Visible to the public In Encryption We Don’t Trust: The Effect of End-to-End Encryption to the Masses on User Perception

TitleIn Encryption We Don’t Trust: The Effect of End-to-End Encryption to the Masses on User Perception
Publication TypeConference Paper
Year of Publication2019
AuthorsDechand, Sergej, Naiakshina, Alena, Danilova, Anastasia, Smith, Matthew
Conference Name2019 IEEE European Symposium on Security and Privacy (EuroS P)
Date Publishedjun
Keywordsauthentication, Cognitive science, communication model, cryptography, data privacy, electronic messaging, Encryption, End user Studies, end-to-end encryption, end-to-end security, HCI, Interviews, Mental model, post-mass messenger encryption, post-MME, pre-mass messenger encryption, pre-MME, Protocols, pubcrawl, Resiliency, Scalability, secure messaging, Security by Default, signal protocol, skilled attackers, Usable Security and Privacy, User perception, whatsapp
AbstractWith WhatsApp's adoption of the Signal Protocol as its default, end-to-end encryption by the masses happened almost overnight. Unlike iMessage, WhatsApp notifies users that encryption is enabled, explicitly informing users about improved privacy. This rare feature gives us an opportunity to study people's understandings and perceptions of secure messaging pre-and post-mass messenger encryption (pre/post-MME). To study changes in perceptions, we compared the results of two mental models studies: one conducted in 2015 pre-MME and one in 2017 post-MME. Our primary finding is that users do not trust encryption as currently offered. When asked about encryption in the study, most stated that they had heard of encryption, but only a few understood the implications, even on a high level. Their consensus view was that no technical solution to stop skilled attackers from getting their data exists. Even with a major development, such as WhatsApp rolling out end-to-end encryption, people still do not feel well protected by their technology. Surprisingly, despite WhatsApp's end-to-end security info messages and the high media attention, the majority of the participants were not even aware of encryption. Most participants had an almost correct threat model, but don't believe that there is a technical solution to stop knowledgeable attackers to read their messages. Using technology made them feel vulnerable.
Citation Keydechand_encryption_2019