Understanding security & privacy perspectives of non-expert users in modern homes with multiple users and multiple computing devices

Modern homes are increasingly becoming technological and digital conglomerates with many computing/networking and smart devices, sensors, systems, and software applications that multiple users interact with in different home settings. Although this confluence of multiple computing devices and their interplay with multiple users facilitates many comforts of modern life, it also opens up various security and privacy (S&P) risks for home users. This thesis aims to understand non-expert users’ perspectives of such S&P risks, behaviours and concerns in modern multi-device and multi-user home environments. An in-depth analysis of non-expert users’ S&P perspectives is carried out by amassing multiple online platforms’ data and via online surveys. A mixed-method approach combining computational, qualitative and quantitative analyses is used to explore home users’ S&P-related online discussions, help-seeking attitudes, awareness, behaviours and concerns in multi-user and multidevice homes. A significant increase in S&P-related online discussions is observed during and after the lockdown period of COVID-19, reflecting a negative sentiment of non-expert users towards a wide array of S&P-related topics, e.g., use of devices, accounts, networks, stakeholders and data privacy. The thesis unearths how non-expert users solicit answers to different types of S&P questions on different online platforms, e.g., device-related questions on Reddit and conceptual queries on Quora, and it investigates how successful such online help-seeking queries are in getting useful answers. Different success-rate metrics are defined using various methods, i.e., experts’ opinions on how useful the responses are and help seekers’ acknowledgements and engagement indicators (such as likes and upvotes). The results demonstrate a higher success rate for platforms such as Reddit over Twitter, indicating that queries are better answered on more interactive, subject-focused and explanatory platforms like Reddit. The thesis indicates the presence of possible external and internal threat actors for non-expert users in shared-home scenarios while focusing on an inside-home threat actor model. Particularly, the model also highlights the probable S&P threats from the landlords in rented accommodations. Exploring non-expert users’ S&P behaviours in a home with multiple computing devices, the thesis reports the discovery of various interesting points. For example, home users lack S&P awareness and knowledge of default security protection mechanisms available for smart devices, they have a false sense of security of the whole home network while only securing traditional computing devices and a lack of understanding of the multi-stakeholders’ roles in securing home computing devices. The findings of this thesis provide solid foundational knowledge of non-expert users’ S&P perspectives in multi-device and multi-user homes and suggest many future research pathways. An ontological solution to address the heterological S&P issues of the users in a multi-device and multi-user home and explorations of possible S&P problems in device-to-device connections in such homes are a few of the future research areas suggested by this thesis.