A user study of off-the-record messaging

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

A user study of off-the-record messaging

Full text

Pdf (914 KB)

Source

ACM International Conference Proceeding Series; Vol. 337 archive
Proceedings of the 4th symposium on Usable privacy and security table of contents

Pittsburgh, Pennsylvania

SESSION: Usable privacy and security in practice table of contents

Pages 95-104

Year of Publication: 2008

ISBN:978-1-60558-276-4

Authors

Ryan Stedman	University of Waterloo, Waterloo, Ontario, Canada
Kayo Yoshida	University of Waterloo, Waterloo, Ontario, Canada
Ian Goldberg	University of Waterloo, Waterloo, Ontario, Canada

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 12, Downloads (12 Months): 92, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1408664.1408678 What is a DOI?

ABSTRACT

Instant messaging is a prevalent form of communication across the Internet, yet most instant messaging services provide little security against eavesdroppers or impersonators. There are a variety of existing systems that aim to solve this problem, but the one that provides the highest level of privacy is Off-the-Record Messaging (OTR), which aims to give instant messaging conversations the level of privacy available in a face-to-face conversation. In the most recent redesign of OTR, as well as increasing the security of the protocol, one of the goals of the designers was to make OTR easier to use, without users needing to understand details of computer security such as keys or fingerprints.

To determine if this design goal has been met, we conducted a user study of the OTR plugin for the Pidgin instant messaging client using the think aloud method. As a result of this study we have identified a variety of usability flaws remaining in the design of OTR. These flaws that we have discovered have the ability to cause confusion, make the program unusable, and even decrease the level of security to users of OTR. We discuss how these errors can be repaired, as well as identify an area that requires further research to improve its usability.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Chris Alexander , Ian Goldberg, Improved user authentication in off-the-record messaging, Proceedings of the 2007 ACM workshop on Privacy in electronic society, October 29-29, 2007, Alexandria, Virginia, USA [doi>10.1145/1314333.1314340]
	2	Apple, Inc. Apple - Mac OS X Leopard - Features - iChat. http://www.apple.com/macosx/features/ichat.html. Accessed February 2008.
	3	Nikita Borisov , Ian Goldberg , Eric Brewer, Off-the-record communication, or, why not to use PGP, Proceedings of the 2004 ACM workshop on Privacy in the electronic society, October 28-28, 2004, Washington DC, USA [doi>10.1145/1029179.1029200]
	4	W. Diffie and M. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, 22(6):644--654, 1976.
	5	S. Egan and others. Pidgin. http://www.pidgin.im/. Accessed February 2008.
	6	William W. Gaver, Technology affordances, Proceedings of the SIGCHI conference on Human factors in computing systems: Reaching through technology, p.79-84, April 27-May 02, 1991, New Orleans, Louisiana, United States [doi>10.1145/108844.108856]
	7	O. Goffart. mod_otr --- Man in the Middle module for Off-The-Record. http://ejabberd.jabber.ru/mod_otr. Accessed February 2008.
	8	I. Goldberg. Privacy Enhancing Technologies for the Internet III: Ten Years Later. In A. Acquisti, S. Gritzalis, C. Lambrinoudakis, and S. D. C. di Vimercati, editors, Digital Privacy: Theory, Technologies, and Practices, chapter 1. Auerbach, 2007.
	9	I. Goldberg, C. Alexander, and N. Borisov. Off-the-Record Messaging: Authentication. OTR Help Page. http://www.cypherpunks.ca/otr/help/authenticate.php?lang=en. Accessed February 2008.
	10	I. Goldberg, C. Alexander, and N. Borisov. Off-the-Record Messaging: Fingerprints. OTR Help Page. http://www.cypherpunks.ca/otr/help/fingerprints.php?lang=en. Accessed February 2008.
	11	I. Goldberg, C. Alexander, and N. Borisov. Off-the-Record Messaging: Privacy Levels. OTR Help Page. http://www.cypherpunks.ca/otr/help/unverified.php?lang=en. Accessed February 2008.
	12	Interac, Inc. Interac Email Money Transfer. http://www.interac.ca/consumers/productsandservices_ol_emt.php. Accessed February 2008.
	13	H. Krawczyk. SIGMA: The 'SIGn-and-MAc' Approach to Authenticated Diffie-Hellman and Its Use in the IKE Protocols. In Advances in Cryptology---CRYPTO 2003, Santa Barbara, California, USA, August 2003.
	14	R. Kuhlmann. CLI-based Multi-Messenger. http://www.climm.org/. Accessed February 2008.
	15	K. Kurtz and S. Werndorfer. Trillian. http://www.ceruleanstudios.com/. Accessed February 2008.
	16	C. Lewis and J. Rieman. Task-centered User Interface Design: A Practical Introduction. University of Colorado, Boulder, Dept. of Computer Science, 1993.
	17	D. M.-V. Prett and others. Kopete Instant Messenger. http://kopete.kde.org/. Accessed February 2008.
	18	P. Riikonen and others. Secure Internet Live Conferencing. http://silcnet.org/. Accessed May 2008.
	19	E. Schoenberg and others. Adium. http://www.adiumx.com/. Accessed February 2008.
	20	B. Tompkins. Pidgin-Encryption. http://pidgin-encrypt.sourceforge.net/. Accessed February 2008.