[messaging] Let's run a usability study (was Useability of public-key fingerprints)
trevp at trevp.net
Thu Feb 13 14:58:31 PST 2014
On Thu, Feb 13, 2014 at 6:50 AM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> I'm actually concerned that none of this is
> relevant without a major UI overhaul that requires user transcription
> (or at least copy/paste from some other source) instead of user
> comparison. Transcription requires active participation *in order to
> get to the activity that they want to do*, instead of just "click yes to
> confirm", or any sort of after-the-fact steps (which will probably never
> get taken).
> I like the idea of trying to run such a study. I'm also interested in
> studies that compare specific interaction modes against one another,
> though. A tool that says "you can't send person X an encrypted e-mail
> until you have typed or pasted or QR-scanned their fingerprint" (which
> is remembered by your mail user agent thereafter for future sessions) is
> radically different than one that says "is this fingerprint correct for
> this person?"
> Is it possible that a good, usable tool could avoid ever showing
> fingerprints (or parts of fingerprints) of unverified keys, to ensure
> that the user has to actively confirm them from some external source?
I read this as two different proposals:
(A) Users aren't able to communicate unless they enter each other's
public-key fingerprint. That wouldn't work for a general
communication tool, as the high entropy of fingerprints makes them
awkward to handle, and the extra security of a manual fingerprint
check isn't needed for many conversations. A tool that required this
would be rejected by most users.
(B) If the user chooses to check a fingerprint, the tool presents an
"entry" UI instead of a "display" UI. I think I can compare strings
faster than I can transcribe them (particularly on a phone or tablet),
so a tool that forced me to enter it would be annoying, IMO.
More information about the Messaging