Ingolf Becker

Metaphors considered harmful? An exploratory study of the effectiveness of functional metaphors for end-to-end encryption

Background: Research has shown that users do not use encryption and fail to understand the security properties which encryption provides. We hypothesise that one contributing factor to failed user understanding is poor explanations of security properties, as the technical descriptions used to explain encryption focus on structural mental models. Purpose: We methodically generate metaphors for end-to-end (E2E) encryption that cue functional models and develop and test the metaphors’ effect on users’ understanding of E2E-encryption. Data: Transcripts of 98 interviews with users of various E2Eencrypted messaging apps and 211 survey responses. Method: First, we code the user interviews and extract promising explanations. These user-provided explanations inform the creation of metaphors using a framework for generating metaphors adapted from literature. The generated metaphors and existing industry descriptions of E2E-encryption are analytically evaluated. Finally, we design and conduct a survey to test whether exposing users to these descriptions improves their understanding of the functionality provided by E2E-encrypted messaging apps. Results: While the analytical evaluation showed promising results, none of the descriptions tested in the survey improve understanding; descriptions frequently cue users in a way that undoes their previously correct understanding. Metaphors developed from user language are better than existing industry descriptions, in that ours cause less harm. Conclusion: Creating explanatory metaphors for encryption technologies is hard. Short statements that attempt to cue mental models do not improve participants’ understanding. Better solutions should build on our methodology to test a variety of potential metaphors, to understand both the improvement and harm that metaphors may elicit.

International comparison of bank fraud reimbursement: customer perceptions and contractual terms

We set out to investigate how customers comprehend bank terms and conditions (TC in some cases they differ by product type, and advice can even be contradictory. While many banks allow customers to write PINs down as long as they are disguised and not kept with the card, 20% of banks do not allow PINs to be written down at all, and a handful do not allow PINs to be shared between accounts. We test our findings on 151 participants in Germany, the US and UK. They mostly agree: only 35% fully understand the T&Cs, and 28% find that sections are unclear. There are strong regional variations: Germans find their T&Cs particularly hard to understand, but Americans assume harsher T&Cs than they actually are, and tend to be reassured when they actually read them.

No Good Reason to Remove Features

Application sandboxes are an essential security mechanism to contain malware. Yet, they are seldom used on Desktops. We hypothesise this is because sandboxes are incompatible with plugins, and with APIs used to implement a wide variety of Desktop features. To verify this, we interviewed 13 expert users about their app appropriation decisions, and illustrate how they recruit values like usefulness, productivity or reliability in their decisions. We found that (a) security is an unimportant factor for appropriation; (b) plugins considerably support productivity needs and (c) users may abandon apps that remove a feature, especially for feature removals justified by security. Productivity-oriented expert Desktop users place more value in a stable user experience and in having flexible apps than in security benefits. Sandboxing thus conflicts with their values. We conclude that for sandboxed apps to be systematically adoptable by expert users, sandboxes must no longer require the sacrifice of plugins and features found in Desktop apps.

Are Payment Card Contracts Unfair? (Short Paper)

Fraud victims are often refused a refund by their bank on the grounds that they failed to comply with their bank’s terms and conditions about PIN safety. We, therefore, conducted a survey of how many PINs people have, and how they manage them. We found that while only a third of PINs are ever changed, almost half of bank customers write at least one PIN down. We also found bank conditions that are too vague to test, or even contradictory on whether PINs could be shared across cards. Yet, some hazardous practices are not forbidden by many banks: of the 22.9% who re-use PINs across devices, half also use their bank PINs on their mobile phones. We conclude that many bank contracts fail a simple test of reasonableness, and ‘strong authentication’, as required by the Payment Services Directive II, should include usability testing.