I direct the SPUD (Security, Privacy, Usability and Design) Lab at Georgia Tech — and not just because I like potatoes. Our rallying call: How can we design systems that encourage better cybersecur...
Selected writings
A Non-Technical Introduction to Cybersecurity
If you’d rather watch a video with all this content, watch the Crash Course Computer Science — Cybersecurity episode that I helped write, largely based on this post. You probably know a thing or t...
Don't wait for the government to fix surveillance capitalism. It's up to us.
Don’t wait for the government to fix privacy. Any attempt to curtail and reverse the growing power of surveillance capitalism will have to start from us — the people — through grassroots mobilizati...
Privacy by Design is reformist: But do we need revolution?
If you search for ways to make computing more respectful of consumer privacy, it will not take you long to stumble upon Privacy by Design (PbD). Privacy by Design (PbD) is a proactive approach to ...
The Marginal Ethics of Privacy
One of the most frustrating critiques I encounter when advocating for stronger privacy protections for consumers is: “But won’t that help criminals and pedophiles?” I consider this question to be a...
Apple's privacy bet — grandstanding or not — is good for consumers
Caring about privacy is finally cool. You know how I can tell? Because Apple is making a bet that foregrounding privacy is how they can best differentiate themselves from the rest of their Silicon ...
5 tools I use to protect my privacy online
It shouldn’t have to be this way, but the burden of protecting your privacy as you browse the web is your own. I do what I can in my research and consulting to advocate for systemic change in desig...
The crypto wars: How much privacy should we give up for security?
In 2015, there was a mass shooting in San Bernardino, California, claiming the lives of 16 (including the two perpetrators) and injuring 24 others. The incident was a terrorist attack, and a traged...
The paranoia-disaffiliation hypothesis: How us shady geeks put others off security
Like most who entered college in the mid-aughts, I was taken by Facebook. It had a sleek interface. All my friends from high school and college were on it, being super cool with edgy profile pics. ...
Usability is not enough: On why users resist even "usable" security & privacy systems
It’s no secret that many people shirk expert-recommended privacy and security advice. For example, experts commonly recommend the enabling of two-factor authentication for important accounts (e.g.,...