Ame Elliott

7cf08d05c2c8a367865c8bd2a832ef85?s=47 inuse
May 18, 2018

Ame Elliott

UX Design for Trust: Protecting Privacy in a Connected World

7cf08d05c2c8a367865c8bd2a832ef85?s=128

inuse

May 18, 2018
Tweet

Transcript

  1. UX PROTECTING DESIGN ame elliott // @ameellio // ame@simplysecure.org FROM

    BUSINESS TO BUTTONS // 15 MAY 2018 TRUST + PRIVACY IN A CONNECTED WORLD
  2. DESIGNERS DEVELOPERS RESEARCHERS USERS Simply Secure is a nonprofit for

    security, privacy, ethics, people 2
  3. | I |--->| H | +---+ +---+ ^ | +---+

    +---+ | | H |--->| I | | +---+ +---+ +---+ ^ | G | / +---+ +---+ +---+ +---+ / | F |--->| H |--->| I | ^ / +---+ +---+ +---+ \ / ^ \/ / +---+ +---+ +---+ +---+ +---+ | F | | G |--->| I |--->| H | | M | +---+ +---+ +---+ +---+ +---+ ^ ^ ^ | / | +------+ +-----------+ +------+ +---+ | TA W |<------| Bridge CA |-------->| TA X |-->| L | +------+ +-----------+ +------+ +---+ / ^ \ \ v \ v v +------+ +------+ +---+ +---+ | TA Y | | TA Z | | J | | N | +------+ +------+ +---+ +---+ / \ / \ \ \ v v v v v v +---+ +---+ +---+ +---+ +---+ +----+ | A | | C | | O | | P | | K | | EE | +---+ +---+ +---+ +---+ +---+ +----+ / \ / \ / \ \ v v v v v v v +---+ +---+ +---+ +---+ +---+ +---+ +---+ | B | | C | | A | | B | | Q | | R | | S | +---+ +---+ +---+ +---+ +---+ +---+ +---+ / \ \ \ \ \ \ v v v v v v v +---+ +---+ +---+ +---+ +---+ +---+ +---+ | E | | D | | B | | B | | E | | D | | T | You don’t need to be a cryptographer to work in security +---+ +---+ ^ | +---+ +---+ | | H |--->| I | | +---+ +---+ +---+ ^ | G | / +---+ +---+ +---+ +---+ / | F |--->| H |--->| I | ^ / +---+ +---+ +---+ \ / ^ \/ / +---+ +---+ +---+ +---+ +---+ | F | | G |--->| I |--->| H | | M | +---+ +---+ +---+ +---+ +---+ ^ ^ ^ | / | +------+ +-----------+ +------+ +---+ | TA W |<------| Bridge CA |-------->| TA X |-->| L | +------+ +-----------+ +------+ +---+ / ^ \ \ v \ v v +------+ +------+ +---+ +---+ | TA Y | | TA Z | | J | | N | +------+ +------+ +---+ +---+ / \ / \ \ \ v v v v v v +---+ +---+ +---+ +---+ +---+ +----+ | A | | C | | O | | P | | K | | EE | +---+ +---+ +---+ +---+ +---+ +----+ / \ / \ / \ \ v v v v v v v +---+ +---+ +---+ +---+ +---+ +---+ +---+ | B | | C | | A | | B | | Q | | R | | S | +---+ +---+ +---+ +---+ +---+ +---+ +---+ / \ \ \ \ \ \ v v v v v v v +---+ +---+ +---+ +---+ +---+ +---+ +---+ | E | | D | | B | | B | | E | | D | | T |
  4. NO YES

  5. UNDERSTAND
 RISK TO
 USERS PRACTICAL
 ADVICE LEAD
 THROUGH
 DESIGN

  6. Who are you worried about having your data? It depends

    on your threat model COMPANIES GOVERNMENTS HACKERS STALKERS
  7. Image: Kajart Studio’s Tor Browser explanation
 http://www.kajart.com/portfolio/tor-project-educational-animation-english/ Corporations and governments

    gather data about us
  8. 8 Twitter and US National Security Letters in 2014

  9. People expect bike sharing apps to track their location and

    use the camera
  10. Why does a bike sharing app need to read your

    home settings and shortcuts and transfer that data?
  11. 11 http://www.theregister.co.uk/2015/10/19/bods_brew_ikettle_20_hack_plot_vulnerable_london_pots/ 114 € iKettle hacked to show location on

    a map
  12. 12 IoT botnets harm society, not only individual consumers

  13. UNDERSTAND
 RISK TO
 USERS PRACTICAL
 ADVICE LEAD
 THROUGH
 DESIGN

  14. Content strategy, brand, and tone are opportunities to communicate privacy

  15. Slackbot reads all, but doesn’t comment in 1:1 direct messages

  16. Graphic by Dan Grover Beyond “usable,” interfaces must be understandable,

    accountable, trusted
  17. Read receipts use a limited visual vocabulary to change behavior

  18. LEAD
 THROUGH
 DESIGN PRACTICAL
 ADVICE UNDERSTAND
 RISK TO
 USERS

  19. Phishing is the attempt to obtain sensitive information like _

    user names
 _ passwords
 _ credit card details by masquerading as a trustworthy entity in an electronic communication. – Adapted from Wikipedia
  20. Defense: Writing style guide for consistent tone builds trust 20

  21. 21 http://berlinstreetwear.com/signup/? id=43289s32 https://berlinstreetwear.siliconalllee.com https://berlinstreetwear.siliconallee.com https://berlinstreetwear.com/ezpay https://berlinstreetwear.ezpay.com https://ezpay.com/berlinstreetwear Easy to

    spoof Your site, not 3rd party http://acm.us2.list-manage.com/track/ clicku=db7c289da&id=e70bf2b789&e Content strategy and site information architecture prevent phishing with good URLs
  22. Defense: Style guides codifying visual design build trust

  23. LEAD
 THROUGH
 DESIGN PRACTICAL
 ADVICE UNDERSTAND
 RISK TO
 USERS

  24. NO YES

  25. 25 https:// simplysecure.org/ knowledge-base

  26. slack@simplysecure.org GET YOU THANK INVOLVED ! @simplysecureorg @ameellio ame@simplysecure.org