Another useful resource might be this academic article on "privacy pitfalls" in usable interface design:
http://repository.cmu.edu/cgi/viewcontent.cgi?article=1077&context=hcii
On Tue, Nov 3, 2015 at 3:09 PM, Mike Perry mikeperry@torproject.org wrote:
Nima sent this to me a while ago and I completely forgot to forward it on. Note the Google docs and the PDF at the bottom.
Useful food for though for Tor Messenger, Tor Browser, and other user-facing stuff.
----- Forwarded message from Nima Fatemi nima@torproject.org -----
Date: Fri, 24 Jul 2015 03:39:31 +0000 From: Nima Fatemi nima@torproject.org To: Mike Perry mikeperry@torproject.org Subject: UX Principles
Hi Mike,
sorry for late email. I was meaning to send you this sooner but I've had a big pile of email, I had to take care of.
So the forwarded message below includes an attachment, which is the Yee's principles and then there's another paper that linda has mentioned, which is worth reading I think.
Here's that talk from Google Chrome's Elisabeth Morant that I mentioned to you:
https://news.yahoo.com/video/yahoo-trust-unconference-security-ux-161037378....
Here are the slides: (the good stuff start from page 12)
https://docs.google.com/presentation/d/1i2Pwennj8PcsigACPA1oLpRNLd7BVC0oilsg...
And here are my notes from the talk + my thoughts added to them:
1st principle: Don't annoy users, even with updates.
People (even infosec ppl) ignore updates
users are often worried that updates would change the interface, it
took them time and energy to get used to current things, they dont want it to change (even if it's a good change)
Enable auto-update by default with an option to opt out
Give devs and users tools to time permission requests
2nd principle: allow mistakes!!! let them change their settings easily
if they've changed their minds
- settings windows doing similar thing should look similar and if they
do the exact things, they should look identical.
- make settings easy to discover
- 3rd principle: combat jerks [malicious-HS_maybe?] - danger is hard to communicate - how to tell users about the danger they're facing - infrastructure for detecting and reacting to badness - how to do this in a decentralized way?! - karma! tie user engagement to resource allocation (maybe useful
for HiddenServices?) (okay, right after writing this sentence, I started a conversation in #tor-project. see the backlog, you might find it interesting) - crowd consent
Let me know if I can be of any help.
Bests,
-- Nima
-------- Forwarded Message -------- Subject: Yee's principles Date: Wed, 1 Jul 2015 05:51:05 -0700 From: Linda Naeun Lee lnl@berkeley.edu To: Tor Project nima@torproject.org
Nima:
Here are notes. And another paper.
http://zesty.ca/pubs/yee-sid-ieeesp2004.pdf
-- Linda Naeun Lee
Graduate Student Researcher Department of Computer Science University of California, Berkeley
----- End forwarded message -----
-- Mike Perry
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev