publications_

  1. Consumer-Driven Design and Evaluation of Broadband Labels
    Christopher Choy, Ellie Young, Megan Li, Lorrie Faith Cranor, Jon Peha
    TPRC51: The Research Conference on Communications, Information and Internet Policy (2023)
    open-access PDF at SSRN 10/22 technical report FCC filing #10820081478988

  2. A US-UK Usability Evaluation of Consent Management Platform Cookie Consent Interface Design on Desktop and Mobile
    Elijah Bouma-Sims, Megan Li, Yanzi Lin, Adia Sakura-Lemessy, Alexandra Nisenoff, Ellie Young, Eleanor Birrell, Lorrie Faith Cranor, Hana Habib
    CHI '23: Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems
    open-access PDF on ACM Digital Library

  3. User-friendly yet rarely read: A case study on the redesign of an online HIPAA authorization
    Sarah Pearman, Ellie Young, Lorrie Faith Cranor
    Proceedings of Privacy Enhancing Technologies (PoPETS) 2022.3
    open-access PDF at PoPETS presentation at PEPR ‘21

  4. “Okay, whatever”: An Evaluation of Cookie Consent Interfaces
    Hana Habib, Megan Li, Ellie Young, Lorrie Faith Cranor
    CHI '22: Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems
    open-access PDF on ACM Digital Library poster

  5. Identifying User Needs for Advertising Controls on Facebook
    Hana Habib, Sarah Pearman, Ellie Young, Jiamin Wang, Robert Zhang, Ishika Saxena, Lorrie Faith Cranor
    CSCW ‘22: Proceedings of the ACM on Human-Computer Interaction, Volume 6, Issue CSCW1
    open-access PDF on ACM Digital Library poster

  6. A second look at SecondLook: Design iterations and usability of digital dating abuse detection and awareness app
    Tania Roy, Eleanor Young, Larry F. Hodges
    ICHI 2020: IEEE International Conference on Healthcare Informatics, 1-11
    PDF

broadband transparency

with Chris Choy

when was the last time you bought new home internet or cell service?

how was the experience?

it sucked, right?

Chris Choy, Ellie Young, and Jon Peha at TPRC50 (2022)

chris, me, and jon peha presenting our work at TPRC50, Sep 2022.
we made many enemies with corporate telecom people that day

the U.S. Federal Commuications Commission is well aware of how slimy & misleading ISPs are during the sign-up process for new internet consumers, and has adopted rules requiring the display of easy-to-understand labels at the point of sale

we surveyed 2,500 people who had submitted their internet bills to Consumer Reports to learn what people want to know when purchasing an internet plan

i led the visual design of an adaptable, responsive label based on what the people want

see for yourself: the FCC’s final rendering adopted most of our proposals

CyLab broadband label
my label (longform)
FCC broadband label
FCC label

🍪 cookie 🍪 consent 🍪

you’ve heard it. i’ve heard it. we’ve all heard it.

you’re not crazy for wondering what that even means, or feeling like sometimes websites make the button to decline cookies really really small and hard to find… or they don’t have that option at all.

i designed the 12 prototype websites used in our study “okay, whatever,” which enabled us to tell the US internet “according to science, your cookie banners are bad, they make users feel bad, and you should feel bad, too.”

our lab immediately followed up this study with a more robust, international iteration (Bouma-Sims et al.) where we could really put GDPR compliance to the test.

for this second study, i built functional versions of all 12 of those websites (+ 2 new conditions) using bootstrap.

“this website uses cookies.”

healthcare chatbot

an app is not your doctor, no matter how much health data you share with it—and HIPAA, penned in 1991, will not protect you from evil (or simply incompetent) tech companies sharing your deepest medical secrets with anyone they want.

so what if a covered healthcare entity wants to leverage a tech company’s expertise to help patients?

patients who want to utilize this outside tech need to sign a HIPAA Authorization consenting to the release of their protected health information (PHI) to an entity who can legally do whatever they want with it.

the lawmakers who drafted the requirements for how authorizations must be presented 30 years ago had no way of envisioning a future where everyone carries around a global internet and artificial intelligence in their pockets.

in this project, we iterated on consent flows for a new chatbot integration on a major health insurer’s website, which was required to include the dreaded full-fat HIPAA Authorization.

i built several prototypes starting from files the insurer gave us, each one better than the last—but no matter how much we optimized the process, people still had no idea what they were consenting to.

the second phase of this study was a deep dive into misunderstandings, comfort levels with sensitive PHI, the importance of digital consent in high-stakes situations, and the ways in which our current models for consent don’t measure up for making users feel good about the safety & privacy of their data when it really matters.

* * also the topic of my undergrad honors thesis! * 

facebook ad settings

i ran 20-odd hour-long interviews, then did a lot of qualitative data analysis, to take a look at how well the various advertising and ads-related controls across facebook suited users’ needs

(spoiler: they didn’t)

YouTube video titled Mark Zuckerberg Drinking Water For 10 Hours

secondlook

with Tania Roy

ai-powered mobile intervention for digital dating abuse

secondlook is an app that uses supervised machine learning to detect abusive language in a user’s text messages. it also offers informational content on healthy vs. abusive relationships and resources for individuals who may need outside help to secure their safety in an abusive relationship.

i completely redesigned and built this app from the ground up (flutter frontend + flask backend), then designed, conducted, and analyzed a user study with 20 participants testing how well it meets the needs of the target population