Hi! I am a Societal Computing PhD student at Carnegie Mellon University, Software and Societal Systems Department, School of Computer Science. I’m advised by Lorrie Cranor and I’m affiliated with the CMU CyLab and the CUPS lab.
My research focuses on usable security and privacy, tech policy, and access control. I use mixed methods to understand how people interact with security and privacy systems in practice. My current work examines digital identity systems, investigating how people manage their online identities, whether existing system designs align with users’ privacy preferences, and how we can redesign these systems to better support user autonomy and trust.
Recently, I’ve been thinking about online age verification. We ran a deceptive experiment to understand how adults respond to online age verification in a realistic access context and shared these findings at the FTC Age Verification Workshop in Jan 2026. You can read our technical report here.
Prior to starting my Ph.D., I worked on projects related to Human-Computer Interaction, Human-Robot Interaction, Usable Privacy and Security, and Accessibility through UROP with the MIT Media Lab and the REUSE program with CMU’s Software and Societal Systems Department. I hold a B.A. in Computer Science and a minor in Philosophy from Wellesley College.
Google Scholar
LinkedIn
Email: veronic2@andrew.cmu.edu
Publications
Conference Proceedings
2024
Yanzi Lin, Jaideep Juneja, Eleanor Birrell, Lorrie Faith Cranor
Privacy Enhancing Technologies Symposium (PETS) 2024 (2024)
Abstract (click to expand): Privacy labels -- standardized, compact representations of data collection and data use practices -- are often presented as a solution to the shortcomings of privacy policies. Apple introduced mandatory privacy labels for apps in its App Store in December 2020; Google introduced mandatory labels for Android apps in July 2022. iOS app privacy labels have been evaluated and critiqued in prior work. In this work, we evaluated Android Data Safety Labels and explored how differences between the two label designs impact user comprehension and label utility. We conducted a between-subjects, semi-structured interview study with 12 Android users and 12 iOS users. While some users found Android Data Safety Labels informative and helpful, other users found them too vague. Compared to iOS App Privacy Labels, Android users found the distinction between data collection groups more intuitive and found explicit inclusion of omitted data collection groups more salient. However, some users expressed skepticism regarding elided information about collected data type categories. Most users missed critical information due to not expanding the accordion interface, and they were surprised by collection practices excluded from Android's definitions. Our findings also revealed that Android users generally appreciated information about security practices included in the labels, and iOS users wanted that information added.
2023
Elijah Robert Bouma-Sims, Megan Li, Yanzi Lin, Adia Sakura-Lemessy, Alexandra Nisenoff, Ellie Young, Eleanor Birrell, Lorrie Faith Cranor, Hana Habib
CHI Conference on Human Factors in Computing Systems (2023)
Abstract (click to expand): Websites implement cookie consent interfaces to obtain users' permission to use non-essential cookies, as required by privacy regulations. We extend prior research evaluating the impact of interface design on cookie consent through an online behavioral experiment (n = 1359) in which we prompted mobile and desktop users from the UK and US to make cookie consent decisions using one of 14 interfaces implemented with the OneTrust consent management platform (CMP). We found significant effects on user behavior and sentiment for multiple explanatory variables, including more negative sentiment towards the consent process among UK participants and lower comprehension of interface information among mobile users. The design factor that had the largest effect on user behavior was the initial set of options displayed in the cookie banner. In addition to providing more evidence of the inadequacy of current cookie consent processes, our results have implications for website operators and CMPs.
Lightly Reviewed Workshop Papers and Posters
2025
Yanzi Lin, Vivianna Lieu, Cheng Zhang, Weiqian Zhang, Lorrie Faith Cranor, Sarah Scheffler
IAB/W3C Workshop on Age-Based Restrictions on Content Access (2025)
Abstract (click to expand): Following the U.S. Supreme Court’s decision in Free Speech Coalition v. Paxton (2025), which established that age verification systems must be “adequately tailored,” understanding user behavior has become legally relevant for system design. This preliminary study empirically examines how different age verification methods affect user behavior through a deceptive online experiment framed as usability testing for a mock gambling website. Participants (n=99 U.S. residents) were randomly assigned to six verification conditions, including simple checkbox self-declaration, government-issued ID upload, and AI-based facial age estimation. Results show stark differences in user responses: checkbox verification achieved 95.2% completion rates, while government ID methods drove up to 60.5% of users to return their study without finishing. We also tested the effects of privacy disclosures on completion rates. These had mixed effects, with detailed data handling information both increasing completion rates and polarizing user comfort levels. In a survey accompanying the empirical study, participants expressed significant privacy concerns about documentbased methods, citing fears of identity theft and data misuse. These findings provide empirical evidence that can be applied to the U.S. Constitutional requirement for “adequate tailoring” of age verification systems, as well as policy analysis and technical design of age verification more broadly. We outline plans for expanded research using R-rated movie content to examine these effects at larger scale.
Yanzi Veronica Lin, Vivianna Lieu, Cheng Zhang, Weiqian Zhang, Wenchao Hu, Lorrie Faith Cranor, and Sarah Scheffler
USENIX SOUPS (2025)
Abstract (click to expand): Governments have enacted age assurance regulations to prevent minors from accessing age-restricted content online, potentially creating barriers for adult users. This preliminary study empirically examines how different age assurance methods and accompanying data handling disclosures influence user behavior. We conducted a deceptive online experiment, framed as a usability test for a simulated gambling website, followed by a survey. Participants (n=99) were randomly assigned to one of six verification conditions, ranging from simple checkbox self-declaration to more complex methods involving government-issued IDs and AI-based facial analysis. The Checkbox method had the highest completion rate and user-reported comfort, while methods involving government-issued ID verification resulted in lower completion rates and comfort. Data handling disclosures produced mixed effects on verification decisions, but this should be explored further with a larger sample. Privacy concerns were particularly pronounced for methods requiring personal identification documents, with many participants expressing reluctance to share sensitive information with unfamiliar entities.
Talks
2026
- Measuring User Responses to Online Age Verification
Privacy and Public Policy Conference (Feb 2026)
2025
- Measuring User Responses to Age Verification Architectures: Evidence from a Deceptive Online Experiment
IAB/W3C Workshop on Age-Based Restrictions on Content Access (Oct 2025)
Slides ·
Paper
Poster Presentations
2025
- Carded by the Internet: Measuring User Responses to Online Age Assurance Mechanisms
CyLab Partners Conference (Oct 2025)
USENIX SOUPS (Aug 2025)
Poster ·
Abstract
Teaching
I am enrolled in the CMU Eberly Future Faculty Program where I learn principles of effective course design and pedagogy and receive feedback on my teaching. I also work with undergraduate researchers through the CMU REUSE program. I value these opportunities to grow as an educator and mentor.
Teaching Experience
Miscellaneous
When I’m not working, you’ll find me baking, exploring new cafes, traveling, or on the tennis court.
