Differential Vulnerabilities and a Diversity of Tactics: What Toolkits Teach Us about Cybersecurity

We investigate cybersecurity toolkits, collections of public facing materials intended to help users achieve security online. Through a qualitative analysis of 41 online toolkits, we present a set of key design dimensions: agentive scale (who is responsible for security), achievability (can security be achieved), and interventional stage (when are security measures taken). Recognizing toolkits as socially and culturally situated, we surface ways in which toolkits construct security as a value and, in so doing, how they construct people as (in)secure users. We center the notion of differential vulnerabilities, an understanding of security that recognizes safety as socially contingent, adversaries as unstable figures, and risk as differentially applied based on markers of relational position (e.g. class, race, religion, gender, geography, experience). We argue that differential vulnerabilities provides a key design concern in future security resources, and a critical concept for security discourses.