An Experience Sampling Study of User Reactions to Browser Warnings in the Field

TitleAn Experience Sampling Study of User Reactions to Browser Warnings in the Field
Publication TypeConference Paper
Year of Publication2018
AuthorsReeder RW, Felt APorter, Consolvo S, Malkin N, Thompson C, Egelman S
Published inProceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI ’18)
Keywordsbrowser security, Usable security, warnings, web security
Abstract

Web browser warnings should help protect people from malware, phishing, and network attacks. Adhering to warnings keeps people safer online. Recent improvements in warning design have raised adherence rates, but they could still be higher. And prior work suggests many people still do not understand them. Thus, two challenges remain: increasing both comprehension and adherence rates. To dig deeper into user decision making and comprehension of warnings, we performed an experience sampling study of web browser security warnings, which involved surveying over 6,000 Chrome and Firefox users in situ to gather reasons for adhering or not to real warnings. We find these reasons are many and vary with context. Contrary to older prior work, we do not find a single dominant failure in modern warning design—like habituation—that prevents effective decisions. We conclude that further improvements to warnings will require solving a range of smaller contextual misunderstandings. 

Acknowledgment

We wish to acknowledge Mustafa Emre Acer, Arjun Baokar, Helen Harris, Ashkan Hosseini, Iulia Ion, Patrick Gage Kelley, Kris Maglione, Elisabeth Morant, Ahir Reddy, Martin Shelton, Parisa Tabriz, Jorge Villalobos, Tanvi Vyas, Amanda Walker, as well as the Chrome team for contributions to building and reviewing our browser extensions, coding our data, recruiting, and reading through drafts. Thank you all. The Berkeley team was supported by a Google Faculty Research Award.

URLhttps://blues.cs.berkeley.edu/wp-content/uploads/2018/01/chi18-warnings.pdf
ICSI Research Group

Usable Security and Privacy