Adrienne Porter Felt
January 23, 2015 at 12:00 PM in 380 Soda Hall
Browsers warn users when the privacy of an SSL/TLS connection might be at risk. An ideal SSL warning would empower users to make informed decisions and, failing that, guide confused users to safety. Unfortunately, users struggle to understand and often disregard SSL warnings. Even if users understand the situation, they likely mistrust the warning (rightfully so) because of the high rate of SSL warning false positives. I will first talk about how we redesigned the Chrome SSL warning, with the goal of improving comprehension and adherence. I will then talk about our ongoing mission to identify, diagnose, and remove as many "false positive" SSL warnings as possible.