Slashdot Mirror


The Problem With Using End-to-End Web Crypto as a Cure-All

fsterman writes: Since the Snowden revelations, end-to-end web encryption has become trendy. There are browser add-ons that bolt a PGP client onto webmail and both Yahoo and Google are planning to support PGP directly. They attempt to prevent UI spoofing with icons similar to the site-authentication banks use to combat phishing.

The problem is that a decade of research shows that users habituate to these icons and come to ignore them. An attacker can pull off UI spoofing with a 90%+ success rate.

1 of 89 comments (clear)

  1. Don't make it "just an icon" by Aristos+Mazer · · Score: 3, Interesting

    Sounds like a user interface problem. Users won't get accustomed to it if unsecure sites are mauve text on navy blue background. Or something equally egregious and harder to use.