All tags /

Professional Knowledge: Security, Privacy, and Transparency

Simply Secure provides information security professionals with resources that include uses cases, emerging research issues, and the implications of current events for the field

Retail Apps and Data Collection

San Franciscans surprised us with positive feelings about data collection by retail apps, which they considered beneficial to their communities.

Meeting Users' Needs: The Necessary Is Not Sufficient

Building great software requires understanding what users want and need. If you’re building privacy-preserving software, this includes understanding the privacy threats that your users face. One of the participants in Ame’s NYC study. When Ame set out to talk to people in the New York City neighborhoods of Brownsville and Harlem about their experiences with mobile messaging, she wanted to amplify voices that are frequently underrepresented in the software community. (Many thanks again to Blue Ridge Labs for helping her connect with study participants.

Comfortable UX, Not Just Open APIs

Simply Secure focuses its collaborative efforts on open-source, privacy-preserving software projects. In my conversations with designers, developers, and end users, I'm often struck by a divergence in their understanding of what "openness" means in software. For example, last December during a user study, participants reading app store descriptions of secure messaging apps consistently thought that "open source" meant that their messages were public. The distinction between "source code" and "content generated in apps"

Notes from the Internet Freedom Festival

I really enjoyed my time at the Internet Freedom Festival in Valencia, Spain. I was inspired and humbled to meet so many talented people as part of a global event about internet freedom. From powerful conversations about privilege to UX design jam sessions, it was a great week. With more than 600 people registered and 160+ sessions, there was more terrific discussion than I could be part of, but here are some themes that stuck with me.

Video Roundup

It’s always great to attend security and privacy conferences in person. But in cases where you have to miss an event, online videos of the talks can be a great way to stay current with the ongoing conversation. Art, Design, and The Future of Privacy As I promised back in September, the videos of the event we co-hosted with DIS Magazine at Pioneer Works are available online. The DIS blog had a great writeup with summaries of the different panels, and you can find transcripts over at Open Transcripts.

Some Of Our 2015 Favorites

2015 was our first full year in operation, and we’ve come a long way! Looking back at the past twelve months, here are some resources that we’ve found to be particularly useful (or entertaining). Let us know your favorites on Twitter! Ame’s picks Thinking back on 2015, I’m really glad to be part of Simply Secure and for the opportunity to be an evangelist for design. I’m thankful for resources that make design easier.

Encryption is not for terrorists

Recent attacks by Daesh in Turkey, Egypt, Lebanon, and Paris have fanned the flames of an ongoing debate about software that is resistant to surveillance. It seems that some participants in that debate are trying to use these attacks as an excuse to drum up fear around end-to-end encryption. They argue that these events tell us that the general citizenry shouldn’t have access to strong privacy-preserving tools. A lot of people are saying a lot of smart things on the subject, but I want to briefly outline a couple ways in which this call for limiting encryption is problematic.

Don't let security dogma steer you wrong

My recent post describing some of the reasons we choose Slack over IRC for our public forum is part of a larger conversation people are having around the promise and concerns of group-communication tools. A quick search for "Slack vs. IRC" yields a wealth of opinions on the subject; our post generated some interesting discussion (and a couple angry rants on Twitter). I focused my discussion on the usability advantages of Slack – advantages that I believe encourage designers to join our public forum in a way that they would not if it were hosted on IRC.

Victims of Success: Dealing With Divergent Feature Requests

Rather than view feature requests as a set of highly-divergent signals, it can help to try and group requests based on the underlying need that they speak to.

Usability and Security: Not Binary Properties

People who think about computer security for a living sometimes cringe when they read about the subject in the popular press. Security is a complex and nuanced topic, and it’s easy to make assertions that don’t hold up to careful scrutiny. One basic-but-unintuitive principle is that security is not a binary property: in the absence of other context, it’s hard to definitively say that a particular system or piece of software is “secure” or “insecure”.

Closing the Participation Gap: HotPETS Presentation Summary

I really enjoyed being part of the emerging-work track, HotPETS, at the Privacy Enhancing Technologies Symposium earlier this month. From meeting lots of great people to getting face-time with the Simply Secure team, Philadelphia was fun. Scout and I presented “Human-Centered Design for Secure Communication: Opportunities to Close the Participation Gap” as part of a session on Privacy and Human Behavior. The session also included some nice qualitative work from Tactical Technologies covering the collaborative and social nature of privacy and ethical implications for researchers working with vulnerable populations.