Your Software Can Help At-risk People, Too

Web browsers are utility software; they are designed to work for all people. Not only must their features meet the needs of average members of a population, they must also work for people with special needs. As Firefox says on its mobile accessibility features page, the browser has been "designed to meet the needs of the broadest population possible," but "sometimes that is not enough." In particular, software that is built for everyone can too often leave people with specific security or privacy needs at risk.

As a counterexample, I recently noticed that Chrome's Android app has a small but tremendously valuable feature for people at risk of in-person surveillance. At-risk users might include someone whose phone is subject to regular inspection at government checkpoints, which has been reported to be the case in Syria. It could also be someone whose boss requires them to hand over their phone at the start of each retail-job shift, as Ame learned in her New York City study.

The feature is part of Chrome's incognito mode, which lets users browse the web without worrying that their device will record the history or cookies from their session. The browser automatically deletes this information when all incognito tabs are closed. Now, on phones running recent versions of the Android operating system, Chrome can push a message to the notification shade and to the lock screen that allows you to easily close all incognito tabs in a single action.

![Images depicting the Chrome notification.](/images/blog/2016/incognito-notification.png)
Chrome's "Close all incognito tabs" notification, as an icon in the notification bar (left), expanded in the notification shade (center), and on the lock screen (right).

This hits the sweet spot for features that are incredibly useful for a subset of an app's user population:

  • It's unobtrusive. If you don't use incognito mode, you won't ever encounter or be confused by this feature.
  • It's automatic. If you do use incognito mode, you don't have to take extra steps to enable it; it's on by default.
  • It's simple and elegant. Since it's a notification, it's easily available from anywhere in the operating system. Its functionality is immediately apparent and immediately effective.

Of course, not everyone is a fan of this feature; a quick web search reveals that some users who keep incognito tabs open for extended periods find this notification annoying. In creating this feature, the designers had to choose whether to build in more protection (having the notification on by default) or less, and they erred on the side of more. Given the goals of incognito mode, I think this is appropriate. That said, Google might address criticizers' concerns by offering a setting to opt out of the notifications.

Learning from this example

While we often cheer the loudest when apps integrate features like end-to-end encryption (e.g.: Whatsapp), smaller features can make a big impact, too. This Chrome feature shows that apps designed for a general population can directly help people concerned about their data security in simple, elegant ways.

Right now, members of the western technology community often perceive at-risk users as being a niche population. It's easy to envision opposition fighters in Syria, activists like Ai Weiwei, or journalists like Laura Poitras, who worked with Edward Snowden to publish his documents. But as you learn more about the prevalence of surveillance and the concerns that people have about intrusions on their private data, you will discover that this group is larger than you think – and it's growing. At-risk users are people who worry about their security, either physical or digital. As online data plays an ever-increasing role in life around the globe, its potential for exploitation by corrupt officials, domestic abusers, and organized crime escalates as well. It's important to get a jump-start thinking about these users now.

What small features can your project add to help at-risk people? If you need help brainstorming or have released a successful project in this vein, let us know.


How UX Excludes or Includes

Software communicates its values via its user experience (UX) by making some actions easy and others harder. For example, mobile apps can be configured to automatically opt users in to location sharing, and require people to dig through multiple layers of menus to opt out. This design choice reflects the developer's belief that it's ok to collect location data about users without asking their permission. But this is just one example; values are encoded in software in many ways beyond default settings.

Awkward! QR Scanning + LinkedIn Spam

Messaging with friends and colleagues is rewarding – but sharing contact information is awkward. Many people want to preserve their privacy by carefully controlling who gets their contact information, and choose not to broadcast their email address or phone number via a public Facebook or Twitter profile. Instead, they choose to strategically share their contact info. It's awkward to navigate the social and UX challenges in this sharing. Looking at how WeChat and LinkedIn handle this problem exposes two different kinds of awkwardness: mechanics of sharing and social agreement about what permissions you get as a result.

Maximizing Meaning in Empty States

It can be hard to communicate about security-related features with users who aren't already security experts. From word choice to the level of detail included, it's easy to overwhelm people with information, leave them scared, or bore them to indifference. For many applications, one major challenge is finding the right place to communicate. Empty states – screens in your app where there is no actual content to display – are a great opportunity for this communication, in part because they frequently occur when the user is first starting out.