skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


  • Home
  • Search Results
  • Page 1 of 1

Search for: All records

Creators/Authors contains: "Gilsenan, Conor"

Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

  1. ; ; ; (, ACM Transactions on Computer-Human Interaction)
    Internet users often neglect important security actions (e.g., installing security updates or changing passwords) because they interrupt users’ main task at inopportune times. Commitment devices, such as reminders and promises, have been found to be effective at reducing procrastination in other domains. In a series of online experiments (n > 3,000), we explored the effects of reminders and promises on users’ willingness to change a compromised password. We find that adding an option to delay the task increases the share of people willing to eventually change their password considerably. Critically, the option to delay yields this overall increase without reducing the share of people choosing to change their password immediately. Additionally, most participants who promised to change their password later, or asked to be reminded to do so, indeed followed through on their commitment, leading to a net positive effect. Reminding participants of their previous commitment further increased this effect. 
    more » « less
    Free, publicly-accessible full text available August 16, 2025
  2. ; ; ; ; ; ; ; (, Proceedings on Privacy Enhancing Technologies)
    Like most modern software, secure messaging apps rely on third-party components to implement important app functionality. Although this practice reduces engineering costs, it also introduces the risk of inadvertent privacy breaches due to misconfiguration errors or incomplete documentation. Our research investigated secure messaging apps' usage of Google's Firebase Cloud Messaging (FCM) service to send push notifications to Android devices. We analyzed 21 popular secure messaging apps from the Google Play Store to determine what personal information these apps leak in the payload of push notifications sent via FCM. Of these apps, 11 leaked metadata, including user identifiers (10 apps), sender or recipient names (7 apps), and phone numbers (2 apps), while 4 apps leaked the actual message content. Furthermore, none of the data we observed being leaked to FCM was specifically disclosed in those apps' privacy disclosures. We also found several apps employing strategies to mitigate this privacy leakage to FCM, with varying levels of success. Of the strategies we identified, none appeared to be common, shared, or well-supported. We argue that this is fundamentally an economics problem: incentives need to be correctly aligned to motivate platforms and SDK providers to make their systems secure and private by default. 
    more » « less
    Free, publicly-accessible full text available October 1, 2025