Papers:Sending the Right Signals

From MozillaWiki
Revision as of 09:43, 25 January 2006 by Beltzner (talk | contribs)
Jump to navigation Jump to search
This document is currently in draft.
Please do not edit this page without permission. Your feedback and comments are welcomed on the [[Talk:User:Beltzner/Usability_and_Security|discussion page]].

This is Mozilla's submission for the upcoming W3C Workshop on Transparency and Usability of Web Authentication.

Jane, IRL

Jane is travelling, and finds herself in an unfamiliar area. She turns a corner and sees a bank, a corner store, and a taxi. She's hungry and wants to get back to her hotel, so she enters the bank, uses her ATM card to withdraw some money, walks to the corner store and gets a local snack and drink, and finally hops in the cab and heads off.

How did Jane know that the bank could be trusted? How could she be sure that the food she was about to buy wouldn't make her sick? What convinced her that the taxi driver was on the level?

In the physical world, there are a variety of signals that Jane can use to establish a sense of trust. Some of these signals are physical in form such as the architecture of the buildings, the cleanliness of the taxi, and freshness seals on packages. Other signals are entirely conceptual such as brand recognition. In all cases however, Jane's assessment of trust is based on levels of familiarity. If Jane recognizes the name of the bank, she will likely trust it completely. Jane may also decide to trust the bank if she recognizes the pattern of the name of the bank (ie: First National Bank of Whereverland) or if its physical characteristics match her mental image of a bank. There is a chance that Jane will be fooled, but we tend to be very effective at pattern matching, and even small inconsistencies would very likely raise suspicion.

Jane, Online

Jane returns home from travelling, and decides to go online and plan her next trip. After using a search engine to look for recommendations, she finds herself on an unfamiliar message board. She sees a link to a website that builds custom vacation packages. Jane likes this idea, and follows the link, submits her preferences and identification information, and charges her next trip to her credit card.

This time, when Jane had to make her assessment of trust, she had a similar set of signals to choose from. The name of the website may be a recognizable brand, or have closely matched a pattern that was familiar to Jane. The look and feel of the website may also have matched Jane's expectation of what a professional website looks like. Finally, and uniquely, her web browser may have provided some indication to Jane about how she should trust the website being viewed.

IRL vs. Online

There are some fundamental differences between signals available to an individual in the physical and online worlds, and it is these differences that make internet users so vulnerable to attack.

  • Tangibility: Perhaps the most obvious difference is that the physical world is tangible whereas the online world is not. When an individual visits a location in the physical world, they can examine it directly as opposed to through some intermediary interprative tool. As a result, we experience objects in the physical world in many more dimensions than those of the virtual. The additional dimensions (ie: touch, smell, depth, tactile sensation) all provide contextual signals which are absent from objects in the virtual world, and which can contribute to one's evaluation of trust.
  • Cost of Impersonation: Related to tangibility is the cost of impersonation. Because physical world objects must be convincing in so many dimensions, and because the human brain is so adept at recognizing patterns and exceptions to patterns, the task of impersonating an entity in the real world is is both complex and costly. Virtual world objects, on the other hand, are easy to impersonate as they exist in far fewer dimensions. In fact, even authentic virtual world objects are frequently just endorsed impersonations of real-world counterparts.
  • Familiarity:
  • Consistency:
  • Review of current UI in browsers (IE, firefox, safari, opera)
    • status notification areas
    • security status notification techniques
    • terminology used, technologies supported
  • Arguments for consistency
    • ability to move from browser to browser w/o relearning metaphors
    • shapes user expectations
    • promotes clarity
  • What we know doesn't work
    • techno-centric terminology
    • expecting users to think deeply on these issues

And then, if we feel that a recommendation is needed, I was going to take a flyer with:

  • What we propose
    • simple notification with plain language to tell user if the site they are visiting is
      • real: this website is who it says it is
      • secure: this website is encrypted
      • recommended: this person says this website is safe
    • potentially match up "zones" with these ideas
Retrieved from "https://wiki.mozilla.org/index.php?title=Papers:Sending_the_Right_Signals&oldid=16447"