[Freedombox-discuss] Initial User Experience (was: Tor .onion domains)

Jonas Smedegaard dr at jones.dk
Mon May 9 13:50:14 UTC 2011

Hi Michael,

On 11-05-09 at 02:39pm, Michael Blizek wrote:
> I can see your point. However, a default of "no risk" would pretty 
> much mean that you do not share anything at all. While this might be a 
> sensible default, let's hope that this is not what most people want.

Yes, let's hope that.  And make it dead simple for them to choose their 
own poison!

> > Jim activates the box, is asked a few questions, and is then hooking 
> > up with his friends.
> > 
> > What was he asked?  Was he - up front - asked about risk level?  
> > Nope, that was not necessary, because anything that can be applied a 
> > default need not be asked - and the sensible default here is "no 
> > risk!"
> I am not suggesting that [risk level] is the first thing the user is 
> asked. I am suggesting that if the user want to share ressources, we 
> educate him about the risks involved - and let him choose what is OK 
> for him.

I agree.  My proposed meters are intended as aids for learning.

> > First, Jim is asked the very minimal of personalizing his box: Give 
> > it a name!
> Why does the *box* need a name???

To be reachable.  MAC address or IP number is less user unfriendly.

> >  Technically there is more to it - a cryptograhically unique blob is 
> > generated, which stays on the box for now but is used later as basis 
> > for e.g. WebID and GPG.  If later creating additional names for 
> > other members of the household then more such blobs are created, and 
> > if later doing a reset then the blob(s) are erased from the box.
> You want to use the boxname as a random generator seed for crypto 
> keys!?

No, I don't.  But I want to ensure that the box I connect to next time 
is the same as the one I am now intimate with - not e.g. my brother 
swapping our boxes around for the fun of it (to pick a mild example).

> > Next he is asked if the name is a) private, b) can be revealed when 
> > anyone asks, or c) is proactively promoted to the world.
> And you need this name for???

The box need that preference to help rank services offered.

(Did you perhaps write above before finish reading my post?)

> > Above he implicitly made choices affecting the risk level.  The 
> > machine cannot know if he stupidly named the box after his 
> > creditcard pin code, but if he chose b) or c), we can start show a 
> > little "risk meter", still far down in the "safe zone".  Jim can 
> > perhaps (depending on the UI) click on this risk meter to get to 
> > those questions on preferred risk level, but if not it is simply 
> > informed to him what his actions cause on the risk meter.
> Sorry, but I disagree. Making your name public and maybe even linking 
> it to your IP is something a would call very high risk. When 
> publishing stuff, the user has to evaluate the risk for himself.

Not "your name" but "the name of your box".

So you consider e.g. owning a domain name "very high risk"?  I don't.

I do consider it very high risk to own a domain name in combination with 
doing criminal (according to your government, if not to yourself) 
activities, but such _combination_ is a different matter.

I consider "230V AC" as low risk, and "bath tub" as no risk, but "230V 
AC" and "bath tub" combined I consider a high risk.

Please give examples of what you consider low, medium and high risk (not 
just shoot down my suggestions).

> > There is a bunch (well, in first revision a rather tiny bunch, but 
> > still) of services on the box, and he is done when picking and 
> > activating at least one of those.
> > 
> > The box need to somehow prioritize what to suggest first - to rate 
> > the services.  Jim already tought the box a tiny hint about risk 
> > level in the answer of the exposure-of-name question.  But too 
> > little yet.
> This might be a way if your goal is publication and communication. But 
> I do not see it fit for ressource sharing. How do you expect users to 
> do ressource sharing without doing any of the 
> publication/communication stuff?

I fail to see it much different, and did hint about resource sharing.

Please play along (not just shoot down): Describe how _you_ imagine 
ressource sharing being experiences by our friendly non-geek end-user.

Perhaps your emphasis on solving some details you see as tricky might 
enlighten me on what you find weak in my draft.

> > We don't wanna scare off neither Jim nor the friendly journalists 
> > checking out the potential doomsday machine, so by default we want 
> > to suggest some harmless services.
> The problem is rather that services which ask you to publish personal 
> data are far from harmless. If we do not want to scare people not to 
> do this, then who should?

Let me try play along with you (even if I suspect that I disagree on the 
premise): our friendly non-geek becomes in danger if using the 
FreedomBox for blogging.  Do I get that right?

Then what do you consider sensible to offer our friendly non-geek?

Let's talk about user experience that makes sense.

> > If Jim chose a) as exposure-of-name, then e.g. Backup-of-PC would be 
> > proposed first, as that involves only himself and the box.
> And you need the name for...

For reaching the box.  MAC address or IP number is less user unfriendly.

> Sorting lists of services by seemingly unrelated options sounds very 
> complex and confusing. Mixing ressource sharing into this will not 
> make it any easier. Why not group them:
> publication/communication:
> - email server
> - instant messaging/jabber server
> - web site: static, blog, ...
> - ...
>   They ask you for network configuration individually (e.g. (dyn)dns, 
>   static IP, tor hidden service, pagekite, ...).
> ressource sharing:
> - tor server
> - who should be allowed to create backups
> - ...
>   They may need to ask you for incoming port, UPnP,...
> backup:
> - create backup now/scheduled
>     ftp, ..., use other FB for backup

I see no contradiction.  Makes perfect sense to me to provide the user 
with _both_ fuzzy (a.k.a. "complex and confusing") suggestions at an 
initial summary page (if we for a moment assume that we are talking 
about a web-based user interface) and _also_ provides a link to a page 
listing all available services, sorted by some sensible yet static 

 - Jonas

 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110509/074365a6/attachment.pgp>

More information about the Freedombox-discuss mailing list