Red Glare

The Fourth of July never feels right without fireworks, for me, but not for patriotic reasons. My father’s birthday is the Fourth of July. When he was small, he says, he thought the fireworks were for him. One of my nephews, born the same day, may now grow up to believe the same thing. Fireworks are for birthdays, for one of the big family get-togethers. To not have a cookout and fireworks with the family feels like missing out.

Which I often do, being the family member who traveled the furthest afield. This year, I am actually at an aunt’s house, but she is away on a trip. I am left to take care of two cats, who are not thrilled with the fireworks resounding around the Oakland hills, and a small elderly poodle with congestive heart failure. Fortunately, the poodle seems to be deaf enough that she’s not noticing any but the loudest booms. I am listening for her telltale cough and any whimpers, to make sure she’s ok. So far, not much worse than an average night, when high-intensity snuggling sessions set her off.

I didn’t make plans to get together with friends and see fireworks. I’ve been traveling enough over the past two years that I have half-given-up on getting together with anyone. I don’t know what city I will be living in next. I don’t know who to invest my care and secrets in. I have gotten used to being alone.

And anyway, I figured I could watch fireworks from the second-story deck of my aunt’s house. Turns out, though, that most of them don’t clear the nearby hill, aside from a few half-arcs of pink stars and a racket of booms. I’ve been sheepishly watching the flashing of the local fog, thickening with smoke, pink and yellow and red; even this feels pleasantly familiar.

The rockets’ red glare. Other people in the US do this for reasons that are not my father’s birthday. To commemorate the Revolutionary War. The battle of us getting free, or really, some other people who lived over two hundred years ago getting some kind of freedom, for some of them. We remember the explosions, relive them over and over. But not in any way that touches us. We’re legislated away from buying or — god forbid — holding the exploding things, they’re cordoned off over a lake or river or a tree-less patch of a park.

Continue Reading »

Open letter to the editor of the Los Angeles Times, 12/20/15

Douglas Merrill of ZestFinance is quoted in the article Beyond Mere Numbers, on new measures being used by credit scorers, as saying he finds the use of social media data to determine creditworthiness “personally creepy.” He ought to be thinking harder about the metrics his firm is deciding to use instead.

The use of borrowers’ writing style, like using all capital letters, strikes me as presenting a risk of compounding other disadvantages that borrowers may be facing and have no control over, like their early educational history. Such data use could potentially even develop into new methods of red-lining.

Continue Reading »

A 1994 interview with John Linnell of They Might Be Giants

TMBG's John-Henry-era promo shot, from the back cover of Polygraph.

TMBG’s John-Henry-era promo shot, from the back cover of Polygraph.

Much of my life has been driven by an unstoppable desire to see what I could get away with. When I was seventeen, and editor of my high-school literary magazine, I decided to see if I could get an interview with They Might Be Giants.

At the time, TMBG were not yet the creators of the theme songs for major TV shows, not yet the creators of great songs about science for little kids; they were a quirky duo from Boston who had only really managed to get a few songs — Ana Ng, Birdhouse In Your Soul — into any kind of rotation. Their staples were tape loops, drum machines, and an accordion. But they were my favorite band, the absolute pinnacle of musical achievement, in my view, the creators of the songs that held my romances and memories in their notes, bearing them for me so I didn’t have to carry them myself — the way songs do, for teenagers. So in that instinctive, fumbling teenage way, I was moved to drastic measures to get close to them.

I had never interviewed anyone before. Ever.

But I was a brash kid, unhindered by the kind of terror that should reasonably come with trying to approach the most important-feeling far-off people and doing something you had no practice whatsoever doing. So I wrote a letter (paper; this was 1994) to Elektra Records, TMBG’s label, asking for an interview. I told them our high-school literary magazine was international. (What? We had an alumn in Scotland, and I planned to send her a copy. International.) And to my surprise, they bought it. A press packet with a CD of John Henry, their latest album, arrived in the mail, along with tickets to an upcoming concert in the LA area. I was scheduled to interview John Linnell before the concert. That interview follows, along with some reflections.

Continue Reading »

Working notes on expert users and mental models of the Internet

Researching users’ mental models of aspects of the Internet is one of the things I’m supposed to do for my fellowship this year. I’ve done some work on mental models myself, both informally and as the secret pilot for my dissertation. I’ve been following the work of my colleague Arne Renkema-Padmos on the same topic with interest.

So I was pleased to see that a paper on mental models of the Internet was the winning paper at SOUPS this year. Like many attempts at eliciting users’ mental models of the Internet, its basic finding is that non-technical users are pretty unclear on the details of Internet infrastructure, and tend to focus more on surface features like graphics.

But another SOUPS paper, on expert versus nonexpert advice for maintaining security, also caught my eye as a potential indicator of mental models. (This has been published in a more accessible form as a Google Online Security blog post.) A comparison of these two SOUPS papers highlights some of the assumptions of research on mental models of the Internet and security to date, and suggests possible other topics for research attention.

Beutler_Google_Security-practices-v6First, check out this infographic from the Google Online Security post — it’s a striking visual of what security professionals believe users should be doing, and how it differs from what users think they should do:

 

 

 

 

Screen Shot 2015-07-29 at 3.07.00 PMFor a little more granularity, here’s how the above appears as a graph in Ion et al’s expert-versus-nonexpert paper.

 

 

 

 

 

Continue Reading »

VPN users with security concerns: What they need

bitmask

Bitmask is the LEAP Encryption Access Project’s VPN client, available for Android.

When OpenITP’s Secure User Practices project (SUP) approached the LEAP team about doing UX work on their tools, LEAP came back with a fifteen-page writeup of all the known usability issues for their virtual private network (VPN) client, Bitmask. Some of these issues were known bugs. Some were features the team thought they should build. Some were questions about what should be worked on. And some turned out not to be UX-related at all. The question then was, where to start? SUP’s first step was to triage these issues, sorting them into types and making recommendations for which should be addressed first.

SUP identified specific questions about priorities for development which could be addressed through a survey of users or through user testing. Over the six days of the 2015 Circumvention Tech Festival in Valencia, Spain, SUP researcher Gus Andrews conducted eight user/expert interviews about VPN usage in eighteen countries, and two user tests of the Bitmask Android client. The results of these interviews and tests are below.

Additional information, specifically about VPN use in Iran, is forthcoming in a report by ASL19 on their large-scale survey of technology use there. (ASL19’s information will definitely be more reliable and up-to-date on the situation in Iran than the single report from Iran listed here; that interviewee cautioned that his information is some years out of date. VPN usage has since become significantly more risky for Iranians. His interview is included here primarily for contrast with other countries, and in order to prioritize the development of certain features.)

PRIORITIES FOR DEVELOPMENT

Interviews suggested the following priorities among the features which LEAP is considering for development. (See the appendix at the end for a count of votes for or against the feature.)

Should LEAP bundle its mail client with the Bitmask VPN?
YES.

Users liked this idea (though they didn’t feel strongly about it). The fact that they use multiple email addresses suggests a secure email client might be of interest to them.

Should LEAP work on making in-session switches between gateways more seamless?
YES.

This is a feature users will make use of, as much for speed as for protection.

Should LEAP work to hide the fact that a user is setting up a VPN account?
MAYBE.

This is a high priority in Iran. Users in countries with developing technical surveillance abilities (Africa, Latin America) would like to have it. It is not seen as a priority in China. Most other users (and governments) don’t care; setting up a VPN is a relatively common practice for business or accessing entertainment content, and that provides plausible deniability for those using it primarily for free speech.

Should LEAP prioritize and make prominent the ability for users to look at certificates?
NO.

Even highly-technical users — even VPN providers! — rarely look at certificates. This should be left deeper in the interface.

Additionally, user testing turned up a number of show-stopping issues which the LEAP development team has already begun to tackle. These issues kept users from successfully making a connection using Bitmask, and/or led users to say they would uninstall the app. A Bitmask developer’s report on what he is doing to address those concerns appears in the second appendix at the end of this post.

Continue Reading »