A Guide to Crafting

Meaningful Security and Privacy Experiences

Cycle of Trust and Control

Two Fundamental Needs: Trust and Control

The desire to feel and be safe is an intrinsic human need. But when it comes to technology, the lack of transparency, meaningful choices, and understanding of the system leads people to feel that they have little control over their security and privacy. Besides these barriers, the digital ecosystem is often too complex for most of us to master; we must relinquish some control and find ways to trust other entities such as our social circles, companies, governments.

In order for digital security and privacy mechanisms to truly feel meaningful to people, they must inspire trust and provide a sense of control.

Imperatives and Design Principles

When used together, the following four imperatives help foster a cycle of trust and control. They can guide all aspects of the product, such as its functionality, user interface, visual design, language and communication, and marketing.

Under each imperative are some design principles that give tangible suggestions for common security and privacy issues. Different products might require different principles. As long as they are consistent with the imperatives, other principles can work just as well.

Earn and keep my trust

  • Look legitimate and polished
  • Perceived trustworthiness is just as important
  • Minimize scare tactics
  • Provide measured facts instead
  • Protect me upfront
  • If it keeps me safe, you don't need my permission

Respect my time and task

  • Focus on the impact to my task
  • Spend less time explaining the technical issue
  • Flag threats; don't assume I notice
  • The absence of positive indicators isn't enough
  • Avoid interrupting me
  • Wait until I'm done or choose a safe default

Help me make a thoughtful decision

  • Use consistent emotional cues
  • Positive cues emphasize safety, while negative ones, danger
  • Make safe choices easier to select
  • Make it harder to put myself at risk
  • Lower the impact of making mistakes
  • Reduce the pressure of making the "right" choice right now

Offer control without harming me

  • When I have no choice, explain why
  • Helping me understand stills gives me some control
  • Make the effect of each option clear
  • Novices want guidance, not a control panel
  • Give Pros configurable controls
  • Technical users want precision and flexibility

More Resources