On the Limited Impact of Visualizing Encryption: Perceptions of E2E Messaging Security

Authors: 

Christian Stransky, Leibniz University Hannover; Dominik Wermke, CISPA Helmholtz Center for Information Security; Johanna Schrader, Leibniz University Hannover; Nicolas Huaman, CISPA Helmholtz Center for Information Security; Yasemin Acar, Max Planck Institute for Security and Privacy; Anna Lena Fehlhaber, Leibniz University Hannover; Miranda Wei, University of Washington; Blase Ur, University of Chicago; Sascha Fahl, CISPA, Leibniz University Hannover

Abstract: 

Communication tools with end-to-end (E2E) encryption help users maintain their privacy. Although messengers like WhatsApp and Signal bring E2E encryption to a broad audience, past work has documented misconceptions of their security and privacy properties. Through a series of five online studies with 683 total participants, we investigated whether making an app's E2E encryption more visible improves perceptions of trust, security, and privacy. We first investigated why participants use particular messaging tools, validating a prior finding that many users mistakenly think SMS and e-mail are more secure than E2E-encrypted messengers. We then studied the effect of making E2E encryption more visible in a messaging app. We compared six different text disclosures, three different icons, and three different animations of the encryption process. We found that simple text disclosures that messages are "encrypted" are sufficient. Surprisingly, the icons negatively impacted perceptions. While qualitative responses to the animations showed they successfully conveyed and emphasized "security" and "encryption," the animations did not significantly impact participants' quantitative perceptions of the overall trustworthiness, security, and privacy of E2E-encrypted messaging. We confirmed and unpacked this result through a validation study, finding that user perceptions depend more on preconceived expectations and an app's reputation than visualizations of security mechanisms.

SOUPS 2021 Open Access Videos Sponsored by
Ethyca

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {274457,
author = {Christian Stransky and Dominik Wermke and Johanna Schrader and Nicolas Huaman and Yasemin Acar and Anna Lena Fehlhaber and Miranda Wei and Blase Ur and Sascha Fahl},
title = {On the Limited Impact of Visualizing Encryption: Perceptions of E2E Messaging Security},
booktitle = {Seventeenth Symposium on Usable Privacy and Security ({SOUPS} 2021)},
year = {2021},
isbn = {978-1-939133-25-0},
pages = {437--454},
url = {https://www.usenix.org/conference/soups2021/presentation/stransky},
publisher = {{USENIX} Association},
month = aug,
}

Presentation Video