--- published: false --- # User Experience * [Falsehoods Programmers Believe About Names - With Examples](https://shinesolutions.com/2018/01/08/falsehoods-programmers-believe-about-names-with-examples/) Shine Solutions Group > In this post I’m going to list all 40 of Patrick’s original falsehoods, but give you an example (or two) drawn from my experiences working in this space. Ready? Let’s go! > > 1. People have exactly one canonical full name. > 2. People have exactly one full name which they go by. * [Are Transactional Relationships Enough?](https://www.windley.com/archives/2022/03/are_transactional_relationships_enough.shtml) Phil WIndley > Our online relationships are almost all transactional. A purely transaction digital life can't feel as rich and satisfying as one based on interactional relationships. As more of our relationships are intermediated by technology, finding ways to support interactional relationships will allow us to live authentic digital lives. * [Using a Theory of Justice to Build a Better Web3](https://www.windley.com/archives/2022/05/using_a_theory_of_justice_to_build_a_better_web3.shtml) Phil Windley > Summary: Building a better internet won't happen by chance or simply maximizing freedom. We have to build systems that support justice. How can we do that? Philosophy discussions are the black hole of identity. Once you get in, you can't get out. Nevertheless, I find that I'm drawn to them * [Only 5% Of US Consumers Want To Be Tracked For Ads](https://anonyome.com/2021/05/only-5-of-us-consumers-want-to-be-tracked-for-ads/) Anonyme That means 95% of US consumers are saying ‘no way’ to cross-app tracking with Apple’s new [App Tracking Transparency](https://anonyome.com/2021/05/apples-new-att-and-why-facebook-is-hitting-back-hard/) (ATT) feature. * [Your User Is Your API](https://www.evernym.com/blog/your-user-is-your-api/) Evernym Rather than having one huge, expensive, and probably illegal data hub, every customer becomes a data hub in their own right. They provide the data needed, just-in-time, under their control. * [Do Consumers Even Want Personalized Ads?](https://anonyome.com/2021/06/do-consumers-even-want-personalized-ads/) Anonyme The [YouGov](https://www.globalwitness.org/en/blog/do-people-really-want-personalised-ads-online/) poll of consumers in France and Germany we mentioned earlier says it’s the [behind the scenes](https://mysudo.com/2021/02/beware-the-dark-patterns-trying-to-steal-your-data/) or back door nature of personalization that gives people the creeps. * [The railroad of (no) choice](https://www.mydigitalfootprint.com/2021/07/the-railroad-of-no-choice.html) MyDigitalFootprint > - to force something to be officially approved or accepted without much discussion or thought. > - to force someone into doing something quickly, usually without enough information. * [How humans understand identity](https://medium.com/universal-identity/how-humans-understand-identity-367200ae9591) Universal Identity * [Managing Authorization: Who Has What?](https://iiw.idcommons.net/4D/_Managing_Authorization:_Who_Has_What%253F) By David Schmudde Focused on communicating risks/harms to the user. Focus on the high-level user experience. - Steve Venema suggested the [Privacy Co-op](https://privacyco-op.com/frontdoor) - Make an individual's policy decisions [disappear into their workflow](https://www.hpl.hp.com/techreports/2009/HPL-2009-341.pdf). Whenever the application needed a resource, we knew the answer from the action they took in the UX. - Trust based on the context of the other people I know. - Web of trust: have my friends shopped here? - Reputation: what is the ranking of this place? - Revocation - Information is given, cannot be revoked (photo of a driver's license) - Permission is given, can be revoked (allow a 3rd party to say I have a driver's license) - Trust based on browsing history - TOFU: Trust based On First Use - trusted it once, will trust it again - [Kantara Initiative](http://wiki.idcommons.org/Identity_Trust_Charter): agreed to terms once. Will stay agreed unless they change. - The opposite of "who do you trust?" is "how are you making yourself vulnerable?" - [Kantara Initiative](http://wiki.idcommons.org/Identity_Trust_Charter) - obligations/consequences for violating the consequences - "identity trust workgroup" - Adopt the Personal Data Categories from Enterprise Privacy for the Consent Receipt V 1.1 - Consent for each purpose. People give consent at the purpose-level. ### Harms and User Risks. High Level UX by David Schmudde Focused on communicating risks/harms to the user. Focus on the high-level user experience. Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps: - Steve Venema suggested the [Privacy Co-op](https://privacyco-op.com/frontdoor) - Make an individual's policy decisions [disappear into their workflow](https://www.hpl.hp.com/techreports/2009/HPL-2009-341.pdf). Whenever the application needed a resource, we knew the answer from the action they took in the UX. - Trust based on the context of the other people I know. - Web of trust: have my friends shopped here? - Reputation: what is the ranking of this place? - Revocation - Information is given, cannot be revoked (photo of a driver's license) - Permission is given, can be revoked (allow a 3rd party to say I have a driver's license) - Trust based on browsing history - TOFU: Trust based On First Use - trusted it once, will trust it again - [Kantara Initiative](http://wiki.idcommons.org/Identity_Trust_Charter): agreed to terms once. Will stay agreed unless they change. - The opposite of "who do you trust?" is "how are you making yourself vulnerable?" - [Kantara Initiative](http://wiki.idcommons.org/Identity_Trust_Charter) - obligations/consequences for violating the consequences - "identity trust workgroup" - Adopt the Personal Data Categories from Enterprise Privacy for the Consent Receipt V 1.1 - Consent for each purpose. People give consent at the purpose-level. * [Realistically speaking: Identity reclamation/solutions for normies](https://iiw.idcommons.net/14H/_Realistically_speaking:_Identity_reclamation/solutions_for_normies) by Grace - What is the right balance between ease of use and identity, and how we use that in real life - Idea of how do we even get our identity back from where it’s stored - Current tradeoff for privacy is solutions that are barely usable (Duckduckgo, SSB) - Real versus online world, - Focused on the idea of context for each thing - Lively debate about the nature of reality versus virtuality - Discussion of whether corporate ownership of data is “data assault” and that the term data theft might be too mild. * [Device-free SSI: Ideas, Potentials and Challenges](https://iiw.idcommons.net/20J/_Device-free_SSI:_Ideas,_Potentials_and_Challenges) by Nuttawut Kongsuwan Links from Chat: Catherine Nabbala, 10:56:43 AM For offline discussions, pls email: win@finema.co Takashi Minamii 11:29:45 AM FYI:Hitachi's Solution (PBI)[https://www.hitachi.com/rd/sc/story/pbi/index.html](https://eu01st1.zoom.us/web_client/jzsz6o/html/externalLinkPage.html?ref%3Dhttps://www.hitachi.com/rd/sc/story/pbi/index.html) * [Can Kids Use D.I.D.s? What’s your tech for kids online?](https://iiw.idcommons.net/21K/_Can_Kids_Use_D.I.D.s%253F_What%2527s_your_tech_for_kids_online%253F) by Erica Connell Brief but rich conversation about what technologies may be available and/or practicable or are developing  to use with kids and their online presence. Use case: Wonderland Stage & Screen, interested in developing a platform to support youth creating media to share, comment, discuss their work that meets COPPA guidelines, allows freedom of participants, and provides a mechanisms for privacy. - Create an onboarding process that models a physical process - Collect information - Issue a credential - Offer wallet options for use - What kinds of credentials could we use? - View only - Interactive - Comment enabled * [The principles of user sovereignty | by 𝔡𝔴𝔥](https://uxdesign.cc/the-principles-of-user-sovereignty-515ac83401f6?sk%3Dd37a69c8efc8a48cdd4a23d0518ba8d0) The earliest discussion of the phrase I could find is a [blog post](https://blog.lizardwrangler.com/2011/08/04/extending-our-reach-many-layers-of-user-sovereignty/) from August 4th, 2011 by the “Chief Lizard Wrangler” herself, [Mitchell Baker](https://en.wikipedia.org/wiki/Mitchell_Baker) the CEO of Mozilla. In it she prophetically describes user sovereignty as the consequence of new “engines” that are “…open, open-source, interoperable, public-benefit, standards-based, platforms…” She also makes the critical link between the philosophy of openness and standards-based interoperability with that of identity management and personal data dominion. * [EPS for SSI (Self-Sovereign Identity)](https://medium.com/@kokumai/eps-for-ssi-self-sovereign-identity-8c742e2b1d02) > you might be interested to hear that the core of EPS is designed to convert images to high-entropy codes, which work as very long passwords and also as the seeds of symmetric or asymmetric cryptographic keys. * [Testing self-sovereign identity with the Lissi demo](https://lissi-id.medium.com/testing-self-sovereign-identity-with-the-lissi-demo-854e73d05aad) > We are convinced this demonstrated user flow can help to better understand the interactions in a digital identity ecosystem such as [IDunion](https://idunion.org/). [...] The Lissi team is in discussion with trust service providers, authorities, municipalities, agencies, associations and other relevant stakeholders to meet all the necessary requirements and provide you with the best user experience. * [Self-Sovereign Identity for Social Impact & Importance of UX](https://northernblock.io/self-sovereign-identity-for-social-impact-with-jimmy-snoek/) Jimmy J.P. Snoek, Tykn > We saw pretty early that the puristic view of SSI, in terms of having everything stored on edge wallets — when you go to somewhere in Sub-Saharan Africa, that’s going to be pretty difficult, when there’s maybe one phone in a village and it’s not even necessarily a smartphone. It’s very easy to say, “Oh yeah, but within SSI, everything has to be stored on the edge wallet.” What we saw was that if you make that this hard requirement, and keep working from that, then all these population groups are just going to be left behind more and more. * [Sexism in Facial Recognition Technology​](https://medium.com/berkman-klein-center/sexism-in-facial-recognition-technology-d5e547a6e7bc) Berkman Klien Center The use of facial recognition by law enforcement agencies has become common practice, despite increasing reports of [false arrests](https://www.nytimes.com/2020/06/24/technology/facial-recognition-arrest.html) and [jail time](https://www.nytimes.com/2020/12/29/technology/facial-recognition-misidentify-jail.html). While there are various downsides to facial recognition technology being used at all, including fears of mass surveillance and invasion of privacy, there are flaws within facial recognition technologies themselves that lead to inaccurate results. One such major challenge for this still-burgeoning technology is gender-based inaccuracies. * [A Deep-Dive on Digital Self-Determination](https://medium.com/berkman-klein-center/a-deep-dive-on-digital-self-determination-368c48d87705) Questions of control over personal data were a cross-cutting theme throughout a [Research Sprint](https://cyber.harvard.edu/story/2021-03/research-sprint-examines-digital-self-determination-increasingly-interconnected-world) co-hosted by the [Berkman Klein Center for Internet & Society](http://cyber.harvard.edu) and [Digital Asia Hub](https://www.digitalasiahub.org/). The Sprint also examined other important dimensions of self-determination in the digitally networked world, for instance, self-expression and participation in civic life and the digital economy, or relationship-building and well-being, to name just a few application areas. * [Tap and Prove](https://www.linkedin.com/pulse/tap-prove-stephen-wilson/) Stephen Wilson We should be able to “tap and prove” any important fact and figures about ourselves – as easily as we tap and pay with a mobile phone at any one of 100s of millions of terminals globally. * [Frontier Talk #6 | Bringing User-Centricity to Decentralized Identity](https://www.youtube.com/watch?v%3DUnWsu1gCe9k) - Nat Sakimura KuppingerCole Raj Hegde sits with identity veteran, Nat Sakimura - Chairman of OpenID Foundation to understand how user-centric learnings from existing authentication protocols can be applied to future identity initiatives. * [Most People Feel Negatively About Location Tracking in Websites and Apps](https://me2ba.org/most-people-feel-negatively-about-location-tracking/) Me2Ba.org The Spotlight Report, “[Consumer Sensitivity to Location Tracking by Websites and Mobile Apps](https://me2ba.org/spotlight-report-3-me2b-alliance-validation-research-consumer-sensitivity-to-location-tracking-by-websites-and-mobile-apps/)”, was developed to validate the Location Commitment scoring criteria in the [Me2B Alliance Safe & Respectful Technology Specification](https://me2ba.org/flash-guide-2-what-is-the-me2b-respectful-tech-specification/). The specification, produced by the Me2B Alliance’s Respectful Tech Spec Working Group, is designed to provide a standard for measuring safe and ethical behavior in connected technology. * [Me2B Alliance Validation Research: Consumer Sensitivity to Location Tracking by Websites and Mobile Apps](https://me2ba.org/spotlight-report-3-me2b-alliance-validation-research-consumer-sensitivity-to-location-tracking-by-websites-and-mobile-apps/) The Me2B Alliance (“Me2BA”)[3](https://me2ba.org/spotlight-report-3-me2b-alliance-validation-research-consumer-sensitivity-to-location-tracking-by-websites-and-mobile-apps/%23footnotes) is a nonprofit creating a safe and just digital world through standards development and independent technology testing. At the core of our work is our Respectful Technology Specification[4](https://me2ba.org/spotlight-report-3-me2b-alliance-validation-research-consumer-sensitivity-to-location-tracking-by-websites-and-mobile-apps/%23footnotes), currently in development, which provides an objective standard for measuring safe and ethical technology behavior. * [What is Respectful Use of Location Information? New Me2BA Research](https://me2ba.org/what-is-respectful-use-of-location-information-new-me2ba-research-published/) * [“Spotlight Report #3: Consumer Sensitivity to Location Tracking by Websites and Mobile Apps”](https://me2ba.org/spotlight-report-3-me2b-alliance-validation-research-consumer-sensitivity-to-location-tracking-by-websites-and-mobile-apps/). This research quantifies and qualifies public opinion of location tracking in a variety of different contexts within web and mobile technology. * [People Don’t Understand the Purpose of Privacy Policies and Terms of Service – New Research Published](https://me2ba.org/people-dont-understand-the-purpose-of-privacy-policies-and-terms-of-service-new-research-published/) Me2B Alliance ([Report](https://me2ba.org/spotlight-report-5-me2b-alliance-validation-testing-report-consumer-perception-of-legal-policies-in-digital-technology/) - Consumers are aware that legal policies exist on connected technologies and that they should read them, but they continue to choose to largely ignore them. - 55% of survey participants did not understand that a TOS/TOU agreement is a legal contract. This has significant implications because a key requirement for legally binding contracts is mutual assent, which means that both parties have a “meeting of the minds” and must understand they’re entering into a contract. - None of the interview participants were aware of tools that explain or rate privacy policies and TOS/TOU documents, and half said that a score would not change their behavior. - 66% of survey respondents believe that privacy policies protect the business, while 50% say they protect the consumer. It’s questionable that privacy policies protect either the individual or the business, as they are primarily legal notices, disclosures of how data is used by the technology and the companies behind it. Moreover, 39% of respondents erroneously thought that the privacy policy was a contract [between them and the company]. * [Backchannel: A relationship-based digital identity system](https://www.inkandswitch.com/backchannel/) Ink and Switch Using Backchannel as a model example, we propose four design principles for trusted digital relationships. Then we used Backchannel to design and build three sample apps: chat, location sharing, and document preview. We also tested these designs with journalists, researchers, and designers. Based on this testing, we outline common user experience challenges and recommended solutions. * [Identity and Consistent User Experience](https://www.windley.com/archives/2021/11/identity_and_consistent_user_experience.shtml) Phil Windley There's a saying in security: "Don't roll your own crypto." I think we need a corollary in identity: "Don't roll your own interface." But how do we do that? And what should the interface be? One answer is to adopt the user experience people already understand from the physical world: connections and credentials. * [Survey Finds Customers Frustrated With Passwords, Open to Biometrics](https://findbiometrics.com/survey-finds-customers-frustrated-passwords-open-biometrics-7102106/) FindBiometrics Passwords were a major point of contention in that regard, with a strong majority (68 percent) of consumers indicating that it is difficult to remember and key in a large number of passwords. Nearly half (44 percent) believe that biometric authenticators are easier to use, while 34 percent would prefer to use them as their primary means of identity * [Measuring the Ethical Behavior of Technology](https://me2ba.org/measuring-the-ethical-behavior-of-technology/) Me2bAlliance This session will share the results and learnings of the creation and development of an ethical “yardstick” for respectful technology, including its application to websites and mobile apps. The speakers will also explore learnings from everyday people in the validation research around the certification mark as well as share recommendations for tech makers. ### Accessibility * [Disability-inclusive ID Systems](https://blogs.worldbank.org/voices/access-agency-and-empowerment-through-disability-inclusive-id-systems) > Creating an inclusive ID system requires a comprehensive, whole-of-system approach to overcome barriers to ID enrollment and use for persons with disabilities. ### Customer Commons \ Intention Economy * [Making The Intention Economy happen](https://iiw.idcommons.net/3E/_Making_The_Intention_Economy_happen) by Doc Searls (& Customer Commons) * [The Intention Economy: When Customers Take Charge | Berkman Klein Center](https://cyber.harvard.edu/events/2012/05/searls) * [https://wiki.p2pfoundation.net/Intention_Economy](https://wiki.p2pfoundation.net/Intention_Economy) * [Making The Intention Economy Happen](https://iiw.idcommons.net/10B/_Making_The_Intention_Economy_Happen,_Part_2), Part 2 by Doc Searls This was a small meeting primarily meant to tee up Hadrian Zbarcea’s demo of Customer Commons’ new Intention Byway model for better signaling between demand and supply in markets of all kinds * [https://www.slideshare.net/dsearls/iiw-xxxiiintentionsession](https://www.slideshare.net/dsearls/iiw-xxxiiintentionsession) * [Will users and organizations have trust in keys roaming via the cloud?](https://www.kuppingercole.com/events/eic2022/blog/will-users-and-organizations-have-trust-in-keys-roaming-via-the-cloud) the FIDO Alliance, a set of open, scalable, and interoperable specifications has been developed to replace passwords as a secure authentication method for online services. The alliance has also worked with companies such as [Microsoft](https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-passwordless), [Google](https://cloud.google.com/blog/products/identity-security/protect-gce-vms-with-managed-fido-security-keys), and [Apple](https://fidoalliance.org/expanded-support-for-fido-authentication-in-ios-and-macos/)  to integrate and adopt FIDO standards across their operating systems. * [​​How Might we Design Consent Experiences for Data Sharing?](https://www.youtube.com/watch?v%3DbGgV2Ffnczg) ToIP HXWG with Dr Arianna Rossi  & Xengie Doan of Interdisciplinary Center for Security, Reliability and Trust (SnT) at the University of Luxembourg The complex ecosystem where manifold transactions can be automatically enabled by smart contracts contributes, at least in principle, to establish greater transparency about data use towards the many parties involved. However, the mere fact of building such a verifiable and traceable architecture does not automatically translate into understandable communications, easily applicable instructions and smooth transactions for human beings. * [If Tech Fails to Design for the Most Vulnerable, It Fails Us All: Building around the so-called typical user is a dangerous mistake](https://www.wired.com/story/technology-design-marginalized-communities/) Wired WHAT DO RUSSIAN protesters have in common with Twitter users freaked out about Elon Musk reading their DMs and people worried about the criminalization of abortion? It would serve them all to be protected by a more robust set of design practices from companies developing technologies. * [Design From the Margins Centering the most marginalized and impacted in design processes - from ideation to production](https://www.belfercenter.org/sites/default/files/files/publication/TAPP-Afsaneh_Design%2520From%2520the%2520Margins_Final_220514.pdf) * [Can digital identity help with the world refugee crisis?](https://securityboulevard.com/2022/05/can-digital-identity-help-with-the-world-refugee-crisis/) SecurityBoulevard The first international agreement on how refugees could handle the issue of missing or incomplete identity documents resulted from the Arrangement of 5 July, 1922, which was a meeting of the League of Nations. Among other things, the conference established a uniform [“identity certificate” for Russian refugees](https://www.refworld.org/docid/3dd8b4864.html), between one and two million of whom [had been displaced by various conflicts over the previous decade](https://www.icrc.org/ar/doc/assets/files/other/727_738_jaeger.pdf). * [Design Principles for the Personal Data Economy](https://medium.com/mydex/design-principles-for-the-personal-data-economy-f63ffa93e382) MyDex ([whitepaper](https://mydex.org/resources/papers/) A key part of this is continuity and longevity: a personal data store is for life, so the institutions providing personal data stores should be designed for decades (centuries, even). Whatever particular corporate form they take, legal safeguards relating to continuity and longevity of purpose need to be built into how they operate. ## Human Rights * [What Companies Can Do Now to Protect Digital Rights In A Post-Roe World](https://lists.w3.org/Archives/Public/public-credentials/2022Jun/0046.html) Good topic for CCG discussion and reading on the implications of a lot of the tech we are working on: * [What Companies Can Do Now to Protect Digital Rights In A Post-Roe World | Electronic Frontier Foundation](https://www.eff.org/deeplinks/2022/05/what-companies-can-do-now-protect-digital-rights-post-roe-world) * [Human rights perspective on W3C and IETF protocol interaction](https://lists.w3.org/Archives/Public/public-credentials/2022Jan/0014.html) Adrian Gropper (Wednesday, 5 January) The Ford Foundation paper attached provides the references. However, this thread should not be about governance philosophy but rather a focus on human rights as a design principle as we all work on protocols that will drive adoption of W3C VCs and DIDs at Internet scale. * [https://redecentralize.org/redigest/2021/08/](https://redecentralize.org/redigest/2021/08/) says: *Human rights are not a bug* * [Part 0: The 7 Deadly Sins of Digital Customer Relationships](https://www.evernym.com/blog/7-deadly-sins-customer-relationships/) * [Part 1: Decentralized Identifiers: Building Smarter, More Sustainable Customer Relationships](https://www.evernym.com/blog/decentralized-identifiers-customer-relationships/) DIDs are about building lasting private and secure digital relationships with customers, and as we’ll see with each of the Deadly Sins, about reducing costs, increasing compliance and enabling truly personalized products and services – without being creepy.