Knowledge Base /

Technologists

Explore emerging issues in information security with a human-centered design focus

Professional Knowledge and IoT

This year's Consumer Electronics Show (CES ‘17) showcased numerous internet of things (IoT) devices but was found wanting when it came to security concerns. In his UX of IoT report from CES, Scott Jenson assesses that “companies really, really, REALLY want to make home automation systems,” but how can we... (Read more)

Four Concrete Security Tips for the New Year

To help you assess risks to your data, we provide ways to dissect threats and tips to protect against them.

Essential Non-technical Skills for Working in Security

Building trustworthy technology requires more than technical expertise. Interaction design, service design, brand strategy, and writing are needed.

Fighting Phishing in the Browser: Security for Designers

Get prepared to discuss security with more technical team mates. If you’re a designer, learn useful background information.

How to Fight Phishing: Security for Designers

My last post examined the concept of phishing, which is a type of social-engineering attack to con people into divulging private information like passwords or credit card numbers. When you look for advice on how to protect against phishing, most of what you’ll find is tired wisdom such as “check... (Read more)

One Phish, Two Phish: Security for Designers

Most people who spend time online have a general idea of what "phishing" is, but it can be hard for folks outside of the security community to pin down an exact definition. Understanding the threat that phishing attacks pose can help designers and other UX experts become effective advocates for... (Read more)

Your Software Can Help At-risk People, Too

Web browsers are utility software; they are designed to work for all people. Not only must their features meet the needs of average members of a population, they must also work for people with special needs. As Firefox says on its mobile accessibility features page, the browser has been "designed... (Read more)

Don't Let Color Drown Out Your Message

Visual design makes for compelling software; learn about color and how to choose a persuasive color scheme.

Illustrated Quick-start Intro to Wireframing

If you're new to UX design, wireframing is a powerful tool to understand how users experience your software. People with technical backgrounds benefit from wireframing because it forces them to take a step back from their coding mentality. Rather than focusing on the technical architecture, wireframing exposes the user-experience structure:... (Read more)

Meeting Users' Needs: The Necessary Is Not Sufficient

Building great software requires understanding what users want and need. If you’re building privacy-preserving software, this includes understanding the privacy threats that your users face. One of the participants in Ame’s NYC study.When Ame set out to talk to people in the New York City neighborhoods of Brownsville and Harlem... (Read more)

How to Name Your App

Naming software is hard because the name needs to convey a lot of meaning about what the program does to an unfamiliar audience, and do it all using only a word or short phrase. You want something memorable and easy to say – which becomes more complex when designing with... (Read more)

Notes from the Internet Freedom Festival

I really enjoyed my time at the Internet Freedom Festival in Valencia, Spain. I was inspired and humbled to meet so many talented people as part of a global event about internet freedom. From powerful conversations about privilege to UX design jam sessions, it was a great week. With more... (Read more)

Reaching For The Masses: Protecting Privacy Through Better Software

Many regular readers of our blog have already drunk the metaphorical Kool-Aid. You know that a good user experiences is critical to an app's success; moreover, you know that when a piece of software seeks to preserve its users' privacy, a poor UX can have disastrous results.But working in a... (Read more)

Video Roundup

It’s always great to attend security and privacy conferences in person. But in cases where you have to miss an event, online videos of the talks can be a great way to stay current with the ongoing conversation.Art, Design, and The Future of PrivacyAs I promised back in September, the... (Read more)

Some Of Our 2015 Favorites

2015 was our first full year in operation, and we’ve come a long way! Looking back at the past twelve months, here are some resources that we’ve found to be particularly useful (or entertaining). Let us know your favorites on Twitter!Ame’s picksThinking back on 2015, I’m really glad to be... (Read more)

Maximizing Meaning in Empty States

It can be hard to communicate about security-related features with users who aren't already security experts. From word choice to the level of detail included, it's easy to overwhelm people with information, leave them scared, or bore them to indifference. For many applications, one major challenge is finding the right... (Read more)

Encryption is not for terrorists

Recent attacks by Daesh in Turkey, Egypt, Lebanon, and Paris have fanned the flames of an ongoing debate about software that is resistant to surveillance. It seems that some participants in that debate are trying to use these attacks as an excuse to drum up fear around end-to-end encryption. They... (Read more)

Why Open-Source Projects Need Style Guides

Style guides specify the look and feel of how a company or team communicates with the outside word. Styleguides.io collects examples of website visual standards that maintain a consistent online presence. Brand guidelines typically focus on how logos are treated, while style guides are more extensive – including not only... (Read more)

Don't let security dogma steer you wrong

My recentpost describing some of the reasons we choose Slack over IRC for our publicforum is part of a larger conversation people are having around the promise andconcerns of group-communication tools. A quick search for "Slack vs. IRC" yields awealth of opinions on the subject; our post generated some interestingdiscussion... (Read more)

Victims of Success

Rather than view feature requests as a set of highly-divergent signals, it can help to try and group requests based on the underlying need that they speak to.

Usability and Security: Not Binary Properties

People who think about computer security for a living sometimescringe when they read about the subject in the popular press.Security is a complex and nuanced topic, and it’s easy to makeassertions that don’t hold up to careful scrutiny. One basic-but-unintuitive principle is that security is not abinary property: in the... (Read more)

Empathy In The Real World

As a practitioner of Human-Centered Design, empathy is a core skill in the work I do. InNo Flex Zone: Empathy DrivenDevelopment, Duretti Hirpa writes about how empathy can be a competitive advantage.“We build software for all kinds of people, and empathy helps us to connect to these disparate audiences. We... (Read more)

Kids’ Online Privacy: SOUPS Conference Keynote

Last week I went to the SOUPS conference in Ottawa. As a first-time attendee,it was a good opportunity to connect with some members of the academic usable-security community. One of thehighlights was keynote speaker Valerie Steeves.Steeves, sharing findings from her Young Canadians in aWired World research, reported results of an... (Read more)

Lessons from Architecture School: Part 3

This is the third and final installment in the series on Lessons fromArchitecture School: Lessons for IoT Security. You can also read the first and secondinstallments, or download the presentation.Thank you to the audience at Solid Conference forgood questions and lively discussion.Homes Are More Than HousesShop houses are a type... (Read more)

Lessons from Architecture School: Part 2

This continues Part 1 of aseries of posts drawn from a talk I gave at O’Reilly’s online conference Experience Designfor Internet of Things (IoT) on “Lessons from Architecture School for IoTSecurity.” You can find the slides for the original talk here. The talkencourages designers to think about security and outlines... (Read more)

Lessons from Architecture School: Part 1

This is the first in a series of posts pulled from a talk I gave atO’Reilly’s online conference Experience Designfor Internet of Things (IoT) on “Lessons from Architecture School for IoTSecurity.” The talk is a call to action for designers and non-technical peopleto get involved — with us at Simply... (Read more)