Research has repeatedly established that although many messaging apps (WhatsApp, iMessage, Signal etc.) have incorporated end-to-end encryption (E2EE) as a feature, user understandings of E2EE communications are not completely accurate. As a result, some users may turn to less secure platforms (e.g., SMS or landline calls) to exchange confidential information, may not know how to react to some E2EE related tasks, such as performing authentication ceremonies. These misunderstandings can cause users greater security and privacy risks than they realize. Our work aims to tackle this issue by creating and utilizing practical explanations of E2EE to improve the functionality of users' mental models.
We developed our educational efforts through a series of user studies. First, we conducted a participatory-design tutorial study (n=25) to understand what information about E2EE is most useful to and will likely be absorbed by end users. Based on the results, we generated short, medium, and long-length educational texts and measured their effectiveness in isolation with an online survey study (n=459). Finally, we evaluated the messages in context with a longitudinal study. We incorporated the best-performing messages into an exemplar open-source messaging app (based on Signal), and asked participants to interact with it for three weeks. Final results of the longitudinal study will be available this early July.
In this talk, we will discuss our design approach and the results of our intervention on users' mental models. We will share the implications of our work for the UX design of privacy-preserving communications tools.