key: cord-0119146-k9hfpzpf
authors: Emami-Naeini, Pardis; Francisco, Tiona; Kohno, Tadayoshi; Roesner, Franziska
title: Understanding Privacy Attitudes and Concerns Towards Remote Communications During the COVID-19 Pandemic
date: 2021-06-09
journal: nan
DOI: nan
sha: 9ae62b447465c00321cd17fdc73c4cb15bba5087
doc_id: 119146
cord_uid: k9hfpzpf

Since December 2019, the COVID-19 pandemic has caused people around the world to exercise social distancing, which has led to an abrupt rise in the adoption of remote communications for working, socializing, and learning from home. As remote communications will outlast the pandemic, it is crucial to protect users' security and respect their privacy in this unprecedented setting, and that requires a thorough understanding of their behaviors, attitudes, and concerns toward various aspects of remote communications. To this end, we conducted an online study with 220 worldwide Prolific participants. We found that privacy and security are among the most frequently mentioned factors impacting participants' attitude and comfort level with conferencing tools and meeting locations. Open-ended responses revealed that most participants lacked autonomy when choosing conferencing tools or using microphone/webcam in their remote meetings, which in several cases contradicted their personal privacy and security preferences. Based on our findings, we distill several recommendations on how employers, educators, and tool developers can inform and empower users to make privacy-protective decisions when engaging in remote communications.

The world was hit by a pandemic caused by the novel coronavirus and the COVID-19 disease in December 2019. In an attempt to prevent the spread of the virus, businesses and schools around the globe shut down, and people began sheltering in their homes to practice social or physical distancing [1] .

Following social distancing protocols, people around the Copyright is held by the author/owner. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee. USENIX Symposium on Usable Privacy and Security (SOUPS) 2021. August 8-10, 2021, Virtual Conference. world have been encouraged or ordered to stay at home [2] [3] [4] . Hence, they started to work from home [5] , keep in touch with family and friends remotely [6] , and/or take remote courses [7] , many for the first time [8] . This made remote conferencing tools an essential part of people's day-to-day lives, which albeit useful, posed potential privacy risks to people who are now regularly streaming video and audio from their own homes [9] [10] [11] [12] [13] [14] [15] . Increasingly integrated into people's lives and routines, widespread remote communications will not disappear with the end of the pandemic [16] . As people continue to work, socialize, and learn from home, it becomes imperative for their privacy and security to be protected. This requires the designers of in-home technologies (e.g., conferencing tools) and organizations that use them to understand the diverse needs of users. Understanding users' needs will enable designers and organizations to i) inform users about potential risks, and ii) gear their designs toward enabling users to control their privacy and security when using such technologies.

To that end, we conducted a worldwide survey (n =220) on Prolific [17] in May 2020, i.e., a few months into the pandemic, as people were newly settling into widespread remote communications. We sought to conduct our study during the transition phase of the COVID-19 pandemic, when participants were still adjusting to their new remote settings, while remembering their normal lives before the pandemic. Our survey covered three contexts of remote communications, namely work from home (WFH), socialize from home (SFH), and learn from home (LFH). In each context, without priming participants by asking directly about privacy and security, we leveraged participants' open-ended responses to tease out their unbiased privacy and security attitudes and behaviors towards three aspects of remote communications: conferencing tools, modes of remote communications (microphone, webcam), and locations of remote communications. We conducted quantitative and qualitative analyses to answer the following three research questions:

1. How do people engage with different aspects of remote communications in each context during the pandemic? 2. How do privacy and security factor into people's behaviors and attitudes towards aspects of remote communications in each context? 3 . What approaches can be used to effectively inform and empower users' privacy and security decision making related to remote communications in each context?

We also designed our survey to allow us to explore related research questions for other technologies that we hypothesized that people would interact with more and/or have a new relationship with during the pandemic stay-at-home orders: smart home devices and social media platforms. Upon analyzing our results, we found that privacy and security concerns of most participants have not changed during the pandemic, mainly due to their lack of risk knowledge and awareness. Stay-at-home orders, however, significantly impacted participants' concerns and behaviors toward remote communications, which we primarily focus on in this paper. For completeness, we include the survey questions on smart home devices and social media platforms in Appendix A and a summary of their findings in Appendices B and C.

When being asked about conferencing tools, participants expressed a lack of decision-making agency. In WFH and LFH, participants reported to use the tool that was being decided for them by their employer or educator. Moreover, in all contexts, participants felt that they had no control over activating their webcam/microphone during their remote communications. For several participants, such imposed requirements contradicted their privacy and security preferences.

We found that participants' privacy attitudes and concerns towards the physical locations where their remote communications take place is context-dependent. By qualitatively analyzing participants' open-ended responses, we identified two types of location-related privacy: remote privacy (privacy from meeting attendees) and co-inhabitant privacy (privacy from household members). The open-ended responses suggested that in SFH, participants are mainly concerned about their co-inhabitant privacy, while valuing both remote and co-inhabitant privacy in WFH and LFH.

Based on the outcomes of our study, we distill several recommendations for organizations and tool developers on how to more effectively enable users to make informed and privacy-protective decisions with regard to their remote communications. In particular, we propose to enhance users' decision-making process by means of inclusive, transparent, and flexible policies on remote communications and designing privacy-protective features, which consider diverse and context-specific privacy and security needs.

Since December 2019, people around the world have been struggling with SARS-CoV-2 (novel coronavirus) and the resulting COVID-19 pandemic [18] . To help prevent further spread of the virus, many people have exercised social or physical distancing, i.e., keeping a safe distance from others who are not from the same household [19] . Consequently, people started working, socializing, and learning from home. As a result, the use of conferencing tools and audio and video communications has increased dramatically.

The pandemic has redefined home from a place of privacy and security [20] to a shared work, socializing, and learning space. This sudden shift from in-person to remote interactions has led to an unprecedented increase in the use of remote communication tools [21] . Teleconferencing and video conferencing tools, such as Zoom [22] , Microsoft Teams [23] , Google Hangouts [24] , and WebEx [25] , have all seen a massive rise in usage thanks to people working, socializing, and learning from home. As people started to increasingly rely on such tools for their daily communications, experts have become more concerned about the wide range of privacy and security risks these tools expose their users to [9] [10] [11] [12] . A few of the reported concerns include Zoombombing [26] , undisclosed data mining [27] , and selling information to third parties [28] . By considering the context around remote communications, literature has discussed the privacy and security concerns involving remote health-related sessions [29, 30] , educational communications [15, [31] [32] [33] , attending online courses [34, 35] , and work-related meetings [14, 36, 37] .

Experts have provided several guidelines aiming to prevent the risks and mitigate the potential harms of conferencing tools [38] [39] [40] . Despite being valuable sources of information, these guidelines put the burden of protecting privacy and security mainly on the user. This is an unrealistic expectation due to several reasons. Confirming the literature [41] , our findings showed that privacy and security aspects, although being important, are not always the number one priority when using and interacting with conferencing tools. Moreover, our qualitative findings suggested that due to their roles in their organizations, users often have limited power in making privacyprotective decisions, especially in work-and education-related contexts. In addition, the best practices reported in the current guidelines constitute a broad recipe, hoping that they apply to all users in all contexts of remote communications. From the literature, we already know that privacy is contextdependent [42] .

During the pandemic, people started to rely more and more on the microphones and webcams of their devices to stay in touch with their colleagues, friends and family members, or their classmates. Only a few weeks into the pandemic, the market saw a 179% jump in the sales of webcams [43] , followed by a supply shortage [44] [45] [46] .

Privacy and security experts have indicated that webcams and microphones are susceptible to risks and vulnerabilities. Several reports showed how easily hackers take control of users' devices and activate their built-in webcam and microphone by exploiting the device vulnerabilities [47] [48] [49] [50] [51] [52] . During the pandemic, in all contexts of remote communications, users are at an even higher risk of such hacking incidents as they are spending an increased amount of time using their webcams and microphones in different locations of their homes to remotely communicate with others [53] . Users might not be aware that their webcams and microphones are turned on as the LED indicator lights are not always effective [54] or they might have been deactivated by the attacker [55, 56] .

To prevent hacking attacks from happening, experts frequently recommend users to cover their webcams and microphones when they are not being used [57, 58] . During the pandemic, however, users might not be able to diligently exercise this protective approach as many are encouraged or even forced to have their webcams and microphones on all the time. Employers are setting always-on webcam policies to encourage spontaneous chats among employees [59] and using surveillance tools to closely monitor the activities of their workforce [60, 61] , in some cases even without users' knowledge [62] . Saying no to such surveillance is not always easy, especially during the pandemic with the heightened risk of unemployment due to potential retaliations [63] .

Remote learning is not immune to such commonplace imposed surveillance as well. School-issued devices are not transparent about whether they spy on students by activating their webcams and microphones [64] . Some schools use proctoring software that enables access to the students' webcams and microphones during the exams [65, 66] . In addition, policies are in place forcing students to have daily audio and video interactions with their peers or teachers [67] .

The aforementioned privacy-invasive webcam and microphone policies and surveillance practices allude to the ineffectiveness of the blanket and commonly referenced solutions with respect to the rising risks of these technologies. Designing privacy-protective tools and providing usable privacy and security guidelines for users require a deep understanding of users' decisions and behaviors. Our study contributes to the body of literature by providing novel empirical evidence, which highlights the significant impact of the context of remote communications, as well as the living conditions, on attitudes and privacy concerns related to remote communications.

We launched an online worldwide survey (n =220) on Prolific in May 2020. We initially recruited 230 participants and excluded 10 of them: 3 participants used the open-ended boxes to advertise a product and 7 participants provided other irrelevant responses to open-ended questions. We provide the complete list of survey questions in Appendix A, and we mention the question number in parenthesis (e.g., CQ1) when referring to each survey question in the remainder of this section. The study protocol was approved by our Institutional Review Board (IRB).

Prior to the survey launch, we piloted our survey with 10 participants to identify potential issues with the survey questions, specify the compensation amount, and ensure that the questions are all understandable and easy to follow. We then conducted our survey on Prolific and recruited participants who were at least 18 years old. Because of the worldwide impact of the COVID-19 pandemic, we did not restrict our respondents to a specific region and instead, recruited participants from all around the world. The survey took on average 16 minutes to be completed, and we compensated each participant with US$5.

We started the survey by introducing our study to be about "technology use in the home during the Coronavirus (COVID-19) Pandemic." We then asked a few questions to obtain participants' consent to participate in our study (see Appendix A.1).

We asked questions on three contexts of remote communications: working from home (WFH), socializing from home (SFH), and learning from home (LFH). In the survey, we showed questions related to each context in a separate block. We randomized the order of these blocks to mitigate the potential order bias [68] . We asked similar questions in the three tested contexts and only changed how we referred to remote communications in each context. Specifically, in the contexts of WFH, SFH, and LFH, we referred to remote communications as "remote work-related meetings," "remote personal meetings with friends and family members," and "remote learning-related meetings," respectively.

Familiarity with a situation has been shown to impact people's risk perception toward that situation [69] . To control for participants' familiarity with the contexts of remote communications, at the beginning of each context, we asked participants to specify whether they have experience with remote communications in that context (CQ1). We implemented a logic so that respondents could see the remaining questions of that context only if they reported to have experience with the context in question.

To better understand our participants' timeline for remote communications, we asked questions to capture when they started remote communications and how often they were engaged in remote communications before and during the pandemic (CQ2-4). In each context, we explored participants' attitudes, behaviors, and privacy concerns related to three aspects of remote communications: conferencing tools (CQ5-10), modes of remote communications (CQ11- 14) , and locations of remote communications (CQ15- 19) .

There are countless anecdotes that have been reported about people's remote communication experience during the pandemic [70] . To understand what our participants were most concerned about in their remote communications, at the end of each context, we asked respondents to specify the incidents that happened to themselves or others that they perceived to be concerning or awkward (CQ20-22).

After context-specific questions, we asked a few questions to explore how the pandemic impacted participants' privacy concerns and behaviors toward their smart home devices and social media platforms (IQ1-9, SMQ1-8). Since these questions were not the main focus of our study, we provide their findings along with a background in Appendices B and C.

Finally, we asked questions to understand participants' demographic information, as well as their home settings (DH1-16). We placed the demographic questions at the end of the survey to minimize the possibility of stereotype threat [71] [72] [73] .

To analyze participants' responses to survey questions, we conducted qualitative and quantitative analyses.

The first author was the primary coder, who created the codebook for each open-ended question and kept it updated throughout the coding process. To analyze the data, we applied structural coding [74] , which is a question-driven qualitative coding approach to categorize the interview data as well as open-ended survey responses [75] . The codebook consists of main and sub codes. The main codes are created from the topics of interest in the study. For example, we were interested in understanding what factors led participants to use specific conferencing tools during the pandemic. In the codebook, the main code we used to answer this research question was reasons to use conferencing tools, which was then divided into 11 sub-codes (e.g., functionality) and further divided into 8 sub-sub-codes (e.g., convenience and accessibility). After the codebook was created, the first two authors used the codebook to independently code all the open-ended responses. Authors had several meetings to go over the codebook and the coded responses and resolve the conflicts stemming from mismatched understandings of the codebook. After agreeing on the definitions used in the codebook, the first two authors re-coded all the responses. The final codebook consists of 11 main codes, 122 sub-codes, 54 sub-sub-codes, and 4 sub-sub-sub-codes. For each codebook, the Cohen's Kappa inter-coder agreement was calculated after the second round of coding. The aver-age rate of agreement for all the codebooks was above 91%, with a minimum of 88% and a maximum of 100%. Based on the literature, Cohen's Kappa inter-coder agreement of over 75% is considered as "excellent" [76] . We provide the final codebooks in Appendix D.

For our regression analysis, we fit M = 4 Cumulative Link Mixed Models (CLMMs) with logit as the link function to our collected data in order to explain the dependent variables (DVs) we asked our participants about. In each model, the DV is a categorical variable that can take multiple ordinal values, each of which we refer to as a response category. For all models, we treated participants' demographic and home setting factors as control variables. We considered Akaike Information Criterion (AIC) as the goodness of fit for the models [77] . We only report on demographic factors that helped the model fit significantly better than the model without them. It is important to note that we did not include the interaction terms in the final regression models as they did not improve the model fit. For the m th model, m ∈ {1, . . . , M}, we denote the number of possible response categories by J m , and we denote the corresponding number of observations, i.e., the number of participants that answered the question corresponding to that model, by N m . For the n th observation, n ∈ {1, . . . , N m }, we let Y n m denote the observed response category. As per the CLMM definition, for the m th model, m ∈ {1, . . . , M}, the probability that the n th observation, n ∈ {1, . . . , N m }, falls in the j th response category or below, j ∈ {1, . . . , J m − 1}, is modeled as

where α j| j+1 denotes the threshold parameter or cut-point between response categories j and j + 1, and u participant n i.i.d.

N (0, σ 2 u ) denotes the random effect for the participant in the n th observation. Moreover, {β n IV m,i } I m i=1 represent model coefficients corresponding to the I m different independent variables (IVs) in the m th model, each particular to the level that was reported in the n th observation.

We start this section by providing information on participants' demographics and timelines of remote communications. We then present findings on participants' behaviors and decisions related to three aspects of remote communications: conferencing tools, modes of remote communications, and locations of remote communications.

We recruited 230 participants (reduced to 220 after excluding invalid responses) on Prolific. Our participants were mainly from UK (31%), Poland (15%), and US (14%). 43% of our respondents were female and 57% were male. Most participants did not have a background in Information Technology fields (65%) and were 18-29 years old (62%). We provide details on participants' demographics, home settings, and timelines of remote communications in Appendix E. Except for questions on the consent form (see Appendix A.1), none of the survey questions required participants to provide an answer. For each finding, we specify the number of participants that answered the corresponding question.

When asked about the frequency of remote communications before the pandemic, responses suggested that participants had more experience with remote communications in the socializing context than work and learning contexts. During the pandemic, in the contexts of WFH and SFH, most participants (WFH: 150/220, SFH: 208/220) reported that they have been mostly having remote meetings and communications. In the context of LFH, about half of our respondents (LFH: 114/220) reported to be having remote learning-related meetings. Designing usable and privacy-and security-protective conferencing tools and guidelines in remote communications requires a deep understanding of users' attitudes and concerns towards remote communications. To this end, in our survey, we captured participants' context-specific thought process and decision making toward three aspects of remote communications during the pandemic: conferencing tools, modes of remote communications (webcam/microphone), and locations of remote communications. Without priming participants, we surfaced the role of privacy and security in participants' decision making related to each aspect of remote communications.

In all contexts, Zoom was reported to be used more frequently than other tools (WFH: 35%, SFH: 27%, and LFH: 42%). We found that most participants (59%) were using the same conferencing tool for their WFH and LFH meetings and 35% of participants were using the same application in all three contexts. Figure 1 shows the fraction of participants who reported using each of the conferencing tools at least once for their remote communications across the three contexts.

In each context, on a five-point Likert scale, we asked participants to specify their level of comfort with the conferencing tool they most frequently use for their remote communications. Across all contexts, most participants (WFH: 87/150, SFH: 161/208, LFH: 75/114) were somewhat or very comfortable when using the conferencing tools for remote communications (see Figure 2 ). Our regression analysis indicated that the context of remote communications significantly impacts participants' level of comfort (see Table 1 ). We found that compared to work from home, participants were significantly more comfortable when using tools to communicate with family and friends (estimate = 1.43, p-value < 0.05) as well as communicating in the context of learning (estimate = 0.88, p-value < 0.05). Participants who reported to be using Google Hangouts were significantly more comfortable (estimate = 2.13, p-value < 0.05) with their conferencing tool than those who were using Zoom. In addition, our regression model suggested that an increase in the number of adults in the household resulted in a significant decline in the reported level of comfort with conferencing tools (estimate = −1.03, p-value < 0.05).

In each context, we explored participants' reasons behind their choice of conferencing tools as well as their comfort and discomfort with the tools. By qualitatively coding their open-ended responses, we surfaced several factors impacting participants' decision making and comfort level toward the use of conferencing tools.

In the contexts of WFH and LFH, participants frequently (WFH: 70/146, LFH: 64/107) implied that they have no agency over choosing what conferencing tool to use for their meetings. This lack of control was due to the fact that the tool was being selected for participants by their employers or educators, sometimes despite their personal preferences.

In the WFH context, some participants (WFH: 21/70) reported that the required conferencing tool is aligned with privacy and security preferences and requirements of their employers. P16 reported to be using Microsoft Teams for their WFH meetings: "Work requires me to only use this tool. They say this is the most secure one out there." Similarly P177 discussed why their employer asked them to use Microsoft Teams for WFH meetings: "It is the only tool that the company has approved security wise on our network."

In LFH, such imposed decisions contradicted some participants' (LFH: 17/64) personal privacy and security preferences, especially when they were required to use Zoom for their learning-related meetings. P36, who reported to use Zoom for their remote learning-related meetings, said: "That is the tool our teacher has chosen for us. Although security is certainly a problem."

In all three contexts, the provided features and the usability of the tool were the second most frequently mentioned reasons to use the tool (WFH: 41/146, SFH: 92/204, LFH: 21/107) and the most commonly reported factors to make participants comfortable when using the conferencing tool (WFH: 75/111, SFH: 84/154, LFH: 42/70). P9, who frequently uses Microsoft Teams for their work meetings, said: "I can clearly see every file that's been attached to our meetings, I can easily contact with others and the quality of voice and video is just perfect." Unlike SFH, one of the most desirable features in the contexts of WFH and LFH was the ability of the tool to function properly with large groups. P102, who was using Zoom for their work meetings, said: "It supports a bigger number of people to be in a call better than the other ones."

In the WFH and LFH contexts, almost all participants (WFH: 40/41, LFH: 19/21) who mentioned using a conferencing tool based on its convenience and usability, reported to personally benefit the most from these attributes in their remote communications. P194 reported to be using Microsoft Teams for their WFH meetings: "Microsoft Teams allows me to stay connected more easily."

Unlike WFH and LFH, in SFH, several participants reported to use a conferencing tool mainly due to its perceived ease of use and convenience for others on the call (e.g., family members or friends), especially those with limited familiarity with technology. P90, who was most frequently using Skype to communicate with family members, said: "Parents are not confident with tech, Skype was the easiest for them to set up." Some participants (WFH: 11/146, SFH: 9/204, LFH: 14/107) discussed giving up their privacy and security due to the tools' provided features and convenience. Almost all participants who mentioned such trade-offs reported to be using Zoom for their remote communications. In the context of WFH, P176 said: "Zoom offers the best features and is easy to use. Although security is certainly a problem." Users' tradeoff between privacy and security and provided convenience is a known behavior in the literature [41, 78, 79] .

The most mentioned reason in deciding what conferencing tool to use to communicate with friends and family members was how familiar the tool was to participants themselves and also others on the call (SFH: 94/204). P54 reported to use WhatsApp for their SFH meetings to accommodate their family members: "It's the one my family have already installed on their phones and know how to use." Familiarity with the tool was the third most frequently mentioned reason in the contexts of WFH and LFH (WFH: 29/146, LFH: 15/107). P84 reported to use Skype more frequently than other tools: "The people I am calling with use Skype more than anything. I would rather use Zoom instead." Familiarity was also the second most commonly mentioned contributor to participants' comfort with conferencing tools (WFH: 22/111, SFH: 48/154, LFH: 15/70). P12 reported why they are comfortable with using Skype for their SFH meetings: "I have been using Skype since I was a teenager, so I'm used to it and that makes me more comfortable when I'm talking to friends and family."

Unlike WFH and LFH, in SFH 33% of participants, who reported to value the familiarity with the tool the most, implied that such familiarity partially stemmed from using the tool in contexts other than socializing (e.g., work, learning). P10 reported to use Microsoft Teams for their SFH meetings: "My school uses the same platform and it's easier to be on only one platform at the same time.

"

Participants' open-ended responses implied how familiarity with the tool impacted their privacy and security concerns. A few participants (WFH: 9/29, SFH: 17/94, LFH: 6/15) perceived a sense of safety when using the tool due to their prolonged experience with the tool. P30, who used Discord for their personal meetings, said: "I know it is very safe and reliable because I've been using it for the past 3 years." This finding confirms the role of familiarity with technology in reducing risk perception [69] . Besides, a few participants associated their privacy concerns with their familiarity with the tool. P70 discussed why they only use Discord for their SFH meetings: "I already had account on it and also I am not comfortable sharing my info with more companies."

In all three contexts, the perceived privacy and security of the tool were the third most commonly mentioned factors in making participants comfortable when using the tool for their remote meetings (WFH: 22/111, SFH: 20/154, LFH: 11/70). In the context of WFH, Microsoft Teams and in SFH and LFH, Zoom were most frequently praised for their privacy and security practices.

When discussing their comfort with conferencing tools, some participants did not mention a specific privacy or security practice that made them comfortable when using the tool and instead said: "It is secure," "It feels like a safe app," or "I have no privacy concerns." We qualitatively coded the openended responses and identified several privacy and security best practices and perceptions that were frequently reported across all contexts:

• Information being encrypted (7) Although most participants were comfortable with using the tools for their remote communications, some participants reported being somewhat or very uncomfortable (WFH: 17/150, SFH: 16/208, LFH: 7/114). Privacy and security were frequently mentioned as the reasons for participants' discomfort when using the tools (WFH: 8/17, SFH: 5/16, LFH: 3/7). Below is the list of privacy and security practices and beliefs that made participants uncomfortable when using the conferencing tool:

• Risks and vulnerabilities reported by the media (7): Zoom:7 • Personal space being exposed in the meeting (4) We asked participants to specify how they manage their reported discomfort with the conferencing tools. In the contexts of WFH and LFH, participants reported to address their concerns and discomfort by sharing less with other meeting attendees (WFH: 6/17, LFH: 2/7). Limiting the exposure was both in terms of restricting the content that is being shared, as well as modifying the configuration of their tool or the camera on their computer to limit the exposure. P4 limited the content they shared in the meeting and said: "I try not to say anything that could be used badly."

Unlike WFH and LFH, The most commonly mentioned mitigation approach in the context of SFH was limiting or avoiding the use of the tool (SFH: 9/16). P188, who reported using Google Hangouts, said: "I will uninstall it as soon as it is no longer needed." Some participants reported to take no action when being uncomfortable when using the tools (WFH: 4/17, SFH: 5/16, LFH: 1/7), mainly due to not being in charge of selecting the tools, not knowing what privacy and security controls the tool offers, or believing they have nothing to hide. P50 discussed why they do not take any action to address their privacy concerns with 

We explored participants' attitudes and preferences toward the use of microphone and webcam in their remote communications. In all contexts, participants reported to activate their microphones significantly more frequently (p-value < 0.001) than their webcams when having remote communications (see Figures 3 and 4 ). Our CLMM results showed that compared to WFH, participants turned on their webcams (estimate = 1.66, p-value < 0.001) and microphones (estimate = 1.53, p-value < 0.001) significantly more often when having remote personal meetings with friends and family members, and significantly less often (webcam usage: estimate = −1.49, p-value < 0.001; microphone usage: estimate = −1.61, pvalue < 0.001) when having remote learning-related meetings. Other factors significantly impacting the frequency of webcam and microphone usage were the number of rooms in the home setting, age, and the number of children in the household (see Table 1 ).

Accidental exposures of audio and video can lead to privacy violations. When asking participants about awkward incidents that had happened to them or others, across all contexts, the misuse of microphone and webcam was mentioned in almost all reported incidents (WFH: 29/34, SFH: 17/18, LFH: 8/10). In these incidents, the microphone and/or webcam were capturing unintended footage of a meeting attendee without their awareness and in some cases, without the awareness of the household members. For example, in the context of WFH, P194 mentioned an incident involving the microphone: "A member of management did not remember to mute himself while he answered his personal phone on speaker with what sounded to be a lawyer." P185 reported a similar incident in the context of LFH that involved the misuse of webcam in the meeting: "Someone in a classroom stood up naked on the Zoom call and I guess he didn't know until it was too late." In order to raise users' risk awareness and prevent such incidents from happening, we need to understand the underlying reasons for participants' preferences towards different modes of remote communications. We asked participants how they decide to turn on their webcam and microphone when having remote communications. [80] . P101, who reported to always turn on the webcam in their remote work-related meetings, said: "There isn't a choice in terms of my manager requesting a meeting face to face." For some participants, such imposed requests contradicted their personal preferences. P75 discussed their lack of desire to activate their webcam in work-related meetings: "If the manager asks me to turn on the video, I have to do it, but I personally prefer to maintain it switched off at all times." In the context of LFH, several participants reported being required to have their webcam and microphone on when taking exams (LFH-Webcam: 19/66, LFH-Microphone: 23/97). P43 discussed how they decide on when to activate their webcam during learning-related communications: "It depends if I'm explicitly asked by the professor to turn it on (For example when I have an 'oral exam' since written exams are now hard to do remotely)."

Although no participant reported to be explicitly requested by others to activate their microphone/webcam in SFH meetings, our qualitative analysis found the implicit expectation to be the main factor in participants' microphone/webcam usage. Most participants perceived lack of control over the use of microphone/webcam and reported that they are naturally expected to turn on their microphone/webcam when talking to their family and friends (SFH-Webcam: 134/208, SFH-Microphone: 166/208). P183 reported: "I always turn the webcam on during personal meetings with friends and family because I think it is what they expect and it would be rude not to." Across all contexts, participants frequently mentioned that they would make the decision to activate their mi-crophone/webcam based on other meeting attendees' behaviors (WFH-Webcam: 58/150, SFH-Webcam: 22/208, LFH-Webcam: 27/114, WFH-Microphone: 43/150, SFH-Microphone: 18/208, LFH-Microphone: 26/114). In the context of LFH, P185 reported to sometimes turn on their webcam: "If other students have their cameras on I am more likely to turn mine on. But if nobody has theirs on, I will probably not turn on my camera." This type of social influence is called informational conformity [81] , which serves as a cognitive repair [82] and happens when group members follow others' behaviors and directions as they are unsure about the appropriate behavior [83] . In several cases, participants reported to comply with the crowd despite holding a different preference. P43 reported to rarely turn on their webcam in work-related meetings: "Depending on the other person/people, and they always prefer to have a video. I personally find it a bit stressful, but don't mind it too much."

In the context of SFH, some participants (SFH: 27/208) reported to jointly decide on the expectations around the use of microphone and webcam mostly prior to their personal meetings. P134 reported: "When we decide to meet, we choose video or none in the meeting invite." A few participants discussed the importance of joint decision making in accommodating meeting attendees' preferences. P160 reported to frequently turn on their webcam when meeting their friends: "If I miss seeing her face, we will plan a video call. We plan them because she has anxiety which I definitely want to accommodate for as best [as I] can."

Our qualitative analysis indicated that participants shared diverse sentiments over activating their webcam/microphone in remote communications. In SFH, no participant suggested being uncomfortable with their lack of autonomy over webcam/microphone in their personal meetings. P117 discussed why they feel comfortable to always have their webcam on when meeting family and friends: "My family expect me to have video on, but I don't mind as I feel comfortable with people who really know me and accept me for who I am. I guess it's a gut feeling, if I don't feel anxious in their company in real life face to face, I would feel comfortable on a screen."

Unlike SFH, several participants (WFH: 21/101, LFH: 13/94) in WFH and LFH expressed negative attitudes toward having their webcam on. P80, who reported to activate their webcam at their employer's request, said: "I don't think video is necessary for the outcome of the meeting. It would be odd seeing colleagues in their home environment." P84 discussed why they do not feel comfortable with having webcam on in their LFH meetings: "I do not want to be seen by people I have never met, so I do not turn it on, unless I am being asked by the teacher." On the contrary, some participants (WFH: 16/101, LFH: 8/94) shared positive sentiments and supported having the webcam on during WFH and LFH meetings. P151, who reported to always turn on their webcam in WFH meetings, said: "I always turn it on as I feel face to face conversations with people create a better environment, and a higher level of honesty. I have campaigned for a policy in work to make video compulsory, and it has been taken up." P43 discussed why they preferred to have their webcam on in LFH meetings: "It is 'nice' and more productive during the Q&A meetings to have webcam on and discuss about issues/doubts about a particular project."

We asked participants to specify which part(s) of their homes they most frequently use for their remote meetings. Figure 5 shows the fraction of participants that reported to use each of the locations in their home at least once for their remote communications across the three contexts. In all contexts, most participants (WFH: 123/150, SFH: 178/208, LFH: 91/114) were comfortable with the locations of their meetings (see Figure 6 ) while having significant differences across the contexts. The regression analysis showed that compared to WFH, participants were significantly more comfortable when using any given location for their remote personal meetings (estimate = 1.62, p-value < 0.001). Other statistically significant factors to explain participants' level of comfort with their meeting locations were gender (estimate = 1.04, p-value < 0.05) and number of adults in the household (estimate = −0.56, p-value < 0.05).

In all three contexts, several participants reported to select a meeting location which they perceived to be the most private in their homes. Especially, in the context of WFH, having privacy was the most frequently mentioned reason as to why a location is used for work meetings (WFH: 42/147). In the contexts of LFH and SFH, privacy was the second and third most common reason for participants' location-related decision By qualitatively analyzing participants' open-ended responses, we identified two types of privacy: remote privacy and co-inhabitant privacy. Remote privacy refers to having privacy from other meeting attendees, while co-inhabitant privacy refers to having privacy from other household members. The types of privacy that were mentioned by participants varied among different contexts of remote communications.

In the context of SFH, participants reported to have no concern over remote privacy as they felt comfortable with other meeting attendees (e.g., friends, family members) viewing their personal space. For example, P32 reported why they feel comfortable holding their personal meetings in the living room: "It's my living room, it's organized and everyone I talk to already knows it." P196, who reported to use their bedroom for remote personal meetings, said: "I feel very comfortable in my bedroom as friends generally know my place." Almost all participants who considered privacy when selecting their SFH meeting locations reported to be concerned with their co-inhabitant privacy. These participants reported to choose their meeting locations to be a personal space in their home where they are not being disturbed or interrupted by others during their remote meetings. Participants' personal space was mostly reported to be their bedroom. A few participants reported to have co-inhabitant privacy in other locations, including living room, kitchen, and workroom. P185 reported to use their bedroom for SFH meetings: "I feel the most comfortable in my own bedroom and I know that it will be a private space and that the least amount of interruptions will happen in my bedroom compared to other areas of the house." P25 reported why they were using the living room for personal meetings: "It is separated from the room in which my housemate works and so less likely that he will overhear."

Unlike SFH, in the contexts of WFH and LFH, participants' perception of privacy was more diverse. Some participants (WFH: 19/42, LFH: 15/24) reported to prefer having co-inhabitant privacy by detaching their meeting locations from other household members. P47 discussed why they de-cided to use their bedroom for remote work-related meetings: "I prefer using mostly my bedroom for most of my online work/meetings as I don't like others hearing me talk, I like to have a little bit of 'privacy'." P43 reported using their bedroom to preserve their co-inhabitant privacy: "I like to have my own little space, a bit of privacy from the rest of family and less distractions around so I can focus on the course." On the other hand, some participants were uncomfortable about others on the call seeing their personal space. These participants reported to desire having remote privacy by selecting a less personal location that provides a "neutral" or "professional" background with fewer details about their personal life. P195 talked about having privacy when holding their work meetings in the study or workroom: "I don't have anything private there that I would be unprofessional if I had to share my webcam with others." P122 discussed why they were using the kitchen for remote learning meetings: "This is the least personal place in the house to have such meetings."

Open-ended responses revealed potential conflicts between remote privacy and co-inhabitant privacy. In all contexts, participants who valued their co-inhabitant privacy frequently reported to be using their personal bedroom to have privacy from their household members. At the same time, participants in WFH and LFH perceived their personal bedrooms to be intimate and, therefore, not appropriate to preserve their remote privacy. We found similar tensions with regard to using living room for remote communications. Some participants chose to hold their remote meetings in the living room to have remote privacy, although having less co-inhabitant privacy due to the interruptions by household members.

Similar to participants' attitudes toward conferencing tools, convenience and comfort were frequently mentioned as the deciding factor when selecting a meeting location (WFH: 26/147, SFH: 65/208, LFH: 24/114). Especially, in the context of SFH, participants reported that the convenience of the location is the most important reason when choosing the room for their remote personal meetings. P80 discussed why they use the living room for their personal meetings: "This is the location of relaxation and the area where my husband and I can sit comfortably and talk to friends and family."

Another commonly mentioned reason behind participants' choice of meeting location in all three contexts was the presence of equipment that was needed for remote communications, including computer, desk, and books (WFH: 42/147, SFH: 41/208, LFH: 37/114). For participants in the context of LFH, the room equipment was the main factor in deciding what room to use for their learning meetings. P75, who reported to use their bedroom for LFH meetings, said: "This is the location where I have my desk and my PC in."

Although most participants were comfortable with their selected meeting locations, some respondents reported to be somewhat or very uncomfortable (WFH: 9/150, SFH: 4/208, LFH: 3/114). Across all contexts, the main factor participants mentioned that made them uncomfortable with a location was the perceived invasion of remote/co-inhabitant privacy when holding meetings there (WFH: 4/9, SFH: 1/4, LFH: 2/3). In the LFH context, P115 reported that they are uncomfortable with using their bedroom for remote learning-related meetings: "It is hard to get comfortable in the bedroom as it feels like a private area to invite people in to." P4 discussed their discomfort with using the living room for their remote work meetings: "I could be overheard and am not comfortable with the webcam being on as it intrudes on my privacy. " We asked participants how they manage their perceived discomfort with meeting locations. The open-ended responses indicated that only participants in the WFH context took steps to mitigate their discomfort, while in the contexts of SFH and LFH, participants reported to take no action when being uncomfortable with their remote meeting locations. The primary approach participants mentioned to take in the context of WFH was to limit the information exposure, either to other meeting attendees or their household members (WFH: 3/9). P38, who reported to mainly use their living room for their work-related meetings, said: "I minimise what can be seen and test the audio quality before the meeting." Similarly, P35 limited the work-related information from the household members: "I close my door and ask other family members [not to] come to the living room when having work meetings."

We first provide a brief comparison between the contexts of remote communications. Based on our findings, we then discuss methods to inform and enable users' privacy-protective decision making related to remote communications.

We focused on three remote communication contexts: working from home (WFH), socializing from home (SFH), and learning from home (LFH). In each context, we surfaced participants' attitudes and concerns toward the use of remote communication technologies. Our quantitative and qualitative findings suggested several similarities and differences in participants' attitudes, behaviors, and privacy concerns among the three contexts. In all contexts, comfort and discomfort with conferencing tools and meeting locations were mainly explained by participants' privacy and security concerns and their perceived sense of safety. Our findings indicated that WFH and LFH were similar in terms of the choice and the use of conferencing tools (e.g., activating webcam/microphone). In SFH, unlike other contexts, the decisions toward the conferencing tools and the meeting locations were primarily based on the provided convenience. Numerous articles have been published that provide recom-mendations on how to better protect privacy when engaging in remote communications [38, 40, 84] . Almost all of these guidelines are targeted toward the users, who are already struggling with an insurmountable mental pressure thanks to the pandemic. When an awkward incident happens in a conference call, end users are not the only group to blame, as they are only a small part of the remote communication ecosystem. Tool developers and users' employers and educators could play a critical role in informing and empowering users to adopt privacy-protective behaviors while communicating with others online. The pandemic may not last forever, but remote communications will stay longer [16] and that requires us to critically examine what we have learned during the pandemic. Based on our findings, in the following, we distill several recommendations to inform and empower users, and to design more privacy-protective tools.

Participants' open-ended responses showed lack of autonomy in their attitudes and behaviors toward remote communication technologies. Several participants reported to have no control over the choice of conferencing tools for their WFH and LFH meetings (see Section 4.2.1). Lack of active decision making was also apparent in participants' attitudes toward the use of webcam and microphone. Participants reported to be explicitly (WFH and LFH) or implicitly (SFH) expected to turn on/off their webcam/camera in the meetings (see Section 4.3.2). The qualitative findings indicated that having limited or no control over the conferencing tools and their features (e.g., webcam/microphone) was participants' primary impediment to managing their tool-related privacy and security concerns (see Section 4.2.4). To enable active and informed decision making in remote communications, we need to consider the context of the meeting. Our findings suggested that WFH and LFH meetings have similar power dynamics that are being set by an authority figure (e.g., employer, educator). By providing inclusive, transparent, and flexible policies, workplaces and education institutes can take the first step toward informing and empowering meeting participants. To be inclusive, policies should acknowledge users' diverse and context-specific privacy needs and attitudes. To provide holistic privacy-protective policies, future studies should be conducted to explore other stakeholders' perspectives of remote communications, including but not limited to, employers and teachers.

In light of our findings, organizational policies need to discuss the choice of conferencing tool, the use of microphone and webcam in the meetings, and the available user controls. In addition, the policies should be flexible and open for feedback to help meeting attendees discuss and manage their concerns and discomfort. Items to be outlined in such policies include:

• What conferencing tools should be used for the meetings and why? • What privacy and security controls are provided by the tools? • In what condition are users (not) required to use their microphone/webcam? • How can users control their microphone/webcam in the communication tools? • How can meeting participants manage their concerns and discomfort with the tools?

Compared to WFH and LFH, in the context of SFH, participants felt being more in control of choosing a conferencing tool, which might be partially due to more balanced power dynamics. However, because of the implicit expectations, several participants felt having no control over the decision to activate their webcam/microphone in the personal meetings. As recommended by a few of our participants, joint decision making prior to the meeting could give meeting participants the opportunity to discuss their concerns and decide on a policy that accommodates and respects all of them.

Across all contexts, the main factor participants mentioned to make them uncomfortable with a meeting location was the lack of remote and co-inhabitant privacy they felt when holding remote meetings in that location (see Section 4.4.1). Participants who referred to remote privacy reported that they do not feel comfortable having their home locations in the background of their WFH and LFH meetings. On the other hand, having a neutral or generic background was one of the frequently mentioned factors to make participants comfortable when using a meeting location (see Section 4.4.1).

Due to the restrictions posed by the diverse working, living, and learning arrangements, it may not be reasonable to ask everyone to find a neutral background for their remote meetings. Tool developers can enable features to help users protect their privacy. Some of the current communication tools, such as Zoom [85] and Microsoft Teams [86] , already allow users to cover their real background by using virtual ones. Similarly, tools such as Skype [87] and Google Meet [88] provide a feature for users to blur their backgrounds.

Across all contexts, when discussing co-inhabitant privacy, several participants reported to be uncomfortable with other household members hearing their conversations (see Section 4.4.1). From the regression analysis, we found that an increase in the number of household members leads to a significant decrease in the level of comfort with conferencing tools as well as the locations of remote communications (see Table 1 ). To protect people's privacy in different contexts of remote communications, we need to design for diverse household settings. For example, to preserve co-inhabitant privacy in crowded settings, future remote communication devices can be enabled with a feature to detect and notify the user whether other household members are in the hearing range of their remote meetings. Such features can also respect the privacy needs of other meeting attendees, e.g., in case meeting participants are not comfortable with their voice or video being heard or seen by individuals who are not part of the call (e.g., household members).

As the first paper to study remote communications at the transition of the pandemic, we surfaced participants' attitudes, behaviors, and concerns toward specific aspects of remote communications in different contexts. Due to the focus of our research and the survey methodology, we did not explore other potentially informative research questions, which could be studied in the future. In what follows, we will highlight the limitations of the current work, alongside several future research directions.

Our study used Prolific to recruit survey participants. Prior work recommended using Prolific to recruit a diverse sample of participants [89] . However, despite its diverse population and similarly to other crowdsourcing platforms, Prolific participants are not representative of any average population. For example, in Prolific, participants tend to be younger and more educated [90] . In addition, our participants were mainly from the UK, Poland, and the US, and we had a small number of participants from other countries (see Table 5 ). Due to these limitations, the findings of our study should not be generalized. Our study provides an overview of technology-related perceptions and behaviors during the global COVID-19 pandemic and we believe future studies can more directly focus on specific populations. In our study, participants' country of residence was not a statistically significant factor, which might be due to the small number of participants from some of the countries. Future studies could explore the difference in privacy concerns and attitudes among different countries and cultures.

As we previously mentioned, among other questions, our survey explored how participants' learning experience has been impacted by the COVID-19 pandemic. In this study, we only recruited participants who were at least 18 years old. However, it is also important to understand the impact of the pandemic and the privacy considerations of students from all ages, which should be considered in a future study.

To ensure participants' familiarity with the contexts of remote communications, for each context, we only asked the survey questions of participants who reported to have familiarity with that specific context. This potential selection bias might impact participants' attitudes and concerns toward remote communications in each context. Similarly, due to the nature of the job and depending on the level of experience, crowd-source participants might be more familiar with remote communication technologies than the average population. Having familiarity with a technology has been shown to decrease the amount of risk an individual would perceive re-lated to that technology [69] . Therefore, the reported privacy and security concerns captured by our study could be lower than the average population' risk perception toward remote communications.

The COVID-19 pandemic has caused people around the world to abruptly shift their in-person work, personal life, and/or education meetings to remote ones, which could outlast the pandemic. Therefore, to enable safe remote experience, it is critical to design privacy-protective tools and empower users to consider privacy and security when engaging in remote communications. To this end, we conducted a 220-participant survey on Prolific, in which we considered three contexts of remote communications, namely working (WFH), socializing (SFH), and learning from home (LFH). Our quantitative and qualitative findings indicated that concerns, attitudes, and behaviors toward remote communications are diverse and context-dependent. Across all contexts, privacy and security were among the most frequently mentioned concerns that participants had. These concerns were exacerbated by the fact that participants felt that they had no agency over decision making about conferencing tools as well as audio and video modes of remote communications. We provided several recommendations for tool developers and organizations to enable users to make privacy-and security-protective choices when engaging with remote communications.

This is a survey about technology use in the home during the Coronavirus (COVID-19) pandemic by researchers at the University of Washington, in Seattle, Washington, USA. The University of Washington's Human Subjects Division reviewed our study, and determined that it was exempt from federal human subjects regulation. We do not expect that this survey will put you at any risk for harm.

In order to participate, you must be at least 18 years old and able to complete the survey in English. We expect this survey will take about 20 minutes to complete. If you have any questions about this survey, you may email us at hometechnology@cs.washington.edu.

• I am 18 years or older.

• Yes • No • I have read and understand the information above.

• Yes • No

• I want to participate in this research and continue with the task.

In the contexts of WFH, SFH, and LFH, we referred to remote communications as "remote work-related meetings," "remote personal meetings with friends and family members," and "remote learning-related meetings," respectively. Here we only provide the questions for the WFH context.

• CQ1: Have you been mostly having remote work-related meetings from home during the COVID-19 pandemic?

The rest of the context-related questions will only be presented if the answer is "Yes." 

Privacy and security concerns toward smart home IoT devices are not unique to the pandemic. However, their associated privacy risks have increased as people tend to spend more time at home [91] . In our study, we explored the impact of the pandemic on participants' attitudes and privacy concerns toward their smart home devices.

As people spend more time at home due to the pandemic, the demand for smart home IoT devices has seen a sharp surge. In a recent survey conducted by Parks Associates, 33% of smart home device owners reported an increase in the usage of their smart home devices during the pandemic compared to before the pandemic [92] . In another study, more than half of the participants reported purchasing new smart home devices during the pandemic [93] . The risks and vulnerabilities of smart home devices are not new to privacy and security researchers. Prior to the COVID-19 pandemic, several articles have reported on an array of privacy and security challenges and issues related to smart home devices [94] [95] [96] [97] [98] [99] . During the pandemic, due to the surge in purchasing and using smart home devices, many of which having poor privacy and security practices [100] , users are now exposing themselves and potentially others to an even higher level of risk. Reports have shown that attacks against IoT devices have more than doubled as compared to before the pandemic [91] . IoT consumers increasingly set up their smart home devices on the same network as their work-related computers, consequently increasing their workplaces' attack surface [101] . Moreover, a study has shown that smart speakers can be mistakenly triggered up to 19 times per day and on each activation, keep a recording of up to 43 seconds [102] , which is clearly disconcerting when having sensitive work, social, or learning-related meetings.

Reports published prior to the pandemic showed that consumers of smart devices are concerned about the privacy and security practices of such devices [103] [104] [105] [106] . As an example, a survey by Consumers International and the Internet Society reported that 63% of respondents found the data collection of smart devices to be "creepy" and more than half did not trust their devices to respect their privacy [107] .

Literature has discussed consumers' IoT-related privacy and security concerns prior to the pandemic and no study has been conducted to explore the impact of the pandemic on users' privacy and security concerns and attitudes. As part of our survey, we asked questions to understand how the pandemic has changed participants' privacy perception and behavior related to their smart home devices.

Out of 103 participants who reported to have at least one smart home device, 74% had a smart speaker with voice assistant (e.g., Amazon Echo, Google Home). Other common smart home devices that participants had were smart security camera 

Without prompting participants about the privacy and security of smart home devices, we asked them whether they changed anything about their smart home devices during the pandemic. Only four participants reported to have made changes to their smart home devices and almost all reported to become more aware of the presence of the microphones on smart speakers and to turn them off when they are not needed. P174 reported: "During the pandemic, I've been more diligent about turning the microphone off, especially in my work/study room, so it doesn't get triggered by errant phrases or record sensitive conversations." Similarly, P160 discussed the change they applied to their Google Home Mini that is placed in the their bedroom: "I've left voice recognition off. I really don't like that anyone can ask it to do things, I don't want to be shocked awake in the morning."

To capture the impact of the pandemic on privacy-related concerns, we asked participants to specify how their concerns toward the data collection of their smart home devices have been impacted by the pandemic. In addition, we asked participants to provide the rationale behind their answers. Most participants (78/103) reported that the pandemic has not impacted their IoT-related privacy concerns, due to several reasons.

Lack of Risk Awareness. Participants' justifications as to why the pandemic has not impacted their privacy concerns suggested their lack of risk awareness as the most frequent reason (38/78) . Participants commonly reported that they have no reason to change their concerns mainly due to not having heard about or personally experienced new risks during the pandemic. P123 discussed why their privacy concerns have not been impacted: "I haven't seen any disturbing news about privacy during a pandemic." Some participants attributed their lack of awareness to having the same knowledge about the risks of their smart home devices compared to before the pandemic. P39 reported: "I knew the potential risks before and I still do. I haven't seen anything new that would change my opinion."

Lack of Initial Concern. Several participants reported that they always had little or no privacy concerns with the data practices of their smart home devices and that the pandemic has not impacted that (16/78) . Most of these participants reported to have at least one smart speaker with voice assistant (11/16) and some had smart TVs (5/16). P34, who had a smart TV in their living room, said: "I have never been concerned about it so the pandemic has not changed it. I believe that mass data is necessary and helpful overall."

Although the pandemic did not impact most participants' privacy concerns toward their smart home IoT devices, some participants (15/78) reported that their IoT-related privacy concerns have grown during the pandemic, primarily due to increased awareness and interaction with their devices.

Increased Risk Awareness. Participants frequently reported that they became more aware of the privacy risks of their smart home devices during the pandemic (11/15). Some of these participants attributed their heightened risk awareness to the increased privacy-focused media reports during the pandemic (6/11). P146 reported: "I have heard so much about privacy issues on the news because of the quarantine so now I'm a little more worried about how much data companies track."

More Frequent Device Usage. The second reason contributing to participants' increased privacy concerns was spending more time around the smart home devices and having more interactions with them during the pandemic (8/15 ). This increase in device usage is aligned with a recent survey conducted by Parks Associates [92] . P175, who had a smart speaker and smart TV in their living room, reported: "We use them more during the pandemic, and although they are not devices that can collect a lot of personal info, the worries are still there." P174, who had a smart speaker in their workroom, discussed their increased privacy concerns: "I don't want it to be recording sensitive work information that I discuss aloud."

During the pandemic, social media platforms have seen an unprecedented growth in user engagement [108] . This increase in interaction could increase users' exposure to online risks, including phishing attacks, identity theft, and cyber-bulling [109] [110] [111] . We explored the impact of the pandemic on participants' attitudes, privacy concerns, and risk awareness toward their social media platforms.

Similar to smart home IoT devices, the use of social media platforms has been soaring due the COVID-19 pandemic. Stay at home orders have caused more people using social media platforms to stay connected with their colleagues, family, and friends. A study showed that during the pandemic, social media platforms have seen a 61% increase in usage [108] . Such an increase has led privacy experts and lawmakers to be concerned about users' privacy during the pandemic [112, 113] .

In addition to an increase in usage, the pandemic might have potentially exposed social media users to a greater harm by impacting the content people share due to their change in risk assessment when posting online [114] . The change in usage and content sharing on social media exacerbates the already alarming privacy risks and concerns of these platforms, including identity theft attacks, phishing attacks, cyberbulling, and malware attacks [109] [110] [111] . However, from the literature, it is unclear whether users acknowledge the intensified risks and harms of social media during the pandemic and how their risk perception has impacted their behaviors toward such platforms. Our study contributes to the literature by investigating how the pandemic has influenced users' concerns, attitudes, and behaviors toward their social media platforms.

Almost all (214/220) of our participants reported to be active on at least one social media platform. The most frequently used platforms were Facebook (174/214), Instagram (151/214), Twitter (119/214), and Reddit (86/214).

19% of participants (40/214) who were active on at least one social media platform reported to change how they use their social media platforms during the pandemic. Most participants reported to have increased their interactions with social media (28/40). P56, who was active on Facebook, said: "I have been on it more, accessing news. I also use Facebook's messenger feature to chat with friends and ex-colleagues." Some participants, on the other hand, reported to lessen their interactions with social media. P141, who reported to have accounts on several platforms, said: "I use social media less since people were panicking about COVID-19 in the beginning and I didn't want to consume so much stressful content."

We asked participants to specify how the pandemic has impacted their privacy-related concerns toward social media platforms. Most participants reported that the pandemic did not impact their privacy concerns (155/204). Quite surprisingly, 68% of participants (18/28) who increased their interactions with social media platforms during the pandemic, reported that their privacy concerns with social media has not been impacted. Open-ended responses suggested several reasons as to why privacy concerns toward social medial platforms were not impacted during the pandemic.

Lack of Risk Awareness. Lack of risk knowledge and awareness was the most frequently reported reason as to why some participants' privacy concerns toward social media platforms have not been impacted during the pandemic (61/155). P71, who reported to be active on Facebook, Twitter, and Instagram said: "I am not aware of social media platforms changing their data practices over the pandemic. Thus, my concern stays the same on those platforms." P39 attributed their lack of awareness to media reports: "I haven't seen any news recently that would change my knowledge about the potential risks of my social media accounts."

Perceived Efficacy. To some participants (27/155), their unaffected privacy concerns were mainly due to their perception of having autonomy over protecting their privacy. The two common approaches participants reported to adopt to manage their privacy on social media were posting less sensitive information and changing the privacy settings (e.g., who can view the posts). P86 discussed how they protect their privacy by limiting their online activities: "I knew from the start what were the privacy-related risks of social media. That's why I don't really post sensitive information anymore." P176 talked about their privacy-protective social media settings: "I already have my privacy settings tightly controlled so have had no need to adjust them."

Lack of Initial Concern. Similar to IoT-related privacy concerns, some participants (25/155) reported that their privacy concerns related to their social media platforms have not been changed during the pandemic as they have never had any concern about such platforms. P24, who had Twitter and Facebook accounts, said: "I have no concerns about my accounts so they haven't changed during the pandemic."

Unchanged User Behavior. Some respondents (25/155) reported that the pandemic has not affected their concerns toward the privacy practices of their social media platforms since their interactions with their accounts stayed the same as compared to before the pandemic. P95, who reported to have LinkedIn and Facebook accounts, said: "I use them in the same way as before and I didn't see any difference so no need for extra concern." A few participants (25/204) reported that they became more concerned about their social media platforms during the pandemic, mainly due to heightened risk awareness and increased platform usage.

Increased Risk Awareness. Several participants reported that during the pandemic, they became more aware of the privacy risks of social media platforms (19/25) . P23 discussed their privacy concerns related to oversharing on social media during the pandemic: "I am now more aware that when you are stressed or sad you tend to overshare, especially if you do not have any other outlets, and I am concerned for people especially during the pandemic time since I have seen that many do not realize they share a lot of sensitive information that can be easily collected by other people." P61 mentioned how they became more aware of the potential privacy harms of social media during the pandemic: "I have had more time to think how my privacy can be breached through social media, so I have deleted information and closed my privacy settings more."

Increased Platform Usage. Increased interactions with social media platforms reported to be the second most frequent reason as to why some participants became more concerned with their online platforms (14/25). P175, who had Reddit, Discord, and Twitter accounts, said: "I'm using social media a lot more, and people have tried to get into my e-mail, and I have personal information on some accounts." P4, who reported being active on Facebook and Instagram, discussed why they became more concerned with social media: "These days more people are using social media, so they might become easier to hack."

The codebooks are available at: https://gist.github.com/SOUPS-COVID-Privacy/ 97b6f6caeb13d5091314e6458049617d. Master's degree (e.g., MA, MS, MBA) 13% Professional degree (e.g., MD, JD) 0% Doctorate degree (e.g., Ph.D., EdD) 0% Table 5 : Participants' demographic information. Only countries with at least 5 participants are listed.

Coronavirus social distancing around the world

Boris Johnson issues stay-at-home order, sending UK into lockdown to fight coronavirus pandemic

China forces millions of people to stay at home as virus toll rises

974c3312 -5a40 -4764 -afb1 -4bb6b86f1cf4/?itid = lk _ inline _ manual _ 2&itid = lk _ inline _ manual _ 2

The coronavirus is creating a huge, stressful experiment in working from home

The virus changed the way we internet

This school year has been unlike any other

When the Pandemic Ends, Will School Change Forever

Zoom security issues: Here's everything that's gone wrong (so far)

Why You Should Stop Sending Links On Facebook Messenger

Microsoft listened to Skype calls with 'no security' to protect recordings, report says

WhatsApp disclosed 12 security flaws last year, including 7 classified as 'critical,' after Jeff Bezos phone was reportedly hacked

Attendee attention tracking

Millions of americans are suddenly working from home. that's a huge security risk

Massive shift to remote learning prompts big data privacy concerns

Workers Discovering Affinity for Remote Work

Quickly find research participants you can trust

The coronavirus has killed at least 1 million people worldwide

Centers for Disease Control and Prevention (CDC)

Home as an environmental and psychological concept

Pandemic leads to surge in video conferencing app downloads

Why Zoom has become the darling of remote workers during the COVID-19 crisis

Microsoft's solution for COVID-19 is a free Teams subscription for six months

Google makes Hangouts Meet features free in the wake of coronavirus

Cisco says Webex video-calling service is seeing record usage too, even as competitor Zoom draws all the attention

zoombombing': When video conferences go wrong

A feature on Zoom secretly displayed data from people's LinkedIn profiles

Zoom sued for allegedly illegally disclosing personal data

Privacy in pandemic: Law, technology, and public health in the covid-19 crisis

Data privacy considerations for telehealth consumers amid covid-19

For remote learning, privacy challenges go beyond zoombombing

How teachers are sacrificing student privacy to stop cheating

Shift to online learning ignites student privacy concerns

How to protect your family's privacy during remote learning

As schooling rapidly moves online across the country, concerns rise about student data privacy

Can employers monitor employees who work from home due to the coronavirus

Just because you're working from home doesn't mean your boss isn't watching you

Digital hygiene in the Zoom era

Protecting your digital life in 9 easy steps

How to protect your Zoom calls

Exploring how privacy and security factor into iot device purchase behavior

Privacy expectations and preferences in an iot world

Americans buying 'historic' amount of computers during coronavirus lockdown

Webcams have become impossible to find, and prices are skyrocketing

No end to covid-19 webcam shortage

The covid-19 pandemic has caused a webcam shortage, and street prices are soaring

What i learned from the hacker who spied on me

Risk: Is this your webcam? you're being watched

Mac malware can secretly spy on your webcam and mic -here's how to stay safe

Zoom users beware: Here's how a flaw allows attackers to take over your mac microphone and webcam

Ohio man charged for remotely controlling devices, spying on people for 13 years

Nasty facetime bug could allow others to eavesdrop on your microphone or camera

Is it safe to leave your webcam uncovered after using video chat apps

Somebody's watching me? assessing the effectiveness of webcam indicator lights

iseeyou: Disabling the macbook webcam indicator {LED}

Webcam spying without turning on the led? researchers prove it's possible

How to protect yourself from camera and microphone hacking

Zoom, skype, microsoft teams: Why you should cover the camera on your phone or laptop

Loneliness is distracting

Like 'punching a time clock through your webcam': How employers are keeping tabs on remote workers during the pandemic

Employees at home are being photographed every 5 minutes by an always-on video service to ensure they're actually working -and the service is seeing a rapid expansion since the coronavirus outbreak

How employers use technology to surveil employees

rolling shock' as job losses mount even with reopenings

Spying on students: School-issued devices and student privacy

Cheating-detection companies made millions during the pandemic. now students are fighting back

We've become dependent on a technological ecosystem that is highly invasive and prone to serial abuse

On or off? california schools weigh webcam concerns during distance learning

Controlling order-effect bias

Communicating asset risk: How name recognition and the format of historic volatility information affect risk perception and investment decisions

Students, parents and teachers tell their stories of remote learning

More comprehensive and inclusive approaches to demographic data collection

A threat in the air: How stereotypes shape intellectual identity and performance

Stereotype threat and women's math performance

The coding manual for qualitative researchers

Data reduction techniques for large qualitative data sets

Statistical methods for rates and proportions

Multimodel inference: understanding AIC and BIC in model selection

Understanding and improving security and privacy in multi-user smart homes: a design exploration and in-home user study

In digital world, we trade privacy for convenience

Social influence: Compliance and conformity

A study of normative and informational social influences upon individual judgment

Cognitive repairs: How organizational practices can compensate for individual shortcomings

A study of some social factors in perception

The Dos and Don'ts of Online Video Meetings

Virtual Background

Custom backgrounds in Microsoft Teams make video meetings more fun, comfortable, and personal

Introducing background blur in Skype

Blur your background in Google Meet

Beyond the turk: Alternative platforms for crowdsourcing behavioral research

What are the advantages and limitations of an online sample

security/ Smart-Device-Hacks-Are-Up-Since-the-Pandemic-Started.html

Parks associates: 33% of smart home device owners report increased usage during the COVID-19 pandemic

New survey finds 70% of consumers improved home during COVID-19, more than half used smart devices

Network-level security and privacy control for smart-home IoT devices

Amazon Alexa heard and sent private chat

Google calls Nest's hidden microphone an "error

Amazon's Alexa isn't just AI -thousands of humans are listening

It may have been terrifyingly easy for a stranger to hack into a baby monitor and curse at a 2-year-old

On privacy and security challenges in smart connected homes

smarthome -devices -with -known -security -flaws -arestill -market -researchers -say/?utm _ campaign = wp _ the _ cybersecurity _ 202&utm _ medium = email&utm _ source = newsletter&wpisrc = nl_cybersecurity202

There's a growing blind spot for your security team during the pandemic: IoT devices

When speakers are all ears: Characterizing misactivations of iot smart speakers

Security for the internet of things: A survey of existing protocols and open research issues

Privacy and security in internet of things and wearable devices

Security, privacy and trust in internet of things: The road ahead

November) 10 fascinating things we learned when we asked the world "how connected are you

The trust opportunity: Exploring consumers' attitudes to the internet of things

Is COVID-19 Social Media's Levelling Up Moment

On privacy and security in social media-a comprehensive study

How much privacy we still have on social network?

Privacy risk with social media

Tiktok said to be under national security review

S.3455 -no tiktok on government devices act

Inside out and outside in: How the COVID-19 pandemic affects self-disclosure on social media

] is selected) Please explain why your privacy-related concerns about using social media platforms have not changed compared to before the pandemic

Demographics and Home Settings • DH1: Including yourself, how many adults 18 years of age and above live in your current home?

How many children at or above the age of 13 and under the age of 18 live in your current home?

How many children at or above the age of 7 and under the age of 13 live in your current home?

How many children under the age of 7 live in your current home?

Who do you share your home with? (check as many as apply)

• No one • Roommate(s) • Spouse(s)/Domestic partner(s) • Children • Parent(s) • Other (please specify

Do you have shared wall(s) with your neighbors? • Yes • No • DH7: How many bedrooms does your home have?

How many rooms other than bedrooms does your home have?

What is your age? • 18-29 years old • 30-49 years old • 50-64 years old • 65 years and older • DH10: What is your gender?

No schooling completed • Nursery school • Grades 1 through 11 • 12th grade-no diploma • Regular high school diploma • GED or alternative credential • Some college credit, but less than 1 year of college • 1 or more years of college credit, no degree • Associates degree (for example: AA, AS) • Bachelor's degree (for example: BA. BS) • Master's degree (for example

In which country do you currently reside?

What is your current employment status? • Full-time employment • Part-time employment • Unemployed • Self-employed • Home-maker • Student • Retired

Unemployed or Retired is not selected) The organization you work for is in which of the following? • Public sector (e.g., government) • Private sector (e.g., most businesses and individuals) • Non-for

Yes is selected) Please specify what your technical background is

We are especially grateful to our study participants. We thank Christine Geeng for reading the draft of our paper. We are also very thankful to our reviewers for their valuable feedback. This work was supported in part by the NSF awards CNS-1565252 and CNS-1651230 and the University of Washington Tech Policy Lab, which receives support from the William and Flora Hewlett Foundation, the John D. and Catherine T. MacArthur Foundation, Microsoft, and the Pierre and Pamela Omidyar Fund at the Silicon Valley Community Foundation.