Login

Redecentralize

We’ve had enough of digital monopolies and surveillance capitalism. We want an alternative world that works for everyone, just like the original intention of the web and net.

We seek a world of open platforms and protocols with real choices of applications and services for people. We care about privacy, transparency and autonomy. Our tools and organisations should fundamentally be accountable and resilient.

Home

Parent
Geoffroy Couprie [LibreList] Re: [redecentralize] Spring of User Experience 2014-02-28 19:33:08 (5 years 7 mons 16 days 19:34:00 ago)
Hi,

The problem between security and UX often bogs down to the approach in development. Crypto apps have a bottom up approach: we have a crypto protocol, let's build a UI around. That's what we saw with GPG, client cert authentication, etc.
When you take a top down approach, you design the interaction of your system, then adapt cryptosystems there, and you may end up with requirements that current crypto cannot meet, or applying raw crypto APIs that have no good mapping to UX problems.

We need more crypto wrappers to provide usable APIs (good algorithms default, sane use of  RNG, etc) with clearly defined boundaries (embedding the protocol's state machine instead of asking the developer to write it) and good abstractions (the developer should not have to worry about repeating IVs or verifying a MAC). I see that approach in NaCl or the new Python cryptography project. It takes time to write those abstractions, but it is rewarding.

Also, we need clear definitions of what a protocol can and cannot do. there are a lot of wonderful crypto primitives that could be exploited if people knew about it, instead of writing yet another broken scheme with RSA and AES.


On Fri, Feb 28, 2014 at 7:00 PM, Adam Ierymenko <adam.ierymenko@zerotier.com> wrote:
Most programmers don't realize the immense importance of user experience. It's the entire reason for Apple's success, for example... OSX was not technically superior to Linux in any way but it offers a vastly superior user experience.

I think a common and dangerous myth is that good UX is for "noobs" and "non-computer people." I've been programming since I was four and was a Linux user since 1992, but I love my Mac and I love really good user interfaces and zero-configuration apps. Why? Because I have better things to do than futz around with my computer to get it to work. I am way, way too busy for that. I *hate* things that make me climb a steep learning curve to do something trivial, or that require me to jigger with them to get them to work. I'd much rather be coding, writin g, or doing things in the real world like spending time with my family.

I did sort of enjoy jiggering with things like Linux when I was learning, but that's because I was learning and learning is fun. Now that I know how to admin a machine, I don't want to do that anymore. I want to do new things.

That being said, there is often a tension between security and UX. Security is often accomplished through the erection of barriers, requiring the user to do extra steps. Good UX is often achieved through automation that involves trusting third parties or doing things the "easy" (insecure) way. But I don't think it has to be this way. In particular, I think cryptography offers many opportunities for using clever math and cryptographic transform composition to do things in a way that is both user-friendly and very secure. But it requires a deep understanding of crypto to get there.

On Feb 27, 2014, at 12:20 PM, Francis Irving <francis@flourish.org> wrote:

Hi all!

Having interviewed many geeks, I now think the limiting factor in mass adoption is involvement of more design and user experience people in decentralization projects.

As I describe in the Gigaom article today, I also think designers are quite interested in this (post Snowden), and likely there are some who need good projects to help/start but don't know about this movement.

We are going to try and interview more people with that kind of background, who have done at least something tangible in this area.

Ideas I have:
Telegram - who does design stuff there?
Brennan from Mailpile - would it be good or weird for us to have a second interview of the same project, but on a different aspect?
IndiePhone

Any other suggestions?

Francis

PS Unhosted interview to come out soon!





--
: