To do

Changes to survey for Pilot 7

Replace worst with most harmful - DONE
Replace Yes, and I should have included it above among my three worst with Yes and, in retrospect, I should have included that experience above among my three most harmful. - DONE
For each scenario, if participant responds that a scenario should have been included among the three most harmful, ask Should you have included that experience as your most harmful, second-most harmful, or third-most harmful experience? options of ["most harmful", "second-most harmful", "third-most harmful"]. - DONE
renamed hacked-acct-rec to hacked-acct-duration - DONE
Missing question hacked-bank-rec and hacked-pwds-rec to match hacked-soc-duration and hacked-acct-rec (hacked-pwds-duration?) - DONE
for hacked-*-duration, the first option is now `I never lost access`` - DONE
New scenario: backups and switching to new devices - DONE
Possible new scenario: systems and devices not doing what they say they're doing (failing to keep promises) - DONE
Verify that all capitalization of options is caps - DONE
Verify that all options that start with "s the" becomes "The" - DONE
if PIN or password changed, who changed it? - DONE
- in progress. replicate locked-acct-pwho
- replicate locked-acct-how new option 2: "The PIN or password was recently changed"
- added locked-pwds-how
Add question for all scenarios: Please rank the severity of the harm or loss on a scale of 1 (not harmful at all) to 7 (extremely harmful)?
- (proposed by Serge)
- Goes at the end of each scenario before the tell us more.
- DONE
Can we reduce inconsistency between questions for devices and accounts, possibly using the same labels so we can graph them all together? - DONE

Changes for analysis

Merge graphs for accounts when same questions asked for email, social, and financial
Still a few missing graphs to clean up and add.

Results

There were 50 participants in this pilot.

Participants started by writing loss stories about the three worst technology-related harms they had experienced.

We then told participants we would "describe technology-related harms that that have happened to others, and ask if they have also happened to" them.

A bar chart summarizing the percent of participants who had experienced each harm scenario. — The percent of participants who had experienced each harm scenario. Losses due to failures of security measures to protect participants from attack are paired (left bar) against harms due to security measures themselves harming participants (right bar).

When participants reported having suffered one of the described scenarios, we asked them how recently they had experienced it.

A bar chart summarizing how recently participants who had experienced each harm scenario. — The absolute number of participants who had experienced each harm scenario for each level of recency.

We asked participants who had a device compromised/stolen or locked what type of device it was. (If they had experienced more than one incident of a scenario we asked about the worst.)

A bar chart summarizing the number of devices of each type that were lost or hacked. — The absolute number of devices of each type that participants had suffered the compromise of (left bar in pair) or had been locked out of (right bar in pair).

The types of social accounts that participants had suffered the compromise of (left bar in pair) or had been locked out of (right bar in pair).

A bar chart summarizing the number of devices of each type that were lost or compromised. — The types of financial accounts that participants had suffered the compromise of (left bar in pair) or had been locked out of (right bar in pair).

A bar chart summarizing how devices were compromised. — How devices were compromised.

A bar chart summarizing how participants reported being locked out of their devices. — How users were locked out of their devices.