A World Full of Privacy and Security (Mis)conceptions? Findings of a Representative Survey in 12 Countries

Misconceptions about digital security and privacy topics in the general public frequently lead to insecure behavior. However, little is known about the prevalence and extent of such misconceptions in a global context. In this work, we present the results of the first large-scale survey of a global population on misconceptions: We conducted an online survey with n = 12, 351 participants in 12 countries on four continents. By investigating influencing factors of misconceptions around eight common security and privacy topics (including E2EE, Wi-Fi, VPN, and malware), we find the country of residence to be the strongest estimate for holding misconceptions. We also identify differences between non-Western and Western countries, demonstrating the need for region-specific research on user security knowledge, perceptions, and behavior. While we did not observe many outright misconceptions, we did identify a lack of understanding and uncertainty about several fundamental privacy and security topics

Bringing Crypto Knowledge to School: Examining and Improving Junior High School Students’ Security Assumptions About Encrypted Chat Apps

End-to-end encryption (E2EE) of everyday communication plays an essential role in protecting citizens from mass surveillance. The especially vulnerable group of children and young adolescents move quickly between chat apps and use them frequently and intensively. Yet they have had the least time to learn about online security compared to other age groups. In a two-part study conducted with four classes at a junior high school (N= 86 students, ages 12–16), we examined perceptions of security and privacy threats related to chat apps and understanding of E2EE using a questionnaire. A pre-post measure allowed us to examine how a short instruction video shown in class to explain the concept of E2EE and how it works in chat apps affected students’ security understanding and threat perceptions. Our results show that students are aware of a variety of online threats but they are not familiar with the term E2EE. After the instruction, students gained confidence in explaining the concept of encryption and their understanding of the security features of E2EE improved. Our results also show that explanation of threats and E2EE can shift the intention of some participants towards tools that offer more protection