Interdisciplinary Research Group in Socio-technical Cybersecurity
“I personally relate it to the traffic light”: a user study on security & privacy indicators in a secure email system committed to privacy by default
Abstract:
Improving the usability and adoption of secure (i.e. end-to-end encrypted) email systems has been a notorious challenge for over two decades. One of the open questions concerns the amount and format of information that should be communicated to users to inform them of the security and privacy properties with respect to different messages or correspondents. Contributing to the ongoing discussion on the usability and effectiveness of security and privacy indicators, particularly in the context of systems targeting non-expert users, this paper sheds light on users’ evaluation of traffic light-inspired indicators, as a metaphor to represent different privacy states and guarantees, provided by a new system for email end-to-end encryption called p≡p. Using a mixed-methods approach, based on input gathered from 150 participants in three online studies, we highlight the pros and cons of the traffic light semantic in p≡p’s context and beyond, and discuss the potential implications on the perceived security and use of such systems.
Authors:
Stojkovski Borce, Lenzini Gabriele, Koenig Vincent
Publication date:
March, 2021
Published in:
The 36th ACM/SIGAPP Symposium on Applied Computing (SAC ’21)
Reference:
Borce Stojkovski, Gabriele Lenzini, and Vincent Koenig. 2021. “I personally relate it to the traffic light”: a user study on security & privacy indicators in a secure email system committed to privacy by default. In The 36th ACM/SIGAPP Symposium on Applied Computing (SAC ’21), March 22– 26, 2021, Virtual Event, Republic of Korea
Get in touch with us
SnT – Interdisciplinary Centre for Security, Reliability and Trust
Maison du Nombre, 6, avenue de la Fonte L-4364 Esch-sur-Alzette
info-irisc-lab@uni.lu