-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello nice Tor people,
I thought I'd bump this up again, just in case people missed it :) I am looking to volunteer my time to do some research as part of my HCI masters on a subject that Tor people think is important. For any people interested in humans and security, there is a nice video from a user researcher at Mozilla talking about how security matters to "normal" people (not security people). It brought up a lot of questions for me. https://air.mozilla.org/meaningful-security/ If anyone is even *remotely* interested, please let me know. My offer is genuine, but my time is running out! thanks, Bernard (bluboxthief on #tor / #ooni) On 9 Apr 2013, at 12:44, Bernard Tyers - ei8fdb wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello nice Tor people, > > [I've spoken with Runa about this and she suggested me to send this to the > dev list. If it should belong somewhere else, just let me know. Thanks Runa.] > > Tl;dr: 6 months worth of a reasonably security/privacy/encryption savvy HCI > researchers time to carry out a MSc dissertation about usability of security > software, and the effect their UIs have on peoples idea of how they work. > > (You may see this e-mail on a number of lists,I'm mailing each list > individually.) > > Seeing as I am going to be asking for a favour, I should give some > information about me. > > My background is: electronics engineering, network and systems admin, then > telecoms engineer (mobile networks). I'm not a coding/security/crypto bod, > but security has been part of the past 10 years+ of my work that I can > understand some and know where to find/who to ask for the answers for the > other. > > My interest is: HCISEC - Human Computer Interaction in security technology. > Security, privacy, encryption tools and why people, who should use them, do > not use them. > > I define a "people who should use them" as human rights activists, > investigative journalists, people in countries whose government are > oppressive. > > I define "security, privacy, encryption tools" as "Tor, TBB, Orweb, Orbot, > PGP, Redphone, TextSecure, Pixelknot, Silent Circle, Tails, and other tools I > don't yet know about. > > > My focus is not with security professionals/experts, technical people who > can understand the limitations of these tools, threats they defend against. > These users have the technical knowledge and understanding of computing > concepts, and threat models, etc which allow them to make a more educated > decision. > > > I am doing a masters in human computer systems, and it's coming to the time > to start planning my dissertation. My chosen topic (very generally) is: > "Usable security and its impact on mental models and trust." Over the next > few weeks I want to focus this better. > > (If you're familiar with the concept, or are not interested, just skip this.) > > A mental model is a "small scale model of reality" humans create to use to > reason, to anticipate events, and to reenforce explanation. Based on the > users understanding of a software interface, they will construct an idea of > what is happening in an application. > If a user creates a number of mental models because a software interface > gives different/wrong/conflicting information, this causes the user to be > confused, as as result, they will make incorrect decisions, and possibly stop > using the software. Given the scenarios where these tools are used, making > mistakes, having a false sense of security, or not using them, can be > dangerous. > > There is a lot of research in trust and confidence in recommender systems, > transparency in system status, credibility of information provided in user > interface, but (from what I've found so far) not much specifically to do with > security and privacy tools. > > > So to my request: I have 6 months (beginning from May) to carry out a hcisec > human factors focused project. There have been usability evaluations of Tor > carried out already, and I was looking for other areas to focus on. > > I can find a subject myself, but I would like to do some work on an area that > could lead to some useful research/provide input to making these tools > better, from a user point of view. Is there a question you'd love to see > answered? Is there some area of a tool that needs some research? > > I will also be looking for participants to take part in research - again I am > very conscience of the scenarios where these tools are used, and the need to > maintain anonymity and privacy. I will be anonymising all research, asking > for the minimum information and am happy to carry out communications via > secure communications tools. I would appreciate support from users of > security and privacy tools. > > At the end, all research will be released and available for use by the > security community if required. > > At the risk of teaching you to suck eggs, if you are interested in learning > more, I can recommend the "Security and Usability: Designing Secure Systems > that People Can Use" book by Lorrie Faith Crannor and also the SOUPS > Conference (http://cups.cs.cmu.edu/soups/2013/). > > I look forward to some feedback (on or off list). > > thanks, > Bernard > > > - -------------------------------------- > Bernard / bluboxthief / ei8fdb > > IO91XM / www.ei8fdb.org > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.17 (Darwin) > Comment: GPGTools - http://gpgtools.org > > iQEcBAEBAgAGBQJRY/8bAAoJENsz1IO7MIrrM4AIALW27F757Fn4Jgy3pk0ZX4PQ > yl4ToEyJcFmZcKNjlejuTAeeVc00UGLlJRNTPuGT1WAUwt7JhgCYX8p9/YwgA4Pm > 1AU6tCHcg9LBpc8ca+0lqBvCh/ZmVf5zTTEVjlXyylrUpqdlR67QemkpyjN0sUJW > V7PGPxig2Y3opdVzWZRrmvhLsJf7qN2mAxLUyzSS44nInqpS9+Db1MsDLpI5mof5 > ze/FUKV3eTiTzJJ1qLMXbo8VbJvpZO3HgeUFwZH7btbUZQszwrifWupuZefqtro5 > nyCNFnUcQ6fyxMOnRLPAji2eAe/fBasQ9h5pCiYVScclddWe1VWhf4poyjVHv9U= > =Sak4 > -----END PGP SIGNATURE----- > _______________________________________________ > tor-dev mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev - -------------------------------------- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRelw0AAoJENsz1IO7MIrru/gH/RMJV8O5lsPUrrP2S3gwekSa N8uOoWVisvwRg7elxMXfBmRCRlGQqYh33e5DMzwY+TQ+4SZDI6uaUQzlzP7M97YF ZMvdruUCWzxahfkuXWgs1Qx4vA5XpfihjyOHMZcLmB3uvznmNrCygAgghjLaxJ85 rKeyB+KYg5V6ItmHpicmVd2HqjqN1rCTDoMbsOn2xRclHLk8g1OFHPtMtZbKeCf1 OI0kL6f+cQR2K2ktsCkpHE9mBV3LEKRu2mGj5pUsS7F6wWslttEl+PvsczAfYN4f lG45SZtzNg+2Xg3+al/VcKLCpzwnqtlfMjhSXxVfXXty49CXZlY+63KVQ/XJr6o= =Dhr8 -----END PGP SIGNATURE----- _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
