how well do my results generalize
play

How Well Do My Results Generalize? Comparing Security and Privacy - PowerPoint PPT Presentation

Feb 06, 2023 •197 likes •560 views

How Well Do My Results Generalize? Comparing Security and Privacy Survey Results from MTurk, Web, and Telephone Samples Elissa M. Redmiles, Sean Kross, and Michelle L. Mazurek @eredmil1 eredmiles@cs.umd.edu 30+ papers in the Top 4 security

  1. How Well Do My Results Generalize? Comparing Security and Privacy Survey Results from MTurk, Web, and Telephone Samples Elissa M. Redmiles, Sean Kross, and Michelle L. Mazurek @eredmil1 eredmiles@cs.umd.edu

  2. 30+ papers in the Top 4 security conferences used surveys in the past 5 years in addition to 100+ security-related papers in SOUPS & CHI Elissa M. Redmiles 2 Elissa Redmiles

  3. Research question: How generalizable are security & privacy surveys*? *in the USA Elissa M. Redmiles 3

  4. Ingredients of a Survey Research Questions (What Do I Want to Know)? Constructs (What Do I Need to Measure to Answer RQs)? Surveys vs. log data Questions (How Can I Validly Measure My Constructs?) Redmiles et al. CCS18 Sample (Who Should Answer My Survey?) Analysis (How Can I Answer My Research Question?) Elissa M. Redmiles 4

  5. What kinds of survey samples exist? Probabilistic • (only possible with phone or paper) Nearly probabilistic • GFK Knowledge Panel Cost Census representative, non-probability • SSI, Qualtrics, Google Consumer Surveys Crowdsourced samples • Prolific, Amazon Mechanical Turk, Crowdflower Convenience or Snowball Samples • Posting on social media, asking friends to take your survey Elissa M. Redmiles 5

  6. A quick primer on survey weighting Jungle Population (n=1000) 🦅 🐶 🐰 500 300 200 Watering Hole Sample (n=100) 🐰 🦅 🐶 20 🍬 10 🍬 15 🍬 10 🍩 30 🍩 15 🍩

  7. A quick primer on survey weighting Jungle Population (n=1000) 🐰 500 Watering Hole Sample (n=100) 🐰 12.5 🍬 🐰 10 🍬 37.5 🍩 30 🍩 Without weighting we would reach different conclusions about opinion prevalence

  8. What kinds of survey samples exist? Probabilistic • (only possible with phone or paper) Nearly probabilistic • GFK Knowledge Panel Cost Census representative, non-probability • SSI, Qualtrics, Google Consumer Surveys Crowdsourced samples • Prolific, Amazon Mechanical Turk, Crowdflower Convenience or Snowball Samples • Posting on social media, asking friends to take your survey Elissa M. Redmiles 8

  9. Statistically compare gold standard responses (representative of the US pop. within 2.7%) Probabilistic telephone sample Web Panel MTurk (gold standard) Mode: telephone Mode: Web Mode: Web Probabilistic (CI 2.7%) Census-rep. panel Crowdsourced n=3,000 n=428 n=480 Price: ~$80,000 Price: $1500 Price: $500

  10. Compared answers to questions about Internet Behavior Information Sources: Online Protection Knowledge: Protective Behaviors Negative Experiences Elissa M. Redmiles 10

  11. Internet Behavior • Do you ever use the internet to...? • Use social media such as Facebook, Twitter, or Instagram • Apply for a job • Apply for government benefits or assistance • Apply for a loan or cash advance • Search for sensitive health information • Buy a product, such as books, toys, music, or clothing Elissa M. Redmiles 11

  12. Internet Behavior Information Sources: Online Protection • To which of the following have you turned to for advice about how to protect your personal information online? • Friend or Peer • Family Member • Co-worker • Librarian or resource at library • Government website • Website run by a private organization • Teacher Elissa M. Redmiles 12

  13. Internet Behavior Information Sources: Online Protection Knowledge: Protective Behaviors • Do you feel as though you already know enough about...? • Choosing strong passwords to protect your online accounts • Managing privacy settings for the information you share online • Understanding the privacy policies of the websites and applications you use • Protecting the security of your devices when using public WiFi networks • Protecting your computer or mobile devices from viruses and malware • Avoiding online scams and fraudulent requests for your personal information Elissa M. Redmiles 13

  14. Internet Behavior Information Sources: Online Protection Knowledge: Protective Behaviors Negative Experiences • As far as you know have you ever...? • Had important personal information stolen such as your Social Security Number, your credit card, or bank account information? • Had inaccurate information show up in your credit report ? • Had an email or social networking account of yours compromised or taken over without your permission by someone else? • Been the victim of an online scam and lost money? • Experienced persistent and unwanted contact from someone online? • Lost a job opportunity or educational opportunity because of something that was posted online? • Experienced trouble in a relationship or friendship because of something that was posted online? • Had someone post something about you online that you didn't want shared ? Elissa M. Redmiles 14

  15. Comparative Sample Analysis Question-by-question X 2 proportion tests (Bonferroni correction) Check our stats! Analysis code released with the paper Overall Age Education Elissa M. Redmiles 15

  16. web samples significantly more likely to engage in variety of online behaviors

  17. Census-rep. web panel significantly more likely to report negative experiences Higher reporting of negative experiences may be related to more internet use

  18. web samples significantly more likely to report seeking advice from websites Web sample respondents are more likely to report seeking advice & seek advice from more sources

  19. Census-rep. web panel significantly less likely to feel knowledgeable about security & privacy All samples report similarly re: passwords – 80% or more feel like they know enough!

  20. Comparative Sample Analysis: By Age Subgroup Question-by-question X 2 proportion tests (Bonferroni correction) Check our stats! Analysis code released with the paper Overall Age Education Elissa M. Redmiles 20

  21. 18-29 years old • MTurk differs on only 6 questions 30-49 years old • MTurk differs on 8 Qs, Panel on 9Qs • Mturk reports more Behaviors, Panel reports less Knowledge 50+ years old • Both web samples differ a lot, MTurk more so • MTurk differs on everything except advice • Panel reports more Behavior.& Neg. Experiences 21

  22. Comparative Sample Analysis: By Education Subgroup Question-by-question X 2 proportion tests (Bonferroni correction) Check our stats! Analysis code released with the paper Overall Age Education Elissa M. Redmiles 22

  23. HS education or less • Panel is the only sample with enough participants; 10 Qs differ Some college education or above • MTurk more similar to US pop. • More online behavior for SC & BS+ • More online behavior & less knowledge for BS+ 23

  24. Proposed mitigation: demographic weighting of Mturk data Not much, reduces from 14 differences overall to 11 This has worked in other survey applications, but in security the weighting variables might not be strictly demographic Elissa M. Redmiles 24

  25. How do I pick a sample? Do you need to draw conclusions that generalize to all U.S. users? Yes No For what population would you like Use multiple samples your results to generalize? OR Try probabilistic or near-probabilistic samples Age: 50+ yrs Age: 18-49 yrs (e.g., conduct survey manually from a purchased Ed.: H.S. or less Ed.: some college prob. list or try GCS / KnowledgePanel) OR Census-representative Future: weight survey results to better generalize Mturk Sample web panel

  26. Where do we go from here? Develop statistical mitigations Test weighing samples on security-specific variables Develop custom weights for standard security measures Acknowledge limitations 40% of US not well represented in most existing security studies Majority of security surveys use MTurk Unrepresented users are among the most vulnerable (50+, HS education) Elissa M. Redmiles 26

  27. How Well Do My Results Generalize? Comparing Security & Privacy Survey Results from MTurk, Web, and Telephone Samples Elissa M. Redmiles, Sean Kross,, and Michelle L. Mazurek Questions? eredmiles@cs.umd.edu Research Question How generalizable are security & privacy survey results? Methods Statistically compare probabilistic sample of US pop. (CI 2.7%) to MTurk and census rep. web panel samples Findings MTurk more generalizable for 18-49yr olds w/ some college Panel or prob. more generalizable for 50+, HS or less Additional Security Survey Resources go.umd.edu/survey-meth

  28. Backup 28

  29. Survey modes != samples Paper • Good for low tech populations, rarely used • Good for low tech populations Phone • Allows for “probabilistic” sample • CATI: computer assisted telephone interviewing • Often used in security, privacy, HCI studies Web • Highest non-response rate of any mode • Cheapest 29

  30. Time comparison • Probabilistic sample collected in December 2015 • Compared to Rader & Wash 2013 sample • Only one significant difference (more respondents reported having information stolen in 2015) • MTurk and Panel samples collected in January 2017 and in March 2018 (after Cambridge Analytica) • Only difference, fewer MTurkers reporting purchasing products online in 2018 30

  31. Elissa M. Redmiles 31

  32. Why can’t we just use existing survey methodology sample literature? Asking about online behavior on the internet is different that asking about e.g., smoking behavior! Elissa M. Redmiles 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Brief Comparison: some experimentally verified Generalize the key constraints and

A Brief Comparison: some experimentally verified Generalize the key constraints and

MN1 T. Metodiev D. Copsey F.T. Chong I.L. Chuang M. Oskin J. Kubiatowicz Motivation Many Proposed Technologies All work toward the same goal A Brief Comparison: some experimentally verified Generalize the key

361 views • 5 slides
Why NLU doesnt generalize to NLG Yejin Choi Paul G. Allen School of Computer Science &

Why NLU doesnt generalize to NLG Yejin Choi Paul G. Allen School of Computer Science &

Why NLU doesnt generalize to NLG Yejin Choi Paul G. Allen School of Computer Science & Engineering & Allen Institute for Artificial Intelligence In its current form neural Why NLU doesnt generalize to NLG

801 views • 68 slides
Summary The standard DFS does not generalize to more than two countries, because there is no

Summary The standard DFS does not generalize to more than two countries, because there is no

Summary The standard DFS does not generalize to more than two countries, because there is no clean way to dene the chain of comparative advantage. Eaton and Kortum (2002) generalizes DFS to a situation with many countries that

559 views • 12 slides
Inductive Bias: How to generalize on novel data CS 478 - Inductive Bias 1 Non-Linear Tasks l

Inductive Bias: How to generalize on novel data CS 478 - Inductive Bias 1 Non-Linear Tasks l

Inductive Bias: How to generalize on novel data CS 478 - Inductive Bias 1 Non-Linear Tasks l Linear Regression will not generalize well to the task below l Needs a non-linear surface Could use one or our future models l Could also do a

356 views • 33 slides
NORMS, INNER PRODUCTS, AND ORTHOGONALITY Vector norms Generalize the familiar concept of

NORMS, INNER PRODUCTS, AND ORTHOGONALITY Vector norms Generalize the familiar concept of

NORMS, INNER PRODUCTS, AND ORTHOGONALITY Vector norms Generalize the familiar concept of length from R 2 and R 3 to higher dimensions Cant really visualize in higher dimensions Must trust algebra Generalize the concept of

1.44k views • 113 slides
SURVEYS (CONTINUED) Michael Coblenz WHY SURVEYS? Generalize your findings Shallower than

SURVEYS (CONTINUED) Michael Coblenz WHY SURVEYS? Generalize your findings Shallower than

SURVEYS (CONTINUED) Michael Coblenz WHY SURVEYS? Generalize your findings Shallower than interviews But scale much better Focus in on specific problems to work on CLARIFY TYPE OF RESPONSE How old are you? What is your date

471 views • 27 slides
Shanghai Jiaotong University How to generalize Eulerian polynomials via combinatorics and

Shanghai Jiaotong University How to generalize Eulerian polynomials via combinatorics and

Shanghai Jiaotong University How to generalize Eulerian polynomials via combinatorics and continued fractions Jiang Zeng Universit e Claude Bernard Lyon 1, France May 14, 2018, Shanghai Plan of the talk 1 Eulerian polynomials 2 q

953 views • 67 slides
MANOVA and the Multivariate GLM Here we generalize the notation we learned before to the case of

MANOVA and the Multivariate GLM Here we generalize the notation we learned before to the case of

MANOVA and the Multivariate GLM Here we generalize the notation we learned before to the case of several variables within each group. MANOVA An Intuitive Introduction The Multivariate GLM Recall that our univariate GLM is = + x

657 views • 14 slides
Learning to Generalize from Sparse and Underspecified Rewards Rishabh Agarwal, Chen Liang, Dale

Learning to Generalize from Sparse and Underspecified Rewards Rishabh Agarwal, Chen Liang, Dale

Proprietary + Confidential Learning to Generalize from Sparse and Underspecified Rewards Rishabh Agarwal, Chen Liang, Dale Schuurmans, Mohammad Norouzi Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem

571 views • 18 slides
How to Generalize RSA Cryptanalyses Atsushi Takayasu and Noboru Kunihiro The University of Tokyo,

How to Generalize RSA Cryptanalyses Atsushi Takayasu and Noboru Kunihiro The University of Tokyo,

PKC2016@Taipei How to Generalize RSA Cryptanalyses Atsushi Takayasu and Noboru Kunihiro The University of Tokyo, Japan AIST, Japan 1/19 Background 2 /19 RSA Public key: , Secret key: (, , ) Key generation: =

581 views • 31 slides
Trees and Martingales Multi-Step Binary Model Generalize the single-period model. Still

Trees and Martingales Multi-Step Binary Model Generalize the single-period model. Still

Trees and Martingales Multi-Step Binary Model Generalize the single-period model. Still just two assets: the stock and the risk-free bond. Still no transaction cost, nor limits on amounts of either asset. But: market is observed at

379 views • 16 slides
The Empirical Data: Do infants generalize identity rules? PARTICIPANTS: 7 month old infants

The Empirical Data: Do infants generalize identity rules? PARTICIPANTS: 7 month old infants

de li de ji we ji... Pre-Wiring & Pre-Training : What does a neural network need to learn truly general identity rules? Raquel G. Alhama Willem Zuidema The Empirical Data: Do infants generalize identity rules? PARTICIPANTS: 7 month old

578 views • 29 slides
Lecture 8 AR, MA, and ARMA Models 9/27/2018 1 AR models AR(p) models We can generalize from

Lecture 8 AR, MA, and ARMA Models 9/27/2018 1 AR models AR(p) models We can generalize from

Lecture 8 AR, MA, and ARMA Models 9/27/2018 1 AR models AR(p) models We can generalize from an AR(1) to an AR(p) model by simply adding additional autoregressive terms to the model. () =1 What are the

598 views • 36 slides
ECML 2015 Big Targets Workshop Paul Mineiro Paul Mineiro ECML 2015 Big Targets Workshop How can

ECML 2015 Big Targets Workshop Paul Mineiro Paul Mineiro ECML 2015 Big Targets Workshop How can

How can we generalize well? ECML 2015 Big Targets Workshop Paul Mineiro Paul Mineiro ECML 2015 Big Targets Workshop How can we generalize well? Extreme Challenges How can we generalize well? Can we compete with OAA? When can we predict

398 views • 18 slides
Good Machine Learning = Generalization Goal of machine learning: build models that generalize

Good Machine Learning = Generalization Goal of machine learning: build models that generalize

Good Machine Learning = Generalization Goal of machine learning: build models that generalize well to predicting new data Overfitting: fitting the training data too well, so we lose generality of model o Example: linear regression vs.

120 views • 11 slides
Dawn Song dawnsong@cs.berkeley.edu 1 Bouncer: Securing Software by Blocking Bad Input 2 Main

Dawn Song dawnsong@cs.berkeley.edu 1 Bouncer: Securing Software by Blocking Bad Input 2 Main

Automatic Worm Defense (II) -- More on Automatic Signature Generation Dawn Song dawnsong@cs.berkeley.edu 1 Bouncer: Securing Software by Blocking Bad Input 2 Main Idea How to generalize from original exploit? i.e., how to generalize from

656 views • 6 slides
N 1 N 1 IV x i y i s i z i s i z i (2) 3. Imputation i 1

N 1 N 1 IV x i y i s i z i s i z i (2) 3. Imputation i 1

A Course in Applied Econometrics 1 . When Can Missing Data be Ignored ? Lecture 18 : Missing Data Linear model with IVs: y i x i u i , (1) Jeff Wooldridge IRP Lectures, UW Madison, August 2008 where x i is 1 K , instruments z

236 views • 10 slides
Nuclear Safety and Security in Brief Elena Buglova Centre Head Incident and Emergency Centre

Nuclear Safety and Security in Brief Elena Buglova Centre Head Incident and Emergency Centre

Nuclear Safety and Security in Brief Elena Buglova Centre Head Incident and Emergency Centre (IEC) International Atomic Energy Agency Department of Nuclear Safety and Security: http://www-ns.iaea.org/default.asp Inside Nuclear Safety and

376 views • 19 slides
Farm Plan Implementation Project Proposed Bylaw 228 (OCP) Proposed Bylaw 229 (LUB) June 13,

Farm Plan Implementation Project Proposed Bylaw 228 (OCP) Proposed Bylaw 229 (LUB) June 13,

Farm Plan Implementation Project Proposed Bylaw 228 (OCP) Proposed Bylaw 229 (LUB) June 13, 2018 Denman Island Advisory Planning Commission Meeting Denman Island Local Trust Committee Denman Island Local Trust Committee Sustainable

497 views • 23 slides
Killer Portfolio or Portfolio Killer Greg Foertsch Firaxis Games Jeremy Bennett Valve

Killer Portfolio or Portfolio Killer Greg Foertsch Firaxis Games Jeremy Bennett Valve

Killer Portfolio or Portfolio Killer Greg Foertsch Firaxis Games Jeremy Bennett Valve Teagan Morrison- Naughty Dog Shawn Robertson Irrational Games Wyeth Johnson Epic Games David DJ Johnson Infinity Ward Alison Kelly

198 views • 5 slides
Research Evaluation and Publication Culture in CS ECSS 2016 Panel Manuel Hermenegildo IMDEA

Research Evaluation and Publication Culture in CS ECSS 2016 Panel Manuel Hermenegildo IMDEA

www.software.imdea.org Research Evaluation and Publication Culture in CS ECSS 2016 Panel Manuel Hermenegildo IMDEA Software Institute and T.U. Madrid Research evaluation in CS the good way: Evaluating individuals: Evaluate just a

440 views • 11 slides
Dr David Cunningham REF Dir & Reader School of Humanities Dr Nicola Haines Head of Research

Dr David Cunningham REF Dir & Reader School of Humanities Dr Nicola Haines Head of Research

Dr David Cunningham REF Dir & Reader School of Humanities Dr Nicola Haines Head of Research Office @UoW_Research Agenda 1) Session purpose and background to REF 2) Outline of the overall process 3) Staff Eligibility and the Institutional

502 views • 29 slides
American Dream: Webinar Recording Timeline Below is a timeline for the topics covered in the PLA

American Dream: Webinar Recording Timeline Below is a timeline for the topics covered in the PLA

American Dream: Webinar Recording Timeline Below is a timeline for the topics covered in the PLA Project Outcome webinar, American Dream: Measuring Success Using PLAs Project Outcome . Click here to view the archived recording. Timestam Ti

859 views • 70 slides
Provable Data Plane Connectivity with Local Fast Failover Introducing OpenFlow Graph Algorithms

Provable Data Plane Connectivity with Local Fast Failover Introducing OpenFlow Graph Algorithms

Provable Data Plane Connectivity with Local Fast Failover Introducing OpenFlow Graph Algorithms Michael Borokhovich (Ben Gurion Uni, Israel) Liron Schiff (Tel Aviv Uni, Israel) Stefan Schmid (TU Berlin & T-Labs, Germany) Robust Routing

488 views • 12 slides

More recommend