"Something isn't secure, but I'm not sure how that translates into a problem": Promoting autonomy by designing for understanding in Signal

Authors: 

Justin Wu, Cyrus Gattrell, Devon Howard, and Jake Tyler, Brigham Young University; Elham Vaziripour, Utah Valley University; Kent Seamons and Daniel Zappala, Brigham Young University

Abstract: 

Security designs that presume enacting secure behaviors to be beneficial in all circumstances discount the impact of response cost on users' lives and assume that all data is equally worth protecting. However, this has the effect of reducing user autonomy by diminishing the role personal values and priorities play in the decision-making process. In this study, we demonstrate an alternative approach that emphasizes users' comprehension over compliance, with the goal of helping users to make more informed decisions regarding their own security. To this end, we conducted a three-phase redesign of the warning notifications surrounding the authentication ceremony in Signal. Our results show how improved comprehension can be achieved while still promoting favorable privacy outcomes among users. Our experience reaffirms existing arguments that users should be empowered to make personal trade-offs between perceived risk and response cost. We also find that system trust is a major factor in users' interpretation of system determinations of risk, and that properly communicating risk requires an understanding of user perceptions of the larger security ecosystem in whole.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {238323,
author = {Justin Wu and Cyrus Gattrell and Devon Howard and Jake Tyler and Elham Vaziripour and Daniel Zappala and Kent Seamons},
title = {"Something isn{\textquoteright}t secure, but I{\textquoteright}m not sure how that translates into a problem": Promoting autonomy by designing for understanding in Signal},
booktitle = {Fifteenth Symposium on Usable Privacy and Security ({SOUPS} 2019)},
year = {2019},
address = {Santa Clara, CA},
url = {https://www.usenix.org/conference/soups2019/presentation/wu},
publisher = {{USENIX} Association},
month = aug,
}