Dead on Arrival: Recovering from Fatal Flaws in Email Encryption Tools

Background. Since Whitten and Tygar’s seminal study of PGP 5.0 in 1999, there have been continuing efforts to produce email encryption tools for adoption by a wider user base, where these efforts vary in how well they consider the usability and utility needs of prospective users. Aim. We conducted a study aiming to assess the user experience of two open-source encryption software tools – Enigmail and Mailvelope. Method. We carried out a three-part user study (installation, home use, and debrief) with two groups of users using either Enigmail or Mailvelope. Users had access to help during installation (installation guide and experimenter with domain-specific knowledge), and were set a primary task of organising a mock flash mob using encrypted emails in the course of a week. Results. Participants struggled to install the tools – they would not have been able to complete installation without help. Even with help, setup time was around 40 minutes. Participants using Mailvelope failed to encrypt their initial emails due to usability problems. Participants said they were unlikely to continue using the tools after the study, indicating that their creators must also consider utility. Conclusions. Through our mixed study approach, we conclude that Mailvelope and Enigmail had too many software quality and usability issues to be adopted by mainstream users. Methodologically, the study made us rethink the role of the experimenter as that of a helper assisting novice users with setting up a demanding technology

Obstacles to the Adoption of Secure Communication Tools

The computer security community has advocated widespread adoption of secure communication tools to counter mass surveillance. Several popular personal communication tools (e.g., WhatsApp, iMessage) have adopted end-to-end encryption, and many new tools (e.g., Signal, Telegram) have been launched with security as a key selling point. However it remains unclear if users understand what protection these tools offer, and if they value that protection. In this study, we interviewed 60 participants about their experience with different communication tools and their perceptions of the tools' security properties. We found that the adoption of secure communication tools is hindered by fragmented user bases and incompatible tools. Furthermore, the vast majority of participants did not understand the essential concept of end-to-end encryption, limiting their motivation to adopt secure tools. We identified a number of incorrect mental models that underpinned participants' beliefs

A UI-driven approach to facilitating effective development of rich and composite web applications

It is well-recognized that the development of user interfaces is one of the most time-consuming tasks in the overall application development process. At the same time, there is an increasing demand for rich and fluid user interfaces from web users. As a result, developers are facing increasing challenges in delivering web applications, especially those with rich UI requirements. In this thesis we present two solutions to facilitate the execution and rapid development of web applications with rich user interfaces. The first solution is a rich internet application (RIA) framework aimed at providing high usability and productivity to web applications, while the second solution is a UI integration framework that simplifies web application development by facilitating the composition of reusable UI components. The foundation of our RIA framework is an XML-based high-level protocol for communicating asynchronous events and incremental UI updates on the web. The protocol facilitates rich and highly interactive UI, while at the same time eliminates frequent and slow page refreshes and provides a more responsive user experience. Built on top of the protocol, a server-side runtime allows UI logic code to be executed on the server side, while a set of server-side event-driven API enables developers to implement sophisticated application-specific UI behavior. On the client side, a thin client renders UI and processes native events, but leaves application-specific logic to the server side. The thin client thus allows end users to enjoy a rich UI experience in a safe client environment, without executing any downloaded code. The proposed UI integration framework includes an abstract UI component model which allows UI components to be programmatically manipulated via events, operations, and properties, essentially exposing UI as services. To facilitate component interactions, the framework offers an event-based composition model, which allows integration logic to be specified in the form of event listeners. Composite applications are executed via a lightweight runtime middleware, which provides component adapters that allow the middleware to communicate with native UI components implemented in a variety of languages and platforms. Finally, a graphical development environment allows composite applications to be built in a drag-and-drop fashion