[messaging] Let's run a usability study (was Useability of public-key fingerprints)
infinity0 at pwned.gg
Thu Mar 6 09:29:16 PST 2014
My previous comment about SSH was a bit inaccurate.
- ask-on-first-use, "allow" implies "key was verified" (1)
- warn if the key later changes
- because of assumption (1), no way to allow-and-verify-later (but in practise, I guess other people do this)
- warn if the key later changes
- can verify-later, but this is not stored, so (unless you have a good memory) you don't know which keys were already verified
- no concept or UI indication, on which keys were verified
- warn if the key later changes (I've never actually seen this, but I assume it does that)
- for unverified keys, it shows the convo as orange
- can verify-later, then it turns the convo green and remembers this state
I prefer the ChatSecure model, but the reason why TextSecure doesn't do it is because (they argue) the orange/green distinction is confusing. But then, perhaps we can have a different "advanced" screen where this distinction is made?
On 06/03/14 17:18, Ximin Luo wrote:
> (Recent versions of) TextSecure differ from many other products, in that there is no way to *remember* which contacts you have verified. Moxie thinks this is a usability improvement, but I think it's a security hole.
> I don't know of any product that does this. Even SSH remembers which non-verified keys you have implicitly allowed.
> I'm not saying it will completely invalidate a study, but it will definitely affect things from a user's POV. So, keep it in mind when doing a usability study using TextSecure.
> On 06/03/14 16:27, Christine Corbett Moran wrote:
>> The good news is that you don't need a partnership with an academic versed in experiment and data analysis to run one of these.
>> The bad news is that it may not generalize between clients.
>> But if anyone wants a candidate client to do a sort of study like that I suggest TextSecure =)
>> On Thu, Mar 6, 2014 at 5:13 PM, Tony Arcieri <bascule at gmail.com <mailto:bascule at gmail.com>> wrote:
>> On Thu, Mar 6, 2014 at 4:49 AM, Christine Corbett Moran <corbett at alum.mit.edu <mailto:corbett at alum.mit.edu>> wrote:
>> What we'd need to get started is a list of methods we'd want to test, and some comparisons based on those methods to incorporate in the experiment.
>> I'd like to see more studies like the Cryptocat one:
>> The area of the most confusion — to the point where it made the users feel threatened or panicked — was the user information screens (either for a specific buddy or the user themselves). *Though “fingerprint” is widely known by cryptography and security experts, it is, at the end of the day, jargon*. There were several participants who immediately associated “fingerprint” with a negative connotation (i.e., leaving a fingerprint at a crime scene). Their tone was panicked in asking their questions on this issue, and were unsure of why that information needed to be displayed, and if it was even safe to display. There were a handful of users who understood encryption technology at a very basic level who were not confused by the terminology on this page, but were unsure of what to do with this information.
>> Tony Arcieri
> Messaging mailing list
> Messaging at moderncrypto.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 880 bytes
Desc: OpenPGP digital signature
More information about the Messaging