Abu-Salma, Ruba;
(2020)
Designing User-Centered Privacy-Enhancing Technologies.
Doctoral thesis (Ph.D), UCL (University College London).
Preview |
Text
Abu-Salma__Thesis.pdf Download (7MB) | Preview |
Abstract
Computer security and privacy experts have always advocated the widespread adoption of privacy-enhancing technologies (PETs). However, it remains unclear if mainstream users1 understand what protection these technologies offer. Unlike prior work, we take a user-centered approach to evaluating the user experience, and improving the design, of two PETs: secure (mainly encrypted) communications and private browsing. Prior studies have shown poor usability primarily hampers the adoption and use of secure communication tools. However, we found – by conducting five qualitative (n=102) and two quantitative (n=425) user studies – that, in addition to poor usability, lack of utility and incorrect user mental models of secure communications are primary obstacles to adoption. Users will not adopt a communication tool that is both usable and secure, but lacks utility (due to, e.g., the tool’s small userbase). Further, most users do not know what it means for a usable and secure tool that is widely-adopted and offers utility (e.g., WhatsApp) to be end-to-end encrypted. Incorrect mental models of encryption lead people to use less secure channels that they incorrectly perceive as more secure than end-to-end encrypted tools. Thus, we argue the key user-related challenge for secure communications is not only fostering adoption, but also emphasizing appropriate use – by helping people who already use secure tools avoid sending sensitive information over less secure channels. By employing participatory design, we take a user-centered approach to designing effective descriptions that explain the security properties of end-to-end encrypted communications. Additionally, we take a user-centered approach (as part of a validation study) to evaluating and improving the user experience of another PET: private browsing mode. We conduct a qualitative user study (n=25) to explore the adoption and use of private mode. We employ participatory design and propose guidelines to help create informative browser disclosures that explain the security properties of private mode.
Type: | Thesis (Doctoral) |
---|---|
Qualification: | Ph.D |
Title: | Designing User-Centered Privacy-Enhancing Technologies |
Event: | UCL (University College London) |
Open access status: | An open access version is available from UCL Discovery |
Language: | English |
Additional information: | Copyright © The Author 2020. Original content in this thesis is licensed under the terms of the Creative Commons Attribution 4.0 International (CC BY 4.0) Licence (https://creativecommons.org/licenses/by/4.0/). Any third-party copyright material present remains the property of its respective owner(s) and is licensed under its existing terms. Access may initially be restricted at the author’s request. |
UCL classification: | UCL UCL > Provost and Vice Provost Offices UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
URI: | https://discovery.ucl.ac.uk/id/eprint/10098693 |
Archive Staff Only
View Item |