Helping Johnny 2.0 to encrypt his Facebook conversations

Fahl, Sascha; Harbach, Marian; Muders, Thomas; Smith, Matthew; Sander, Uwe

doi:10.1145/2335356.2335371

Cited by 41 publications

(28 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This suggests that the user wants to do something but is prevented from doing so by the complexity of the system and the poor design of the interface. Some researchers have worked on creating better interfaces to address this problem [17].…”

Section: Explanation 6: Privacy Concerned Wants To Act But Cannotmentioning

confidence: 99%

Why Doesn’t Jane Protect Her Privacy?

Renaud

Volkamer

Renkema-Padmos

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. End-to-end encryption has been heralded by privacy and security researchers as an effective defence against dragnet surveillance, but there is no evidence of widespread end-user uptake. We argue that the non-adoption of end-toend encryption might not be entirely due to usability issues identified by Whitten and Tygar in their seminal paper "Why Johnny Can't Encrypt". Our investigation revealed a number of fundamental issues such as incomplete threat models, misaligned incentives, and a general absence of understanding of the email architecture. From our data and related research literature we found evidence of a number of potential explanations for the low uptake of end-to-end encryption. This suggests that merely increasing the availability and usability of encryption functionality in email clients will not automatically encourage increased deployment by email users. We shall have to focus, first, on building comprehensive end-user mental models related to email, and email security. We conclude by suggesting directions for future research.

show abstract

Section: Explanation 6: Privacy Concerned Wants To Act But Cannotmentioning

confidence: 99%

Why Doesn’t Jane Protect Her Privacy?

Renaud

Volkamer

Renkema-Padmos

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…The effectiveness of E2E-encryption solutions for nonexpert users continues to be studied in the research community [3]- [7]. In 'Why Johnny Can't Encrypt' [2], Whitten and Tygar found that PGP 5.0's graphical user interface (GUI) was not as usable as advertised.…”

Section: A Usable E2e-encryption Cryptographymentioning

confidence: 99%

“…That general users can take advantage of encryption is however in question -in 1999, Whitten and Tygar [2] claimed that cryptographic details confuse users. Concerns persist about the usability of E2E-encryption, and continue to generate a considerable body of research [3]- [7].…”

Section: Introductionmentioning

confidence: 99%

Metaphors considered harmful? An exploratory study of the effectiveness of functional metaphors for end-to-end encryption

Demjaha¹,

Spring²,

Becker³

et al. 2018

Proceedings 2018 Workshop on Usable Security

View full text Add to dashboard Cite

Abstract-Background: Research has shown that users do not use encryption and fail to understand the security properties which encryption provides. We hypothesise that one contributing factor to failed user understanding is poor explanations of security properties, as the technical descriptions used to explain encryption focus on structural mental models. Purpose: We methodically generate metaphors for end-to-end (E2E) encryption that cue functional models and develop and test the metaphors' effect on users' understanding of E2E-encryption. Data: Transcripts of 98 interviews with users of various E2E-encrypted messaging apps and 211 survey responses. Method: First, we code the user interviews and extract promising explanations. These user-provided explanations inform the creation of metaphors using a framework for generating metaphors adapted from literature. The generated metaphors and existing industry descriptions of E2E-encryption are analytically evaluated. Finally, we design and conduct a survey to test whether exposing users to these descriptions improves their understanding of the functionality provided by E2E-encrypted messaging apps. Results: While the analytical evaluation showed promising results, none of the descriptions tested in the survey improve understanding; descriptions frequently cue users in a way that undoes their previously correct understanding. Metaphors developed from user language are better than existing industry descriptions, in that ours cause less harm. Conclusion: Creating explanatory metaphors for encryption technologies is hard. Short statements that attempt to cue mental models do not improve participants' understanding. Better solutions should build on our methodology to test a variety of potential metaphors, to understand both the improvement and harm that metaphors may elicit.

show abstract

“…The authors blamed the inadequacy of general user interface design principles for security tools, which result in dangerous mistakes, such as users sending secrets without encrypting them first. Fahl et al [17] performed an analysis of privacy preserving tools for OSNs and a usability study of existing approaches. They found that users tend to prefer tools that minimally disrupt their user experience.…”

Section: Usability Studies Of Cryptographic Toolsmentioning

confidence: 99%

“…Previous research has shown that users often have a hard time using encryption technologies, specifically at first contact (i.e., learning from scratch) [17], [31], [35]. In the case of Scramble!…”

Section: B Study Designmentioning

confidence: 99%

Spiny CACTOS: OSN Users Attitudes and Perceptions Towards Cryptographic Access Control Tools

Balsa

Brandimarte

Acquisti

et al. 2014

Proceedings 2014 Workshop on Usable Security

View full text Add to dashboard Cite

Abstract-Cryptographic access control tools for online social networks (CACTOS) allow users to enforce their privacy settings online without relying on the social network provider or any other third party. Many such tools have been proposed in the literature, some of them implemented and currently publicly available, and yet they have seen poor or no adoption at all. In this paper we investigate which obstacles may be hindering the adoption of these tools. To this end, we perform a user study to inquire users about key issues related to the desirability and general perception of CACTOS. Our results suggest that, even if social network users would be potentially interested in these tools, several issues would effectively obstruct their adoption. Participants in our study perceived that CACTOS are a disproportionate means to protect their privacy online. This in turn may have been motivated by the explicit use of cryptography or the fact that users do not actually share on social networks the type of information they would feel the need to encrypt. Moreover, in this paper we point out to several key elements that are to be considered for the improvement and better usability of CACTOS.

show abstract

Helping Johnny 2.0 to encrypt his Facebook conversations

Cited by 41 publications

References 16 publications

Why Doesn’t Jane Protect Her Privacy?

Why Doesn’t Jane Protect Her Privacy?

Metaphors considered harmful? An exploratory study of the effectiveness of functional metaphors for end-to-end encryption

Spiny CACTOS: OSN Users Attitudes and Perceptions Towards Cryptographic Access Control Tools

Contact Info

Product

Resources

About