The Perception of Safety: Security Seals and Trust

As Rook pointed out, security theatre is a big part of how consumer perception is exploited to ensure that customers believe that something is safe, without the vendor having to go through all that complicated hassle with actual security.

The TSA is a great example, but there are many others:

  • Extended Verification on SSL certificates are largely theatre, as the EV process does nothing to actually improve the cryptographic or algorithmic security of the transaction. If a 3rd party wants to get a certificate for the domain from a dodgy CA, they can do so without the EV and 99% of users wouldn’t notice.
  • The design of certain enterprise-level security appliances, from a physical and interactive perspective, are often tailored to invoke images of robustness. This usually involves building the unit out of sturdy black metal, with a few blinky blue lights on the front, and putting padlocks and other such imagery on the web panel.
  • Bag searches at large events like concerts are largely security theatre. It’s near impossible to get a few hundred people through a proper bag search process, so the staff take a quick look and let you through. More often than not, they’re just trying to stop you bringing a big bottle of vodka, so you have to pay at the bar. But part of it is to make you feel safer, despite the fact that anyone could easily conceal weapons, drugs, etc. without detection.
  • Anti-phishing techniques such as secret images are (usually) security theatre, in that it is often either trivial for a 3rd party to steal the secret image from the site without authentication, or that the image is displayed after the user has entered their full set of authentication credentials.

At the end of the day, it’s all about marketing. If a company can sell you the image of something being more secure than it is, they are more likely to get a sale because you have peace of mind.

Leave a Reply

Your email address will not be published. Required fields are marked *