Here are some thoughts from today about a discussion we had on Twitter about representing a message property in a messaging app UI. I’ve tried to make it as coherent as possible. I may have failed. Hopefully not.
What is TextSecure?
Textsecure is the excellent SMS and data messaging app 1)Textsecure on Wikipedia from WhisperSystems 2)WhisperSystems the open source project founded by Moxie Marlinspike the open source project.
It is designed to provide the user with end to end privacy unlike WhatsApp 3)Steal WhatsApp database proof of concept by Bas Bosschert (warning: heavy technical details!) , Line 4)LINE users scammed due to security hole, Viber 5)Viber accused of spying on users.
Why is it different than other applications?
When Textsecure user communicate with others who also use Textsecure, it provides them with end to end encryption of their messages. The contents of their messages can not be read by 3rd parties.
SMS
If they communicate with other Textsecure users over SMS, it will encrypt the contents of their messages, protecting them. However the meta-data of the conversation (who sent SMS to who, when, and from what physical location) is still exposed.
Push messaging
To try and combat the exposure of this meta-data WhisperSystems have developed an encryption mechanism, mediated by infrastructure under their control, which limits (or possibly removes?) this meta-data exposure, and providing encryption also.
Why is this important?
It’s important as the users are not at risk of of interception of their messages, and surveillance of who they are messaging.
The problem
Since messages can have different states, there needs to be a way of representing each.
- sent by SMS and not encrypted
- sent by SMS and encrypted
- sent by PUSH messaging and encrypted
A discussion on Twitter mentioned that the use of colour was not ideal:
@moxie re Textsecure, can you consider icons rather than colours to show which protocol was used? It’s a bit too extreme as it is now.
— Smári McCarthy (@smarimc) May 1, 2014
So after a few overs and back, @moxie mentioned the discussion thread 6)Discussion thread on the Textsecure Github repo, where people were discussing this:
@smarimc @bernardtyers @jilliancyork @shokufeyesib You all might want to join the larger discussion of this here: https://t.co/lFYtNVHkVT — Moxie Marlinspike (@moxie) May 1, 2014
So, here are my opinions – partly as a Textsecure user and partly as a user centred designer.
I am speaking as a European user who is privacy sensitive, the most importance piece of information I want to know is if my message is encrypted or not.
In the thread mentioned above, there was discussion about the design patterns to follow, if iOS’s model of green for SMS and blue for iMessage was a good model to follow. My opinion would be Android is different than iOS. There are a few ways to handle this.
- if there are no plans to bring TextSecure to iOS, then TextSecure should follow Android design guidelines because it’s an Android application. No-brainer. I can’t think of *any* valid user centred design reasons why you would have iOS design patterns in an Android application.
- if there are plans to bring TextSecure to iOS then maybe you might want to take into account making TextSecure look the same on both. The reason is this will assist users when they switch from one to the other. Because, some will. It’s a given.
- or possibly keep the Android UI close to the Android guidelines and develop an iOS version close to iOS guidelines
That decision will ideally be informed by user research, talking to users, and measuring iOS user requests for an iOS version.
It would be farking wonderful if a TextSecure client could be developed to private iOS users with private SMS and push messages.
Is there a need to communicate what transport is used for the message?
In terms of communicating if the message is sent over SMS or over PUSH, there needs to be a decision if it is a characteristic users WANT to know. Asking users is a good way. 🙂
Get a simple survey together and ask TextSecure users to fill it out. Provide it in anonymous form. I’d happily help put it together.
Speaking as a user living in Europe where I have unlimited (almost) SMS’s, I don’t mind if it is sent over SMS or PUSH. However, if I am a user in the US and SMS costs a lot, and I have a data plan, then maybe I want to know.
@bernardtyers Users with crappy SMS plans do…SMS is expensive from the US to other countries.
— Jillian C. York (@jilliancyork) May 1, 2014
Possibly more important is: if sending a PUSH message is provably more secure than sending an encrypted SMS, then maybe I need to know how it was sent.
How to represent transport in the UI
Colour
From a user centred design point of view, it is not ideal. There are a number of reasons:
- It is not accessible to people who are colour blind. Red/Green colour blindness affects approx 10% of all men. As a result, they will not see this.
- In itself colour does not convey any meaning. The first time user will have no idea what it means.
- There is a a need for the user to retain recognition – does blue mean PUSH or does green mean PUSH? I don’t remember. I do not agree that there is a higher cognitive load associated with colour. More a higher recognition need. I’m happy to be proven wrong with some real research. 🙂
A Textsecure user on Twitter mentioned she also found it unhelpful:
@bernardtyers Can that be changed? Not only it doesnt help, it hinders us ADHD ppl. @jilliancyork @smarimc @moxie — Lisbeth Salander (@shokufeyesib) May 1, 2014
Possible solution
Inform the user first time of install to what the colours mean. Like those “silk screen” walk-throughs. Just a thought.
Text
Using words like “SMS” “PUSH”, etc have some issues…
- Translation (if they are to be translated)
- People with dyslexia. I do not know if there is any research focusing on the minimum/maximum number of characters people with dyslexia can have issues with. I have asked some other HCI friends who know more about it.
- There could be issues with cultural understanding – is “PUSH” English jargon? I know what it means, but does a non-technical user from understand?
Possible solution
Text *may* be a good option, but the char count would need to be short – something like “SMS” “PUSH”, “DATA”.
Icons
1. Lots of icons are not good. Ever.
2. Icons are the lazy approach. 🙂
Possible solution
TextSecure tries to send the message via the most secure transport possible:
- If it succeeds, only display that it the message is secure.
- If that fails, then fall back to SMS, and show both using icons a) the message was sent by SMS and b) that is was sent insecurely.
Possible ways to get a better decision
It would be good to get feedback from first time users as to their understanding of the colours.
Get some new users and ask them what they think the colours mean. Don’t tell them what it means, let them figure it out, or not, themselves.
I’d be happy to put together a small user testing session if someone can point some new users towards me.
I’d be interested to hear what others have to say.
References
> Speaking as a user living in Europe where I have unlimited (almost) SMS’s, I don’t mind if it is sent over SMS or PUSH.
You are a exception then many European have a limited monthly SMS usage. it is important to know which way the data flow.
Hi SM,
Yes good point. It is true that different European countries have different SMS bundles.
The real question was, which is more important to know:
A. if the message was transmitted privately
or
B. how the message was transmitted?
a, b in that order.
For A: even if over whispersync, I would still like to see confirmation of encryption.. I would also rather lock icons over color to differentiate encryption or not. It is instantly understood by all (or at least most). To be honest I had to google to find what colors meant
For B: it’s more informational and could be done away with or have an option to enable it.