omnat
commented
5 years ago Insights from this paper on how we could design so that user understands what the warning is and increase chances that they adhere to security warning instead of taking a risk https://ai.google/research/pubs/pub46632
TLDR:
- Comprehension: Users tend to think the SSL warning is related to a site, and if they trust the site itself, they might continue despite of the warning.
Opportunity to educate about the specific property of the security that seems vulnerable. Make it clear that when a warning appears on a trusted site, there’s more reason for users should NOT proceed.
- Other decision making factors: Warnings themselves didn’t seem trustworthy (typos, visuals). Alternative safe suggestions either not there or don’t allow to do a task user wants to.
Opportunity to make MM security warnings looks and feel trusted and actionable (on what could user do to continue)
- Habituation plays a smaller role than expected: non-adherence is not as related to people being desensitized about too many security warning
We should use the PhisingController and block blacklisted websites like we do on the extension.
@bdresser @cjeria We will need to adapt the phising screen of the extension to mobile