Co-ordinating Developers and High-Risk Users of Privacy-Enhanced Secure Messaging Protocols

  • Harry HalpinEmail author
  • Ksenia Ermoshina
  • Francesca Musiani
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11322)


Due to the increased deployment of secure messaging protocols, differences between what developers “believe” are the needs of their users and their actual needs can have real consequences. Based on 90 interviews with both high and low-risk users, as well as the developers of popular secure messaging applications, we mapped the design choices of the protocols made by developers to the relevance of these features to threat models of both high-risk and low-risk users. Client device seizures are considered more dangerous than compromised servers by high-risk users. Key verification was important to high-risk users, but they often did not engage in cryptographic key verification, instead using other“out of band” means for key verification. High-risk users, unlike low-risk users, needed pseudonyms and were heavily concerned over metadata collection. Developers tended to value open standards, open-source, and decentralization, but high-risk users found these aspects less urgent given their more pressing concerns.


  1. 1.
    Abu-Salma, R., Sasse, M.A., Bonneau, J., Danilova, A., Naiakshina, A., Smith, M.: Obstacles to the adoption of secure communication tools. In: 2017 IEEE Symposium on Security and Privacy (SP) (SP 2017). IEEE Computer Society (2017)Google Scholar
  2. 2.
    Ermoshina, K., Halpin, H., Musiani, F.: Can Johnny build a protocol? Co-ordinating developer and user intentions for privacy-enhanced secure messaging protocols. In: European Workshop on Usable Security (2017)Google Scholar
  3. 3.
    Green, M., Smith, M.: Developers are not the enemy!: the need for usable Security APIs. IEEE Secur. Priv. 14(5), 40–46 (2016)CrossRefGoogle Scholar
  4. 4.
    Kobeissi, N., Bhargavan, K., Blanchet, B.: Automated verification for secure messaging protocols and their implementations: a symbolic and computational approach. In: IEEE European Symposium on Security and Privacy (EuroS&P) (2017)Google Scholar
  5. 5.
    Oudshoorn, N., Pinch, T.: How Users Matter: The Co-construction of Users and Technology. MIT Press, Cambridge (2005)Google Scholar
  6. 6.
    Schröder, S., Huber, M., Wind, D., Rottermanner, C.: When signal hits the fan: on the usability and security of state-of-the-art secure mobile messaging. In: European Workshop on Usable Security. IEEE (2016)Google Scholar
  7. 7.
    Troncoso, C., Isaakidis, M., Danezis, G., Halpin, H.: Systematizing decentralization and privacy: lessons from 15 years of research and deployments. Proc. Priv. Enhancing Technol. 2017(4), 404–426 (2017)CrossRefGoogle Scholar
  8. 8.
    Unger, N., et al.: SoK: secure messaging. In: IEEE Symposium on Security and Privacy (SP), pp. 232–249. IEEE (2015)Google Scholar
  9. 9.
    Zurko, M.E., Simon, R.: User-centered security. In: Proceedings of the Workshop on New Security Paradigms, pp. 27–33. ACM (1996)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Harry Halpin
    • 1
    Email author
  • Ksenia Ermoshina
    • 2
  • Francesca Musiani
    • 2
  1. 1.InriaParisFrance
  2. 2.Institute for Communication Sciences, CNRSParisFrance

Personalised recommendations