Privacy in e-commerce: examining user scenarios and privacy preferences
Proceedings of the 1st ACM conference on Electronic commerce
What do web users do? An empirical analysis of web use
International Journal of Human-Computer Studies
Gathering evidence: use of visual security cues in web browsers
GI '05 Proceedings of Graphics Interface 2005
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Do security toolbars actually prevent phishing attacks?
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Designing ethical phishing experiments: a study of (ROT13) rOnl query features
Proceedings of the 15th international conference on World Wide Web
Power strips, prophylactics, and privacy, oh my!
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
The Emperor's New Security Indicators
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Improving security decisions with polymorphic and audited dialogs
Proceedings of the 3rd symposium on Usable privacy and security
Communications of the ACM
You've been warned: an empirical study of the effectiveness of web browser phishing warnings
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Exploring User Reactions to New Browser Cues for Extended Validation Certificates
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Browser interfaces and extended validation SSL certificates: an empirical study
Proceedings of the 2009 ACM workshop on Cloud computing security
Crying wolf: an empirical study of SSL warning effectiveness
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Trust and TAM in online shopping: an integrated model
MIS Quarterly
Studying access-control usability in the lab: lessons learned from four studies
Proceedings of the 2012 Workshop on Learning from Authoritative Security Experiment Results
Why eve and mallory love android: an analysis of android SSL (in)security
Proceedings of the 2012 ACM conference on Computer and communications security
Comparative eye tracking of experts and novices in web single sign-on
Proceedings of the third ACM conference on Data and application security and privacy
Here's my cert, so trust me, maybe?: understanding TLS errors on the web
Proceedings of the 22nd international conference on World Wide Web
Your attention please: designing security-decision UIs to make genuine risks harder to ignore
Proceedings of the Ninth Symposium on Usable Privacy and Security
Alice in warningland: a large-scale field study of browser security warning effectiveness
SEC'13 Proceedings of the 22nd USENIX conference on Security
Hi-index | 0.00 |
We replicated and extended a 2008 study conducted at CMU that investigated the effectiveness of SSL warnings. We adjusted the experimental design to mitigate some of the limitations of that prior study; adjustments include allowing participants to use their web browser of choice and recruiting a more representative user sample. However, during our study we observed a strong disparity between our participants actions during the laboratory tasks and their self-reported "would be" actions during similar tasks in everyday computer practices. Our participants attributed this disparity to the laboratory environment and the security it offered. In this paper we discuss our results and how the introduced changes to the initial study design may have affected them. Also, we discuss the challenges of observing natural behavior in a study environment, as well as the challenges of replicating previous studies given the rapid changes in web technology. We also propose alternatives to traditional laboratory study methodologies that can be considered by the usable security research community when investigating research questions involving sensitive data where trust may influence behavior.