2014/Making Your Privacy Software Usable
Privacy enhancing technologies (PETs), like onion routing, PGP, and OTR often achieve a high level of security, but user experience (UX) built on top of the protocols is often a development afterthought. Without a concerted effort to examine how the system is used, people accidentally compromise their data or never attempt to use PETs.
This talk will show you PET design done right and wrong through the lens of standard UX evaluation techniques. Our goal is to enable you to incorporate UX principles into your hacking from day 0.
Return to this session's details
Contributed notes(Add your notes here!)
People should have access to privacy software regardless of background.
Bad user experience is soemtimes considered is a "feature" - where the process of learning how to use the software teaches them how it works, like GPG - command line means a more experienced audience. But problem: people hate reading the manual, so they won't ever use it!
Principled user experience design process is good! Bad example: Haystack - in the development process, potentially exposed activists.
You have to publish more mindfully - failure mode for privacy software is greater than typical software.
They started with Techno-Activism 3rd Monday meetups - teaching UX principles to attendees and getting them to test relevant software.
UX: Make the system match the user - how should the user feel? do? learn?
Mailvelope - has documentation on the download page but not inside the app. "Does the user know that what they did worked?" Tor browser - "I opened it...is that it?"
Nielsen principles of usability - gulf of execution, gulf of evaluation, nielsen's heuristics. including visibility of system status. Tor was a good example - didn't know if private browsing was "turns on"
Start or attend a ta3m in your city!!!