Confused by warnings? So are we.
Google would like to see the whole world using strong encrypted connections all the time, whether they are needed or not, but its own security researchers say the "improved" security warnings in the latest version of Chrome were not the success they hoped.
One of my bug-bears with browsers is the number of spurious warnings they issue about secure certificates, and the dark as doom picture they paint. For instance, visit a webpage which uses https and if just one graphic on that page such as a Twitter icon happens to be delivered in plain old http, chances are your browser will throw up a terrifying looking and totally misleading warning message which screams the page is not 100% secure, and that if you continue to use it, hackers may be able to intercept your communications and it may allow criminals to break into your computer, steal your identity and credit card details, and may corrupt your hamster by exposing it to rodent porn.
Okay, I made the last bit up, but the point is that the odd unencrypted graphic isn't a wide-open backdoor into your computer and giving you a totally scary and indiscriminate warning about it does nothing at all to help you make any sort of informed decision about whether or not you can safely use the site. I've long felt that these warnings are not intended to protect us, but simply to let the browser makers try to outdo each other by claiming they must care more about your safety than the next company because look at how many things they warn you about.
To its credit, Google researchers have realised browser warning messages are not being understood by users and tried to simplify the warning messages in Chrome, and to limit it so that warnings are only displayed when a real threat existed. In a paper presented to the prestigious ACM Conference, the researchers explained that this has only been a partial success. Whilst the stripped down dialogues have had some improvement, they still found in laboratory tests that only about 50% of Chrome users correctly took heed of the warnings, although that was an improvement over just 30% who understood the phrases used in an earlier version of Chrome. Another way of looking at this though is that even 50% is no safer than ignoring the message entirely and just flipping a coin to decide what to do next.
This inability of people to understand and interpret computer error messages shouldn't be a surprise. Each programmer thinks their warning message is the most important. Give people too many warning messages and all you do is teach them to click the Yes button, and we've known this for years.
Those of you who remember the original PCs and DOS will know that any time you tried to delete any file, it would ask "Are you sure? Y/N" to which we all, without fail, would answer Yes, as an automatic reflex action without even thinking about it,... and then three seconds later our brains would catch up with our fingers and we'd think "oops", or worse. Everyone who ever used DOS thirty years ago knew that particular confirmation dialogue was a really poor bit of user interface design, easier for the programmer than trying to understand how people think and act.
In 2015, the wording on error messages may be more elaborate and use prettier colours and icons and a lot more big words, but still they often boil down to "Are you sure?" It feels like we haven't progressed that much, have we?
25th February 2015
This article comes from the SKILLZONE email newsletter, published monthly since January 2008, and covering topics related to technology and the internet. All articles and artwork in the SKILLZONE newsletter are orignal content.