Metaphors considered harmful? An exploratory study of the effectiveness of functional metaphors for end-to-end encryption

Demjaha, Arsime; Spring, JM; Becker, Ingolf; Parkin, Simon; Sasse, M. Angela

doi:10.14722/usec.2018.23015

Cited by 14 publications

(13 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We investigated the media outlets 2 and companies applying differential privacy to see how differential privacy is conveyed to users. We found that differential privacy is conveyed to people using an example of tossing a coin for changing responses to sensitive questions, 3 noisy sound waves of radio channels, 4 and a noisy portrait 5 from the media outlets. Exploring how companies described differential privacy to their users did not result in any further metaphors which we could analyse and use in our study.…”

Section: Results Of Phasementioning

confidence: 95%

“…Two of the important steps in the framework proposed by Alty et al [1] are identifying system functionality and analysing metaphor-system pairings. To analyse the metaphors of E2E encryption, Demjaha et al [4] benefited from a metaphor evaluation matrix. The template of the metaphor evaluation matrix we use for analysing metaphor-system pairings is shown in Table 1 and is adapted from [4].…”

Section: Phase 1: Metaphor Generationmentioning

confidence: 99%

“…To analyse the metaphors of E2E encryption, Demjaha et al [4] benefited from a metaphor evaluation matrix. The template of the metaphor evaluation matrix we use for analysing metaphor-system pairings is shown in Table 1 and is adapted from [4]. As we have three different scenarios, we adapted the template table to evaluate whether a metaphor is suitable for each of our scenarios.…”

Section: Phase 1: Metaphor Generationmentioning

confidence: 99%

“…To address our research question, similar to Demjaha et al [4] who benefited from the framework proposed by Alty et al [1] to generate and evaluate their explanatory metaphors for E2E encryption, we employed and adapted the framework to fit our objective. Our approach consists of three phases: 1) metaphor generation, 2) metaphor analytical evaluations based on expert analyses, and 3) metaphor empirical evaluations involving lay users.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Vision: A Noisy Picture or a Picker Wheel to Spin? Exploring Suitable Metaphors for Differentially Private Data Analyses

Karegar

Fischer‐Hübner

2021

Proceedings of the 2021 European Symposium on Usable Security

View full text Add to dashboard Cite

Personal data analyses, for instance, in the area of eHealth, can provide many benefits while posing privacy challenges at the same time. Applying differentially private mechanisms have become one of the dominant approaches for the protection of personal data in statistical analyses. Transparency of the privacy functionality of differentially private mechanisms can facilitate informed decisionmaking for using differentially private systems and understanding the privacy consequences of such decisions. However, differential privacy is a complex concept that makes it a challenge to explain the privacy functionality it comprises to lay users. Our research outlined in this vision paper aims to address this challenge in three phases by creating and analysing metaphors for conveying the functionality of differential privacy to lay data subjects who should decide about sharing their data in the context of differentially private data analysis. In this paper, we report the results of the first two phases of our study for extracting the metaphors and adapting and extending them based on two rounds of analytical evaluations and feedback from privacy experts. Further, we briefly discuss how, in the third phase, we want to move forward and empirically assess the resulted metaphors from previous steps by involving lay users. CCS CONCEPTS• Security and privacy → Human and societal aspects of security and privacy; • Human-centered computing → Empirical studies in HCI.

show abstract

Section: Results Of Phasementioning

confidence: 95%

Section: Phase 1: Metaphor Generationmentioning

confidence: 99%

Section: Phase 1: Metaphor Generationmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Vision: A Noisy Picture or a Picker Wheel to Spin? Exploring Suitable Metaphors for Differentially Private Data Analyses

Karegar

Fischer‐Hübner

2021

Proceedings of the 2021 European Symposium on Usable Security

View full text Add to dashboard Cite

show abstract

“…The authors suggest to implement a user interface that makes E2E encryption processes more graspable for the user and increases transparency about the business model and the encryption protocol, which is not publicly available yet. The creation of metaphors with the objective of improving user understanding of encryption also seems to be a promising direction for future research, however, Demjaha et al, [10] showed that using metaphors can sometimes do more harm than good, and the authors underline the difficulties of explaining encryption to users. Similar problems are pointed out by Abu-Salma and colleagues [1], who analyzed the user interface of the secure messaging app Telegram.…”

Section: Consequences Of Invisible and Ineffectively Communicated Encmentioning

confidence: 99%

Making Encryption Feel Secure: Investigating how Descriptions of Encryption Impact Perceived Security

Distler

Lallemand

Koenig

2020

2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

View full text Add to dashboard Cite

When communication about security to end users is ineffective, people frequently misinterpret the protection offered by a system. The discrepancy between the security users perceive a system to have and the actual system state can lead to potentially risky behaviors. It is thus crucial to understand how security perceptions are shaped by interface elements such as text-based descriptions of encryption. This article addresses the question of how encryption should be described to non-experts in a way that enhances perceived security. We tested the following within-subject variables in an online experiment (N=309): a) how to best word encryption, b) whether encryption should be described with a focus on the process or outcome, or both c) whether the objective of encryption should be mentioned d) when mentioning the objective of encryption, how to best describe it e) whether a hash should be displayed to the user. We also investigated the role of context (between subjects). The verbs "encrypt" and "secure" performed comparatively well at enhancing perceived security. Overall, participants stated that they felt more secure not knowing about the objective of encryption. When it is necessary to state the objective, positive wording of the objective of encryption worked best. We discuss implications and why using these results to design for perceived lack of security might be of interest as well. This leads us to discuss ethical concerns, and we give guidelines for the design of user interfaces where encryption should be communicated to end users.

show abstract

Bringing Crypto Knowledge to School: Examining and Improving Junior High School Students’ Security Assumptions About Encrypted Chat Apps

Schaewitz

Lohmann

Fischer

et al. 2022

Socio-Technical Aspects in Security

View full text Add to dashboard Cite

End-to-end encryption (E2EE) of everyday communication plays an essential role in protecting citizens from mass surveillance. The especially vulnerable group of children and young adolescents move quickly between chat apps and use them frequently and intensively. Yet they have had the least time to learn about online security compared to other age groups. In a two-part study conducted with four classes at a junior high school (N = 86 students, ages 12-16), we examined perceptions of security and privacy threats related to chat apps and understanding of E2EE using a questionnaire. A pre-post measure allowed us to examine how a short instruction video shown in class to explain the concept of E2EE and how it works in chat apps affected students' security understanding and threat perceptions. Our results show that students are aware of a variety of online threats but they are not familiar with the term E2EE. After the instruction, students gained confidence in explaining the concept of encryption and their understanding of the security features of E2EE improved. Our results also show that explanation of threats and E2EE can shift the intention of some participants towards tools that offer more protection.

show abstract

Metaphors considered harmful? An exploratory study of the effectiveness of functional metaphors for end-to-end encryption

Cited by 14 publications

References 26 publications

Vision: A Noisy Picture or a Picker Wheel to Spin? Exploring Suitable Metaphors for Differentially Private Data Analyses

Vision: A Noisy Picture or a Picker Wheel to Spin? Exploring Suitable Metaphors for Differentially Private Data Analyses

Making Encryption Feel Secure: Investigating how Descriptions of Encryption Impact Perceived Security

Bringing Crypto Knowledge to School: Examining and Improving Junior High School Students’ Security Assumptions About Encrypted Chat Apps

Contact Info

Product

Resources

About