Contents
WSC Usability Studies
Meetings
Mtg
Date
Who
Phone call
July 10 2PMEST
Serge, Maritza, Rachna
F2F Working meeting at SOUPS
7/18-20 TBD
Rachna, Serge, Maritza
Phone|call
July 26 2PM EST
Serge, Maritza, Rachna
F2F
APWG meeting Oct 1
Serge and Rachna
Test-Design Timeline
Task
Due Date
Lead
Outline milestones w/ Serge & Maritza
July 11
Rachna
Usability analysis of proposed recommendations
July 18
Maritza
Define research questions and add missing recommendations
July 25
zz
Prototyping Timeline
Task
Due Date
Lead
lo-fi reproduction of SSL warnings, currently existing in each browser (or new proposed warnings)
Oct 7
Serge
lo-fi prototype of PII (HTML prototype that demonstrates user interaction)
DATE
Tyler
Testing Timeline
Task
Due Date
Lead
Nov 1
Serge
Analysis of Proposed Recommendations
First Cut at Usability Evaluation
Research Questions
Can users distinguish chrome from content? Previous studies have shown that the answer is no. We may do a study where this is one test condition. A study on this would not result in new research (unless there is a new design that would allow users to make the distinction- thus far, no proposed recommendations attempt this, though personalized chrome proposals touch on this issue).
Can users effectively use different "modes"? There is some previous research to show that most users will probably forget to enable it, and it will probably be spoofed. Two proposals that address this are Safe Browsing Mode and Browser Lock Down.
Do users notice the presence and absence of EV cert indicators? This may be similar to noticing distinguishing chrome/content. Many proposals depend on users noticing EV indicators so it would be nice to conduct a study to examine these directly. In Serge's study, zero out of twenty users have failed to notice the absence of an EV cert indicator when entering information into a phishing site.
Do users understand the difference between a legitimate site with no EV indicator and a phishing site with no EV indicator? Collin Jackson's EV study touched on this question.
Something about negative indicators.
Study Design
Resource Tracking
* Participants * Testing Environments (Testing labs, instrumented clients) * Test Facilitators * Infrastructure/Test Bed Implementers * Existing studies we can piggyback on * Existing IRB applications * Financial Resources * Data Analysis