Personal Information Age: 28 Location: Minneapolis, Minnesota Profession: Retail Assistant Manager Home Life: Married, Buying a house Hobbies: Being a new aunt, Cooking Personality: Warm, inquisitive, friendly Primary The Struggling Amateur Profile Allison • Makes decisions based on known concerns and second hand knowledge • Feels she is not a target for most crimes, but is unsure of what her concerns are • Likes to censor the information she puts online Allison has recently become an aunt, but unfortunately she lives about 3 hours away from her niece. She’s recently got on to Skype and it’s been nice to see the family every once in a while (when the computer cooperates). Allison wouldn’t really say she’s tech savvy but she has been using a computer since high school, and bought her own when she left for university. She’s has recently spent a lot of her time surfing around on Facebook, but isn’t very active about posting on it. She’s also currently looking for a new job and is a little concerned about putting her phone number and address out there but she knows its necessary. Since Allison is one of the managers at work, when she logs into the computer she has special privileges like being able to change the schedule or make check out overrides possible. She was told to log out every time she walks away from the computer. However they have found it’s really more convenient for everyone if she just says logged in and so far no problems. Allison maintains three somewhat similar passwords that are usually a word or date that is meaningful to her. Most things about security she learned from her friend Henry, who she still relies on for advice even though he lives far away. Recently, Allison was going to buy some custom made clothes for her new niece but wasn’t too sure about the site. She ended up asking Henry about it and he told her that the site looked too sketchy and to look somewhere else. Usually she doesn’t like to online shop just because the shipping costs so much and she would rather just go to a store and pick it up. Overall her main concern is online banking but she has faith in her bank to be secure. • “I think I worry most about my bank account being hacked, but seeing the awards they have won makes me feel better” Internet Usage Motivators and Fears Helping Allison Primary Uses: Facebook, looking for a new job Favorite Sites: Monster.com, Picasa Number of Online Accounts: 12 Online Shopping: Sometimes Hours online per week: 18 hours Work to Home Ratio: All at home Primary Computer: Desktop, XP, Firefox Password Scheme:Three Passwords, may0781 • Allison cares most about... • Being able to use the computer without breaking it • Being able to connect with her friends and family • Allison worries about... • Not really knowing what to worry about • Putting her niece in danger by posting photos of her online • Her online bank account being hacked • There are a number of ways that Allison could improve her security or privacy measures but they have to be easy to implement. • She receives a lot of her security information from her ‘geeky computer friend’ Henry. So helping him will help her.
Personal Information Age: 26 Location: Ottawa, Ontario Profession: Web Designer Home Life: Dating, Recently moved Hobbies: Video Games, Listening to Music Personality: Cynical but friendly and helpful The Lazy Expert Profile Henry • Knows all the rules but prefers convenience over all else • Is responsible for helping others with their computer woes • Is more secure and protective at work than at home Henry can vividly remember his first computer. He was only 13 but was completely addicted to Starcraft for a number of years. By the time he was 18 he attempted to build his own computer to take to university with him, and although it worked it seemed like more trouble than it was worth. From then on he always bought his PC custom made but assembled. While he enjoyed computers Henry found that he didn’t really like programming all day long on pieces of code that people would never ever know about. He turned his attention to design and found it to be really interesting work. Now Henry is a web designer at a large company in Ottawa. He was sad to have to move away from his family but thought the job was too good to give up. His work place is fairly strict on their security rules which Henry is happy to comply with even though he thinks some of them are unnecessary. Some people give him a funny look when he puts his laptop in the trunk instead of the empty seat beside him but he’s okay with that. To Henry’s parents and friends he’s still considered the computer fix-it guy. His mom seems to have a new virus every other week, and it’s always Henry’s job to fix it. Over the years Henry has given out lots of security advice to his friends and family, but some of it he doesn’t follow himself. For instance, he doesn’t even have a virus scanner on his computer. When talking about security Henry may not know everything but he is fairly confident that he is not a target for any attacks. He tries to maintain a professional image on anything that is directly tied to his name, and everything else he’s just a face in the crowd. Personal Information • “I’m sure hackers are still a concern, just more for major corporations and not the average person” Motivators and Fears Helping Henry Internet Usage • Henry cares most about... • Doing only the amount of work necessary to be secure while he’s at home. • Keeping his work information safe and secure • Being able to help his mom over the phone • Henry worries about... • Letting other people use his computer • Maintaining a accurate image of himself online • Suddenly becoming a target for the internet population to attack • It’s important that Henry can easily explain how and why his friends should change their online habits. • Henry is most effective when he can see how a threat will actually impact his life. • Henry should learn to rely less on security through obscurity. Primary Uses: Work, Email, Twitter Favorite Sites: SmashingMag, Something Awful Number of Online Accounts: 35 Online Shopping: Often for deals Hours online per week: 12 hours a day Work to Home Ratio: 9 at work : 3 at home Primary Computer: Desktop, Vista, Firefox Password Scheme: 8 Passwords, fuffy3march
Personal Information Age: 23 Location: London, Ontario Profession: Education Assistant Home Life: Recently engaged, Renting an apartment. Hobbies: Mountain Biking, Swimming Personality: Cheerful and Easy-Going The Obviously Target Profile Mark • Does the minimum amount of work to get around the rules • Rarely worries about security • Occasionally worries about privacy from specific people Mark started using the internet in high school and signed up for his hotmail account when he was 16, even though at the time he wasn’t sure what he might end up using it for. Later when he secretly download MSN messenger on his parents computer he was on it most nights talking to friends. Nowadays he finds he’s too busy for MSN but occasionally likes to keep in touch with his university friends on Facebook and through email. At work, Mark is always so busy she barely has time access to a computer. If he’s able to steal a moment on the school’s computer he’s usually blocked from the sites he likes to visit. What is most frustrating about using the computer at work is having to log into their system--they’ve made the password much more complicated than his regular password and require him to change it too often for, what feels like, no apparent reason. He likes to switch back and forth between two easy passwords that he can remember. At least the system always gives him a few tries if he can’t remember it the first time. Generally when he’s using the computer he doesn’t really think about security or privacy until someone brings it up (and even then it’s a fleeting thought). There was this one, time when he didn’t have his own internet access so he was borrowing wifi from someone in the apartment building. As Mark was closing the browser after he had checked his online banking he thought to himself “Oh... maybe I shouldn’t have done that.” Mark has only being using Facebook for a little while and worries about his ex-girlfriends (and his mom) being able to find him on it. He remembers trying to set his Facebook page to private like 3 years ago but isn’t completely sure that it worked and keeps forgetting to check it again. • “I only changed my password because when I was signing up it wouldn’t let me use my normal one.” Internet Usage Motivators and Fears Helping Mark Primary Uses: Email and Facebook Favorite Sites: bikeforum.net Number of Online Accounts: 6 maybe? Online Shopping: Rarely Hours online per week: 5 - 7 Work to Home Ratio: All at home Primary Computer: Laptop, Windows XP, IE Password Scheme: One Password, 123456a • Mark cares most about ... • Remembering his password. • Being able to access his websites quickly. • Keeping his parents and students at his school out of his Facebook profile. • Mark worries about... • Controlling who sees his online activities • Not much else... • It’s most important to Mark that he isn’t inconvenienced by security measures or is required to learn how computers works to make himself secure. • He could benefit from learning why his old security habits are not effective anymore. • When Mark does change his settings he’s not always sure they are effective or that he did it the right way, he requires more feedback.
The Paranoid Expert Profile Robert When Robert was growing up he was known as the neighborhood computer wiz. He’s never really lived without a computer and spell check easily became his best friend during high school english class. He went to university for software engineering and got some really cool co-op placements around the country. In his last year of university (even though he loved programming), his cyber ethics course really struck a cord with him. Since then he’s added some security blogs and the privacy commissioner’s blog to his RSS feeds. Durning the day Robert works as an application developer at an • Very technically inclined and trained • Actively looking for security tips and tricks • Works hard to obey most rules that don’t contradict each other independent software company in San Francisco. There is only about five developers there so for the most part they are pretty relaxed about everything. In fact, Robert is the only one who consistently locks his computer when he is not sitting at it. Years ago, Robert has noticed people attempting some of the lesser known social engineering scams on him and is very careful with his information now. He tries to be diligent with regards to security and privacy within a reasonable degree (since he still uses Facebook and Google). When signing up for new accounts Robert is very careful what information to give them and adds filters to his email address if he thinks he will get junk mail from the site. For the authenticating questions, Robert will often put in a computer generated password and save the password in keypass with his other passwords. However, Robert also likes to try all the new web 2.0 services and creates new accounts just to try things out. He feels that if it is an account that wouldn’t harm him if it was hacked, it’s okay to use his throwaway password. Personal Information Age: 25 Location: San Francisco, California Profession: Software Engineer Home Life: Single, Subletting a condo Hobbies: Wine enthusiast, PC Gaming Personality: Shy, geeky, easy to talk to (about computers) • “I try not to use any websites that might store my personal information in plaintext.” Internet Usage Motivators and Fears Helping Robert Primary Uses: Work, Email, News Favorite Sites: Google Reader, StackOverflow Number of Online Accounts: 50 ? maybe? Online Shopping: Often Hours online per week: 9 hours a day Work to Home Ratio: 7 at work 2 at home Primary Computer: Desktop, MacOSX and Windows 7, Safari and Chrome Password Scheme: Many Passwords (saved in Keypass), Z\Bt)nBy • Robert cares most about... • Keeping his information safe if he decides to put it online • Networking with other software engineers • Keeping up with the latest technology • Robert worries about... • Having his identity stolen in one way or another • The large companies that make it easy for people to be not secure online. • What Google is doing with his information • Computer surveillance of any kind • It’s important to Robert that he can see the technical details behind the website or system. • Robert has a strong reliance on his password saving system so occasionally it is hard for him to use other computers.
Personal Information Age: 27 Location: Waterloo, Ontario Profession: Mortgage Specialist Home Life: Single, Apartment Hobbies: Yoga and Jogging Personality: Funny and Down to Earth The Aware Technician Profile Patricia • Feels she has it all figured out and worries about other people she knows • Aims to control her information • Knows that if anything goes wrong, at worst, she’ll be reimbursed For years people have described Patricia as down to earth. She spends a lot of time thinking about any project she does even before she starts. She has been using computers since she started high school but really only became a heavy user when she started university. Now that she’s working all day she back to using it only about 3 hours a day. She tends to read about computers and the internet in the news a lot and always picks up on the problems that are reported. She is currently concerned about the people that do data mining like Facebook but in a non-explicit way. To help with this she has her browser delete history and cookies when she closes it. At the bank, Patricia is lucky enough to have her own computer however a lot of the internet is blocked for her. She seems to be pretty busy most days so she doesn’t notice too much. When she does have a minute or on lunch break she uses her blackberry to access Facebook and Twitter. Patricia is pretty sure the bank’s policy is to lock the computer whenever you walk away from it, but she seems to be the only one that does it. Last year, Patricia wrote down her work password for her co-worker to use while she was on vacation, but was quick to change it as soon as she got back to work. On her own time, Patricia loves to shop online and is always amazed at the good deals. She tries to stick to trusted sites like Amazon and Best Buy but has recently fallen in love with sites like esty and threadless. She was a little hesitant at first with these sites but read reviews and knew to look for the padlock before giving her information. Working for the bank she also has some confidence that if her credit card was stolen the bank would be able to reimburse her. Patricia feels like she’s got the security privacy thing figured out and worries about her parents who aren’t as tech savvy. Personal Information • “I’m more worried about what other people are doing to protect themselves.” Internet Usage Motivators and Fears Helping Patricia Primary Uses: Facebook, Product Reviews Favorite Sites: esty.com, Flickr, YogaToday Number of Online Accounts: 25 Online Shopping: Yes from trusted sites Hours online per week: 21 Work to Home Ratio: Mostly at home, some mobile browsing at work Primary Computer: Laptop, MacOSX, Firefox Password Scheme: Five Passwords, B4iley • Patricia cares most about... • Making reasonable decisions for her when it comes to security. • Keeping things simple • Patricia worries about... • All her friends that are putting crazy pictures of themselves online. • The risk of identity theft • It’s important to Patricia that she has an easy way to learn about new security measures. • Patricia is happy to play around with the settings as long as they are clear and understandable. • Patricia needs more feedback to know that her security measures are worth the extra work.