OMG!!! Is the camera still ON!?!
From a thesis on user consent, privacy, and security in WebRTC.
This is not a problem of security in the technical sense, but rather in a usability sense. If the user doesn't understand how this works, s/he will be susceptible to phishing-attacks from web sites attempting to gain unsolicited access to the various input devices of, for example, a mobile phone.
To begin defining the potential problems, we brought together two students - one from computer science and one from interaction design - to shed some light on the subject. By combining their technical and design knowledge as well as focusing on usability and user-experience, we were able to gain insightful feedback.
The purpose was to:
- understand the user's mental model of conversational video setting
- understand how the user would interact with these new functions in the browser
- find ways to obtain informed consent to use camera and microphone from the user
- build prototypes and conduct user tests
In order to better understand user reasoning when giving webpages access to cameras and microphones, we conducted interviews using paper prototypes, questionnaires, and full-scale user-testing with customized browsers. This rendered a large set of information that eventually led to the following conclusions:
- To most users, the distinction between browser and website was not clear.
- Prompting poses a fine line between getting attention and blocking the user.
- The user expected a self-view from the camera if it is on.
- The user expected easily reachable controls (e.g. in the self-view, much like video controls).
- Learnability benefits from consistent placement, color, shape and response.
Clearly, we face challenges in this area that involve not only technical understanding, but also require understanding of usability issues and most importantly, will focus on the user perspective.