Evaluating ambiguity of privacy indicators in a secure email app
English
Stojkovski, Borce[University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Computer Science and Communications Research Unit (CSC)]
Lenzini, Gabriele[University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) >]
2020
Proceedings of the Fourth Italian Conference on Cyber Security, Ancona Italy, February 4th to 7th, 2020
Loreti, Michele
Spalazzi, Luca
CEUR-WS.org
CEUR Workshop Proceedings
223--234
Yes
Fourth Italian Conference on Cyber Security (ITASEC 20)
4-2-2020 to 7-2-2020
Ancona
Italy
[en] Informing laymen of security situations is a notoriously hard problem. Users are usually not cognoscenti of all the various secure and insecure situations that may arise, and this can be further worsened by certain visual indicators that instead of helping users, fail to convey clear and unambiguous messages. Even in well-established and studied applications, like email clients providing end-to-end encryption, the problem seems far from being solved. Motivated to verify this claim, we studied the communication qualities of four privacy icons (in the form of coloured shapes) in conveying specific security messages, relevant for a particular secure emailing system called p≡p. We questioned 42 users in three different sessions, where we showed them 10 privacy ratings, along with their explanations, and asked them to match the rating and explanation with the four privacy icons. We compared the participants’ associations to those made by the p≡p developers.
The results, still preliminary, are not encouraging. Except for the two most extreme cases, Secure and trusted and Under attack, users almost entirely missed to get the indicators’ intended messages. In particular, they did not grasp certain concepts such as Unsecure email and Secure email, which in turn were fundamental for the engineers. Our work has certain limitations and further investigation is required, but already at this stage our research calls for a closer collaboration between app engineers and icon designers. In the context of p≡p, our work has triggered a deeper discussion on the icon design choices and a potential revamp is on the way.
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Other
Fonds National de la Recherche - FnR
PRIDE15/10621687/SPsquared
Researchers ; Professionals ; Students ; General public