Testing, testing

For rapid ideation, sprint 2, we were given the theme of ‘cyber’ and after brainstorming, I figured the best idea was to look at the newest elements of cyber identity.

Those elements are web-3 access and cyber security elements involved in signing into websites with hugely revealing data attached.

I have come up with an idea for a cyber security tracker that shows the correlation between the open web and seemingly controlled data access web-3 ‘log in’ / ‘access request’ interactivity.

Essentially at the moment, savvy web-3 wallet users are quite clued up on web security, but as the lines blur we shall need a clear metric of old world tracking methods and new world web-3 data.

When conducting user research for user experience designs, we can categorise the practice for participants into three main risk levels.

Low risk

Research that has little risk or effect on the subject or testers, no expected backlash from testing. Activities such as routine studio practices that use equipment that does not require any risk assessment.

Medium risk

Mild risk of affecting test subjects with the user testing process, leading to complications legally and ethically. Usually, when involving individuals or groups 3rd party usage brings into the foray risk as there is a lot of oversights applied when using others.

High risk

A huge risk of complications directly leading from the user testing process, great care must be taken with regard to the prerequisites and safeguarding of subjects. This may be because research may be involving the access of or storage of material that may be regarded as unlawful, including promoting or endorsing terrorist acts.

Photo by janilson furtado on Unsplash

When asking users to interact with web-3 log in’s or access requests specifically, user testing can take on a sudden high-security risk for the user and the test providers can fall into hot water also if they are not careful, the collection of user data on a browser that collects 3rd party cookies alongside blockchain activity should be trialled as carefully as possible.

Prerequisites to testing any web-3 log-in interactive user journeys may need the requirement of dedicated fake wallets that have dummy data on them, similar to fake credit card details used to test e-commerce checkouts in sandbox mode so that the user is not having to use their own data.

There would need to be a level of interaction, pre-existing on said dummy web-3 wallet so that some blockchain history exists.

Experimental psychology

Erik Geelhoed mentions that there are two different approaches to two complementary methods of conducting user research, qualitative and quantitative methods. Then there are mixed methods that are a combination of qualitative & quantitative research.

In the case of user testing for my sprint 2 rapid ideation user journey, I feel that there could be both quantitative prototype testing that involves logging in via false web-3 wallet permission and a qualitative web-3 wallet sign-in with the dummy wallets to protect people’s true blockchain data getting merged with traditional 3rd party cookies.

Ethics

Looking at websites that onboard users via web-3 they have more requirements than ever to be transparent with the 3rd party cookies that are leaked from them. Although web-3 sites allow for the monitoring of any address via an input of a wallet address into a site (after all this is all on the blockchain) the informed consent of having 3rd party cookies mixed with a direct web-3 log-in data from a wallet combined, could have dire consequences for users who are unaware of the bigger picture, as described here by Lazar “Informed consent – the notion that research participants should be provided with the information needed to make a meaningful decision as to whether or not they will participate – is the cornerstone of this protection. (lazar et al 2017)

3rd party cookies have been around a while now, their basic use case is to automate web experiences when a user revisits a site with the same browser that they have used previously. My thought is that sites shall be logging web-3 data and opening up seamless meta experiences with the traditional web browsing experiences side by side.

The question should be asked, how clear a line in the sand do we wish to draw, in order to keep the dual data separate and to fiercely mask our web-3 user profiles.

When granting access to a web-3 site, the level of informed consent is scarcely represented currently, usually agreeing to read and write access only seems as though you are providing a level of protection to the user, but when user testing a user experience that needs this basic gateway agreed to, there is a lot more at stake for the testing party involved.