UI and Usability Jam Sessions
Need help with your user interfaces, websites, branding, or other user-facing aspect of your work? Want to do a user study? Need to get feedback on your UI's latest color scheme? Trying to prioritize a bunch of user features? Struggling to get feedback from your users? Just want to walk through your interface with a designer or usability pro? Sign up for a 30 minute session and let's talk. The target audiences for this session are 1) developers interested in design/usability wanting targeted guidance on their work and 2) designers/researchers wanting to learn from each other best practices in design to support internet freedom. The goals are to have the projects that sign up get real time advice during their session on their projects' specific needs that takes into account their time and resource constraints. We hope that participants leave the sessions with ideas for additional resources to explore. For interested participants, we plan to carry the conversations beyond the festival and establish a peer network of people interested in supporting each other after IFF. Global participants can check in with each other to report back on the lessons from their user studies, changes they've made and challenges they're facing. We are a group of 4 designers and researchers, and, depending on demand, will expand to include more people. The core team has expertise in international and multi-lingual user testing, expert walk throughs, open-source development practices, mobile interaction design, website usability, and content writing/English language wording. More than expert advice, this is about building a community of people working to improve the design and usability of internet freedom tools.
|UI and Usability Jam Sessions|
|Presenter/s||Ame Elliott, Susan Farrell, Bernard Tyers, Brennan Novak,|
|Organization||Simply Secure, 3 independent user experience researchers/designers|
|Bio/s||Ame Elliott joined Simply Secure after eight years at IDEO San Francisco, where she led the discipline of Design Research and delivered human-centered tech strategy projects for clients such as Acer, Ericsson, and Samsung. Prior to IDEO, she was a research scientist at Xerox PARC, and at Ricoh Innovations. She earned a Ph.D. from the University of California, Berkeley for her work creating hybrid physical-digital interactions to support the architectural design process. Ame holds eight patents and is the author of numerous publications including a chapter in the Oxford Handbook of Internet Psychology. Her design work has been included in the Cooper-Hewitt Smithsonian Design Museum and recognized with awards from the AIGA, IDSA/IDEA, the Edison Awards, and the Webby Awards.|
Co-design Session with Simply Secure & Gridsync
Discussion of the Gridsync app, personas appropriate to it, its current state, and desired features for the future.
Presenters: Gus Andrews (Simply Secure) and Chris Wood (Gridsync)
User Personas (SecondMuse):
SecondMuse presents personas representing LGBT activists in Uganda and journalists in Tunisia
‘James’ - LGBT activist in Uganda, intake manager for NGO offering services to LGBT youth
- Can’t reveal identity or openly promote LGBT rights or membership in that community (either self or outwardly identified as)
- Uses analog phone, smart phone, laptop; multiple Facebook profiles, WhatsApp is ‘safest’
‘Nour’ - independent Tunisian blogger, inspired by revolution
- Concerned with getting caught by the police
- Online activity may be under surveillance, Facebook page has been hacked
- Deletes Facebook message history, arranges face-to-face meeting, changes password regularly
(Note from SecondMuse: this is based on session needs from a bigger body of work. More in depth can be found at: http://internetfreedom.secondmuse.com/)
Discussion of situation in Zimbabwe
LGBT in Zimbabwe
- Not strictly illegal, but perceived as such due to vocal efforts (from president, etc.) against the LGBT community
- Not illegal, but very vocal president against community therefore perceived as ‘illegal’
Risk of ‘exposure’ when photos, data, messages are stolen and leaked to the public
Journalists in Zimbabwe
- Working toward 2018 election
- Current president is a "life" president ("he’s 92 and his wife is currently working to become next president")
- No device to allow journalists, etc. to take a photo, store it securely, then upload it later, safely.
- Challenges are very similar to that of James and those already discussed
- In place of WhatsApp, we are using Telegram because it is ‘more secure’
- There is a challenge in terms of you are limited to use the tools that those in your social network are using
- We also have an issue of devices, we are still heavily dependent on SMS
Problems with current apps
- Most of the current apps - 100% - depend on the internet. That doesn’t work in many situations
- Perception when things are developed by Westerners there’s a lack of trust.
- Also perceived that anti-virus and other apps slow down your system
- Need to design for SMS style communications - can’t count on future technology coming soon
- Cost is very prohibitive in terms of sending text, access to data, etc.
- Endpoint security is your laptop but if laptop is not secure, it doesn’t matter what encryption you use. Phones are NOT secure point blank.
- Freedom phone allows to call in to document and share information
- Frontline SMS (currently putting things in bundles, e.g., pay $3 for unlimited WhatsApp, Facebook, Twitter, but not unlimited access to Internet)
- Trainers want to push Signal Private Messenger
Gridsync overview (Chris)
Slides/screenshots available at https://github.com/gridsync/gridsync/
Gridsync: What is it?
- A cross-platform GUI for Tahoe-LAFS – the Least Authority File Store
- Comparative to: Dropbox, BitTorrent Sync, Google Drive, Seafile, SparkleShare
- Goal: To make secure, distributed “cloud” storage easy and accessible for non-technical users
- A secure, decentralized data store
- Designed under the “Principle of Least Authority” (each part of the system need only operate with the least amount of privileged necessary to accomplish a given task)
- “Provider-independent” security
- Erasure coding for fault-tolerance (i.e., configurable levels of redundancy)
- Cryptographic capabilities for granular access control (e.g., separate keys/'capabilities' for read/write access, individual files files/directories; can 'diminish' a capability to, e.g., provide read-only access)
- “Magic Folders” (forthcoming) – folder sync
- Typical usage: friends pooling together storage resources to form a storage "grid"
(Discussion: Strive to remove single points of failures; if keys are on the laptop and it is stolen, it’s no longer secure)
Tahoe-LAFS: Usability issues
- Command-line interface
- No native/standalone packages on OS X or Windows (user must install python, a compiler, build from source)
- Manual configuration required (i.e., hand-editing text files)
- Highly technical documentation
(See Gus' critique of Tahoe-LAFS and the CLI in general: http://gandre.ws/blog/blog/2015/04/07/why-the-command-line-is-not-usable/)
Gridsync's operating principles:
- No command-line; provide a GUI
- No manual compilation; provide native packages with all dependencies included
- No hand editing text files; guide the user through configuration
- No technical documentation; make functionality self-evident or "speak the user's language"
Gridsync development Choices:
- Language: Python
- Used by Tahoe-LAFS
- Relatively easy to learn, strong community
- Memory safe
- Graphical toolkit: Qt
- Well-supported on all desktop platforms (including mobile)
- Emulates underlying platform widgets to provide “native” look & feel
- Scales with high-resolution (“retina”) displays
- Excellent documentation
- Provides drag & drop tools for rapidly prototyping interfaces (Qt Designer)
(Aside: Chris doesn't want a Web UI; the browser does too much; risk of cross-site scripting attacks; caps stored in browser history; we can't ensure the user doesn't have malicious browser addons installed, etc.)
Gridsync: current status
- Experimental/"alpha" (do not use!)
- What's done / mostly working:
- Native packaging (.dmg/.app for OS X, .exe for Windows) with all dependencies included, including Tahoe-LAFS
- Simple installation (“Drag Gridsync.app into your Applications folder”) and running (“Double-click Gridsync.exe”)
- Basic setup wizard with pre-configured storage providers
- Simple automated backups/snapshots
- Desktop notifications
- Semi-reproducible builds (python bits only)
Gridsync: UI/UX that's missing/needed:
- Managing (adding, removing) storage grids
- Managing (adding, removing) folders
- Sharing and accepting folder invites (including revocation)
- Status updates (sync progress, ‘shares’ map)
- Browsing file history/snapshots(?)
(Discussion: we can't guarantee security of files if client device/endpoint (e.g., laptop) device is not secure -- e.g., shared laptops, keyloggers, etc. Revocation of access is a problem that needs to be discussed further..)
Design session / Assumption worksheet responses
"I believe GridSync users have a need to…"
- Upload from mobile devices
- Delete the sent file from their mobile immediately on upload
- Access their content when they need it, from multiple devices
- Conflict: Organizations may have a need to manage access permissions, but one participant felt that GridSync should "manage files w/o administrators and unfair power hierarchies"
- "Access files across multiple devices."
- "Document store, share about human rights abuses safely via SMS -> can be jailed just for having info on LGBT"
- "Share and access information agnostic of having their own devices without fear of harm (specifically not having content on their own device)"
- "1) Have access to their data when they need it, 2) Privacy"
- "Manage files w/o administrators and unfair power hierarchies"
- "Store and share files securely and easily"
- "Share files safely"
- "Share documents safely"
"These needs can be solved by…"
- A minimal smartphone interface or MMS-to-Tahoe-LAFS support for feature phones
- Automatic backup of all files to the grid
- Improving usability
- Encouraging organizations to donate storage capability
- "Creating a minimal mobile interface."
- "Generation of files via SMS"
- "Immediately being able to sync data on devices (especially phone), back-up is automatic, tagging specific content that is backed-up vs other content you have"
- "Having a common repository (encrypted) both offline & online"
- "Creating a user-friendly, yet secure application"
- "Being attentive to usability problems, encouraging organizations to donate storage"
- "1) Striping and re-distrubution -- like RAID, 2) Encryption"
- "No power hierarchy, no admin, no single point of failure."
"The #1 benefit users will get out of GridSync is…"
- Secure, redundant storage, independent of provider, which can't be traced back to a contributor
- "1) Secure storage and 2) collaboration"
- "Security -- Privacy"
- "Secure storage that can't be traced back to them"
- "Provider independent storage"
- Keys per file
"Additional benefits will include…"
- "Collaboration and managing who has access, including granting different levels of access of certain files & folders"
- "Cost, reliability"
- "Simplicity, usability, access from various devices"
- "Peace of mind"
- "Network management capability"
- "Ciphertext storage, high availability"
"GridSync's initial users will be…"
- Human rights workers, journalists, activists
- "Human rights workers"
- "HR focused journalists -> with large content files like photos & video (but this needs to support mobile)"
- "Anyone in need of simple, safe sharing (journals, human rights activists)"
- "Anyone who needs the above mentioned items, i.e., journalists, human rights defenders, activists, power users)"
- "Security aware users, human rights defenders"
- "Anyone with their own laptop/desktop computer"
- "People with a higher need for safety"
(Discussion: Gus suggests reading Diffusion of Innovations (or the Cliff's Notes, aka The Tipping Point) to understand how later adopters observe early adopters to decide if they should use a technology.)
"We will reach them through…"
- Reaching out to NGOs, local trainers, and internet freedom advocacy groups
- Social media
- "Outreach directly to allies like providers, NGOs, etc."
- "Local trainers -> focused on journalists. Maybe partner with WITNESS or other groups that advise?"
- "Internet freedom advocacy groups."
- "Internet freedom loving organizations already working in their communities"
- "Internet freedom community"
- "Word-of-mouth via supporters, social media"
- "Email, phone, in person"
- "Social media, mailing lists"
(Discussion: notice that there is work associated with outreach; this doesn’t JUST HAPPEN on its own)
"The people we expect will observe and follow our initial users in their communities will be…"
- Populations who human rights workers work with
- Activists and student unions
- "Populations that human rights workers work with, trainers/introducers"
- "Trainers or advocacy groups."
- "Human rights defenders, activists, student unions (power users)"
- "Mainstream journalists and other amateur freelancers beginning to cover conflict regions and others starting to work on HR (direct beneficiaries)"
- "Internet activists, tech-oriented friends of power users"
- "Direct beneficiaries of human rights program, people who see success with others and try it themselves"
- "Those who find such a sharing app useful but don't have the same level of security needs as oppressed groups or individuals"
"GridSync's primary competition will be…"
- Dropbox, Box, Google Drive, and other commercially-available cloud services
- USB and external drives
- "Dropbox, Google Drive, USB keys, external hard drives"
- "Google Drive"
- "Existing clouds, Microsoft One"
- "Probably not Box, Dropbox, but other smaller apps w/o all the enterprise features"
- "Dropbox doesn't provide end2end crypto."
- "Dropbox, Google Drive, Box, Sparkleshare, Seafile, Syncthing, Maidsafe, Ethereum, Storj"
(Discussion: In Zimbabwe, we are trying to demystify bitcoin; still conceived as financial. perhaps look at mobile money because people already trust and are confident)
"We will ensure users use GridSync instead by…"
- Direct outreach through NGOs and trainers
- Ensuring it is available across commonly-used devices
- Clearly outlining what GridSync does and its advantages
- "Direct outreach to NGOs"
- "Recommending it in digital security training"
- "Ensuring ease of use cross-device & confidence in searching for the application"
- "Help them understand how this is secure by not being on their device"
- "More awareness, clearing outlining advantages"
- "Advocating for encryption"
- "Emphasizing the importance of privacy, crypto"
"GridSync's biggest risk of failure is…"
- Failure to achieve a critical mass of users because of:
- Not supporting mobile
- Not understanding what users are already doing to share files
- Not understanding real threat models
- Unusable design
- Failure of storage grid or neglect of code
- "Defining its user base narrowly"
- "Not supporting mobile or what populations are using to capture & share info"
- "Technical expertise needed to use it"
- "User resistance; not wanting to use something new"
- "Lack of critical mass of users"
- "Neglect of code, lack of adoption"
- "Technical design not matching threat models. Storage grid failure"
"GridSync can solve this through…"
- Listening to users who have real needs for this tool
- Designing simple UI that meets those needs, particularly for mobile
- Attracting additional contributors to and funding for the codebase
- Clear communication in scenarios when the grid fails
- "Looking into simple ways that phones can start to integrate with the storage system and then eventually develop a more robust app experience"
- "Careful attention to UX at each point in experience"
- "Simplicity of UX"
- "Developing based on conversations with human rights workers"
- "Engaging w/ user populations that are very much in need"
- "Awareness of user"
- "Attracting additional contributors and users. Funding"
- "Highly available storage, clear communication of failure scenarios"
"What other things are we assuming that, if proved false, will cause this project to fail?"
- GridSync is built for constant, high-bandwidth internet availability
- It is not a priority to resolve file conflicts
- Organizations will not want to have administrators
- Users have high awareness of security issues, and a high level of skill
- Common problems like key loss or poor availability may lead users to abandon the service
- The developers currently understand users' threat model
- "Dependence on internet or uses high bandwidth"
- "Misunderstanding user journey / user needs, also level of user expertise"
- "Conflict resolution is not a priority; desktop is primary; admins should be avoided"
- "Designing for early adopters and power users won't necessarily translate to broader population"
- "There's enough info about what Gridsync can and can't do so some can make their own decisions about using it, there's critical mass that cares about security, nodes are always trusted users, focus on desktop"
- "Users encrypt their data; users care about security"
- "Threat model mismatch is a serious concern"
- "Common pitfalls (e.g., key loss, poor availability of storage servers) may lead to bad reputation"
"We will know GridSync has succeeded when we see…"
- "Amnesty International relying on it, UN relying on it"
- "it being used in developing countries :-)"
- "High risk people use it w/o failure paths. Much adoption by average users"
- "Exponential uptake of the service"
- "Average users are using the app confidently (confident in using it and its security)"
- "Widespread adoption or a single 'success' story that couldn't have done without"
- "Referenced in major publications, others building addons to Gridsync"
- "Growth of development team"