Apathy and IM Security

A new study says that you care about neither security nor privacy when choosing a mobile instant messaging app.

The study consisted of an online survey of 1,510 participants, followed by interviews with 31 expert and non-expert participants. It found that peer influence is the primary factor that drives people to choose, and stick with their IM app, with WhatsApp, Hangouts, and Facebook Messenger ranked as the most used apps. Privacy and security only play a “minor role” in people’s decisions to adopt an IM. This goes for both experts and non-experts–“[I]nsecure behaviour exhibited by the participants…was roughly identical across both groups.”

My favorite part of the study, though, was the description of how experts view non-experts:

When asked what a non-expert knows about the sending process, 3 experts stated that they would know little to nothing and if they would think about it, they would most likely assume a direct connection between the two smartphones (8 mentions). Six of them even assumed that normal users would consider it “magic”. Furthermore, only one expert thought that normal users would think about whether the communication was encrypted or not. Interestingly, the experts highly underestimated the non-experts’ knowledge.

On the one hand, the experts think that we are a bunch of buffoons who use tiny magic pocket boxes to connect with our friends. On the other hand, they are just as awful about security and privacy choices as the rest of us.

My recommendations based on this study:

  1. Move to WhatsApp. A lot of your friends are already on it and WhatsApp recently activated end-to-end encryption by default. With that you will have a (relatively) secure setup, you can do what your friends do, and you don’t have to think about any of it.
  2. If you meet a security “expert”, punch him in the face shake your head in disappointment because he probably has already judged you as a Neanderthal.

Read the full study.

Or, just read Motherboard’s summary.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s