Home Recent Talks Publications Personal
What's New?
Feb 5, 2009
Our paper entitled A Hybrid Phish Detection Approach by Identity Discovery and Keywords Retrieval was accepted to WWW 2009.
      Paper: PDF

Feb 5, 2009
Gave a talk at the Human-Computer Interaction Consortium (HCIC) on Usable Privacy and Security.
      Paper: PPT Talk: PDF

Jan 27, 2009
Gave a talk at University of Washington on anti-phishing.
      Talk: PPT

Nov 19, 2008
We have just published a research overview of our research in anti-phishing in Scientific American.

Nov 11, 2008
This spring semester, I will be teaching 05-391 - Designing Human-Centered Systems (PDF flier). This course is an introduction to designing, prototyping, and evaluating user interfaces. If you take only one course in Human-Computer Interaction, this is the course for you.

Oct 15, 2008
We have founded Wombat Security Technologies, a startup devoted to combating phishing attacks through better training of customers and employees, and through automated filters.

May 06, 2008
Gave a talk at CenSCIR's second annual symposium, on sensor nets and privacy.
      Talk: PPT

Apr 17, 2008
Phishguru.org is our new site for teaching people how to protect themselves from phishing scams.

Feb 27, 2008
Our CHI 2008 paper, entitled You've Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings, was nominated for best paper, but alas, did not win.
      Paper: PDF

Feb 27, 2008
I'm temporary director of our undergrad HCI program (while Bob Kraut is on sabbatical). The deadline for applying to our undergrad program is Fri March 21 (note that we had a bug in our slides which previously said April 21).

Nov 2, 2007
Presented our work on User Interfaces and Algorithms for Anti-Phishing as part of UPitt's LERSAIS seminar.
      Talk: PPT

Oct 11, 2007
Now available, a screencast of the Marmite end-user programming system for the web (QuickTime mov, 60megs)

Sep 29, 2007
Anti-Phishing Phil is in the news [1 | 2 | 3 | 4 | 5 | 6 | 7]. Try out the game here!

Sep 28, 2007
Presented our work on User Interfaces and Algorithms for Anti-Phishing as part of MIT's HCI Seminar series.
      Talk: PPT

Sep 26, 2007
Presented our work on User Interfaces and Algorithms for Anti-Phishing as part of CMU's HCII Seminar series.
      Talk: PPT

Sep 16, 2007
Gave an invited talk to the Ubicomp 2007 workshop on privacy, entitled Understanding and Capturing People's Privacy Policies in a People Finder Application.
      Talk: PPT Paper: PDF

Sep 6, 2007
Our paper entitled Getting Users Pay Attention to Anti-Phishing Education: Evaluation of Retention and Transfer was accepted to the APWG eCrime Researchers Summit
      Paper: PDF

August 28, 2007
I'm co-teaching The Social Web this semester, with Bob Kraut

August 20, 2007
Our journal paper entitled End-User Privacy in Human-Computer Interaction has been accepted for publication! This is a survey paper looking at how privacy has been addressed in HCI, with respect to design, implementation, and evaluation. Two years in the works and 57 iterations, it's finally good to go!

August 1, 2007
Gave a CyLab seminar talk entitled User Interfaces and Algorithms for Fighting Phishing. This talk gives an overview of our work to date on anti-phishing.
      Presentation: PPT

July 27, 2007
Wow, this is really cool! Portugal Telecom has taken our Anti-phishing Phil game, but has replaced our fish with a frog. It's like I'm reliving my Frogger days! Try out Anti-Phishing Ze here

July 23, 2007
Our work on Anti-Phishing Phil is mentioned in a news article by AP

July 23, 2007
Our paper entitled The feasibility of a three-dimensional charting interface for general dentistry was just accepted to the Journal of the American Dental Association.

July 17, 2007
Gave a talk at the Microsoft Faculty Summit about HCI issues with sensor nets. A funny thing, email that was supposed to be sent to me was sent to another Jason Hong inside of Microsoft, so I didn't know I was supposed to talk until I got there.
      Presentation: PPT

May 12, 2007
Our paper entitled CANTINA: A Content-Based Approach to Detecting Phishing Web Sites was presented at WWW2007.
      Paper: PDF       Presentation: PPT

Research Overview
 
My research interests are in:
  • ubiquitous computing, especially mobile social services, context-aware computing, and location-based services
  • usable privacy and security for ubicomp and anti-phishing
I used to do work in:
I work with the CUPS lab (CMU Usable Privacy and Security) and am also an associate editor for IEEE Pervasive (heading up the conference reports column).
Current Research
 
Internet users are increasingly being asked to make trust decisions, and the consequences of a wrong decision can lead to viruses, spyware, and identity theft. Our goal is to understand how people make trust decisions, currently in the context of phishing scams, and to develop user interfaces, algorithms, and other support tools to help people make better decisions. This work is funded by National Science Foundation CCF-0524189

This project is focused on capturing end-user security and privacy policies in pervasive computing environments. Our goal is to (1) develop novel user interfaces, (2) weave learning, dialog, and explanation technologies to minimize end-user burden, and (3) conduct field studies to evaluate combinations of these techniques. This work is funded by National Science Foundation Award CNS-0627513, NSF grant CNS-0433540, and ARO research grant DAAD19-02-1-0389 to Carnegie Mellon University's CyLab, Portugal Telecom, France Telecom, Nokia, and IBM.

inTouch: Awareness and Messaging for Mobile Groups
inTouch is a mobile social platform that helps small groups (such as families, research work groups, carpools, etc) coordinate. inTouch does this by providing shared awareness as well as facilitating messaging and communication. inTouch also aims to better address breakdowns that typically occur in short-term planning and coordination. This work is funded by National Science Foundation IIS-0534406

The goal of Marmite is to make it easy to create "mashups" that combine content from multiple web sites and web services. Marmite lets end-users (1) extract content from web pages, (2) process it in a data-flow manner, and (3) direct the output to a variety of useful sinks, such as saving to a database, displaying on a map, summarizing as a chart, creating a custom web page, or generating compilable source code that can be further edited. Our user tests showed that people with spreadsheet experience can create an equivalent of the Craigslist housingmaps.com mashup in about 15 minutes. This work is funded by National Science Foundation IIS-0646526 and Microsoft SensorMap.

Hitchhiking: Privacy-Sensitive Location-Based Services
Hitchhiking is a way of building a class of location-based services in a privacy-sensitive manner. Bustle is an example Hitchhiking application that can answer questions like "How busy is it at the cafe?" and "How long are the lines at the airport?" Bustle works by counting the number of wireless devices in an area and using that count to estimate the number of people.

Students I work with
I work with an amazingly talented group of students:

Some Stuff I Helped Create
Web Design Patterns Design Patterns for Ubiquitous Computing Rapid Prototyping and Evaluation Tools Instructor Guides Anti-Phishing Phil
Teaching
Courses taught at Carnegie Mellon University: Past courses taught at University of California at Berkeley:
  • Inventing The Future: User Interface Design, Prototyping, and Evaluation (2001 2002 2004)
  • Spring 2001 - Freshman Seminar: The Past, Present, and Future of Interactive Computing
Service
Odds and Ends

"Magnetism, as you recall from physics class, is a powerful force that causes certain items to be attracted to refrigerators."
  — Dave Barry

"If you want to build a ship, don't drum up the men to gather wood, and don't assign them tasks and give orders. Instead, teach them to long for the vast and endless immensity of the sea."
  — Antoine de Saint-Exupéry

"Make no little plans. They have no magic to stir men's blood and probably themselves will not be realized. Make big plans; aim high in hope and work, remembering that a noble, logical diagram once recorded will never die, but long after we are gone will be a living thing, asserting itself with ever-growing insistency. Remember that our sons and grandsons are going to do things that would stagger us. Let your watchword be order and your beacon beauty. Think big."
  — Daniel Burnham

"Civilization advances by extending the number of operations we can perform without thinking about them."
  — Alfred North Whitehead

I co-authored a book on web site design, which uses the notion of web design patterns as a way for facilitating the construction of customer-centered web sites. Check out the web site for our book The Design of Sites.