As consumers adopt new Internet-connected devices, apps, and other software, they are often exposed to security and privacy vulnerabilities that they likely do not have time, expertise, or incentive to evaluate themselves. Can professionals and institutions help by evaluating the security and privacy of these products on behalf of consumers? As a first step, we interview product reviewers about their work, specifically whether and how they incorporate security and privacy. Our definition of product reviews includes those published by non-profit organizations (e.g., Consumer Reports), for-profit media companies (e.g., CNET), and YouTube channels (e.g., Linus Tech Tips). Because we are interested in shifting the burden of evaluating security and privacy from ordinary users to professionals, we exclude customer reviews such as those aggregated on Amazon.com. To inform our interview design, we conduct content analysis on published product reviews to identify security- or privacy-relevant content.

This work is ongoing. If you are a product reviewer interested in discussing the following questions with SPLICE team members, please leave a comment or send us an email through the Contact Us page!

1. To what extent do product reviewers currently evaluate security and privacy? What are their reasons?
2. What criteria do they consider?
3. What techniques and tools do they use?
4. What challenges do they face in evaluating security andprivacy? What tools do they need to be more effective?
5. How do they communicate findings and judgments about security and privacy to consumers?

To learn more, check out the publication here!

Guo, W., Walter, J., & Mazurek, M. L. (2022, May 26). The Role of Product Reviewers in Evaluating Security and Privacy. 6th Workshop on Technology and Consumer Protection (ConPro ’22), San Francisco, CA. https://www.ieee-security.org/TC/SPW2022/ConPro/papers/guo-conpro22.pdf