Embed Size (px)
Citation preview
UX for Security: Power of Design
Ame Elliott @ameellio #oreillydesign
January 22, 2016
I’m Ame Elliott from Simply Secure@ameellio
Hello.
DESIGNERS DEVELOPERS RESEARCHERS USERS
Security’s got to be easy and intuitive or it won’t work
Everyone should be able to communicate securely and privately
Everyone should be able to communicate securely and privately
Everyone should be able to communicate securely and privately
Everyone should be able to communicate securely and privately
UX for Security: The Power of Design
Introduction
Why Privacy Matters
Building Better Basics
Exploring New Frontiers
Conclusion
@ameellio #oreillydesign
Your online behavior is monitored
Image: Kajart Studio’s Tor Browser explanation http://www.kajart.com/portfolio/tor-project-educational-animation-english/
Combined with your offline movements and activities, your behavior is tracked Image: Kajart Studio’s Tor Browser explanation
http://www.kajart.com/portfolio/tor-project-educational-animation-english/
Corporations and governments watch our behavior
http://www.kajart.com/portfolio/tor-project-educational-animation-english/
Adults “agree” or “strongly agree” that we should be concerned about the government’s monitoring of phone calls and internet communications.
http://www.pewinternet.org/2014/11/12/public-privacy-perceptions/
Adults “agree” or “strongly agree” that consumers have lost control over how personal information is collected and used by companies
91% 80%
Mike Monteiro, “How Designers Destroyed the World” by Webstock ‘13
https://vimeo.com/68470326
80 million people effected by the Anthem hack, 10s of millions of children http://www.nbcnews.com/business/personal-finance/millions-children-exposed-id-theft-through-anthem-breach-n308116
After a data breach, people have longer lifespans than identity theft companies
https://www.schneier.com/blog/archives/2015/02/samsung_televis.html http://motherboard.vice.com/read/looking-up-symptoms-online-these-companies-are-collecting-your-data http://www.theregister.co.uk/2015/10/19/bods_brew_ikettle_20_hack_plot_vulnerable_london_pots/
Just don’t talk in front of your TV, look up health info, or drink tea
Let’s make theinternet better
| +---+ +---+ | | H |--->| I | | +---+ +---+
+---+ ^ | G | / +---+ +---+ +---+ +---+ / | F |--->| H |--->| I | ^ / +---+ +---+ +---+
\ / ^ \/ /
+---+ +---+ +---+ +---+ +---+ | F | | G |--->| I |--->| H | | M | +---+ +---+ +---+ +---+ +---+ ^ ^ ^ | / | +------+ +-----------+ +------+ +---+ | TA W |<------| Bridge CA |-------->| TA X |-->| L | +------+ +-----------+ +------+ +---+ / ^ \ \ v \ v v
+------+ +------+ +---+ +---+ | TA Y | | TA Z | | J | | N | +------+ +------+ +---+ +---+ / \ / \ \ \ v v v v v v +---+ +---+ +---+ +---+ +---+ +----+ | A | | C | | O | | P | | K | | EE | +---+ +---+ +---+ +---+ +---+ +----+
/ \ / \ / \ \ v v v v v v v +---+ +---+ +---+ +---+ +---+ +---+ +---+ | B | | C | | A | | B | | Q | | R | | S | +---+ +---+ +---+ +---+ +---+ +---+ +---+
/ \ \ \ \ \ \ v v v v v v v
+---+ +---+ +---+ +---+ +---+ +---+ +---+
| | G |--->| I | | +---+ +---+
| ^ | / | /
+------+ +-----------+ +------+ +---+ +---+ | TA W |<----->| Bridge CA |<------>| TA X |-->| L |-->| M | +------+ +-----------+ +------+ +---+ +---+
^ ^ \ \ / \ \ \ / \ \ \ v v v v +------+ +------+ +---+ +---+ | TA Y | | TA Z | | J | | N | +------+ +------+ +---+ +---+ / \ / \ | | / \ / \ | | / \ / \ v v
v v v v +---+ +----+ +---+ +---+ +---+ +---+ | K | | EE | | A |<--->| C | | O | | P | +---+ +----+
+---+ +---+ +---+ +---+ \ / / \ \ \ / / \ \ \ / v v v
v v +---+ +---+ +---+ +---+ | Q | | R | | S | | B | +---+ +---+ +---+
+---+ | /\ | / \ | v v v
+---+ +---+ +---+ | E | | D | | T | +---+ +---+ +---+
Figure 9 - Four Bridged PKIs
You don’t need to be a cryptographer to work in security
You do need to be human-centered & empathetic
https://www.flickr.com/photos/christopherbrown/10135180454
Be a systems thinker, finding the gaps in service design
The key UX challenge for privacy & security is appropriate complexity
PGP Keys: https://www.usenix.org/legacy/events/sec99/full_papers/whitten/whitten_html/pgp5.gif Enigmail images: https://www.enigmail.net/documentation/keyman.php
PGP email encryption exposes complexity
https://itunes.apple.com/us/app/signal-private-messenger/id874139669
Signal from Open Whisper Systems hide complexity
UX for Security: The Power of Design
Introduction
Why Privacy Matters
Building Better Basics
Exploring New Frontiers
Conclusion
@ameellio #oreillydesign
M-Lab: Improving network monitoring & threat detection
http://www.measurementlab.net/visualizations
How might we … help more people understand systems & threats?
Conveying trustworthiness:More than lock icons
http://dangrover.com/blog/2014/12/01/chinese-mobile-app-ui-trends.html
How might we … convey more nuanced messaging status with a limited visual vocabulary?
Ashley Madison: Leaky sign-in
http://www.troyhunt.com/2015/07/your-affairs-were-never-discrete-ashley.html
How might we … treat login as an experience flow, not copywriting?
Designing for behavior change: always accept, always ignore
http://www.securityforrealpeople.com/2014/10/the-high-price-of-free-wifi-your-eldest.html
How might we … motivate behavior change to more secure behaviors?
Instead of scolding error messages, Slack uses humor to build trust
How might we … create actionable alerts that increase feelings of confidence?
UX for Security: The Power of Design
Introduction
Why Privacy Matters
Building Better Basics
Exploring New Frontiers
Conclusion
@ameellio #oreillydesign
36http://www.theregister.co.uk/2015/10/19/bods_brew_ikettle_20_hack_plot_vulnerable_london_pots/
iKettle hack proves wifi vulnerability #IoT #securityfail
How might we …empower productdesigners to make good security decisions?
38
Profile management off the screen: Netflix vs Nest
https://www.flickr.com/photos/nest/6264860345/
How might we …help people understand when their profile data is being accessed?
Mind the gaps between apps & between apps & operating system
How might we …create smooth seams between apps ?
UX for Security: The Power of Design
Introduction
Why Privacy Matters
Building Better Basics
Exploring New Frontiers
Conclusion
@ameellio #oreillydesign
Let’s make theinternet better
Privacy matters
Build better basics
http://www.troyhunt.com/2015/07/your-affairs-were-never-discrete-ashley.html
Explore new frontiers
How might we …create smooth seams between experiences?
Get involved with Simply Secure
Follow @simplysecureorg on Twitter
Email [email protected] to request access to our Slack (UX, security, privacy)
Share your work
Become a peer reviewer or mentor: 2-3 hours a month
@ameellio
![The Power of StickyNotes [UX Week 2007]](https://img.pdfslide.us/doc/110x75/555929fcd8b42a4f3d8b4624/the-power-of-stickynotes-ux-week-2007-55849e670ba04.jpg)
