On the limited impact of visualizing encryption: Perceptions of E2E messaging security

Publikation: Beitrag in Buch/Bericht/Sammelwerk/KonferenzbandAufsatz in KonferenzbandForschungPeer-Review

Autoren

  • Christian Stransky
  • Dominik Wermke
  • Johanna Schrader
  • Nicolas Huaman
  • Yasemin Acar
  • Anna Lena Fehlhaber
  • Miranda Wei
  • Blase Ur
  • Sascha Fahl

Externe Organisationen

  • Helmholtz-Zentrum für Informationssicherheit (CISPA)
  • University of Washington
  • University of Chicago
  • Max-Planck-Institut für Sicherheit und Privatsphäre
Forschungs-netzwerk anzeigen

Details

OriginalspracheEnglisch
Titel des SammelwerksProceedings of the 17th Symposium on Usable Privacy and Security, SOUPS 2021
Seiten437-454
Seitenumfang18
ISBN (elektronisch)9781939133250
PublikationsstatusVeröffentlicht - 2021
Veranstaltung17th Symposium on Usable Privacy and Security, SOUPS 2021 - Virtual, Online
Dauer: 9 Aug. 202110 Aug. 2021

Abstract

Communication tools with end-to-end (E2E) encryption help users maintain their privacy. Although messengers like WhatsApp and Signal bring E2E encryption to a broad audience, past work has documented misconceptions of their security and privacy properties. Through a series of five online studies with 683 total participants, we investigated whether making an app's E2E encryption more visible improves perceptions of trust, security, and privacy. We first investigated why participants use particular messaging tools, validating a prior finding that many users mistakenly think SMS and e-mail are more secure than E2E-encrypted messengers. We then studied the effect of making E2E encryption more visible in a messaging app. We compared six different text disclosures, three different icons, and three different animations of the encryption process. We found that simple text disclosures that messages are “encrypted” are sufficient. Surprisingly, the icons negatively impacted perceptions. While qualitative responses to the animations showed they successfully conveyed and emphasized “security” and “encryption,” the animations did not significantly impact participants' quantitative perceptions of the overall trustworthiness, security, and privacy of E2E-encrypted messaging. We confirmed and unpacked this result through a validation study, finding that user perceptions depend more on preconceived expectations and an app's reputation than visualizations of security mechanisms.

ASJC Scopus Sachgebiete

Zitieren

On the limited impact of visualizing encryption: Perceptions of E2E messaging security. / Stransky, Christian; Wermke, Dominik; Schrader, Johanna et al.
Proceedings of the 17th Symposium on Usable Privacy and Security, SOUPS 2021. 2021. S. 437-454.

Publikation: Beitrag in Buch/Bericht/Sammelwerk/KonferenzbandAufsatz in KonferenzbandForschungPeer-Review

Stransky, C, Wermke, D, Schrader, J, Huaman, N, Acar, Y, Fehlhaber, AL, Wei, M, Ur, B & Fahl, S 2021, On the limited impact of visualizing encryption: Perceptions of E2E messaging security. in Proceedings of the 17th Symposium on Usable Privacy and Security, SOUPS 2021. S. 437-454, 17th Symposium on Usable Privacy and Security, SOUPS 2021, Virtual, Online, 9 Aug. 2021.
Stransky, C., Wermke, D., Schrader, J., Huaman, N., Acar, Y., Fehlhaber, A. L., Wei, M., Ur, B., & Fahl, S. (2021). On the limited impact of visualizing encryption: Perceptions of E2E messaging security. In Proceedings of the 17th Symposium on Usable Privacy and Security, SOUPS 2021 (S. 437-454)
Stransky C, Wermke D, Schrader J, Huaman N, Acar Y, Fehlhaber AL et al. On the limited impact of visualizing encryption: Perceptions of E2E messaging security. in Proceedings of the 17th Symposium on Usable Privacy and Security, SOUPS 2021. 2021. S. 437-454
Stransky, Christian ; Wermke, Dominik ; Schrader, Johanna et al. / On the limited impact of visualizing encryption : Perceptions of E2E messaging security. Proceedings of the 17th Symposium on Usable Privacy and Security, SOUPS 2021. 2021. S. 437-454
Download
@inproceedings{bd62ac91554347938442dabaa26c424c,
title = "On the limited impact of visualizing encryption: Perceptions of E2E messaging security",
abstract = "Communication tools with end-to-end (E2E) encryption help users maintain their privacy. Although messengers like WhatsApp and Signal bring E2E encryption to a broad audience, past work has documented misconceptions of their security and privacy properties. Through a series of five online studies with 683 total participants, we investigated whether making an app's E2E encryption more visible improves perceptions of trust, security, and privacy. We first investigated why participants use particular messaging tools, validating a prior finding that many users mistakenly think SMS and e-mail are more secure than E2E-encrypted messengers. We then studied the effect of making E2E encryption more visible in a messaging app. We compared six different text disclosures, three different icons, and three different animations of the encryption process. We found that simple text disclosures that messages are “encrypted” are sufficient. Surprisingly, the icons negatively impacted perceptions. While qualitative responses to the animations showed they successfully conveyed and emphasized “security” and “encryption,” the animations did not significantly impact participants' quantitative perceptions of the overall trustworthiness, security, and privacy of E2E-encrypted messaging. We confirmed and unpacked this result through a validation study, finding that user perceptions depend more on preconceived expectations and an app's reputation than visualizations of security mechanisms.",
author = "Christian Stransky and Dominik Wermke and Johanna Schrader and Nicolas Huaman and Yasemin Acar and Fehlhaber, {Anna Lena} and Miranda Wei and Blase Ur and Sascha Fahl",
year = "2021",
language = "English",
pages = "437--454",
booktitle = "Proceedings of the 17th Symposium on Usable Privacy and Security, SOUPS 2021",
note = "17th Symposium on Usable Privacy and Security, SOUPS 2021 ; Conference date: 09-08-2021 Through 10-08-2021",

}

Download

TY - GEN

T1 - On the limited impact of visualizing encryption

T2 - 17th Symposium on Usable Privacy and Security, SOUPS 2021

AU - Stransky, Christian

AU - Wermke, Dominik

AU - Schrader, Johanna

AU - Huaman, Nicolas

AU - Acar, Yasemin

AU - Fehlhaber, Anna Lena

AU - Wei, Miranda

AU - Ur, Blase

AU - Fahl, Sascha

PY - 2021

Y1 - 2021

N2 - Communication tools with end-to-end (E2E) encryption help users maintain their privacy. Although messengers like WhatsApp and Signal bring E2E encryption to a broad audience, past work has documented misconceptions of their security and privacy properties. Through a series of five online studies with 683 total participants, we investigated whether making an app's E2E encryption more visible improves perceptions of trust, security, and privacy. We first investigated why participants use particular messaging tools, validating a prior finding that many users mistakenly think SMS and e-mail are more secure than E2E-encrypted messengers. We then studied the effect of making E2E encryption more visible in a messaging app. We compared six different text disclosures, three different icons, and three different animations of the encryption process. We found that simple text disclosures that messages are “encrypted” are sufficient. Surprisingly, the icons negatively impacted perceptions. While qualitative responses to the animations showed they successfully conveyed and emphasized “security” and “encryption,” the animations did not significantly impact participants' quantitative perceptions of the overall trustworthiness, security, and privacy of E2E-encrypted messaging. We confirmed and unpacked this result through a validation study, finding that user perceptions depend more on preconceived expectations and an app's reputation than visualizations of security mechanisms.

AB - Communication tools with end-to-end (E2E) encryption help users maintain their privacy. Although messengers like WhatsApp and Signal bring E2E encryption to a broad audience, past work has documented misconceptions of their security and privacy properties. Through a series of five online studies with 683 total participants, we investigated whether making an app's E2E encryption more visible improves perceptions of trust, security, and privacy. We first investigated why participants use particular messaging tools, validating a prior finding that many users mistakenly think SMS and e-mail are more secure than E2E-encrypted messengers. We then studied the effect of making E2E encryption more visible in a messaging app. We compared six different text disclosures, three different icons, and three different animations of the encryption process. We found that simple text disclosures that messages are “encrypted” are sufficient. Surprisingly, the icons negatively impacted perceptions. While qualitative responses to the animations showed they successfully conveyed and emphasized “security” and “encryption,” the animations did not significantly impact participants' quantitative perceptions of the overall trustworthiness, security, and privacy of E2E-encrypted messaging. We confirmed and unpacked this result through a validation study, finding that user perceptions depend more on preconceived expectations and an app's reputation than visualizations of security mechanisms.

UR - http://www.scopus.com/inward/record.url?scp=85114518391&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85114518391

SP - 437

EP - 454

BT - Proceedings of the 17th Symposium on Usable Privacy and Security, SOUPS 2021

Y2 - 9 August 2021 through 10 August 2021

ER -