Designing for freedom: Meet the people putting user experience at the heart of online privacy

Edward Snowden may have demolished our illusions of the internet granting people a private and secure existence, but quite a few developers are still chasing that dream. That’s a big reason why there’s a growing movement towards the “redecentralization” of the internet; steering the web and connected applications, and even the infrastructure itself, back towards a model that shuns the corporate concentration of control.
This is a noble and necessary aim, and some very bright technical minds are focusing on it with renewed vigor following the revelations of the internet’s subversion by intelligence agencies. And perhaps because this is an ethical mission rather than one driven by a business model, most of those keen developers come from an open-source software background.
Here’s where the nascent redecentralization movement hits a snag: the open-source scene is largely (though by no means exclusively) comprised of people who focus on function first, and usability and design somewhere down the priority list. And if the goal is to save people from the over-centralized riskiness of Facebook(s fb) and Gmail(s goog), you’re not going to get anywhere without offering a user experience that is at least comparable to those shiny, accessible services.

Call to arms

There are several fundamental problems with decentralization and online privacy from a usability standpoint. One relates to data — if you’re going to control it yourself in a way that keeps it safe from spies and law enforcement, you ideally need to run your own server. Email encryption suffers a similar problem, as it’s only really secure if both parties manage and hold their own private keys.
In both of these cases, the technical barrier is currently too high for the average consumer. That doesn’t mean the tools aren’t out there, but no one so far has been able to hide that complexity behind a truly accessible interface.
“When you start looking at security outcomes in the real world in terms of what tools people can actually use to keep themselves safe on the ground, usability dominates,” said Eleanor Saitta, principal security engineer at the Open Internet Tools Project, which focuses on circumventing surveillance:

“Technical security properties of the tool make very little different compared to the usability properties. If you have a tool where, yes, sometimes there may be bugs or things where security needs further improvement, but everyone understands the mechanism it’s trying to provide, you’re more likely to see that tool make a real difference in the field.
“That’s not to say security properties don’t make a real difference – they do, and understanding where trade-offs are made is really important, which is especially true when looking at high-risk users – but when you’re looking at a more general user population and decentralization… that’s what’s going to determine whether or not a tool is adopted. If it’s not adopted, it might as well not exist.”

Photo from Thinkstock/Pay404

Photo from Thinkstock/Pay404

The problem is largely cultural, Saitta pointed out, and changing that culture in the open-source world will take time: “There are still a lot of people in the community who are, ‘If I can use this tool, why can’t everyone?’ A lot of people aren’t willing to acknowledge that if ordinary users can’t use it, they won’t.”
Francis Irving, a key figure in the British open knowledge scene and a co-founder of, likens the situation to that in the 1990s, when there was a “call to arms” to create a user-friendly Linux desktop. “It led to the KDE project,” he said. “We’re kind of at that point. It needs more demand from leaders in the openness movement to create stuff with usability.”
Irving hopes will become a hub for people who have ideas about making decentralization broadly practical. Crucially, he reckons there’s been a fresh realization among designers — who have not traditionally been involved in open-source projects — of the need for something new:

“A few people I’ve seen, post-Snowden they were suddenly like ‘Oh shit, we can’t just use Apple(s aapl) for everything.’ I’ve seen them try out some Linux distributions that are very design-focused. That didn’t happen before, so I think there’s a set of people who are usability and user experience and design-led who care about these issues, but I don’t think they’ve been drawn into the community yet.”

As it happens, Irving himself isn’t particularly motivated by privacy. He’s interested in decentralization as a means to creating more competition — an antidote to Apple(s aapl) and Facebook(s fb) and Google(s goog)’s incompatible and walled-off ecosystems — and boosting the resilience of communications infrastructure. This movement, if it takes off, could turn out to be a broad church.
So what’s actually needed here? I’ve personally annoyed an activist developer or two with the suggestion that open tools need to be “prettier” – my hamfisted way of saying they need to be as attractive as Facebook or Gmail or Skype(s msft) or what have you — and indeed, user experience is not purely about looks.

Under the skin

“If only it was as easy as making it pretty,” said Aral Balkan, who heads up the mysterious yet promising Indie Phone project, which will open up for crowdfunding in the near future. “That’s the most visible aspect, of course, but really the problem is much deeper. It’s not just about the form, but making the function easy — that’s really difficult. It requires a huge amount of focus. It’s not about putting on makeup after the project is done.”

Indie industrial designer Victor Johansson at work in their office. The stealth phone company will be open for crowdfunding soon. Photo courtesy of Indie Phone.

Indie industrial designer Victor Johansson at work in their office. The stealth phone company will be open for crowdfunding soon. Photo courtesy of Indie Phone.

Balkan wants Indie Phone to compete head-on with Apple’s iPhone and Google’s Nexus: consumer devices that are all about the integration of hardware with software and services. He promised it will “look different to everything that’s out there right now,” and he explicitly prioritizes simplicity and usability over the traditional open-source obsessions with features and customization: “If we are to compete with closed silos and solutions, we have to compete on user experience.”
“It also happens to allow you to own your own data,” Balkan added. “You have control over your data because you have your own server. But you don’t have to know you have your own server.”
Indie Phone will ultimately be an entirely peer-to-peer system, Balkan said, pointing out that this is the only way to achieve full decentralization, but in the interim there may need to be centralized elements to support it. That will probably mean Indie Phone offering to run users’ servers for them, though those with technical skill will be able to run their “Indie Cloud” on their own server from the get-go.
This is a similar model to that of ownCloud, which offers its Dropbox/Google Apps rival on a self-install basis or hosted through partners – a great example of making a relatively minor security trade-off in favor of usability, for those that need it.

Secure yet usable

When asked which privacy-focused project is getting user experience right, Saitta, Irving and Balkan all pointed to Mailpile. Based in Iceland, this crowdfunded outfit is building a fully-featured webmail system to rival behemoths like Gmail while also including rock-solid and easy-to-use encryption. As activist and blogger Cory Doctorow has pointed out, this would be the “holy grail of email.”
Mailpile actually runs locally on the user’s computer or even off a memory stick, but the interface is in the browser, making it instantly familiar to a generation reared on Yahoo(s yhoo) Mail, Gmail and Hotmail (and yes, Mailpile can also run off a cloud server like those better-known rivals). Tellingly, one of the three core Mailpile developers is a design and front-end guy, Brennan Novak; that is pretty much unheard-of for a free and open-source software project of this size.
Novak cited a variety of user experience problems with Pretty Good Privacy, or PGP – the basis of most email encryption today. The first is getting it up and running, a blocker that almost cost journalist Glenn Greenwald the Snowden story.
“PGP has a million options and it gives them upfront. For people who understand cryptography, it’s a very valuable thing they might want. But for any normal sort of person, it’s extremely confusing and overwhelming to them,” Novak said. He also noted that PGP use requires 3 separate apps: the mail client, a PGP-compatible address book, and a keychain app for managing security keys.
The solution? Mailpile bundles everything inside the mail client. “It will install it for you and it’s all going to happen under the hood,” Novak said. “We’re going to pick the strongest settings that are available [as the default]. They’ll have PGP and an address book that can work with PGP.”
Then there’s the issue of discoverability. If you’re going to have an encrypted email exchange with someone, you need to know their public key. There are keyservers out there that act as directories, but there are many and email clients may not search all of them: as a user experience, it’s a far cry from typing in a couple of letters to trigger automatic suggestions.
“We want to automatically search through the big main keyservers,” Novak said. “Also, because Mailpile is webmail, we could do interesting things like actually search – if you link to Mailpile on your website, your key could be discovered in that way. It comes back to the IndieWeb [concept], where your domain name represents you as a person.”

Beyond playing catchup

Indeed, Novak thinks that usable cryptography could open up new models when linked to the user’s identity. While a Facebook profile, for example, is a reasonably good way of telling someone is who they say they are, Facebook is a closed ecosystem – one of many, which Novak sees as a dangerous fragmentation of communications:

“When we can bring the idea of cryptography like PGP to a user’s identity – this is a verified way of proving I am me – if that was bound indefinitely to me, that offers a tremendous amount of value to individuals and companies.”

This is a recurring theme in the discussions I’ve had with design-focused members of the privacy and decentralization movements – that making these tools usable will actually open up new models for the future, rather than just allowing more secure versions of what’s already out there.
For example, Indie Phone’s Balkan suggests that Facebook’s interests — mining data for advertising purposes — are “orthogonal to” its users’ interests. “When you take that out the equation then there are actually user experience advantages,” he claimed, referring to Facebook’s ever-shifting privacy policies. “It’s the saddest thing. Open source has user experience advantages it’s not taking advantage of.”

Photo from Thinkstock/Maxkabakov

Photo from Thinkstock/Maxkabakov

Saitta, too, points to features of today’s centralized services that are there to support the advertiser rather than the user. She thinks there’s tremendous value in shunning the advertising-led, privacy-busting business model:

“We’re seeing a big push to innovate, a push that’s certainly not hurt by the fact that a lot of folks are finding out that the advertising-centric model for the web wasn’t really working. It’s a questionable return on investment, questionable efficacy – not zero, but maybe not worth what people have been spending on it.
“That puts them in a position of having to find new business models. It’s somewhat curious to see where that will end up. A lot of that innovation would be starting to happen with or without the political side of things.”

Ultimately, Saitta said, open software developers need to produce something that’s “more interesting, better designed and more compelling” than the alternatives: “We need to compete on the same territory and win.”