User Attitudes Toward the Inspection of Encrypted Traffic

TL;DR

This survey of nearly 2,000 individuals explores public attitudes toward TLS inspection, revealing nuanced opinions on privacy, security, consent, and the potential for malicious use, highlighting the importance of transparency.

Contribution

This study provides empirical insights into user attitudes towards encrypted traffic inspection, emphasizing the need for consent and transparency in security practices.

Findings

Most participants support notification and consent for TLS inspection.

Concerns about identity theft and malicious use are prominent.

Some users are resigned to the loss of privacy and do not expect confidentiality.

Abstract

This paper reports the results of a survey of 1,976 individuals regarding their opinions on TLS inspection, a controversial technique that can be used for both benevolent and malicious purposes. Responses indicate that participants hold nuanced opinions on security and privacy trade-offs, with most recognizing legitimate uses for the practice, but also concerned about threats from hackers or government surveillance. There is strong support for notification and consent when a system is intercepting their encrypted traffic, although this support varies depending on the situation. A significant concern about malicious uses of TLS inspection is identity theft, and many would react negatively and some would change their behavior if they discovered inspection occurring without their knowledge. We also find that there are a small but significant number of participants who are jaded by the current state of affairs and have no expectation of privacy.