David G. Balash
Google Scholar, GitHub, Twitter, LinkedIn, CV
Hello, and welcome to my web page. I am a fifth year Ph.D. student in computer science at The George Washington University and a member of the GW Usable Security and Privacy Lab. My research focuses on the usability of privacy control and disclosure mechanisms, and my advisor is Professor Adam Aviv. Broader research interests include computer and network security, trustworthy artificial intelligence, and complex systems.


Aug 22 Presented our work on API Privacy at USENIX Security '22 in Boston, MA.
Jun 22 Awarded Design of Trustworthy AI and Future Work Systems NSF PhD Fellowship.
May 22 Presented our work on Privacy Labels at CACTUS/P in Washington, DC.
Dec 21 Presented our work on API Privacy at CACTUS/P in College Park, Maryland.
Sep 21 New paper on API Privacy accepted at USENIX Security '22.
Aug 21 Co-presented our work Privacy Dashboards at USENIX Security '21.
Aug 21 Presented our work on Exam Privacy at SOUPS '21.
May 21 New paper on Exam Privacy accepted at SOUPS '21.
Apr 21 New paper on Privacy Dashboards accepted at USENIX Security '21.

Current Research

Privacy Dashboards
Privacy dashboards and transparency tools help users review and manage the data collected about them online. We seek to understand how privacy dashboards and transparency tools affect concerns about and benefits from data collection.
App-Based Privacy Nutrition Labels
The ubiquitous surveillance and data collection regime embedded within modern web and mobile ecosystems has led to several interventions meant to empower users to make choices to restrict and manage their privacy. Privacy nutrition labels offer an approach that is modeled after food nutrition labeling. Like a food label, a privacy nutrition label describes the data collection and usage practices of a service. The standardization of privacy labels offers a unique opportunity for a comprehensive study of the self-reported data collection and use policies of an entire app ecosystem.
API Privacy
Online services like Google provide a variety of application programming interfaces. These online APIs enable authenticated third-party services and applications to access a user's account data for tasks such as single sign-on, calendar integration, and sending email on behalf of the user, among others. Despite their prevalence, API access could pose significant privacy and security risks, where a third-party could have unexpected privileges to a user's account.
Security and Privacy Implications of Remote Proctoring
The problem of how to perform student assessment in an online environment has become increasingly relevant, leading many institutions and educators to turn to online proctoring services to administer remote exams. These services employ various student monitoring methods to curb cheating, including restricted browser modes, video/screen monitoring, local network traffic analysis, and eye tracking. We explore the security and privacy perceptions of the student test-takers being proctored.


David G. Balash, Xiaoyuan Wu, Miles Grant, Irwin Reyes, and Adam J. Aviv.
Security and Privacy Perceptions of Third-Party Application Access for Google Accounts.
31st USENIX Security Symposium (USENIX Security 22). Aug 2022.

David G. Balash, Dongkun Kim, Darika Shaibekova, Rahel A. Fainchtein, Micah Sherr, and Adam J. Aviv.
Examining the Examiners: Students' Privacy and Security Perceptions of Online Proctoring Services.
17th Symposium on Usable Security and Privacy (SOUPS '21). Aug 2021.

Florian Farke, David G. Balash, Maximilian Golla, Markus Dürmuth, and Adam J. Aviv.
Are Privacy Dashboards Good for End Users? Evaluating User Perceptions and Reactions to Google's My Activity.
30th USENIX Security Symposium (USENIX Security '21). USENIX Association. Aug 2021.