research-article

Experimenting at scale with google chrome's SSL warning

Authors:

Adrienne Porter Felt,

Robert W. Reeder,

Hazim Almuhimedi,

Sunny ConsolvoAuthors Info & Claims

CHI '14: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems

Pages 2667 - 2670

https://doi.org/10.1145/2556288.2557292

Published: 26 April 2014 Publication History

Get Access

Abstract

Web browsers show HTTPS authentication warnings (i.e., SSL warnings) when the integrity and confidentiality of users' interactions with websites are at risk. Our goal in this work is to decrease the number of users who click through the Google Chrome SSL warning. Prior research showed that the Mozilla Firefox SSL warning has a much lower click-through rate (CTR) than Chrome. We investigate several factors that could be responsible: the use of imagery, extra steps before the user can proceed, and style choices. To test these factors, we ran six experimental SSL warnings in Google Chrome 29 and measured 130,754 impressions.

References

[1]

Akhawe, D., and Felt, A. P. Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness. In USENIX Security Symposium (2013).

Digital Library

Google Scholar

[2]

Egelman, S., Cranor, L. F., and Hong, J. Youfive been warned: an empirical study of the effectiveness of web browser phishing warnings. In Proceedings of CHI (2008).

Digital Library

Google Scholar

[3]

Emery, N. The eyes have it: the neuroethology, function and evolution of social gaze. Neuroscience and Biobehavioral Reviews 24 (2000).

Google Scholar

[4]

Nodder, C. Users and trust: A Microsoft case study. Security and Usability: Designing Secure Systems that People Can Use (2005), 589--606.

Google Scholar

[5]

Rigdon, M., Ishii, K., Watabe, M., and Kitayama, S. Minimal social cues in the dictator game. Journal of Economic Psychology 30 (June 2009).

Crossref

Google Scholar

[6]

Senju, A., and Johnson, M. H. The eye contact effect: mechanisms and development. Trends in Cognitive Science (March 2009).

Google Scholar

[7]

Sotirakopoulos, A., Hawkey, K., and Beznosov, K. On the Challenges in Usable Security Lab Studies: Lessons Learned from Replicating a Study on SSL Warnings. In Proceedings of SOUPS (2011).

Digital Library

Google Scholar

[8]

Sunshine, J., Egelman, S., Almuhimedi, H., Atri, N., and Cranor, L. F. Crying Wolf: An Empirical Study of SSL Warning Effectiveness. In USENIX Security Symposium (2009).

Digital Library

Google Scholar

[9]

Wogalter, M. S., Conzola, V. C., and Smith-Jackson, T. L. Research-based guidelines for warning design and evaluation. Applied Ergonomics 33, 3 (2002).

Crossref

Google Scholar

Cited By

View all

Peer EFrik AGilsenan CEgelman S(2024)“Protect Me Tomorrow”: Commitment Nudges to Remedy Compromised PasswordsACM Transactions on Computer-Human Interaction10.1145/368903831:5(1-25)Online publication date: 16-Aug-2024
https://dl.acm.org/doi/10.1145/3689038
Wang ZKulkarni CWilcox LTerry MMadaio M(2024)Farsight: Fostering Responsible AI Awareness During AI Application PrototypingProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642335(1-40)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642335
Debnath JJenkins CSun YChau SChowdhury O(2024)ARMOR: A Formally Verified Implementation of X.509 Certificate Chain Validation2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00220(1462-1480)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00220
Show More Cited By

Index Terms

Experimenting at scale with google chrome's SSL warning

Recommendations

Improving SSL Warnings: Comprehension and Adherence
CHI '15: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems

Browsers warn users when the privacy of an SSL/TLS connection might be at risk. An ideal SSL warning would empower users to make informed decisions and, failing that, guide confused users to safety. Unfortunately, users struggle to understand and often ...
Creating Google Chrome Extensions
Google Chrome: Comparison of web browsers, Mozilla Firefox, Opera (web browser), Safari (web browser), Chromium (web browser), SRWare Iron, Google Chrome OS, Web browser, Google, WebKit, Layout engine

Comments

Information & Contributors

Information

Published In

CHI '14: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems

April 2014

4206 pages

ISBN:9781450324731

DOI:10.1145/2556288

General Chairs:
Matt Jones
Swansea University, Wales, UK
,
Philippe Palanque
Université Paul Sabatier, France
,
Program Chairs:
Albrecht Schmidt
University of Stuttgart, Germany
,
Tovi Grossman
Autodesk Research, Canada

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 April 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CHI '14

Sponsor:

SIGCHI

CHI '14: CHI Conference on Human Factors in Computing Systems

April 26 - May 1, 2014

Ontario, Toronto, Canada

Acceptance Rates

CHI '14 Paper Acceptance Rate 465 of 2,043 submissions, 23%;

Overall Acceptance Rate 6,199 of 26,314 submissions, 24%

Upcoming Conference

CHI 2025

Sponsor:
sigchi

ACM CHI Conference on Human Factors in Computing Systems

April 26 - May 1, 2025

Yokohama , Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

51
Total Citations
View Citations
668
Total Downloads

Downloads (Last 12 months)41
Downloads (Last 6 weeks)4

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Peer EFrik AGilsenan CEgelman S(2024)“Protect Me Tomorrow”: Commitment Nudges to Remedy Compromised PasswordsACM Transactions on Computer-Human Interaction10.1145/368903831:5(1-25)Online publication date: 16-Aug-2024
https://dl.acm.org/doi/10.1145/3689038
Wang ZKulkarni CWilcox LTerry MMadaio M(2024)Farsight: Fostering Responsible AI Awareness During AI Application PrototypingProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642335(1-40)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642335
Debnath JJenkins CSun YChau SChowdhury O(2024)ARMOR: A Formally Verified Implementation of X.509 Certificate Chain Validation2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00220(1462-1480)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00220
Pan YXu ZLi LYang YZhang MJust RFraser G(2023)Automated Generation of Security-Centric Descriptions for Smart Contract BytecodeProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3597926.3598132(1244-1256)Online publication date: 12-Jul-2023
https://dl.acm.org/doi/10.1145/3597926.3598132
Mayer PZou YLowens BDyer HLe KSchaub FAviv A(2023)Awareness, Intention, (In)Action: Individuals’ Reactions to Data BreachesACM Transactions on Computer-Human Interaction10.1145/358995830:5(1-53)Online publication date: 23-Sep-2023
https://dl.acm.org/doi/10.1145/3589958
Murimi RBlanke SMurimi R(2023)A Decade of Development of Mental Models in Cybersecurity and Lessons for the FutureProceedings of the International Conference on Cybersecurity, Situational Awareness and Social Media10.1007/978-981-19-6414-5_7(105-132)Online publication date: 8-Mar-2023
https://doi.org/10.1007/978-981-19-6414-5_7
Zeng MZhu FCarpenter S(2022)Dynamic WarningsInternational Journal of Information Security and Privacy10.4018/IJISP.30366216:1(1-28)Online publication date: 13-Jul-2022
https://doi.org/10.4018/IJISP.303662
Wang JShi JWen XXu LZhao KTao FZhao WQian X(2022)The effect of signal icon and persuasion strategy on warning design in online fraudComputers and Security10.1016/j.cose.2022.102839121:COnline publication date: 1-Oct-2022
https://dl.acm.org/doi/10.1016/j.cose.2022.102839
Reynolds JBates ABailey M(2022)Equivocal URLs: Understanding the Fragmented Space of URL Parser ImplementationsComputer Security – ESORICS 202210.1007/978-3-031-17143-7_9(166-185)Online publication date: 24-Sep-2022
https://doi.org/10.1007/978-3-031-17143-7_9
Sherman IStokes JRedmiles EBilge LDumitras T(2021)Designing Media Provenance Indicators to Combat Fake MediaProceedings of the 24th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3471621.3471860(324-339)Online publication date: 6-Oct-2021
https://dl.acm.org/doi/10.1145/3471621.3471860
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Improving SSL Warnings: Comprehension and Adherence

Creating Google Chrome Extensions

Google Chrome: Comparison of web browsers, Mozilla Firefox, Opera (web browser), Safari (web browser), Chromium (web browser), SRWare Iron, Google Chrome OS, Web browser, Google, WebKit, Layout engine