 So hi, I'm David. So just a quick disclaimer, some people are allergic to cats. I'm allergic by the lack of cats, so I will cough sporadically throughout this presentation. Just a heads up. Cool. So this is a very obligatory, like, biography slide. This is really boring, so I added Doge. This is kind of the sriracha of presentations. So I'm a developer by trade, but I've been doing more in the design and user experience world, so I've been kind of bringing in, like, UX and UI from developer perspective. I help organize crypto parties in New York City, Brooklyn, Manhattan, et cetera, Staten Island even at one point. And kind of the foray that I've had into privacy enhancing technology or something was the thing that I called hastaxhaste.ac, which is a thing that basically turns your Google search history into a big mess. There's a version on GitHub that kind of works on Chrome, but not really. I don't know why I put the suicide group on this thing. Oh, also I'm from New York. Cool. So here's kind of the typical story of what happens. There's been a lot more attention lately on a lot of privacy enhancing technology, namely a lot of things that use crypto. So people have been wanting to learn more about it, so people come to crypto parties and they're like, hey, I want to do this stuff, like, you know, I want to be cool like Rope Witches. So yeah, so they go there. Also exporting PNGs apparently gives you the white background by default instead of a black one. So this is kind of the history of, like, what we're going to be talking about since December 2012 when the first crypto party happened in New York. You've had like 24 of them and they've kind of been everywhere. So these are all different communities. They all have different skill levels, different areas of expertise. Not all of them are going to be like the holistic totality of security, cryptography and the math behind it, and operational security. So it's a myth. So you have hacker spaces where these things end up kind of happening first because there's just enough of a crossover on Twitter between hackers and the CCC and actual wolf that it just ends up happening. So that's kind of the first audience. There's been a few of them at, like, Afwan, Fat Cat Fab Lab, which just recently had its relaunch in my predecessor, which I'm a member of. And a lot of people there are kind of more or less primed to the idea of, like, security and technology. So, but maybe less so on kind of usability, which I'll get into in a little bit. Libraries are kind of the different story. We've done a few crypto parties at the Broken Public Library. And then Verso Books is not a library, but I added them in there because they've had a few things. And it's kind of a cellular environment. And that brings in kind of a cross-section of everybody in Brooklyn. So not just, like, Williamsburg hipsters, but just, like, everybody. Like, people from, like, Coney Island and stuff. It's great. They deal with a lot of new internet users, so people that have never touched email outside of a web browser or, like, outside of an app. So the whole idea of, like, a protocol being what's actually behind the scenes is a new thing. So it's important to know, like, remember, like, what people's mental models are around. Like, a lot of these systems. So people are to see it as being end-to-end when it's really not. Art Gallery is just because, like, New York has them. Calix Institute is not an art gallery. It's the Calix Institute. But it's inside an art gallery. Weirdly enough, because they have space. BabyCast was just kind of this weird video game slash coding slash digital art cool space that brings in, like, a lot of interesting folks. And they're kind of doing it just because, like, it's just an intrinsically, like, compelling thing to just be able to, like, have this technology that, like, you know, takes galaxies or computers worth, like, of computing power to actually, like, crack. So they're coming in from a totally different perspective, not necessarily always having a specific case for it, but just, like, the coolness of having the ability to do that. Co-working spaces are kind of a different story. It's kind of a mix of, like, well, you know, I want to have... I just want to be more secure. The internet is, like, filthy and dangerous. Like, what do I do? So that's kind of their perspective. They're usually using technology that is popular for conducting business, but maybe not necessarily knowing the policy view of just, like, what security means and all that. University is kind of the same kind of general issue, just, like, grad students being curious and there's free food. So, yeah. So I'm bringing this in from kind of a developer perspective, but one of the best avenues for that is kind of the first, like, place to start, I think. So the McIntosh Human Interface Guidelines are actually really great for more than just McIntoshes from, like, OS2 in the 90s. Not OS2, like the IBM OS2, but, like, the second OS. Anyway, the first two chapters or so kind of go through some of the fundamentals of user experience and user interface. And these are all just very valuable lessons that I'll just kind of dive into, particularly some of the ones that, like, specifically deal with or have kind of issues with dealing with security software. So here's some key lessons. So we have this idea back in the day of, like, modelessness of just, like, having the ability to have, do multiple things without having to switch between different modes. So, like, you have the ability to, like, you know, print while you're doing something else and, you know, multitasking, et cetera. The idea, though, is that, like, with security you have a mix of modes, including the... I'm not even going to touch the DGA cable. The fact that a lot of this stuff is actually built... You have the idea of modes between secure and insecure mode, which were a little weird, because that's a very unique case of when I'm not even touching the table of something to keep in mind. And unfortunately, like, this is a place where people can really, really mess up really easily if this isn't done extremely well. A lot of the crypto software that we have really sits popular, is built on top of existing systems that were not inherently designed to be secure. Email, XMPP, these things were not designed to be end-to-end encrypted. And because of that, we sort of built software that just piggybacks on top of it, thus creating a difference between a default and secure mode. So yeah, this will... That's something to think about, and there's very careful ways of, like, approaching that, I'll get into in a little bit. There's also the idea of precisability. Unfortunately, in the open source world, we tend to kind of code for us and then kind of add a, like, UI later. It's kind of a problem because, really, the user only sees the UI. Like, they have no understanding of what's going on behind the scenes, or a need for understanding what's going on behind the scenes in some cases. But they do perceive that any, like, breaking that happens in the front end immediately translates to them as something that's broken kind of underneath the hood, as well. So this is something that's particularly important in crypto, because, like, if you screw up in your privacy, then it's kind of game over. So if you want to make sure that if something is working behind the scenes but isn't on the front end, you want to make sure that the front end, the integrity of that matches what's going on in the back end as well. Otherwise, the workiness of the back end is just not communicated. They're going to assume it's broken. User testing. So there's a, it's a good idea to prototype your software. Just, like, iterate. So instead of just, like, having one thing or it's like, all right, it's out, and then we're not touching it forever. Kind of go through as you add more features, dog food them on people, get them to use it. At Hope, there was a great talk by Katie and Smith, which, unfortunately, there's only audio up on the Hope website. So you should check it out if you want to learn, like, how to use your tests. There's also the idea of metaphors. This ties into greater UX concept of steamorphism where it's like, here's your contact book, but it's not a book. It's, like, a database inside your phone. But we use these things to kind of explain, like, what a thing does and what its function is in the way you use it. And unfortunately, this is really hard in crypto because we have a lot of things that are really ambiguous, or we reuse some things. Like, Diffie Hellman created the idea of, like, public and private keys. But that was just because, like, for, like, all of the history of humanity, if you wanted to send a encrypted message, you had to share a private key of some kind, or a private, like, Cypher key. So that sort of verdict was just, like, passed into it. So it's like, oh, well, you have a public key and a private key now. In the real world, like, you can't really do anything with two keys. Like, my colleague from Crypto Party Phoenix will rather came up with the idea of having a lock, and then that is your, like, public key, and then, like, the actual private key is the key, and that makes more sense because you lock stuff up with your private key, with your public key. Or, sorry, you can lock things up with your private key and then distribute the public key for anybody that wants to send you something that you can only unlock. We also have issues with the term fingerprint as well, which I'll get into in a minute. So the more modern lesson specifically from cryptography software, just from, like, years of kind of basically user testing in front of accidentally side-effective user testing with Crypto Parties, is there's an idea of, like, forgiveness in UXUI where you have the ability to undo something, to, like, you know, if you make a mistake, it's cool, we'll just undo it, it's fine. You can't, like, if you screw up once in some processes within a lot of crypto software, it's just done, like, there is no undoing. So that means that you instead have to, like, make sure that people know what they're getting into and kind of have things in your UI that communicate what's about to happen to mitigate mistakes. So another thing is just, like, having too many tools, like, we're looking at, say, like, GTG, for example, that typical setup that we usually prescribe is essentially on OS 10, for example, it's, like, GTG tools, Thunderbird, Enigmel. And if you're doing, you know, checksums and all these things as you download them, it's a lot in process, like, and that's tedious, that's probably people actually, like, even though they've read about it and they kind of get the idea of what to do, they'll wait until they get to a Crypto Party before they actually attempt it because there's so many steps involved that they don't want to mess any of them up because, of course, Crypto mistakes and Crypto software mean onage. Anyway, so that's kind of the idea there. That's a huge force of fricking for a lot of things. There's also, I'm just calling this, it's totally made up term, false hope, where if there is something that could go wrong for a feature might not be available, it might not be what they're used to, it's a good idea to warn the user ahead of time just to, like, let them know. It's, like, this sort of digital equivalent of, like, the highway sign that has, like, cows or, like, goats or emus where it's like, you might hit a cow if you come here. It's the same idea. You want to, like, kind of communicate what's about to happen, what prerequisites they need before they get to the next step, and I'll get into some examples with that as we go along. There's also just, like, the fact that even if you have everything communicated 100% correctly and it's awesome and, like, there's no confusion, the internet will fuck it up. Like, people will go home, do a doc.go search and be like, I'm going to go look for XMPP and gain, and oh, this website from 2003 says I need to install game and game doesn't exist anymore, it was renamed to Pigeon and it's also called Jabber in that system and not XMPP. So there's, there's one of those things where, like, you have to mitigate the realities of the confusion of everybody else. Kind of prime example of that is just, like, explaining what a fingerprint is and then having an analysis where it also could be called, like, a hash, for example. So actually, before I did the talk, I had this idea in the back of my mind that I wanted to, I wanted to actually start a Tumblr blog that was inspired from ReadTheFuckingHead.Tumblr.com, which is all about, like, calling out bad design and Mac applications. And I wanted to do that kind of with crypto stuff originally, but then I was just, like, looking at, like, how much that blog didn't solve and, like, everybody, like, tweeted really hard as snarky as they could to try to fix the security industry and design and it just didn't work. So in the spirit of kind of the sort of common themes of stability and empathy that we want to permeate through the tech industry, I'm just offering basically constructive criticism on existing tools and then, like, going to their bug tracker or their GitHub and doing all these examples except for two of them because it's taking a long time for me to, like, come up with a good design for that. Basically offering alternatives on, like, how they can do things differently, which I'm going to go over right now. So this first example I never recommend in any crypto party because, well, shitty crypto. But I'm going to bring it up for one great feature and one awful feature. Specifically, when you're dealing with different devices, there's different contexts to solve for hormones on. So, you know, your crypto could be, like, awesome, but if the person on the other end can take a screenshot, then send it to somebody, then, you know, game over, like, and I guess copy and paste and things like that, too. So it's one of those things that you want to mitigate to, like, discourage that. Telegram kind of does this by letting people know that they took a screenshot. Also, I realize I'm going to blur out Wool's name at the bottom, sorry. And the thing is, though, there's also issues with kind of going back to the idea of modes, of knowing, like, whether you're in a secure mode or not secure mode. I have no idea why Telegram isn't just always in a secure mode because they built their own infrastructure, they built their own everything, but maybe they're, like, crappy crypto doesn't let them do that right of all. So people make these mistakes, like, this is secure and it's like, no, you didn't turn on OTR. And so can you spot, like, where, like, what indicator, what tells you, communicates to you in the UI, like, whether one is encrypted or not? Like, there is the tiniest, like, lock icon at the very top of next to the name. And it is the only thing that is, like, telling you, like, by the way, this is end-to-end encrypted and not just, like, encrypted and transit. So there's a lot that could be done better there. And here's some examples of how to do it better. So Chrome does a pretty good job at this. It's more obvious, like, you have this kind of, like, you know, the top sort of, like, the way people kind of look at stuff, top to bottom, left to right, since I'm not necessarily, in this case, you could go right to left. The first thing we'll see will be the top of things, in this case, a window, and you're seeing that it's a different color than what the other windows are. It's different, and it has, like, a weird creepy fedora guy in the background. Now, in the forefront, though, you see, like, something that will only be needed if you read once. And basically, that just kind of lets you know what's about to happen. Oh, yes. Hi, Defconn. Who's out there? Is this the first Defconn? Wow, that's a lot of hands. All right, so I'm guessing that you guys have already seen this once today. For those of you who don't know what's going on, we have this tradition for first-time speakers. They get to do a shot on stage with the goons. He has to. Hi, everyone. Should he join in? Yeah, yeah. 3-0, 84, yeah. Fuck you. Yeah, yeah. Cool, yeah, yeah. Awesome. So, yeah, so we have the... So we have a good example of, I think it's just something about the conductivity of... It made the screen turn on. This is good. It might be just something about the metal table. I'm totally guessing. So, yeah, so Chrome, in this case, has, like, a little message in the front that you saw earlier. So it kind of tells you just, like, what's going on and what specifically this covers. Like, it doesn't tell you you're about to enter, like, onion router lands or anything. It just says, like, specifically, you know, we're not going to store cookies except for this session. This doesn't protect you from your employer, et cetera, or anybody that has access to the network. It's something that you only had to read once and that's why it's kind of in the background and out of the way. So it's useful the first time. It's still there for anybody that needs it. So it's just a good thing to have. It's a good design, I think. It's out of the way. It's there. But, uh, cool. Okay, cool. Thanks. Another good example is actually Torre Project. So the Torre browser, like, happens in this completely distinct window where, like, inside of it, you're in, like, anonymity, like, crypto utopia and outside of it, you're back in, like, surveillance land. So that's kind of the idea there. And I think that's a good design to just have a totally separate window and just, like, not screw down with anything outside of that. In, like, militaries, you see the idea of, like, here's a computer that's, like, the right computer, the hot computer. Here's one that's, like, safe to use. So you have, like, two different devices, and that makes it so that it's less easy to make a mistake on the, like, oops, I did this on the wrong, totally different machine. Versus, like, oh no, I did this in the wrong window. I didn't have, like, my SOX proxy setup or whatever. So this is one way to do mode really well. This also tells you, like, kind of how it works, kind of next steps. And that's kind of, it's great. It's good that it explains things. On the opposite end of not explaining things, this is an old version, so it's just a full disclaimer, like, this has all been fixed. But a release a signal, like, back in January, like, can be kind of ran into some problems with people where it was, like, yeah, there's an industry blue button, so nobody knows what it does, people were afraid to touch it. Like, please label things. Like, it's one of those things where I know, like, sort of, this sort of, like, beauty-sided design tends to favor things that have, like, you know, very minimal text, very minimal everything, and just have, just sort of copy and apple on their industrial design. But when it comes to things like this, you really want to mitigate mistakes, and because of that, you want to make sure that people know what they're getting into specifically. And also, kind of, another thing that you see in the design world is just, like, let's take this number of steps and turn them into two steps, or three, or, like, as few many steps as possible. So it made it so that you can just have a contact call on, like, two steps, just boop, and then tap. Unfortunately, though, it doesn't give you the option of, like, asking you whether you actually want to call them, so, like, pretty much three out of the four people that tried this the first time, like, accidentally called somebody, without realizing where they're just going to go through it. This was also fixed, now it does what it expects. The other thing is also, going back to the theme of false hope, Signal runs their own, like, it's not using a telephone system, like, traditional voice telephone system, so it doesn't necessarily need, like, an iPhone, so it was installing an iPod Touch, but then instead it couldn't, and then it just kind of didn't have a thing to say no. It does now, and actually it just works on the iPod Touch, which is great. But here's one of those things where, like, you want to deal with these kind of cases and, like, make sure people understand right away, like, what they can or can't do before you, like, say, go follow these steps, by the way, you can't do anything while this is going to be a recurring thing, too, and a few other software packages. Currently, yeah, this is, like, under GitHub, so this is being looked at. There's the idea of a call button having, like, a corded phone, like, I'm old enough that I remember using a non-cellular phone and what those, like, were shaped like, including a rotary phone, like I said, I'm 30. So, yeah, it's one of those things that just might be, like, a far future concern, like, post-millennials, like, if people stop watching 80s movies, then people might not understand this weird, like, half-C shaped thing as a phone, just something to think about. The other thing, too, is just, like, it's a good idea to explain what different features are and Cognito Mode did this, of course, and, you know, your mobile device scan, too, so, like, there's a thing for screen security. This actually specifically is, like, if you do the, like, expose thing in iOS where you're, like, tabbing between applications, that actually takes a screenshot of what you're doing and then kind of saves it in, like, memory, if I'm really. But in this case, it doesn't say that that's what this protects from, so it actually just, like, when you do the expose thing, it just has a blue overlay, which is great. So the screenshot is just, like, this blue screen with the logo in the middle. So, yeah, explain to me whether this is great, and it's really not hard to do. I think I'm not an iOS developer. And there's also this, so here's the deal with fingerprint. So I kind of alluded to the idea of just, like, me not liking, like, using fingerprint and phrasing, especially with mobile apps, only because, like, in the context of where a lot of people are using these in New York, these are people that have been arrested or protested and they've had their fingerprint taken. So I have this idea that, yes, there is a way to, like, make this thing that was ink, like, into a digital thing, and it's, like, is that what that is? Like, iPhones have a fingerprint reader built into them. So the context of where this is happening is a little bit different. So that is something that has literally been tricking people up as far as, like, what that means. There's also just no explanation of just, like, what it's derived from or, like, why it's useful or, like, how to use it. So if you're going to use that, I would recommend, like, how it's useful and, like, how it's, like, oh, it's a mathematical hash of, like, whatever the protocol. So, yeah, so fingerprint, I don't like that analogy, especially with mobile. So going back to the theme of, like, kind of systems that have their own infrastructure, this is great. This is awesome because, like, if you have that ability to just have only a secure mode and just have it run in the background and you have to think about it, it makes it so you can't make the mistake of, like, whoops, I accidentally sent this in plain text. So period use is an example of this. There's others, of course, which I'll get into. There's some of you wishes that we ran into which I'll get into in the next slide. One of them wishes is, like, do you have to add a contact before you can send a message to them, but that's not necessarily communicated well. And it looks so much like e-mail that people just assume it works exactly like e-mail. So, like, people will post, like, their period handles under Twitter or whatever. And they'll go, like, I'm going to send some of the period message and I can't. The other thing, too, is the idea of... So, another thing that is fantastic is it makes what I would consider better passwords in terms of using passwords that are really long instead of, like, tiny, like, weird things that are hard to remember. This is great, but there's also a short pin thing that lets you, if you're on specifically, that will only work on that device, let you enter a short pin. It's kind of like a muscle, I guess. Like, if you don't exercise that long pastries, people have been kind of forgetting that over, like, the course of a week or so. So, there's ways of testing for that. I did a really weird project where I tried to use images for a pin that only worked on a local land at the last place that it worked at. The way we user tested before we wrote a single line of code is we took a giant piece of cardboard and placed a series of 12 baseball cards, 12 Pokemon cards, 12 World of Warcraft cards, and 12, like, weird animal zoo cards from, like, the Netherlands. And we went around the office and we were just, like, pick your favorite one and we'll write it down. And then, like, a few days later, we'll be like, which one did you pick? And then a week later, it was like, which one did you pick? And then, like, a month later, three months later, they all remember. It was awesome. That's just the only reason why we went forward with it. I think phrases could be done the same way, so similar user testing, doing things that way will, I think, be great in helping people help you figure that sweet spot out, I think. There is kind of an average that can come in and play on that. This is kind of just what I wasn't looking to earlier. Again, this is on their radar. This is something you're looking into. So this is just, like, what I did instinctively would I pick one of the first that I ever picked up already is just like, hey, I have their username. Let's write a message. Oh, no, I don't have recipients, but I have one. So it's one of those things where, like, you kind of want to let them know this is a real career-quisite step before that you give them the false hope of continuing and then not being able to actually do a thing, especially after you put work into it. So here's the downside of a lot of these kind of systems that have their own, like, infrastructure that doesn't piggyback on insecure legacy systems is every investor wants their horse in the race as far as, like, the new messenger up. You totally want to go after WhatsApp or whatever. And almost none of them are interoperable. Like, nobody's going to install, like, eight secure message VNAPs on their phone and then wants to remember, like, what contacts are on which one. So everybody's just counting on network effects that just come into play and be, like, everybody's going to use, you know, SureSpot or whatever. And there are standards. I would encourage any developers out there to, like, use standards. Of course, Signal has a lot. So our old Miniloc is a curious thing. But can be used by other things. OTR, of course, is used. PPP is also used. Let's talk about OTR. So here's the thing that just always the thing that comes up in every crypto party, despite having, like, kind of a lot of other secure messaging options. But for desktops, it's actually kind of sparse. We have an OTR plugin for DM for, sorry, for Pigeon, and then we also have a DM, which also has support for that. The thing is the way this is communicated is a little weird. It's people are like, hey, let's go download OTR. They'll go to their phone, like, look for OTR. So, but that really means, like, oh, you have to use something like chat secure, different client, and you have to be it's different depending on what platform you're on. And it's called the actual protocol behind the scenes. It's called the different things. You already have to have an account, or in some cases you can create one, but sometimes there's not an easy way to be that built in. Ah, cats. And so, yeah, basically the and then you need an XMPP account, and sometimes some of the providers don't have them, like, signs for who they get, so that just ends up looking weird and just always ends up sketching people out. So this is what the Pigeon interface looks like now. We kind of, like, have people use. And so Thunderbird has this. They have an onboarding process where if you like over Thunderbird for the first time, you can just set up a new email account with, like, whatever. Pigeon, unfortunately, lacks this. It's something that I would like to see built in. I'm working on designs in GTK. I don't know how to do that. And, so you have to kind of already have an account, or if you know the server that you want to connect to, you can create a new account there using this. But it's also weird because it's the same interface. It's one of those things that's probably really efficient in the code where it's the same display used for the edit screen and is also the same for the create screen. But you have this, like, persistent checkbox at the bottom. Like, even if you're, like, just tweaking your, like, microphone, you still see it, like, creating an account on the server, but it doesn't belong in that context anyway, so why is it there? So I would recommend moving that out, and I'll give it to you a good example of how to do that in a second. Yeah, and then there's just, like, issues with, like, the fact that it's just a very alien way for a lot of people to do things that they would normally be, like, or reset my password. And then just things that are kind of a throwback to what old IM things used to do, but don't really make sense in this context, like, mail notifications. There's also just a mix of, like, different things that are related to security or privacy being thrown out in kind of similar contexts, which will seem like PGP as well. But yeah, there's just not too much of, there's not a very distinct way to distinguish, like, transit security versus end-to-end security, which I think is something that really is a new thing that people should think about, and I don't know how to communicate that visually well, but it's something that I'm interested in tackling. In the U of T, our settings, of course, are in a different place, because it's a plug-in, so it's worse a little differently. And the install process is a little different, too, because you have to install two things. You have to install Pigeon or DM, so there's just already, like, now you're just installing more tools, and it's different in other places, like, if you're using Debian, you have, like, you just have to install it and have a signed copy of that binary, like, available. Whereas in other things, you just, like, checkbox, install, cross your fingers. And then people are like, hey, why don't we have this built in? Yay, awesome, 2013, let's do it. And then, like, afterwards, people are just kind of like, yeah, thumbs up, and nobody's done it yet. As of May and also July. So we'll see how far that goes, but it looks like that will be available on the Pigeon 3.0 release, which I'm looking forward to in five years. So there's ChatSecure, which is a really great example of how to do this. So, this has a very distinct thing to, like, be able to say, do you have an account? No, let's create one, and just have that be available right away. It's very easy to just kind of jump in immediately and start using it, which is good. So this is basically what it could be. Like, you don't have to, like, memorize what the URLs for these different things are. And it's like, oh, is it ccc.com? No, it's d-e. It's like, is it duck.go.com? No, it's something. And you see everything right there, which is great. There's a few presets. You can add your own, though. You still have the freedom to do that, which is awesome. And then there's some good defaults on all of those sort of encryption, a few other things. This is a very good user experience. Like, this is basically the user experience that's shooting these. So let's take it up a notch. So let's talk about PGP, which, like, it's basically like, if you ever played Icaruga, then you know what PGP is like. Um, usability has been talked about in PGP actually for a while. The recommendation is why Johnny can't encrypt. Uh, which my colleague Trammel recommended when we got in somewhere. Uh, which is great. So this talks about a 1999 issue, like issues from 1999 regarding PGP. Uh, some of them we actually still run into, just one. Uh, some of them have been solved actually quite well. Uh, but yeah, they actually did user testing with a specific audience of, like, I think maybe 12 to 24 people and, like, two of them were able to successfully do everything properly, as far as, like, sending the encrypted email to the other person. There were confusion under points. Uh, which I'll let you look into by downloading that paper sometime. Okay. So the thing with PGP is, like, you already have, like, too many movie parts. You already have too many tools, kind of what I alluded to earlier. Uh, this is just, like, different, the popularity of different platforms doesn't necessarily line up with what volunteers know. Like, for some of the reasons, there's a huge crossover between security privacy and the BSD group. So at any given crypto party in New York, you'll have more people that know how to install PGP on BSD than you do on Windows. Uh, and because those interfaces are different, like, it's hard to, like, help them out on, like, well, an open PGP tools is like this, but in here it's like this, and nobody really knows for sure a new thing because if they make a mistake, they're fucked. Um, so, and the other thing is also something you have to explain, because, like, people just aren't used to the idea of emails or protocol, and it's like, oh, you have to set up your email account first, and then install it, so, like, and Ignal is part of Thunderbird, but then Ignal has to be able to talk to your PGP install, so you have to do that. Um, and even on an user system, they've never, like, looked at email outside of a website or an app, so it's just something that has to be considered into play. It's like, you're not just introducing any encryption to them or PGP to them, you're also introducing the idea of email as a protocol to them, uh, which is weird, and also, like, people that have been having, that have had their Gmail account now for, like, ten years, uh, you know, I'm absolutely false, so it's just going to try to download everything, they use the internet connection slow, and you can't actually do things while that's happening, because it just chokes up the CPU so bad that you can't actually do it. So it's a good idea to, like, take advantage of threading for different processes, and have things in the background run while things in the foreground happen. Uh, of course that wasn't the way email always was, like, Pop makes it so that you didn't have it, so that you're not downloading your entire email history on the server, you're just getting an email as it comes to you, the idea of, like, one email landing in one place that you checked, and a different email landing in another place that you checked, and having those not sync across devices in the modern age, like, after the 90s is something that people are just terrified by, it's just a box for them. All right, and the other thing too is just, like, the stack that we're counting on, as far as, like, Thunderbird, like, the cross-platform, like, thing that we can tell everybody to use in Windows, Linux, or Mac, or OpenVSC, is, uh, is basically a man-aware at this point, like, they're doing bug fixes, but there's not gonna be any other design changes happening anytime soon. Um, there's, like, just little things, like, that people don't think about, like, set text sizes and, like, this resolution of displays and things like that, and how small that gets. Uh, so it's important to, like, accommodate really big screens, because even if you don't think that your email app is gonna, like, show in Times Square, the resolutions of your screens are only gonna get stronger, and so that's something that's gonna have to be thought about. Uh, there's also noting that the subject line is not included. Also, something that was brought up in the 1999 paper on why Johnny can't encrypt. Uh, there are ways of, kind of, highlighting things within, like, those text boxes. You do that for the two, PGP does that for the two phones, so let me know. It should be great for the subject line in my opinion. Uh, kind of like what it does here when you have, like, the two feel it's, like, highlighting red. Um, because I don't have, like, signatures. The trust level's not high enough or whatever. And then you have the subject line, but nothing is indicating that it's unencrypted at all. So, you know, we literally just have to tell everybody individually forever. Uh, so we could just have something either highlighted red, and then you have a little thing that pops up to say, hey, this is unencrypted. The rest of the body isn't, sorry, it's just unencrypted. Um, let me also have this idea of multiple things. You know, like, multiple types of encryption happening and, like, a little bit of confusion on what each of those are. So, the future is, uh, not looking so good for that, but there's also the idea of, like, doing PGP in the browser, which has security issues. Uh, but that's why it's done an extension, not in the browser, but then browsers get hacked, so the operating systems, so security-wise, I don't know, that's, I'll leave that to all of you to figure out, like, whether that's an awful idea or not. Uh, there's a few people doing this. Uh, Yahoo, Google, Whiteout, Melbalope, all basically doing kind of the same thing. Uh, I haven't had a chance to use Yahoo or Google saying, uh, Melbalope, er, sorry, Whiteout.io I couldn't use because it just kind of froze and I couldn't, maybe it did generate a key successfully and I didn't know if the front-end was working. Uh, so, this is what people do when they tell me, when they use Melbalope, uh, they'll start typing a message. Uh, there'll be a little thing that pops up kind of in the very corner of that composed window. Uh, no text on it, just like a little thing that has like a little icon with a pencil or a piece of paper on it. Uh, and then as soon as you start typing into these gears, it doesn't come back. Uh, then you're like, alright, I'm running the encrypts. Oh, wait, I can't. And then you open up the tab, and it's saying that, er, you open up the button, and it's just saying that it's like, you can add a tab. What does that mean? In this case, you have the ability to, like, add Melbalope to different file service providers, which is a useful feature, but, like, it's not in the place where people expect it, that would be something like an advanced settings or, like, a different thing. Uh, the other thing, too, is, like, you just, well, you can see it on the screen, but, like, the draft is safe. Like, you've already typed in your secret message that you want to, like, say or whatever, and it's already done. Like, there's no one to do on that, really. The age of Google, like, dated retention. Uh, so that's the thing, it's like, it should literally just stop you. It should have a different window composed, that should have asked you immediately. Like, is this going to be a secure message? Just, like, do not start typing yet. Uh, and then go for it. Uh, this is a complex design, especially to deal with in, uh, web-based context, where, like, you don't really have that in full UI, that's already pretty presented. Uh, but there are advantages. Like, everybody already has web browser, people are already familiar with how to use Gmail or Yandex or whatever. Uh, Chromebooks are just all over the place. You, like, the speaker room had Chromebooks. Um, there's also just the idea of just, like, PTP's fundamental architecture doesn't always work so well with browser extension contexts where you have, like, these, like, criminal storage and, like, things, like, you wipe out. Uh, you know, extension caches that can include your private key and then suddenly you don't have a private key anymore, of all. Uh, and these things made sense back in the day. Like, I don't want to, like, diss on those women for creating something that made, like, total sense in 1991. You had a computer. You only had one computer. You didn't have to worry about moving files around because you were just always on one machine. Uh, and it was in a locked house. You already had, like, you really had to worry about key security. You didn't have to worry about iCloud, like, copying your private key and giving it to Apple. Uh, that was just, wasn't a thing back then. And there's the idea of, like, key servers back then kind of made sense because you really have, like, secure, like, a real strong way to, like, say, hey, here's how to announce my public key without securing it in transit. You need to do now with HBS. Um, I was social media that also uses HBS and multiple kind of outlets for social media where we can put public keys in not only different websites, but different jurisdictions that those websites live in. So if you have, like, your public key on QQ or Yandex, I am, whatever, and, uh, you know, Twitter, then you have to deal with, like, three giant governments that hate each other cooperating to, like, work over your public key. To, like, try to change all those, basically. So it's, it limits the threat model a lot that way, and that kind of approach is something that I really like. Uh, the other thing that you get is, like, our thing was already slow to begin with, with, uh, crime factoring. And, like, even I think the GitHub issue, one of the GitHub issues that I saw on Google's and Dan and Griffin involved, like, trying to, like, find out, like, how to make factoring crimes faster. So they're looking at, like, Chinese mathematicians from, like, the ancient days and, like, how they did stuff. Actually, it's SunZoob and not that SunZoob. It's pretty cool. Uh, so that's just one of the things. Like, do we need private keys to be files? Like, can we just have them, like, determined or, like, derive, like, deterministically from a hash of the public key with a long passphrase? Which is what MiniLock does. Uh, that gets around the idea of, like, having to worry about file security, which people are just not good at. People will literally have people go into classrooms and not understand what a file is. Like, this is the age of, like, iPad apps. So it's, it's scary, but it's something that you're going to deal with. Um, and like I said, like, social media kind of helps with the, the function that key servers basically use at one point. The way, like, what Keybase is doing, I think, is extremely compelling. Uh, that's just new where fast performance encryption, like, ECC actually runs really fast in JavaScript. I'm not saying that so much. Uh, yeah, that's basically my talk. Uh, these are my Twitter's and website. Don't forget to add me as a contact for us, and I have to approve it, and then that's when we can talk. Uh, public key ID law, fingerprint, and also, for any of you that are working on these tools, uh, if you're open source, check out simplysecure.org. A lot of people running it behind the scenes are really great. Some of them have taught me some things about user testing, so they're kind of like, they're good people to talk to. Uh, and like I said, check out that hope talk Um, yeah, that's it. Any questions, comments, ideas, concerns, grants. I have no idea where the microphones are for Q&A, but they're around, I think. So the question was, do you think it makes sense to keep working on PGP or just kind of like let it, like send it to the Goof factory? Um, I think a lot of people are already using it. It's one of those things like email where I think it'll continue to exist, whether we like it or not, so you might as well come up with ways to like have to use it in a way that makes sense. Some of the things that I was thinking about, specifically for PGP, is the idea of like, well, what if you treated file security the way you would with a key like for a door, um, and it's just the thing that you carried with you. Like, do you really need your private key on the computer that you want to use it with? Uh, we have like arm-based computers that can like live on a USB drive, and I wonder whether that could just be like the super lockdown PGP like computer that you carry with you and then just plug in via USB to the laptop that you want to use PGP on or NFC to the mobile device to just like be able to say like, hey, script this message. Um, actually not even do the encryption on the machine on your like user device, but the actual PGP computer and just have it like send in plain text, give you that cipher text, and then just have it do the delivery from there. And that would help solve, I think, a lot of usability problems that are coming as far as like file security, having to think about backup software, like all these other things. So it's one approach that I think works. Uh, the other is just like better desktop software, um, mailpiles, seems like it's promising and doing well for that. But again, as long as private keys remain as files, um, you're either going to have to have that file in like one place really secure, or you're going to have to like learn and become a security expert. So, yeah. Any other questions? Any other questions?