[guardian-dev] Help please! Human factors of privacy tools.

Bernard Tyers - ei8fdb ei8fdb at ei8fdb.org
Mon May 6 17:38:53 EDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 26 Apr 2013, at 16:45, Carrie Stiens Winfrey wrote:

> Hello Bernard!
> 
> It's nice to meet you.

Hi Carrie, nice to meet you too! Apologies I've been busy with projects and got time this weekend to spend on my thesis project.


> Below, are my initial thoughts about possible research areas for you. Perhaps they trigger other ideas for you, or sound like a good direction. Either way, let's consider it the start of a conversation. If you'd like to talk face and face, we could arrange a skype or Google hangout next week.

Yes, I'd be interested in that. I'm free most evenings (from 6PM GMT+1) this week.


> Best, Carrie
> 
> >> Re: Is there a question you'd love to see answered? Is there some area of a tool that needs some research?
> I'm interested in learning how much people (users) need to understand the security model behind our apps, to be able to trust them. My assumption is that is varies from person to person—some will want to know the details, while some will take a trusted friend or organization's word for it. But, some research on the education needed around security would be interesting. What does it take (in terms of education) to get people to trust that they're in good hands?

Oh boy....trust is a difficult thing. And yes I agree trust is different from person to person. That was one reason why I was originally thinking about the information provided by the software UI. I have been looking through CHI 2013 topics and there are some interesting papers there.

Open Source software for one person is "strangers writing software they don't charge for, and so you can't trust them" and for another is the only type they'll use. I think it may be a topic too big for my dissertation. However


> Also, I watched the first part of the Firefox video. It's quite interesting how security is starting to become bigger topic of discussion, even for people outside crisis areas.

I thought the video was interesting. I have to say I don't agree with all of the points, but yes security is becoming part of the bigger privacy topic. Of late Firefox seem to be talking a lot about privacy and security (which is a very good thing).


> How security makes sense to a common person, could be an area to explore. You could really dig into mental models here. :)

Rick Wash at Michigan State University is researching this at the moment. [1] 


> >> Re: but I would like to do some work on an area that could lead to some useful research/provide input to making these tools better, from a user point of view. 
> Research that makes these tools better, in my opinion, comes from talking with the people using them, and is very specific per project.

I completely agree. I didn't want to get too heavy on the user centred design, and user research in my initial mail. :)


> It's both UI testing and 'User Research', where you really get to know how an application fits into someone's life

Again, absolutely agree. I had mentioned in my mail about looking for user participants. Given the nature of the use cases for these tools, it may be difficult to get a large group. But I am hopeful.


> —how, when and what they use it for. So one approach, is to focus on a specific application.

One of my reasons for trying to contact the Guardian Project and the Tor people was to work on one application. So far contact with the Tor people has been minimal which is a pity.


> The opposite approach would be to do testing on multiple apps (8-12+) until patterns of behavior started to emerge. In that case, general conclusions could potentially be drawn about which interfaces or elements of interfaces work well.

Hmm I had a similar idea before, however I like this idea too. 8-12 may be a little too much as my time is unfortunately not infinite. It could be an expert review combined with some user testing based observations with open-ended questions.

I've seen a presentation on mapping the UI of mobile devices, and suggestions that they're all the same. [2] Something similar could be done.


> I'm not sure yet how this fits into the Guardian picture, but maybe it would be helpful to compare Guardian products with the other apps people are using for security. It could be like competitive review across the board to discover what is and isn't working well in different cultures.

Yes, this was actually one of my other ideas - something like taking Gibberbot and for example Beem and comparing them. Possibly doing some design improvements and then retesting them.

Either way, I'd be very interested in talking with you if you had some time this week.

Looking forward to hearing from you.

thanks,
Bernard


[1] http://bitlab.cas.msu.edu/securitymodels/index.html
[2] http://vimeo.com/50540260 (from minute 7:50)

> 
> 
> 
> On Fri, Apr 26, 2013 at 10:21 AM, Nathan of Guardian <nathan at guardianproject.info> wrote:
> 
> Carrie and Bernard,
> 
> I wanted to connect you directly to speak more about possible
> collaboration within the context of the Guardian Project.
> 
> @Bernard - Carrie has been leading our work on UI/UX and more recently
> testing and usability studies with a number of new projects we are
> working on. She had some excellent thoughts on your proposal.
> 
> +n
> 
> 
> -------- Original Message --------
> Subject:        Re: [Guardian-internal] Fwd: [guardian-dev] Help please! Human
> factors of privacy tools.
> Date:   Thu, 25 Apr 2013 16:04:43 -0500
> From:   Carrie Stiens Winfrey <cstiens at gmail.com>
> To:     David Oliver <oliver.david.m at gmail.com>
> CC:     Guardian Internal List <guardian-internal at lists.mayfirst.org>
> 
> 
> 
> Hello all! Here are my thoughts on potential research areas for this guy:
> 
> >> Re: Is there a question you'd love to see answered? Is there some area of a tool that needs some research?
> 
> I'm interested in learning how much people (users) need to understand
> the security model behind our apps, to be able to trust them. My
> assumption is that is varies from person to person—some will want to
> know the details, while some will take a trusted friend or
> organization's word for it. But, some research on the education needed
> around security would be interesting. What does it take (in terms of
> education) to get people to trust that they're in good hands?
> 
> 
> >> Re: but I would like to do some work on an area that could lead to some
> useful research/provide input to making these tools better, from a user
> point of view.
> 
> Research that makes these tools better, in my opinion, comes from
> talking with the people using them, and is very specific per project.
> It's both UI testing and 'User Research', where you really get to know
> how an application fits into someone's life—how, when and what they use
> it for.
> 
> The opposite approach would be to do testing on multiple apps (8-12+)
> until patterns of behavior started to emerge. In that case, general
> conclusions could potentially be drawn about which interfaces or
> elements of interfaces work well. I'm not sure how this fits into the
> Guardian picture, but maybe it would be helpful to compare Guardian
> products with the other apps people are using for security. It could be
> like competitive review across the board to discover what is and isn't
> working well in different cultures.
> 
> 
> -Carrie
> 
> 
> 
> 
>         -------- Original Message --------
>         Subject: [guardian-dev] Help please! Human factors of privacy tools.
>         Date: Wed, 24 Apr 2013 17:45:50 +0100
>         From: Bernard Tyers - ei8fdb <ei8fdb at ei8fdb.org
>         <mailto:ei8fdb at ei8fdb.org>>
>         To: The Guardian Project Dev List
>         <guardian-dev at lists.mayfirst.org
>         <mailto:guardian-dev at lists.mayfirst.org>>
> 
>         Hello nice Guardian Project people,
> 
>         Tl;dr: I'm offering 4-5 months worth of a reasonably privacy/crypto
>         savvy HCI researchers time to carry out research for a MSc
>         dissertation
>         about usability of privacy enhancing software, and the effect
>         their UIs
>         have on people's idea of how they work.
> 
> 
>         Seeing as I am going to be asking for a favour, I should give some
>         information about me.
> 
>         My background is: electronics engineering, network and systems
>         admin,
>         then telecoms engineer (mobile networks - packet network mainly
>         and some
>         voice...yes also legal interception and packet inspection
>         equipment, but
>         I'm not proud).
> 
>         2 years ago I moved career to the UX industry, my interest is
>         HCISEC -
>         Human Computer Interaction in SECurity and privacy - PETs (Privacy
>         Enhancing Tools), security, encryption tools and why people, who
>         should
>         use them, do not use them.
> 
>         I define "people who should use them" as human rights activists,
>         investigative journalists, people in countries whose government are
>         oppressive.
> 
>         I am doing a masters in human computer systems, and it's coming
>         to the
>         time to start planning my dissertation. My chosen topic (very
>         generally)
>         is: "Usable security and its impact on mental models and trust."
>         Over
>         the next few days I want to focus this better. If you'd like to know
>         more about mental models, lemme know..
> 
>         So to my request: I have 4-5 months (beginning from May) to
>         carry out a
>         HCISEC related human factors focused project.
> 
>         I can find a subject myself, but I would like to do some work on
>         an area
>         that could lead to some useful research/provide input to making
>         these
>         tools better, from a user point of view. Is there a question
>         you'd love
>         to see answered? Is there some area of a tool that needs some
>         research?
> 
>         I will also be looking for participants to take part in research
>         - again
>         I am very conscience of the scenarios where these tools are
>         used, and
>         the need to maintain anonymity and privacy. I will be
>         anonymising all
>         research, asking for the minimum information and am happy to
>         carry out
>         communications via secure communications tools. I would appreciate
>         support from users of security and privacy tools.
> 
>         At the end, all research will be released and available for use
>         by the
>         security/privacy community.
> 
> 
>         If I don't come up with a PETs related topic for the
>         dissertation, thats
>         ok too - I still want to volunteer my mad l33t HCI sk1llz for
>         your work.
> 
>         I think your tools could benefit from some usability testing to
>         validate
>         current designs, particularly Orbot/Orweb and Gibberbot. I'd
>         also like
>         to offer my mobile telecoms technical knowledge for any projects
>         you'd
>         think it'd be helpful with.
> 
>         I know you guys know it's important to make these applications
>         easy to
>         use (otherwise why build them!?), but you've got a lot of work
>         on your
>         hands already, and HCI isn't your speciality. I am interested in
>         helping
>         you guys with the human part of it.
> 
>         At the risk of teaching you to suck eggs, if you are interested in
>         learning more, I can recommend the "Security and Usability:
>         Designing
>         Secure Systems that People Can Use" book by Lorrie Faith Crannor and
>         also the SOUPS Conference (http://cups.cs.cmu.edu/soups/2013/).
> 
>         I look forward to some feedback (on or off list).
> 
>         thanks,
>         Bernard


- --------------------------------------
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRiCLtAAoJENsz1IO7MIrrc4gH/j4AHNQAIpJoX/6WAL2LGsMv
d4dYOLBlveR6bg/qFei/0YB5MIu5yY9Fp1Y/UhGl1s6nw7mgsjNKwgUxMKGk7l3c
f9zqZI9LueDqkZ3LS7PoK3YlfXrLMUaOZ5IFIBfQIrH+CyCmyDM7WGSD4xeiNyI2
/9i5uv8+ncB5XhItuN3dk3updJp3B4PCmy9K9AmRwlTYQUXW2IaOu28Z+yWFEHW1
jlim3FuarH3mJ/E4CjeeoiMDGK8lutFm/RwLzEhisojJujd6fgRKPk1gPoa6zeV0
4eoLCyYn3OZKcrpyvSbkRfAgMXYhtdaqZ4JqalJM55wEGUvttvxVSJ+6fcQCSXg=
=wFWb
-----END PGP SIGNATURE-----


More information about the Guardian-dev mailing list