“We Need a Big Revolution in Email Advertising”: Users’ Perception of Persuasion in Permission-based Advertising Emails

in CHI '23: Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems (2023, April 19)

Persuasive tactics intend to encourage users to open advertising emails. However, these tactics can overwhelm users, which makes them frustrated and leads to lower open rates. This paper intends to ... [more ▼]

Persuasive tactics intend to encourage users to open advertising emails. However, these tactics can overwhelm users, which makes them frustrated and leads to lower open rates. This paper intends to understand which persuasive tactics are used and how they are perceived by users. We first developed a categorization of inbox-level persuasive tactics in permission-based advertising emails. We then asked participants to interact with an email inbox prototype, combined with interviews (N=32), to investigate their opinions towards advertising emails and underlying persuasive tactics. Our qualitative findings reveal poor user experience with advertising emails, which was related to feeling surveilled by companies, forced subscriptions, high prior knowledge about persuasive tactics, and a desire for more agency. We also found that using certain persuasive tactics on the inbox level is perceived as ethically inappropriate. Based on these insights, we provide design recommendations to improve advertising communication and make such emails more valuable to users. [less ▲]

Complex, but in a good way? How to represent encryption to non-experts through text and visuals – Evidence from expert co-creation and a vignette experiment

in Computers in Human Behavior Reports (2022), 4

An ongoing discussion in the field of usable privacy and security debates whether security mechanisms should be visible to end-users during interactions with technology, or hidden away. This paper ... [more ▼]

An ongoing discussion in the field of usable privacy and security debates whether security mechanisms should be visible to end-users during interactions with technology, or hidden away. This paper addresses this question using a mixed-methods approach, focusing on encryption as a mechanism for confidentiality during data transmission on a smartphone application. In study 1, we conducted a qualitative co-creation study with security and Human-Computer Interaction (HCI) experts (N = 9) to create appropriate textual and visual representations of the security mechanism encryption in data transmission. We investigated this question in two contexts: online banking and e-voting. In study 2, we put these ideas to the test by presenting these visual and textual representations to non-expert users in an online vignette experiment (N = 2180). We found a statistically significant and positive effect of the textual representation of encryption on perceived security and understanding, but not on user experience (UX). More complex text describing encryption resulted in higher perceived security and more accurate understanding. The visual representation of encryption had no statistically significant effect on perceived security, UX or understanding. Our study contributes to the larger discussion regarding visible instances of security and their impact on user perceptions. [less ▲]

The Experience of Security in Human-Computer Interactions: Understanding Security Perceptions Through the Concept of User Experience

Doctoral thesis (2021)

In traditional interactions that do not rely on technology, most people are able to assess risks to their privacy and security and understand how to mitigate these risks. However, risk assessment and ... [more ▼]

In traditional interactions that do not rely on technology, most people are able to assess risks to their privacy and security and understand how to mitigate these risks. However, risk assessment and mitigation is more challenging when interacting with technology, and people’s perceptions of security and privacy risks are not always aligned with reality. It is important for those who design technologies to understand how people perceive the security of technologies in order to avoid having their designs contribute to erroneous perceptions. Instead, interactions with technology should be deliberately designed to ensure that people do not over- or underestimate the security provided by the system. This dissertation contributes to a better understanding of users’ perceptions of security in human-computer interactions. It investigates which factors induce a perception of security and privacy risks and how user-centered design can influence these factors to deliberately design for or against perceived security. I use a mixed-methods approach to address these objectives, including a systematic literature review, empirical data collection with focus groups, expert co-creation sessions, user tests in a controlled environment and a quantitative survey experiment. The first research objective is to analyze how security and privacy researchers induce a perception of security and privacy risks with research participants. We conducted a systematic literature review and focused our analysis on study methods; risk representation; the use of prototypes, scenarios, and educational interventions; the use of deception to simulate risk; and types of participants. We discuss benefits and shortcomings of the methods, and identify key methodological, ethical, and research challenges when representing and assessing security and privacy risk. We also provide guidelines for the reporting of user studies in security and privacy. The second research objective is to explore the factors that contribute to the acceptance of privacy and security risks in situations where people need to weigh the potential advantages of a technology against its associated privacy or security risks. We conducted a series of focus groups and highlighted the reasons why people accept compromises to their privacy and security, finding that perceived usefulness and the fulfilment of the psychological needs for autonomy and control were important factors. Our results suggest potential links between technology acceptance models and user experience models in the context of privacy-relevant interactions. The third research objective is to design and evaluate examples of visible representations of security mechanisms, with a focus on encryption. We studied the effects of these visual and textual representations empirically to understand the impact of these visible security mechanisms on user experience, perceptions of security and users’ understanding of encryption. We addressed this question in a series of studies, both lab studies and online experiments. In a vignette experiment, we find that more complex descriptions of encryption can lead to a better understanding and higher perceived security when designed carefully. However, we find no effect of novel visualizations of encryption on user experience (UX), perceived security or understanding of encryption. The fourth objective is to explore how we might make the link from subjective experience to more secure behaviors. We introduce a new framework of security-enhancing friction design. The framework suggests helping users behave more securely by designing for moments of negative UX in security-critical situations while also ensuring that overall UX remains at an acceptable level to avoid disuse of secure technologies. Overall, this doctoral dissertation contributes to research in the field of human-computer interaction, and more specifically, usable privacy and security. It improves our understanding of the methods used by researchers in the field of usable privacy and security use to create a perception of risk, and the factors that make people accept or reject certain privacy trade-offs. This dissertation also makes contributions to helping researchers and creators of technology understand how their designs influence perceptions of security, UX and understanding of encryption. This enables them to design for or against a perception of security, depending on the actual level of security provided by the technology. Finally, we conceptualize security-enhancing friction, a framework that suggests helping users to behave more securely by designing for moments of negative UX. [less ▲]

Making Encryption Feel Secure: Investigating how Descriptions of Encryption Impact Perceived Security

in The 5th European Workshop on Usable Security (EuroUSEC 2020) (2020)

When communication about security to end users is ineffective, people frequently misinterpret the protection offered by a system. The discrepancy between the security users perceive a system to have and ... [more ▼]

When communication about security to end users is ineffective, people frequently misinterpret the protection offered by a system. The discrepancy between the security users perceive a system to have and the actual system state can lead to potentially risky behaviors. It is thus crucial to understand how security perceptions are shaped by interface elements such as text-based descriptions of encryption. This article addresses the question of how encryption should be described to non-experts in a way that enhances perceived security. We tested the following within-subject variables in an online experiment (N=309): a) how to best word encryption, b) whether encryption should be described with a focus on the process or outcome, or both c) whether the objective of encryption should be mentioned d) when mentioning the objective of encryption, how to best describe it e) whether a hash should be displayed to the user. We also investigated the role of context (between subjects). The verbs “encrypt” and “secure” performed comparatively well at enhancing perceived security. Overall, participants stated that they felt more secure not knowing about the objective of encryption. When it is necessary to state the objective, positive wording of the objective of encryption worked best. We discuss implications and why using these results to design for perceived lack of security might be of interest as well. This leads us to discuss ethical concerns, and we give guidelines for the design of user interfaces where encryption should be communicated to end users. [less ▲]

User Experience Design for E-Voting: How mental models align with security mechanisms

in Electronic Voting (2019, October)

This paper presents a mobile application for vote-casting and vote-verification based on the Selene e-voting protocol and explains how it was developed and implemented using the User Experience Design ... [more ▼]

This paper presents a mobile application for vote-casting and vote-verification based on the Selene e-voting protocol and explains how it was developed and implemented using the User Experience Design process. The resulting interface was tested with 38 participants, and user experience data was collected via questionnaires and semi-structured interviews on user experience and perceived security. Results concerning the impact of displaying security mechanisms on UX were presented in a complementary paper. Here we expand on this analysis by studying the mental models revealed during the interviews and compare them with theoretical security notions. Finally, we propose a list of improvements for designs of future voting protocols. [less ▲]

Acceptability and Acceptance of Autonomous Mobility on Demand: The Impact of an Immersive Experience

in Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems (2018, April)

Autonomous vehicles have the potential to fundamentally change existing transportation systems. Beyond legal concerns, these societal evolutions will critically depend on user acceptance. As an emerging ... [more ▼]

Autonomous vehicles have the potential to fundamentally change existing transportation systems. Beyond legal concerns, these societal evolutions will critically depend on user acceptance. As an emerging mode of public transportation [7], Autonomous mobility on demand (AMoD) is of particular interest in this context. The aim of the present study is to identify the main components of acceptability (before first use) and acceptance (after first use) of AMoD, following a user experience (UX) framework. To address this goal, we conducted three workshops (N=14) involving open discussions and a ride in an experimental autonomous shuttle. Using a mixed-methods approach, we measured pre-immersion acceptability before immersing the participants in an on-demand transport scenario, and eventually measured post-immersion acceptance of AMoD. Results show that participants were reassured about safety concerns, however they perceived the AMoD experience as ineffective. Our findings highlight key factors to be taken into account when designing AMoD experiences. [less ▲]

Understanding human need fulfilment to support the design of secure experiences

in Proceedings of NordiCHI' 18 Doctoral Consortium (2018)