Reaching For The Masses: Protecting Privacy Through Better Software

Many regular readers of our blog have already drunk the metaphorical Kool-Aid. You know that a good user experiences is critical to an app's success; moreover, you know that when a piece of software seeks to preserve its users' privacy, a poor UX can have disastrous results.

But working in a community of passionate individuals – whether it's as a designer, a cryptographer, or an internet-freedom activist – can make it easy to forget that the majority of the human race isn't aware of your favorite issues. It's easy to lose sight of the fact that most people don't spend their days thinking about their relationship to software, or how their software handles their data. The recent news about Apple and the FBI have brought many of these issues to the forefront, but it's hard for people on the outside to sort through the hype to understand what's really going on.

Although our main focus at Simply Secure is on helping UX professionals and software developers learn, connect, and grow in their efforts to make great experiences for their users, we also try to help other communities understand the space we work in. To that end, I recently penned "Protecting Data Privacy With User-Friendly Software" for the Council on Foreign Relations series of "Cyber Briefs". The CFR positions itself as "a resource for its members, government officials, business executives, journalists, educators and students, civic and religious leaders, and other interested citizens" – many of whom aren't familiar with the difference between symmetric and asymmetric crypto, or between UI and UX.

Policymakers in the United States and other countries should recognize that anything less than intact cryptography puts all users at risk. Developers cannot build software that allows law enforcement to access encrypted communications but prevents malicious actors from exploiting that access. Cryptography cannot distinguish good people from bad, so a backdoor for one is a backdoor for all.
The focus of too many projects has long been on users who resemble the developers themselves. It is time to professionalize the practice of open-source development, recruit designers and usability researchers to the cause, and take a human-centered approach to software design. In particular, project leaders should make the development process more accessible to new participants by including explicit instructions to user-experience experts in their documentation.

You can read the full brief here.


Four Concrete Security Tips for the New Year

To help you assess risks to your data, we provide ways to dissect threats and tips to protect against them.

How to Fight Phishing: Security for Designers

My last post examined the concept of phishing, which is a type of social-engineering attack to con people into divulging private information like passwords or credit card numbers. When you look for advice on how to protect against phishing, most of what you’ll find is tired wisdom such as “check the email carefully” or “never click on links in emails.” This type of advice assumes that the burden is entirely on would-be victims to protect themselves.

Professional Knowledge and IoT

This year's Consumer Electronics Show (CES ‘17) showcased numerous internet of things (IoT) devices but was found wanting when it came to security concerns. In his UX of IoT report from CES, Scott Jenson assesses that “companies really, really, REALLY want to make home automation systems,” but how can we begin to consider the ethics when developers don’t even consider security risks? IoT systems pose two security challenges. First, they can be manipulated as surveillance infrastructure to target vulnerable people.