[guardian-dev] Pixelknot

Mark Belinsky m at markbelinsky.com
Mon Apr 22 18:40:15 EDT 2013 

On Sun, Apr 21, 2013 at 9:13 AM, Bernard Tyers - ei8fdb
<ei8fdb at ei8fdb.org>wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello all,
>
> Apologies it's taken me so long to get this finished but I've been busy
> with less interesting things.
>
> This walkthrough has been done with Pixelknot (0.3) on a Motorola Razr i
> (unrooted) device running Android 4.1.2.
>
> I've used two tasks which I think would reflect "normal" usage of an app
> like this:
>
> TASK 1: Embed message in preselected picture, use a password and then send
> it via Dropbox.
> TASK 2: Embed message in preselected picture, use no password and send it
> via e-mail.
>
> I may have made some assumptions here that may be incorrect.
>
> Some of the 5 issues I found may be bugs like I mentioned. if so, I am
> happy to file them if needed. For the other issues, I've given some
> possible solutions.
>
> Firstly, I'd suggest you have a look at the video here:
> https://vimeo.com/64487693  and then take a look at the issues below.
> It'll make more sense.
>
> (Sorry for the continuous auto-focus on the camera, but the light was
> terrible!)
>
> ====================
>
> TASK 1: Embed message in preselected picture, use a password and then send
> it via Dropbox.
>
> 1. At min 1:38: The user is offered two "trusted apps" to share the image
> with.
>
> Was there a decision to use just these two? If the user doesn't want to
> use Bluetooth or Dropbox, it is not clear how to share them with other
> tools. The arrow in the top right hand-side is the only way to find the
> other apps you can use.
>
> SOLUTION: Display applications most used to share on that "Share with..."
> screen. Or possibly display more options eg e-mail, SMS.
>

****The problem is that certain apps have been found to break the stego.
Tests with k-9 mail go back and forth on whether it's working or not, but
we can add that and kaiten as trusted for the next release. we'll also add
the base email app as that should work ok. We're also adding some other
apps that we can now verify it working across. Are there any that you have
tested and found to still work after being transfered across them that you
would like to see added?


>
> 2. At min 1:59: The user is notified that the upload to Dropbox has failed.
>
> I don't know how the file which has been steg'ed is handled. The error
> message from Dropbox (seen at 2:06) says "We couldn't upload
> '136653636941_embed.jpg'. It may have been moved, deleted, os is located on
> an SD card that is currently unavailable."
>
> SOLUTION: If this is a bug, then I am happy to get it logged properly.
> Maybe it's a bug just with Motorola Razr i phones?
>

****I'm not sure why this is happening. I haven't found any troubles with
Dropbox. Have you confirmed that Dropbox works when sharing from other apps?


>
> ====================
>
> TASK 2: Embed message in preselected picture, use no password and send it
> via e-mail.
>
> 3. At min 2:29: The user is able to advance passed message entry window,
> but is required to enter message.
>
> Is the message optional? If not, then the user should not be able to
> advance without entering message. It is really good that you guys have
> caught the possibility of them not entering a message by giving them the
> warning ("Oh no, it looks like you haven't entered a secret message yet.
> Please enter one.") but it would be even better if they didn't see that
> warning.
>
> SOLUTION: Give clear indication that the message not optional, therefore
> removing the necessity of the "Oh no..." warning.
>

****I think it's more fun and functional this way, don't you?


>
> 4. At min 2:59: How does the user advance to the next screen?
>
> When the user has entered the secret message, they are given no clear way
> to advance to the next screen. On inspection there are two options:
>
> 1. navigation dots.
> 2. The password entry field icon.
>
> Since both bring the user to the same place, it might be a good idea to
> remove one of them? Is there a recommended next step? Ie. do you want the
> user to enter password for the image?
>
> SOLUTION: If the password entry field icon was removed, and the user
> swiped R-to-L they would be prompted with the:
>
> "Wait! You haven't set a password for your image. Are you sure you want to
> continue?. No set my password OR Yes, continue." message.
>
> At this point, they would either continue, or enter the password.
>
****We changed this so that the options are share or enter a password (no
longer required). The UI pushes people to the password option. While
swiping is a cool functionality, we're still exploring whether it'll work
properly with all users on all devices.

>
>
> 5. At min 4:35: The file has been attached and sent by e-mail
> successfully, however the file size is 0 B.
>
> I guess this is a bug?
>
> SOLUTION: If this is a bug, then I am happy to get it logged properly.
> Maybe it's a bug just with Motorola Razr i phones?
>
 ****Strange! I wonder if it's a problem with kaiten and if so at what
point the fail was (either sending it from our side, or receiving it from
theirs, or otherwise). Are there any logs in kaiten that might show.

>
> ====================
>
> I hope they are of help. I'm looking forward to seeing the next version.
>

****Hugely helpful! Thanks for all of the time and consideration.

>
> regards,
> Bernard
>
>
>
> On 10 Apr 2013, at 00:29, Mark Belinsky wrote:
>
> > Thanks so much for the feedback Bernard! The best UI of a security app
> is quite the compliment!
> >
> > Do send comments. We're tweaking and strengthening the app now, so
> they'd be helpful. There are known issues with the galaxy s3 and we're
> trying to test for bugs across a wide range of models.
> > ~Sent from my mobile. Please excuse any typos or terseness.
> >
>
>
> - --------------------------------------
> Bernard / blueboxthief@#guardianproject
>
> IO91XM / www.ei8fdb.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
>
> iQEcBAEBAgAGBQJRc+YIAAoJENsz1IO7MIrr+jIH/3IIh7sed3ZpgohuIw7udC9Q
> K1o7i5QAv7ZZfQiKI4kYAB4BcgV48S9orv9wNcEECH/UfP85M2/JlZKu8yy1JU8W
> PjQbOe/UJg0SQgLQ4z+BidkIKa6OQtMQDmgtCgubyY1pqXPe/XWZ4s1XQAi8NC3K
> 9UqQAvu0LfgTOhX5qcuW+ibRuSu3A5ZNfeDym+fhOaLYQNWms1tP5I/z62sql+nc
> AjT69AicGlmafKK5qhf1Zlm3117lMnFa2zfweujd07uIP5x+bnzaG1BXNedt4S01
> kt8OIgwQQkaHBOmd/B39s2Tsk32jy/7zTvsxb3FSRVZqs+BVzPnlPyZzyfY5bps=
> =mofB
> -----END PGP SIGNATURE-----
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20130422/eecd95d2/attachment.html>

More information about the Guardian-dev mailing list