@incollection{steinbrink_privacy_2023,
title = {Privacy {Perception} and {Behaviour} in {Safety}-{Critical} {Environments}},
booktitle = {Human {Factors} in {Privacy} {Research}},
publisher = {Springer},
author = {Steinbrink, Enno and Biselli, Tom and Linsner, Sebastian and Herbert, Franziska and Reuter, Christian},
editor = {Gerber, Nina and Stöver, Alina and Marky, Karola},
year = {2023},
keywords = {UsableSec, Security, Projekt-GRKPrivacy},
}

@article{riebe_privacy_2023,
title = {Privacy {Concerns} and {Acceptance} {Factors} of {OSINT} for {Cybersecurity}: {A} {Representative} {Survey}},
url = {https://petsymposium.org/popets/2023/popets-2023-0028.pdf},
abstract = {The use of Open Source Intelligence (OSINT) to monitor and detect cybersecurity threats is gaining popularity among Cybersecurity Emergency or Incident Response Teams (CERTs/CSIRTs). They increasingly use semi-automated OSINT approaches when monitoring cyber threats for public infrastructure services and incident response. Most of the systems use publicly available data, often focusing on social media due to timely data for situational assessment. As indirect and affected stakeholders, the acceptance of OSINT systems by users, as well as the conditions which influence the acceptance, are relevant for the development of OSINT systems for cybersecurity. Therefore, as part of the ethical and social technology assessment, we conducted a survey (N=1,093), in which we asked participants about their acceptance of OSINT systems, their perceived need for open source surveillance, as well as their privacy behavior and concerns. Further, we tested if the awareness of OSINT is an interactive factor that affects other factors. Our results indicate that cyber threat perception and the perceived need for OSINT are positively related to acceptance, while privacy concerns are negatively related. The awareness of OSINT, however, has only shown effects on people with higher privacy concerns. Here, particularly high OSINT awareness and limited privacy concerns were associated with higher OSINT acceptance. Lastly, we provide implications for further research and the use of OSINT systems for cybersecurity by authorities. As OSINT is a framework rather than a single technology, approaches can be selected and combined to adhere to data minimization and anonymization as well as to leverage improvements in privacy-preserving computation and machine learning innovations. Regarding the use of OSINT, the results suggest to favor approaches that provide transparency to users regarding the use of the systems and the data they gather.},
journal = {Proceedings on Privacy Enhancing Technologies (PoPETs)},
author = {Riebe, Thea and Biselli, Tom and Kaufhold, Marc-André and Reuter, Christian},
year = {2023},
keywords = {Selected, UsableSec, Security, A-Paper, Ranking-CORE-A, Projekt-CYWARN, Projekt-ATHENE-FANCY, AuswahlUsableSec},
}

@article{reuter_citizens_2023,
title = {Citizens’ {Perception} of {Social} {Media} in {Emergencies}: {Current} {Insights} and {Temporal} {Trends} from {German} {Representative} {Samples} from 2017 to 2021},
abstract = {The value of social media in crises, disasters, and emergencies across different events, participants, and states is now well-examined in crisis informatics research. Previous research has contributed to the state of the art with empirical insights on the use of social media, approaches for the gathering and processing of big social data, the design and evaluation of information systems, and the analysis of cumulative and longitudinal data. While some studies examined social media use representatively for their target audience, these usually only comprise a single point of inquiry and do not allow for a trend analysis. This work provides results (1) of a representative survey with German citizens from 2021 on use patterns, perceptions, and expectations regarding social media during emergencies. Furthermore, it (2) compares these results to previous surveys and provides insights on temporal changes and trends from 2017, over 2019 to 2021. Our findings highlight that social media use in emergencies increased in 2021 and 2019 compared to 2017. Between 2019 and 2021, the amount of information shared on social media remained on a similar level, while the perceived disadvantages of social media in emergencies significantly increased. In light of demographic variables, the results of the 2021 survey confirm previous findings, according to which older individuals (45+ years) use social media in emergencies less often than younger individuals (18-24 years). Furthermore, while the quicker availability of information was one of the reasons for social media use, especially the potential information overload was a key factor for not using social media in emergencies. The results are discussed in light of the dynamic nature of attitudes regarding social media in emergencies and the need to account for heterogeneity in user expectations to build trustworthy information ecosystems in social media.},
journal = {International Journal of Disaster Risk Reduction (IJDRR)},
author = {Reuter, Christian and Kaufhold, Marc-André and Biselli, Tom and Pleil, Helene},
year = {2023},
keywords = {Crisis, SocialMedia, Student, Ranking-ImpactFactor, Projekt-ATHENE-SecUrban, Projekt-NEBULA},
}

@article{biselli_challenges_2022,
title = {On the {Challenges} of {Developing} a {Concise} {Questionnaire} to {Identify} {Privacy} {Personas}},
volume = {2022},
url = {https://petsymposium.org/2022/files/papers/issue4/popets-2022-0126.pdf},
doi = {10.56553/popets-2022-0126},
abstract = {Concise instruments to determine privacy personas – typical privacy-related user groups – are not available at present. Consequently, we aimed to identify them on a privacy knowledge–privacy behavior ratio based on a self-developed instrument. To achieve this, we conducted an item analysis (N = 820) and a confirmatory factor analysis (CFA) (N = 656) of data based on an online study with German participants. Starting with 81 items, we reduced those to an eleven-item questionnaire with the two scales privacy knowledge and privacy behavior. A subsequent cluster analysis (N = 656) revealed three distinct user groups: (1) Fundamentalists scoring high in privacy knowledge and behavior, (2) Pragmatists scoring average in privacy knowledge and behavior and (3) Unconcerned scoring low in privacy knowledge and behavior. In a closer inspection of the questionnaire, the CFAs supported the model with a close global fit based on RMSEA in a training and to a lesser extent in a cross-validation sample. Deficient local fit as well as validity and reliability coefficients well below generally accepted thresholds, however, revealed that the questionnaire in its current form cannot be considered a suitable measurement instrument for determining privacy personas. The results are discussed in terms of related persona conceptualizations, the importance of a methodologically sound investigation of corresponding privacy dimensions and our lessons learned.},
number = {4},
journal = {Proceedings on Privacy Enhancing Technologies (PoPETs)},
author = {Biselli, Tom and Steinbrink, Enno and Herbert, Franziska and Schmidbauer-Wolf, Gina Maria and Reuter, Christian},
year = {2022},
keywords = {HCI, Selected, UsableSec, Security, A-Paper, Ranking-CORE-A, Projekt-ATHENE-FANCY, AuswahlUsableSec, Projekt-GRKPrivacy},
pages = {645--669},
}

@inproceedings{biselli_relationship_2021,
address = {Potsdam, Germany},
title = {On the {Relationship} between {IT} {Privacy} and {Security} {Behavior}: {A} {Survey} among {German} {Private} {Users}},
url = {https://peasec.de/paper/2021/2021_BiselliReuter_RelationshipITPrivacyandSecurityBehavior_WI.pdf},
abstract = {The relevance of adequate privacy and security behavior in the digital space is higher than ever. However, the exact relationship between privacy and security behavior is rarely discussed in the literature. This study investigates this relationship and the role of socio-demographic factors (gender, age, education, political opinions) in such behavior. Exploratory results of a survey of German private users (N=1,219) show that privacy and security behavior are only weakly correlated and not similarly influenced by socio-demographic factors. While se-curity behavior significantly differs between age and education groups (younger and less educated show less security behavior), no such differences exist for pri-vacy behavior. Additionally, political orientation and opinion has no influence on privacy and security behavior. Thus, this study sheds light on the concepts of privacy, security and corresponding behavior and emphasizes the need for a fine-grained differentiation if either privacy or security behavior is to be improved.},
booktitle = {Proceedings of the {International} {Conference} on {Wirtschaftsinformatik} ({WI})},
publisher = {AIS},
author = {Biselli, Tom and Reuter, Christian},
year = {2021},
keywords = {HCI, Ranking-CORE-C, UsableSec, Security, Ranking-WKWI-A, Projekt-ATHENE-FANCY},
pages = {1--17},
}