Leading Johnny to Water: Designing for Usability and Trust

Source: https://crysp.uwaterloo.ca/software/leadingjohnny/ Parent: https://crysp.uwaterloo.ca/software/

This is the companion website for the paper Leading Johnny to Water: Designing for Usability and Trust, appearing in the Symposium On Usable Privacy and Security (SOUPS) 2015.

The paper and corresponding software were written by Erinn Atwater, Cecylia Bocovich, Urs Hengartner, Ed Lank, and Ian Goldberg.

ABSTRACT

Although the means and the motivation for securing private messages and emails with strong end-to-end encryption exist, we have yet to see the widespread adoption of existing implementations. Previous studies have suggested that this is due to the lack of usability and understanding of existing systems such as PGP. A recent study by Ruoti et al. suggested that transparent, standalone encryption software that shows ciphertext and allows users to manually participate in the encryption process is more trustworthy than integrated, opaque software and just as usable.

In this work, we critically examine this suggestion by revisiting their study, deliberately investigating the effect of integration and transparency on users' trust. We also implement systems that adhere to the OpenPGP standard and use end-to-end encryption without reliance on third-party key escrow servers.

We find that while approximately a third of users do in fact trust standalone encryption applications more than browser extensions that integrate into their webmail client, it is not due to being able to see and interact with ciphertext. Rather, we find that users hold a belief that desktop applications are less likely to transmit their personal messages back to the developer of the software. We also find that despite this trust difference, users still overwhelmingly prefer integrated encryption software, due to the enhanced user experience it provides. Finally, we provide a set of design principles to guide the development of future consumer-friendly end-to-end encryption tools.