Usable Security and Privacy (USP) Lab
Link to Google Scholar
Link to Google Scholar
RHUL, Mar 2025
RHUL, Dec 2024
RHUL, May 2023
Newcastle, Mar 2022
I direct the Usable Security and Privacy (USP) Lab at the Information Security Department, Royal Holloway University of London (RHUL). I work with a number of passionate post-doctoral researchers, PhD students, and MSc students, as well as colleagues from multiple academic and industrial institutions.
Dr Adriano Bermudez Villalva (RHUL), Research Fellow (AGENCY and CyFer projects), 2022-now. Adrian specializes in complex online risks and harms affecting women and girls, specifically online hate speech, and misinformation and crime related to women's health across various digital platforms.Outputs:
Measuring Online Hate on 4chan Using Pre-Trained Deep Learning Models, Paper, IEEE Transactions on Technology and Society, 2025
Dataset: Measuring Online Hate on 4chan Using Pre-Trained Deep Learning Models, Dataset, 2025
The Dark Side of Anonymity: Measuring Online Hate on 4chan, Agency blog post, 2025
Challenges of Extracting Data from Social Media: The Case of Women's Health Misinformation, CyFer blog post, 2023
Women's Health-related Misinformation on Social Media, CyFer blog post, 2023
Dr Scott Harper (Surrey), Research Assistant (working with Ehsan Toreini, AGENCY project), 2024-2025. Scott's work focused on the security and privacy of smart IoT home devices and apps across Android and iOS ecosystems, including an Apple Security Research Device for the latter. Output:
Android vs iOS in Smart Security Camera Privacy, Agency blog post, 2025
Stephen Cook (RHUL), Research Assistant (CyFer project), 2022-2023, Stephen worked on the cybersecurity and privacy of FemTech. He performed experiments on the communication layers of FemTech IoT devices including NFC, BT and WiFi. Outputs:
Bluetooth Security Analysis of General and Intimate Health IoT Devices and Apps: the Case of FemTech, Paper, International Journal of Information Security, 2024
The Importance of Collective Privacy in Digital Sexual and Reproductive Health, Paper, UK Fertility Conference, 2024
Dr Laura Shipp (Newcastle), Research Associate (CyFer project), 2022, Laura's research examined the SP of FemTech IoT devices, focusing on their data collection, privacy policies, and associated risks for women, partners, and children. Outputs:
Bodies Like Yours: Enquiring Data Privacy in FemTech, Paper, ACM NordicCHI, 2022
Vision: Too Little too Late? Do the Risks of FemTech already Outweigh the Benefits? Paper, EuroUSEC, 2022
Zeynep Aki (Newcastle), Research Assistant, 2021, Zey worked on a privacy-preserving ML-based face mask recognition system. She used ML algorithms to develop a system which can identify if people have their face masks on properly without revealing the identity of the person.
Stephen Cook (RHUL, CDT'23), 2023-now (main supervisor), Stephen works on accessibility on IoT devices and apps. He investigates the security and privacy of BLE connection and privacy notices, as well as accessibility scores.
Rebecca Jones (RHUL, CDT'23), 2023-now (main supervisor), Rebecca works on security, privacy, and safety of menopause tech. She uses creative CHI methods such as story completion method to understand the user perception and expectations in these technologies.
Sophie Hawkes (RHUL, CDT'22), 2023-now (second supervisor, with Christian Weinert), Sophie is working on the investigation of real world privacy vulnerabilities and developing privacy-preserving solutions. Output:
Perceptual Hash Inversion Attacks on Image-Based Sexual Abuse Removal Tools, Paper, IEEE S&P Magazine, 2024
Taylor Robinson (RHUL, CDT'21), 2023-now (independent project) research uses ethnographic methods to examine how marginalised communities in the UK, Thailand, and Uganda perceive information security. In her collaborative work with us, she works on menopause tech.
James Clarke (University of Surrey), 2022-now (external advisor, with Ehsan Toreini), James is working on the security and privacy of people with visual impairment. James has been conducting system studies as well as user studies. James was my MSc student at Newcastle and continued his research topic to his PhD work. Output:
Invisible, Unreadable, and Inaudible Cookie Notices: An Evaluation of Cookie Notices for Users with Visual Impairments, Paper, ACM Transactions on Accessible Computing, 2024
Scott Harper (Newcastle), 2020-2024 (main supervisor, with Matt Leach), PhD title: On the Security and Privacy of Animal Technologies. Outputs:
Are Our Animals Leaking Information About Us? Security and Privacy Evaluation of Animal-related Apps, Paper, SSR (IEEE EuroS&PW), 2022
Security and Privacy Concerns of Pet-Tech Users, Paper, STaR-IoT (IoT Conference Workshop), 2022
Security and Privacy of Pet Technologies: Actual Risks vs User Perception, Paper, Journal of Frontiers in Internet of Things, 2023
International News Coverage including: The Telegraph, CBS News, Naked Scientists, La Opinión, Crumpe, etc.
Dr Dante Gray (RHUL, previously at Newcastle, main supervisor, with Rishad Shafik), 2019-2024, PhD title: On the Security of IoT Sensors. Outputs:
PhotonKey: A Key Pairing System for IoT Resource and Input Constrained Devices Using Light Sensors, Paper, Journal of Information Security and Applications, 2025
SenSig: Practical IoT Sensor Fingerprinting Using Calibration Data, Paper, SSR (IEEE EuroS&PW), 2022
Verifying the Identity of a Device via Sensor Calibration Data, UK Patent application, 2022
Dr Rawan Taher (Newcastle), 2019-2024 (supervisory team, with Charles Morisset and John Mace), PhD title: A Trust-Based Mechanism to Manage User Privacy in University Smart Buildings. Collaborative output:
"I feel spied on and I don't have any control over my data": User Privacy Perception, Preferences and Trade-offs in University Smart Buildings, Paper, STAST'22
Naoom Abu Abah (Newcastle), 2020-2024 (supervisory team, with Charles Morisset), PhD title: "Human as a Sensor" in Incident Reporting Systems in a Smart Spaces, Collaborative output:
U-Sense: Feasibility Study of “Human as a Sensor” in Incident Reporting Systems in a Smart Campus, Paper, STAST, 2023
For the complete list, see here.
Cheok Ieng Ng (RHUL), 2024, Output: Security and Privacy Evaluation of IP Cameras on Shodan, SSR, 2025
Joshua Harrison (Durham), 2023, Output: A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards, SLIM, (IEEE Euro S&P), 2023
James Clarke (Newcastle), 2021, Output: Invisible, Unreadable, and Inaudible Cookie Notices: An Evaluation of Cookie Notices for Users with Visual Impairments, ACM Transactions on Accessible Computing, 2023
Scott Harper (Newcastle), 2020, Output: User Privacy Concerns and Preferences in Smart Buildings, Paper, STAST, 2021, and User Privacy Concerns in Commercial Smart Buildings, Paper, Journal of Computer Security, 2022
Chris Makarouna (Newcastle), 2019, Output: Risks of Mobile Ambient Sensors and User Awareness, Concerns, and Preferences, Paper, EuroUSEC, 2022
Dr Ehsan Toreini, Systems Security, Samsung R&D, UK, and Visiting Professor, University of Surrey, UK
Dr Teresa Almeida, HCI, Instituto Superior Técnico, University of Lisbon | ITI/LARSyS
Dr Jennifer Pybus, Data, Democracy and AI, York University, Canada
Prof Aad van Moorsel, School of Computing Science, Birmingham University, UK
Prof Mike Catt, Newcastle University (Digital Health), UK
Dr Matt Leach, Newcastle University (School of Natural and Environmental Sciences), UK
Joe Bourne, The Alan Turing Institute, Lancaster University (Institute for the Contemporary Arts), UK
Dr Thyla van der Merwe, Google, Zurich, Switzerland (formerly at ETH Zurich)
Dr Kovial Coopamootoo, KCL (Usable Security and Privacy), UK
Dr Rishad Shafik, Newcastle University (Engineering), UK