[guardian-dev] Gibberbot feedback
mayfirstorg at kevinsteen.net
Thu Jan 3 12:06:48 EST 2013
I've been playing with Gibberbot (v0.0.10-RC6) over the last few days,
trying to convince my friends to use it, and I wanted to give some
feedback on some of the usability problems I experienced.
[ By way of introduction, I'm a hobbyist software developer with a keen
interest in security and usability. I'm trying to learn java and android
development so that I can make useful contributions to projects like
1. For anyone using OTR, I think there needs to be a warning to use a
I found that using the same account as I was using with my desktop
client meant that incoming encrypted messages would frequently not
appear. Technically this is probably due to the server delivering
incoming messages to the most recently used Resource, and that Resource
discarding the OTR message which was encrypted for a different key.
However, for novice users the disappearance of messages and frequent
need to reset the encryption will probably make them think the
technology is rubbish. So far, my understanding of the XMPP specs makes
me think there isn't much Gibberbot can do to fix this problem, but I
hope I'm wrong.
2. On the Chat screen, I think the lock icon should be removed, or it
should show an open lock when the chat is not encrypted.
It has taken many years to try and teach people that a visible lock icon
indicates 'security', so it's visibility when the chat is not secure
will generate confusion or lead people to chat over an insecure channel.
3. To indicate an unverified chat partner, I suggest showing an icon
something like a black silhouette of a head with a question-mark in the
centre, adjacent to the yellow 'Chat is encrypted message'. Tapping that
icon would take the user to the fingerprint-verification screen.
4. On the fingerprint verification screen, I'd suggest moving the icons
from the bottom closer to the relevant fingerprints:
Below 'Their fingerprint', put the message "Tap here to scan Bob's
fingerprint using your camera". (Also, maybe change 'Their fingerprint'
to 'Alleged fingerprint')
Below 'Your fingerprint', put the message "Tap here to display a QR Code
of your fingerprint so that Bob can scan it"
The tick icon should probably also move into the page above 'Your
fingerprint' with some explanatory text : "If you have manually verified
ALL of the characters of Bob's fingerprint, tap here", leading to the
For ease of use, I'd recommend putting a space after every 4 characters
of each fingerprint.
The Question/Answer functionality I think needs a whole page of
explanatory text on it's own.
Sorry for the long message - I tried to draw what I was thinking of, but
my drawing skills leave much to be desired!
One small bug I noticed was that on many of the screens, tapping the
'back' icon at the top left used an animation from the right to the
left, instead of the left-to-right animation used if you press the
hardware back button.
My friends also had a feature request: "Can we send photos straight from
our mobile?" !
More information about the Guardian-dev