tag:blogger.com,1999:blog-8049814Thu, 04 Jun 2026 17:49:59 +0000usable privacy and securityhciubicompresearchcooljust plain weirdlocationphishingweb 2.0webdesignessaynoteworthychinesesocial webAndroidcmuteachingInternet of Thingsmobile socialworld of warcraftbookchi2011crowdsourcingcybersecuritydatabasesdesign patternsgamegraduate schoolif only we could use their powers for goodjavapaperpenprogrammingpsychologysketchtechnology adoptiontoyota camryurban analyticsvideowifiwiiworkcraftA Carnegie Mellon University professor's rants and raves on research, human-computer interaction, Internet of Things, usable privacy and security, Pittsburgh, and teaching.http://confabulator.blogspot.com/noreply@blogger.com (Jason Hong)Blogger469125tag:blogger.com,1999:blog-8049814.post-7817032236195111751Mon, 27 May 2024 23:15:00 +00002024-05-27T19:15:20.310-04:00When doing reappointment and promotion packages for faculty, you're expected to submit a summary of your research and accomplishments. Since I'm a full professor, I'm not required to do this anymore, but I thought it would still be a useful exercise, partly to help me reflect on my work but also to share with the world what I felt were some of my key accomplishments. So here are some highlights http://confabulator.blogspot.com/2024/05/summary-of-my-past-research.htmlnoreply@blogger.com (Jason Hong)3tag:blogger.com,1999:blog-8049814.post-1471850719890207703Wed, 28 Feb 2024 22:27:00 +00002024-02-28T17:27:19.843-05:00In 2004, my colleagues and I published a paper called Privacy risk models for designing privacy-sensitive ubiquitous computing systems. This paper posed a series of questions about user interface design, system design, and organizational issues that one should consider with respect to privacy when designing new ubicomp systems.In a recently published chapter in the book Mobile Sensing http://confabulator.blogspot.com/2024/02/questions-for-privacy-risk-modeling.htmlnoreply@blogger.com (Jason Hong)2tag:blogger.com,1999:blog-8049814.post-342059965145183125Tue, 30 May 2023 19:01:00 +00002023-06-01T09:09:41.352-04:00I had the honor of being the 2023 commencement speaker for my old high school, the South Carolina Governor's School for Science and Math. It was especially good timing, since it's been 30 years since I graduated high school, so my friends and I organized a 30 year reunion at the same time. Here's a link to a video of my speech.Here's a link to my speaking notes. I used a table with http://confabulator.blogspot.com/2023/05/speech-for-scgssm-2023-commencement.htmlnoreply@blogger.com (Jason Hong)2tag:blogger.com,1999:blog-8049814.post-6978380808668035980Fri, 15 Jan 2021 15:06:00 +00002021-04-23T09:14:28.761-04:00My young children have been fascinated by computers, and have a tendency to mash the keyboard. While this hasn't caused too many problems, it did lead to a strange case where the home, end, and arrow keys didn't work as usual in the Chrome browser.That is, instead of the down arrow key scrolling the page down, it would instead go to the next link on the page. Similarly, the end key wouldn't go tohttp://confabulator.blogspot.com/2021/01/caret-browsing-for-chrome.htmlnoreply@blogger.com (Jason Hong)2tag:blogger.com,1999:blog-8049814.post-6956729178090279799Mon, 02 Apr 2018 22:40:00 +00002018-04-02T21:08:54.981-04:00 I just got a fake malware warning while reading an article on the New York Times web site. It also locked up my web browser too. I'm copying and pasting the text here, to help any folks who do a search on the text. There was a dangerous try to get an access to your personal logins & bank information. Luckily, your Firewall managed to block this suspicious connection. We recommend you to http://confabulator.blogspot.com/2018/04/fake-malware-warning-on-nytimes-web-site.htmlnoreply@blogger.com (Jason Hong)1tag:blogger.com,1999:blog-8049814.post-8616434116674562296Mon, 22 Jan 2018 21:54:00 +00002018-01-22T16:54:44.884-05:00A journalist was asking my thoughts about the least secure connected devices out there today. Here's my response: ---------- What's insecure? Almost all of the cheaper consumer electronics available on the market today, including toys, light bulbs, weight scales, bread makers, web cams, and more. There are two major reasons. The first is that most of these are made by hardware manufacturers http://confabulator.blogspot.com/2018/01/what-are-least-secure-connected-devices.htmlnoreply@blogger.com (Jason Hong)1tag:blogger.com,1999:blog-8049814.post-4056248440745124282Sat, 13 Jan 2018 19:42:00 +00002018-01-13T14:42:07.433-05:00A journalist was asking me about the future of automation, especially in terms of how we (society) should change in regards to training and education of workers. Below are my responses. 1) Do you consider your courses at CMU to be training a workforce for an increasingly automated world? We don't explicitly gear our courses at CMU for training workforces. Generally, our courses are more http://confabulator.blogspot.com/2018/01/future-of-education-and-training-in.htmlnoreply@blogger.com (Jason Hong)2tag:blogger.com,1999:blog-8049814.post-6622151632347121641Thu, 21 Dec 2017 20:36:00 +00002017-12-21T15:36:39.820-05:00I just filled out a survey by Pew Internet and Elon College about the future of Internet technologies on well-being. Here are my responses: Our question: Over the next decade, how will changes in digital life impact people’s overall well-being, physically and mentally? Many years ago, the famed Nobel laureate Herb Simon pointed out that "[I]nformation consumes the attention of its recipients. http://confabulator.blogspot.com/2017/12/thoughts-on-future-of-technology-and.htmlnoreply@blogger.com (Jason Hong)1tag:blogger.com,1999:blog-8049814.post-7454225924789648373Mon, 29 May 2017 15:34:00 +00002017-05-29T11:34:09.021-04:00I was recently honored with Alumni of the Year award from my high school alma mater, the South Carolina Governor's School for Science and Math. For this award, I was also offered some time to give a short speech at this year's commencement ceremonies. Note that the main speaker was Mick Mulvaney, who is Trump's budget director at the Office of Management and Budget. As you might know, Mulvaney http://confabulator.blogspot.com/2017/05/my-commencement-speech-for-scgssm-2017.htmlnoreply@blogger.com (Jason Hong)3tag:blogger.com,1999:blog-8049814.post-5325823556974822885Tue, 15 Nov 2016 20:31:00 +00002016-11-15T15:31:57.982-05:00cybersecurityInternet of Thingsusable privacy and securityA journalist asked me about cybersecurity under the Trump administration, whether anything will change. Here are my thoughts. Note that this is just my opinion and does not represent my employers or any of my funders. -------------- I don't expect much to change. President Obama already made cybersecurity one of his top 10 priorities, and as a result, a lot of the heavy lifting has http://confabulator.blogspot.com/2016/11/cybersecurity-under-trump-administration.htmlnoreply@blogger.com (Jason Hong)0tag:blogger.com,1999:blog-8049814.post-3455021232029036956Tue, 15 Nov 2016 20:25:00 +00002016-11-15T15:25:59.269-05:00usable privacy and securityI've been asked by more and more journalists to offer some insights into various aspects of cybersecurity. I figured that since I'm already writing these up, I might as well share them with the public. This one is on ransomware. ------------------ Ransomware is a kind of malware that holds your data hostage. The malware scrambles your data and makes it so that you can't access it, unless you http://confabulator.blogspot.com/2016/11/some-tips-on-protecting-yourself-from.htmlnoreply@blogger.com (Jason Hong)0tag:blogger.com,1999:blog-8049814.post-9076655244311905771Wed, 05 Oct 2016 22:35:00 +00002016-11-15T15:26:29.631-05:00Androidusable privacy and securityI was just asked to write up some tips for managing privacy on smartphones. I figured this would be generally useful to share with folks on the Internet. 1. Many Android phones track a person's location history. You can check if Google has your location history by logging into your Google account and going to:    https://www.google.com/maps/timeline If you want to turn this feature http://confabulator.blogspot.com/2016/10/android-smartphone-settings-for-privacy.htmlnoreply@blogger.com (Jason Hong)0tag:blogger.com,1999:blog-8049814.post-3022975170100124385Thu, 28 Jul 2016 16:45:00 +00002016-11-15T15:27:17.959-05:00Internet of Thingsubicomp I wrote up a white paper about the cybersecurity issues that we will face as the Internet of Things becomes more common. I discuss issues like physical security, scale, lack of experience by manufacturers, and lack of tools and best practices. One idea I also advance is this pyramid of IoT Devices. At the top tier we will all have a few devices that have a lot of computational horsepower, suchhttp://confabulator.blogspot.com/2016/07/toward-safe-and-secure-internet-of.htmlnoreply@blogger.com (Jason Hong)0tag:blogger.com,1999:blog-8049814.post-7164334727526257822Wed, 13 Jul 2016 16:17:00 +00002016-07-13T12:17:40.003-04:00I got a fraud alert on my phone this morning from SMS short code 28107. Is this legitimate? The short story, from what I can tell, is yes. The alert I got was: FREE MSG: Chase Fraud-Did you use card ending xxxx for $xx.xx at INGLES MARKETS on 07/13? If YES reply 1, NO reply 2 In cybersecurity, getting these kinds of alerts is a pretty common kind of scam. Attackers will send out lots of these http://confabulator.blogspot.com/2016/07/chase-fraud-alert-from-sms-28107.htmlnoreply@blogger.com (Jason Hong)30tag:blogger.com,1999:blog-8049814.post-1548513544979977151Wed, 16 Mar 2016 22:57:00 +00002016-03-16T18:57:46.462-04:00 Here are my comments on New America responding to the question of whether companies should be allowed to hack back against thieves. Companies should absolutely not hack back against cyber thieves. One major concern is attribution, namely knowing that you have identified the right parties. Intruders typically use other people’s computers and servers, so odds are high that a company would simply http://confabulator.blogspot.com/2016/03/should-companies-be-allowed-to-hack.htmlnoreply@blogger.com (Jason Hong)0tag:blogger.com,1999:blog-8049814.post-2279255274785870195Wed, 16 Mar 2016 22:54:00 +00002016-03-16T18:54:22.721-04:00I published an article on Slate about human aspects of cybersecurity. A great deal of metadata and surrounding context can still be inferred from unclassified emails. These inferences might include the social connections between people, the names of projects a person is working on, how emails are formatted, and what jargon a person uses. On the surface, this kind of information might seem http://confabulator.blogspot.com/2016/03/my-article-in-slate-on-human-weaknesses.htmlnoreply@blogger.com (Jason Hong)0tag:blogger.com,1999:blog-8049814.post-2182615302281994400Sun, 29 Nov 2015 22:53:00 +00002015-11-29T17:53:35.323-05:00Here is a YouTube video of my talk at the World Economic Forum on Smartphones, Personal Data, and Healthcare. http://confabulator.blogspot.com/2015/11/world-economic-forum-ideaslab-talk-on.htmlnoreply@blogger.com (Jason Hong)0tag:blogger.com,1999:blog-8049814.post-7219690286420347748Sun, 29 Nov 2015 22:50:00 +00002015-11-29T17:50:28.872-05:00I recently wrote up an article on Quartz looking at why public officials are using personal email accounts for business, looking at it from a usability and security perspective. Why are so many politicians turning to personal email in the first place?This trend may justifiably raise concerns about transparency and legality. But why are so many politicians turning to personal email in the first http://confabulator.blogspot.com/2015/11/article-in-quartz-magazine-about.htmlnoreply@blogger.com (Jason Hong)0tag:blogger.com,1999:blog-8049814.post-1355293089976548278Fri, 31 Jul 2015 15:36:00 +00002015-07-31T11:36:36.050-04:00One thing we do in our Master's of Human-Computer Interaction program is to have our students participate in workshops about conflict management. Conflict is inevitable, but how you deal with it is not. This year, we also sent our students some web resources about negotiation strategies. These are, for the most part, very positive ways of looking at negotiation, rather than making it something http://confabulator.blogspot.com/2015/07/conflict-management-and-negotiation.htmlnoreply@blogger.com (Jason Hong)0tag:blogger.com,1999:blog-8049814.post-5421528137754127299Thu, 02 Jul 2015 17:49:00 +00002015-07-02T13:49:20.036-04:00I wrote up an article for my old high school's alumni magazine, about my work and advice for the students. Here's the article below. ------------- In the near future, our smart homes, smart cars, and smartphones will essentially know everything about us. In many ways, this will be a good thing, as these devices can help us in terms of healthcare, sustainability, safety, and more. At the same http://confabulator.blogspot.com/2015/07/computer-science-internet-of-things.htmlnoreply@blogger.com (Jason Hong)3tag:blogger.com,1999:blog-8049814.post-8437971785587485233Tue, 03 Mar 2015 02:15:00 +00002015-03-02T21:15:16.250-05:00I've been collecting all phishing emails that have come into my inbox since 2010. I thought it would be fun to create some simple visualizations, to look for interesting patterns. Below is a wordle of 95 different Nigerian email scams. These are the scams where the sender of the email has a business proposition for you, with millions of dollars in a bank or secret fund, and they need your help http://confabulator.blogspot.com/2015/03/visualizations-of-phishing-emails.htmlnoreply@blogger.com (Jason Hong)0tag:blogger.com,1999:blog-8049814.post-8045224847394402642Sun, 22 Feb 2015 01:48:00 +00002015-02-21T20:50:11.651-05:00Marco Gruteser and I recently finished co-chairing the Mobisys 2015 technical program committee. Some of the TPC members said that it was the best run, least stressful program committee that they had been on, and were amazed that we were able to discuss over 60 papers. I thought it would be good to share what tools and processes we used to keep things running smoothly, to help other programhttp://confabulator.blogspot.com/2015/02/notes-on-running-mobisys-2015-program.htmlnoreply@blogger.com (Jason Hong)0tag:blogger.com,1999:blog-8049814.post-1004538192593145688Sat, 29 Nov 2014 20:20:00 +00002014-11-29T15:20:28.684-05:00PrivacyGrade.org is our web site that presents our privacy analysis of a million Android smartphone apps. It's a deeper and broader analysis of apps beyond the previous blog posts on this site.http://confabulator.blogspot.com/2014/11/privacygrade-is-out.htmlnoreply@blogger.com (Jason Hong)0tag:blogger.com,1999:blog-8049814.post-706846829207817138Fri, 30 Nov 2012 05:52:00 +00002013-01-10T10:04:38.028-05:00 Our team has been analyzing Android apps for unusual behaviors, using crowdsourcing techniques to find differences between what people expect an app to do and what an app does in reality. Here are the top 10 most unexpected permissions, based on our crowdsourcing approach to analyze the behavior of Android apps. Each circle represents the level of surprise people had for each permission (N=20http://confabulator.blogspot.com/2012/11/analysis-of-top-10-most-unexpected.htmlnoreply@blogger.com (Jason Hong)0tag:blogger.com,1999:blog-8049814.post-5445957264846581071Fri, 30 Nov 2012 05:21:00 +00002012-11-30T00:57:25.651-05:00 Brightest Flashlight Free GoldenShores Technologies, LLC Category: Tools Price: Free Description Brightest Flashlight Free - Turns on all available lights. Brightest Flashlight App – Free of Charge * Turns on all available lights on the device * Camera Flash LED at Maximum * Screen at Bright Maximum * Keyboard Backlight at Maximum * Soft Keys Backlight at Maximum http://confabulator.blogspot.com/2012/11/analysis-of-brightest-flashlight-free.htmlnoreply@blogger.com (Jason Hong)1