Improving Mental Models of End-to-End Encrypted Communication

Conference:  BlackHat USA 2020



The presentation discusses a three-stage approach to shifting users' mental models about end-to-end encryption (E2E). The second stage involves an online survey study to test the effectiveness of short messages in shifting mental models.
  • The second stage of the approach involves an online survey study to test the effectiveness of short messages in shifting mental models about E2E.
  • Short messages were designed to cover single concise talking points and were intended to be easily integrated into applications.
  • Participants were quizzed before and after reading the messages to measure changes in their mental models.
  • The most significant factor in shifting participants' mental models was explaining computationality.
  • Explaining risks clearly and comparing E2E to non-E2E were also effective in shifting mental models.
  • Explaining integrity, authenticity, and how E2E works were not as successful in shifting mental models.
The study found that participants were surprised to learn that internet service providers (ISPs) can access their messages, and that E2E can protect against them. However, participants still had confusion about authenticity, with some conflating it with username and password protection. One participant stated that E2E protects against username and password theft, which is incorrect. This highlights the importance of clarifying the weaknesses and benefits of E2E to correct users' mental models.


Research has repeatedly established that although many messaging apps (WhatsApp, iMessage, Signal etc.) have incorporated end-to-end encryption (E2EE) as a feature, user understandings of E2EE communications are not completely accurate. As a result, some users may turn to less secure platforms (e.g., SMS or landline calls) to exchange confidential information, may not know how to react to some E2EE related tasks, such as performing authentication ceremonies. These misunderstandings can cause users greater security and privacy risks than they realize. Our work aims to tackle this issue by creating and utilizing practical explanations of E2EE to improve the functionality of users' mental models. We developed our educational efforts through a series of user studies. First, we conducted a participatory-design tutorial study (n=25) to understand what information about E2EE is most useful to and will likely be absorbed by end users. Based on the results, we generated short, medium, and long-length educational texts and measured their effectiveness in isolation with an online survey study (n=459). Finally, we evaluated the messages in context with a longitudinal study. We incorporated the best-performing messages into an exemplar open-source messaging app (based on Signal), and asked participants to interact with it for three weeks. Final results of the longitudinal study will be available this early July.In this talk, we will discuss our design approach and the results of our intervention on users' mental models. We will share the implications of our work for the UX design of privacy-preserving communications tools.