TULIPS: Projects

Technology Usability Lab In Privacy and Security

URL Usability

Reading a URL is one of the key abilities necessary for identifying malicious communications, but many people cannot accurately read a URL and predict where it will go. This happens for several reasons, URLs are naturally complex to read, visually identical characters can easily confuse a person, and for some URLs, such as shortened ones, it is physically impossible to predict the destination from simply reading the text due to redirection.

In this project, we explore the design and effectiveness of different communication approaches to support internet users' decision on URL security and privacy risk.


  1. Kholoud Althobaiti, Kami Vaniea and Serena Zheng, Faheem: Explaining URLs to people using a Slack bot. In the Symposium on Digital Behaviour Intervention for Cyber Security (AISB), 2018.



Research and projects here are partially funded by the following groups:

Related Student Projects

The following are projects completed by interns, undergraduate, and masters students related to the Software Update project.
Project screenshot.

Web-based tool for estimating security training approaches for security decision-makers

Nan Sheng (2017-2018, Masters Thesis)

Supervisor: Kami Vaniea

Cyber security has been a concern for organizations because it can lead to large financial loss. The premise of this project is that the CISO realizes the improtance of cyber security training and is trying to find a suitable training approach for the staff. This project collects essential information about training approaches from academic papers and training companies such as methodology, charateristic, effectiveness, cost and commercial training products. The goal is to help someone like a CISO select a suitable training approache for the staff.

Project screenshot.

Empirical Evaluation of Users' Ability to Read URLs With and Without a Support Website

Xinding Wang (2017-2018, Masters Thesis)

Supervisor: Kami Vaniea

Reading a URL unaided is challenging. This project had two goals:
1) Determine if people in China and Europe read URLs differently.
2) Build a website that parses and explains a URL to someone in both English and Chinese.

Project screenshot.

Faheem: Real-time Slack Bot URL Explainer Assists Users in Overcoming Phishing

Kholoud Althobaiti (2016-2017, Masters Thesis)

Supervisors: Stuart Anderson, Kami Vaniea

People have difficulty understanding URLs which makes it harder for them to decide what links are safe to click on or identify potential privacy issues. Faheem is a Slack chat bot designed to help users understand a URL through an interactive discussion with the bot.