Out of the Game: How Apps Fail Oppressed Users (and what you can do to help)

*
Accepted Session
Short Form
Beginner
Scheduled: Wednesday, June 21, 2017 from 3:45 – 4:30pm in B202/203

Excerpt

Apps and websites routinely expose user information in service of social and interactive goals. But what happens when your user has a stalker? Many of these services will compromise the safety of users who are already at risk. Making things worse, some developers resist making changes, with justifications such as "If someone's in that much danger, they shouldn't be doing anything online," and "It's basically impossible to defend against a state actor."

This overview will help developers take the risk factors into account, and make development decisions that puts control back into the hands of the users. There's no way to perfectly remove the risk of going online if you're in danger, but people will go online anyway. Many more users at risk are facing technically naive attackers than are facing highly skilled attackers such as state actors.

Description

Some people don’t fully believe in situations that they haven’t experienced themselves. If they happen to have not experienced domestic violence, stalkers, or mob-based bullying, they may not take user reports of these things as serious problems. They may believe that these problems are only experienced by a loud but insignificant minority of users, and may believe their preconceptions rather than doing proper user research.

In fact, over 7.5 million people were stalked in the United States in the year 2011 alone[*]. 7.5 million is an excessively conservative estimate, as it only counted repeated incidents and active fear of injury or death. We can assume that for every person who both experienced multiple incidents of stalking behavior, and who feared the stalker would injure or kill someone, there are several more people, who might have feared injury or death but “only” had one incident to report, or who “only” feared unpleasant, but not fatal, actions from their stalker. [Citation: https://victimsofcrime.org/our-programs/stalking-resource-center/stalking-information/stalking-statistics]

Here are some large companies that have gotten things wrong as a matter of policy, whether or not they’ve managed to turn things around since these have happened.

Slack and Socialcast (both intended as business applications, one a chat program and one a facebook-like corporate social media application) technical support representatives have said that a block or mute feature would be inappropriate or redundant, because all complaints of inappropriate or unwanted contact should be addressed through management or Human Resources.

LinkedIn is notorious for trying to force connections based on the contents of a user’s address book, which might still contain estranged exes and estranged family members. There are many reasons someone might keep someone they want no further contact with in their address book; they could have assigned a silent ring tone to the ex who keeps calling; they could want to redirect emails from their abusive uncle to a special folder without risking getting any of them caught up in the spam filter (even if it contains many of the same words as spam); they could still be exchanging weekly emails with the mother who screams at them every time they talk on the phone, which is why they don’t want to add her on LinkedIn too.

And some user stories, too…

A Microsoft Skype researcher was visibly surprised when a research subject placed the sticky-note representing her father (a weekly contact) on the other side of the room (instead of somewhere on the flip chart paper provided for the purpose) to represent the (lack of) emotional closeness. (“Emotional closeness is near the center of the page!” “… Yup.”)

A user experiencing a domestic violence situation talked about their unwillingness to give their abusive partner any of their gmail addresses, saying “I don’t want to give [them] access to any more means of contact that will generate a push notification.”

Tags

developer education, user research, abuse, stalking, bullying

Speaking experience

This is the first edition of this Crash & Byrne talk.

Azure "User Acceptance Test Crash" Lunatic: Speaker, Open Source Bridge (2014, Keeping your culture afloat through a tidal wave of interest ~~\o/~~; 2015, Community Moderation: you can't always halt a flamewar with one raised eyebrow (but it rarely hurts to try); 2016, Yelling As A Service: Adventures in Unofficial QA)

Alex Byrne: Speaker, Open Source Bridge (2015, The Library Is An (Almost) Open-Source Insitutuion, 2016: Postcards from the Edge Case and Librarians and Open Source: We Need Code Too!)

Speaker, American Library Association TechSource Conference (2008: Smash Bash)

Spotlight on Success Poster presentation at Washington Library Association Conference (2013, Mind The Gap)

Speaker, Storytime Extravaganza (2016, Early Literacy Asides: You already have what it takes)

All slides and commentaries available at https://heofhishirts.neocities.org/presentations/index.html

Speakers

  • Alexheadshot

    Alex Byrne

    Pierce County Library System

    Biography

    Youth Services Librarian for almost a decade, Linux user for longer, player of games of all sorts and wearer of floral print shirts. Very interested in the ways that public libraries can better assist and find the needs of their communities, how open source code can help raise a generation of coders and hackers, and how open technologies can help free public libraries from vendor lock-in and prevent the adoption of technologies that run counter to public library principles just to get at content.

    Sessions

      • Title: Read, Write, Talk, Sing, Play: What Early Literacy Can Teach Us About Software Literacy
      • Track: Culture
      • Room: B204
      • Time: 11:0011:45am
      • Excerpt:

        I’m not saying that you have to speak parentese to beginning software learners. They might be quite offended with you doing that, actually. What beginners often need, though, is not just to be set in front of a tutorial and told to come back when they’re finished, but to have someone on hand to bounce questions off of or to talk them through problems and exercises so that they understand. Learners often pick up useful information by observing someone else at work using the language, but they can’t just be there while you do things and learn it all by observation alone.

        One of the best skills a librarian has that goes mostly unnoticed is that they’re really great at narrating themselves to others. When demonstrating (sometimes for the sixteenth time) how to go through a procedure to obtain resources or run searches, librarians narrate what they are doing and why. When reading a book to tiny people, youth services librarians often ask questions about what the characters are doing or feeling, so that the tiny people can use both the text and the pictures to decode what’s going on in the story. Key information about the story is often communicated visually in a picture book, and sometimes in complete contradiction to the text. By providing scaffolding through narration, the librarian provides context and reasoning for the actions they’re taking. By asking questions at regular intervals, the librarian can check to make sure understanding is happening and adjust to include perspectives they may not have been taking into account before.
        […]
        Talking and explaining things to your learners, and with each other, is the best way to help them learn. So if you get the opportunity to have someone shadow you and ask you annoying questions about what you’re doing and why you’re doing it that way, take up the opportunity. (And request it all gets documented. Trust me.) By talking through things with someone who doesn’t have your expertise, you shore up your own knowledge and help someone get more of their own. That leads to literacy.

      • Speakers: Alex Byrne
      • Title: Out of the Game: How Apps Fail Oppressed Users (and what you can do to help)
      • Track: Activism
      • Room: B202/203
      • Time: 3:454:30pm
      • Excerpt:

        Apps and websites routinely expose user information in service of social and interactive goals. But what happens when your user has a stalker? Many of these services will compromise the safety of users who are already at risk. Making things worse, some developers resist making changes, with justifications such as “If someone’s in that much danger, they shouldn’t be doing anything online,” and “It’s basically impossible to defend against a state actor.”

        This overview will help developers take the risk factors into account, and make development decisions that puts control back into the hands of the users. There’s no way to perfectly remove the risk of going online if you’re in danger, but people will go online anyway. Many more users at risk are facing technically naive attackers than are facing highly skilled attackers such as state actors.

      • Speakers: Alex Byrne, Azure Lunatic
  • 20140320 152010

    Azure Lunatic

    Dreamwidth

    Biography

    Specialist in Yelling as a Service. New contributor orientation specialist, code tour guide, and spamwhacker at Dreamwidth.org. Reader, writer, crocheter, geek.

    Sessions

      • Title: Out of the Game: How Apps Fail Oppressed Users (and what you can do to help)
      • Track: Activism
      • Room: B202/203
      • Time: 3:454:30pm
      • Excerpt:

        Apps and websites routinely expose user information in service of social and interactive goals. But what happens when your user has a stalker? Many of these services will compromise the safety of users who are already at risk. Making things worse, some developers resist making changes, with justifications such as “If someone’s in that much danger, they shouldn’t be doing anything online,” and “It’s basically impossible to defend against a state actor.”

        This overview will help developers take the risk factors into account, and make development decisions that puts control back into the hands of the users. There’s no way to perfectly remove the risk of going online if you’re in danger, but people will go online anyway. Many more users at risk are facing technically naive attackers than are facing highly skilled attackers such as state actors.

      • Speakers: Alex Byrne, Azure Lunatic