User:Zyxttcmk/sandbox

bold let's go to a wikilink

header

 * 123ε
 * 345
 * woaini
 * woaini

sub-heading 1
introduction to LOL

Implementation in Usable Security
Given a file sharing system, every user can determine which files in their own computer can be shared through the network. Initially, user have to configure these security-related settings on their own. Because of being uninformed, about eight out of ten users would unintentionally leak their private information such as credit card information or address, which can cause unexpected results. Based on this problem, Paul DiGIoia and Paul Dourish from University of California, Irvine have introduced a “Pile Metaphor” model which using social navigation idea to solve this specific issue.

The design of “Pile Metaphor” model focuses on two major parts. First of all, users can be shown that how other users in this system decide which files are shared, which are not. And such information will be shown directly in the appearance of the folders, that is to say, different folder appearances indicate different sharing levels. Based on this straightforward design, users can easily know that whether their decision is appropriate or not. Secondly, the “Pile Metaphor” model also shows the extent that how many people in the whole system have read one user’s own file. This feature is achieved by showing the tidiness of the pile. For example, the more times a pile of file are read, the messier the pile is. Again, based on this direct information, users will reconsider which files can be shared continuously, and which should be set as invisible to the public.

There are two major advantages regarding the “Pile Metaphor” model. First, introducing this model to a system does not change the fundamental design of the system. This model is like a small plug-in, and will have significant influence on the users. Second, this model will not detract users from their work, because every security-related features will be shown directly on the user’s interface.

Drawbacks of social navigation
Social navigation can be used in so many fields that most people can benefit from it, and also wants to join it to gain more benefits. However, as the saying goes, “every coin has two sides”, so does social navigation which also has some drawbacks that can be used by malicious users who are intended to mislead the public or obtain private information about specific person.

Researchers Meital Ben Sinai, Nimrod Partush, Shir Yadid and Eran Yahav from Isreal Technion did some experiments in 2014 and wrote an article, “Exploiting Social Navigation”, to discuss about the results. According to the article, attackers can use plenty of machines to fake users’ behavior and fabricate information to mislead other real users. In this case, they attacked a real-time traffic software which allows users to report traffic news, and broadcasts these messages to others. These researchers used phony users to fabricate traffic information like obstruction or traffic jams and successfully let the system mislead real users with other itineraries. This can cause several problems, as the researchers mentioned. One problem is that real users would take more time and more money to go another longer way compared with the origin way which cost much less. What’s more, this attack may also lead people to some unsafe roads or even nonsexist ways, which causes security-related issues. To solve this shortage of social navigation, they encourage us to verify the users’ identification by checking real name with verification code, or checking users’ behavior with machine learning technologies.

The verification technique will lead to another problem of social navigation, information disclosure. In accordance with the article mentioned above, the four researchers discussed that malicious attackers may make use of the information of a specific user and gain plenty of private information of the user, such as the place he/she usually goes to, the route which he/she usually drives and so on. These information will also cause security-related issues, since attackers can use such information to track other people with vicious intention.