Liveblog from the Usability panel at RightsCon. It covered the Countersurveillance hackathon we had just wrapped up, a SF event headed by OpenITP but also linked to the recent Countersurveillance DiscoTechs. I typed this live and published right after the sessions for the day – please forgive typos etc.

Usability as a huge issue. Doesn’t matter how much we train if the software isn’t usable.

OpenITP has done two events around crypto and usability now – DC in January, and SF in March. OpenITP tools brought to be worked on. Not hard to do a hackathon on usability. Can get people in to improve documentation. User testing is a thing that can happen in a day. Making wireframes. We’ll do a report back on challenges faced, what people are doing usability-wise. What they’re doing to correct those things.

Barbara with Benetech
Martus – about 10 years old, end-to-end encryption for folk in the field doing human work. This is using old software and design patterns. We were super security-focused, but maybe did it wrong. Example of protecting against key logging by clicking with the mouse to put in a password. To avoid pattern recognition, we’ll randomize the screen every time. But people don’t use that.

You can get really detached from what the users want/will use. Even if we had protected the password, the rest of it would have been key logged. Usability is a security feature. The people who need security the most are usually those who understand it the least. And human rights documentarians are targets. Usability can protect them.
Used the DREAD model to make specific threat models and user stories as a way to bring together engineers and designers. Out of that, one of the ways we made the conversations easier was creating a shared language. DREAD is broad, so we clearly defined what we meant by things in simple language.

Codesign facilitator and community organizer at Center for Civic Media MIT Media Lab. Shared values, common language. We design with the users, but we also see everyone as a designer. Everyone makes a decision together about how technology works and what it does, means it’s more likely to work for people.
Discovering Technology – getting together to share about technology, learn. Very hands on – at the Boston event, used face paint to thwart facial recognition software. Surveillance camera walking tour as a way of calling attention to the social implications. In Bangalore, they did DNA spoofing. So, as far as UX being about how people relate to tools, the DiscoTechs talk to that, and how tech is used to build power.

Commotion Project
Our goal at Commotion is to make it really easy for anyone to make their own wireless network. There’s a lot of complicated technology under the hood. Want to make the technology interface as simple as possible, but on the other side we have a construction kit that is a visual documentation set anywhere from installing to engaging your community.
As much as we can explain it to ourselves and our colleagues, that is not our audience. This is a hard problem – community organizing to wireless interference. A number of volunteers approached us – which is inspiring – you are so valuable. We don’t know where the mistakes are, we don’t know what doesn’t make sense. Had a number of folk go through documentation, gave them a big red pen. Circled things, this doesn’t make sense, etc. also went over our website. where do you find it, if it exists at all? Someone going through and gave a long feedback form. Also some folk translated.

Serval Project
Having people come in and say our selves, our family and friends at home need this. Make the user interface accessible to them. Take a situation that is incredibly difficult, choose disaster response – don’t know who is alive, where things are. And we’re saying “hey! here is new technology to learn so you can organize!” and your brain isn’t in a place to learn that. We are painfully aware that. It does the job but it’s not the most elegant. The codesign process has been great in getting us to that.
Group from Venezuela where gov is either turning off net or making it go very slowly. Controlling media. Where do you get toilet paper, communicate to people? This is a direct need – they’re talking about their families.
Ok, so if this is for Venezuela, can we get this to work there? They asked for a Twitter without the connectivity – like storyful.

Guardian Project – InformaCam
Collecting digital evidence in encrypted and verifiable media by journalists and migrant farm workers. We went through all these use cases to identify the data visualization needs of these different groups. InformaCam collects a bunch of metadata, which is useful for lots of people (so it’s also sensitive, needs to be protected). Range of uses means collecting and displaying the data needs to be useful to the folk collecting the data. We got a bunch of good suggestions about how to improve the interface by making it more configurable on the backend so when admins come into the system, they can customize the display for the users to either aggregate records based on locations or teh submitter. Also raised a lot of suggestions around additional features, how to
improve the system when there’s low or no internet. Messaging systems other folk worked on.

Guardian Project – Bazaar
Extend the Fdroid market for peer-to-peer, so if there is an app I want to share to friends when bandwidth is super low or down. We went in with a prototype around sharing apps between the phones. Bluetooth, NFC, SD card, etc- how do we distill all these different means into a flow handled by non technical users. “Do both of our phones have bluetooth?”
Worked on distilling the best method to learn those things. Also came to understand how some of the terminology we were using didn’t translate. Repositories, packages.. these words mean nothing to people who just have a few apps they want to share. “Share,” and “Swap.” Above the technical mumbo jumbo.

Small World News – StoryMaker
Anyone can learn to make a better story out of multimedia. We’re building a secure camera that we can also guide people at the point of production. A guiding principal is to put the trainer in the phone. People pay the most attention when they’re doing what they want to accomplish. This weekend we had an initial exercise of value-based design with outsiders – what is the value of story makers. You should feel more capable of doing what they do. Implicit understanding that people are capable, convince others of that. What are different ways to guide them through production process – pay attention to sound, you’re shooting vertically, etc. We started building out the UI with things like level of notification based on triggers (tiny icon if you’re tilted, animated arrow to rotate if you need to 90*). as we work on the variables, it will become magic. Oh, I am a great storyteller! Don’t have to worry about craft.

Having people in the room that weren’t on the tech teams was super useful.
User stories, field experience, etc. Started you thinking about how to make your tool more useful. What can we do to make that more possible?

Most Users are Abroad – How do you Engage with Them?
Skype screenshare etc for instant feedback?
OpenITP is looking into this. Operational Security – if we do remote testing, it’s really video heavy. If you’re directly interacting with activists you might put them at risk. Work more with trainers.
Oktavia was suggesting a (non F/OSS) tool to mark up a page about things like “this button is places strangely,” or “I don’t know what that means.”
Shuttleworth Foundation has an F/OSS tool for this! Annotate
Community outreach – groups should be able to do this without us, which requires intervention at a different stage. Carl Vogel on OS projects – not just about the code being open, but the developers being open to questions as well. Having an open IRC channel, but always looking for more ways to show openness.
Training as a multi-week process. Not just fly-in, fly-out. What format do we need for the trainings?

Open Source vs Free/Libre
Free Software was about software respecting the rights of the people using it. Open Source doesn’t do the same. Think about free, don’t get distracted by open source.
In the field, people aren’t aware of whether it’s open source or free. They use what is usable – Facebook and Google. We have to take the bandwidth and financing to make our tools usable, too.

Goal is to not use Google Play
App stores are censored, closed webs.
Not about how to be fun, design for addictiveness. But Google and Apple have realized that you can identify what you need in an app store to be successful, how can we riff on that and make use of the space carved into brains around us. Interface side of things.
Fdroid is just one way of doing this.

Analytics,  Tracking Where Trouble is Happening
No one knows how to track their web logs any more.
Having tools that aren’t cloud or invasive. Guidelines for data collection on your users that are safe? Does that exist? When we track users or deploy elsewhere, is there a list of what to not do?
Benetech has gone through a process of collecting even less data. I get where you’re coming from, but if you get 5 people in a room to talk about a project, it’ll get you 80% understanding. Tracking gives you specifics but not real usability understanding.
Printed things out, people went around with post-it-notes, basically gave us user analytics without logging. People don’t print out paper. Just accept that you’ll do that, have every tiny step involved.
No data without explicit permission. We do everything distributed – we don’t have a way to get anything back
When you have specific steps of opting in, not just a block of ToS. Difference in what permissions you’re giving on different options.
Hearing from users is not anecdotal, it’s data.
Go places, talk to people.
As  a trainer, I’m a filter. The organizations are filters for other  people. Anecdotal is good. It can be enough for the 200 members of teh  organization.

Localizing Our Software
How can we do that without compromising the privacy of the users.
This is where codesign comes in.

Lots of people build software, but who is marketing it?
In funding, it’s difficult to support marketing. Usabilty is a sort of marketing. When people like it, they want to tell other people. Usability is easier to finance.
People will push it through their community if they like it.

Example of User-Centered Design that has Been Widely Adopted?
Firefox browser is a F/OSS developed by the users.
Cryptocat. Started with user in mind, had great success for that.
Guardian Project. Seen Informacam iterate through, seen a lot of improvements.

Idea for a Tool, Gets Developed, then Users Asked to Evaluate
This is a part of the funding process. How do you come up with the tools that you build? Do you go out and ask people what they need? When the ideas are codesigned, not just the build, stopgapping after.
Worked for a human rights org called Witness before Guardian. In working with people there, found out that people needed their faces blurred out of photos. Brought this to a hackathon, cobbled together a prototype. Should strive for that more.
Working with migrant farm workers where we made something and it didn’t work, wasn’t understood, drained battery. So we scrapped, rebuilt… but the guts were the same.
Sometimes groups that are already organized will come to us, ask us to engage in that process with them. We’re collaborating from teh beginning. Guardian is partnering with MA ACLU and MIT to reshape something that already exists. You can write for funding together, or the community groups wil have written for funding.
Commotion writes into grants that the community interaction is first. Digital Stewards – we teach them, they teach us how to do it better. Every network tells a story – take cutouts of parts of a network, let them build the network they want.

Impression of Tech in Western World
DRC, trying to make Medicat, merge medical evidence and documentation of medical evidence with ability of camera culture to end goal of prosecuting. Piloted in field SUPER early, revamping based on what we learned. Has to be reframed. Environmental factors, how limited the resources are.

User’s Rights / Non User’s Rights
How do we protect the data from our platforms for use in other places? In SF, it’s not about documentation, it’s about follow-through. Institutionalized problems. What are we going to do with keeping records?