Design and Use of Privacy Capture-the-Flag Challenges in an Introductory Class on Information Privacy and Security

With the advancement of data-intensive technologies and online tracking opportunities, education on privacy is becoming a bigger priority in cybersecurity curricula. Owing to its multidimensional and context-dependent nature, privacy and its protection goals can be introduced to computer science students as collective efforts of system designers to enable data protection, user's informational control, and privacy-preserving data sharing with third parties. Since engaging course participants into hands-on and gamified exercises is generally known to enhance learning experience and effect, we adopted the teaching practice of using Capture-the-Flag (CTF) security challenges and validated its applicability in the privacy education domain. This work presents a pioneering set of 8 CTF-style tasks intentionally designed for the study and demonstration of handpicked privacy concepts, techniques, and attacks. Drawing upon both quantitative and qualitative feedback collected from 27 course participants, this format of homework exercises is found to increase students' confidence in this knowledge domain and perceived as an enjoyable, motivating, and engaging way of learning about information privacy.