As our world becomes more computerized and interconnected, computer security and privacy will continue to increase in importance. In this talk, I will focus specifically on examples of security and privacy challenges that I have addressed in my work by designing and building new systems that better match user expectations. First, I will describe an extensive study of how advertisers, social media sites, and others invisibly track users as they browse the Web, and a new defense resulting from this study. I will then describe an approach to permission granting in modern operating systems (such as smartphones) that is more secure and better matches user expectations than existing approaches. In this approach, called user-driven access control, the operating system is able to extract a user's permission granting intent from the way he or she naturally interacts with any application. Achieving user-driven access control uncovers security in the user interface as a distinct research direction, which will be the focus of the third part of the talk.