IFD:Nutzerstudien WiSe1314/HeuristicAnalysisSecurity

From Medien Wiki

Visibility of system status

  • When you click on the lock and afterwards on "Start OTR”, a charging circle appears on the left side of the lock. This is helpful to show the user that something happens and the app is working. If the contact is offline the loading circle "boosts" permanent and it happens nothing. Thus the user gets no information what’s happens now.
  • If you click on "verify fingerprint" and afterwards on "OK", the window just closes without a message to the user. So he doesn’t know the current status.
  • After "verify Key" appears at once a green marker at the message, but the lock is still showing up with a yellow question mark. The contact bar at the top is also shown in yellow. Thus the user does not know the actually state.
  • The lock kept open, when I clicked on “start OTR”, so it didn`t work and I don`t even know why. (Description box needed!) I later realized that it only worked when the person I was sending the message to was online. I would like to send a secure message to an offline person, but don`t know how. Need I download the OTR Keystore then? This friend also didn`t get my messages at all and I didn`t know that, because no error sign occurred. (See “error prevention”)
  • When I added a contact, he showed up in the contact list twice. I deleted one of them… later “both” accounts were gone, so I fully deleted the contact by accident.

 

Match between system and the real world

  • Clicking the lock with red cross shows "Start OTR". Maybe some unskilled users will not know that “OTR” means Off-the-Record Messaging. So they don’t know, if OTR is about the encryption or not.
  • I only found the “import OTR keystore”-button just by accident! I also don`t know why I should import it, because the OTR seems to work even without the import.
  • Use of traffic light colors (red, yellow, green) is known to the user from the real world. However, for first time users may not be immediately clear what color means what.
  • When sending an image it has a yellow label, but the message before and after are marked green. The user don’t know why.
  • A message is marked in green but under the message comes a cross. The message is encrypted but was not sent? Maybe the user will be confused.


 

User control and freedom

  • After select a function (encryption, add file, menu) in an open chat you just click in the chat box which is still visible. This is intuitive as undo and sufficient.
  • If you are in the chat and would like to go back to the list of contacts, this is possible by swiping to the left or clicking back button (Samsung phone). The swiping isn’t very intuitive.

Consistency and standards

  • If you click on a message the window to "Verify" open. This isn’t expected by the users because this action should come only by clicking the lock. Moreover, it leads to confusion when the message is already marked as green but still opens a window for verification.
  • The touch screen doesn`t work sometimes, when clicking on “Add a contact”.
  • Most elements inside ChatSecure are clickable. For example the status button or the current status message. The name of the chat partner is underlined. For the first time I have thought it is clickable and tried it. This means I expected a reaction on my click, like the other interface elements would do. Later a figured out that this marks the current chat-tab.
  • If you open up the context menu you will see an exit button at the bottom. In my opinion this should not be there. Instead this functionality should be provided by the home button.
  • The settings menu is hidden behind the three points. Today most mobile device users expect some kind of gear-wheel or screw-wrench. Maybe it would be better to change the three points into something like that. If the three points are a place-holder for an collection of options it should be more clear what is meant with this symbol.

Error prevention

  • If you have already opened the keyboard to write a message and then goes back to the contact view, the keyboard is still open. Typing some characters and they are displayed in an over layer. (Screenshot) If you now close the keyboard this text is still be shown, even if you move to another contact. The keyboard should therefore be closed automatically when you go back to the contact list in order to avoid such errors.

   

  • Contact appears offline even though it is online. The chat with the contact, however, is still possible.

 

  • The explanation of the dialog says you should enter the email address of the person you would add. This could my be confusing because people could think they could add all people with an email address.
  • If one accidentally touches the area outside the dialog box the process of adding a contact is stopped. The annoying point is that one has to type in the data again if you want to add the contact.

Recognizing rather than recall

  • Open the contact view from a chat window (swipe to the left) is not intuitive. Instead of the way to swipe to the previous and next contact, you could always put a link to the contact list.
  • I didn’t know my messages weren’t sent at all. My message window was all empty. I couldn`t see that I did not send my friend something nor could I see her messages.

Flexibility and efficiency of use

  • Change the status is hidden behind a small green dot. This function is therefore only for experienced users or people who click anywhere discoverable. That’s okay, because in my opinion this feature is not absolutely necessary. A personally design is not possible with the App.

 

  • I didn`t understand the box that plopped out, when I wanted to import the OTR keystore. (And don`t know what it is for, by the way.) It was only open for a few seconds, so I couldn`t read all of it. After I read it 3 times, I still didn`t found this file, the window wanted to lead me to.

 

Aesthetic and minimalist design

  • The menu is a mix of German and English words. It would be better if it would be limited to one language.

 

  • After starting OTR a lock with a yellow question mark appears above. Now the messages have a yellow mark. When you click on the question mark, the possibility of verifying and ending the OTR appears (Verify Key / Beende OTR). Here the German / English mix is also unfavorable for the user.
  • In the top status bar of the phone, a corresponding icon is displayed in case of a new message. This icon is useful if the app is not open yet. However, the Chat Secure icon is also shown in the status bar permanently if the app is running. That means if you get a message you have 2 icons of Chat Secure in the status bar. Will there be more icons of WhatsApp etc. the bar will be full very quickly. Therefore the always visible Chat Secure icon should be removed.
  • After typing in the name in the contact box, I wanted to click on “invite”. For that I clicked in the red box below, because I intuitively thought, I would come to the interface before. Maybe it is better to place the “invite”-button somewhere in the red box, because you won`t have to click the keypad away then.

 

the "invite" button is unseen

 

the interface before

Help users recognize, diagnose, and recover from errors

  • I have not received any error message from the app. Therefore, no statement about the intelligibility of the message and the quality of the solution paths are taken.
  • Error messages very technical and not saying in former versions. Details are fine if one knows how to deal with, but it would be better to give a description of the problem and add an detail Button to see the exact problem.

Help and dokumentation

  • A help is not available in the menu. This would be very helpful for "beginners". E.g. the traffic light system for the security of the message isn’t immediately clear. It would be nice to have a short tutorial explaining the background for the user. This should easily explain what is OTR, what is a fingerprint and maybe some reasons why one should use the encryption. It could also ne nice to have a short Q/A part where some basic questions like 'Where did i find ...' or 'Is this possible ...' are answered.