security

Over the last six months, we’ve been updating our Usable Security Audit Methodology to better reflect our current practices, the advances in our fields of interest, and accessibility as a core principle. Through an inventory of our tools and practices, surveying the field to find similar work we admire, and workshops with close collaborators and community members, we revamped our approach, which we’re now calling our User Experience Toolbox for Risk Mitigation and Accessibility.

Outlines Superbloom's approach to evaluating and mitigating risks in software projects through practices focused on accessibility, usability, and security. It provides a framework of tools and guidelines to help teams build trust with users while designing human-centered and rights-respecting digital experiences.

With support from the Open Technology Fund Secure Usability and Accessibility Lab, UX Designers, User Researchers, Digital Security Trainers and OSS tool builders gathered at RightsCon 2023 for the Human Rights Centered Design convening. We held critical discussions about the challenges and opportunities that sharing user insights could bring to how OSS tools for human rights needs are built in ways that are more context sensitive and specific, and share these insights here

Designing for Security

Superbloom will be hosting five sessions at the Mozilla Festival (Monday, March 20 - Friday, March 24 2023). If you’ll be there, we’d love to see you, meet you and get to know you. Come join us! Want to learn how to design a Tech Policy playbook? Are you interested in global tech transparency? Would you like to find out how shadow data affects you? Do you want to understand design’s impact on encrypted messaging? Are you looking for how to center human rights in usability? Join us and 1000s of others at MozFest 2023! This year’s event will be held in person in Amsterdam and online and the Superbloom team will be participating in five of the 360+ sessions. Intrigued? Read more in our post.

Information security focuses on third parties’ access to user data without permission. Develop your knowledge of principles and practices to design transparent and accountable systems with our curated resources that include uses cases, emerging research issues, and the implications of current events for the field.

Our Design Spots video series provides quick answers to your UX questions.

We design with ideal conditions in mind, but the world is far from ideal. Design Under Pressure is a practical resource center to help you and your team proactively create products and services that hold up under stress cases.

Would you like to hear how the move from deceptive design to trusted patterns is critical to our shared future? Would you like to learn more about how to make encrypted apps more inclusive and accessible? Do you need on the spot design and UX aid and advice to improve your tools? Simply Secure team members will be joining six sessions during Rightscon 2022: June 6-10. We’d love to see you, learn about your work, and collaborate. Come join us! .

Through UX changes, we helped guide Mailvelope users through the headaches of key management.

FileZilla is a popular open-source file transfer protocol (FTP) certificates with explanation and reassurance. Here we share how we tackled a FileZilla Server team to complete user research and provide design recommendations toward the goal of guiding users on how to set up TLS technical challenge as designers through strategic knowledge gathering.

In partnership with the New Design Congress, our team prepared a new research report examining consent in complex data systems.

With support from Internews, our team helped improve a VPN that helps human rights defenders and journalists access the internet safely. We implemented a unique usability testing process that protects user privacy and overcomes typical remote testing challenges.

Amnesty International asked our team to help improve UX design for defenders and their communities. PhishDetect, an innovative open-source browser extension for human rights.

What are stress cases? When an aspect of a person or a context is pushed to an extreme, that’s a stress case. Some people refer to a stress case as an “edge case.” We prefer the term “stress case” (which we learned about from Eric Meyer and Sara …

A roundup of some of the interesting research presented at SOUPS 2019.

These are additional considerations for conducting user research involving high-risk participants. From our video series, Design Spots.

How can design help make your tool more secure? We have three places to start. From our video series, Design Spots.

IoT security needs UX design to appropriately manage complexity.Architecture school teaches how to design for an IoT context with privacy in mind.

Get prepared to discuss security with more technical team mates. If you’re a designer, learn useful background information.

My last post examined the concept of phishing, which is a type of social-engineering attack to con people into divulging private information like passwords or credit card numbers. When you look for advice on how to protect against phishing, most of …

One of the highlights of HybridConf 2016 was hearing writer Stevyn Colgan talk about his time as a police officer at London’s Scotland Yard. He entertained the audience of UX designers and front-end developers with stories from his book, Why Did the …

Most people who spend time online have a general idea of what “phishing” is, but it can be hard for folks outside of the security community to pin down an exact definition. Understanding the threat that phishing attacks pose can help designers and …

We are pleased to announce a new collaboration with the Open Technology Fund as part of their Usability Lab project. This exciting initiative will allow open-source software projects to apply for free assistance with user-experience (UX) design as …

It can be hard to communicate about security-related features with users who aren't already security experts. From word choice to the level of detail included, it's easy to overwhelm people with information, leave them scared, or bore them to …

Recent attacks byDaesh in Turkey, Egypt, Lebanon, and Paris have fanned the flames of an ongoing debate about software that is resistant to surveillance. It seems that some participants in that debate are trying to use these attacks as an excuse to …

My recent post describing some of the reasons we choose Slack over IRC for our public forum is part of a larger conversation people are having around the promise and concerns of group-communication tools. A quick search for “Slack vs. IRC” yields a …

I really enjoyed being part of the emerging-work track, HotPETS, at the Privacy Enhancing Technologies Symposium earlier this month. From meeting lots of great people to getting face-time with the Simply Secure team, Philadelphia was fun. Scout and I …

This is the third and final installment in the series on Lessons from Architecture School: Lessons for IoT Security. You can also read the first and second installments, or download the presentation. Thank you to the audience at Solid Conference for …

This continues Part 1 of a series of posts drawn from a talk I gave at O’Reilly’s online conference Experience Design for Internet of Things (IoT) on “Lessons from Architecture School for IoT Security.” You can find the slides for the original talk …

This is the first in a series of posts pulled from a talk I gave at O’Reilly’s online conference Experience Design for Internet of Things (IoT) on “Lessons from Architecture School for IoT Security.” The talk is a call to action for designers and …