designing for trust: user experience design + security
TRANSCRIPT
![Page 1: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/1.jpg)
Designing to Build Trust User Experience Design + SecurityOctober 20, 2015
Ame Elliott@ameellio #UXNight
![Page 2: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/2.jpg)
I’m Ame Elliott from Simply Secure@ameellio
Hello.
![Page 3: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/3.jpg)
Designers Researchers UsersDevelopers
![Page 4: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/4.jpg)
Security’s got to be easy and intuitive or it won’t work
![Page 5: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/5.jpg)
Everyone should be able to communicate securely and privately
![Page 6: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/6.jpg)
Everyone should be able to communicate securely and privately
![Page 7: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/7.jpg)
Everyone should be able to communicate securely and privately
Everyone should be able to communicate securely and privately
![Page 8: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/8.jpg)
Everyone should be able to communicate securely and privately
![Page 9: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/9.jpg)
Designing to Build Trust
Introduction
Why Privacy Matters
Building Better Basics
Exploring New Frontiers
Conclusion
@ameellio #UXNight
![Page 10: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/10.jpg)
Your online behavior leaves traces that can identify you
Your online behavior is monitored
Image: Kajart Studio’s Tor Browser explanation http://www.kajart.com/portfolio/tor-project-educational-animation-english/
![Page 11: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/11.jpg)
Combined with your offline movements and activities, your behavior is tracked
Image: Kajart Studio’s Tor Browser explanation http://www.kajart.com/portfolio/tor-project-educational-animation-english/
![Page 12: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/12.jpg)
Corporations and governments watch our behavior
http://www.kajart.com/portfolio/tor-project-educational-animation-english/
![Page 13: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/13.jpg)
Adults “agree” or “strongly agree” that we should be concerned about the government’s monitoring of phone calls and internet communications.
http://www.pewinternet.org/2014/11/12/public-privacy-perceptions/
Adults “agree” or “strongly agree” that consumers have lost control over how personal information is collected and used by companies
91% 80%
![Page 14: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/14.jpg)
In 2014, governments requested data about
https://govtrequests.facebook.com
99,715accounts
![Page 15: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/15.jpg)
Mike Monteiro, “How Designers Destroyed the World” by Webstock ‘13
https://vimeo.com/68470326
![Page 16: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/16.jpg)
80 million people effected by the Anthem hack, 10s of millions of children http://www.nbcnews.com/business/personal-finance/millions-children-exposed-id-theft-through-anthem-breach-n308116
After a data breach, people have longer lifespans than companies
![Page 17: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/17.jpg)
https://www.schneier.com/blog/archives/2015/02/samsung_televis.html http://motherboard.vice.com/read/looking-up-symptoms-online-these-companies-are-collecting-your-datahttp://www.theregister.co.uk/2015/10/19/bods_brew_ikettle_20_hack_plot_vulnerable_london_pots/
Just don’t talk in front of your TV, look up health info, or drink tea
![Page 18: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/18.jpg)
Let’s make theinternet better
![Page 19: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/19.jpg)
| | H |--->| I | | +---+ +---+
+---+ ^ | G | / +---+ +---+ +---+ +---+ / | F |--->| H |--->| I | ^ / +---+ +---+ +---+
\ / ^ \/ /
+---+ +---+ +---+ +---+ +---+ | F | | G |--->| I |--->| H | | M | +---+ +---+ +---+ +---+ +---+ ^ ^ ^ | / |
+------+ +-----------+ +------+ +---+ | TA W |<------| Bridge CA |-------->| TA X |-->| L | +------+ +-----------+ +------+ +---+ / ^ \ \ v \ v v
+------+ +------+ +---+ +---+ | TA Y | | TA Z | | J | | N | +------+ +------+ +---+ +---+ / \ / \ \ \ v v v v v v
+---+ +---+ +---+ +---+ +---+ +----+ | A | | C | | O | | P | | K | | EE | +---+ +---+ +---+ +---+ +---+ +----+
/ \ / \ / \ \ v v v v v v v
+---+ +---+ +---+ +---+ +---+ +---+ +---+ | B | | C | | A | | B | | Q | | R | | S | +---+ +---+ +---+ +---+ +---+ +---+ +---+
/ \ \ \ \ \ \
| +---+ +---+ | ^ | / | /
+------+ +-----------+ +------+ +---+ +---+ | TA W |<----->| Bridge CA |<------>| TA X |-->| L |-->| M | +------+ +-----------+ +------+ +---+ +---+
^ ^ \ \ / \ \ \ / \ \ \ v v v v +------+ +------+ +---+ +---+ | TA Y | | TA Z | | J | | N | +------+ +------+ +---+ +---+ / \ / \ | | / \ / \ | | / \ / \ v v
v v v v +---+ +----+ +---+ +---+ +---+ +---+ | K | | EE | | A |<--->| C | | O | | P | +---+ +----+
+---+ +---+ +---+ +---+ \ / / \ \ \ / / \ \ \ / v v v
v v +---+ +---+ +---+ +---+ | Q | | R | | S | | B | +---+ +---+ +---+
+---+ | /\ | / \ | v v v
+---+ +---+ +---+ | E | | D | | T | +---+ +---+ +---+
Figure 9 - Four Bridged PKIs
You don’t need to be a cryptographer to work in security
![Page 20: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/20.jpg)
You do need to be human-centered & empathetic
![Page 21: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/21.jpg)
https://www.flickr.com/photos/christopherbrown/10135180454
Be a systems thinker, finding the gaps in service design
![Page 22: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/22.jpg)
The key UX challenge for privacy & security is appropriate complexity
![Page 23: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/23.jpg)
PGP Keys: https://www.usenix.org/legacy/events/sec99/full_papers/whitten/whitten_html/pgp5.gif Enigmail images: https://www.enigmail.net/documentation/keyman.php
PGP email encryption exposes complexity
![Page 24: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/24.jpg)
https://itunes.apple.com/us/app/signal-private-messenger/id874139669
Signal/Text Secure from Open Whisper Systems hide complexity
![Page 25: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/25.jpg)
Designing to Build Trust
Introduction
Why Privacy Matters
Building Better Basics
Exploring New Frontiers
Conclusion
@ameellio #UXNight
![Page 26: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/26.jpg)
M-Lab: Improving network monitoring & threat detection
http://www.measurementlab.net/visualizations
![Page 27: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/27.jpg)
How might we … help more people understand systems & threats?
![Page 28: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/28.jpg)
Conveying trustworthiness:More than lock icons
http://dangrover.com/blog/2014/12/01/chinese-mobile-app-ui-trends.html
![Page 29: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/29.jpg)
How might we … convey more nuanced messaging status with a limited visual vocabulary?
![Page 30: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/30.jpg)
Ashley Madison: Leaky sign-in
http://www.troyhunt.com/2015/07/your-affairs-were-never-discrete-ashley.html
![Page 31: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/31.jpg)
How might we … treat login as an experience flow, not copywriting?
![Page 32: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/32.jpg)
Designing for behavior change: always accept, always ignore
http://www.securityforrealpeople.com/2014/10/the-high-price-of-free-wifi-your-eldest.html
![Page 33: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/33.jpg)
How might we … motivate behavior change to more secure behaviors?
![Page 34: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/34.jpg)
Instead of scolding error messages, Slack uses humor to build trust
![Page 35: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/35.jpg)
How might we … create actionable alerts that increase feelings of confidence?
![Page 36: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/36.jpg)
Designing to Build Trust
Introduction
Why Privacy Matters
Building Better Basics
Exploring New Frontiers
Conclusion
@ameellio #UXNight
![Page 37: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/37.jpg)
37http://www.theregister.co.uk/2015/10/19/bods_brew_ikettle_20_hack_plot_vulnerable_london_pots/
iKettle hack proves wifi vulnerability #IoT #securityfail
![Page 38: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/38.jpg)
How might we …empower product designers to make good security decisions?
![Page 39: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/39.jpg)
39
Profile management off the screen: Netflix vs Nest
https://www.flickr.com/photos/nest/6264860345/
![Page 40: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/40.jpg)
How might we …help people understand when their profile data is being accessed?
![Page 43: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/43.jpg)
Mind the gaps between apps & between apps & operating system
![Page 44: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/44.jpg)
How might we …create smooth seams between apps ?
![Page 45: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/45.jpg)
Designing to Build Trust
Introduction
Why Privacy Matters
Building Better Basics
Exploring New Frontiers
Conclusion
@ameellio #UXNight
![Page 46: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/46.jpg)
Let’s make theinternet better
![Page 47: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/47.jpg)
Privacy matters
![Page 48: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/48.jpg)
Build better basics
http://www.troyhunt.com/2015/07/your-affairs-were-never-discrete-ashley.html
![Page 49: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/49.jpg)
Explore new frontiers
![Page 50: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/50.jpg)
How might we …create smooth seams between experiences?
![Page 51: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/51.jpg)
Get involved with Simply Secure
Follow @simplysecureorg on Twitter
Email [email protected] to request access to our Slack (UX, security, privacy)
Share your work
Become a peer reviewer or mentor
@ameellio #UXNight
![Page 54: Designing for Trust: User Experience Design + Security](https://reader030.vdocuments.mx/reader030/viewer/2022020410/58708bca1a28ab412b8b45cd/html5/thumbnails/54.jpg)
Get involved
Follow @simplysecureorg on Twitter
Email [email protected] to request access to our Slack (UX, security, privacy)
Share your work
Become a peer reviewer or mentor
@ameellio #UXNight