Designing for Trust: User Experience Design + Security
-
Upload
ame-elliott -
Category
Design
-
view
758 -
download
1
Transcript of Designing for Trust: User Experience Design + Security
Designing to Build Trust User Experience Design + SecurityOctober 20, 2015
Ame Elliott@ameellio #UXNight
I’m Ame Elliott from Simply Secure@ameellio
Hello.
Designers Researchers UsersDevelopers
Security’s got to be easy and intuitive or it won’t work
Everyone should be able to communicate securely and privately
Everyone should be able to communicate securely and privately
Everyone should be able to communicate securely and privately
Everyone should be able to communicate securely and privately
Everyone should be able to communicate securely and privately
Designing to Build Trust
Introduction
Why Privacy Matters
Building Better Basics
Exploring New Frontiers
Conclusion
@ameellio #UXNight
Your online behavior leaves traces that can identify you
Your online behavior is monitored
Image: Kajart Studio’s Tor Browser explanation http://www.kajart.com/portfolio/tor-project-educational-animation-english/
Combined with your offline movements and activities, your behavior is tracked
Image: Kajart Studio’s Tor Browser explanation http://www.kajart.com/portfolio/tor-project-educational-animation-english/
Corporations and governments watch our behavior
http://www.kajart.com/portfolio/tor-project-educational-animation-english/
Adults “agree” or “strongly agree” that we should be concerned about the government’s monitoring of phone calls and internet communications.
http://www.pewinternet.org/2014/11/12/public-privacy-perceptions/
Adults “agree” or “strongly agree” that consumers have lost control over how personal information is collected and used by companies
91% 80%
In 2014, governments requested data about
https://govtrequests.facebook.com
99,715accounts
Mike Monteiro, “How Designers Destroyed the World” by Webstock ‘13
https://vimeo.com/68470326
80 million people effected by the Anthem hack, 10s of millions of children http://www.nbcnews.com/business/personal-finance/millions-children-exposed-id-theft-through-anthem-breach-n308116
After a data breach, people have longer lifespans than companies
https://www.schneier.com/blog/archives/2015/02/samsung_televis.html http://motherboard.vice.com/read/looking-up-symptoms-online-these-companies-are-collecting-your-datahttp://www.theregister.co.uk/2015/10/19/bods_brew_ikettle_20_hack_plot_vulnerable_london_pots/
Just don’t talk in front of your TV, look up health info, or drink tea
Let’s make theinternet better
| | H |--->| I | | +---+ +---+
+---+ ^ | G | / +---+ +---+ +---+ +---+ / | F |--->| H |--->| I | ^ / +---+ +---+ +---+
\ / ^ \/ /
+---+ +---+ +---+ +---+ +---+ | F | | G |--->| I |--->| H | | M | +---+ +---+ +---+ +---+ +---+ ^ ^ ^ | / |
+------+ +-----------+ +------+ +---+ | TA W |<------| Bridge CA |-------->| TA X |-->| L | +------+ +-----------+ +------+ +---+ / ^ \ \ v \ v v
+------+ +------+ +---+ +---+ | TA Y | | TA Z | | J | | N | +------+ +------+ +---+ +---+ / \ / \ \ \ v v v v v v
+---+ +---+ +---+ +---+ +---+ +----+ | A | | C | | O | | P | | K | | EE | +---+ +---+ +---+ +---+ +---+ +----+
/ \ / \ / \ \ v v v v v v v
+---+ +---+ +---+ +---+ +---+ +---+ +---+ | B | | C | | A | | B | | Q | | R | | S | +---+ +---+ +---+ +---+ +---+ +---+ +---+
/ \ \ \ \ \ \
| +---+ +---+ | ^ | / | /
+------+ +-----------+ +------+ +---+ +---+ | TA W |<----->| Bridge CA |<------>| TA X |-->| L |-->| M | +------+ +-----------+ +------+ +---+ +---+
^ ^ \ \ / \ \ \ / \ \ \ v v v v +------+ +------+ +---+ +---+ | TA Y | | TA Z | | J | | N | +------+ +------+ +---+ +---+ / \ / \ | | / \ / \ | | / \ / \ v v
v v v v +---+ +----+ +---+ +---+ +---+ +---+ | K | | EE | | A |<--->| C | | O | | P | +---+ +----+
+---+ +---+ +---+ +---+ \ / / \ \ \ / / \ \ \ / v v v
v v +---+ +---+ +---+ +---+ | Q | | R | | S | | B | +---+ +---+ +---+
+---+ | /\ | / \ | v v v
+---+ +---+ +---+ | E | | D | | T | +---+ +---+ +---+
Figure 9 - Four Bridged PKIs
You don’t need to be a cryptographer to work in security
You do need to be human-centered & empathetic
https://www.flickr.com/photos/christopherbrown/10135180454
Be a systems thinker, finding the gaps in service design
The key UX challenge for privacy & security is appropriate complexity
PGP Keys: https://www.usenix.org/legacy/events/sec99/full_papers/whitten/whitten_html/pgp5.gif Enigmail images: https://www.enigmail.net/documentation/keyman.php
PGP email encryption exposes complexity
https://itunes.apple.com/us/app/signal-private-messenger/id874139669
Signal/Text Secure from Open Whisper Systems hide complexity
Designing to Build Trust
Introduction
Why Privacy Matters
Building Better Basics
Exploring New Frontiers
Conclusion
@ameellio #UXNight
M-Lab: Improving network monitoring & threat detection
http://www.measurementlab.net/visualizations
How might we … help more people understand systems & threats?
Conveying trustworthiness:More than lock icons
http://dangrover.com/blog/2014/12/01/chinese-mobile-app-ui-trends.html
How might we … convey more nuanced messaging status with a limited visual vocabulary?
Ashley Madison: Leaky sign-in
http://www.troyhunt.com/2015/07/your-affairs-were-never-discrete-ashley.html
How might we … treat login as an experience flow, not copywriting?
Designing for behavior change: always accept, always ignore
http://www.securityforrealpeople.com/2014/10/the-high-price-of-free-wifi-your-eldest.html
How might we … motivate behavior change to more secure behaviors?
Instead of scolding error messages, Slack uses humor to build trust
How might we … create actionable alerts that increase feelings of confidence?
Designing to Build Trust
Introduction
Why Privacy Matters
Building Better Basics
Exploring New Frontiers
Conclusion
@ameellio #UXNight
37http://www.theregister.co.uk/2015/10/19/bods_brew_ikettle_20_hack_plot_vulnerable_london_pots/
iKettle hack proves wifi vulnerability #IoT #securityfail
How might we …empower product designers to make good security decisions?
39
Profile management off the screen: Netflix vs Nest
https://www.flickr.com/photos/nest/6264860345/
How might we …help people understand when their profile data is being accessed?
https://www.google.com/landing/2step/
Mind the gaps between apps & between apps & operating system
How might we …create smooth seams between apps ?
Designing to Build Trust
Introduction
Why Privacy Matters
Building Better Basics
Exploring New Frontiers
Conclusion
@ameellio #UXNight
Let’s make theinternet better
Privacy matters
Build better basics
http://www.troyhunt.com/2015/07/your-affairs-were-never-discrete-ashley.html
Explore new frontiers
How might we …create smooth seams between experiences?
Get involved with Simply Secure
Follow @simplysecureorg on Twitter
Email [email protected] to request access to our Slack (UX, security, privacy)
Share your work
Become a peer reviewer or mentor
@ameellio #UXNight
https://www.flickr.com/photos/_chrisuk/7589374306
Get involved
Follow @simplysecureorg on Twitter
Email [email protected] to request access to our Slack (UX, security, privacy)
Share your work
Become a peer reviewer or mentor
@ameellio #UXNight