How do we know if an app is well-developed for situations of conflict?
I’ve developed a framework to evaluate apps on this basis, called the “Conflict-Ready App Evaluation Framework (CRAEF).”
CRAEF enumerates a set of features that allows us to exercise control over identity-disclosure. I’ve written the features as user stories. (In fulfilling the goal of securing identity, inevitably, privacy and security are prominent ancillaries.)
This list was first published in an article on Substack: One-dimensional humans: the curse of single sign-in apps
-
I want to use a single device (phone or laptop) to interact with different people using different identifiers (accounts), so that I can keep my identities separate
-
I want to choose which identifier I use (e.g. phone number vs email address)
-
I want to create an account without the app disclosing that to all users that have my identifier
-
I want to disclose only a chosen username to others (not my identifier), so I can keep my identifier private
-
I want to hide the logins to certain accounts, so that if my someone has access to my phone, they cannot see that I have a separate login
-
I want to hide my accounts behind additional authentication (e.g. biometrics or PIN/password), so that if my someone has access to my phone, they cannot automatically access the contents of the account
-
I want to hide certain chats or files, so that if my someone has access to my phone, they cannot see specific content
-
I want to turn on auto-delete (aka self-destruct) features, so that I don’t have to worry about permanent information disclosure or exploits of the server’s database
-
I want to turn on or off edit features, so that I can choose between convenience (editable) and truthfulness (non-editable)
-
End-to-end encryption is available
-
(When e2e is enabled) I want to verify that end-to-end encryption is active, so that I don’t need to worry about attacks or privacy invasions
-
I want to self-host the data easily, so that I don't have to worry about privacy attacks.
-
I want to group contacts into categories, so that I can better manage the information that I share (e.g. share posts 1:1, in groups, or with everyone)
-
I want to add notes to contact entries, so that I can better manage which identities I disclose or keep private (e.g. note which users know more than one of my identities, e.g. a coworker with whom I also share a hobby)