Hasso-Plattner-Institut25 Jahre HPI
Hasso-Plattner-Institut25 Jahre HPI

Usable Security and Privacy (Sommersemester 2022)

Dozent: Prof. Dr. Christoph Meinel (Internet-Technologien und -Systeme) , Dr. Anne Kayem (Internet-Technologien und -Systeme)

Allgemeine Information

  • Semesterwochenstunden: 4
  • ECTS: 6
  • Benotet: Ja
  • Einschreibefrist: 01.04.2022 - 30.04.2022
  • Prüfungszeitpunkt §9 (4) BAMA-O: 08.06.2022
  • Lehrform: Seminar
  • Belegungsart: Wahlpflichtmodul
  • Lehrsprache: Englisch

Studiengänge, Modulgruppen & Module

IT-Systems Engineering MA
  • ISAE: Internet, Security & Algorithm Engineering
    • HPI-ISAE-T Techniken und Werkzeuge
  • ISAE: Internet, Security & Algorithm Engineering
    • HPI-ISAE-K Konzepte und Methoden
  • ISAE: Internet, Security & Algorithm Engineering
    • HPI-ISAE-S Spezialisierung
Data Engineering MA
Cybersecurity MA
Digital Health MA


In this seminar we will focus on the decision-making hurdles (challenges) that users face in making complex privacy and security decisions online (Web) with respect to sharing sensitive personal information. For instance, with the advent of GDPR legislation, web applications were required to integrate clear messages to obtain explicit user consent regarding the use of cookies (or other tracking tools), the types of information being collected, and planned usage objectives. However, while organisations like Statistica indicate that web application users are concerned about the disclosure of their sensitive personal data, studies also indicate that many users feel overwhelmed and that they really do not have a choice except to ”Accept” if they wish to use these web applications.

Our goal during this seminar will be to implement and experiment with some existing automated techniques to aid users in making more proactive and ”better” privacy and security choices. We will study these techniques from both the protective and adversarial perspective, in the sense that oftentimes tools that are designed to support ”better” privacy and/or security choices, can also be exploited to achieve the opposite effect. For instance, research shows that most users never change default settings on web applications. Automated privacy- friendly defaults can support users by providing some baseline privacy settings. However, several application providers also take advantage of this to encourage users to install unnecessary third party applications that disclose personal information for the application provider’s benefit.


  • Lecture #1 -  20 April 2022 : Course Overview and Introductory Lecture 

Block #1: Support and Adversarial Mechanisms


  • Lecture #2: 21 April 2022 - Understanding and Assisting User Choices Online 

  • Lecture #3: 28 April 2022 - Privacy and Security Warnings 

  • Lecture #4: 05 May 2022 - Personalised Privacy/Security Messaging 

  • Lecture #5: 12 May 2022 - Supporting Privacy/Security Decisions with Automation 

  • Lecture #6: 19 May 2022 - Adversarial Mechanisms (Discussion) 

  • Lecture #7: 26 May 2022 -  ---- No Lecture (Public Holiday) ---


Block #2: Project Work - Phase I: Mid-Semester Presentations

  • Mid-Semester Presentations (Schedule to be Decided)


Block #3: Experimental Design


  • Lecture #8: 09 June 2022 -  Structuring User Studies 

  • Lecture #9: 16 June 2022 -  Quantitative Data Collection

  • Lecture #10: 23 June 2022 - Qualitative Data Collection 

  • Lecture #11: 30 June 2022 -  Analysing Collected User Data 


Block 4: Project Work - Phase 2: Final-Semester Presentations and Report

  • Final Presentations (Schedule to be decided)
  • Final Report Handin: 15 August 2021 (Submission Online on Moodle)



  • Good programming skills 


Relevant literature will be provided to you.

Lern- und Lehrformen

At the end of this seminar you should be able to do the following:

  • Design automated mechanisms to support users in making "better" privacy/security decisions on the web
  • Critically assess the potential for such mechanisms to be exploited adversarially
  • Critically assess whether or not automation is useful in overriding user decisions, and what the long term impact is
  • Learn about experimental designs for testing the effectiveness (and counter-effectiveness) of the mechanisms studied


Evaluations towards the final grade, will be based on presentations of results (mid-semester and final), as well as a technical (group) report of 12 - 15 pages (6000-7500 words) on the findings drawn from the project conducted during the seminar. Presentations will count for a combined total of 50% and the report for 50%. The grading rubric is summarised below:

Grading Rubric When? & Where? Grade %
Mid-Semester Presentation TBD (H.2.57/58) 25%                                                
Final Presentation TBD (H.2.57/58) 25%
Technical Report 15.08.2022 (Online - Moodle) 50%


Lectures and project meetings will hold on Wednesdays and Thursdays, beginning 19.04.2022 as follows:

  Day, & Time Location
Project Work (Discussions) Wednesdays, 17.00 - 18.30 H.2.57/58
Project Work  Thursdays, 13.30 - 15.00 H.2.57/58

Lecture materials and further details on course modalities will be accessible on Moodle.

Note: To participate in the course you must be registered on the University of Potsdam's Moodle platform, and have registered to attend this course. Search for the course using "Usable Security and Privacy" and register using "USP-SoSe-2022".