| ... | ... | @@ -1128,36 +1128,37 @@ When an Android device thinks that its Internet connection doesn’t work, eithe |
|
|
|
|
|
|
|
Communication over social or public mesh environments is an unfamiliar user experience for most of the general population. Creating applications that allow the public to use these types of networking systems in efficient ways relies heavily on creating interfaces that are able to communicate the core ideas of the application's behavior, in a digestible manner.
|
|
|
|
|
|
|
|
From a privacy and security aspect, it is also of upmost importance to give users an interface that allows them to safely interface with other possibly untrusted devices.
|
|
|
|
From a privacy and security aspect, it is also of the utmost importance to give users an interface that allows them to safely interface with other possibly untrusted devices.
|
|
|
|
|
|
|
|
During our research we took some time to think about approaches designers could take in order to provide interfaces for mesh networking software.
|
|
|
|
|
|
|
|
## Security Profiles
|
|
|
|
|
|
|
|
One of the core approaches interface designers can take with social and public mesh applications is the idea of "Security Profiles" that give users a fast and clear way of viewing, and modifying the threat level they are currently operating at.
|
|
|
|
One of the core approaches interface designers can take with social and public mesh applications is the idea of "Security Profiles" that give users a fast and clear way of viewing and modifying the threat level they are currently operating at.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
In tor browser, a popular private web browsing tool, they offer users a set of three different profiles that correspond to different browsing settings which generally match the labeled security level. For mesh applications, this same concept maps nicely to the connectivity profile of a user's personal mesh node. One proposal for a mesh security profiles panel could be a radio select array with three options:
|
|
|
|
In tor browser, a popular private web browsing tool, they offer users a set of three different profiles that correspond to different browsing settings which generally match the labeled security level. For mesh applications, this same concept maps nicely to the connectivity profile of a user's personal mesh node. One proposal for a mesh security profiles panel could be a set of radio buttons with three options:
|
|
|
|
|
|
|
|
- Public Connections
|
|
|
|
- Social Connections
|
|
|
|
- Trusted Contacts
|
|
|
|
|
|
|
|
These levels cover the public mesh, social mesh, and one-hop social mesh propagation strategies, and if offered to users, give them a way to adjust their threat level in real time.
|
|
|
|
|
|
|
|
The other important component of security profiles is to give users a quick way to view which profile is currently running. Because some security profiles have serious privacy ramifications, it's important to make the current mode easy to constantly monitor. The other side effect of this thinking is that it should be near impossible for users to accidentally change security profiles.
|
|
|
|
The other important component of security profiles is to give users a quick way to view which profile is currently running. Because some security profiles have serious privacy ramifications, it's important to make the current mode easy to constantly monitor. It should also be nearly impossible for users to accidentally change security profiles.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Fire alarms for example, have been designed to stop accidental activation. A similar thought process needs to be considered for designing the activation UX for less-secure security profiles. Application developers might find it reasonable to make it easy for users to move to more-secure profiles however.
|
|
|
|
|
|
|
|
A small caveat, is that allowing simple and fast profile switching could allow users to quickly activate public mesh modes in important physical locations, thus increasing the amount of time spent in public mesh mode in active areas, which would lead to an increase in message propagation. This suggests there is not one definite approach to designing interfaces for these use-cases, but more of a balancing act between performance, and keeping non-technical users safe.
|
|
|
|
A small caveat is that allowing simple and fast profile switching could allow users to quickly activate public mesh modes in important physical locations, thus increasing the amount of time spent in public mesh mode in active areas, which would lead to an increase in message propagation. This suggests there is not one definite approach to designing interfaces for these use-cases, but more of a balancing act between performance and keeping non-technical users safe.
|
|
|
|
|
|
|
|
For additional conversations surrounding this topic: https://code.briarproject.org/briar/briar/-/issues/972
|
|
|
|
|
|
|
|
## Connectivity Profiles
|
|
|
|
|
|
|
|
Besides giving users interfaces to monitor and update their security profiles, more advanced public mesh systems might require interfaces that allow user control over which types of transports a user's node can make. This idea was explored in a mock-up sketch that depicts a chat application that allows for connections to be made via Bluetooth, WLAN, Tor, and a Bittorrent swarm:
|
|
|
|
Besides giving users interfaces to monitor and update their security profiles, more advanced public mesh systems might require interfaces that allow user control over which types of transports a user's node can make. This idea was explored in a mock-up sketch that depicts a chat application that allows for connections to be made via Bluetooth, WLAN, Tor, and a BitTorrent swarm:
|
|
|
|
|
|
|
|
|
|
|
|
|
| ... | ... | @@ -1167,9 +1168,9 @@ Besides giving users interfaces to monitor and update their security profiles, m |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Individual connections are toggled using per-connection switches. Note that the more ad-hoc transports, BLE and WLAN in this case, simply have a toggle for the entire transport, and not for individual connections. This is because connections on these transports are generally short lived, and by enabling these transports, there is some additional device advertisement occuring. So the toggle will turn on and off the device advertising as well. Seperate toggles for advertisement and discovery are another approach worth considering.
|
|
|
|
Individual connections are toggled using per-connection switches. Note that the more ad-hoc transports, BLE and WLAN in this case, simply have a toggle for the entire transport, and not for individual connections. This is because connections on these transports are generally short lived, and by enabling these transports, there is some additional device advertisement occurring. So the toggle will turn on and off the device advertising as well. Separate toggles for advertisement and discovery are another approach worth considering.
|
|
|
|
|
|
|
|
The 'Cache' screen gives users an easy-to-process visualization of their current collection of encrypted messages. Higher level protocols could use an interface like this to allow the user to control the order of importance for queued up messages.
|
|
|
|
The 'Cache' screen gives users an easy-to-process visualization of their current collection of encrypted messages. Higher level protocols could use an interface like this to allow the user to control the order of importance for queued messages.
|
|
|
|
|
|
|
|
# Appendix
|
|
|
|
|
| ... | ... | |
