When OpenITP’s Secure User Practices project (SUP) approached the LEAP team about doing UX work on their tools, LEAP came back with a fifteen-page writeup of all the known usability issues for their virtual private network (VPN) client, Bitmask. Some of these issues were known bugs. Some were features the team thought they should build. Some were questions about what should be worked on. And some turned out not to be UX-related at all. The question then was, where to start? SUP’s first step was to triage these issues, sorting them into types and making recommendations for which should be addressed first.
SUP identified specific questions about priorities for development which could be addressed through a survey of users or through user testing. Over the six days of the 2015 Circumvention Tech Festival in Valencia, Spain, SUP researcher Gus Andrews conducted eight user/expert interviews about VPN usage in eighteen countries, and two user tests of the Bitmask Android client. The results of these interviews and tests are below.
Additional information, specifically about VPN use in Iran, is forthcoming in a report by ASL19 on their large-scale survey of technology use there. (ASL19’s information will definitely be more reliable and up-to-date on the situation in Iran than the single report from Iran listed here; that interviewee cautioned that his information is some years out of date. VPN usage has since become significantly more risky for Iranians. His interview is included here primarily for contrast with other countries, and in order to prioritize the development of certain features.)
PRIORITIES FOR DEVELOPMENT
Interviews suggested the following priorities among the features which LEAP is considering for development. (See the appendix at the end for a count of votes for or against the feature.)
Should LEAP bundle its mail client with the Bitmask VPN?
YES.
Users liked this idea (though they didn’t feel strongly about it). The fact that they use multiple email addresses suggests a secure email client might be of interest to them.
Should LEAP work on making in-session switches between gateways more seamless?
YES.
This is a feature users will make use of, as much for speed as for protection.
Should LEAP work to hide the fact that a user is setting up a VPN account?
MAYBE.
This is a high priority in Iran. Users in countries with developing technical surveillance abilities (Africa, Latin America) would like to have it. It is not seen as a priority in China. Most other users (and governments) don’t care; setting up a VPN is a relatively common practice for business or accessing entertainment content, and that provides plausible deniability for those using it primarily for free speech.
Should LEAP prioritize and make prominent the ability for users to look at certificates?
NO.
Even highly-technical users — even VPN providers! — rarely look at certificates. This should be left deeper in the interface.
Additionally, user testing turned up a number of show-stopping issues which the LEAP development team has already begun to tackle. These issues kept users from successfully making a connection using Bitmask, and/or led users to say they would uninstall the app. A Bitmask developer’s report on what he is doing to address those concerns appears in the second appendix at the end of this post.