Skip to content

Latest commit

 

History

History
41 lines (21 loc) · 2.52 KB

CRAEF-features.md

File metadata and controls

41 lines (21 loc) · 2.52 KB
Raw

How do we know if an app is well-developed for situations of conflict?

I’ve developed a framework to evaluate apps on this basis, called the “Conflict-Ready App Evaluation Framework (CRAEF).”

CRAEF enumerates a set of features that allows us to exercise control over identity-disclosure. I’ve written the features as user stories. (In fulfilling the goal of securing identity, inevitably, privacy and security are prominent ancillaries.)

This list was first published in an article on Substack: One-dimensional humans: the curse of single sign-in apps

Identity

  1. I want to use a single device (phone or laptop) to interact with different people using different identifiers (accounts), so that I can keep my identities separate

  2. I want to choose which identifier I use (e.g. phone number vs email address)

Privacy & Security

  1. I want to create an account without the app disclosing that to all users that have my identifier

  2. I want to disclose only a chosen username to others (not my identifier), so I can keep my identifier private

  3. I want to hide the logins to certain accounts, so that if my someone has access to my phone, they cannot see that I have a separate login

  4. I want to hide my accounts behind additional authentication (e.g. biometrics or PIN/password), so that if my someone has access to my phone, they cannot automatically access the contents of the account

  5. I want to hide certain chats or files, so that if my someone has access to my phone, they cannot see specific content

  6. I want to turn on auto-delete (aka self-destruct) features, so that I don’t have to worry about permanent information disclosure or exploits of the server’s database

  7. I want to turn on or off edit features, so that I can choose between convenience (editable) and truthfulness (non-editable)

  8. End-to-end encryption is available

  9. (When e2e is enabled) I want to verify that end-to-end encryption is active, so that I don’t need to worry about attacks or privacy invasions

  10. I want to self-host the data easily, so that I don't have to worry about privacy attacks.

UX

  1. I want to group contacts into categories, so that I can better manage the information that I share (e.g. share posts 1:1, in groups, or with everyone)

  2. I want to add notes to contact entries, so that I can better manage which identities I disclose or keep private (e.g. note which users know more than one of my identities, e.g. a coworker with whom I also share a hobby)