I have no idea how to make it safer: Studying Security and Privacy Mindsets of Browser Extension Developers
We open source all the artifacts associated with the study, as underlined in the Open Science section of our original paper.
- supplementary-material.pdf – The supplementary content, i.e., details on pilot studies, rationale on including participants with low user counts and other statistics. Importantly, we also publish the questions from our pre-screening survey here (in Appendix B).
- interview-guide.pdf - The detailed design, organization and questions that we considered for our interviews with participants.
- codebook.json – The study code book, derived by analyzing the interview data of all our study participants, based on open-eneded coding strategy. A hierarchical representation could be viewed in codebook.png.
- extended-dev-study-report.pdf – In addition to the S&P mindset of the extension developers that we discuss in our original paper, we also shared our observations with browser vendors in parallel. This document contains the main pointers that we shared with four major browsers that support extensions (Google, Mozilla, Apple and Opera).
- dev_study - This directory contains the e-commerce Web application that we deployed and used to conduct the coding tasks phase of the interviews. Please find the steps and instructions to deploy the Web application and replicate the task environment inside the directory.
- emails - This directory includes the email and the recruitment details and information we provided to extension developers about our study before and after the interview:
- recruitment.txt - The first email sent to all the 4K extension developers that we considered for our study.
- scheduling.txt - The email sent to all the participants who signed up for our study and qualified as a potential candidate for our study.
- instructions.txt - The information about the interview setup, timeline and data collection processes is shared with the participants before the commencement of the interview.
- post-interview-follow-up.txt - The email sent to each participant after completion of the interview to detail on their participation compensation.
- extension_coding_tasks - This directory contains the original state of extensions and the detailed information that we share with our participants at the beginning of the coding tasks.
- primary - This directory consists of the artifacts for the mandatory coding tasks (CT1 & CT2), as detailed in §4.2 of the original paper. Please find more details about the extension within individual extension directories.
- additional - This contains the optional coding test (CT3) that only two participants opted to work on, as detailed in Appendix A in the supplementary-material.pdf.
This repository is licensed under the GNU Affero General Public License 3.0 as indicated in the LICENSE file included with the repository and at the top of each of the source code files.