Houston, we have a problem

Robert J. Hansen rjh at sixdemonbag.org
Tue Sep 26 17:37:53 CEST 2017


> But user-facing software shouldn't be exposing unverified IDs *at all*.
> Enigmail now sort-of does this...

As the guy who was largely pushing that on Enigmail ... although I
strongly sympathize, there's a rock here and a hard place there.

UX is not driven by the users we *might* have: it's driven by the users
we *do* have.  The users we do have *do not want to switch*.  I think
that after investing so much in learning the current system, users tend
to develop powerful opinions the UX should just be left alone please
don't fix a thing.

Imagine you have this certificate:

+ Kate 0xDECAFBAD
+-- Kathryn Carver 0xDECAFBAD

(That is to say, a primary userID of Kate, and one other UIDs using her
full name.)

Now throw that into a whole bunch of other certificates and render them
in a GUI toolkit.  All rows are collapsed by default.  Now ask a user to
find the certificate associated with Kathryn Carver.

90% of users will click on the "Name" column header to sort by name,
will survey the Ks, and then say "she's not in the system."  (And yes, I
found this in a usability study I did in '07 with Tristan Thiede and
Juan-Pablo Hourcade.)

Clearly there's a problem here.  Obviously the way we present
certificates to users is broken and wrong.  But God help you if you
change the way you present certificates: some people will complain
loudly and the vast majority of users just won't consider switching.

Change is hard, and I have no good answer for that.



More information about the Gnupg-users mailing list