SoK: A Framework for Unifying At-Risk User Research

TL;DR

This paper presents a comprehensive framework for understanding at-risk users in digital security, based on a meta-analysis of 85 studies, identifying key risk factors and protective practices to guide future research and technology design.

Contribution

It introduces a unifying framework that categorizes risk factors and user practices across diverse at-risk populations, aiding targeted research and improved security solutions.

Findings

Identified 10 key contextual risk factors affecting at-risk users.

Documented various technical and non-technical protective practices.

Highlighted barriers to protective action among at-risk populations.

Abstract

At-risk users are people who experience elevated digital security, privacy, and safety threats because of what they do, who they are, where they are, or who they are with. In this systematization work, we present a framework for reasoning about at-risk users based on a wide-ranging meta-analysis of 85 papers. Across the varied populations that we examined (e.g., children, activists, women in developing regions), we identified 10 unifying contextual risk factors--such as oppression or stigmatization and access to a sensitive resource--which augment or amplify digital-safety threats and their resulting harms. We also identified technical and non-technical practices that at-risk users adopt to attempt to protect themselves from digital-safety threats. We use this framework to discuss barriers that limit at-risk users' ability or willingness to take protective actions. We believe that the security, privacy, and human-computer interaction research and practitioner communities can use our framework to identify and shape research investments to benefit at-risk users, and to guide technology design to better support at-risk users.