Usability and Security/Privacy are frequently perceived as opponents to each other; Designers think that security features represent unnecessary interruptions to the user’s flow, while security engineers think that designers misconstrue or oversimplify security when creating user interface. Thus, many from both parties assume that the best we can do is to find an acceptable middle ground (or “peace treaty”) that is somewhat safe, somewhat usable. No one walks away completely satisfied and when a new security issue is uncovered the same back-and-forth negotiation begins again.
This ongoing project is an effort to show that usability and security/privacy are not on opposite ends of the spectrum. Instead, they are necessary co-requisites to creating a good product: When a product is truly secure, people have a better experience because they can use it freely without fear or suspicion. When security choices are conveyed in a usable manner, people are safer because they understand the consequences of their actions.
One of the reasons security/privacy and usability have historically seemed to be tradeoffs is that engineers and designers rarely develop new security features together. This project intends to give both groups common understanding of what makes a meaningful security or privacy design so that they can work together from the beginning instead of critiquing only when a feature is implemented or the design is done.
Since I'm a user experience designer, this work is based on a variety of "design-y" techniques such as expert interviews, our team's ethnographic field work, readings on usable security, my own study and experience in cognition and design, and various security UI features in Firefox that I used as test cases.
This work would really not have been possible without the insights from various teams at Mozilla beyond the UX team, in particular, the Security, Privacy, and Firefox teams. One of the things I really love about Mozilla is that everyone cares about the user's experience in their own way. The various discussions I had with these teams helped shape what I hope is a balanced, practical framework.
I'm always looking to refine the work here (and I have loads more thinking that just didn't make the first cut of the website) so I hope that this page will evolve over time. Please don't hesitate to tell me what you think!