IFD:Nutzerstudien WiSe1314/Sicherheit endpresentation (security)

We questioned ourselves what we would expect of a secure chat design. First, it should be easy to handle, of course. It should provide an uncomplicated and plain interface, where you can figure out the functions fast and remember them for the next time. It’s essential to spare symbols that confuses the user or that are barely necessary by themselves. So we searched for some design ideas to answer the question: What can I do to guarantee a conveniant handling of the chat?

We looked at the interface of the message window in perticular. People should immediatly see that it's a secure chat through its design. So we searched for possible symbols that provide security and tried out some designs to improve the current look of the chat. Examples had been locks and shields in many variations. We also tried out various colors to make clear the differences between functions. (Habt ihr da noch eure Bilder von?)

For our interviews, we tried to choose open questions that don’t require a yes or no, but longer answers. So we would find out more about what our test subjects like or not.

Main questions have been:

• What chats do you use?
• Are you happy with them or would you want to improve something?
• Which functions are important for you?
• Have you ever think about the security in the chat programs?
• Are you feeling secure in your currently used chats? If no, did you restrict yourself in some way and how far?
• What are the limits of effort you would accept to feel safer in a chat?
• Have you ever been attacked before?

We interwiewed ten people of these courses of studies below. Since we all studies something similar we had an easy access to them.

Preparation for the interviews Student 1: The preparatioin was quite easy for me, because I’ve already known the test subjects. It was fast done to find a fixed date. During the interviews II realized that I sometimes had to look between the lines to filter what my interview partner really thinks. So I got the most usable answers by questioning their answers (“Why do you think so?”) or ask a question like “So, do you think it’s like…?” I used pen and paper, I haven’t had audio equipment, but the written answers had been useful. Student 2:

Student 3:

The interviews Student 1: - Test subject 1: She is not quite satisfied with her current chat programs. Sometimes she holds back her opinion about political references and don’t give an access to her adress, e.g. in facebook. She’d like to have a chat that’s secure, but she only uses it, if all of her friends would use it, too, and if the chat would be . - Test subject 2: She knows about the dangers of someone that could spy out her messages, but it doesn’t bother her at all. As long as it isn’t someone that she knows and it could have consequences for her, she not interested in a secure chat. For her functions and look is more impotant. - Test subject 3: She is a quite cautios person that feels insecure all the time when being in the internet. She don’t hold back with her opinion, but writes messages with the perpetual feeling of “I can be watched now.” She would appreciate a chat that is secure, but one that is instinctively and simple to handle, because she gives up pretty fast and changes the app when she needs a longer time to figure out the single functions. Student 2:

Student 3:

Data Analysis We searched for specific answers in the interviews and looked how it could help to spot a problem. Then we put all our results together and created an affinity diagramm. (Wie machen wir des, das man die Wörter im Bild auch sieht? Drehen is blöd, oder?)

Results Most people use chat programs that are unsafe. The amount of friends that use a specific chat is more important. They know about the danger in these chats, but it doesn’t bother them enough to change to another one. Standard functions like Smileys and data/picture transfer should be offered There should be a function to create a group discussion Chats are used for job messages as for private ones User want to see (e.g. by a lock-symbol), if a program or message is secure or not Open Source programs provide trust The design should be functional AND appealing What we learned from our user research: We got a lot of information about the requirements and the possible use of a chat application. The most important features people wanted to be part of such an application where group chat functionality, image transfer, smileys and an easy to use but appealing interface. People often want to plan parties in a chat, so the group function could be necessary and image transfer is also an important factor of communication for most people. It was also interesting for us to find out that the main percentage of the users know about possible security issues: fear of being in a computer surveillance/being watched in general fear of theft of an account/a mobile device e.g. personal messages were posted on the pinboard because of a Facebook bug However, they did not try to find an alternative. Related to this we also found out that people using chat software for business had much more concerns about their personal information and especially the topic and content of the talk then the private users. Since insecurity in their currently chats doesn`t bother them much, they just haven`t thought about a secure alternative yet. Most important thing has always been, that all friends use the app/chat. They would change to a secure chat, where all friends are logged in, though.

Collecting Ideas

Based on our results, we’ve drawn some of our ideas on the paper and discussed them.

(Habt ihr da noch eure Bilder von, Leute? Bzw. könnt welche machen von euren Skizzen?)

Choosing Ideas and creating prototype

Prototype 1 Testing it / Results

When testing it, we found out that the colors had been irritating for our testperson.

Heuristic analysis To improve our prototype, we did a heuristic analysis to search for specific problems in the chat. This analysis is divided in ten subitems. We had been going through them all and found some problems which we wanted to take care of. For time reasons though, we couldn’t involve them all and since we didn’t know how the finger print item works for expample, we concentrated on the more realizeable problems for us.

Improvement

Protoype 2a) If the chat is unsafe, a pop up appears.

Prototype 2b)

If the message is secure (In the speechbubble in the middle picture is written: “start secure messaging”, because one problem was that user don’t know what OTR means.)

If the message is not secure, a pop-up comes out to tell the user what is going on and if he wants to continue or to cancel the message-sending:

Testing prototype

a)

b)

(Problems)

Improvement

Since ChatSecure is a chat where people want to chat secure obviously, we thought it would be a good idea to start the security function automatically. There is the possibility to cancel this, if someone doesn’t want that.

If someone writes a message and want to send it (or if someone clicks on the caution-symbol nest to the lock), a pop-up appears to remind the user to verify himself and/or his contact person.

If someone is asked to verify himself, a field appears asking him to do a finger print.

Testing again

Presentation

Student 1: Password security

Student 2:

Student 3:

We wanted to know how to improve the design and/or functions in Chat-Secure, regarding the security-problem. People should immediatly see that it's a secure chat through its interface. So we searched for possible symbols that provide security and tried out some designs to improve the current look of the chat.

We interwiewed ten people of these courses of studies below. Since we all studies something similar we had an easy access to them. We asked them about their chat behavior in general and especially how they think about security.

Main questions:

• What chats do you use?
• Are you happy with them or would you want to improve something?
• Which functions are important for you?
• Have you ever think about the security in the chat programs?
• Are you feeling secure in your currently used chats? If no, did you restrict yourself in some way and how far?
• What are the limits of effort you would accept to feel safer in a chat?
• Have you ever been attacked before?

How we analysed the data: We searched for specific answers in the interviews and looked how it could help to spot a problem. Then we put all our results together and created an affinity diagramm.

We chose them, because they are part of our social environment. We thought about what would be important for ourselves to develop the questions. Since we`re in the security-group we tried to focus especially on that topic.

Results:

• Most people use chat programs that are unsafe. The amount of friends that use a specific chat is more important

Yes, they do, but it doesn`t bother them.

• Standard functions like Smileys and data/picture transfer should be offered
• There should be a function to create a group discussion
• Chats are used for job messages as for private ones
• User want to see (e.g. by a lock-symbol), if a program or message is secure or not
• Open Source programs provide trust
• The design should be functional AND appealing

What we learned from our user research: We got a lot of information about the requirements and the possible use of a chat application. The most important features people wanted to be part of such an application where group chat functionality, image transfer, smileys and an easy to use but appealing interface. People often want to plan parties in a chat, so the group function could be necessary and image transfer is also an important factor of communication for most people.

It was also interesting for us to find out that the main percentage of the users know about possible security issues:

• fear of being in a computer surveillance/being watched in general
• fear of theft of an account/a mobile device
• e.g. personal messages were posted on the pinboard because of a Facebook bug

However, they did not try to find an alternative. Related to this we also found out that people using chat software for business had much more concerns about their personal information and especially the topic and content of the talk then the private users.

Since insecurity in their currently chats doesn`t bother them much, they just haven`t thought about a secure alternative yet. Most important thing has always been, that all friends use the app/chat. They would change to a secure chat, where all friends are logged in, though.

The interface should communicate security to the user. Therefore we want to improve the interface of ChatSecure in a way, that everyone is able to understand what is meant with the symbols. To create such a design, we drew some of our own design-ideas on a paper. It showed the message window and some applications and icons we added to it, e.g. the lock symbol next to the Accountname and in the speech bubbles itself. These things intensify the security-feeling. Then we discussed those ideas, made a prototype and tested it on a comrade who wasn`t in our working group.

The ideas of last week worked quite well, but not properly understandable. The problem of the red color we`d chosen for the Send-Button for an insecure message didn't work out. Our test subject thought the button couldn't be clicked at all. So, in the next week, we would look for similiar applications and how they deal with authentification and security methaphors. After that, we would improve our prototype with the results of the last weeks and try out different approaches to solve our problems, regarding the prototype itself, the layout and the colours. Then we would test it again.