SSL, TLS, and FTP... Oh My!

Guiding users to set up TLS Certificates in FileZilla

  • FileZilla Server has over 20 years experience providing free, open-source file transfer protocol software for client and server. 
  • As part of the OTF Usability Lab, Simply Secure worked with FileZilla Server to improve usability of the tool, specifically with high-risk users in mind. We conducted user research and gave design recommendations, which resulted in personas, an expert review, and new UI recommendations for creating a TLS certificate.
  • The objective was a safer, easier way to set up TLS certificates using the Let’s Encrypt service through a wizard that guides users while providing explanation and reassurance.

User researchers and designers often work on projects in which the domain is new to them. Do designers need to be domain experts? Is it necessary to do months of domain research before starting a complex and technical project? 

Filezilla is a well-known free and open source tool for FTP (File Transfer Protocol) users, which has been around for just over 20 years. As their website explains:

“A File Transfer Protocol (FTP) is a standardized network protocol used to transfer files between a client and a server over the internet or any other TCP/IP network. FTP has been designed to promote sharing of files, across all types of computers. A strength of FTP is the reliable and efficient bulk transfer of files. FTP is popular with website owners and web designers to upload files to the servers of their web hosting company. Another common use case is the exchange of files between companies; FTP is in many organizations the de facto method for transferring large volumes of data.”

File sharing is an essential component of a networked society, but few designers know the ins-and-outs of FTP tools. So when we enthusiastically agreed to support FileZilla with user research and design recommendations as part of the OTF Usability Lab, there was some learning that we had to do to get up to speed and tackle the unique design challenge of adding a certificate to the FileZilla server.  

Specifically, our role was to work with the FileZilla team to improve usability of the tool, specifically with high-risk users in mind. We conducted user research and gave design recommendations, which resulted in personas, an expert review, and new UI recommendations for creating a TLS certificate. The objective was a safer, easier way to set up TLS certificates using the Let’s Encrypt service through a wizard that guides users while providing explanation and reassurance.

The Project 

We approached this project through the lens of the high-risk use case such as a human rights organization employees that routinely share files with human rights defenders in the field. At Simply Secure, many of our projects focus on this type of use case so we were able to draw from our previous experience. 

This project was scoped in two phases. Phase 1 included foundational research (needs-finding interviews with users of secure file storage, a survey of FileZilla Server users, and comparison analysis of secure file storage tools), user personas, and an expert design review of the installation FileZilla Server and setting up a server. The high-risk persona’s needs and expert review led us to overarching design recommendations that we remembered through the project and guide future FileZilla Server improvements. 

We translated our research into persona needs, then established design recommendations based on those needs.

With the foundational work completed, in Phase 2 we prioritized the user experience of the security features and settings of FileZilla, specifically setting up a TLS certificate using the Let’s Encrypt service. We wanted this process to be accessible to a high-risk user type who might be new to FTP or not have access to dedicated IT advice. For this technical challenge, we used several tactics to fill in the gaps of our knowledge.

Strategies for complex problems and technical challenges 

Competitor research

In a kickoff call, our favorite question to ask was, “Who are your competitors?” To add to this list, we also asked colleagues and listened for alternatives mentioned in the needs-finding interviews. We compared a wide-array of tools, from CrushFTP to Signal to Airdrop, to identify patterns, good explanations, and solutions. In addition to studying the user interfaces, we also watched competitors’ how-to guides, read FAQs, and listened to conference talks. 

Map the current flow

For a complex problem like this, we had to understand how setting up a new certificate works currently. Instead of going through the flow ourselves, we wanted to see how it was supposed to work and ask questions at every step of the process. We watched the developer go step by step through the process while we visually mapped each step. Later, we added screenshots, ideas for design, and text for explanations and definitions. 

How we mapped the current process of adding a certificate using Let’s Encrypt and also UX issues we identified with these steps.

Stretch the boundaries of inspiration

For many of the tools that Simply Secure partners with, there aren’t many examples of design patterns already established so finding inspiration can be a challenge. In contrast to complex problems, there are common problems that have plenty of solutions already in existence (for example: editing an online shopping cart). While we may not be able to find a perfect example that would help us solve the complex problems, it’s possible to piece together other patterns and make some leaps. Indirect competitors, such as Box.com, provided us with some inspiration for design recommendations.

Box.com showed our design recommendations in context so that we could show the team what implementation could look like.

Learning from Domain Experts and User Interviews

As designers that work with and support many tools, we tend to have broad expertise in many topics and areas, rather than deep expertise in a specific area. Given that, the best thing is to connect with domain experts who can point us in the right direction. For this project, collaborating closely with the FileZilla team was essential, as they are leading experts in FTP. 

In our user research and usability testing, we interviewed people with great knowledge of FTP. At the beginning of the interview, we told the participants that we were not an expert in FTP so we might have questions for them if we don’t understand anything. They were all very understanding and as a result we were able to learn from their experiences for our usability research, while also getting some of their knowledge about the technical aspect. 

Experiment! (*with feedback)

After mapping out the current flow of setting up an SSL certificate, we started experimenting with new flows. We knew we weren’t going to get it right the first time and that we would certainly have misconceptions about the technology, so it was crucial that we got feedback from the FileZilla team (our domain experts). We held collaborative design sessions with the FileZilla team to get us in the right direction, and even did some live design ideation to get instant feedback. 

Ask questions + consider different methods of recording information

On any project, we are always fearful of not knowing enough. Asking questions that may at first seem obvious, can help your collaborators in ways you never expected and lead to teams reconsidering why things are the way they are. When trust is formed it becomes easier to be vulnerable, and vulnerability supports collaboration and the design research process. A key challenge in these moments can be taking good enough notes to remember the discussion that was had. Although we normally shy away from recording conversations, we found it especially useful in this project so that we were able to refer back to the sessions, and review the full context of technical constraints and design choices.

Conclusion

Through a series of tactics to acquire domain expertise quickly by learning from great mentors and domain experts, we were able to learn just enough about FileZilla Server and FTP to conduct thorough user research and provide recommendations that will help improve safe and secure use of FileZilla Server by improving the usability of navigating the security options. 

Our design recommendations took the form of wireframes in a flow.

Credits

Project Contributors: Kelsey Smith, Bernard Tyers, and Rae McKelvey


With support from Open Technology Fund Usability Lab, in collaboration with the FileZilla team.

Related

Goodbye 2020, Hello 2021

2020 was certainly different and harder than we all anticipated. Despite the challenges that 2020 brought, the team at Simply Secure did some amazing work, while also taking time to reflect and grow. We couldn’t have done this without support, collaboration, and solidarity from our community.

SSL, TLS, and FTP... Oh My!

FileZilla is a popular open-source file transfer protocol (FTP) tool. As part of the Open Technology Fund Usability Lab, we worked with the FileZilla Server team to complete user research and provide design recommendations toward the goal of guiding users on how to set up TLS certificates with explanation and reassurance. Here we share how we tackled a technical challenge as designers through strategic knowledge gathering.

Happy New Year from Simply Secure: 2019 Reflections

2019 year in review