On the Limited Impact of Visualizing Encryption: Perceptions of E2E Messaging Security
conference contribution
posted on 2023-11-29, 18:16authored byChristian Stransky, dominik.wermke, Johanna Schrader, Nicolas Huaman, Yasemin Acar, Anna Lena Fehlhaber, Miranda Wei, Blase Ur, Sascha FahlSascha Fahl
Communication tools with end-to-end (E2E) encryption help users maintain their privacy. Although messengers like WhatsApp and Signal bring E2E encryption to a broad audience, past work has documented misconceptions of their security and privacy properties. Through a series of five online studies with 683 total participants, we investigated whether making an app’s E2E encryption more visible improves perceptions of trust, security, and privacy.
We first investigated why participants use particular messaging tools, validating a prior finding that many users mistakenly think SMS and e-mail are more secure than E2E-encrypted messengers. We then studied the effect of making E2E encryption more visible in a messaging app. We compared six different text disclosures, three different icons, and three different animations of the encryption process.
We found that simple text disclosures that messages are “encrypted” are sufficient. Surprisingly, the icons negatively impacted perceptions. While qualitative responses to the animations showed they successfully conveyed and emphasized “security” and “encryption”, the animations did not significantly impact participants’ quantitative perceptions of the overall trustworthiness, security, and privacy of E2E-encrypted messaging. We confirmed and unpacked this result through a validation study, finding that user perceptions depend more on preconceived expectations and an app’s reputation than visualizations of security mechanisms.
History
Preferred Citation
Christian Stransky, Dominik Wermke, Johanna Schrader, Nicolas Huaman, Yasemin Acar, Anna Fehlhaber, Miranda Wei, Blase Ur and Sascha Fahl. On the Limited Impact of Visualizing Encryption: Perceptions of E2E Messaging Security. In: Symposium on Usable Privacy and Security (SOUPS). 2021.
Primary Research Area
Empirical and Behavioral Security
Name of Conference
Symposium on Usable Privacy and Security (SOUPS)
Legacy Posted Date
2021-07-05
Open Access Type
Unknown
BibTeX
@inproceedings{cispa_all_3439,
title = "On the Limited Impact of Visualizing Encryption: Perceptions of E2E Messaging Security",
author = "Stransky, Christian and Wermke, Dominik and Schrader, Johanna and Huaman, Nicolas and Acar, Yasemin and Fehlhaber, Anna Lena and Wei, Miranda and Ur, Blase and Fahl, Sascha",
booktitle="{Symposium on Usable Privacy and Security (SOUPS)}",
year="2021",
}