Designing user-centered privacy-enhancing technologies

Computer security and privacy experts have always advocated the widespread adoption of privacy-enhancing technologies (PETs). However, it remains unclear if mainstream users1 understand what protection these technologies offer. Unlike prior work, we take a user-centered approach to evaluating the user experience, and improving the design, of two PETs: secure (mainly encrypted) communications and private browsing. Prior studies have shown poor usability primarily hampers the adoption and use of secure communication tools. However, we found – by conducting five qualitative (n=102) and two quantitative (n=425) user studies – that, in addition to poor usability, lack of utility and incorrect user mental models of secure communications are primary obstacles to adoption. Users will not adopt a communication tool that is both usable and secure, but lacks utility (due to, e.g., the tool’s small userbase). Further, most users do not know what it means for a usable and secure tool that is widely-adopted and offers utility (e.g., WhatsApp) to be end-to-end encrypted. Incorrect mental models of encryption lead people to use less secure channels that they incorrectly perceive as more secure than end-to-end encrypted tools. Thus, we argue the key user-related challenge for secure communications is not only fostering adoption, but also emphasizing appropriate use – by helping people who already use secure tools avoid sending sensitive information over less secure channels. By employing participatory design, we take a user-centered approach to designing effective descriptions that explain the security properties of end-to-end encrypted communications. Additionally, we take a user-centered approach (as part of a validation study) to evaluating and improving the user experience of another PET: private browsing mode. We conduct a qualitative user study (n=25) to explore the adoption and use of private mode. We employ participatory design and propose guidelines to help create informative browser disclosures that explain the security properties of private mode.