Publication statistics

Pub. period:2006-2011
Pub. count:8
Number of co-authors:19


Number of publications with 3 favourite co-authors:

Mary Ann Blair:
Justin Cranshaw:
Janice Tsai:



Productive colleagues

Alessandro Acquisti's 3 most productive colleagues in number of publications:

Lorrie Faith Crano..:44
Jason Hong:20
Yang Wang:14

Upcoming Courses

go to course
Psychology of Interaction Design: The Ultimate Guide
go to course
User-Centred Design - Module 3
91% booked. Starts in 4 days

Featured chapter

Marc Hassenzahl explains the fascinating concept of User Experience and Experience Design. Commentaries by Don Norman, Eric Reiss, Mark Blythe, and Whitney Hess

User Experience and Experience Design !


Our Latest Books

The Social Design of Technical Systems: Building technologies for communities. 2nd Edition
by Brian Whitworth and Adnan Ahmad
start reading
Gamification at Work: Designing Engaging Business Software
by Janaki Mythily Kumar and Mario Herger
start reading
The Social Design of Technical Systems: Building technologies for communities
by Brian Whitworth and Adnan Ahmad
start reading
The Encyclopedia of Human-Computer Interaction, 2nd Ed.
by Mads Soegaard and Rikke Friis Dam
start reading

Alessandro Acquisti


Publications by Alessandro Acquisti (bibliography)

 what's this?
Edit | Del

Wang, Yang, Norcie, Gregory, Komanduri, Saranga, Acquisti, Alessandro, Leon, Pedro Giovanni and Cranor, Lorrie Faith (2011): "I regretted the minute I pressed share": a qualitative study of regrets on Facebook. In: Proceedings of the 2011 Symposium on Usable Privacy and Security 2011. p. 10.

We investigate regrets associated with users' posts on a popular social networking site. Our findings are based on a series of interviews, user diaries, and online surveys involving 569 American Facebook users. Their regrets revolved around sensitive topics, content with strong sentiment, lies, and secrets. Our research reveals several possible causes of why users make posts that they later regret: (1) they want to be perceived in favorable ways, (2) they do not think about their reason for posting or the consequences of their posts, (3) they misjudge the culture and norms within their social circles, (4) they are in a "hot" state of high emotion when posting, or under the influence of drugs or alcohol, (5) their postings are seen by an unintended audience, (6) they do not foresee how their posts could be perceived by people within their intended audience, and (7) they misunderstand or misuse the Facebook platform. Some reported incidents had serious repercussions, such as breaking up relationships or job losses. We discuss methodological considerations in studying negative experiences associated with social networking posts, as well as ways of helping users of social networking sites avoid such regrets.

© All rights reserved Wang et al. and/or ACM Press

Edit | Del

Egelman, Serge, Tsai, Janice, Cranor, Lorrie Faith and Acquisti, Alessandro (2009): Timing is everything?: the effects of timing and placement of online privacy indicators. In: Proceedings of ACM CHI 2009 Conference on Human Factors in Computing Systems 2009. pp. 319-328.

Many commerce websites post privacy policies to address Internet shoppers' privacy concerns. However, few users read or understand them. Iconic privacy indicators may make privacy policies more accessible and easier for users to understand: in this paper, we examine whether the timing and placement of online privacy indicators impact Internet users' browsing and purchasing decisions. We conducted a laboratory study where we controlled the placement of privacy information, the timing of its appearance, the privacy level of each website, and the price and items being purchased. We found that the timing of privacy information had a significant impact on how much of a premium users were willing to pay for privacy. We also found that timing had less impact when users were willing to examine multiple websites. Finally, we found that users paid more attention to privacy indicators when purchasing privacy-sensitive items than when purchasing items that raised minimal privacy concerns.

© All rights reserved Egelman et al. and/or ACM Press

Edit | Del

Kumaraguru, Ponnurangam, Cranshaw, Justin, Acquisti, Alessandro, Cranor, Lorrie, Hong, Jason, Blair, Mary Ann and Pham, Theodore (2009): School of phish: a real-word evaluation of anti-phishing training. In: Proceedings of the 2009 Symposium on Usable Privacy and Security 2009. p. 3.

PhishGuru is an embedded training system that teaches users to avoid falling for phishing attacks by delivering a training message when the user clicks on the URL in a simulated phishing email. In previous lab and real-world experiments, we validated the effectiveness of this approach. Here, we extend our previous work with a 515-participant, real-world study in which we focus on long-term retention and the effect of two training messages. We also investigate demographic factors that influence training and general phishing susceptibility. Results of this study show that (1) users trained with PhishGuru retain knowledge even after 28 days; (2) adding a second training message to reinforce the original training decreases the likelihood of people giving information to phishing websites; and (3) training does not decrease users' willingness to click on links in legitimate messages. We found no significant difference between males and females in the tendency to fall for phishing emails both before and after the training. We found that participants in the 18-25 age group were consistently more vulnerable to phishing attacks on all days of the study than older participants. Finally, our exit survey results indicate that most participants enjoyed receiving training during their normal use of email.

© All rights reserved Kumaraguru et al. and/or ACM Press

Edit | Del

Tsai, Janice, Egelman, Serge, Cranor, Lorrie and Acquisti, Alessandro (2009): The impact of privacy indicators on search engine browsing patterns. In: Proceedings of the 2009 Symposium on Usable Privacy and Security 2009. p. 29.

Edit | Del

Kumaraguru, Ponnurangam, Rhee, Yong, Acquisti, Alessandro, Cranor, Lorrie Faith, Hong, Jason and Nunge, Elizabeth (2007): Protecting people from phishing: the design and evaluation of an embedded training email system. In: Proceedings of ACM CHI 2007 Conference on Human Factors in Computing Systems 2007. pp. 905-914.

Phishing attacks, in which criminals lure Internet users to websites that impersonate legitimate sites, are occurring with increasing frequency and are causing considerable harm to victims. In this paper we describe the design and evaluation of an embedded training email system that teaches people about phishing during their normal use of email. We conducted lab experiments contrasting the effectiveness of standard security notices about phishing with two embedded training designs we developed. We found that embedded training works better than the current practice of sending security notices. We also derived sound design principles for embedded training systems.

© All rights reserved Kumaraguru et al. and/or ACM Press

Edit | Del

Kumaraguru, Ponnurangam, Rhee, Yong, Sheng, Steve, Hasan, Sharique, Acquisti, Alessandro, Cranor, Lorrie Faith and Hong, Jason (2007): Getting users to pay attention to anti-phishing education: evaluation of retention and transfer. In: Proceedings of the 2007 Anti-Phishing Working Groups eCrime Researchers Summit 2007. pp. 70-81.

Educational materials designed to teach users not to fall for phishing attacks are widely available but are often ignored by users. In this paper, we extend an embedded training methodology using learning science principles in which phishing education is made part of a primary task for users. The goal is to motivate users to pay attention to the training materials. In embedded training, users are sent simulated phishing attacks and trained after they fall for the attacks. Prior studies tested users immediately after training and demonstrated that embedded training improved users' ability to identify phishing emails and websites. In the present study, we tested users to determine how well they retained knowledge gained through embedded training and how well they transferred this knowledge to identify other types of phishing emails. We also compared the effectiveness of the same training materials delivered via embedded training and delivered as regular email messages. In our experiments, we found that: (a) users learn more effectively when the training materials are presented after users fall for the attack (embedded) than when the same training materials are sent by email (non-embedded); (b) users retain and transfer more knowledge after embedded training than after non-embedded training; and (c) users with higher Cognitive Reflection Test (CRT) scores are more likely than users with lower CRT scores to click on the links in the phishing emails from companies with which they have no account.

© All rights reserved Kumaraguru et al. and/or ACM Press

Edit | Del

Sheng, Steve, Magnien, Bryant, Kumaraguru, Ponnurangam, Acquisti, Alessandro, Cranor, Lorrie Faith, Hong, Jason and Nunge, Elizabeth (2007): Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish. In: Proceedings of the 2007 Symposium on Usable Privacy and Security 2007. pp. 88-99.

In this paper we describe the design and evaluation of Anti-Phishing Phil, an online game that teaches users good habits to help them avoid phishing attacks. We used learning science principles to design and iteratively refine the game. We evaluated the game through a user study: participants were tested on their ability to identify fraudulent web sites before and after spending 15 minutes engaged in one of three anti-phishing training activities (playing the game, reading an anti-phishing tutorial we created based on the game, or reading existing online training materials). We found that the participants who played the game were better able to identify fraudulent web sites compared to the participants in other conditions. We attribute these effects to both the content of the training messages presented in the game as well as the presentation of these materials in an interactive game format. Our results confirm that games can be an effective way of educating people about phishing and other security attacks.

© All rights reserved Sheng et al. and/or ACM Press

Edit | Del

Gideon, Julia, Cranor, Lorrie, Egelman, Serge and Acquisti, Alessandro (2006): Power strips, prophylactics, and privacy, oh my!. In: Proceedings of the 2006 Symposium on Usable Privacy and Security 2006. pp. 133-144. Slides

While Internet users claim to be concerned about online privacy, their behavior rarely reflects those concerns. In this paper we investigate whether the availability of comparison information about the privacy practices of online merchants affects users' behavior. We conducted our study using Privacy Finder, a "privacy-enhanced search engine" that displays search results annotated with the privacy policy information of each site. The privacy information is garnered from computer-readable privacy policies found at the respective sites. We asked users to purchase one non-privacy-sensitive item and then one privacy-sensitive item using Privacy Finder, and observed whether the privacy information provided by our search engine impacted users' purchasing decisions (participants' costs were reimbursed, in order to separate the effect of privacy policies from that of price). A control group was asked to make the same purchases using a search engine that produced the same results as Privacy Finder, but did not display privacy information. We found that while Privacy Finder had some influence on non-privacy-sensitive purchase decisions, it had a more significant impact on privacy-sensitive purchases. The results suggest that when privacy policy comparison information is readily available, individuals may be willing to seek out more privacy friendly web sites and perhaps even pay a premium for privacy depending on the nature of the items to be purchased.

© All rights reserved Gideon et al. and/or ACM Press

Add publication
Show list on your website

Join our community and advance:




Join our community!

Page Information

Page maintainer: The Editorial Team