Selected writings

I direct the SPUD (Security, Privacy, Usability and Design) Lab at Georgia Tech — and not just because I like potatoes. Our rallying call: How can we design systems that encourage better cybersecur...

If you’d rather watch a video with all this content, watch the Crash Course Computer Science — Cybersecurity episode that I helped write, largely based on this post. You probably know a thing or t...

One of the most frustrating critiques I encounter when advocating for stronger privacy protections for consumers is: “But won’t that help criminals and pedophiles?” I consider this question to be a...

Caring about privacy is finally cool. You know how I can tell? Because Apple is making a bet that foregrounding privacy is how they can best differentiate themselves from the rest of their Silicon ...

It shouldn’t have to be this way, but the burden of protecting your privacy as you browse the web is your own. I do what I can in my research and consulting to advocate for systemic change in desig...

In 2015, there was a mass shooting in San Bernardino, California, claiming the lives of 16 (including the two perpetrators) and injuring 24 others. The incident was a terrorist attack, and a traged...

Like most who entered college in the mid-aughts, I was taken by Facebook. It had a sleek interface. All my friends from high school and college were on it, being super cool with edgy profile pics. ...

It’s no secret that many people shirk expert-recommended privacy and security advice. For example, experts commonly recommend the enabling of two-factor authentication for important accounts (e.g.,...

Recently, a colleague forwarded me a request from a journalist at the Korea Times asking about how using server name identification (SNI) to block website requests could constitute a privacy violat...

For much of the developed world, the near future of IoT promises a fully connected and interactive physical environment. Smart home appliances (e.g., the Nest thermostat, smart fridges), AI assista...