An Experience Sampling Study of User Reactions to Browser Warnings in the Field

TLDR

Browser warnings aim to protect users from malware, phishing, and network attacks, yet adherence remains suboptimal and comprehension gaps persist, highlighting the need to improve both understanding and compliance. The study aimed to investigate how users decide to heed or ignore browser warnings by surveying over 6,000 Chrome and Firefox users in situ. The authors conducted an experience‑sampling survey of more than 6,000 Chrome and Firefox users in situ to capture reasons for following or ignoring real browser warnings. The study revealed a multitude of context‑dependent reasons for compliance, found no single dominant flaw such as habituation, and concluded that improving warnings will require addressing many smaller contextual misunderstandings.

Abstract

Web browser warnings should help protect people from malware, phishing, and network attacks. Adhering to warnings keeps people safer online. Recent improvements in warning design have raised adherence rates, but they could still be higher. And prior work suggests many people still do not understand them. Thus, two challenges remain: increasing both comprehension and adherence rates. To dig deeper into user decision making and comprehension of warnings, we performed an experience sampling study of web browser security warnings, which involved surveying over 6,000 Chrome and Firefox users in situ to gather reasons for adhering or not to real warnings. We find these reasons are many and vary with context. Contrary to older prior work, we do not find a single dominant failure in modern warning design---like habituation---that prevents effective decisions. We conclude that further improvements to warnings will require solving a range of smaller contextual misunderstandings.

References

Page 1

	Year	Citations

Page 1