SoK: Evaluating Privacy and Security Concerns of Using Web Services for the Disabled Population
Alisa Zezulak, Faiza Tazi, Sanchari Das

TL;DR
This paper systematically reviews existing research on the privacy and security concerns of web services for the disabled, highlighting accessibility challenges and proposing inclusive solutions to improve usability and security.
Contribution
It provides a comprehensive analysis of 63 studies on disabled users' online privacy and security, identifying gaps and suggesting inclusive design practices.
Findings
Disabled users face unique authentication challenges
Security tools like CAPTCHAs need accessibility improvements
Universal inclusive privacy protocols are under-implemented
Abstract
The online privacy and security of the disabled community is a complex field that has implications for every user who navigates web services. While many disciplines have separately researched the disabled population and their online privacy and security concerns, the overlap between the two is very high but under-researched. Moreover, a complex relationship exists between the disabled population and web services where the interaction depends on several web service developmental factors, including usability and accessibility. To this aid, we explored this intersection of privacy and security of web services as perceived by the disabled community through previous studies by conducting a detailed systematic literature review and analysis of 63 articles. Our findings encompassed several topics, including how the disabled population navigates around authentication interfaces, online privacy…
| Themes | Number of Papers |
|---|---|
| Authentication Interface Issues | (6.35%) [17, 37, 38, 13] |
| Privacy Concerns as Reasons for Non-Use | (42.86%) [56, 57, 58, 59, 60, 61, 16, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 39, 80] |
| Critical Data Access | (11.11%) [81, 82, 83, 84, 85, 86, 87] |
| Online Vulnerability | (22.22%) [88, 89, 90, 91, 92, 93, 8, 29, 94, 95, 96, 97, 98, 99] |
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsPrivacy, Security, and Data Protection · Technology Use by Older Adults · Mobile Health and mHealth Applications
SoK: Evaluating Privacy and Security Concerns of Using Web Services for the Disabled Population
Alisa Zezulak, Faiza Tazi, and Sanchari Das
InSpirit Lab, University of Denver, Colorado; Emails: {Alisa.Zezulak, Faiza.Tazi, Sanchari.Das}@du.edu
Abstract
The online privacy and security of the disabled community is a complex field that has implications for every user who navigates web services. While many disciplines have separately researched the disabled population and their online privacy and security concerns, the overlap between the two is very high but under-researched. Moreover, a complex relationship exists between the disabled population and web services where the interaction depends on several web service developmental factors, including usability and accessibility. To this aid, we explored this intersection of privacy and security of web services as perceived by the disabled community through previous studies by conducting a detailed systematic literature review and analysis of articles. Our findings encompassed several topics, including how the disabled population navigates around authentication interfaces, online privacy concerns, universal design practices, and how security methods such as CAPTCHAs can be improved to become more accessible and usable for people of all needs and abilities. We further discuss the gap in the current research, including solutions such as the universal implementation of inclusive privacy and security tools and protocols.
Index Terms:
Disabled Population, Privacy and Security, Web Services, Literature Review.
I Introduction
The Covid-19 pandemic has necessitated people worldwide to adapt to new ways of doing things [1]. With billions of people forced to conduct their daily activities online, including attending school, working from home, grocery shopping, banking, and other critical tasks [2, 3, 4, 5, 6, 7], the move to a fully digital world has been an inconvenience for some. Unfortunately, this drastic shift to online services has left many behind, particularly those who rely on usable, accessible, and inclusive services [8, 9, 10, 11, 12]. While the vulnerabilities of the disabled population have always existed, this sudden move to digital services has exacerbated existing problems [8, 13], including privacy and security since vulnerable populations cannot use privacy and security tools and protocols successfully due to the disparities in usability and accessibility levels. Furthermore, these tools often fail to meet the specific requirements of the disabled population, even in fundamental areas such as authentication techniques [14, 15, 11].
Along with the usability and accessibility concerns, there are many data security and privacy concerns present, such as critical data access, smart home technology data usage, and inadequate authentication protocols. Additionally, the disabled population uses medical technology more than their non-disabled counterparts, but many of these tools and protocols are not accessible to users with different needs and abilities [16]. This makes accessing personal health records, and user accounts difficult for many users. Furthermore, the disabled population faces many difficulties online relating to authentication methods such as CAPTCHAs [17, 18]. Most CAPTCHAs require a user to enter an alphanumeric code, which can be difficult or impossible for visually impaired users. This raises questions about if privacy and security tools are designed with different user populations in mind.
To provide a comprehensive understanding of the research undertaken in this area, we conducted a systematic literature review of research articles on the privacy and security of web services and the disabled populations. We screened these articles by title, abstract, and full text, selecting papers that focused on the privacy and security of web services as they relate to the disabled population. We then conducted a detailed thematic analysis of these papers, uncovering valuable solutions to address some privacy and security concerns of the disabled population. However, our analysis also revealed significant gaps in the research, highlighting the need for future work in this area. As far as we know, this is the first Systematization of Knowledge (SoK) paper to focus on the privacy and security challenges faced by the disabled community while accessing web services.
II Related Work
While still a relatively new and developing field, a growing collection of literature focuses on the privacy and security of people with disabilities using web services.
II-A Differing Tool Usage Perceptions: Web Services
Both on and offline, the general population and disabled population have vastly different needs and abilities. As technology advances, many adults increasingly use online services such as banking, social media, email, and healthcare [19, 20, 21, 22, 23, 24, 25]. As a result of this increase in technology use, many of these users have privacy and security concerns related to web services and how their data is being used [26, 27, 28]. While these web services can benefit users greatly, researchers such as Mentis et al. have found that they also create various privacy and security risks for vulnerable populations. In addition, many adults who use these services have mild cognitive impairment and other disabilities that make it difficult to understand the implications of sharing personal information online, the importance of password management, and recognizing scams [29, 30, 31, 32, 33, 34]. While these web services should make technology more accessible to all users, our SOK demonstrates that we need to perform an in-depth study to understand the needs of understudied populations.
II-B Privacy and Security Concerns
When trying to understand more about how tool usage differs amongst these populations, the topic of authentication and CAPTCHA completion was at the forefront of six [17, 35, 36, 37, 38, 39] research papers. Authentication protocols are a hallmark of online privacy and security [40, 41, 42, 43], necessary for all users to complete to gain access to their accounts or personal information. However, some authentication methods, such as CAPTCHAs, can be difficult or impossible for disabled users to complete since they rely heavily on visual outputs [44, 45, 46, 47]. Therefore, Fuglerud et al. proposed a talking mobile one-time-password client that would provide users with both auditory and visual outputs [36]. This tool creates an environment where various types of users can complete authentication mechanisms without being overlooked based on their needs or abilities. However, our research reveals a scarcity of authentication tools and designs tailored to address the requirements of disabled populations.
III Methods
Through this study, we aim to answer the following research questions (RQs):
- •
RQ1: What are the privacy and security concerns related to the disabled community when interacting with web services?
- •
RQ2: How can CAPTCHAs/authentication be improved to protect the privacy and security of people with disabilities for online communication?
- •
RQ3: How can universal design, design for privacy, and inclusive privacy and security be implemented in different web services?
To answer these questions, our literature review included several steps: (i) database search, (ii) title screening, (iii) duplicate removal, (iv) abstract screening,(v) full-text screening, and (vi)thematic analysis. Papers were included if they meet the following criteria: (1) Published in a peer-reviewed publication, (2) Published in English, (3) Technology discussed focuses on privacy and/or security of web services, (4) Target population includes a significant portion of individuals with disabilities. The exclusion criteria includes: (1) The technology discussed in the research work was not used primarily by people with disabilities, (2) The papers did not include a direct discussion of the privacy and security of users with disabilities for web services, (3) The paper was an abstract, poster, work-in-progress, or otherwise not a full paper, (4) The full-text of the papers were not available even after searching through multiple databases or after contacting the authors. Our methodology was adapted from prior works by Stowell et al. [48], Das et al. [49], Tazi et al. [50, 51], Noah and Das [52], and Shrestha et al. [53, 54].
III-A Database Search and Title Screening
We conducted our search by exploring five digital databases, namely:IEEE Xplore 111https://ieeexplore.ieee.org/Xplore, SSRN 222https://www.ssrn.com, Google Scholar 333https://scholar.google.com/, Science Direct 444https://www.sciencedirect.com/, and ACM Digital Library 555https://dl.acm.org/. The data collection spanned from May to July 2021 and included any paper published before July 2021.
We collected papers from IEEE Xplore, papers from SSRN, papers from Google Scholar, papers from Science Direct, and papers from ACM Digital Library. The keyword search for IEEE Xplore, SSRN, and Science Direct was ”disability + privacy + security,” and the ”research articles” filter was applied. For ACM Digital Library, the keyword search used was ”disability” AND ”privacy,” AND ”security” with the ”full text” filter applied. We used the Publish or Perish [55] software to review Google Scholar articles. The keyword search used in Publish or Perish was ”privacy and security” + ”disabled people.” This search was limited to results by the software. We reviewed a total of article titles from all five databases. A paper was at this point deemed pertinent if the title discussed web services for people with disabilities, including those with specific impairments like visual, hearing, or motor impairments. Additionally, the title was required to describe a study investigating privacy and security concerns of using web services for the disabled population or the usage of web services in general about privacy or security. A paper was also only considered if it met the inclusion requirements. After duplicate removal, our corpus consisted of articles.
III-B *Abstract and Full Text Screening *
We manually reviewed the abstracts of all papers in the research collection for relevance to our RQs.
We removed papers during abstract screening, leaving papers for full-text screening. On these papers, we conducted a full-text screening where we reviewed the methods, findings, analysis, and discussions.
After the full-text screening, relevant papers remained for the detailed thematic analysis.
III-C Data Extraction and Thematic Analysis
For all papers remaining in our corpus, we extracted quantitative and qualitative findings to assess the web services’ privacy and security perspectives on the disabled population-focused research conducted by prior studies. The extracted data included population samples, user experience, study design characteristics, and type of technology used (web services for our research). The results, discussion, and conclusion data from each paper were analyzed and coded according to themes identified by the first and third authors. The inter-coder reliability score for the coding was . In places where the two authors could not agree, the second author decided. A random sample of papers was taken where the abstracts, methods, results, and discussions were reviewed. This resulted in themes such as:
- •
Type of disability: visual impairments, Down Syndrome, cognitive disabilities
- •
Type of participant: some studies include both disabled and non-disabled people, while other studies include only disabled people
- •
Difficulty using authentication interfaces
- •
CAPTCHA completion can be hard or impossible for those who are blind, have low vision, or have a learning disability (dyslexia, ADHD.)
The remaining papers were then evaluated by going through each and generating a complete codebook. This process yielded a codebook that consists of overarching codes, which were themed into seven overarching themes including,“ Authentication Interface Issues ”, “ Privacy Concerns as Reasons for Non-Use ”,“ Critical Data Access ”,“ Online Vulnerability ”,“ Solutions to authentica ”,“ Universal Design ”and“ Usability of Security Tools and Protocols ”.
IV Findings and Discussions
In this section, we report on our findings while addressing the RQs mentioned in the previous section.
IV-A RQ1: Privacy and Security Concerns of Disabled People for Web Services
Our first research question addresses the privacy and security concerns of people with disabilities when interacting with web services. We addressed this RQ by analyzing the different papers within the themes related to this specific research question which are four, namely:“ Authentication Interface Issues ”, “ Privacy Concerns as Reasons for Non-Use ”,“ Critical Data Access ”,“ Online Vulnerability ”. Table I provides the snapshot of the distribution of the papers which cater to RQ1. In the following subsections, we will provide more details about these themes.
IV-A1 Authentication Interface Issues
Authentication is a basis of security standards and protocols for web services. While CAPTCHA completion and authentication steps are often easy for non-disabled users, the disabled population faces countless difficulties accessing their online services. While analyzing papers on security concerns for people with disabilities, we found that issues with authentication interfaces were a common theme discussed. We found underlying sub-themes, such as difficulty using authentication due to technical hindrances and how each disability can affect a user’s capability to complete authentication mechanisms. Four papers from the in our corpus [17, 37, 38, 13] relating to this category. One such paper discusses the success of CAPTCHA completion depending on the disabilities; for most non-disabled users, CAPTCHA completion and other forms of authentication are an almost unnoticeable part of using web services.
However, users with any level of disability or impairment can find these same tasks to be difficult or impossible, as Helkala explains [17]. Through their work, Helkala explores how users with vastly different disabilities like Parkinson’s disease, dyslexia, vision impairment, and upper extremity disabilities all experience different issues with CAPTCHA completion based on their abilities. In addition, this research raises important questions about how current authentication methods, such as static PIN codes, textual passwords, and one-time codes, can be altered better to fit different populations’ needs and abilities. Another equally important code within this theme is the difficulty of using authentication due to technical hindrances; these difficulties discussed were at the conceptual and adoption levels. This was detailed by Bayor et al. in their research analyzing interest in using social media amongst users with intellectual disabilities. Their findings suggest that a lack of accessible authentication methods for disabled users often hinders this interest. The authors also note that voice search, auto-login, and password retrieval protocols could be already-existing solutions for this user population [13]
IV-A2 Privacy Concerns as Reasons for Non-Use
In reviewing research papers on the privacy and security concerns of the disabled population when using web services, we found that an overwhelming majority of users cited privacy concerns as reasons for non-use. Every user wants their account and data to be protected from social media sites to healthcare technology. Some of the most prevalent sub-themes related to non-use were found in connection to medical technology in smart homes and concerns about health information technology used frequently by people with disabilities. If a user feels that their health information needs to be adequately protected, it was found that they often choose not to use the service at all. There are papers related to this theme, as detailed in table I. One such paper analyzes the privacy and security concerns of disabled people regarding medical technology used in smart homes.
Ziefle et al. researched the attitudes of disabled users towards a video-based monitoring system in the smart home environments of elderly or disabled people. They found that users would only feel comfortable with this system in their homes if strict privacy protocols were followed, including anonymity in transferring medical data, password protection, discretion, and avoidance of stigmatization [64]. Furthermore, many health information technologies are becoming popular amongst users, especially smartphone apps and websites that access medical data. Onyeaka et al. discuss how it may be difficult for some user populations, such as those with disabilities or mental health conditions, to use these smartphone apps and websites. The researchers found that many users with disabilities would withhold crucial medical information from their healthcare providers because of privacy and security concerns about how their data was being used by the healthcare apps and websites [88]. Concerns exist that these privacy and security issues could lead to further stigmatization and non-use by the disabled population.
IV-A3 Critical Data Access
We classified papers within “ Critical Data Access” if they discuss data sharing, specifically medical data, and the privacy and security concerns of disabled people over their critical data. Through these papers, we determine that users have privacy and security concerns related to sharing personal health records with caretakers, healthcare providers, insurance companies, researchers, and governments. In particular, many people with disabilities feel there are privacy trade-offs in emergency situations when they do not have control over who has access to their personal medical data. Seven papers from our corpus were included in this theme [81, 82, 83, 84, 85, 86, 87]. One of these papers; Beach et al. discuss how technology aimed at enhancing independent living for people with disabilities is a growing field. However, there are still a lot of privacy and security concerns to consider. This is particularly relevant because the researchers found that users with disabilities are significantly more accepting of the sharing and recording personal medical information than non-disabled people [82]. This raises concerns about how disabled people are more at risk of privacy and security failures than their non-disabled counterparts. On the other hand, Solanas et al. propose m-Carer, a smart mobile device that monitors patients’ movements. The researchers hope to provide a way to track and find disabled users who become lost, disoriented, or need emergency medical attention [81]. Although this new technology could help users in emergencies, it raises concerns about patient privacy invasions and how the tracking data is stored and transmitted.
IV-A4 Online Vulnerability
we classified papers that examine online vulnerabilities, particularly those that affect individuals with disabilities, as “ Online Vulnerability”. More than of the papers in our corpus fall under this theme, making it a prevalent one. [88, 89, 90, 91, 92, 93, 8, 29, 94, 95, 96, 97, 98, 99]. Many disabled users are unaware of the ever-changing nature of online privacy and security issues, and must rely on the assistance of a caregiver or family member to safeguard themselves. This raises concerns about the trade-offs between autonomy and privacy when disabled people use digital services. According to Chalghoumi et al., many disabled users are unaware of technology and web services’ privacy and security concerns. The researchers found that the opinions of caregivers and family members of the disabled participant were significantly influential on the user’s behavior toward online privacy [99]. This raises questions regarding how much of a disabled user’s web services experience can be autonomous if caretakers substantially impact them.
IV-B RQ2: Improving CAPTCHA/authentication
The second RQ focuses on how CAPTCHAs/authentication can be improved to protect the privacy and security of people with disabilities when using web services. Some disabled users can find authentication completion impossible and are consequently unable to access their accounts. Six papers [35, 100, 101] from our corpus focus on solutions to improving authentication and CAPTCHAs. Table II provides the snapshot of the distribution of these papers.
Some papers relating to this theme provided the solution to authentication problems; one such solution is using passtones instead of passwords, as researched by Brown and Doswell. Rather than remembering alphanumeric sequences, Brown and Doswell propose a password alternative where users would remember a sequence of sounds [100]. The researchers explain how this tool has already been implemented using photos, but using auditory passwords would improve the experience of users with visual disabilities. While explicitly a solution for visually impaired users, this solution could be widely implemented and used by people of all different needs and abilities. Similarly, accessible password managers are another solution to issues with authentication that many users face. Barbosa et al. describe their implementation of UniPass, an accessible password manager for visually impaired users on a smart device. This tool includes features such as reading prompts and messages aloud, buttons and other graphical elements are avoided, and the device vibrates to signify the need for user input [101]. The researchers found that password managers are a promising solution for the difficulties visually impaired users face with authentication mechanisms. A different way to enhance the authentication experience of disabled users when interacting with web services is Spoken CAPTCHA. Shirali-Shahreza et al. discuss how most CAPTCHA methods currently only use visual patterns, making it impossible for blind users to complete them. The researchers propose a new CAPTCHA method, Spoken CAPTCHA, where users would hear a short sound clip asking them to say a word. The user will then respond in a speech file that can be checked not to be computer generated [35]. This solution focuses on the visually impaired population and provides a way to improve authentication methods for all types of users.
IV-C RQ3: Universal Design, Design for Privacy, and Inclusive Privacy and Security in Web Services
The third RQ focuses on how universal design, design for privacy, and inclusive privacy and security can be implemented in different web services. These inclusive concepts provide design tools and protocols to make web services more accessible for various user populations, regardless of needs and abilities. We have gleaned two themes pertaining to this research question,“ Universal Design ”and“ Usability of Security Tools and Protocols ”. Table III provides the snapshot of the distribution of the papers which caters to the RQ3.
IV-C1 Universal Design
The Universal Design concept describes how the design of all products and environments should be usable by all people without the need for adaptation or specialized design. Inclusive privacy and security and privacy by design are closely related to the overarching theme of universal design. Six papers [102, 103, 104, 105, 106, 107] were included in this theme. These papers discuss the current privacy and security protocols that are most widely used and why they do not consider the needs and abilities of under-served populations such as children, older adults, people with disabilities, and people from non-Western populations. Wang et al. discuss the implementation of inclusive privacy and security tools, and protocols would prioritize the design of mechanisms that are inclusive to people with various characteristics, abilities, needs, and values [103]. Similarly, we considered papers on privacy by design and how designers and technologies must put inclusive privacy and security tools/protocols at the forefront of their design. One of the most practical ways these designers can implement privacy by design is to increase digital citizen awareness surrounding consent for data processing and usage. O’Connor et al. discuss how users must have the information they need to make informed decisions about how their data is being used [105].
IV-C2 Usability of Security Tools and Protocols
The usability and accessibility of security tools and protocols are essential to the overarching theme of universal design. While the previous theme describes the theory of universal design, this theme explores implementations of the theory. The two papers related to this theme [36, 108] present inclusive password management and two-factor authentication solutions for various user populations across two related papers. Password protection is a hallmark of online security tools and protocols. However, complicated authentication procedures to access web services can be cumbersome, especially for people with disabilities or the elderly. According to Fuglerud et al., a secure and accessible multi-modal authentication method using a one-time password client could solve this problem. Users with impairments affecting their ability to complete authentication steps now have access to auditory and visual outputs from the password client [36]. This allows all users equal access to password management tools and protocols. The second paper by Han et al. describes how current 2FA solutions all require some form of user effort, with can negatively impact the experience of disabled users or the elderly. Therefore, the researchers propose a new type of mobile 2FA, Proximity-Proof, that does not require user interactions and defends against the powerful man-in-the-middle attack [108]. According to the authors, Proximity-Proof is as secure as other 2FA methods and provides innovative ways for 2FA techniques to become more usable and accessible for all users.
V Future Work and Limitation
In this paper, we conducted a systematic analysis to evaluate the research articles and peer-reviewed papers published in the field of security and privacy of web services for the disabled population. We collected papers from five digital databases and limited the papers to ones available in English. As such we might have missed papers not available in these databases. However, our extensive literature review provides a detailed overview of the current research on security and privacy of web services for the disabled population. And while this gives a broad understanding of the current research and methods used, there is limited in-depth research on individual user groups within the disabled population. For example, five of the six papers relating to solutions for authentication issues were only solutions for visually impaired users. Future analyses of privacy and security concerns of the disabled population can provide valuable research into more specific subsections of the population, such as those with cognitive disabilities, mental illnesses, and different types of physical impairments.
VI Conclusion
For many disabled users, information technology and web services can be a way to enhance their autonomy and discover new interests or communities. However, disability can make the internet a challenging place, seeing as many disabled people have trouble writing, reading, and comprehending text information, making it hard for them to understand and use basic security and privacy measures such as passwords and passwords CAPTCHAs. To that regard, we conducted a systematic literature review on papers focused on the privacy and security of web services for the disabled population. Our findings reveal valuable solutions to privacy and security concerns of the disabled population, focused on universal design and inclusive privacy and security methods. Universal design, in particular, provides a way to create inclusive, accessible, and usable tools and protocols to protect the privacy and security of both the disabled and general populations online. These solutions would address issues such as authentication improvement, critical data access, online vulnerability, and usability of tools and protocols. However, our findings reveal gaps in the current research, such as a lack of implementation of these universal design methods and how solutions must focus on more subsections of the disabled population.
VII Acknowledgement
We would like to thank the Inclusive Security and Privacy focused Innovative Research in Information Technology (InSPIRIT) Laboratory at the University of Denver. This research has been funded by the Faculty Research Fund (FRF) at the University of Denver. Any opinions, findings, conclusions, or recommendations expressed in this material are solely those of the authors and not of the organization or the funding agency.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[1] E. Beaunoyer, S. Dupéré, and M. J. Guitton, “Covid-19 and digital inequalities: Reciprocal impacts and mitigation strategies,” Computers in human behavior , vol. 111, p. 106424, 2020.
- 2[2] J. Daniel, “Education and the covid-19 pandemic,” Prospects , vol. 49, no. 1, pp. 91–96, 2020.
- 3[3] A. Aristovnik, D. Keržič, D. Ravšelj, N. Tomaževič, and L. Umek, “Impacts of the covid-19 pandemic on life of higher education students: A global perspective,” Sustainability , vol. 12, no. 20, p. 8438, 2020.
- 4[4] F. Tazi, S. Shrestha, D. Norton, K. Walsh, and S. Das, “Parents, educators, & caregivers cybersecurity & privacy concerns for remote learning during covid-19,” in Chi greece 2021: 1st international conference of the acm greek sigchi chapter , 2021, pp. 1–5.
- 5[5] V. Reddington, K. Haring, S. Das, and D. Pittman, “Development and evaluation of virtual reality classrooms through user-centered design during covid-19,” Proceedings of the SSPXR , 2022.
- 6[6] C. Monroe, F. Tazi, and S. Das, “Location data and covid-19 contact tracing: how data privacy regulations and cell service providers work in tandem,” ar Xiv preprint ar Xiv:2103.14155 , 2021.
- 7[7] S. Karmakar and S. Das, “Understanding the rise of twitter-based cyberbullying due to covid-19 through comprehensive statistical evaluation,” in Proceedings of the 54th Hawaii international conference on system sciences , 2021.
- 8[8] M. Scanlan, “Reassessing the disability divide: unequal access as the world is pushed online,” Universal Access in the Information Society , pp. 1–11, 2021.
