[guardian-dev] Gibberbot feedback

Kevin Steen mayfirstorg at kevinsteen.net
Thu Jan 3 12:06:48 EST 2013

I've been playing with Gibberbot (v0.0.10-RC6) over the last few days, 
trying to convince my friends to use it, and I wanted to give some 
feedback on some of the usability problems I experienced.

[ By way of introduction, I'm a hobbyist software developer with a keen 
interest in security and usability. I'm trying to learn java and android 
development so that I can make useful contributions to projects like 
yours. ]

1. For anyone using OTR, I think there needs to be a warning to use a 
unique account.

I found that using the same account as I was using with my desktop 
client meant that incoming encrypted messages would frequently not 
appear. Technically this is probably due to the server delivering 
incoming messages to the most recently used Resource, and that Resource 
discarding the OTR message which was encrypted for a different key. 
However, for novice users the disappearance of messages and frequent 
need to reset the encryption will probably make them think the 
technology is rubbish. So far, my understanding of the XMPP specs makes 
me think there isn't much Gibberbot can do to fix this problem, but I 
hope I'm wrong.

2. On the Chat screen, I think the lock icon should be removed, or it 
should show an open lock when the chat is not encrypted.

It has taken many years to try and teach people that a visible lock icon 
indicates 'security', so it's visibility when the chat is not secure 
will generate confusion or lead people to chat over an insecure channel.

3. To indicate an unverified chat partner, I suggest showing an icon 
something like a black silhouette of a head with a question-mark in the 
centre, adjacent to the yellow 'Chat is encrypted message'. Tapping that 
icon would take the user to the fingerprint-verification screen.

4. On the fingerprint verification screen, I'd suggest moving the  icons 
from the bottom closer to the relevant fingerprints:

Below 'Their fingerprint', put the message "Tap here to scan Bob's 
fingerprint using your camera". (Also, maybe change 'Their fingerprint' 
to 'Alleged fingerprint')

Below 'Your fingerprint', put the message "Tap here to display a QR Code 
of your fingerprint so that Bob can scan it"

The tick icon should probably also move into the page above 'Your 
fingerprint' with some explanatory text : "If you have manually verified 
ALL of the characters of Bob's fingerprint, tap here", leading to the 
Confirm dialog.

For ease of use, I'd recommend putting a space after every 4 characters 
of each fingerprint.

The Question/Answer functionality I think needs a whole page of 
explanatory text on it's own.

Sorry for the long message - I tried to draw what I was thinking of, but 
my drawing skills leave much to be desired!

One small bug I noticed was that on many of the screens, tapping the 
'back' icon at the top left used an animation from the right to the 
left, instead of the left-to-right animation used if you press the 
hardware back button.

My friends also had a feature request: "Can we send photos straight from 
our mobile?" !


More information about the Guardian-dev mailing list