I'm a research scientist at UC Berkeley with joint appointments in the Department of Electrical Engineering and
Computer Sciences (EECS) and the International Computer Science Institute
(ICSI). I'm interested in
decision-making with regard to
computer security and online privacy, and then creating improved interfaces that help users make
Previously, I was a postdoc at Brown University working with Shriram Krishnamurthi on usable access
control interfaces, specifically Facebook privacy settings. Before that I was a graduate student at Carnegie Mellon University
advised by Lorrie Cranor, and a member of the CUPS Lab. I've also performed research at
NIST, Microsoft Research, and Xerox PARC.
For a complete list, see my C.V.
- S. Egelman. My
Profile Is My Password, Verify Me! The Privacy/Convenience Tradeoff of Facebook
Connect. CHI '13: Proceedings of the SIGCHI conference on Human Factors
in Computing Systems. 2013.
- S. Egelman, A. Sotirakopoulos, I. Muslukhov, K. Beznosov, and C.
Herley. Does My
Password Go up to Eleven? The Impact of Password Meters on Password
Selection. CHI '13: Proceedings of the SIGCHI conference on Human
Factors in Computing Systems. 2013.
- A. P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner. Android
Permissions: User Attention, Comprehension, and Behavior. The 2012
Symposium on Usable Privacy and Security (SOUPS). Best Paper Award!
- M. Johnson, S. Egelman, and S. M. Bellovin. Facebook
and Privacy: It's Complicated. The 2012 Symposium on Usable Privacy and
- J. Tsai, S. Egelman, L. Cranor, and A. Acquisti. The Effect of Online
Privacy Information on Purchasing Behavior: An Experimental Study.
Information Systems Research, 22(2), June 2011. Best Published Paper
- J. Sunshine, S. Egelman, H. Almuhimedi, N. Atri, and L. Cranor. Crying Wolf: An
Empirical Study of SSL Warning Effectiveness. The 18th USENIX Security
- S. Schechter, A. J. Brush, and S. Egelman. It's No
Secret: Measuring the reliability of authentication via 'secret'
questions. The 2009 IEEE Symposium on Security and Privacy.
- S. Egelman, J. Tsai, L. Cranor, and A. Acquisti. Timing Is Everything? The Effects of Timing and Placement of Online Privacy Indicators. CHI '09: Proceedings of the SIGCHI conference on Human Factors in Computing Systems. 2009.
- S. Egelman, L. Cranor, and J. Hong. You've Been
Warned: An Empirical Study on the Effectiveness of Web Browser Phishing
Warnings. CHI '08: Proceedings of the SIGCHI conference on Human Factors
in Computing Systems. 2008. Honorable Mention!
Insecurity, CMU Press Release, 7 August 2009.
- Crying Wolf: Do Security Warnings Help? Study: Internet Users Immune to
Pop-Up Security Warnings by Ki Mae Heussner, ABC News.com, 30 July 2009.
SSL Warnings Shown to be Ineffective by Angela Moscaritolo, SC Magazine, 28
Security Certificate Warnings Are Not Working by Steve Ragan, The Tech
Herald, 28 July 2009.
- Web Users
Ignoring Security Certificate Warnings by Tom Espiner, CNET News, 28 July
Security Warnings Have Trained Users to Ignore Them by Jacqui Cheng, Ars
Technica, 27 July 2009.
Certificate Warnings Don't Work, Researchers Say by Robert McMillan,
Computer World, 24 July 2009.
Questions Undermine Webmail Security by Matthew Sparkes, PC Pro, 24 June
Secrets about The Email 'Secret' Question, CyberMedia News, 23 June
Secret Questions Don't Safeguard Passwords, by Jeremy Kirk, PC World, 19 May
Privacy Measures Might Produce Bigger Profits by Robert Gellman, DMNews, 10
Privacy Policies Can Make Money, Finds P3P Study, The Register, 12 June
- Online Shoppers
Will Pay for Security by Teresa F. Lindeman, Pittsburgh Post-Gazette, 8 June
- Good Privacy
Pays for Web Stores, BBC News, 7 June 2007.
Willing to Pay (A Little) More for Privacy by Nate Anderson, Ars Technica, 7
Shoppers Will Pay for Privacy by Candace Lombardi, CNET News, 7 June
Premium Doesn't Faze Buyers by Tim Wilson, DarkReading, 7 June 2007.
Shoppers Will Pay Extra To Protect Privacy, Carnegie Mellon Study Shows by
CMU Press Release, 7 June 2007.
Willing to Pay Extra for Privacy Confidence, Study Finds by Jon Brodkin,
Network World, 6 June 2007.
Anti-Phishing Toolbars Evaluated by Mark Joseph Edwards, Windows IT Pro, 15
Blasts Failing Phishing Toolbars by Shaun Nichols, Information World Review,
22 November 2006.
Is Caught in Its Own Long Tail by Richard W. Wiggins, Information Today, 14
*If you are a recruiter, do not call me. The number on my CV is a mobile phone,
which is also on the National Do Not Call list.
flickr|Oktoberfest 2012 NSPW 2012 Engagement Christmas 2011 Road Trip 2011