User-centric security and privacy conversations are based around best-practices or a binary of what to do and what not to do. This has been detrimental to practical conversations around user security and privacy. In the context of digital sexual expression, users are typically shamed and told not to engage in those activities without providing an alternative.
Harm reduction provides an alternative framework that can be used. At its core, harm reduction is based around making risky behaviors safer. It has successfully been used for public health programming around drug use and sexual activities.
This talk will introduce harm reduction as a framework for user-centric security and privacy and walk through an example based on research around gay dating apps. Through this case study, I will discuss some of the ways that taking a harm reduction approach shifted security expectations and priorities to recommend practical features that had major implications for user safety.
Security and privacy harm reduction is still a developing conversation. This talk is aimed at a wide audience to introduce harm reduction as a framework with the goal of improving the methods and practices around user-centric security and privacy.