[guardian-dev] Help please! Human factors of privacy tools.
Carrie Stiens Winfrey
cstiens at gmail.com
Wed May 8 16:45:55 EDT 2013
Hey Bernard,
Let's have a talk between you, Nathan, myself, and Mark (if he'd like to
join). Which of these times work for you all:
Thursday (tomorrow) 6:00pm (GMT + 1); That's 12 noon in NYC; 11 am in Texas.
Monday 6 or 8 pm (GMT + 1)
Best, Carrie
On Mon, May 6, 2013 at 4:38 PM, Bernard Tyers - ei8fdb <ei8fdb at ei8fdb.org>wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> On 26 Apr 2013, at 16:45, Carrie Stiens Winfrey wrote:
>
> > Hello Bernard!
> >
> > It's nice to meet you.
>
> Hi Carrie, nice to meet you too! Apologies I've been busy with projects
> and got time this weekend to spend on my thesis project.
>
>
> > Below, are my initial thoughts about possible research areas for you.
> Perhaps they trigger other ideas for you, or sound like a good direction.
> Either way, let's consider it the start of a conversation. If you'd like to
> talk face and face, we could arrange a skype or Google hangout next week.
>
> Yes, I'd be interested in that. I'm free most evenings (from 6PM GMT+1)
> this week.
>
>
> > Best, Carrie
> >
> > >> Re: Is there a question you'd love to see answered? Is there some
> area of a tool that needs some research?
> > I'm interested in learning how much people (users) need to understand
> the security model behind our apps, to be able to trust them. My assumption
> is that is varies from person to person—some will want to know the details,
> while some will take a trusted friend or organization's word for it. But,
> some research on the education needed around security would be interesting.
> What does it take (in terms of education) to get people to trust that
> they're in good hands?
>
> Oh boy....trust is a difficult thing. And yes I agree trust is different
> from person to person. That was one reason why I was originally thinking
> about the information provided by the software UI. I have been looking
> through CHI 2013 topics and there are some interesting papers there.
>
> Open Source software for one person is "strangers writing software they
> don't charge for, and so you can't trust them" and for another is the only
> type they'll use. I think it may be a topic too big for my dissertation.
> However
>
>
> > Also, I watched the first part of the Firefox video. It's quite
> interesting how security is starting to become bigger topic of discussion,
> even for people outside crisis areas.
>
> I thought the video was interesting. I have to say I don't agree with all
> of the points, but yes security is becoming part of the bigger privacy
> topic. Of late Firefox seem to be talking a lot about privacy and security
> (which is a very good thing).
>
>
> > How security makes sense to a common person, could be an area to
> explore. You could really dig into mental models here. :)
>
> Rick Wash at Michigan State University is researching this at the moment.
> [1]
>
>
> > >> Re: but I would like to do some work on an area that could lead to
> some useful research/provide input to making these tools better, from a
> user point of view.
> > Research that makes these tools better, in my opinion, comes from
> talking with the people using them, and is very specific per project.
>
> I completely agree. I didn't want to get too heavy on the user centred
> design, and user research in my initial mail. :)
>
>
> > It's both UI testing and 'User Research', where you really get to know
> how an application fits into someone's life
>
> Again, absolutely agree. I had mentioned in my mail about looking for user
> participants. Given the nature of the use cases for these tools, it may be
> difficult to get a large group. But I am hopeful.
>
>
> > —how, when and what they use it for. So one approach, is to focus on a
> specific application.
>
> One of my reasons for trying to contact the Guardian Project and the Tor
> people was to work on one application. So far contact with the Tor people
> has been minimal which is a pity.
>
>
> > The opposite approach would be to do testing on multiple apps (8-12+)
> until patterns of behavior started to emerge. In that case, general
> conclusions could potentially be drawn about which interfaces or elements
> of interfaces work well.
>
> Hmm I had a similar idea before, however I like this idea too. 8-12 may be
> a little too much as my time is unfortunately not infinite. It could be an
> expert review combined with some user testing based observations with
> open-ended questions.
>
> I've seen a presentation on mapping the UI of mobile devices, and
> suggestions that they're all the same. [2] Something similar could be done.
>
>
> > I'm not sure yet how this fits into the Guardian picture, but maybe it
> would be helpful to compare Guardian products with the other apps people
> are using for security. It could be like competitive review across the
> board to discover what is and isn't working well in different cultures.
>
> Yes, this was actually one of my other ideas - something like taking
> Gibberbot and for example Beem and comparing them. Possibly doing some
> design improvements and then retesting them.
>
> Either way, I'd be very interested in talking with you if you had some
> time this week.
>
> Looking forward to hearing from you.
>
> thanks,
> Bernard
>
>
> [1] http://bitlab.cas.msu.edu/securitymodels/index.html
> [2] http://vimeo.com/50540260 (from minute 7:50)
>
> >
> >
> >
> > On Fri, Apr 26, 2013 at 10:21 AM, Nathan of Guardian <
> nathan at guardianproject.info> wrote:
> >
> > Carrie and Bernard,
> >
> > I wanted to connect you directly to speak more about possible
> > collaboration within the context of the Guardian Project.
> >
> > @Bernard - Carrie has been leading our work on UI/UX and more recently
> > testing and usability studies with a number of new projects we are
> > working on. She had some excellent thoughts on your proposal.
> >
> > +n
> >
> >
> > -------- Original Message --------
> > Subject: Re: [Guardian-internal] Fwd: [guardian-dev] Help please!
> Human
> > factors of privacy tools.
> > Date: Thu, 25 Apr 2013 16:04:43 -0500
> > From: Carrie Stiens Winfrey <cstiens at gmail.com>
> > To: David Oliver <oliver.david.m at gmail.com>
> > CC: Guardian Internal List <guardian-internal at lists.mayfirst.org>
> >
> >
> >
> > Hello all! Here are my thoughts on potential research areas for this guy:
> >
> > >> Re: Is there a question you'd love to see answered? Is there some
> area of a tool that needs some research?
> >
> > I'm interested in learning how much people (users) need to understand
> > the security model behind our apps, to be able to trust them. My
> > assumption is that is varies from person to person—some will want to
> > know the details, while some will take a trusted friend or
> > organization's word for it. But, some research on the education needed
> > around security would be interesting. What does it take (in terms of
> > education) to get people to trust that they're in good hands?
> >
> >
> > >> Re: but I would like to do some work on an area that could lead to
> some
> > useful research/provide input to making these tools better, from a user
> > point of view.
> >
> > Research that makes these tools better, in my opinion, comes from
> > talking with the people using them, and is very specific per project.
> > It's both UI testing and 'User Research', where you really get to know
> > how an application fits into someone's life—how, when and what they use
> > it for.
> >
> > The opposite approach would be to do testing on multiple apps (8-12+)
> > until patterns of behavior started to emerge. In that case, general
> > conclusions could potentially be drawn about which interfaces or
> > elements of interfaces work well. I'm not sure how this fits into the
> > Guardian picture, but maybe it would be helpful to compare Guardian
> > products with the other apps people are using for security. It could be
> > like competitive review across the board to discover what is and isn't
> > working well in different cultures.
> >
> >
> > -Carrie
> >
> >
> >
> >
> > -------- Original Message --------
> > Subject: [guardian-dev] Help please! Human factors of privacy
> tools.
> > Date: Wed, 24 Apr 2013 17:45:50 +0100
> > From: Bernard Tyers - ei8fdb <ei8fdb at ei8fdb.org
> > <mailto:ei8fdb at ei8fdb.org>>
> > To: The Guardian Project Dev List
> > <guardian-dev at lists.mayfirst.org
> > <mailto:guardian-dev at lists.mayfirst.org>>
> >
> > Hello nice Guardian Project people,
> >
> > Tl;dr: I'm offering 4-5 months worth of a reasonably
> privacy/crypto
> > savvy HCI researchers time to carry out research for a MSc
> > dissertation
> > about usability of privacy enhancing software, and the effect
> > their UIs
> > have on people's idea of how they work.
> >
> >
> > Seeing as I am going to be asking for a favour, I should give
> some
> > information about me.
> >
> > My background is: electronics engineering, network and systems
> > admin,
> > then telecoms engineer (mobile networks - packet network mainly
> > and some
> > voice...yes also legal interception and packet inspection
> > equipment, but
> > I'm not proud).
> >
> > 2 years ago I moved career to the UX industry, my interest is
> > HCISEC -
> > Human Computer Interaction in SECurity and privacy - PETs
> (Privacy
> > Enhancing Tools), security, encryption tools and why people, who
> > should
> > use them, do not use them.
> >
> > I define "people who should use them" as human rights activists,
> > investigative journalists, people in countries whose government
> are
> > oppressive.
> >
> > I am doing a masters in human computer systems, and it's coming
> > to the
> > time to start planning my dissertation. My chosen topic (very
> > generally)
> > is: "Usable security and its impact on mental models and trust."
> > Over
> > the next few days I want to focus this better. If you'd like to
> know
> > more about mental models, lemme know..
> >
> > So to my request: I have 4-5 months (beginning from May) to
> > carry out a
> > HCISEC related human factors focused project.
> >
> > I can find a subject myself, but I would like to do some work on
> > an area
> > that could lead to some useful research/provide input to making
> > these
> > tools better, from a user point of view. Is there a question
> > you'd love
> > to see answered? Is there some area of a tool that needs some
> > research?
> >
> > I will also be looking for participants to take part in research
> > - again
> > I am very conscience of the scenarios where these tools are
> > used, and
> > the need to maintain anonymity and privacy. I will be
> > anonymising all
> > research, asking for the minimum information and am happy to
> > carry out
> > communications via secure communications tools. I would
> appreciate
> > support from users of security and privacy tools.
> >
> > At the end, all research will be released and available for use
> > by the
> > security/privacy community.
> >
> >
> > If I don't come up with a PETs related topic for the
> > dissertation, thats
> > ok too - I still want to volunteer my mad l33t HCI sk1llz for
> > your work.
> >
> > I think your tools could benefit from some usability testing to
> > validate
> > current designs, particularly Orbot/Orweb and Gibberbot. I'd
> > also like
> > to offer my mobile telecoms technical knowledge for any projects
> > you'd
> > think it'd be helpful with.
> >
> > I know you guys know it's important to make these applications
> > easy to
> > use (otherwise why build them!?), but you've got a lot of work
> > on your
> > hands already, and HCI isn't your speciality. I am interested in
> > helping
> > you guys with the human part of it.
> >
> > At the risk of teaching you to suck eggs, if you are interested
> in
> > learning more, I can recommend the "Security and Usability:
> > Designing
> > Secure Systems that People Can Use" book by Lorrie Faith Crannor
> and
> > also the SOUPS Conference (http://cups.cs.cmu.edu/soups/2013/).
> >
> > I look forward to some feedback (on or off list).
> >
> > thanks,
> > Bernard
>
>
> - --------------------------------------
> Bernard / bluboxthief / ei8fdb
>
> IO91XM / www.ei8fdb.org
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
>
> iQEcBAEBAgAGBQJRiCLtAAoJENsz1IO7MIrrc4gH/j4AHNQAIpJoX/6WAL2LGsMv
> d4dYOLBlveR6bg/qFei/0YB5MIu5yY9Fp1Y/UhGl1s6nw7mgsjNKwgUxMKGk7l3c
> f9zqZI9LueDqkZ3LS7PoK3YlfXrLMUaOZ5IFIBfQIrH+CyCmyDM7WGSD4xeiNyI2
> /9i5uv8+ncB5XhItuN3dk3updJp3B4PCmy9K9AmRwlTYQUXW2IaOu28Z+yWFEHW1
> jlim3FuarH3mJ/E4CjeeoiMDGK8lutFm/RwLzEhisojJujd6fgRKPk1gPoa6zeV0
> 4eoLCyYn3OZKcrpyvSbkRfAgMXYhtdaqZ4JqalJM55wEGUvttvxVSJ+6fcQCSXg=
> =wFWb
> -----END PGP SIGNATURE-----
>
--
Carrie Winfrey, Interaction Designer
carriewinfrey.com <http://www.carriewinfrey.com> |
@crwinfrey<https://twitter.com/crwinfrey>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20130508/a4708961/attachment-0001.html>
More information about the Guardian-dev
mailing list