Web Rapid Prototyping Tool (source and executable)
• WebQuilt Remote Evaluation and Visualization Tool (source and executable)
• SATIN toolkit for sketch-based user interfaces (source code)

Instructor Guides

• Teaching Usable Privacy and Security, with Lorrie Cranor and Mike Reiter

Anti-Phishing Phil

• Anti-Phishing Phil game

The Design of Sites
I co-authored a book on web site design, which uses the notion of web design patterns as a way for facilitating the construction of customer-centered web sites. Check out the web site for our book The Design of Sites.

Writings and Web Pages Maintained

Some web pages I help take care of:

• Grad School Advice Page (popular)

Some opinions:

• Password Policies are Getting Out of Control
• Why is Great Design so Hard? Part 1, Part 2, and Part 3
• How Little Web Sites Have Changed Over the Past 6 Years
• Web 2.0 and Research
• Watch Ed Chi get Kicked in the name of science (Yes, I actually like Ed :)
• Famous Rejected Papers

Teaching

Courses taught at Carnegie Mellon University:

• Fall     2007 - The Social Web, with Bob Kraut
• Spring 2007 - Usable Privacy and Security
• Spring 2007 - Research Topics in Ubiquitous Computing
• Fall     2006 - Software Architectures for User Interfaces
• Spring 2006 - Usable Privacy and Security
• Spring 2006 - Undergraduate HCI Project
• Fall     2005 - Software Architectures for User Interfaces
• Spring 2005 - Undergraduate HCI Project
• Fall     2004 - Research Topics in Ubiquitous Computing

Past courses taught at University of California at Berkeley:

• Inventing The Future: User Interface Design, Prototyping, and Evaluation (2001 2002 2004)
• Spring 2001 - Freshman Seminar: The Past, Present, and Future of Interactive Computing

Service

• Program Chair or Co-Chair SOUPS 2008, SOUPS 2007, HotMobile 2009
• Guest Editor IEEE Pervasive Computing, Special Issue on Security & Privacy and another on Connected Youth
• Program Committee Ubicomp 2011, Mobisys 2011, Mobicase 2011, WMUST
• Program Committee UIST 2010, SIGCOMM 2010 Workshop on Home networking
• Program Committee UIST 2009, HotSec 2009
• Program Committee HotMobile 2008, HotMobile2007, WMCSA2006 (renamed to HotMobile)
• Program Committee SOUPS 2006
• Program Committee Mobisys2006
• Program Committee CHI2006, CHI2005
• Program Committee UIST2005, UIST2004
• Organizing Committee SOUPS 2005 (Usable Privacy and Security)
• Program Committee Context 2005
• Program Committee IUI2005 (Intelligent User Interfaces)

Odds and Ends

"Web 2.0 can't win over Brain 1.0."
  — Robin Dunbar

"Society is indeed a contract... a partnership not only between those who are living, but between those who are living, those who are dead, and those who are to be born."
  — Edmund Burke

"It was, of course, nothing more than sexism, the especially virulent type espoused by male techies who sincerely believe that they are too smart to be sexists."
  — Neal Stephenson, Snow Crash

"If you want to build a ship, don't drum up the men to gather wood, and don't assign them tasks and give orders. Instead, teach them to long for the vast and endless immensity of the sea."
  — Antoine de Saint-Exupery

"Make no little plans. They have no magic to stir men's blood and probably themselves will not be realized. Make big plans; aim high in hope and work, remembering that a noble, logical diagram once recorded will never die, but long after we are gone will be a living thing, asserting itself with ever-growing insistency. Remember that our sons and grandsons are going to do things that would stagger us. Let your watchword be order and your beacon beauty. Think big."
  — Daniel Burnham

"Civilization advances by extending the number of operations we can perform without thinking about them."
  — Alfred North Whitehead