Design Practice
How a tool is designed—its user experience, its visual language, how it is understood and how its users can learn more about it—strongly impacts end user privacy and security.
The following practices realted to the design aspect of software development are linked to end user privacy and security.
Default Settings
- Downloads and installs automatic updates by default
- Uses encryption by default when downloading updates
- Verifies the source of encrypted updates by default
- Creates a user identity that is pseudonymous by default
- Hides communication metadata by default
- Communication is end-to-end encrypted by default
- Local data are encrypted by default
Ease of Use
- Provides different interfaces for beginner and advanced users
- Uses language appropriate for beginners
- Provides a clear description of what will result from user choices
- Includes recommended settings
- Includes configuration templates
- Provides a consistent interface across platforms
- Allows users to reset to default configuration
- Supports a "configuration history" that allows users to "undo" and "redo" settings
- Relies on setup "wizards" that take too long to complete
- Relies on setup workflows that encourage users to click "next" without absorbing information
- Behaves in unexpected ways
- Requires users to change their passphrases too frequently
- Prevents users from pasting into password fields from the clipboard
Translation
- Provides pictoral guides that do not require translation
- Leverages iconographic/pictoral interface that does not require translation
- Provides translated documentation
- Provides translated interface
User Education
- Includes In-app guides
- Provides a clear "introduction"
- Tells users where to find trusted expertise (mailing lists, support forums, etc.)
- Provides an easy path to the right documentation on a given topic
- Provides a comparison with other tools
- Provides high quality user support
- Provides live chat support
- Explains the function of user interface elements
- Includes tool tips
- Offers downloadable guides for offline use
- Provides basic and advanced levels of documentation for each topic
- Tailors documentation to a range of threat models
- Tailors documentation to users with a range of technical fluency
- Provides an advanced guide for power users
- Cannot provide tailored user support without collecting personally identifiable information
- Relies solely on accusatory or guilt-inducing langauge to encourage secure user behaviour
- Provides too much information for users to realistically consume
- Relies on documentation that encourages users to click "next" without absorbing information
Notifications
- Relies on confusing or misleading notifications
- Does not provide notifications about (e.g. about key verification status)
Data Permissions
User feedback
- Cannot collect user feedback without collecting personally identifiable information
Disclosures and failure mode notification
- Provides error messages that explain what the problem is to help users fix it themselves, where possible
Iconography and visual language
- Leverages iconographic/pictoral interface elements that do not require translation
- Relies on confusing or misleading iconography
- Relies on culturally inappropriate or irrelevant iconography