Abstract by Matthew Holt

Personal Infomation

Presenter's Name

Matthew Holt

Degree Level



Torstein Collett
Daniel Zappala

Abstract Infomation


Computer Science

Faculty Advisor

Daniel Zappala


After HTTPS: Indicating Risk on Deceptive Websites


Browser security indicators show warnings when sites load without HTTPS, but more malicious sites are using HTTPS to appear legitimate in browsers and deceive users. We explore a new approach to browser indicators that overcomes several limitations of existing indicators. We first develop a high-level risk assessment framework to identify risky interactions and evaluate the utility of this approach through a survey. We next evaluate potential designs for a new risk indicator to communicate risk rather than security. Finally, we conduct a within-subjects user study to compare the risk indicator to existing security indicators by observing participant behavior and collecting feedback. Our results show that participants prefer risk indicators over current security indicators and suggest that risk indicators help make users more confident in judging their risk. In addition, users take somewhat fewer risks in the presence of risk indicators, making this a promising direction for research and implementation into web browsers.