IncreaseWKDUsage2021 bachelor thesis

Christoph Klassen is writing his bachelor thesis (at Intevation) about how usage of WKD can be furthered. Bernhard Reiter does the mentoring, see gnupg-devel@ for discussion and for contacting Christoph or Bernhard.

Started at 2021-10

Goal

WKD is easy to implement and brings the advantage of good usability. Because of that it is desirable to spread it and increase its usage. The question is how to do that and which is the best way. More concrete: Which measures fit best to spread the WKD standard. This measures are taken from the area of software engineering and include documentation, testing and implementation. They will be applied to different products that are Free Software.

Difficulty

It is necessary to evaluate the success of different measures to tell which one was the most effective one. It is not possible to track users while using their products, because one main promise of the products is to protect users privacy. So there have to be other ways to measure the success. One idea is to log the WKD calls on a server, which has much traffic. Please contact Bernhard or Christoph when you have these possibilities or know someone who could do this service. It would be very helpful!
This idea would help to evaluate the success of all measures overall. Additionally, it would be of great value, if there would be a way to differentiate between the measures. Maybe the statistics could show a correlation between measures and increase of WKD calls.

Use Cases

It is necessary to define use cases, so it is easier to speak about how to implement the WKD-standard. These use cases were written by using Cockburns template [1].

Use Case #1: Write an encrypted email

Goal: Sending a confidential message.
Precondition:

• An email-client, which uses the OpenPGP-standard, was installed
• The person, who wants to write the email, does not have the pubkey of the receiver yet
• The receiver did create a pubkey and made it available on a WKD server
• The pubkey of the receiver needs to be fetched automatically

Success: An encrypted email was sent
Failure:

• An unencrypted email was sent
• No email was sent
• The receiver cannot decrypt the encrypted email

Actors: A random person
Trigger: A person wants to write a confidential message to another person in a way that no other person can read its contents.
Description:

1. Person opens the email-client
2. Person opens the window to compose an email
3. Person enters address, subject and message
4. Person sends the email

Extensions:

1. Person checks, if the email really can be encrypted, before trying to send it
2. Person checks, if the pubkey is trustworthy
3. Person checks, how trustworthy the pubkey is

Use Case #2: Validate the signature of an email

Goal: Check, if an email was written by the person, whose email address was used.
Precondition:

• An email-client, which uses the OpenPGP-standard, was installed
• The person, who sent the email, created a pubkey and made it available on a WKD-server
• The pubkey of the sender needs to be fetched automatically
• The person, who wants to check the signature, does not have the pubkey of the sender yet

Success: The signature of the email could be checked
Failure: The signature of the email could not be checked
Actors: A random person
Trigger: A person receives an email with important information and wants to know, if it was really written by the person, whose address was used to send the email.
Description:

1. Person opens the email-client
2. Person opens received email
3. Person sees if the signature of the email is valid

Extensions:

1. Person checks, if the pubkey, which was used to check the signature of the received email, is trustworthy
2. Person checks, how trustworthy the pubkey is, which was used to check the signature of the received email

Criterions to evaluate the state of products (Draft)

To evaluate how far the progress of different products in terms of WKD is, own criterions are created. These are influenced by the use cases mentioned above and allow to make a quantitative evaluation. Each criterion is a statement. If it is true, the product gets the number of points that is shown in the brackets. The maximal possible amount of points is 12.

• The WKD-standard was implemented in any version. (1)
• The WKD-standard was implemented in the most recent version. (1)
• WKD is enabled by default. (4)
  • If not:
    • There is an instruction how to enable WKD in the user documentation. (1)
    • It takes maximal five interactions with the UI to enable WKD. For example: 1. Open the menu. 2. Go to settings - 3. Open section "Privacy"or something similar - 4. Toggle some UI element. (2)
      • If not: It is possible to enable WKD, but it takes more than five interactions with the UI. (1)
• It is documented in the user documentation that WKD is used in the product. If users did not know that a product implements the WKD-standard and they read the user documentation, there is a chance that they find out about WKD and start to use it. (1)
• WKD is used automatically. The users do not have to press a button to retrieve a key via WKD. (1)
• WKD is used, when users enter an email, whose pubkey they do not own yet. (1)
• WKD is used, when users validate the signature of an email. (1)
• The GUI product shows, if a pubkey is trustworthy. (1)
• The GUI shows, how trustworthy a pubkey is. (1)

Another way to evaluate products is to do a heuristic evaluation. Jakob Nielson created ten different heuristics to examine the usability of products. On [2] is a recent article, where he summarizes the heuristics. The essence of these heuristics is that users want to be able to predict the softwares behavior and to have the feeling of control about the software. Therefore it is necessary that the application gives users enough information to know, what is going on. On the other hand users shouldn't be overwhelmed with to much information or too many choices and UI elements. It is also important that a software is consistent in itself and with other applications, which the users also use, so they can re-use their experience.

State of products and progress

Here it will be described what state different products had at the beginning of the work and what measures were taken to increase the usage of WKD.

Mailvelope

Previous state (analyzed version 4.4.1)

• Does use WKD
• The implementation is not up-to-date since it doesn't contain the advanced method
• There is an issue for the advanced method on Github: https://github.com/mailvelope/mailvelope/issues/774

Measures

• As part of this work a branch was created to implement the advanced method: https://github.com/c8k/mailvelope

Claws Mail

Previous state (analyzed version 3.18.0)

• Integrated WKD since version 3.18.0 / 4.0.0
• How to get a key via WKD:
  • At the right side of an opened email is a toolbar with a button that contains a key icon (see Screenshot attachment:wkd_claws_mail.png
  • A click on it opens a window where the key of the belonging email address can be fetched (via key server or WKD)

Measures

• Request: In the compose window users can right-click on an email address to open a context menu, where they can e.g. add this address to their address book. To give users the possibility to retrieve keys of email addresses, from which they didn't receive an email yet, it was requested to implement another action to do just that. Optionally, this action could be shown only, if the user enabled a privacy system.
• Request: Automatically enable a privacy system as soon as an user adds one, when loading a plugin.

FairEmail/ K9Mail

Previous state

• Use OpenKeyChain to retrieve keys via WKD and encrypt emails
• It is necessary to open OpenKeyChain to retrieve keys. This step is not possible in the GUI of the products

FairEmail

Previous state (analyzed version 1.1776)

• Heuristic Evaluation of FairEmail

Measures

• Requested an easier way to open the OpenKeyChain app, so users can open it from FairEmail and don't have to go to the settings of the phone to start the OpenKeyChain app there.
• Reported a bug: When an encrypted mail was recieved and that mail was decrypted with FairEmail, a message appeared saying, that the mail isn't signed. But when the mail is decrypted there is an icon left of the lock icon and after a tap on it, a message appears, which tells that the signature is valid. So the first message seems to be incorrect.
  • Was fixed in a newer version
• Recommended to edit the UI in the compose window. There are three icons. Two of them can be interacted with and one not, but all of them have the same style (no borders, no background, same color etc.). To be more consistent it was suggested to remove the icon without function or to adjust the style of the icons, so that the one, which can't be interacted with, has a different style.
  • The icons got different colors in a newer version

K9Mail

Previous state (analyzed version 5.806)

coming soon

KMail

• Serves as a reference in this work
• It was analyzed (version 5.18.3), but no measures were taken
• KMail implements the latest WKD-standard
• WKD is not enabled by default. How to change this can be found here.
• Pubkeys are fetched automatically, if WKD is enabled.

Thunderbird

• Was also only analyzed (version 97.0a1) because it will probably be difficult to contribute to such an extensive product
• Implements parts of the WKD-standard
• If a key is not available, the direct method will be used, even if the subdomain openpgpkey exists. This is not compliant with the standard.
• WKD is enabled by default, but the search has to be started manually.

Sources

[1] H. Balzert, Lehrbuch der Softwaretechnik: Basiskonzepte und Requirements Engineering, 3. Edition, Spektrum Akademischer Verlag Heidelberg: 2009
[2] J. Nielsen, 10 Usability Heuristics for User Interface Design, https://www.nngroup.com/articles/ten-usability-heuristics/