-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/06/2013 04:29 PM, irfan mir wrote: [snip] > This time, I made quick mock-ups that get the idea across as it > was brought to my attention that in the past others have provided > shiny designs, but not development. That made me feel sad and I > decided I am going to work on the interaction design and > development more than the visual aspects form now on and do as much > as I can and know how to do. > > The mockups and descriptions of what is happening are as follows: > > This is a mockups of the structure of the security setup when it > loads: http://cl.ly/image/0O0d0H3Z2C39 > > I was thinking about changing the questions to ' I know someone > who runs Freenet ' and ' I use full-disk encryption ' to make it > more clear that checking / ticking the checkboxes answers the > questions. What do you think?
Sounds good to me. I appreciate the focus on getting something functional first - it's more immediately useful. This project has lots of ideas - it also needs people that can _implement_ ideas! One thing I wonder about though is if it will be clear that this is a series of questions instead of requirements. > Also, the ' question-mark icon ' in the lower-right corner of the > above mockup provides the user some assistance if they are > confused by the questions. On hover of that question-mark a tooltip > appears explaining that answering these questions allow for the > appropriate security options to be displayed and clicking goes > straight to all the security options. What is your reasoning for single question mark? I would have expected an expandable explanation beneath each question. > If the user leaves both checkboxes unchecked, as far as my > understand goes, they can only have Low Security so that is all > that is offered to them: http://cl.ly/image/2p2r0I0Q191I > > If the user checks one of the boxes, they get more options to > choose from: http://cl.ly/image/3E23290N241R > > If the user checks both boxes, they are presented with all the > options: http://cl.ly/image/1f1O0W3N333H > > And, lastly, upon checking or selecting one of the security > options, in this case ' Low Security ', input-fields appear > underneath for the users to entre their security preferences: > http://cl.ly/image/3J2h0n081732 This looks like asking questions in addition to the security level selection. What I was proposing was asking questions instead of the security level selection. It seems like it would guide someone through the decision process more, and the question explanations should be able to make clear the implications of each choice. - --- 1) I know someone who runs Freenet. If you already know someone who runs Freenet, and are pretty sure they're not malicious or incapable of securing their computer, it's a good idea to connect directly to them as a "friend connection." Using entirely friend connections provides much higher security as it makes it more difficult for malicious people to join the immediate network, and it removes dependence on Freenet Project volunteers' central servers for finding initial connections. (Can in the future offer to take a one-sided invitation from another node or groups of nodes. Is it useful to take noderefs now in that it'll be easier to have the currently installing node operator just have to share their reference?) 2) I am willing to connect to untrusted strangers. If you don't know around three to five people who run Freenet already, it won't be enough to connect only to friends. As a less secure convenience, Freenet Project volunteers run servers which help in gaining initial connections. While convenient for you, it's also convenient for malicious people as they can track activity more easily. (Low or normal network security.) 3) I prefer extreme network security at the expense of even more speed. Freenet shares network information with other computers it connects with to improve performance. Even though this information is limited and almost always safe to share, in extreme cases you may want to not share it to gain more network security at a significant cost in performance. (Maximum network security. Requires #1. How best to show this? Does it appear under #1 only when #1 is checked?) 4) I use full-disk encryption. Network security does not mean that if your computer is taken that your information is protected. Full-disk encryption encrypts all information on your hard disk, including operating system files, and requires that some kind of credentials be provided when the computer is turned on. The Freenet Project strongly recommends you use full-disk encryption, but can provide some encryption of its own. ("None" physical security.) 5) I am very concerned that my computer may be seized. As an extreme measure, Freenet can keep all information in temporary memory (though it cannot guarantee that the operating system will not write it to disk) in the hope that if the computer is turned off any compromising information will be lost. (Maximum physical security.) - --- Are there any more questions that occur to people? I don't think the current questions on physical security are enough, but I'm not sure what else to ask. Maybe radio buttons between different levels of machine seizure concern? Then it needs a mapping from different sets of answers to security settings, but at least it has created what is hopefully a less daunting and more interactive setup. Steve -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJRO/7lAAoJECLJP19KqmFurVsP/2XEHbDHwcNyLepDpRI4WJNX 9o+wjmFejFybfmCcr2BtfTUF9RFvcMoM0BK/nYjEXmASTktdrFNe1ER5S24VAyEk xbAOW0/DpkjWmaPXLbsYp7LsT5DR3ml3a0VFGNW6Da+hMmVVPS+8eGEAd93Y2xnc p1mJO6S3vWVRQayw3KAM6J/Qc2luj6/TSsY61rHNi1oa31rWvGQtW6iqLBVuGFRu uXW06jxcN1svivJbhgcnTAAdEQPj0w2J9YvUlWRO76r0fCCdW4EiGkx1DyhyIMmQ q4A0TUifnvCnxhBVKRMEdee4aUm/UDxJLNozJlf9tSMKuVXMdclnyrp/URroSpqm VM2605dHuTBxoumhJaz7+++CBH1rACY0t5hJC4pomuhHFfRmcUg88LkYK4Nuime5 degvmUM9kRxk6EUCJRzIg+IyRV2ZDoB1mFtpWE89y7rs7EBhbN4BBg+rSn5AS1Sg r28L8wXjT9Te1KWF9RXXnq4wGptwopHvkITCZ9f1obtl0DS4CWtDwpc56QJ2GoYR ymV6mns4Kj9pbmjM3Ij5NAnqure0dLbq+9oaB3Zg8rTkslHiKkI4nulH7aalC2V5 9lSeRkVWeJ+m69ZJk+6f4AGgnuZv50e2dXcZU4tbU+EZwLGcN6frTQdrC+noHUY3 WKZBlbl92VfxHD2mU7UK =TF9i -----END PGP SIGNATURE----- _______________________________________________ Devl mailing list [email protected] https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
