Re: Action 180 - Make pass through SharedBookmarks and other material; map testing results to status quo from Maritza Johnson on 2007-07-11 (public-wsc-wg@w3.org from July 2007)

From: Maritza Johnson <maritzaj@cs.columbia.edu>
Date: Wed, 11 Jul 2007 10:40:56 -0400
To: "Doyle, Bill" <wdoyle@mitre.org>
Cc: "Serge Egelman" <egelman@cs.cmu.edu>, "Rachna Dhamija" <rachna.public@gmail.com>, <public-wsc-wg@w3.org>
Message-Id: <D9450F12-2FFC-4E57-879B-14E0D5B54F7B@cs.columbia.edu>

> 1. Any info on users that still use the padlock to mean security?

Are you referring to the people using the actual padlock or users who  
consider any lock icon to indicate security?

> 2. Any info that discusses the lack of consistency in presentation of
> security context and potential impact if it was consistent?

I haven't seen any work specifically on the impact of consistency  
with security cues. The closest reference I can think of comes from a  
study that used an eye-tracking device (see Gathering Evidence in our  
SharedBookmarks).

Results are reported that correlate someone who claimed they checked  
for and saw a lock icon for a page to the event of them looking in  
the wrong corner for the lock icon. Their data also shows they  
reported using a different browser than the one in the study, the  
browser they use shows the lock in the left corner, while the browser  
in the study had another icon in the left corner.

While this is only one data point, there are also papers in HCI  
design principles that push for consistency whenever possible. IMO,  
if consistency helps reduce confusion for things like menu design and  
other GUIs,  it can't hurt us to strive for consistency in our  
recommendations.

- Maritza

>
> Bill D.
>
>
> -----Original Message-----
> From: public-wsc-wg-request@w3.org
> [mailto:public-wsc-wg-request@w3.org] On Behalf Of Serge Egelman
> Sent: Friday, June 08, 2007 6:43 PM
> To: Rachna Dhamija
> Cc: public-wsc-wg@w3.org
> Subject: Re: Action 180 - Make pass through SharedBookmarks and other
> material; map testing results to status quo
>
>
> I have statistics on the IE EV bar as well in my study.  I should be
> wrapping it up in the next few weeks.  But of the people who have
> participated so far, not one has noticed it.
>
> serge
>
> Rachna Dhamija wrote:
>> On Jun 8, 2007, at 11:42 AM, Mary Ellen Zurko wrote:
>>
>>>> ( Anyone know of any results for Mozilla's yellow address bar? )
>>> I don't.
>>
>> In the Why Phishing Works paper, I noted that many participants in
> the
>> study did not notice the yellow address bar (even those whose primary
>> browser was Firefox), or they misinterpreted the meaning ( e.g. some
>> thought it was an aesthetic design choice by the web designer).   I
>> routinely find people, even many who are technical and in web
>> professions, who do not notice or understand the meaning of this
> color
>> change.  Collin Jackson's paper has some statistics on IE's green EV
>> address bar.
>>
>> Rachna
>>
>
> -- 
> /*
> Serge Egelman
>
> PhD Candidate
> Vice President for External Affairs, Graduate Student Assembly
> Carnegie Mellon University
>
> Legislative Concerns Chair
> National Association of Graduate-Professional Students
> */
>
>

Received on Wednesday, 11 July 2007 14:42:05 UTC