IFD:Nutzerstudien WiSe1314/Sicherheit (security): Difference between revisions

From Medien Wiki
 
(16 intermediate revisions by 5 users not shown)
Line 1: Line 1:
==Aims of data gathering==
==Aims of data gathering==


We wanted to know how to improve the design and/or functions in Chat-Secure, regarding the security-problem.
We wanted to know how to improve the design and/or functions in Chat-Secure, regarding the security-problem. People should immediatly see that it's a secure chat through its interface. So we searched for possible symbols that provide security and tried out some designs to improve the current look of the chat.
 
<!--
<div style="color:darkgreen">
<div style="color:darkgreen">
could you specify what you mean with "security problem"? What poses a possible problem? ("security problem" could as well be a exploit, a but that enables an attack or the like)
could you specify what you mean with "security problem"? What poses a possible problem? ("security problem" could as well be a exploit, a bug that enables an attack or the like) --[[User:JanD|JanD]] 10:17, 13 December 2013 (CET)
</div>
</div>
-->
<div style="color:brown">Developing a clear, concise scheme for representing the states of messages in ChatSecure is a very valuable problem to solve.  If the user does not understand when things are private or not, they could easily leak private information.  Keep in mind all manner of design treatments: font, color, iconography, etc.  I think that finding well known metaphors could likely produce good results here, but a very simple abstract scheme could also work.  One of my favorite ideas here is relying on the default look.  ChatSecure should provide private/secure messaging by default.  If the messages are not private/secure, then that is a warning/error condition and should be represented as such.</div>--[[User:Hans|Hans]] 21:40, 18 December 2013 (CET)


== Data Gathering: Interviews/Observation ==
== Data Gathering: Interviews/Observation ==
Line 29: Line 34:
|-
|-
| 4
| 4
| 25-30
| 20-25
| Computer Science and Media
| Computer Science
|-
|-
| 5
| 5
| 20-25
| 20-25
| Computer Science and Media
| Computer Science
|-
|-
| 6
| 6
| 20-25
| 20-25
| Computer Science and Media
| Computer Science
|-
|-
| 7
| 7
Line 62: Line 67:
* What chats do you use?  
* What chats do you use?  
* Are you happy with them or would you want to improve something?
* Are you happy with them or would you want to improve something?
* Which functions are important for you?
* Have you ever think about the security in the chat programs?
* Are you feeling secure in your currently used chats? If no, did you restrict yourself in some way and how far?   
* Are you feeling secure in your currently used chats? If no, did you restrict yourself in some way and how far?   
* What are the limits of effort you would accept to feel safer in a chat?
* What are the limits of effort you would accept to feel safer in a chat?
Line 68: Line 75:
== Data Analysis ==
== Data Analysis ==
How we analysed the data: We searched for specific answers in the interviews and looked how it could help to spot a problem. Then we put all our results together and created an affinity diagramm.
How we analysed the data: We searched for specific answers in the interviews and looked how it could help to spot a problem. Then we put all our results together and created an affinity diagramm.
<div style="color:brown">I'd like to see more discussion of your approach here.  How did you choose your people?  What criteria did you use to develop your questions?</div>--[[User:Hans|Hans]] 21:43, 18 December 2013 (CET)
We chose them, because they are part of our social environment. We thought about what would be important for ourselves to develop the questions. Since we`re in the security-group we tried to focus especially on that topic.


==Main Results Data Analysis==
==Main Results Data Analysis==
Line 73: Line 84:


'''Results:'''  
'''Results:'''  
* Most people use chat programs that are unsafe. The amount of friends that use a specific chat is more important
* Most people use chat programs that are unsafe. The amount of friends that use a specific chat is more important <div style="color:brown">did the users know that the apps they use were unsafe?</div>--[[User:Hans|Hans]] 21:44, 18 December 2013 (CET)
Yes, they do, but it doesn`t bother them.
* Standard functions like Smileys and data/picture transfer should be offered
* Standard functions like Smileys and data/picture transfer should be offered
* There should be a function to create a group discussion
* There should be a function to create a group discussion
* Chats are used for job messages as for private ones
* Chats are used for job messages as for private ones
* User want to see (e.g. by a lock-symbol), if a programm or message is secure or not
* User want to see (e.g. by a lock-symbol), if a program or message is secure or not
* OpenSource programms provide trust
* Open Source programs provide trust
* The design should be functional AND appealing
* The design should be functional AND appealing


What we learned from our user research: We got a lot of information about the requirements and the possible use of a chat application. The most important features people wanted to be part of such an application where group chat functionality, image transfer, smileys and an easy to use but appealing interface. People often want to plan partys in a chat, so the group function could be necessary and image transfer is also an important factor of communication for most people.
What we learned from our user research: We got a lot of information about the requirements and the possible use of a chat application. The most important features people wanted to be part of such an application where group chat functionality, image transfer, smileys and an easy to use but appealing interface. People often want to plan parties in a chat, so the group function could be necessary and image transfer is also an important factor of communication for most people.


It was also interessting for us to find out that the main percentage of the users know about possible security issues:  
It was also interesting for us to find out that the main percentage of the users know about possible security issues:  
* fear of being in a computer surveillance/being watched in general
* fear of being in a computer surveillance/being watched in general
* fear of theft of an account/a mobile device  
* fear of theft of an account/a mobile device  
Line 89: Line 101:
However, they did not try to find an alternative. Related to this we also found out that people using chat software for business had much more concerns about their personal information and especially the topic and content of the talk then the private users.
However, they did not try to find an alternative. Related to this we also found out that people using chat software for business had much more concerns about their personal information and especially the topic and content of the talk then the private users.


==What specifc problem we want to solve==
<div style="color:brown">You bring up a lot of valuable points here, and the bullet points provide a quick summary, but I'd love to hear more about all of the topics.  In particular, I think the core issue is why people don't find more secure/private alternatives to the apps that they use.  Is it social (everyone I know uses Xapp)?  Is it usability (private apps are hard to use)? Or something else entirely?</div>--[[User:Hans|Hans]] 21:50, 18 December 2013 (CET)


The interface should communicate security to the user. Therefor we want to improve the interface of ChatSecure in a way, that everyone is possible to understand what is meant with the symbols.
Since insecurity in their currently chats doesn`t bother them much, they just haven`t thought about a secure alternative yet. Most important thing has always been, that all friends use the app/chat. They would change to a secure chat, where all friends are logged in, though.
 
==What specific problem we want to solve==
 
The interface should communicate security to the user. Therefore we want to improve the interface of ChatSecure in a way, that everyone is able to understand what is meant with the symbols.
To create such a design, we drew some of our own design-ideas on a paper. It showed the message window and some applications and icons we added to it, e.g. the lock symbol next to the Accountname and in the speech bubbles itself. These things intensify the security-feeling. Then we discussed those ideas, made a prototype and tested it on a comrade who wasn`t in our working group.
To create such a design, we drew some of our own design-ideas on a paper. It showed the message window and some applications and icons we added to it, e.g. the lock symbol next to the Accountname and in the speech bubbles itself. These things intensify the security-feeling. Then we discussed those ideas, made a prototype and tested it on a comrade who wasn`t in our working group.
[[image:IFD-NuSt security-mockup.jpg|1000px]]
<div style="color:brown">Its good to see the mockups, this gets the process rolling.  About the prompt for sending messages insecurely, this would work well for people in very sensitive situations, but I think most users would get annoyed once they've seen a pop-up like this more than 5 or 10 times.  I think that it is possible to achieve the same results security-wise with less annoyance on the user by integrating this warning more.  For example, the Send button should change color like you have already but maybe instead of the yes/no/later prompt, the user would have to press the send button twice, and it would change color on each press.  For more security, there could be an enforced delay on the second press, so they would have to wait a second or two before clicking it the second time.  Or mybe it would be enough if the whole interface was shouting out that the message would be sent insecurely, something like every aspect of the UI turning red, and getting a different font.</div>--[[User:Hans|Hans]] 21:56, 18 December 2013 (CET)
<!--
<div style="color:darkgreen">Please include a sketch or photo; otherwise it is hard to understand that you refer to. --[[User:JanD|JanD]] 10:19, 13 December 2013 (CET)</div>
-->


==Plans – how we want to solve the problem(s)==
==Plans – how we want to solve the problem(s)==

Latest revision as of 12:23, 21 December 2013

Aims of data gathering

We wanted to know how to improve the design and/or functions in Chat-Secure, regarding the security-problem. People should immediatly see that it's a secure chat through its interface. So we searched for possible symbols that provide security and tried out some designs to improve the current look of the chat.

Developing a clear, concise scheme for representing the states of messages in ChatSecure is a very valuable problem to solve. If the user does not understand when things are private or not, they could easily leak private information. Keep in mind all manner of design treatments: font, color, iconography, etc. I think that finding well known metaphors could likely produce good results here, but a very simple abstract scheme could also work. One of my favorite ideas here is relying on the default look. ChatSecure should provide private/secure messaging by default. If the messages are not private/secure, then that is a warning/error condition and should be represented as such.

--Hans 21:40, 18 December 2013 (CET)


Data Gathering: Interviews/Observation

We interwiewed ten people of these courses of studies below. Since we all studies something similar we had an easy access to them. We asked them about their chat behavior in general and especially how they think about security.

Number Age class Course of studies
1 <20 Media Science
2 20-25 Computer Science
3 20-25 Business Economics
4 20-25 Computer Science
5 20-25 Computer Science
6 20-25 Computer Science
7 20-25 Computer Science and Media
8 20-25 Computer Science and Media
9 20-25 Media Arts/Media Design
10 25-30 Game Design


Main questions:

  • What chats do you use?
  • Are you happy with them or would you want to improve something?
  • Which functions are important for you?
  • Have you ever think about the security in the chat programs?
  • Are you feeling secure in your currently used chats? If no, did you restrict yourself in some way and how far?
  • What are the limits of effort you would accept to feel safer in a chat?
  • Have you ever been attacked before?

Data Analysis

How we analysed the data: We searched for specific answers in the interviews and looked how it could help to spot a problem. Then we put all our results together and created an affinity diagramm.

I'd like to see more discussion of your approach here. How did you choose your people? What criteria did you use to develop your questions?

--Hans 21:43, 18 December 2013 (CET)

We chose them, because they are part of our social environment. We thought about what would be important for ourselves to develop the questions. Since we`re in the security-group we tried to focus especially on that topic.

Main Results Data Analysis

Results:

  • Most people use chat programs that are unsafe. The amount of friends that use a specific chat is more important
    did the users know that the apps they use were unsafe?
    --Hans 21:44, 18 December 2013 (CET)

Yes, they do, but it doesn`t bother them.

  • Standard functions like Smileys and data/picture transfer should be offered
  • There should be a function to create a group discussion
  • Chats are used for job messages as for private ones
  • User want to see (e.g. by a lock-symbol), if a program or message is secure or not
  • Open Source programs provide trust
  • The design should be functional AND appealing

What we learned from our user research: We got a lot of information about the requirements and the possible use of a chat application. The most important features people wanted to be part of such an application where group chat functionality, image transfer, smileys and an easy to use but appealing interface. People often want to plan parties in a chat, so the group function could be necessary and image transfer is also an important factor of communication for most people.

It was also interesting for us to find out that the main percentage of the users know about possible security issues:

  • fear of being in a computer surveillance/being watched in general
  • fear of theft of an account/a mobile device
  • e.g. personal messages were posted on the pinboard because of a Facebook bug

However, they did not try to find an alternative. Related to this we also found out that people using chat software for business had much more concerns about their personal information and especially the topic and content of the talk then the private users.

You bring up a lot of valuable points here, and the bullet points provide a quick summary, but I'd love to hear more about all of the topics. In particular, I think the core issue is why people don't find more secure/private alternatives to the apps that they use. Is it social (everyone I know uses Xapp)? Is it usability (private apps are hard to use)? Or something else entirely?

--Hans 21:50, 18 December 2013 (CET)

Since insecurity in their currently chats doesn`t bother them much, they just haven`t thought about a secure alternative yet. Most important thing has always been, that all friends use the app/chat. They would change to a secure chat, where all friends are logged in, though.

What specific problem we want to solve

The interface should communicate security to the user. Therefore we want to improve the interface of ChatSecure in a way, that everyone is able to understand what is meant with the symbols. To create such a design, we drew some of our own design-ideas on a paper. It showed the message window and some applications and icons we added to it, e.g. the lock symbol next to the Accountname and in the speech bubbles itself. These things intensify the security-feeling. Then we discussed those ideas, made a prototype and tested it on a comrade who wasn`t in our working group.


IFD-NuSt security-mockup.jpg

Its good to see the mockups, this gets the process rolling. About the prompt for sending messages insecurely, this would work well for people in very sensitive situations, but I think most users would get annoyed once they've seen a pop-up like this more than 5 or 10 times. I think that it is possible to achieve the same results security-wise with less annoyance on the user by integrating this warning more. For example, the Send button should change color like you have already but maybe instead of the yes/no/later prompt, the user would have to press the send button twice, and it would change color on each press. For more security, there could be an enforced delay on the second press, so they would have to wait a second or two before clicking it the second time. Or mybe it would be enough if the whole interface was shouting out that the message would be sent insecurely, something like every aspect of the UI turning red, and getting a different font.

--Hans 21:56, 18 December 2013 (CET)


Plans – how we want to solve the problem(s)

The ideas of last week worked quite well, but not properly understandable. The problem of the red color we`d chosen for the Send-Button for an insecure message didn't work out. Our test subject thought the button couldn't be clicked at all. So, in the next week, we would look for similiar applications and how they deal with authentification and security methaphors. After that, we would improve our prototype with the results of the last weeks and try out different approaches to solve our problems, regarding the prototype itself, the layout and the colours. Then we would test it again.


Images