MRIs Show Our Brains Shutting Down When We See Security Prompts

antdude writes with this excerpt from Ars Technica: Magnetic Resonance Imaging (MRIs) show our brains shutting down when we see security prompts. The MRI images show a "precipitous drop" in visual processing after even one repeated exposure to a standard security warning and a "large overall drop" after 13 of them. Previously, such warning fatigue has been observed only indirectly, such as one study finding that only 14 percent of participants recognized content changes to confirmation dialog boxes or another that recorded users clicking through one-half of all SSL warnings in less than two seconds.

What kind of person did they study?

[ArcadeMan]

Did they test with dumb regular users who don't understand or don't know better, or did they test people who actually know what those security warnings mean and the real consequences of ignoring them?

Re:What kind of person did they study?

[khasim]

What is the purpose of security alerts if not to warn people who don't know any better?

To shift the blame to the end-user when something goes wrong.

Which is why the alerts are so useless. They, essentially, become a "click here to continue" button.

Re:What kind of person did they study?

[dcollins117]

Did they test with dumb regular users who don't understand or don't know better, or did they test people who actually know what those security warnings mean and the real consequences of ignoring them?

Hold on, TFA says they note a decrease in visual processing. Perhaps the decrease in visual processing is because the user is using another part of their brain to process the new information, and to appropriately decide what the best response is.

They also note an "overall" decrease after repeated exposures to the same message, but that's what we do; we learn from experience. That's a feature, not a bug.

Re:What kind of person did they study?

[suutar]

Android apps request everything anyway. What I want is a way to say "yeah, I know you want this, but you ain't getting it. Install anyway, and the OS will just pretend that function returns nothing."

Of course

[heldal]

I want titties, but these stupid alerts keep popping up

Re:Drives IT people nuts

[war4peace]

This behavior doesn't have IT roots. It has "the boy who cried wolf" roots.
We're surrounded by warnings, all the time. Warning! Wet floor. Warning! 0.5 inches of snow tomorrow. Warning! This beverage might be hot. Warning! This battery might explode if you put it in a microwave.

No wonder people have their responses to warnings (of all kinds) dulled to non-existence.

Reflex

[Tablizer]

Married men learn to ignore nagging.

Re:Information content

[Pentium100]

Also, the warnings all are very similar even though the problems they warn about are different. Let's take a look at SSL warnings. When a browser puts up the huge warning that there is a problem with SSL, it could mean one of a few things:
1) The certificate is self-signed. A big problem except for internal sites.
2) The certificate expired 10 minutes ago or you computer's clock is wrong (not that big a problem).
3) The certificate is for a different domain. This could be a problem or not, depending on the domain (could be the certificate is issued for www.example.com and I am going to example.com or 127.0.0.1).
4) The mobile browser does not understand wildcard certificates.

The problem is that the warnings all look the same and to find out which problem it is, you have to click on the "Technical details" button.