The Carnegie Mellon University Usable Privacy and Security Laboratory (CUPS) is a research centre at Carnegie Mellon University. Its research is focused on developing methods to make security systems more usable and intuitive.^[1]

• P3P and computer-readable privacy policies
  • Two members of the CUPS Lab are members of the W3C P3P Working Group, working on developing the P3P 1.1 specification.
  • In the fall of 2005, AT&T gave the rights to the source code and trademarks surrounding Privacy Bird, their P3P user-agent. Privacy Bird is currently maintained and distributed by the lab.
  • In the summer of 2005, the lab made available to the public a "P3P-enabled search engine", known as Privacy Finder. It allowed a user to reorder search results based on whether each site complied with his or her privacy preferences. This information was gleaned from P3P policies found on the web sites. Since 2012, Privacy Finder has been "temporarily out of service", with no indication of when service would be restored.
  • Additionally, the lab archives web sites privacy policies and has been creating a toolkit to aid in the automated analysis of both P3P policies as well as natural language privacy policies.
• Supporting trust decisions
  • More recently^[when?], the lab is examining trends in phishing attacks as well as users' perceptions of these attacks to develop better methods of detecting and reporting phishing messages.

• The official CUPS Lab web site
• Privacy Bird
• Privacy Finder

40°26′40″N 79°56′35″W / 40.444423°N 79.942984°W / 40.444423; -79.942984