First steps toward measuring the readability of security advice

Security advice is one key way that consumers learn security behaviors. However, prior work has shown that this advice may not always be helpful and may be less accessible to those with lower internet skill or less education. As a first step toward improving the quality of security advice, we analyzed the readability of 1878 internet security advice documents drawn from crowdsourced search queries and expert recommendations. We measured readability via the commonly used Flesch Reading Ease Score. Our results provide the first characterization, to our knowledge, of the readability of a large corpus of security advice. We find that less than 25% of security advice meets or exceeds the “Standard” (e.g., Reader’s Digest) reading level. Preliminary results suggest that security advice is more readable than corporate privacy policies, nearly equally as readable as Wikipedia articles, less readable than health advice, and far less readable than well-known book chapters. Further, we find that ostensibly authoritative advice sources such as those from .gov and .edu domains score the lowest for readability.