{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,23]],"date-time":"2025-08-23T15:10:05Z","timestamp":1755961805683,"version":"3.44.0"},"reference-count":34,"publisher":"Association for Computing Machinery (ACM)","issue":"3","funder":[{"name":"Natural Sciences and Engineering Research Council of Canada (NSERC) Alexander Graham Bell Canada Graduate Scholarship"},{"DOI":"10.13039\/501100000038","name":"Natural Sciences and Engineering Research Council of Canada","doi-asserted-by":"crossref","award":["RGPIN-2022-04887"],"award-info":[{"award-number":["RGPIN-2022-04887"]}],"id":[{"id":"10.13039\/501100000038","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2025,8,31]]},"abstract":"<jats:p>Phishing sites exploit users\u2019 limited understanding of website identity to mimic legitimate sites. While X.509 certificates can provide crucial cues regarding a website\u2019s identity, current browsers fail to effectively communicate this information to users, even as phishing becomes an increasingly serious issue. To address this, we developed Site Inspector (SI), a UI tool that conveys website identity and connection encryption information, along with brief explanations of the relevant underlying security concepts. SI is implemented as a Mozilla Firefox browser extension, but the basic design could be integrated into any web browser.<\/jats:p>\n          <jats:p>SI organizes content in a three-tiered abstraction hierarchy, drawing on Ecological Interface Design. The top level presents an indicator of the website owner, if known, and also whether the connection is encrypted. The second and third levels offer progressively detailed explanations of the verification process. SI adheres to design principles aimed at educating users about security through the UI while overcoming associated challenges. Its text is concise and direct, respecting limitations in users\u2019 attentional resources and motivation to engage with security matters.<\/jats:p>\n          <jats:p>As a proof of concept for SI\u2019s principled design, we conducted a user study with 30 participants to evaluate its effectiveness in helping users differentiate real from fraudulent websites. Results suggested that SI improved users\u2019 ability to identify fraudulent sites. Future work will involve further testing with a larger user base, integrated SI directly into browsers, and ultimately a more widespread and improved validation process for certificates, with stronger verification and transparency.<\/jats:p>","DOI":"10.1145\/3726867","type":"journal-article","created":{"date-parts":[[2025,4,1]],"date-time":"2025-04-01T09:55:36Z","timestamp":1743501336000},"page":"1-31","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Site Inspector: Improving Browser Communication of Website Security Information"],"prefix":"10.1145","volume":"28","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9130-2148","authenticated-orcid":false,"given":"Eric","family":"Spero","sequence":"first","affiliation":[{"name":"School of Computer Science, Carleton University","place":["Ottawa, Canada"]},{"name":"School of Computer Science, The University of Auckland","place":["Ottawa, Canada"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5971-2705","authenticated-orcid":false,"given":"Robert","family":"Biddle","sequence":"additional","affiliation":[{"name":"School of Computer Science, Carleton University","place":["Ottawa, Canada"]}]}],"member":"320","published-online":{"date-parts":[[2025,8,23]]},"reference":[{"key":"e_1_3_3_2_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.65"},{"key":"e_1_3_3_3_2","unstructured":"Anti-Phishing Working Group. 2023. APWG Phishing Activity Trends Report. (112023). Retrieved August 18 2024 from https:\/\/docs.apwg.org\/reports\/apwg_trends_report_q4_2023.pdf"},{"key":"e_1_3_3_4_2","doi-asserted-by":"crossref","first-page":"367","DOI":"10.1007\/978-3-540-77366-5_34","volume-title":"Proceedings of the Financial Cryptography and Data Security (FC\u201907)","author":"Asgharpour Farzaneh","year":"2007","unstructured":"Farzaneh Asgharpour, Debin Liu, and L. Jean Camp. 2007. Mental models of security risks. In Proceedings of the Financial Cryptography and Data Security (FC\u201907), Sven Dietrich and Rachna Dhamija (Eds.). Springer, Berlin, Germany, 367\u2013377."},{"key":"e_1_3_3_5_2","doi-asserted-by":"publisher","DOI":"10.1017\/S0140525X99002149"},{"key":"e_1_3_3_6_2","doi-asserted-by":"publisher","DOI":"10.1145\/3373017.3373020"},{"key":"e_1_3_3_7_2","doi-asserted-by":"crossref","unstructured":"Robert Biddle P. C. van Oorschot Andrew S. Patrick Jennifer Sobey and Tara Whalen. 2009. Browser interfaces and extended validation SSL certificates: An empirical study.","DOI":"10.1145\/1655008.1655012"},{"key":"e_1_3_3_8_2","unstructured":"Bramus. 2018. Extended Validation Is Broken. (22018). Retrieved August 20 2024 from https:\/\/www.bram.us\/2018\/02\/05\/extended-validation-is-broken\/"},{"key":"e_1_3_3_9_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2010.198"},{"key":"e_1_3_3_10_2","unstructured":"CA\/Browser Forum. 2019. Guidelines For The Issuance And Management Of Extended Validation Certificates. (2019). Retrieved March 9 2023 from https:\/\/cabforum.org\/wp-content\/uploads\/CA-Browser-Forum-EV-Guidelines-v1.7.0.pdf"},{"key":"e_1_3_3_11_2","doi-asserted-by":"publisher","DOI":"10.1109\/MTS.2009.934142"},{"key":"e_1_3_3_12_2","doi-asserted-by":"publisher","DOI":"10.17487\/rfc5280"},{"key":"e_1_3_3_13_2","volume-title":"The Nature of Explanation","author":"Craik Kenneth","year":"1943","unstructured":"Kenneth Craik. 1943. The Nature of Explanation. Cambridge University Press, Cambridge, United Kingdom."},{"key":"e_1_3_3_14_2","unstructured":"GNU Wget2. 2023. Wget2 (Version 2.0.1) [Computer software]. GitLab. https:\/\/gitlab.com\/gnuwget\/wget2"},{"key":"e_1_3_3_15_2","unstructured":"Bruce Heiding Fredrik Schneier and Arun Vishwanath. 2024. AI Will Increase the Quantity\u2014and Quality\u2014of Phishing Scams. (52024). Retrieved August 18 2024 from https:\/\/hbr.org\/2024\/05\/ai-will-increase-the-quantity-and-quality-of-phishing-scams"},{"key":"e_1_3_3_16_2","volume-title":"Mental Models: Towards a Cognitive Science of Language, Inference, and Consciousness","author":"Johnson-Laird Philip N.","year":"1983","unstructured":"Philip N. Johnson-Laird. 1983. Mental Models: Towards a Cognitive Science of Language, Inference, and Consciousness. Harvard University Press, Cambridge, MA, USA."},{"key":"e_1_3_3_17_2","doi-asserted-by":"crossref","first-page":"1993","DOI":"10.1145\/1518701.1519004","volume-title":"Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI\u201909)","author":"Klasnja Predrag","year":"2009","unstructured":"Predrag Klasnja, Sunny Consolvo, Jaeyeon Jung, Benjamin M. Greenstein, Louis LeGrand, Pauline Powledge, and David Wetherall. 2009. When I am on Wi-Fi, I am fearless: Privacy concerns & practices in everyday Wi-Fi use. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI\u201909). ACM, New York, NY, USA, 1993\u20132002."},{"key":"e_1_3_3_18_2","unstructured":"LimeSurvey. LimeSurvey Homepage. (n.d.). Retrieved February 4 2023 from https:\/\/www.limesurvey.org\/"},{"key":"e_1_3_3_19_2","volume-title":"The Human Problems of an Industrial Civilization","author":"Mayo Elton","year":"1933","unstructured":"Elton Mayo. 1933. The Human Problems of an Industrial Civilization. The MacMillan Company."},{"key":"e_1_3_3_20_2","unstructured":"Mozilla Corportation. webRequest.getSecurityInfo(). (n.d.). Retrieved January 9 2023 from https:\/\/developer.mozilla.org\/en-US\/docs\/Mozilla\/Add-ons\/WebExtensions\/API\/webRequest\/getSecurityInfo"},{"key":"e_1_3_3_21_2","volume-title":"The Design of Everyday Things: Revised and Expanded Edition","author":"Norman Don","year":"2013","unstructured":"Don Norman. 2013. The Design of Everyday Things: Revised and Expanded Edition. Basic Books, Inc., Hachette, NY, USA."},{"key":"e_1_3_3_22_2","doi-asserted-by":"crossref","first-page":"266","DOI":"10.1201\/b15703","volume-title":"Proceedings of the User Centered System Design: New Perspectives on Human-computer Interaction","author":"Norman Donald A.","year":"1986","unstructured":"Donald A. Norman. 1986. Cognitive engineering. In Proceedings of the User Centered System Design: New Perspectives on Human-computer Interaction, Donald A. Norman and Stephen W. Draper (Eds.). CRC Press, Boca Raton, FL, USA, 266\u2013290."},{"key":"e_1_3_3_23_2","first-page":"15","volume-title":"Proceedings of the Mental Models","author":"Norman Donald A.","year":"2014","unstructured":"Donald A. Norman. 2014. Some observations on mental models. In Proceedings of the Mental Models. Psychology Press, 15\u201322."},{"key":"e_1_3_3_24_2","doi-asserted-by":"crossref","first-page":"234","DOI":"10.1109\/TSMC.1985.6313353","article-title":"The role of hierarchical knowledge representation in decisionmaking and system management","author":"Rasmussen Jens","year":"1985","unstructured":"Jens Rasmussen. 1985. The role of hierarchical knowledge representation in decisionmaking and system management. IEEE Transactions on Systems, Man, and Cybernetics 15, 2 (1985), 234\u2013243.","journal-title":"IEEE Transactions on Systems, Man, and Cybernetics"},{"key":"e_1_3_3_25_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.35"},{"key":"e_1_3_3_26_2","doi-asserted-by":"crossref","unstructured":"Eric Spero and Robert Biddle. 2020. Out of sight out of mind: UI design and the inhibition of mental models of security.","DOI":"10.1145\/3442167.3442174"},{"key":"e_1_3_3_27_2","doi-asserted-by":"publisher","DOI":"10.1145\/3010915.3010926"},{"key":"e_1_3_3_28_2","doi-asserted-by":"crossref","first-page":"242","DOI":"10.1007\/978-3-319-78978-1_20","volume-title":"Proceedings of the International Conference on Persuasive Technology","author":"Stojmenovi\u0107 Milica","year":"2018","unstructured":"Milica Stojmenovi\u0107, Temitayo Oyelowo, Alisa Tkaczyk, and Robert Biddle. 2018. Building website certificate mental models. In Proceedings of the International Conference on Persuasive Technology. Springer, 242\u2013254."},{"key":"e_1_3_3_29_2","doi-asserted-by":"publisher","DOI":"10.1109\/PST47121.2019.8949048"},{"key":"e_1_3_3_30_2","doi-asserted-by":"publisher","DOI":"10.1145\/3533047"},{"key":"e_1_3_3_31_2","first-page":"1715","volume-title":"Proceedings of the 28th USENIX Security Symposium (USENIX Security\u201919)","author":"Thompson Christopher","year":"2019","unstructured":"Christopher Thompson, Martin Shelton, Emily Stark, Maximilian Walker, Emily Schechter, and Adrienne Porter Felt. 2019. The web\u2019s identity crisis: Understanding the effectiveness of website identity indicators. In Proceedings of the 28th USENIX Security Symposium (USENIX Security\u201919). USENIX Association, Berkeley, CA, USA, 1715\u20131732."},{"issue":"2","key":"e_1_3_3_32_2","doi-asserted-by":"crossref","first-page":"127","DOI":"10.1016\/j.nlm.2008.07.011","article-title":"Habituation: A history","volume":"92","author":"Thompson Richard F.","year":"2009","unstructured":"Richard F. Thompson. 2009. Habituation: A history. Neurobiology of Learning and Memory 92, 2 (2009), 127\u2013134.","journal-title":"Neurobiology of Learning and Memory"},{"key":"e_1_3_3_33_2","doi-asserted-by":"publisher","DOI":"10.1109\/21.156574"},{"key":"e_1_3_3_34_2","doi-asserted-by":"publisher","DOI":"10.1145\/1837110.1837125"},{"key":"e_1_3_3_35_2","doi-asserted-by":"crossref","unstructured":"Min Wu Robert C. Miller and Simson L. Garfinkel. 2006. Do security toolbars actually prevent phishing attacks?","DOI":"10.1145\/1124772.1124863"}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3726867","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,23]],"date-time":"2025-08-23T14:47:43Z","timestamp":1755960463000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3726867"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,23]]},"references-count":34,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2025,8,31]]}},"alternative-id":["10.1145\/3726867"],"URL":"https:\/\/doi.org\/10.1145\/3726867","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"type":"print","value":"2471-2566"},{"type":"electronic","value":"2471-2574"}],"subject":[],"published":{"date-parts":[[2025,8,23]]},"assertion":[{"value":"2024-09-02","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-03-23","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-08-23","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}