Evaluating ambiguity of privacy indicators in a secure email app

Stojkovski, Borce; Lenzini, Gabriele

Reference : Evaluating ambiguity of privacy indicators in a secure email app


	Document type :	Scientific congresses, symposiums and conference proceedings : Paper published in a book
	Discipline(s) :	Engineering, computing & technology : Computer science
	Focus Areas :	Security, Reliability and Trust
	To cite this reference:	http://hdl.handle.net/10993/43267

Title :	Evaluating ambiguity of privacy indicators in a secure email app
Language :	English
Author, co-author :	Stojkovski, Borce [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Computer Science and Communications Research Unit (CSC)]
	Lenzini, Gabriele [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) >]
Publication date :	2020
Main document title :	Proceedings of the Fourth Italian Conference on Cyber Security, Ancona Italy, February 4th to 7th, 2020
Editor :	Loreti, Michele
	Spalazzi, Luca
Publisher :	CEUR-WS.org
Collection and collection volume :	CEUR Workshop Proceedings
Pages :	223--234
Peer reviewed :	Yes
Event name :	Fourth Italian Conference on Cyber Security (ITASEC 20)
Event date :	4-2-2020 to 7-2-2020
Event place (city) :	Ancona
Event country :	Italy
Abstract :	[en] Informing laymen of security situations is a notoriously hard problem. Users are usually not cognoscenti of all the various secure and insecure situations that may arise, and this can be further worsened by certain visual indicators that instead of helping users, fail to convey clear and unambiguous messages. Even in well-established and studied applications, like email clients providing end-to-end encryption, the problem seems far from being solved. Motivated to verify this claim, we studied the communication qualities of four privacy icons (in the form of coloured shapes) in conveying specific security messages, relevant for a particular secure emailing system called p≡p. We questioned 42 users in three different sessions, where we showed them 10 privacy ratings, along with their explanations, and asked them to match the rating and explanation with the four privacy icons. We compared the participants’ associations to those made by the p≡p developers. The results, still preliminary, are not encouraging. Except for the two most extreme cases, Secure and trusted and Under attack, users almost entirely missed to get the indicators’ intended messages. In particular, they did not grasp certain concepts such as Unsecure email and Secure email, which in turn were fundamental for the engineers. Our work has certain limitations and further investigation is required, but already at this stage our research calls for a closer collaboration between app engineers and icon designers. In the context of p≡p, our work has triggered a deeper discussion on the icon design choices and a potential revamp is on the way.
Research centres :	Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Other
Funders :	Fonds National de la Recherche - FnR
Name of the research project :	PRIDE15/10621687/SPsquared
Target :	Researchers ; Professionals ; Students ; General public
Permalink :	http://hdl.handle.net/10993/43267
Other URL :	http://ceur-ws.org/Vol-2597/paper-20.pdf
Commentary :	2597
FnR project :	FnR ; FNR10621687 > Sjouke Mauw > SPsquared > Security and Privacy for System Protection > 01/01/2017 > 30/06/2023 > 2016

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Open access	Stojkovski et Lenzini - Evaluating ambiguity of privacy indicators in a secure email app - ITASEC v3.pdf		Author postprint	905.38 kB	View/Open

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices