[guardian-dev] usability testing of Gibberbot v11 alpha 4
Bernard Tyers - ei8fdb
ei8fdb at ei8fdb.org
Mon Feb 25 17:25:01 EST 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Matej,
Nice work. Can I ask you how you tested Gibberbot?
Was it a usability test with participants, or an expert review?
regards,
Bernard
On 20 Feb 2013, at 09:38, Nathan of Guardian wrote:
> Matej Kovacic:
>> I did some testing of Gibberbot v11 alpha 4. Here are the results with
>> my some suggestions and remarks:
>
> Wonderful! Thanks for the hard work. I believe we have addressed or or
> intend to address everything you have pointed out. I am glad to have the
> additional feedback to emphasize the importance.
>
> A few comments:
>
> 1) When you select "use Tor", Gibberbot v11 should automatically modify
> the account settings to NOT use SRV lookup and instead use
> talk.google.com (or talk.l.google.com). We do this for any domain we
> know about like jabber.org, jabber.ccc.de, gmail, or any google domain
> account.
>
> If this isn't working for you, then there is a bug!
>
> 2) Definitely agree on the per message indicator for whether it was
> encrypted or not. In, fact for 2 years now we have had a design mockup
> even, but haven't implemented it yet :(
>
> https://github.com/guardianproject/Gibberbot/blob/master/doc/comps/20110415/gibberbot_ui_chat.png
>
> I think v12 is the right time to get it done!
>
> 3) Regarding checking TLS/SSL certificates - we have done quite a bit to
> harden the cert verification process, and even supporting a limited
> "pinning" for domains like talk.google.com. We also support a new manual
> verification process for certs we don't automatically trust, and a
> pop-up will be displayed to ask if you would like to trust it. We are
> using the excellent MemorizingTrustManager library for this:
> https://github.com/ge0rg/MemorizingTrustManager
>
> I *think* what you are asking for is to be able to check *every* cert
> manually, either during first login, or at any time?
>
> Otherwise, will take all of your feedback into consideration, and make
> sure we have tickets for it in our project tracker.
>
> All the best,
> Nathan
>
>
>
> _______________________________________________
> Guardian-dev mailing list
>
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
> To Unsubscribe
> Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org
> Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/ei8fdb%40ei8fdb.org
>
> You are subscribed as: ei8fdb at ei8fdb.org
- --------------------------------------
Bernard / bluboxthief / ei8fdb
IO91XM / www.ei8fdb.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQEcBAEBAgAGBQJRK+S9AAoJENsz1IO7MIrr1jsIAKU1QH4ek8rRai6VyIPrg20s
aEsbfq8jSna5b/Z5Hd+4HZt1I+TrQYLf+tiVnJlvbkFHB/7Q45ZEXOZxW2GIKlKE
SpFILKDijs5Ve9YwILJWQFg8vpsRnraKNd4y5v7YbihsPSF2FkLN8kVexNu2FQJG
2lIvZIzW1fWfG5krYSWln2CZVP53hmX8krS4CBpfs5BICjJdC4IF8ytoGJZ7UJOX
COlmsTqKLTx4REtt/bf/l9jcHALtMz4oLPeWvq9dr+4fL4fsXVMvMeyg3xdjZSjr
5zQ3F0V7TlC8eHKCqjh/k7brZgFESMLcB4yveqHwr8fVbh7Hp+EnfqItitoIZJM=
=Ri6J
-----END PGP SIGNATURE-----
More information about the Guardian-dev
mailing list