Your Software Can Help At-risk People, Too

Web browsers are utility software; they are designed to work for all people. Not only must their features meet the needs of average members of a population, they must also work for people with special needs. As Firefox says on its mobile accessibility features page, the browser has been "designed to meet the needs of the broadest population possible," but "sometimes that is not enough." In particular, software that is built for everyone can too often leave people with specific security or privacy needs at risk.

As a counterexample, I recently noticed that Chrome's Android app has a small but tremendously valuable feature for people at risk of in-person surveillance. At-risk users might include someone whose phone is subject to regular inspection at government checkpoints, which has been reported to be the case in Syria. It could also be someone whose boss requires them to hand over their phone at the start of each retail-job shift, as Ame learned in her New York City study.

The feature is part of Chrome's incognito mode, which lets users browse the web without worrying that their device will record the history or cookies from their session. The browser automatically deletes this information when all incognito tabs are closed. Now, on phones running recent versions of the Android operating system, Chrome can push a message to the notification shade and to the lock screen that allows you to easily close all incognito tabs in a single action.

![Images depicting the Chrome notification.](/images/blog/2016/incognito-notification.png)
Chrome's "Close all incognito tabs" notification, as an icon in the notification bar (left), expanded in the notification shade (center), and on the lock screen (right).

This hits the sweet spot for features that are incredibly useful for a subset of an app's user population:

  • It's unobtrusive. If you don't use incognito mode, you won't ever encounter or be confused by this feature.
  • It's automatic. If you do use incognito mode, you don't have to take extra steps to enable it; it's on by default.
  • It's simple and elegant. Since it's a notification, it's easily available from anywhere in the operating system. Its functionality is immediately apparent and immediately effective.

Of course, not everyone is a fan of this feature; a quick web search reveals that some users who keep incognito tabs open for extended periods find this notification annoying. In creating this feature, the designers had to choose whether to build in more protection (having the notification on by default) or less, and they erred on the side of more. Given the goals of incognito mode, I think this is appropriate. That said, Google might address criticizers' concerns by offering a setting to opt out of the notifications.

Learning from this example

While we often cheer the loudest when apps integrate features like end-to-end encryption (e.g.: Whatsapp), smaller features can make a big impact, too. This Chrome feature shows that apps designed for a general population can directly help people concerned about their data security in simple, elegant ways.

Right now, members of the western technology community often perceive at-risk users as being a niche population. It's easy to envision opposition fighters in Syria, activists like Ai Weiwei, or journalists like Laura Poitras, who worked with Edward Snowden to publish his documents. But as you learn more about the prevalence of surveillance and the concerns that people have about intrusions on their private data, you will discover that this group is larger than you think – and it's growing. At-risk users are people who worry about their security, either physical or digital. As online data plays an ever-increasing role in life around the globe, its potential for exploitation by corrupt officials, domestic abusers, and organized crime escalates as well. It's important to get a jump-start thinking about these users now.

What small features can your project add to help at-risk people? If you need help brainstorming or have released a successful project in this vein, let us know.


Meeting Users' Needs: The Necessary Is Not Sufficient

Building great software requires understanding what users want and need. If you’re building privacy-preserving software, this includes understanding the privacy threats that your users face. One of the participants in Ame’s NYC study. When Ame set out to talk to people in the New York City neighborhoods of Brownsville and Harlem about their experiences with mobile messaging, she wanted to amplify voices that are frequently underrepresented in the software community.

Notes from the Internet Freedom Festival

I really enjoyed my time at the Internet Freedom Festival in Valencia, Spain. I was inspired and humbled to meet so many talented people as part of a global event about internet freedom. From powerful conversations about privilege to UX design jam sessions, it was a great week. With more than 600 people registered and 160+ sessions, there was more terrific discussion than I could be part of, but here are some themes that stuck with me.

Learning from Drones

Last week, I encountered discussions of drones in two unimaginably different contexts: in an academic presentation at USENIX Security 2016 and on the TV comedy Portlandia. As distant genres, they offer different perspectives that have equally important UX implications for privacy preservation. In the opening keynote of USENIX Security, Dr. Jeannette Wing examined the trustworthiness of cyber-physical systems, which are engineered systems with tight coordination between the computational and physical worlds.