Another useful resource might be this academic article on "privacy pitfalls" in usable interface design:
http://repository.cmu.edu/cgi/viewcontent.cgi?article=1077&context=hcii On Tue, Nov 3, 2015 at 3:09 PM, Mike Perry <[email protected]> wrote: > Nima sent this to me a while ago and I completely forgot to forward it > on. Note the Google docs and the PDF at the bottom. > > Useful food for though for Tor Messenger, Tor Browser, and other > user-facing stuff. > > ----- Forwarded message from Nima Fatemi <[email protected]> ----- > > Date: Fri, 24 Jul 2015 03:39:31 +0000 > From: Nima Fatemi <[email protected]> > To: Mike Perry <[email protected]> > Subject: UX Principles > > Hi Mike, > > sorry for late email. I was meaning to send you this sooner but I've had > a big pile of email, I had to take care of. > > So the forwarded message below includes an attachment, which is the > Yee's principles and then there's another paper that linda has > mentioned, which is worth reading I think. > > Here's that talk from Google Chrome's Elisabeth Morant that I mentioned > to you: > > > https://news.yahoo.com/video/yahoo-trust-unconference-security-ux-161037378.html > > Here are the slides: > (the good stuff start from page 12) > > > https://docs.google.com/presentation/d/1i2Pwennj8PcsigACPA1oLpRNLd7BVC0oilsgKzAx2sY/edit?pli=1#slide=id.g999beac96_0_0 > > And here are my notes from the talk + my thoughts added to them: > > - 1st principle: Don't annoy users, even with updates. > > - People (even infosec ppl) ignore updates > > - users are often worried that updates would change the interface, it > took them time and energy to get used to current things, they dont want > it to change (even if it's a good change) > > - Enable auto-update by default with an option to opt out > > - Give devs and users tools to time permission requests > - 2nd principle: allow mistakes!!! let them change their settings easily > if they've changed their minds > > - settings windows doing similar thing should look similar and if they > do the exact things, they should look identical. > > - make settings easy to discover > - 3rd principle: combat jerks [malicious-HS_maybe?] > - danger is hard to communicate > - how to tell users about the danger they're facing > - infrastructure for detecting and reacting to badness > - how to do this in a decentralized way?! > - karma! tie user engagement to resource allocation (maybe useful > for > HiddenServices?) (okay, right after writing this sentence, I started a > conversation in #tor-project. see the backlog, you might find it > interesting) > - crowd consent > > Let me know if I can be of any help. > > Bests, > > -- Nima > > -------- Forwarded Message -------- > Subject: Yee's principles > Date: Wed, 1 Jul 2015 05:51:05 -0700 > From: Linda Naeun Lee <[email protected]> > To: Tor Project <[email protected]> > > Nima: > > Here are notes. And another paper. > > http://zesty.ca/pubs/yee-sid-ieeesp2004.pdf > > > -- > Linda Naeun Lee > > Graduate Student Researcher > Department of Computer Science > University of California, Berkeley > > > > > > > > > ----- End forwarded message ----- > > -- > Mike Perry > > _______________________________________________ > tor-dev mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev > > -- /***********************************/ *Greg Norcie ([email protected] <[email protected]>)* *Staff Technologist* *Center for Democracy & Technology* 1634 Eye St NW Suite 1100 Washington DC 20006 (p) 202-637-9800 PGP: http://norcie.com/pgp.txt Fingerprint: 73DF-6710-520F-83FE-03B5 8407-2D0E-ABC3-E1AE-21F1 /***********************************/
_______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
