Differences between revisions 19 and 20

IncreaseWKDUsage2021 bachelor thesis

Christoph Klassen is writing his bachelor thesis (at Intevation) about how usage of WKD can be furthered. Bernhard Reiter does the mentoring, see gnupg-devel@ for discussion and for contacting Christoph or Bernhard.

Started at 2021-10

Goal

WKD is easy to implement and brings the advantage of good usability. Because of that it is desirable to spread it and increase its usage. The question is how to do that and which is the best way. More concrete: Which measures fit best to spread the WKD standard. This measures are taken from the area of software engineering and include documentation, testing and implementation. They will be applied to different products that are Free Software.

Difficulty

It is necessary to evaluate the success of different measures to tell which one was the most effective one. It is not possible to track users while using their products, because one main promise of the products is to protect users privacy. So there have to be other ways to measure the success. One idea is to log the WKD calls on a server, which has much traffic. Please contact Bernhard or Christoph when you have these possibilities or know someone who could do this service. It would be very helpful!
This idea would help to evaluate the success of all measures overall. Additionally, it would be of great value, if there would be a way to differentiate between the measures. Maybe the statistics could show a correlation between measures and increase of WKD calls.

Use Cases

It is necessary to define use cases, so it is easier to speak about where to implement a WKD call. These use cases were written by using Cockburns template [1].

Use Case #1: Write an encrypted email

Goal: Write and send an encrypted email
Precondition:

An email-client was installed
A key-pair was created
The pubkey of the receiver needs to be fetched automatically

Success: An encrypted email was sent
Failure:

An unencrypted email was sent
No email was sent

Actors: A random person
Trigger: A person wants to write an encrypted message to another person
Description:

Person opens the email-client
Person opens the window to compose an email
Person enters address, subject and message
Person sends the email

Extensions:

Person checks, if the email really can be encrypted, before she/he tries to send it
Person checks, if the pubkey is trustworthy
Person checks, how trustworthy the pubkey is
Person checks, if the email will be signed

Use Case #2: Read an encrypted email

Goal: Open an encrypted email to read its content
Precondition:

An email-client was installed
A key-pair was created
The pubkey of the sender needs to be fetched automatically

Success: The encrypted email could be read
Failure: The encrypted email could not be read
Actors: A random person
Trigger: A person receives an encrypted email and wants to read it
Description:

Person opens the email-client
Person opens received emails
Person sees that she/he got an encrypted email
Person opens the encrypted email

Extensions:

Person checks, if the email was signed with a valid signature
Person checks, if the pubkey, which was used to encrypt the received email, is trustworthy
Person checks, how trustworthy the pubkey is, which was used to encrypt the received email

Criterions to evaluate the state of products (Draft)

To evaluate how far the progress of different products in terms of WKD is, the questions in the list below will be answered. If the answer is positive a product gets the amount of points that is shown in brackets. The maximal possible amount of points is 12.

Are the maintainers familiar with WKD?/ Did the maintainers hear about WKD? (1)
Are the maintainers convinced of WKD? (1)
Is WKD implemented already (2)
- If not: Is it planned to implement WKD? (1)
Is it documented that WKD is used in the product (Is it mentioned in release notes or user documentation, so the users can find out, if the product offers WKD? Maybe the products offers it, but users don't know it yet. If WKD is mentioned somewhere, at least they could ask how to use it)? (1)
Is WKD enabled by default? (4)
- If not:
  - Is it documented how to enable WKD? (1)
  - Can users enable WKD in 3-4 steps (e.g. 1. Go to settings - 2. Open section "Privacy"or something similar - 3. Toggle some UI element)? (2)
    - If not: Can users enable WKD somehow? (1)
Is WKD used automatically? (1)
Is WKD used when composing emails? (1)
Is WKD used when reading emails? (1)

Another way to evaluate products is to do a heuristic evaluation. Jakob Nielson created ten different heuristics to examine the usability of products. On [2] is a recent article, where he summarizes the heuristics. The essence of these heuristics is that users want to be able to predict the softwares behavior and to have the feeling of control about the software. Therefore it is necessary that the application gives users enough information to know, what is going on. On the other hand users shouldn't be overwhelmed with to much information or too many choices and UI elements. It is also important that a software is consistent in itself and with other applications, which the users also use, so they can re-use their experience.

State of products and progress

Here it will be described what state different products had at the beginning of the work and what measures were taken to increase the usage of WKD.

Mailvelope

Previous state (analyzed version 4.4.1)

Does use WKD
The implementation is not up-to-date since it doesn't contain the advanced method
There is an issue for the advanced method on Github: https://github.com/mailvelope/mailvelope/issues/774

Measures

As part of this work a branch was created to implement the advanced method: https://github.com/c8k/mailvelope

Claws Mail

Previous state (analyzed version 3.18.0)

Integrated WKD since version 3.18.0 / 4.0.0
How to get a key via WKD:
- At the right side of an opened email is a toolbar with a button that contains a key icon (see Screenshot attachment:wkd_claws_mail.png
- A click on it opens a window where the key of the belonging email address can be fetched (via key server or WKD)

Measures

Request: In the compose window users can right-click on an email address to open a context menu, where they can e.g. add this address to their address book. To give users the possibility to retrieve keys of email addresses, from which they didn't receive an email yet, it was requested to implement another action to do just that. Optionally, this action could be shown only, if the user enabled a privacy system.
Request: Automatically enable a privacy system as soon as an user adds one, when loading a plugin.

FairEmail/ K9Mail

Previous state

Use OpenKeyChain to retrieve keys via WKD and encrypt emails
It is necessary to open OpenKeyChain to retrieve keys. This step is not possible in the GUI of the products

FairEmail

Previous state (analyzed version 1.1776)

Heuristic Evaluation of FairEmail

Measures

Requested an easier way to open the OpenKeyChain app, so users can open it from FairEmail and don't have to go to the settings of the phone to start the OpenKeyChain app there.
Reported a bug: When an encrypted mail was recieved and that mail was decrypted with FairEmail, a message appeared saying, that the mail isn't signed. But when the mail is decrypted there is an icon left of the lock icon and after a tap on it, a message appears, which tells that the signature is valid. So the first message seems to be incorrect.
Recommended to edit the UI in the compose window. There are three icons. Two of them can be interacted with and one not, but all of them have the same style (no borders, no background, same color etc.). To be more consistent it was suggested to remove the icon without function or to adjust the style of the icons, so that the one, which can't be interacted with, has a different style.

K9Mail

Previous state (analyzed version 5.806)

coming soon

Sources

[1] H. Balzert, Lehrbuch der Softwaretechnik: Basiskonzepte und Requirements Engineering, 3. Edition, Spektrum Akademischer Verlag Heidelberg: 2009
[2] J. Nielsen, 10 Usability Heuristics for User Interface Design, https://www.nngroup.com/articles/ten-usability-heuristics/

-  ⇤ ← Revision 19 as of 2021-12-06 14:01:48 → 
  Size: 8842
  Editor: Christoph Klassen
  Comment: added second use case and explanation for heuristic evaluation
+   ← Revision 20 as of 2021-12-06 14:22:06 → ⇥
  Size: 9214
  Editor: Christoph Klassen
  Comment: edited criterions and added explanation
-Deletions are marked like this.
+Additions are marked like this.
 Line 68:
-To evaluate how far WKD is integrated and how easy it is to use WKD in different products, the questions in the list below will be answered. If the answer is positive a product gets the amount of points that is shown in brackets. The maximal possible amount of points is 14.
+To evaluate how far the progress of different products in terms of WKD is, the questions in the list below will be answered. If the answer is positive a product gets the amount of points that is shown in brackets. The maximal possible amount of points is 12.
 Line 73:
-*Is it documented that WKD is used in the product? (1)
*Is WKD enabled by default? (5)
+*Is it documented that WKD is used in the product (Is it mentioned in release notes or user documentation, so the users can find out, if the product offers WKD? Maybe the products offers it, but users don't know it yet. If WKD is mentioned somewhere, at least they could ask how to use it)? (1)
*Is WKD enabled by default? (4)
 Line 77:
-***How easy is it to enable WKD? (max. 3)
*Is WKD used automatically? (2)
+***Can users enable WKD in 3-4 steps (e.g. 1. Go to settings - 2. Open section "Privacy"or something similar - 3. Toggle some UI element)? (2)
****If not: Can users enable WKD somehow? (1)
*Is WKD used automatically? (1)