Eyes on URLs: Relating visual behavior to safety decisions

Niveta Ramkumar, Vijay Kothari, Caitlin Mills, Ross Koppel, Jim Blythe, Sean Smith, Andrew L. Kun

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Scopus citations


Individual and organizational computer security rests on how people interpret and use the security information they are presented. One challenge is determining whether a given URL is safe or not. This paper explores the visual behaviors that users employ to gauge URL safety. We conducted a user study on 20 participants wherein participants classified URLs as safe or unsafe while wearing an eye tracker that recorded eye gaze (where they look) and pupil dilation (a proxy for cognitive effort). Among other things, our findings suggest that: users have a cap on the amount of cognitive resources they are willing to expend on vetting a URL; they tend to believe that the presence of www in the domain name indicates that the URL is safe; and they do not carefully parse the URL beyond what they perceive as the domain name.

Original languageEnglish (US)
Title of host publicationProceedings ETRA 2020 Full Papers - ACM Symposium on Eye Tracking Research and Applications
EditorsStephen N. Spencer
PublisherAssociation for Computing Machinery
ISBN (Electronic)9781450371339
StatePublished - Feb 6 2020
Externally publishedYes
Event2020 ACM Symposium on Eye Tracking Research and Applications, ETRA 2020 - Stuttgart, Germany
Duration: Jun 2 2020Jun 5 2020

Publication series

NameEye Tracking Research and Applications Symposium (ETRA)


Conference2020 ACM Symposium on Eye Tracking Research and Applications, ETRA 2020

Bibliographical note

Funding Information:
The work of Ramkumar and Kun was supported in part by NSF grant OISE 1658594.

Publisher Copyright:
© 2020 ACM.


  • cognitive psychology
  • eye tracking
  • phishing
  • reading
  • usable security
  • user study


Dive into the research topics of 'Eyes on URLs: Relating visual behavior to safety decisions'. Together they form a unique fingerprint.

Cite this