skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


Search for: All records

Creators/Authors contains: "Ristenpart, Thomas"

Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

  1. Free, publicly-accessible full text available May 20, 2025
  2. Free, publicly-accessible full text available May 20, 2025
  3. The mass collection and reuse of social data requires a reimagining of privacy and consent, with particular attention to the (in)equitable distribution of benefits and burdens between researchers and subjects. Instrumenting frontline clinical services to collect and steward data might mitigate the exploitation inherent to data collection---with attention to how subjects can meaningfully participate in stewardship. We explore participatory data stewardship in the context of clinical computer security for survivors of intimate partner violence (IPV). Via semi-structured interviews with IPV support workers, we explore how data are produced within the IPV care ecosystem at the Clinic to End Tech Abuse (CETA). We then conduct design provocations with clients of IPV services and their support workers, exploring possibilities for participatory data mechanisms like open records and dynamic consent. We find participation in data stewardship may benefit clients through improved agency, self-reflection, and control of self-narrative, and that incurred burdens may be alleviated by enlisting trusted stewards. We close with future work for CSCW interrogating how knowledge of digital-safety harms can and should be produced from clinical encounters, towards more equitable ways of knowing. 
    more » « less
  4. The increasing harms caused by hate, harassment, and other forms of abuse online have motivated major platforms to explore hierarchical governance. The idea is to allow communities to have designated members take on moderation and leadership duties; meanwhile, members can still escalate issues to the platform. But these promising approaches have only been explored in plaintext settings where community content is public to the platform. It is unclear how one can realize hierarchical governance in the huge and increasing number of online communities that utilize end-to-end encrypted (E2EE) messaging for privacy. We propose the design of private, hierarchical governance systems. These should enable similar levels of community governance as in plaintext settings, while maintaining cryptographic privacy of content and governance actions not reported to the platform. We design the first such system, taking a layered approach that adds governance logic on top of an encrypted messaging protocol; we show how an extension to the message layer security (MLS) protocol suffices for achieving a rich set of governance policies. Our approach allows developers to rapidly prototype new governance features, taking inspiration from a plaintext system called PolicyKit. We report on an initial prototype encrypted messaging system called MlsGov that supports content-based community and platform moderation, elections of community moderators, votes to remove abusive users, and more. 
    more » « less
    Free, publicly-accessible full text available May 10, 2025
  5. Free, publicly-accessible full text available May 19, 2025
  6. Remote password guessing attacks remain one of the largest sources of account compromise. Understanding and characterizing attacker strategies is critical to improving security but doing so has been challenging thus far due to the sensitivity of login services and the lack of ground truth labels for benign and malicious login requests. We perform an in-depth measurement study of guessing attacks targeting two large universities. Using a rich dataset of more than 34 million login requests to the two universities as well as thousands of compromise reports, we were able to develop a new analysis pipeline to identify 29 attack clusters—many of which involved compromises not previously known to security engineers. Our analysis provides the richest investigation to date of password guessing attacks as seen from login services. We believe our tooling will be useful in future efforts to develop real-time detection of attack campaigns, and our characterization of attack campaigns can help more broadly guide mitigation design. 
    more » « less