Visible to the public Characterizing user behavior and anticipating its effects on computer security with a Security Behavior Observatory - October 2021Conflict Detection Enabled

PI(s), Co-PI(s), Researchers:

Lorrie Cranor, Nicolas Christin

Researchers: Sarah Pearman, Jeremy Thomas

This refers to Hard Problems, released November 2012.

The Security Behavior Observatory addresses the hard problem of "Understanding and Accounting for Human Behavior" by collecting data directly from people's own home computers, thereby capturing people's computing behavior "in the wild". This data is the closest to the ground truth of the users' everyday security and privacy challenges that the research community has ever collected. We expect the insights discovered by analyzing this data will profoundly impact multiple research domains, including but not limited to behavioral sciences, computer security & privacy, economics, and human-computer interaction.


N/A this quarter


The purpose is to give our immediate sponsors a body of evidence that the funding they are providing is delivering results that "more than justify" the investment they are making.

The SBO addresses the hard problem of "Understanding and Accounting for Human Behavior" by collecting data directly from people's own home computers, thereby capturing people's computing behavior "in the wild."

Accepted paper: What breach? Measuring online awareness of security incidents by studying real-world browsing behavior. Sruti Bhagavatula, Lujo Bauer, Apu Kapadia. To appear at EuroUSEC 2021.

    • This paper utilizes SBO data to examine 1) how often people read about security incidents online, (2) whether and to what extent they then follow up and take action (2) what influences the likelihood that they will read about an incident and take some action.

Accepted paper: How Do Home Computer Users Browse the Web? Kyle Crichton, Nicolas Christin, and Lorrie Cranor. To appear in the Feb 2022 issue of the ACM Transactions on the Web journal.

    • Using data collected through the SBO, we provide new insights into how users browse the internet
    • First, we compare our data to previous studies conducted over the past two decades and identify changes in user browsing and navigation. Most notably, we observe a substantial increase in the use of multiple browser tabs to switch between pages.
    • Using the more detailed information provided by the SBO, we identify and quantify a critical measurement error inherent in previous server-side measurements that do not capture when users switch between browser tabs. This issue leads to an incomplete picture of user browsing behavior and an inaccurate measurement of user navigation and dwell time.
    • In addition, we observe that users exhibit a wide range of browsing habits that do not easily cluster into different categories, a common assumption made in research study design and software development.
    • We find that browsing the web consumes the majority of users' time spent on their computer eclipsing the use of all other software on their machine.
    • While browsing, we show that users spend the majority of their time browsing a few popular websites, but also spend a disproportionate amount of time on low-visited websites on the edges of the internet.
    • We find that users navigating to these low-visited sites are much more likely to interact with riskier content like adware, alternative health and science information, and potentially illegal streaming and gambling sites.
    • Finally, we identify the primary gateways that are used to navigate to these low-visited sites and discuss the implications for future research.