This book reviews pivotal application problems related to security and privacy by considering end user interactions. The editor uses his own experiences to explain how he converts “pure” cryptography to user awareness solutions. Following this principle, the book is divided into three parts, which are based on typical, malicious, and hybrid users, respectively.

The first part of this book consists of three chapters. Chapter 1 describes second-factor authentication (though the term “two-factor authentication” is widely accepted) and how its problem is mitigated by considering the typical user. Chapter 2 reviews the requested permissions problem via a more accessible and comprehensible model for typical users. Chapter 3 considers how tracking is performed and how associated information is provided.

In the second part, two chapters address security design under malicious users. In particular, an environmentally and politically conscious scheme for blockchain is illustrated. It well describes how a widely used security system such as proof of work (PoW) can be transferred in light of abusive activities.

Part 3 tries to combine malicious and typical users into security mechanisms. However, it is confusing since it can hardly find a security protocol that is only designed for malicious users. As far as I am concerned, Parts 2 and 3 can be combined. For example, chapter 5’s blockchain scheme not only considers abusive user but also typical user performance. Moreover, chapter 7 should come before chapter 6, so that readers first gain an understanding of launchpad attacks.

Overall, this book provides fruitful content for engineers and researchers to consider when designing (or adopting) a security protocol. The editor uses many paradigms and charts to lively depict what he wants readers to comprehend. I recommend this book to readers who have a background in information security, especially cryptographic engineers and researchers.