Ame Elliott

Transcript

1. UX PROTECTING DESIGN ame elliott // @ameellio // [email protected] FROM

   BUSINESS TO BUTTONS // 15 MAY 2018 TRUST + PRIVACY IN A CONNECTED WORLD

2. DESIGNERS DEVELOPERS RESEARCHERS USERS Simply Secure is a nonprofit for

   security, privacy, ethics, people 2

3. | I |--->| H | +---+ +---+ ^ | +---+

   +---+ | | H |--->| I | | +---+ +---+ +---+ ^ | G | / +---+ +---+ +---+ +---+ / | F |--->| H |--->| I | ^ / +---+ +---+ +---+ \ / ^ \/ / +---+ +---+ +---+ +---+ +---+ | F | | G |--->| I |--->| H | | M | +---+ +---+ +---+ +---+ +---+ ^ ^ ^ | / | +------+ +-----------+ +------+ +---+ | TA W |<------| Bridge CA |-------->| TA X |-->| L | +------+ +-----------+ +------+ +---+ / ^ \ \ v \ v v +------+ +------+ +---+ +---+ | TA Y | | TA Z | | J | | N | +------+ +------+ +---+ +---+ / \ / \ \ \ v v v v v v +---+ +---+ +---+ +---+ +---+ +----+ | A | | C | | O | | P | | K | | EE | +---+ +---+ +---+ +---+ +---+ +----+ / \ / \ / \ \ v v v v v v v +---+ +---+ +---+ +---+ +---+ +---+ +---+ | B | | C | | A | | B | | Q | | R | | S | +---+ +---+ +---+ +---+ +---+ +---+ +---+ / \ \ \ \ \ \ v v v v v v v +---+ +---+ +---+ +---+ +---+ +---+ +---+ | E | | D | | B | | B | | E | | D | | T | You don’t need to be a cryptographer to work in security +---+ +---+ ^ | +---+ +---+ | | H |--->| I | | +---+ +---+ +---+ ^ | G | / +---+ +---+ +---+ +---+ / | F |--->| H |--->| I | ^ / +---+ +---+ +---+ \ / ^ \/ / +---+ +---+ +---+ +---+ +---+ | F | | G |--->| I |--->| H | | M | +---+ +---+ +---+ +---+ +---+ ^ ^ ^ | / | +------+ +-----------+ +------+ +---+ | TA W |<------| Bridge CA |-------->| TA X |-->| L | +------+ +-----------+ +------+ +---+ / ^ \ \ v \ v v +------+ +------+ +---+ +---+ | TA Y | | TA Z | | J | | N | +------+ +------+ +---+ +---+ / \ / \ \ \ v v v v v v +---+ +---+ +---+ +---+ +---+ +----+ | A | | C | | O | | P | | K | | EE | +---+ +---+ +---+ +---+ +---+ +----+ / \ / \ / \ \ v v v v v v v +---+ +---+ +---+ +---+ +---+ +---+ +---+ | B | | C | | A | | B | | Q | | R | | S | +---+ +---+ +---+ +---+ +---+ +---+ +---+ / \ \ \ \ \ \ v v v v v v v +---+ +---+ +---+ +---+ +---+ +---+ +---+ | E | | D | | B | | B | | E | | D | | T |

4. NO YES

5. UNDERSTAND
 RISK TO
 USERS PRACTICAL
 ADVICE LEAD
 THROUGH
 DESIGN

6. Who are you worried about having your data? It depends

   on your threat model COMPANIES GOVERNMENTS HACKERS STALKERS

7. Image: Kajart Studio’s Tor Browser explanation
 http://www.kajart.com/portfolio/tor-project-educational-animation-english/ Corporations and governments

   gather data about us

8. 8 Twitter and US National Security Letters in 2014

9. People expect bike sharing apps to track their location and

   use the camera

10. Why does a bike sharing app need to read your

    home settings and shortcuts and transfer that data?

11. 11 http://www.theregister.co.uk/2015/10/19/bods_brew_ikettle_20_hack_plot_vulnerable_london_pots/ 114 € iKettle hacked to show location on

    a map

12. 12 IoT botnets harm society, not only individual consumers

13. UNDERSTAND
 RISK TO
 USERS PRACTICAL
 ADVICE LEAD
 THROUGH
 DESIGN

14. Content strategy, brand, and tone are opportunities to communicate privacy

15. Slackbot reads all, but doesn’t comment in 1:1 direct messages

16. Graphic by Dan Grover Beyond “usable,” interfaces must be understandable,

    accountable, trusted

17. Read receipts use a limited visual vocabulary to change behavior

18. LEAD
 THROUGH
 DESIGN PRACTICAL
 ADVICE UNDERSTAND
 RISK TO
 USERS

19. Phishing is the attempt to obtain sensitive information like _

    user names
 _ passwords
 _ credit card details by masquerading as a trustworthy entity in an electronic communication. – Adapted from Wikipedia

20. Defense: Writing style guide for consistent tone builds trust 20

21. 21 http://berlinstreetwear.com/signup/? id=43289s32 https://berlinstreetwear.siliconalllee.com https://berlinstreetwear.siliconallee.com https://berlinstreetwear.com/ezpay https://berlinstreetwear.ezpay.com https://ezpay.com/berlinstreetwear Easy to

    spoof Your site, not 3rd party http://acm.us2.list-manage.com/track/ clicku=db7c289da&id=e70bf2b789&e Content strategy and site information architecture prevent phishing with good URLs

22. Defense: Style guides codifying visual design build trust

23. LEAD
 THROUGH
 DESIGN PRACTICAL
 ADVICE UNDERSTAND
 RISK TO
 USERS

24. NO YES

25. 25 https:// simplysecure.org/ knowledge-base

26. [email protected] GET YOU THANK INVOLVED ! @simplysecureorg @ameellio [email protected]