Knowledge Base /

Designers

Build design skills in the emerging areas of privacy and ethics with case studies and discussion

Security is a “Design in Tech” Trend

Designers are urgently needed to help build products and services people trust. Here’s how design professionals are starting to embrace security.

Four Concrete Security Tips for the New Year

To help you assess risks to your data, we provide ways to dissect threats and tips to protect against them.

Blink and You’ll Miss It: Notifications in an AI World

I’ve been enjoying the videos from AI Now, an exploration of artificial intelligence and ethics hosted by the U.S. White House and NYU’s Information Law Institute. Co-chairs Kate Crawford and Simply Secure co-founder Meredith Whittaker put together a program focused on issues of social inequality, labor, and ethics in artificial intelligence. AI inspiration Looking at the program through a UX design lens, there were abundant design opportunities to make AI systems more effective, transparent, and fair.

How to Fight Phishing: Security for Designers

My last post examined the concept of phishing, which is a type of social-engineering attack to con people into divulging private information like passwords or credit card numbers. When you look for advice on how to protect against phishing, most of what you’ll find is tired wisdom such as “check the email carefully” or “never click on links in emails.” This type of advice assumes that the burden is entirely on would-be victims to protect themselves.

What ‘90s London Raves Can Teach Us About Infosec

One of the highlights of HybridConf 2016 was hearing writer Stevyn Colgan talk about his time as a police officer at London's Scotland Yard. He entertained the audience of UX designers and front-end developers with stories from his book, Why Did the Policeman Cross the Road?. As someone who is concerned about the state of policing (in line with recent protests in the United States), I did not expect to be impressed, but Colgan's design-thinking approach to crime prevention took me by surprise.

Learning from Drones

Last week, I encountered discussions of drones in two unimaginably different contexts: in an academic presentation at USENIX Security 2016 and on the TV comedy Portlandia. As distant genres, they offer different perspectives that have equally important UX implications for privacy preservation. In the opening keynote of USENIX Security, Dr. Jeannette Wing examined the trustworthiness of cyber-physical systems, which are engineered systems with tight coordination between the computational and physical worlds.

Your Software Can Help At-risk People, Too

Web browsers are utility software; they are designed to work for all people. Not only must their features meet the needs of average members of a population, they must also work for people with special needs. As Firefox says on its mobile accessibility features page, the browser has been "designed to meet the needs of the broadest population possible," but "sometimes that is not enough." In particular, software that is built for everyone can too often leave people with specific security or privacy needs at risk.

Meeting Users' Needs: The Necessary Is Not Sufficient

Building great software requires understanding what users want and need. If you’re building privacy-preserving software, this includes understanding the privacy threats that your users face. One of the participants in Ame’s NYC study. When Ame set out to talk to people in the New York City neighborhoods of Brownsville and Harlem about their experiences with mobile messaging, she wanted to amplify voices that are frequently underrepresented in the software community.

Developers Are People, Too: Supporting Cryptographic Agility

On Monday I had the pleasure of speaking at a Workshop on Cryptographic Agility and Interoperability held at the National Academies by the Forum on Cyber Resilience. The assembled group of academics, policy-makers, and practitioners touched on a variety of problems around the practical application of cryptography in production software. The main focus was on the challenges and benefits associated with cryptosystems that can be updated or swapped out over time (and thus exhibit “agility”).

Design Matters: 2016 Design in Tech Report

For the past two years John Maeda (whose previous roles include Professor at the MIT Media Lab and President of the Rhode Island School of Design) has issued a Design In Tech Report. This influential analysis, which Maeda presents at SXSW and has also been picked up by outlets like Wired, has helped Silicon Valley understand how design is valuable to companies and their customers. It is situated in the context of venture capital, as Maeda is currently Design Partner at VC firm Kleiner Perkins Caufield and Byers.

Comfortable UX, Not Just Open APIs

Simply Secure focuses its collaborative efforts on open-source, privacy-preserving software projects. In my conversations with designers, developers, and end users, I'm often struck by a divergence in their understanding of what "openness" means in software. For example, last December during a user study, participants reading app store descriptions of secure messaging apps consistently thought that "open source" meant that their messages were public. The distinction between "source code" and "content generated in apps"

Tradeoffs In Seamlessness: The WhatsApp Update

This look at UX design decisions from WhatsApp’s 2016 end-to-end encryption update shares lessons for designers and developers.

How UX Excludes or Includes

Software communicates its values via its user experience (UX) by making some actions easy and others harder. For example, mobile apps can be configured to automatically opt users in to location sharing, and require people to dig through multiple layers of menus to opt out. This design choice reflects the developer's belief that it's ok to collect location data about users without asking their permission. But this is just one example; values are encoded in software in many ways beyond default settings.

Notes from the Internet Freedom Festival

I really enjoyed my time at the Internet Freedom Festival in Valencia, Spain. I was inspired and humbled to meet so many talented people as part of a global event about internet freedom. From powerful conversations about privilege to UX design jam sessions, it was a great week. With more than 600 people registered and 160+ sessions, there was more terrific discussion than I could be part of, but here are some themes that stuck with me.

Learning Lessons Where We Find Them: Analyzing Facebook's Privacy Checkup, Part 1

This is the first in a short series of posts looking at Facebook's "Privacy Checkup" feature. This installment examines why even privacy advocates who avoid social-media sites should take time to understand it and related user experiences. The next installment will go into depth critiquing the feature itself, taking lessons from the user experience that are useful to any designer of privacy or security-related software. As a reader of the Simply Secure blog, chances are good that you spend a fair amount of time thinking about privacy and data security.

Features – Like Backdoors – Are Forever

The news this week has been full of stories about Apple's resistance to a court order demanding they build a custom backdoor to a phone used by one of the San Bernardino suspects. While I will leave deep analysis of the legal situation to experts of that domain, I believe that this instance holds valuable lessons for all software teams. One lesson in particular helps us understand why the creation of such a backdoor would inevitably become dangerous for innocent users.

Awkward! QR Scanning + LinkedIn Spam

Messaging with friends and colleagues is rewarding – but sharing contact information is awkward. Many people want to preserve their privacy by carefully controlling who gets their contact information, and choose not to broadcast their email address or phone number via a public Facebook or Twitter profile. Instead, they choose to strategically share their contact info. It's awkward to navigate the social and UX challenges in this sharing. Looking at how WeChat and LinkedIn handle this problem exposes two different kinds of awkwardness: mechanics of sharing and social agreement about what permissions you get as a result.

Video Roundup

It’s always great to attend security and privacy conferences in person. But in cases where you have to miss an event, online videos of the talks can be a great way to stay current with the ongoing conversation. Art, Design, and The Future of Privacy As I promised back in September, the videos of the event we co-hosted with DIS Magazine at Pioneer Works are available online. The DIS blog had a great writeup with summaries of the different panels, and you can find transcripts over at Open Transcripts.

Notes on the O'Reilly Design Conference

Last week I went to the O'Reilly Design Conference and enjoyed learning about emerging UX trends. The conference was full of high-quality presentations on UX practice. Here are three of my favorite talks. The Many Minds of the Maker Knight-Mozilla Fellow Livia Labate shared examples of how designers can overcome barriers to learning code. Her experiences from the pragmatic (no you don't need to learn Rails) to the philosophical (to be good at something, be bad at it first) are relevant to people beyond designers.

How to Sketch Storyboards in 10 Minutes: No Drawing Skills Needed

Sketching storyboards – cartoon-like drawings showing how people use technology – is a way to get more, high-quality ideas for product design. Sketches are useful for taking notes during a discussion and for getting a team on the same page. Fine art drawing is difficult for many, but anyone can master the basics of sketching storyboards – even without drawing skills. You don't need to be artistic, just follow these simple steps.

Some Of Our 2015 Favorites

2015 was our first full year in operation, and we’ve come a long way! Looking back at the past twelve months, here are some resources that we’ve found to be particularly useful (or entertaining). Let us know your favorites on Twitter! Ame’s picks Thinking back on 2015, I’m really glad to be part of Simply Secure and for the opportunity to be an evangelist for design. I’m thankful for resources that make design easier.

Straight Talk: New Yorkers on Privacy

Our research on New Yorkers’ use of mobile messaging offers actionable insights into how to design secure communication tools for a mass audience.

Why Open-Source Projects Need Style Guides

Style guides specify the look and feel of how a company or team communicates with the outside word. Styleguides.io collects examples of website visual standards that maintain a consistent online presence. Brand guidelines typically focus on how logos are treated, while style guides are more extensive – including not only look and feel, but also interactive behavior, such as the alerts and form templates in the U.S. Web Design Standards.

Mind The Gap Between Mobile Apps

Users of the Facebook iPhone app were recently surprised by a new feature offering to “Add the last link you copied?” into a status update. Many people did not expect to see a complete URL that they had put onto the clipboard from another app, without explicitly involving Facebook. Christian Frichot discusses iOS security concerns with this feature, but I also consider this to be a UX design failure. Copying a link in Safari (left) makes it appear in Facebook (right).

When Closed-Source Software Wins The Day

We prefer to use open-source software as a matter of principle. We believe that putting software code in the open is the best way for the public to build trust in it. You might find it curious, then, that we choose to foster communication and community through a tool like Slack, which is closed-source. (Note: you can request to join our Slack channel by sending a request to slack@simplysecure.org.) Many software teams that build privacy-preserving tools host similar spaces dedicated to communication with volunteers and users.

Catching Issues in Evolving Interfaces

Thinking of design as not only a product but a process can help complex products stay secure as they evolve.

Ninjas + Hemingway: Writing for User Interfaces

Here are tips for UX copywriting to explain how your technology works and reduce the need for additional user support.

Victims of Success: Dealing With Divergent Feature Requests

Rather than view feature requests as a set of highly-divergent signals, it can help to try and group requests based on the underlying need that they speak to.

Nostalgia, Trust, and Brand Guidelines

Last week Google unveiled a new logo as part of an updated brand identity. Professional typographic designers were swift to react. Tobias Frere-Jones, designer of Interstate and other widely-used fonts, said "I really hope this 'e' does not become a thing." Beyond professional designers, the New Yorker's Sarah Larson complained Google "took something we trusted and filed off its dignity." The Google logo reaches the level of cultural commentary in a general interest magazine because its use is so widespread.

Design Thinking

The latest Harvard Business Review (paywall, but with limited free content) has two articles about design thinking that are relevant for teams working on security and privacy: Design for Action by Tim Brown and Roger Martin and Design Thinking Comes of Age by Jon Kolko. These articles describe how design thinking has moved beyond creating tangible products and on to supporting collaborative design of complex systems. They give an overview of design thinking’s evolution, from its roots in Herbert Simon’s The Sciences of the Artificial, through Richard Buchanan’s Wicked Problems in Design Thinking, and into addressing challenges for domains far outside areas historically considered “design.

Making the Abstract Experiential

It’s difficult for many lay users who are unfamiliar with the mechanics of how the internet works to make assessments of risk or to secure their communications. One way that design can help is by making abstract concepts understandable. There’s exciting work in understanding existing models of security and ways to leverage them in design, such as Rick Wash’s "Folk Models of Home Computer Security", but there’s still so much to be done.