[Autocrypt] Obstacles to the Adoption of Secure Communication Tools

[Vincent Breitmoser]

Here is a paper that might be relevant to the interests of this list's
readers ;)

http://www.jbonneau.com/doc/ASBDNS17-IEEESP-secure_messaging_obstacles.pdf

Couple of excerpts:

Our participants did not mention or describe plausible
deniability (or repudiation), forgeability, forward or backward
secrecy, recipient authenticity, or confidentiality of usernames.
When we started discussing anonymous communications, all
participants mentioned that anonymity is an unimportant security
property. From our participants’ perspective, anonymous
communications mean sender-anonymity [71] and/or thirdparty
anonymity [71] (expressed in their own words). P2,
P6, P32, P39, P45 and P50 also mentioned that only people
who engage in political discussions need sender anonymity.
P2 incorrectly stated that Telegram and Signal (formerly
known as TextSecure) offer sender-anonymity and third-party
anonymity. He stated (also incorrectly) that Skype, Snapchat
and Telegram’s Secret Chat mode provide deniability because
they do not offer “evidence preservation”; i.e., a sender can
delete a message they have already sent

[...]

57 participants (excluding P2, P4 and P5) provided various
incorrect explanations of digital signatures: (1) inserting a
USB stick into the PC to sign a document using a unique
code, (2) scanning a hand-written signature and then adding
the signature electronically to a document, or (3) signing a
digital document using a stylus pen. P29 described a digital
signature as a specific font type in Microsoft Word used to
type names. Only P2 and P5 correctly explained what digital
signatures are.

[...]

We also asked about verification fingerprints, and only P2
was able to explain them. All participants who use Telegram,
for example, believe that the fingerprint in the Secret Chat
mode is the encryption key shared between the sender and the
recipient to encrypt and decrypt messages in transit, or the
encrypted message itself.

 - V