“I personally relate it to the traffic light”: a user study on security & privacy indicators in a secure email system committed to privacy by default

Improving the usability and adoption of secure (i.e. end-to-end encrypted) email systems has been a notorious challenge for over two decades. One of the open questions concerns the amount and format of information that should be communicated to users to inform them of the security and privacy properties with respect to different messages or correspondents. Contributing to the ongoing discussion on the usability and effectiveness of security and privacy indicators, particularly in the context of systems targeting non-expert users, this paper sheds light on users’ evaluation of traffic light-inspired indicators, as a metaphor to represent different privacy states and guarantees, provided by a new system for email end-to-end encryption called p≡p. Using a mixed-methods approach, based on input gathered from 150 participants in three online studies, we highlight the pros and cons of the traffic light semantic in p≡p’s context and beyond, and discuss the potential implications on the perceived security and use of such systems.