Reference : Evaluating ambiguity of privacy indicators in a secure email app
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/43267
Evaluating ambiguity of privacy indicators in a secure email app
English
Stojkovski, Borce mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Computer Science and Communications Research Unit (CSC)]
Lenzini, Gabriele mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) >]
2020
Proceedings of the Fourth Italian Conference on Cyber Security, Ancona Italy, February 4th to 7th, 2020
Loreti, Michele
Spalazzi, Luca
CEUR-WS.org
CEUR Workshop Proceedings
223--234
Yes
Fourth Italian Conference on Cyber Security (ITASEC 20)
4-2-2020 to 7-2-2020
Ancona
Italy
[en] Informing laymen of security situations is a notoriously hard problem. Users are usually not cognoscenti of all the various secure and insecure situations that may arise, and this can be further worsened by certain visual indicators that instead of helping users, fail to convey clear and unambiguous messages. Even in well-established and studied applications, like email clients providing end-to-end encryption, the problem seems far from being solved. Motivated to verify this claim, we studied the communication qualities of four privacy icons (in the form of coloured shapes) in conveying specific security messages, relevant for a particular secure emailing system called p≡p. We questioned 42 users in three different sessions, where we showed them 10 privacy ratings, along with their explanations, and asked them to match the rating and explanation with the four privacy icons. We compared the participants’ associations to those made by the p≡p developers.
The results, still preliminary, are not encouraging. Except for the two most extreme cases, Secure and trusted and Under attack, users almost entirely missed to get the indicators’ intended messages. In particular, they did not grasp certain concepts such as Unsecure email and Secure email, which in turn were fundamental for the engineers. Our work has certain limitations and further investigation is required, but already at this stage our research calls for a closer collaboration between app engineers and icon designers. In the context of p≡p, our work has triggered a deeper discussion on the icon design choices and a potential revamp is on the way.
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Other
Fonds National de la Recherche - FnR
PRIDE15/10621687/SPsquared
Researchers ; Professionals ; Students ; General public
http://hdl.handle.net/10993/43267
http://ceur-ws.org/Vol-2597/paper-20.pdf
2597
FnR ; FNR10621687 > Sjouke Mauw > SPsquared > Security and Privacy for System Protection > 01/01/2017 > 30/06/2023 > 2016

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
Stojkovski et Lenzini - Evaluating ambiguity of privacy indicators in a secure email app - ITASEC v3.pdfAuthor postprint905.38 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.