Re: first cut usability walk through from Serge Egelman on 2007-08-01 (public-wsc-wg@w3.org from August 2007)

From: Serge Egelman <egelman@cs.cmu.edu>
Date: Wed, 01 Aug 2007 13:11:50 -0400
To: W3 Work Group <public-wsc-wg@w3.org>
Message-ID: <46B0BED6.4000102@cs.cmu.edu>

Thomas Roessler wrote:
> Quickly glancing through the proposed testing, two things are
> catching my eye:
> 
> - Identity Signal, Page Security Score, and the EV part of the
>   proposals are pretty much focused on the same topic -- passive
>   indicators, and when to show them.  However, we have no language
>   in the proposals so far that would usefully tell us what these
>   indicators would look like.

We don't need to know what the specific indicators look like if the
underlying concepts are flawed.  This is what this study examines.  If
users ignore the most flashy passive indicators, then using any type of
passive indicator is a nonstarter.

> 
>   Working on an editor's draft for what the rec track document might
>   look like, one question is what attributes about the issuer and
>   subject would actually be displayed in the identity signal, and
>   under what conditions.

I'm not sure this matters for the purpose of testing.  If we're just
displaying identity information, we shouldn't see any statistically
significant results based on what type of information is displayed.
We're testing if users will notice *any* information gleaned from the
certificates and displayed passively.

> 
> - The proposed experiment for EV doesn't actually check whether
>   people understand the indicator; it rather checks whether the
>   absence of these indicators can be used as a hook to social
>   engineer users into subverting the integrity of their browser.
>   That's a somewhat different question.

How is that a different question?  This type of indicator is only useful
if people notice the lack of such an indicator (which also means they're
looking for the presence of one).  It's also only effective if it can't
be spoofed by fraudulent websites.  If no one cares whether this
indicator is present, it's useless.  Likewise, if this indicator can be
spoofed so that most users are fooled, it's also useless.

It also does check whether people understand the indicator.  This
indicator is *only* effective when people understand it.  Part of
understanding it is knowing the difference between real and spoofed
indicators.

serge

-- 
/*
Serge Egelman

PhD Candidate
Vice President for External Affairs, Graduate Student Assembly
Carnegie Mellon University

Legislative Concerns Chair
National Association of Graduate-Professional Students
*/

Received on Wednesday, 1 August 2007 17:12:02 UTC