If this headline was a security warning, 90% of you would ignore it
Boffins find interrupting users with pop-ups in the middle of things just doesn't work
Developers, advertisers, and scammers be warned; boffins say your pop ups will be almost universally ignored if they interrupt users.
The work examined how users respond to web-based messages during times of varying concentration and found users who are engaged deeply in some task will ignore pop ups.
The university quintet finds messages, notably those flagging legitimate information such as security warnings, should be displayed as soon as users land on a site, have finished watching a video, or are switching domains. At any other times, they'll be ignored.
The reason is that we're collectively rubbish at multitasking, leading the team to say 90 percent of people clicking ignore, dismiss, or cancel when legitimate but distracting messages appear.
Users are notorious for dismissing security warnings and patch requests pushing the technology industry to make updates automatic and silent.
But the paper More Harm Than Good? How Messages That Interrupt Can Make Us Vulnerable [PDF] shows messages can be effective when user activity is monitored, either by understanding when user interaction with a site or service is low, or by tracking user mouse movements.
'Cancel!' Subjects are sent into the fMRI.
"We show that neural activation is substantially reduced under a condition of high DTI (multitasking), and the degree of reduction in turn significantly predicts security message disregard," the paper says.
"Interestingly, we show that when a message immediately follows a primary task, neural activity in the medial temporal lobe is comparable to when attending to the message is the only task.
"We demonstrate a practical way to mitigate the DTI effect by presenting the warning at low-DTI times, and show how mouse cursor tracking and psychometric measures can be used to validate low-DTI times in other contexts."
The boffins reached their conclusions after observing people in a functional magnetic resonance imaging (fMRI) machine (yeah, yeah, fMRI, we know). Data from the tests revealed that there is significantly more activation in the medial temporal lobe region of the brain when messages were shown during low periods of engagement suggesting they processed the pop ups more completely.
The team of Brigham Young University's Jeffrey L. Jenkins; Bonnie Brinton Anderson; Anthony Vance, and C. Brock Kirwan, along with the University of Pittsburgh's David Eargle, suggest messages like software updates, backup requests, and malware scan notifications can be optimised in the suggested manner unlike, for example, SSL warnings which should take place immediately for security's sake.
It could, this writer imagines, help scammers better hook users too. Phishing pop ups that lead users to various drive-by exploit pages could be shown during low interaction times rather than blasting users when their attention is captured elsewhere.
The research means little for the estimated 2.5 per cent of people who are considered supertaskers for their total dominance of multitasking.
These people, many of whom seem unaware of their freakish skills, are able to process multi tasks with high levels of proficiency.
University of Utah academics Nathan Medeiros-Ward, Jason M. Watson, and David L. Strayer explain in their 2014 paper On Supertaskers and the Neural Basis of Efficient Multitasking that supertaskers are characterised by "more efficient recruitment of anterior cingulate and posterior frontopolar prefrontal cortices." ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero trust