Rethinking Connection Security Indicators Adrienne Porter Felt, - - PowerPoint PPT Presentation

▶

Oct 23, 2022 8 likes •238 views

Rethinking Connection Security Indicators Adrienne Porter Felt, Robert W. Reeder, Alex Ainslie, Helen Harris, Max Walker, Christopher Thompson, Mustafa Emre Acer, Elisabeth Morant, Sunny Consolvo Connection Security Indicators Connection

SLIDE 1

Rethinking Connection Security Indicators

Adrienne Porter Felt, Robert W. Reeder, Alex Ainslie, Helen Harris, Max Walker, Christopher Thompson, Mustafa Emre Acer, Elisabeth Morant, Sunny Consolvo

SLIDE 2

Connection Security Indicators

SLIDE 3

Connection Security Indicators

CHROME: FIREFOX: EDGE:

SLIDE 4

TLS and HTTPS

What guarantees do you get?

SLIDE 5

TLS and HTTPS

What guarantees do you get? What assumptions do you make?

SLIDE 6

TLS and HTTPS

What guarantees do you get? What assumptions do you make? What guarantees do you not get?

SLIDE 7

Summarize all that in 100x100 pixels...

FIREFOX: CHROME: EDGE:

SLIDE 8

Miscommunication

FIREFOX: CHROME: EDGE:

https://www.indiamart.com/proddetail /non-woven-shopping-bag-14414682 991.html https://www.charmingcharlie.com/handbag s https://www.freepik.com/free-ve ctor/empty-shopping-bag-mocku p_1177172.htm

SLIDE 9

How To Convey the Guarantees of TLS in UI

Grab paper and pen Draw a full-page connection security indicator

SLIDE 10

What was missing in our design process?

Measurement of current state Actual user input to identify helpful changes Measurement of success after change is made

SLIDE 11

Research Question

How can we improve connection security indicators?

SLIDE 12

Research Question

What were their goals? How do we know when connection security indicators are ‘improved’?

SLIDE 13

Research Question

Was it the right question?

SLIDE 14

Problems to Be Solved

How to measure current security indicator effectiveness How to improve connection security indicators Measure effectiveness after deployment

SLIDE 15

Historical Indicators

SLIDE 16

Measuring Current Indicators

Most people understand at least partially the green lock More people are confused what the HTTP indicators are telling them

SLIDE 17

Icon/Color Selection

SLIDE 18

Icon/Color Selection

SLIDE 19

Text Selection

“secure” “https” “not secure”

SLIDE 20

SLIDE 21

Why Does Chrome Not Use These Indicators Today?

What changed?

SLIDE 22

Why Does Chrome Not Use These Indicators?

https://blog.chromium .org/2018/05/evolving

chromes-security-ind

icators.html

SLIDE 23

Rethinking Connection Security Indicators

Adrienne Porter Felt, Robert W. Reeder, Alex Ainslie, Helen Harris, Max Walker, Christopher Thompson, Mustafa Emre Acer, Elisabeth Morant, Sunny Consolvo

Connection Security Indicators

Connection Security Indicators

TLS and HTTPS

TLS and HTTPS

TLS and HTTPS

Summarize all that in 100x100 pixels...

Miscommunication

How To Convey the Guarantees of TLS in UI

What was missing in our design process?

Research Question

Research Question

Research Question

Problems to Be Solved

Historical Indicators

Measuring Current Indicators

Icon/Color Selection

Icon/Color Selection

Text Selection

Why Does Chrome Not Use These Indicators Today?

Why Does Chrome Not Use These Indicators?

What Will Future Work Look Like?