{"id":659,"date":"2013-05-31T09:00:20","date_gmt":"2013-05-31T17:00:20","guid":{"rendered":"http:\/\/blog.mozilla.org\/privacy\/?p=659"},"modified":"2016-01-19T14:12:53","modified_gmt":"2016-01-19T22:12:53","slug":"designing-meaningful-security-and-privacy-experiences-part-ii","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/netpolicy\/2013\/05\/31\/designing-meaningful-security-and-privacy-experiences-part-ii\/","title":{"rendered":"Designing Meaningful Security and Privacy Experiences (Part II)"},"content":{"rendered":"<p><em>[This is the second of a two-part post from Mozilla&#8217;s User Experience team on their look at privacy and security. You can view the first post <a href=\"http:\/\/blog.mozilla.org\/privacy\/2013\/05\/21\/exploring-the-emotions-of-security-privacy-and-identity\/\">here<\/a>.]<\/em><\/p>\n<p>Usability and security\/privacy often seem to be at odds in the product creation process; designers are wary of these features because they fear interruptions to the user\u2019s flow, while security\/privacy advocates believe that the user isn&#8217;t safe when we oversimplify or strip down the protections and warnings they want to put in place.<\/p>\n<p>Part of the tension stems from a shared assumption that our users don&#8217;t care about security or privacy. We can certainly marshal evidence to support this claim: for example, most users thoughtlessly click through alarming messages, use passwords that are insecure, and don&#8217;t hesitate to share personal information online. But, after various opportunities to engage with people through research and <a href=\"https:\/\/blog.mozilla.org\/ux\/2012\/12\/security-and-privacy-at-mozcamp-asia\/\">workshops<\/a>, I believe that &#8220;user apathy&#8221; isn&#8217;t the conclusion we should draw from these behaviors.<\/p>\n<p>The desire to feel\/be safe is a fundamental quality of being human. But when it comes to technology, most people feel that they have so little control over their security and privacy, that, in the words of someone I interviewed, they &#8221; just cross [their] fingers and hope nothing bad will happen.&#8221; New cyber-threats seem to emerge every day, each more ominous and abstract, until it becomes impossible for the average user to know how to reliably protect against them. Besides, people feel powerless in an ecosystem where companies routinely ask them to hand over their personal information in exchange for services. Maybe most importantly, most security and privacy choices that users are presented with are overwhelming and complex, dealing the final blow to a user&#8217;s sense of agency. (Additional <a href=\"https:\/\/blog.mozilla.org\/ux\/2012\/12\/mozcamp-asia-insights\/\">insights<\/a> from my Mozcamp Asia workshop.)<\/p>\n<div id=\"attachment_696\" style=\"width: 610px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/blog.mozilla.org\/netpolicy\/files\/2013\/05\/p1010899.jpg\"><img aria-describedby=\"caption-attachment-696\" decoding=\"async\" loading=\"lazy\" class=\"size-large wp-image-696\" alt=\"Mozcamp-Asia-Workshop\" src=\"https:\/\/blog.mozilla.org\/privacy\/files\/2013\/05\/p1010899-600x400.jpg\" width=\"600\" height=\"400\" \/><\/a><p id=\"caption-attachment-696\" class=\"wp-caption-text\">Participants at a security and privacy workshop at Mozcamp Singapore share &#8220;postcards&#8221; with Mozilla, telling us how we can help improve our user experience<\/p><\/div>\n<p>Ultimately, I believe people need to two things to engage meaningfully with security and privacy; they must find trustworthy entities that help them <em>feel<\/em> safe online, and they must have <em>true<\/em> <em>control<\/em> over their choices.<\/p>\n<p>To address these intertwined needs in our products, I came up with the following four imperatives &#8212; user experience requirements that must be met for a product to be successful:<\/p>\n<ol>\n<li>Earn and Keep My Trust<\/li>\n<li>Respect My Time and Task<\/li>\n<li>Help Me Make a Thoughtful Decision<\/li>\n<li>Offer Control Without Harming Me<\/li>\n<\/ol>\n<p>(You can learn more about each of these imperatives from my <a href=\"https:\/\/air.mozilla.org\/meaningful-security\/\">brownbag<\/a>.)<\/p>\n<p>These imperatives are already shaping our design and user messaging in projects such as the <a href=\"https:\/\/blog.mozilla.org\/tanvi\/2013\/04\/10\/mixed-content-blocking-enabled-in-firefox-23\/\">Mixed Content Block<\/a> and Click-to-Play Plugins (in a coming design). They&#8217;ve also helped me frame strategic discussions on various Firefox OS and Firefox features, such as App Permissions and Firefox Health Report. I hope they will continue to bridge the relationship between user experience and security\/privacy, not only at Mozilla but in other organizations.<\/p>\n<p>I started working on this framework for &#8220;meaningful security and privacy&#8221; to show that usability and security\/privacy are necessary co-requisites to creating a good product.<\/p>\n<p>When a product is truly secure, people have a better experience because they can use it confidently without fear or suspicion. When security choices are conveyed in a usable manner, people feel safer because they understand the consequences of their actions.<\/p>\n<p>Security and privacy are deeply-held principles within Mozilla, and we often apply them from a policy or feature standpoint. I hope these design imperatives show that we can make an even greater impact on the Web by consciously incorporating them into our user experience.<\/p>\n<p><em>This content reposted from the inaugural edition of the <a title=\"Mozilla UX Quarterly\" href=\"http:\/\/people.mozilla.com\/~cbeasley\/mozilla-quarterly-q22013.pdf\" target=\"_blank\">Mozilla UX Quarterly<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[This is the second of a two-part post from Mozilla&#8217;s User Experience team on their look at privacy and security. You can view the first post here.] Usability and security\/privacy &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/netpolicy\/2013\/05\/31\/designing-meaningful-security-and-privacy-experiences-part-ii\/\">Read more<\/a><\/p>\n","protected":false},"author":1438,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[847,69],"tags":[298],"coauthors":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Designing Meaningful Security and Privacy Experiences (Part II) - Open Policy &amp; Advocacy<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/netpolicy\/2013\/05\/31\/designing-meaningful-security-and-privacy-experiences-part-ii\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"mozilla\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/2013\/05\/31\/designing-meaningful-security-and-privacy-experiences-part-ii\/\",\"url\":\"https:\/\/blog.mozilla.org\/netpolicy\/2013\/05\/31\/designing-meaningful-security-and-privacy-experiences-part-ii\/\",\"name\":\"Designing Meaningful Security and Privacy Experiences (Part II) - Open Policy &amp; Advocacy\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/2013\/05\/31\/designing-meaningful-security-and-privacy-experiences-part-ii\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/2013\/05\/31\/designing-meaningful-security-and-privacy-experiences-part-ii\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.mozilla.org\/privacy\/files\/2013\/05\/p1010899-600x400.jpg\",\"datePublished\":\"2013-05-31T17:00:20+00:00\",\"dateModified\":\"2016-01-19T22:12:53+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/70ae25c16f09d053c6d8b5eac29dbda9\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/2013\/05\/31\/designing-meaningful-security-and-privacy-experiences-part-ii\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/netpolicy\/2013\/05\/31\/designing-meaningful-security-and-privacy-experiences-part-ii\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/2013\/05\/31\/designing-meaningful-security-and-privacy-experiences-part-ii\/#primaryimage\",\"url\":\"https:\/\/blog.mozilla.org\/privacy\/files\/2013\/05\/p1010899-600x400.jpg\",\"contentUrl\":\"https:\/\/blog.mozilla.org\/privacy\/files\/2013\/05\/p1010899-600x400.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/2013\/05\/31\/designing-meaningful-security-and-privacy-experiences-part-ii\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/netpolicy\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Designing Meaningful Security and Privacy Experiences (Part II)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/netpolicy\/\",\"name\":\"Open Policy &amp; Advocacy\",\"description\":\"Mozilla&#039;s official blog on open Internet policy initiatives and developments\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/netpolicy\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/70ae25c16f09d053c6d8b5eac29dbda9\",\"name\":\"mozilla\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/image\/e77ee64829d0c3831212656324f746d1\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/75d2017e019c87560fe5d148a64659dc?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/75d2017e019c87560fe5d148a64659dc?s=96&d=mm&r=g\",\"caption\":\"mozilla\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Designing Meaningful Security and Privacy Experiences (Part II) - Open Policy &amp; Advocacy","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/netpolicy\/2013\/05\/31\/designing-meaningful-security-and-privacy-experiences-part-ii\/","twitter_misc":{"Written by":"mozilla","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/netpolicy\/2013\/05\/31\/designing-meaningful-security-and-privacy-experiences-part-ii\/","url":"https:\/\/blog.mozilla.org\/netpolicy\/2013\/05\/31\/designing-meaningful-security-and-privacy-experiences-part-ii\/","name":"Designing Meaningful Security and Privacy Experiences (Part II) - Open Policy &amp; Advocacy","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/netpolicy\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.mozilla.org\/netpolicy\/2013\/05\/31\/designing-meaningful-security-and-privacy-experiences-part-ii\/#primaryimage"},"image":{"@id":"https:\/\/blog.mozilla.org\/netpolicy\/2013\/05\/31\/designing-meaningful-security-and-privacy-experiences-part-ii\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.mozilla.org\/privacy\/files\/2013\/05\/p1010899-600x400.jpg","datePublished":"2013-05-31T17:00:20+00:00","dateModified":"2016-01-19T22:12:53+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/70ae25c16f09d053c6d8b5eac29dbda9"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/netpolicy\/2013\/05\/31\/designing-meaningful-security-and-privacy-experiences-part-ii\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/netpolicy\/2013\/05\/31\/designing-meaningful-security-and-privacy-experiences-part-ii\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/netpolicy\/2013\/05\/31\/designing-meaningful-security-and-privacy-experiences-part-ii\/#primaryimage","url":"https:\/\/blog.mozilla.org\/privacy\/files\/2013\/05\/p1010899-600x400.jpg","contentUrl":"https:\/\/blog.mozilla.org\/privacy\/files\/2013\/05\/p1010899-600x400.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/netpolicy\/2013\/05\/31\/designing-meaningful-security-and-privacy-experiences-part-ii\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/netpolicy\/"},{"@type":"ListItem","position":2,"name":"Designing Meaningful Security and Privacy Experiences (Part II)"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/netpolicy\/#website","url":"https:\/\/blog.mozilla.org\/netpolicy\/","name":"Open Policy &amp; Advocacy","description":"Mozilla&#039;s official blog on open Internet policy initiatives and developments","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/netpolicy\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/70ae25c16f09d053c6d8b5eac29dbda9","name":"mozilla","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/image\/e77ee64829d0c3831212656324f746d1","url":"https:\/\/secure.gravatar.com\/avatar\/75d2017e019c87560fe5d148a64659dc?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/75d2017e019c87560fe5d148a64659dc?s=96&d=mm&r=g","caption":"mozilla"}}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/posts\/659"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/users\/1438"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/comments?post=659"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/posts\/659\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/media?parent=659"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/categories?post=659"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/tags?post=659"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/coauthors?post=659"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}