Human factors play a crucial role in the security and privacy ecosystem. However, most human-centered security and privacy research has focused on Western populations, despite evidence suggesting that security and privacy practices and needs differ across countries and cultures. As a result, security and privacy solutions designed for Western populations can fail when applied to other regions, leaving users at risk. In this dissertation, I explore the security and privacy challenges, practices, and needs of various majority world populations. I begin by examining concerns with mobile loan apps in Kenya, where their widespread use is driven by low socioeconomic status and a lack of formal credit history, making them a vital source of credit. Next, I broaden my scope to cybercafes, highlighting their role in digital access in Kenya and the privacy challenges that arise from sharing computing facilities. Finally, I extend my scope to multiple majority world countries, interviewing "local experts" across nine countries to understand security and privacy practices globally. Specifically, this dissertation investigates (i) privacy concerns and tradeoffs with mobile loan apps in Kenya, (ii) security and privacy challenges and practices at cybercafes in Kenya, and (iii) security and privacy concerns and advice in nine majority world countries.

To address these questions, I conducted three qualitative studies. First, I interviewed 20 users of mobile loan apps in Kenya to investigate why they use these apps, any privacy concerns they have with these apps, and how they navigate these concerns. To contextualize participants' sentiments, I additionally reviewed the data collection practices of common mobile loan apps, checking the permissions they request as well as how they indicate using users' data through their privacy policies. Afterward, I interviewed 14 managers and 22 customers of cybercafes in Nairobi, Kenya, inquiring about common security and privacy concerns and challenges customers face at those facilities, as well as the advice and support that is provided to them. To understand security and privacy concerns and advice more globally, I finally interviewed 70 "local experts" across nine majority world countries spanning four continents, i.e., Africa (Kenya, Nigeria, and Ghana), Latin America (Mexico and Brazil), Asia (China, India, and Pakistan), and the Middle East (Türkiye).

My work shows that financial adversity in the majority world often makes users de-prioritize their privacy concerns, with many users of loan apps overlooking their privacy concerns to secure loans. My research further highlights how the reliance on "local experts" such as cybercafe managers for advice can expose users to security and privacy risks. For instance, some cybercafe managers encourage users to use simple passwords such as their names or ID numbers to avoid forgetting them, putting their security at risk. Additionally, I show how various factors in the majority world influence both the security and privacy concerns people have and their ability (or inability) to implement recommended advice. For example, cultural and religious norms often compel individuals to share their devices, undermining security and privacy measures designed in the West where device sharing is less common. Financial constraints also make it challenging for people to follow advice such as regularly updating their devices as these updates often require purchasing internet.

From these findings, I distill several recommendations. For apps like loan apps, I argue that stricter regulation by lawmakers and app markets is necessary to protect users' privacy as many users are willing to overlook their privacy concerns for loans. I also emphasize the need for more education and security awareness while challenging the efficacy and applicability of Western-designed solutions in the majority world. Ultimately, my work shows the need for continued research to better understand diverse user groups in the majority world in order to design security and privacy solutions that protect users globally.