Heuristic Evaluation of Enigmail
(706.100 Seminar/Projekt 6SP WS 2015/16)
Authors
Carina Yasmin Enzinger
Bianca Helbig
Supervisors
Keith Andrews
Ralph Wozelka
Expert Evaluators
Konrad Baumann
David Derler
Vesna Krnjic
Johanna Pirker
The Results of a Heuristic Evaluation of the Thunderbird Add-on Enigmail
Report of 8th Jan 2017
1 Summary
Enigmail is a free Thunderbird Add-on for encrypting and signing email. This heuristic evaluation of Enigmail was performed in Jan and Feb 2016 in collaboration with four experts (see Table 1) in the fields usability and/or cryptography, who do not use Enigmail regularly. They were first given some background information about cryptography in general and some typical use cases for Enigmail. They were then asked to install Enigmail, to send signed and encrypted emails, and to review Enigmail by pointing out any positive and negative impressions (findings).
The experts were asked to think out loud while inspecting the interface, like in a thinking aloud test. After all four evaluations, all positive and negative findings were documented and assigned to heuristics (see Appendix A) by the project team. The findings were gathered in a table and rated for their positivity and severity, by all experts and the authors. The list of all positive findings was sorted in decreasing order of positivity (see Section 6). The list of all negative findings (problems) was sorted in decreasing order of severity (see Section 8).
The most positive finding was that none of the experts had any problem locating the Enigmail project page and downloading it. Although the evaluators struggled with the installation, all of them did eventually manage to install it. Vesna Krnjic remembered testing a much older version of Enigmail which she never really used, because it was too complicated. She remarked that the version of Enigmail (38.5.1) evaluated in this study had much better usability than the older version, and thus appears to be heading in the right direction.
For typical computer users (non-experts in cryptography), the largest difficulty appears to be the installation and setup of Enigmail. Howvere, even experts had problems installing Enigmail, since the setup wizard's manual mode does not function at all. The second most important issue occurred on the Mac: the user received feedback that a public key was successfully added, when in fact it had not been added to Enigmail's Key Management and encryption did not work. The parallel use of GPG Keychain and Enigmail on the Mac appeared to be the root cause of a number of problmes (problems 1, 2, 9, 19, and 24).
The problems ranked in 3rd, 4th and 5th place are all related to a lack of feedback from Enigmail about what is currently happening. Problem 3 addresses the conflation of negative feedback with positive feedback, leading to confusion about whether or not the email will be encrypted. Problem 4 describes the issue that the message about saving the revocation certificate in a secure place (like a CD) comes after the user already saved it somewhere. Problem 5 reflects a lack of clarity about which public key Enigmail is using, in cases where a user has multiple key pairs.
2 Introduction
In 2014, Edward Snowden described the GPG (GnuPG) software [GPG] used to encrypt emails as "damn near unusable" [Sno2014]. Arne Padmos discussed some of the reasons for this in his talk “Why is GPG 'damn near unusable'?” [Pad2014]. The problems involved today are much the same as those specified in the 1999 paper “Why Johnny can't encrypt” [Whi1999]. Not much has changed in the past 17 years.
Enigmail [Bru2017] is a free add-on (extension) for the Thunderbird [TMF2017] open source email, news, and chat client. It can encrypt and sign emails using GPG. The Enigmail project is maintained by Patrick Brunschwig. The enigusab project [And2017, Woz2016] was initiated by Keith Andrews and Ralph Wozelka to help improve the usability of Enigmail.
3 Evaluation Methodology
Heuristic evaluation is a form of usability inspection, whereby a small team of usability specialists (typically 3 to 5) use their experience and judgement to analyse and assess a user interface. Heuristic evaluation is sometimes also called an expert review. The method was first formalised by Jakob Nielsen and Rolf Molich in 1990 [Nie1990].
Each evaluator assesses the interface alone, using a small set of usability principles (the heuristics) to guide their work. The output of each individual evaluator is a list of potential problems and positives, each with one or more representative screenshots.
The evaluation manager aggregates the 3 to 5 individual lists of problems into a larger combined list of problems, and then asks the evalutors to assign severity ratings to each problem in the combined list. Finally, the list is sorted in descending order of average severity, so that the most important problems are at the top of the list. Similarly, a combined list of positives is created and sorted by positivity. A good description of the heuristic evaluation method is given by Jakob Nielsen [Nie1995].
For this evaluation, Nielsen's revised set of ten usability heuristics [Nie1994] were adapted and extended with three more heuristics. These are described in Appendix A.
4 Evaluators and Evaluation Environments
The four evaluators and their evaluation environments are shown in Table 1. The evaluation sessions were recorded with Camtasia [TS2017], which captures the screen, webcam, microphone and any system sounds.
| Evaluator | Konrad Baumann | David Derler | Vesna Krnjic | Johanna Pirker |
|---|---|---|---|---|
| Age | 49 | 27 | 34 | 27 |
| Sex | male | male | female | female |
| Expert | Usability | Usability, Cryptography | Usability, Cryptography | Usability |
| Device | MacBook Pro | MSI-GP60 (Oracle VM 5.0.14) |
MacBook | PC |
| Operating System | OS X Yosemite 10.10.5 | Ubuntu Gnome 15.10 | OS X El Capitan | Windows 10 |
| Screen size | 13" | 15.5" | 13" | 27" |
| Thunderbird Version | 38.5.1 | 38.5.1 | 38.5.1 | 38.5.1 |
| Enigmail Version | 1.8.2 | 1.9 | 1.8.2 | 1.8.2 |
| Language (Enigmail) | German | English | English | German |
| Date of evaluation | 02-02-2016 | 25-02-2016 | 29-01-2016 | 28-01-2016 |
| Time of evaluation | 1.30 - 3.30 pm | 5.00 - 6.00 pm | 9.30 - 11:30 am | 9.00 - 9.30 am |
5 Main Positive Findings
The three most positive findings were as follows.
5.1 Easy to Find and Download
It is quite easy to find and download the Enigmail extension if its name is known. All four evaluators were immediately able to find and download Enigmail. Figure 1 illustrates three different ways to download Enigmail.
5.2 It Does What It Should
Enigmail does what it should straightforwardly. In particular, the simplicity of pushing a button to encrypt a message was complimented.
5.3 Better than Previous Versions
One evaluator (VK) had experience with a previous version of Enigmail. She remarked that the tested version 1.8.2 is definitely an improvement, but still needs some work to suit the needs of normal users.
6 List of All Positive Findings
Table 2 lists all of the positive findings from the evaluation, in decreasing order of average positivity (most positive first). The initials of the evaluators indicate who made which finding, and are shown in Table 3. The positivity ratings themselves are described in Table 4.
| No. | Short Title | Description | Screenshot/ Video | Location (how reproducible?) | Found By | Positivity | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| KB | DD | VK | JP | KB | DD | VK | JP | CE | BH | Av | |||||
| 1 | Easy to Find and Download | It is quite easy to find the Enigmail Add-on/extension just knowing the name. Enigmail is provided at different kinds of search engines. Like this all four evaluators found a way at once to download Enigmail. | easy-to-find.png | y | 4 | 4 | 3 | 2 | 4 | 3 | 3.3 | ||||
| 2 | It Does What it Should | Enigmail does what it should straightforwardly. In particular, the simplicity of pushing a button to encrypt a message was complimented. | y | 3 | 3 | 2 | 3 | 3 | 3 | 2.8 | |||||
| 3 | Better than Previous Versions | One evaluator (VK) had experience with a previous version of Enigmail. She remarked that the tested version 1.8.2 is definitely an improvement, but still needs some work to suit the needs of normal users. | y | 2 | 0 | 2 | 3 | 3 | 4 | 2.3 | |||||
| 4 | Self Explaining | Using Enigmail is quite self explaining after the installation because the symbols easy to find. | b-self-explaining.png | y | 3 | 2 | 3 | 3 | 1 | 1 | 2.2 | ||||
| 5 | Expiry Date | It is possible to define and change the expire date of the key. | b-expire-date.png | y | 3 | 2 | 1 | 1 | 3 | 2 | 2 | ||||
| 6 | Unencrypted Warning | Enigmail warns the user if an email is not encrypted. | pirker-002026.png | Writing an email. | y | 3 | 2 | 3 | 3 | 1 | 0 | 2 | |||
| 7 | Fancy User Interface | The design when writing emails is pretty good. | d-user-interface.png | y | 3 | 2 | 3 | 2 | 0 | 0 | 1.7 | ||||
| Initials | Evaluator |
|---|---|
| KB | Konrad Baumann |
| DD | David Derler |
| VK | Vesna Krnjic |
| JP | Johanna Pirker |
| CE | Carina Enzinger |
| BH | Bianca Helbig |
| y | Found by this evaluator |
| Positivity | Meaning |
|---|---|
| 4 | Extremely Positive |
| 3 | Major Positive |
| 2 | Minor Positive |
| 1 | Cosmetic Positive |
| 0 | Not a Positive |
| Av | Average Positivity |
7 Analysis of the Main Problems
The five most severe problems found during the evaluation are described in detail here, most severe first.
7.1 Manual Mode in Setup Wizard
The most severe problem was discovered in the manual mode for experts, shown in Figure 2, where the setup wizard simply does not work correctly. After going through the setup wizard, when the user attempts to send a first encrypted or signed email, Enigmail gives the feedback "Enigmail is disabled for the selected identity", as shown in Figure 3. Redoing the setup wizard in beginner's mode fixed the problem without going through a whole new key pair generation, but there was no indication that anything was changed or fixed by beginner's mode, as shown in Figure 4.
At the end of GPG installation, a summary window like the one shown in Figure 5 confirms the successful installation. Unfortunately, the summary window is immediately obscured by the newly opened GPG Keychain window shown, as illustrated in Figure 6, so the user is unable to see (at this point in time) that GPG installation was successful. After key pair generation is completed and the GPG Keychain window closes, the summary window becomes visible, but at this point causes unnecessary confusion.
7.2 GPG Keychain
On one occasion, opening a public key received as an email attachment with GPG Keychain (the default) (see Figure 7), only added that public key in GPG Keychain (see Figure 8) and not in Enigmail Key Management (see Figure 9). This issue only occurred once on a MacBook. A screencast of the problem can be seen in Figure 10.
7.3 Unencrypted and/or Unsigned Message
The positive feedback that a message will be encrypted is not particulary prominent and could easily be overlooked, as can be seen in Figure 11. The negative feedback is shown in red but the wording could be mistaken as positive feedback if the prefix "un" is overlooked, as shown in Figure 12. Neither message appears directly adjacent to the button which produces it.
A better formulation would be: "This message will NOT be signed and NOT encrypted." It would be better to put the text next to the buttons anyway to make clear that it is a feedback for each button. The best solution, however, would be to overlay the button icons with either a green tick or a red cross to indicate the current status.
In fact, both the red warning message and the text "Enigmail:" to the far left are clickable, but there is no indication of this.
7.4 Location to Save Revocation Certificate Message Appears Too Late
The information window that a revocation certificate should best be saved on a safe external medium such as a diskette or CD only appears after the revocation certificate has been saved. The information window is shown in Figure 13.
7.5 Public Keys of the Same Email Address are not Distinguished
If a user has more than one public key associated with the same email address, it is not apparent which of the public keys will be attached by pressing the "Attach My Public Key" button in the write an email window, as shown in Figure 14.
8 List of Problems Found
Table 5 shows all the problems found during the evaluation, sorted in descreasing order of average severity. The severity ratings themselves are explained in Table 6. The evaluator(s) who found each problem are indicated by their initials. The evaluators and their corresponding initials are listed in Table 7.
| No. | Short Title | Description | Screenshot/ Video | Heuristic | Location (how reproducible?) | Found By | Severity | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| KB | DD | VK | JP | AS | KB | DD | VK | JP | CE | BH | Av | ||||||
| 1 | Manual Mode in Setup Wizard | The most severe problem was discovered in the manual mode for experts, where the setup wizard simply does not work correctly. After going through the setup wizard, when the user attempts to send a first encrypted or signed email, Enigmail gives the feedback "Enigmail is disabled for the selected identity". Redoing the setup wizard in beginner's mode fixed the problem without going through a whole new key pair generation, but there was no indication that anything was changed or fixed by beginner's mode. | interrupted-gpg-installation.mp4 beginners-after-manual-mode.mp4 krnjic-000258.png krnjic-000804.png krnjic-000906.png |
A13 Bug | install Enigmail → manual setup wizard | y | 4 | 2 | 4 | 2 | 3 | 4 | 3.2 | ||||
| 2 | GPG Keychain | On one occasion, opening a public key received as an email attachment with GPG Keychain (the default), only added that public key in GPG Keychain and not in Enigmail Key Management. This issue only occurred once on a MacBook. | adding-public-key.mp4 krnjic-001431.png krnjic-001448.png krnjic-001536.png |
A13 Bug | Open public key attachment of an email. | y | 3 | 3 | 4 | 3 | 2 | 3 | 3 | ||||
| 3 | Unencrypted and/or Unsigned Message |
The positive feedback that a message will be encrypted is not particulary prominent and could easily be overlooked. The negative feedback is shown in red but the wording could be mistaken as positive feedback if the prefix "un" is overlooked. Neither message appears directly adjacent to the button which produces it. A better formulation would be: "This message will NOT be signed and NOT encrypted." It would be better to put the text next to the buttons anyway to make clear that it is a feedback for each button. The best solution, however, would be to overlay the button icons with either a green tick or a red cross to indicate the current status. In fact, both the red warning message and the text "Enigmail:" to the far left are clickable, but there is no indication of this. |
krnjic-004221.png krnjic-004233.png |
A12 Unclear Meaning | Deactivate encryption and signing button. | y | 3 | 2 | 4 | 1 | 4 | 3 | 2.8 | ||||
| 4 | Location to Save Revocation Certificate Message Appears Too Late | The information window that a revocation certificate should best be saved on a safe external medium such as a diskette or CD only appears after the revocation certificate has been saved. | pirker-001135.png | A01 Feedback | Enigmail → Setup Wizard | y | 3 | 2 | 3 | 3 | 3 | 3 | 2.8 | ||||
| 5 | Public Keys of the Same Email Address are not Distinguished | If a user has more than one public key associated with the same email address, it is not apparent which of the public keys will be attached by pressing the "Attach My Public Key" button in the write an email window. | which-public-key.png | A01 Feedback | new email → attach public key | y | 3 | 2 | 4 | 3 | 3 | 2 | 2.8 | ||||
| 6 | Add-on Description | The German website of Enigmail states that Enigmail requires GPG. One user thought that it is required to install GPG separately, before Enigmail could be installed. The Enigmail website should tell the users that the setup wizard will take care of GPG installation. | pirker-000051.png pirker-000236.png pirker-000401.png pirker-000537.png |
A10 Help and Documentation | https://addons.mozilla.org/de/thunderbird/addon/enigmail/ & after Enigmail installation & old Enigmail website & manual GnuPG installation | y | 3 | 2 | 4 | 4 | 2 | 2 | 2.8 | ||||
| 7 | Passphrase Feedback | There is no feedback to users While typing a passphrase as to the requirements for the passphrase to be valid. Users are only informed after pressing the "Generate key" button that something is wrong. A red to green line indicating password strength and appropriate hints would solve this problem. | krnjic-000532.png krnjic-000605.png |
A01 Feedback | setup wizard → generate key pair | y | y | 2 | 2 | 3 | 2 | 4 | 3 | 2.7 | |||
| 8 | Clickable Error Message | The error message "Enigmail is disabled for the selected identity" is clickable. When clicked, it falsely suggests to the user that it might be possible to encrypt or sign an email. Instead, the error should explain to the user how to fix the problem. | clickable-error.mp4 krnjic-001904.png |
A12 Unclear Meaning | After an unsuccessful manual setup wizard. | y | 2 | 2 | 3 | 3 | 2 | 4 | 2.7 | ||||
| 9 | Different Key Wizards | There are two different wizards for creating a new key pair. These should be combined into one. | different-key-wizards00.png different-key-wizards01.png different-key-wizards02.png |
A04 Consistency | (First time) Setup Wizard Enigmail & (First time) Setup Wizard GPG & Key Manager → Generate → new key pair | y | 2 | 2 | 4 | 3 | 3 | 2 | 2.7 | ||||
| 10 | Old GPG Version | On Linux (Ubuntu), if an old GPG version is already installed, Enigmail does not start fresh installation for the required (newer) version of GPG, but instead shows a warning requesting that the user upgrade to a newer version of GPG. There is no reference where to find this new version. | old-gnupg.png | A10 Help and Documentation | Setup Wizard | y | 3 | 2 | 4 | 2 | 2 | 3 | 2.7 | ||||
| 11 | Confusing Wording for Trust |
When an incoming email is signed by a correct but untrusted key, the information text is confusing. Maybe the words "untrusted" and "correct" should be replaced by iconic symbols. Clicking on the "Details" button opens a trust settings window, where the user can specifiy how much trust they have in this key. However, the terminology used is very confusing for users with only little or basic knowledge of encrytion. |
confusing-text00.png confusing-text01.png |
A02 Speak the Users' Language | get and open a signed email → Details → sign/verify key | y | 3 | 3 | 4 | 2 | 3 | 1 | 2.7 | ||||
| 12 | Web Of Trust | Users find it difficult to understand the idea of Web of Trust. The Users did not know which level of trust they should choose or how to verify that the signature is really of the person whose name and email they can see. Enigmail should use the same terminology as in web-based documentation and provide hints (say, on mouseover) about usage. | web-of-trust.png | A10 Help and Documentation | open a signed email → Details → Sign Sender's Key... | y | 3 | 3 | 2 | 1 | 4 | 2 | 2.5 | ||||
| 13 | Saving a Received Public Key |
Enigmail should tell the user when an email has a public key attached
and ask whether it should be stored. Casual users will not necessarily
recognise the file extension .asc and hence
probably not click on it. |
krnjic-001352.png | A06 Recognition Rather Than Recall | Attached to received email. | y | y | 2 | 2 | 4 | 3 | 2 | 2 | 2.5 | |||
| 14 | Missing Finish Button | The final window of the setup wizard has no "Finish" button, suggesting to some users that the setup wizard has died. | pirker-001202.png | A04 Consistency | Final window of the setup wizard. | y | 3 | 2 | 4 | 3 | 2 | 1 | 2.5 | ||||
| 15 | Tutorial | After installation, provision of a short tutorial for new users would make it easier to work with Enigmail. It should explain basic functions like signing and encryption. | A10 Help and Documentation | y | y | 2 | 3 | 2 | 3 | 3 | 1 | 2.3 | |||||
| 16 | Popup Messages Disappear Too Soon | The popup messages displayed while creating new keys often disappears too soon to read (if the key creation is fast). | fast-message.mp4 | A01 Feedback | (First time) Setup Wizard → Create (first) key pair | y | 3 | 2 | 3 | 1 | 2 | 2 | 2.2 | ||||
| 17 | Hidden Installation Windows | If the Enigmail setup wizard cannot find a GPG installation, both a popup window with an error message and an installation wizard are displayed. The error message is in fact unecessary. In addition, both windows are sometimes obscured by other windows, causing confusion. | badVisibility.mp4 pirker-000231.png pirker-000236.png |
A11 Bad Visibility | After installing Enigmail. | y | 3 | 2 | 3 | 2 | 1 | 2 | 2.2 | ||||
| 18 | Incorrect Documentation about Installing Add-ons | The explanation of how to install an Add-on in Thunderbird on the German website of Enigmail is incorrect. No documentation is better than wrong documentation. | pirker-000136.png | A10 Help and Documentation | https://addons.mozilla.org/de/thunderbird/addon/enigmail/ | y | 3 | 2 | 4 | 2 | 1 | 1 | 2.2 | ||||
| 19 | Multiple Creation of Revoke Certificates | The GPG wizard automatically creates a revoke certificate, but Enigmail requests that the user also generate one. | save-certificate-auto.png save-certificate-self.png |
A04 Consistency | (First time) Setup Wizard Enigmail & (First time) Setup Wizard GnuPG | y | 3 | 2 | 3 | 3 | 2 | 0 | 2.2 | ||||
| 20 | Delete Public Key from Key Server | If a public key cannot be deleted from a key server, this should be made clear to the user. The user should be informed how to delete such a public key. | A01 Feedback | after generating keypair & Enigmail → Key Management → Key Server | y | 2 | 3 | 4 | 3 | 1 | 0 | 2.2 | |||||
| 21 | OpenPGP Options | The menu item Enigmail → Preferences → Signing/Encryption Options... opens a window entitled "OpenPGP Options". The same name should be used in both places. | signing-encryption-options.png openpgp-options.png |
A04 Consistency | Thunderbird → Write → Enigmail → Preferences → Signing/Encryption Options... | y | 3 | 2 | 4 | 3 | 1 | 0 | 2.2 | ||||
| 22 | Key Management Search by Name | Enigmail should hint that the Key Management can also search for a key by name. | pirker-001926.png | A06 Recognition Rather Than Recall | Enigmail → Key Management → Key Server → Search for Keys | y | 3 | 1 | 2 | 2 | 2 | 2 | 2 | ||||
| 23 | Similar Yellow Symbols for Signed and Encrypted | In the email list, yellow symbols are used to indicate whether an email is signed (pen) and/or encypted (key). The symbols are quite similar, especially on high resolution displays, which could cause confusion. | similar-symbols.png | A05 Error Prevention | adjust columns at Thunderbird → select OpenPGP | y | 3 | 1 | 3 | 2 | 2 | 1 | 2 | ||||
| 24 | Upload Key to Which Key Server (GPG Keychain) | It is unclear to which key server a public key will be uploaded. | krnjic-000450.png | A06 Recognition Rather Than Recall | install Enigmail → manual setup wizard → after GnuPG installation | y | 2 | 3 | 3 | 2 | 1 | 1 | 2 | ||||
| 25 | Manually Forced Symbol | The meaning for the tiny white "!" in a blue circle added to the encryption or signing button is unclear. If it means that the mail has been manually encrypted/signed, this is an unnecessary extra distinction for a user. | manually-forced-symbol.png | A12 Unclear Meaning | new email → deactivate encryption → activate encryption | y | y | 2 | 2 | 4 | 2 | 2 | 0 | 2 | |||
| 26 | Ordering of Search Results on Key Server | When searching for keys on a key server, the results are listed alphabetically, rather than by relevance. | key-server-search-result.png | A08 Aesthetic and Minimalist Design | key manager → key server → search for key | y | 3 | 1 | 1 | 1 | 4 | 1 | 1.8 | ||||
| 27 | Small Checkboxes | It is not clear that the small checkbox in front of a name has to be checked in order to import a key. The blue background appears to suggest that the item is already selected. | little-checkboxes.png | A05 Error Prevention | key manager → key server → search for key | y | 2 | 1 | 4 | 1 | 2 | 1 | 1.8 | ||||
| 28 | Import Confirmation Message | The confirmation message that a public key was successfully imported is too small and looks too technical. | import-message00.png import-message01.png |
A11 Bad Visibility | Import a public key from an email or a key server. | y | 2 | 1 | 4 | 2 | 1 | 1 | 1.8 | ||||
| 29 | Re-entering the Passphrase | The user is periodically asked to re-enter their passphrase. It is unclear how long the passphrase is remembered and ahen and why it has to be re-entered. | krnjic-004517.png | A06 Recognition Rather Than Recall | Sending and opening encrypted and signed emails. | y | 2 | 2 | 2 | 2 | 2 | 1 | 1.8 | ||||
| 30 | Changing Mac Menu Bar | On the Mac, menu bars rarely change inside a program. When Key Management is opened, a new menu bar is displayed, but this might not be noticed by users, and hence users may not be able to find the function to search for a key on a key server. | changing-mac-menu-bar.mp4 krnjic-001529.png krnjic-001535.png |
A04 Consistency | Enigmail → Key Management → Search for Key | y | 2 | 2 | 4 | 2 | 1 | 0 | 1.8 | ||||
| 31 | Trust Warning when Installing Enigmail | To avoid the trust warning when installing Enigmail after downloading the installation file from the Enigmail website, the website should refer to the Add-on installation through Thunderbird. | krnjic-000133.png | A10 Help and Documentation | Download Enigmail from website (https://www.enigmail.net/index.php/en/download) and manually install it (Add-ons → Install Add-on From File...). | y | 2 | 3 | 2 | 3 | 1 | 0 | 1.8 | ||||
| 32 | Unintentionally Disabling Encryption | Enigmail switches encryption on by default when writing an email. A user may unintentionally disable encryption thinking they are turning it on. The red message "This message will be unsigned and unencrypted" is easily mistaken for positive feedback, because the "un" is overlooked. | switching-encryption-on-default.mp4 krnjic-003513.png |
A05 Error Prevention | Write email and unintentionally disable encryption. | y | 3 | 2 | 3 | 2 | 1 | 0 | 1.8 | ||||
| 33 | Limited Use of the Enigmail Symbol | Enigmail has a symbol (logo/icon) comprising an "E" inside a yellow padlock. It is shown inside the Add-ons Manager, but otherwise is rarely used. Instead, Enigmail often writes the word "Enigmail". In many cases, it might be clearer (and save space) to use the symbol in place of the text. | enigmail-text.png enigmail-logo.png |
A08 Aesthetic and Minimalist Design | y | y | 1 | 1 | 2 | 2 | 4 | 0 | 1.7 | ||||
| 34 | Key Creation Progress Bar is Confusing | The progress bar displayed during key creation jumps around confusingly. It sometimes shows nearly completed, but then jumps back to the start. | key-creation-progress-bar.mp4 | A01 Feedback | Setup Wizard → create key pair | y | 2 | 2 | 3 | 2 | 1 | 0 | 1.7 | ||||
| 35 | Key Search Progress Bar is Confusing | The progress bar displayed when searching for a key changes confusingly. It sometimes shows nearly completed, then jumps back to half way. | progress-bar.png | A08 Aesthetic and Minimalist Design | key manager → key server → search for key | y | 2 | 2 | 2 | 3 | 1 | 0 | 1.7 | ||||
| 36 | Columns Not Adjustable | After resizing the key server result window, the columns are not adjustable. | columns00.png columns01.png columns02.png |
A08 Aesthetic and Minimalist Design | key manager → key server → search for key | y | 3 | 1 | 3 | 2 | 1 | 0 | 1.7 | ||||
| 37 | Updating List of Keys in Key Manager | When a key is imported, it is added to the list of key in the key manager. After the import message is confirmed, the list of keys first disappears, then reappears including the new key. Maybe the new key could simply be inserted (visually). | update-key-manager.mp4 | A01 Feedback | key manager → key server → search for key → import/add key | y | 3 | 2 | 2 | 2 | 1 | 0 | 1.7 | ||||
| 38 | Links on Old Website | On the old Enigmail website, links were hard to differentiate from normal text. | pirker-000401.png | A11 Bad Visibility | old Enigmail website | y | 2 | 1 | 4 | 3 | 0 | 0 | 1.7 | ||||
| 39 | Scrolling Down in Setup Wizard | In the Setup Wizard, when entering a new passphrase, it is not obvious that the window has to be scrolled down in order to re-enter the passphrase a second time. | scroll-down.mp4 | A08 Aesthetic and Minimalist Design | Enigmail Setup Wizard | y | 3 | 2 | 4 | 1 | 0 | 0 | 1.7 | ||||
| 40 | Optional Signature Info Bar | For signed emails, a pop-up bar above the email gives more details about the signature. The signature info bar should be optional and turned off by default. | opt-signed-bar.png | A08 Aesthetic and Minimalist Design | Open a signed email. | y | 2 | 1 | 3 | 1 | 1 | 1 | 1.5 | ||||
| 41 | Resizing the Key Server Window | Resizing the key server result window does not work properly, simply adding unused space. | resizing-window00.png resizing-window01.png |
A08 Aesthetic and Minimalist Design | key manager → key server → search for key | y | 3 | 1 | 3 | 1 | 1 | 0 | 1.5 | ||||
| 42 | Unclear Green Bars for Validity of Key | The validity of a key is shown with four green bars. It is not clear if the bars indicate how "valid" a key is or if the bars are connected to the expiry date. | four-validity-bars.png | A08 Aesthetic and Minimalist Design | (First time) Setup Wizard GPG → Create (first) key pair → after successful creation | y | 2 | 1 | 4 | 2 | 0 | 0 | 1.5 | ||||
| 43 | Key Management Menu Item | By convention, if a menu item opens a new window, this is normally indicated by appending three dots "..." to the name of the menu item. "Key Management" should be named "Key Management...". | key-management-menu.png key-management-window.png |
A04 Consistency | Thunderbird → Write → Enigmail → Key Management | y | 2 | 1 | 3 | 3 | 0 | 0 | 1.5 | ||||
| 44 | Inconsistent Symbols | Different, inconsistent symbols are used to indicate signed and encrypted emails. Furthermore, the symbols do not use the same vertical alignment. | krnjic.png recieved-mail-symbols-encrypted-signed.png |
A04 Consistency | Open encrypted and signed email. | y | 1 | 1 | 3 | 1 | 1 | 1 | 1.3 | ||||
| 45 | Inconsistent Use of Quotation Marks | Information pop-ups are not completely consistent. When adding a public key, the successful import pop-up displays the name and email address inside quotation marks. However, the signature information pop-up does not use quotation marks. | quotation-mark.png | A04 Consistency | Import a public key and get a signed email. | y | 1 | 1 | 4 | 1 | 1 | 0 | 1.3 | ||||
| 46 | Different Radio Buttons | The Enigmail Settings window uses two different styles of radio button. | radio-buttons.png | A08 Aesthetic and Minimalist Design | Enigmail → settings → sending | y | 1 | 1 | 4 | 2 | 0 | 0 | 1.3 | ||||
| 47 | Strange Text Inside Email | One user saw strange text inside an email, apparently indicating that only part of the email had been encrypted or signed. [This may be a feature rather than a bug] | header-footer-encrypted.png header-footer-signed.png |
A04 Consistency | Open a signed and/or encrypted email. | y | 2 | 1 | 3 | 2 | 0 | 0 | 1.3 | ||||
| 48 | Alignment of Symbols | Yellow symbols are used in the list of emails to indicate signed (pencil) and/or encrypted (key) emails. When both symbols are active, the key comes first and then the pencil. If only one is active, it is always left bound. There is a risk of confusing the two symbols, since they look very similar. Each should have its own specific place. | left-bound.png | A05 Error Prevention | adjust columns at Thunderbird → select OpenPGP | y | 3 | 1 | 3 | 1 | 0 | 0 | 1.3 | ||||
| 49 | Spelling Mistake | "Unvertraue Korrekte Unterschrift". The word "Korrekte" should be written with a small letter in German. | spelling.png | A02 Speak the Users' Language | Get and open a signed email. (→ Details → sign/verify key) | y | 2 | 1 | 1 | 1 | 1 | 0 | 1 | ||||
| Severity | Meaning |
|---|---|
| 4 | Catastophic problem |
| 3 | Serious problem |
| 2 | Minor problem |
| 1 | Cosmetic problem |
| 0 | Not a problem |
| Av | Average severity |
| Initials | Evaluators |
|---|---|
| KB | Konrad Baumann |
| DD | David Derler |
| VK | Vesna Krnjic |
| JP | Johanna Pirker |
| AS | Authors and Supervisors |
| CE | Carina Enzinger |
| BH | Bianca Helbig |
| y | Found by this evaluator |
9 Feedback Questionnaire Results
At the end of their session, each evaluator was given a feedback
questionnaire, where they rated 12 criteria (questions) on a
seven-point scale. The original questionnaire can be found in
Appendix B. The seven-point scale
was provided in the form of semantic differentials as 3 2 1 0 1
2 3. These were later converted to points from 0 (worst) to 6
(best) for analysis.
A tabular summary of the evaluator ratings is shown in Table 8. Most evaluators did not use the documentation provided by Enigmail, and therefore rated Question 4 neutrally with a "0", corresponding to 3 points in the analysis.
| No. | Question | KB | DD | VK | JP | Av | Std Dev | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | Installing the application Enigmail. | very easy | 6 | 5 | 4 | 3 | 2 | 1 | 0 | very hard | 4 | 6 | 3 | 4 | 4.3 | 1.26 |
| 2 | Quality of Key Wizard. | very good | 6 | 5 | 4 | 3 | 2 | 1 | 0 | very poor | 2 | 2 | 2 | 4 | 2.5 | 1.00 |
| 3 | It is easy to find help/tutorials. | very easy | 6 | 5 | 4 | 3 | 2 | 1 | 0 | very hard | 3 | 6 | 3 | 4 | 4.0 | 1.41 |
| 4 | The quality of documentation. | very good | 6 | 5 | 4 | 3 | 2 | 1 | 0 | very poor | 3 | 6 | 3 | 3 | 3.8 | 1.50 |
| 5 | Appearance of Enigmail. | very good | 6 | 5 | 4 | 3 | 2 | 1 | 0 | very poor | 2 | 4 | 1 | 5 | 3.0 | 1.83 |
| 6 | Consistency of the application. | very consistent | 6 | 5 | 4 | 3 | 2 | 1 | 0 | very inconsistent | 1 | 6 | 0 | 1 | 2.0 | 2.71 |
| 7 | How important is it to you to understand how exactly Enigmail works? | very important | 6 | 5 | 4 | 3 | 2 | 1 | 0 | not a bit | 4 | 6 | 6 | 6 | 5.5 | 1.00 |
| 8 | This application cares about my satisfaction as a client. | yes, very much | 6 | 5 | 4 | 3 | 2 | 1 | 0 | no, not at all | 3 | 3 | 4 | 0 | 2.5 | 1.73 |
| 9 | How relevant are the features Enigmail provides to you? | very relevant | 6 | 5 | 4 | 3 | 2 | 1 | 0 | not relevant at all | 5 | 6 | 6 | 6 | 5.8 | 0.50 |
| 10 | Overall impression of application Enigmail. | very good | 6 | 5 | 4 | 3 | 2 | 1 | 0 | very bad | 3 | 4 | 1 | 3 | 2.8 | 1.26 |
| 11 | How likely are you to use this application later? | definitely | 6 | 5 | 4 | 3 | 2 | 1 | 0 | never | 5 | 6 | 4 | 6 | 5.3 | 0.96 |
| 12 | How likely are you going to use the signing feature later? | definitely | 6 | 5 | 4 | 3 | 2 | 1 | 0 | never | 4 | 6 | 6 | 6 | 5.5 | 1.00 |
References
- [And2017]
- Keith Andrews and Ralph Wozelka;
EingUsab: Improving the Usability of Enigmail;
Visited 2017-01-08.
http://projects.iicm.tugraz.at/enigusab/ - [Bru2017]
- Patrick Brunschwig;
Enigmail: A simple interface for OpenPGP email security;
Visited 2017-01-08.
https://enigmail.net/ - [GPG]
- The GnuPG Project;
GnuPG: The GNU Privacy Guard;
Also known as GPG.
Visited 2017-01-08.
https://gnupg.org/ - [Nie1990]
- Jakob Nielsen and Rolf Molich;
Heuristic Evaluation of User Interfaces;
Proc. Conference on Human Factors in Computing Systems (CHI’90).
ACM. Seattle, Washington, USA, Apr 1990, pages 249–256.
doi:10.1145/97243.97281 - [Nie1994]
- Jakob Nielsen;
Enhancing the Exploratory Power of Usability Heuristics;
Proc. Conference on Human Factors in Computing Systems (CHI’94).
ACM. Boston, Massachusetts, USA, Apr 1994, pages 152–158.
doi:10.1145/191666.191729 - [Nie1995]
- Jakob Nielsen;
10 Usability Heuristics for User Interface Design;
Visited 2014-04-27.
https://nngroup.com/articles/ten-usability-heuristics/ - [Pad2014]
- Arne Padmos;
Why is GPG "damn near unusable"?;
Visited 2016-04-27.
https://media.ccc.de/v/31c3_-_6021_-_en_-_saal_g_-_201412281130_-_why_is_gpg_damn_near_unusable_-_arne_padmos - [Sno2014]
- Edward Snowden;
Speaking at HOPE X in 2014 with Ellsberg;
Visited 2016-04-27.
https://youtu.be/onrTo1sYri8 - [TS2017]
- TechSmith;
Camtasia;
Visited 2017-01-08.
http://camtasia.com/ - [TMF2017]
- The Mozilla Foundation;
Thunderbird;
Visited 2017-01-08.
https://mozilla.org/thunderbird/ - [Whi1999]
- Alma Whitten and J.D. Tygar;
Why Johnny can't encrypt: a usability evaluation of PGP 5.0;
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium. Volume 8.
USENIX Association Berkeley, CA, USA, 1999. Visited 2016-04-25.
http://gaudior.net/alma/johnny.pdf - [Woz2016]
- Ralph Wozelka, Keith Andrews, Carina Enzinger,
Bianca Helbig, and Jacqueline Rinnhofer;
(Un)Usability of Enigmail;
Talk at Grazer Linuxtage 2016, on Sat 30 Apr 2016.
http://keithandrews.com/talks/2016/glt-2016-enigusab/
Appendix A: Heuristics
Based on the feedback from the evaluators, the negative findings (problems) were classified according to the following 13 heuristcs:
-
A01 Feedback
The system should give appropriate feedback within an appropriate time. For example, for a delay of upto about 10 seconds display a busy cursor, for a delay of more than 10 seconds display a progress bar. -
A02 Speak the Users' Language
The system should speak the users' language, with words, phrases and concepts familiar to the user, rather than system-oriented terms. Follow real-world conventions. Make information appear in a natural and logical order. Match the users' mental model. Beware of misleading metaphors. -
A03 Reversible Actions
The user should be free to explore the system without penalty. Users sometimes choose functions by mistake and need a clear way to back up. Support undo and redo. -
A04 Consistency
The same word, phrase, action, or situation should always mean the same thing. Follow platform conventions and standards. If there is a standard way of doing something, do it that way unless there is a very good reason to do it differently. -
A05 Error Prevention
Prevention is better than cure. Careful design can prevent a problem from occurring in the first place. For example: selecting a file from a menu rather than typing in a file name, asking for confirmation before dangerous actions, avoiding modes (or making it extremely clear which mode the user is in), avoiding commands with similar names. -
A06 Recognition Rather Than Recall
Place knowledge in the world. Make objects, actions, and options visible. For example, provide examples, default values, and easily retrievable instructions. The user should not have to remember information from one part of the dialogue to another. -
A07 Flexibility and Efficiency of Use
Provide accelerators for frequent users, unseen by novice users. Allow users to tailor frequent actions. For example: abbreviations, command keys, type-ahead, the ability to edit and reissue previous commands, a menu of most recently used files, macros. -
A08 Aesthetic and Minimalist Design
“Less is more”. Dialogues should not contain information which is irrelevant or rarely needed. Every piece of unnecessary decoration in a dialogue competes with the relevant units of information for the attention of the user. -
A09 Good Error Messages
A good error message helps users recognize, diagnose, and recover from errors. Good error messages should be: in plain language (no codes), precise (precisely indicate the problem), defensive (never blame the user), constructive (suggest a solution), and multi-level (include a link to further information or the help system). -
A10 Help and Documentation
Even though it is better if the system can be used without documentation, it may be necessary to provide help and documentation. Good help and documentation should be: easy to navigate (table of contents, index, and search facility), task-oriented (focused on the user's tasks), recipe-like (list sequences of concrete steps), and example rich (make liberal use of examples). -
A11 Bad Visibility
The system should make important information as good as possible visible. Important information should be set apart from standard information. New windows should always be in the foreground of the screen. -
A12 Unclear Meaning The system should use distinctive and clearly formulated text and symbols. Postive and negative feedback should be clearly separable.
-
A13 Bug
A usability issue deriving from a software implementation bug.
The heuristics are based on Jakob Nielsen's original ten heuristics [Nie1995]. The final three heuristics were added by the authors.
Appendix B: Evaluator Materials
Each evaluator was given a paper copy of:
-
Some background information about Enigmail and cryptography
he-domain.pdf. -
Some typical use cases for Enigmail
he-use-cases.pdf. -
Consent form
consent.html. -
Feedback questionnaire
feedback.html.