[tor-dev] [Fwd: UX Principles]

Mike Perry mikeperry at torproject.org
Tue Nov 3 20:09:40 UTC 2015 

Nima sent this to me a while ago and I completely forgot to forward it
on. Note the Google docs and the PDF at the bottom.

Useful food for though for Tor Messenger, Tor Browser, and other
user-facing stuff.

----- Forwarded message from Nima Fatemi <nima at torproject.org> -----

Date: Fri, 24 Jul 2015 03:39:31 +0000
From: Nima Fatemi <nima at torproject.org>
To: Mike Perry <mikeperry at torproject.org>
Subject: UX Principles

Hi Mike,

sorry for late email. I was meaning to send you this sooner but I've had
a big pile of email, I had to take care of.

So the forwarded message below includes an attachment, which is the
Yee's principles and then there's another paper that linda has
mentioned, which is worth reading I think.

Here's that talk from Google Chrome's Elisabeth Morant that I mentioned
to you:

https://news.yahoo.com/video/yahoo-trust-unconference-security-ux-161037378.html

Here are the slides:
(the good stuff start from page 12)

https://docs.google.com/presentation/d/1i2Pwennj8PcsigACPA1oLpRNLd7BVC0oilsgKzAx2sY/edit?pli=1#slide=id.g999beac96_0_0

And here are my notes from the talk + my thoughts added to them:

- 1st principle: Don't annoy users, even with updates.

- People (even infosec ppl) ignore updates

- users are often worried that updates would change the interface, it
took them time and energy to get used to current things, they dont want
it to change (even if it's a good change)

- Enable auto-update by default with an option to opt out

- Give devs and users tools to time permission requests
- 2nd principle: allow mistakes!!! let them change their settings easily
if they've changed their minds

- settings windows doing similar thing should look similar and if they
do the exact things, they should look identical.

- make settings easy to discover
- 3rd principle: combat jerks [malicious-HS_maybe?]
	- danger is hard to communicate
	- how to tell users about the danger they're facing
	- infrastructure for detecting and reacting to badness
		- how to do this in a decentralized way?!
	- karma! tie user engagement to resource allocation (maybe useful for
HiddenServices?) (okay, right after writing this sentence, I started a
conversation in #tor-project. see the backlog, you might find it
interesting)
	- crowd consent

Let me know if I can be of any help.

Bests,

-- Nima

-------- Forwarded Message --------
Subject: Yee's principles
Date: Wed, 1 Jul 2015 05:51:05 -0700
From: Linda Naeun Lee <lnl at berkeley.edu>
To: Tor Project <nima at torproject.org>

Nima:

Here are notes. And another paper.

http://zesty.ca/pubs/yee-sid-ieeesp2004.pdf


-- 
Linda Naeun Lee

Graduate Student Researcher
Department of Computer Science
University of California, Berkeley








----- End forwarded message -----

-- 
Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20151103/7ef97d18/attachment.sig>

More information about the tor-dev mailing list