[messaging] Let's run a usability study (was Useability of public-key fingerprints)

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Feb 13 15:27:06 PST 2014

On 02/13/2014 05:58 PM, Trevor Perrin wrote:
> (A)  Users aren't able to communicate unless they enter each other's
> public-key fingerprint.  That wouldn't work for a general
> communication tool, as the high entropy of fingerprints makes them
> awkward to handle, and the extra security of a manual fingerprint
> check isn't needed for many conversations.  A tool that required this
> would be rejected by most users.

to be clear, i'm not proposing that each and every conversation would be
preceded by tedious fingerprint verification or entry.  This would be
done once per contact, after which it would get out of the way.  Do you
think that cost of entry is still too high?

> (B)  If the user chooses to check a fingerprint, the tool presents an
> "entry" UI instead of a "display" UI.  I think I can compare strings
> faster than I can transcribe them (particularly on a phone or tablet),
> so a tool that forced me to enter it would be annoying, IMO.

I'm quite sure that comparison is faster than transcription,
particularly if the comparison is based on well-aligned,
identically-formatted strings (which is not actually how most
fingerprint comparisons are done today, in my experience).  But i'm not
convinced that comparison is more accurate than transcription.  If
accuracy/correctness is the goal, what sort of tradeoffs are we willing
to accept?

While we're talking about usability studies, this question (about
transcription versus comparison, measured by accuracy and speed) seems
like it's narrowly-scoped enough that it could make for a good
experiment based on a single fingerprinting scheme.  Comparison across
fingerprinting schemes would be a natural extension once the other
details were worked out for a single fingerprint.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140213/408e95e2/attachment.sig>

More information about the Messaging mailing list