Why We Adopt and Then Ditch Online Security Tips

Alexander Supertramp/Shutterstock.com

“It can be challenging to follow through with a particular piece of advice, and sometimes experts conflict with each other in providing advice,” a researcher said.

New research digs into why many people who try to follow expert advice on cybersecurity and privacy end up only doing so halfway or giving up altogether.

To find out why people adopt and then sometimes abandon online safety measures, researchers surveyed more than 900 people about their use of 30 commonly recommended practices to guard against security, privacy, and identity theft risks.

The researchers also make suggestions for how to create more user-friendly and sustainable protections.

“Most prior studies only focused on whether or not people adopt expert advice, but we also are interested in seeing once they follow the advice what makes them abandon it,” says lead author Yixin Zou, a doctoral candidate at the School of Information at the University of Michigan.

The team found that adopted more security practices like avoiding clicking on unknown links or emails than privacy or ID theft practices (such as using ad blocker or placing a credit freeze on one’s credit reports, respectively). The potential reason behind this might be that the damage from security risks is much more tangible, the researchers say. When it comes to privacy and the information companies collect about people, the harms are more difficult to visualize, they say.

“The argument we want to make is that all of those practices are actually interconnected; for experts, their job is to make wise recommendations about optimization and prioritization so that people don’t end up having to adopt 300 different practices,” Zou says.

The problem is just that, says senior author Florian Schaub, assistant professor in the School of Information: There is no shortage of advice for people who are interested in protecting their privacy, security, and identity.

“It can be challenging to follow through with a particular piece of advice, and sometimes experts conflict with each other in providing advice,” says Schaub,.

What the researchers found:

  • Of 10 practices with the highest adoption rates, seven were security related.
  • Practices with high partial adoption rates were evenly split between security and privacy.
  • Top privacy risk management practices included cleaning cookies, going incognito on the web, and avoiding websites that asked for real names.
  • More than 50% of respondents did not follow recommendations for unique or strong passwords.
  • Abandonment was less common than full or partial adoption, with a rate below 20% for all surveyed practices.
  • The most abandoned practices included using anonymity systems such as virtual private networks (VPNs), using automated updates for software, and using antivirus software.
  • Most participants had not adopted and were not much interested in using an identity monitoring service and placing a fraud alert on credit reports.
  • Top reasons for partial adoption: the practice was inconvenient or unusable (10%); users relied on their own judgment, e.g., “I know better than to open a suspicious email” (9%); and users only adopted when something bad happened, like a fraudulent charge on an account (8%).
  • Reasons for abandonment: the practice was not needed anymore (20%); the risk no longer existed (14%); the practice interfered with usability (12%); trust in own judgment (6%); users adopted another service that served a similar purpose, e.g., a tool that clears third-party cookies so the user does not have to do it manually (6%).
  • Although 67% of respondents reported being a victim of a previous data breach, the respondents overall rarely adopted identity theft protection practices, such as credit freezes and fraud alerts. Even so, those who were victims adopted more protection practices overall.

About the respondents:

  • Men had higher adoption rates than women.
  • Middle-aged respondents adopted more security measures than younger people, but the opposite trend was found for privacy measures.
  • Lower-income participants had higher levels of practice adoption overall.
  • More education led to higher adoption.

“Obviously if someone is abandoning a practice then that practice can no longer be effective and protect them,” Schaub says.

“So, what we need to do as researchers, designers, and practitioners is to not only better explain to people why it’s important to keep doing something they had been doing at some point, but also figure out how to make security and privacy tools and solutions easier to use so that people are not struggling.”

The study will appear in the Proceedings of the 2020 ACM CHI Conference on Human Factors in Computing Systems, which has been canceled due to COVID-19 but will publish conference research.

Additional researchers from the University of Michigan School of Information and NortonLifeLock’s Research Group contributed to the work.

This article was originally published in Futurity. It has been republished under the Attribution 4.0 International license.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.