Smart Home Users’ Security and Privacy
Perceptions and Actions Differ By Device
Category: Results from a U.S. Survey
Julie M. Haney
1[0000−0002−6017−9693]
, Yasemin Acar
2[0000−0001−7167−7383]
, Anna
Li
3
, and Faith Haney
4
1
National Institute of Standards and Technology, Gaithersburg MD 20899, USA
julie.haney@nist.gov
2
Paderborn University, 33098 Paderborn, Germany
yasemin.acar@uni-paderborn.de
3
Massachusetts Institute of Technology, Cambridge MA 02139, USA
annawli@mit.edu
4
University of Maryland, College Park MD 20742, USA fhaney@umd.edu
Abstract. There are few insights into how users’ perspectives on smart
home security and privacy differ depending on device category. This may
leave the smart home community at a disadvantage in knowing how to
focus user education efforts to address device-specific misunderstandings
or concerns. As a result, consumers may remain uninformed or lack moti-
vation to protect some device categories, leaving devices and data vulner-
able. Towards closing this gap, we conducted a between-subjects survey
of 401 U.S. smart home users with devices in five categories: voice assis-
tants, thermostats, security devices, sensors, and lighting. Participants
found voice assistants to be most problematic and were most confident
about security devices and thermostats. We also report novel results re-
lated to lack of trust of lighting device manufacturers and general comfort
with sensor security and privacy. Our identification of differences across
device categories can contribute to greater user empowerment through
tailored smart home user education materials.
Keywords: Security · Smart home · Internet of things · Users.
1 Introduction
Internet of things (IoT) smart home research reveals that users may have inac-
curate mental models of device security and privacy, exhibit lingering concerns
even after adopting devices, struggle with a lack of transparency about data
collection and use, and feel powerless to take action [22,53]. As a result, smart
home devices and the data they collect may remain vulnerable to compromise.
Researchers suggest that user education may help counter these issues [53,63].
Device manufacturers play an important role in education, as reflected in IoT
security baselines and guidance from government [3,17,42], industry [9,29], and
standards [16] organizations. These baselines (minimum controls to sufficiently
