PAPER: On the Limited Impact of Visualizing Encryption: Perceptions of E2E Messaging Security
Christian Stransky, Dominik Wermke , Johanna Schrader, Nicolas Huaman, Yasemin Acar, Anna Lena Fehlhaber, Miranda Wei, Blase Ur, and Sascha Fahl. In Seventeenth Symposium on Usable Privacy and Security (SOUPS'21)
Communication tools with end-to-end (E2E) encryption help users maintain their privacy. Although messengers like Whats- App and Signal bring E2E encryption to a broad audience, past work has documented misconceptions of their security and privacy properties. Through a series of five online studies with 683 total participants, we investigated whether making an app’s E2E encryption more visible improves perceptions of trust, security, and privacy. We first investigated why par- ticipants use particular messaging tools, validating a prior finding that many users mistakenly think SMS and e-mail are more secure than E2E-encrypted messengers. We then studied the effect of making E2E encryption more visible in a messaging app. We compared six different text disclosures, three different icons, and three different animations of the encryption process. We found that simple text disclosures that messages are “encrypted” are sufficient. Surprisingly, the icons negatively impacted perceptions. While qualitative re- sponses to the animations showed they successfully conveyed and emphasized “security” and “encryption,” the animations did not significantly impact participants’ quantitative percep- tions of the overall trustworthiness, security, and privacy of E2E-encrypted messaging. We confirmed and unpacked this result through a validation study, finding that user percep- tions depend more on preconceived expectations and an app’s reputation than visualizations of security mechanisms.
USENIX Symposium on Usable Privacy and Security (SOUPS) 2021