Developer and High-Risk User Studies

As secure messaging protocols face increasingly widespread deployment, differences between what developers believe about user needs and the actual needs of real-existing users could have an impact on the design of future technologies. Therefore, we are doing a detailed analysis of three projects and large-scale analysis of their users via interviews.

In the domain of secure messaging, the sometimes subtle choices made by protocol designers tend to elude the understanding of users, including high-risk activists. We’ll overview some common protocol design questions facing developers of secure messaging protocols and test the competing understandings of these questions using STS-inspired interviews with the designers of popular secure messaging protocols ranging from older protocols like PGP and XMPP+OTR to newer unstandardized protocols Signal and Briar.

Far from taking users as a homogeneous and undifferentiated mass, we distinguish between the low-risk users that appear in most usability studies (such as university students in the USA and Europe) and high-risk activist user-bases in countries such as Ukraine and Egypt where securing messages can be a matter of life or death.

Ksenia Ermoshina presented a “Can Jonny build a protocol? Coordinating developer and user intentions for privacy-enhanced secure messaging protocols” at the Euro Usability and Security Workshop (EuroCRYPT 2017), Paris, France. Download slides from the draft paper.