A Usability Study of Secure Email Deletion

Monson, Tyler; Reynolds, J. K.; Smith, Trevor; Ruoti, Scott; Zappala, Daniel; Seamons, Kent E.

doi:10.14722/eurousec.2018.23018

Cited by 4 publications

(7 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Secure message deletion Our study and other recent work [24] show that users are concerned about their data even after it arrives at the destination. One suggestion applicable to email is for senders to use short-lived encryption keys per message that can expire or be revoked [24], similar to popular chat applications such as WhatsApp and Signal [26].…”

Section: Discussionsupporting

confidence: 51%

“…3 This service encodes an email as an image so the content cannot be printed and will be automatically deleted at a later time, after which the recipient will not be able to view the content. While we know of no direct research on the efficacy of this method, the approach of interceding during the email process has promise, as both surveys and prior work [6,24] suggest that email is a common approach for sending sensitive content, particularly when an alternative is unknown to either party.…”

Section: Discussionmentioning

confidence: 99%

“…Clark et al [8] and Khan et al [17] found that when shown data stored in the cloud, most users find at least one item they wish to delete. Users also lack urgency to delete cloud-stored information [31] and express interest in tools designed to do this [24]. This contradicts a common user perception that they have nothing to hide [40].…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Strategies and Perceived Risks of Sending Sensitive Documents

Warford¹,

Munyendo²,

Mediratta³

et al. 2021

Preprint

View full text Add to dashboard Cite

People are frequently required to send documents, forms, or other materials containing sensitive data (e.g., personal information, medical records, financial data) to remote parties, sometimes without a formal procedure to do so securely. The specific transmission mechanisms end up relying on the knowledge and preferences of the parties involved. Through two online surveys (n = 60 and n = 250), we explore the various methods used to transmit sensitive documents, as well as the perceived risk and satisfaction with those methods. We find that users are more likely to recognize risk to data-at-rest after receipt (but not at the sender, namely, themselves). When not using an online portal provided by the recipient, participants primarily envision transmitting sensitive documents in person or via email, and have little experience using secure, privacy-preserving alternatives. Despite recognizing general risks, participants express high privacy satisfaction and convenience with actually experienced situations. These results suggest opportunities to design new solutions to promote securely sending sensitive materials, perhaps as new utilities within standard email workflows. * A version of this paper was presented at the 30th USENIX Security Symposium (Sec '21).

show abstract

Section: Discussionsupporting

confidence: 51%

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Strategies and Perceived Risks of Sending Sensitive Documents

Warford¹,

Munyendo²,

Mediratta³

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…However, the results also showed that all automation need to be carefully balanced with the remaining security guarantees, which is particularly crucial for users that are concerned with highly sensitive data. Monson et al (2018) focussed on a specific usability feature of secure emails that concern secure deletion of emails. The user study revealed the preference of the users to have an email tool that allows shortening the lifetime of their emails rather than just encrypting them.…”

Section: Discussion and Recommendationsmentioning

confidence: 99%

Usability of End-to-End Encryption in E-Mail Communication

et al. 2021

View full text Add to dashboard Cite

This paper presents the results of a usability study focused on three end-to-end encryption technologies for securing e-mail traffic, namely PGP, S/MIME, and Pretty Easy Privacy (pEp). The findings of this study show that, despite of existing technology, users seldom apply them for securing e-mail communication. Moreover, this study helps to explain why users hesitate to employ encryption technology in their e-mail communication. For this usability study, we have combined two methods: 1) an online survey, 2) and user testing with 12 participants who were enrolled in tasks requiring e-mail encryption. We found that more than 60% of our study participants (in both methods) are unaware of the existence of encryption technologies and thus never tried to use one. We observed that above all, users 1) are overwhelmed with the management of public keys and 2) struggle with the setup of encryption technology in their e-mail software. Nonetheless, 66% of the participants consider secure e-mail communication as important or very important. Particularly, we found an even stronger concern about identity theft among e-mail users, as 78% of the participants want to make sure that no other person is able to write e-mail on their behalf.

show abstract

“…The storage of plaintext email at the server presents an attack surface in case of future account compromise. Research is beginning to explore email deletion capabilities that reduce the risk of future disclosure of sensitive messages that do not require long-term storage [25]. Another approach is to encrypt the plaintext email on the server with a locally stored encryption key and delete the plaintext copy [26].…”

Section: Fig 83mentioning

confidence: 99%

Privacy-Enhancing Technologies

Seamons

2021

Modern Socio-Technical Perspectives on Privacy

Self Cite

View full text Add to dashboard Cite

An increasing amount of sensitive information is being communicated and stored online. Frequent reports of data breaches and sensitive data disclosures underscore the need for effective technologies that users and administrators can deploy to protect sensitive data. Privacy-enhancing technologies can control access to sensitive information to prevent or limit privacy violations. This chapter focuses on some of the technologies that prevent unauthorized access to sensitive information. These technologies include secure messaging, secure email, HTTPS, two-factor authentication, and anonymous communication. Usability is an essential component of a security evaluation because human error or unwarranted inconvenience can render the strongest security guarantees meaningless. Quantitative and qualitative studies from the usable security research community evaluate privacy-enhancing technologies from a socio-technical viewpoint and provide insights for future efforts to design and develop practical techniques to safeguard privacy. This chapter discusses the primary privacy-enhancing technologies that the usable security research community has analyzed and identifies issues, recommendations, and future research directions.

show abstract

A Usability Study of Secure Email Deletion

Cited by 4 publications

References 12 publications

Strategies and Perceived Risks of Sending Sensitive Documents

Strategies and Perceived Risks of Sending Sensitive Documents

Usability of End-to-End Encryption in E-Mail Communication

Privacy-Enhancing Technologies

Contact Info

Product

Resources

About