SignUp: UX ReDesign

[vLooz]

Like discussed in Slack, several days ago, we want to slim down the amount of SignUp-screens to make the user on-boarding process easier, with less friction an hopefully a higher retention rate.

These are the wireframes for some options, how to reduce the screens. @andreis and myself like version B the most so far, because the screens are not too crowded (like in version D) and we still have the password-warning in it. If we want to prevent a bunch of support mails from frustrated users, who lost access to their account forever, this warning is quite important, imo.

[vLooz]

I forgot to adress one topic during the last meeting: Do we still offer the choice between "Using LavaboomSync" and "BackUp KeyPair" @andreis ?

this scenarios I find reasonable:

scenario A) We decide for them to use Lavaboom KeySync from the start. (+) no additional screen during signUp regarding KeyPairs (-) We might upset our paranoid users here, because we then just take their KeyPair on our server (encrypted yes, but this might not be secure enough for them).

scenario B) We offer the choice between Lavaboom Sync and KeyPair BackUp. The user has to chose one to continue. (+) we inform the user about KeyPairs (-) one screen more during SignUp, causing more friction during user-onboarding (-) the choice might be confusing for non-techy users, causing more friction during user-onboarding.

scenario C) We offer the choice between Lavaboom Sync and KeyPair BackUp. The user can continue without making a choice here. In this case we set up Lavaboom Sync. (+) we inform the user about KeyPairs (-) one screen more during SignUp, causing more friction during user-onboarding

[andreis]

Option A is the best.

We can tell our pro users to do these simple steps if they want keys that we haven't touched:

1. Sign up
2. Go to Settings > Security
3. Disable Lavaboom Sync
4. Regenerate keys

Lavaboom Sync button

I propose the following changes to the Lavaboom Sync option UI:

• make it a button, like "Generate new key-pair", etc.
• the label should be:
  • Lavaboom Sync is ON (blue background)
  • Lavaboom Sync is OFF (yellow background)
• clicking it opens a modal with:
  • some text explaining what the implications are
  • a button to download keyring backup
  • optionally, "regenerate your keys" button

[let4be]

I would not like if secure email service would have my private keys napped from the early beginning I like (C) option

[let4be]

Some users also asked for an option during signup to provide own keypair, do we look at this direction? :)

[vLooz]

What about an extended version A (similar like it's now):

We decide for them to use Lavaboom KeySync from the start by having a checkmark checked on default. below this checkmark there is a "backup keyPair" button and the "Continue to inbox"-button.

The pro user then can uncheck this, but can only continue when backing up his keys first (continue button is greyed out)

[vLooz]

I don't think using your own KeyPair makes any sense before we offer integration of external domains (mail@userdomain.com). We won't get this feature before launching business accounts, am I correct @andreis ?

[let4be]

huh, why? maybe user doesn't trust Lavaboom in generating his keypair. There is a set of known attacks when metadata can be embed in RSA public key which helps attacker(Lavaboom or NSA whoever) to calculate private key from a public

[let4be]

http://www.reddit.com/r/crypto/comments/2ss1v5/rsa_key_generation_backdoored_using_curve25519/

[andreis]

Agreed, let's let them use their own keys from now

[let4be]

What is more interesting with this attack, afaik there is no method to check public key for such kind of backdoor...

[andreis]

:+1:

[vLooz]

Ok, but do we necessarily need this during SignUp? Or can we offer this as a Pro User feature in Settings/Keys?

[vLooz]

btw, updated wireframes. Brought the Lavaboom Sync vs. KeyPair screen back in.

[vviikk]

that's amazing. i will start working on the jade files. can i go ahead with this @flixi?

also if you want to upload your own key (I have been using one key for the past decade) we can maybe have two buttons on this screen:

• [Generate Key]
• [Upload your own key]

[vLooz]

Of course we can do this @piggyslasher. The main problem I have with all of this is, that we should keep the onboarding as clean and simple as reasonably possible to avoid friction. Every screen we add means a decision the user has to make. And every decision a user does not understand can easily scare him away. Alright, that said; couldn't we offer uploading own keys later in advanced settings? @piggyslasher @andreis

[andreis]

I think so, too. It doesn't cost either us or the users much to get a pair of keys generated. Once they have their account running account they can enable Advanced Mode and get rid of the default key pair.

We should:

• write a KB (knowledge base i.e. support page) article about this
• have a notice under "Generate Keys":

How do I use my own keys?

[vLooz]

So just for my understanding: It is possible to de-attach the default key pair of ones Lavaboom-email address and attach an old KeyPair to it?

[andreis]

No, but you can create you own key with software like GPG or OpenPGP. This actually is much safer since you know, as a user, that we haven't purposefully generated weak keys.

What you cannot do is use old keys for john@domain.com for your new john@lavaboom.com account (theoretically it's possible since it's just a damn random secret, but practically it's a very bad idea).

[vLooz]

humm... so it's actually safer for a user to generate keys with an external software then just using our Lavaboom key generator? Isn't that leaving us in a really bad light?

[andreis]

We're not doing anything different then what external software would, it's about giving the user a choice to feel more secure. In the future we'll have signed front-end code, that will improve our credibility.

[vLooz]

Ok, I see. To let users import their old keys, we also need to let them connect their old email-address to Lavaboom, correct? Wouldn't this be the same like using your own domain with Lavaboom and by this being a business feature?

[andreis]

We were talking about importing keys on signup. Possible scenarios:

1. Lavaboom free. Pro user, doesn't want to let us generate the keys. Before registration, they generate a key pair for john@lavaboom.com and then choose "Upload your keys" in the end. (or generate keys, enable advanced mode, change the generated keys with theirs).
2. Lavaboom business - new. The owner invites everyone to Lavaboom for a coolbusiness.com account. The rest is the same as 1.
3. Lavaboom business - migration. The owner migrates from Gmail where they used Google's end2end Chrome plugin. Everyone is instructed to download their key pair. The user chooses john@coolbusiness.com, then "Upload your key", because he still needs to access all his past email.
4. Lavaboom premium. john@mydomain.com wants to use Lavaboom because he's sick of maintaining his email server. He creates an account, buys Lavaboom Premium, sets a custom domain, then adds his keys for john@mydomain.com

My conclusions:

• all accounts should have a Lavaboom username
  • it comes with an email address (username@lavaboom.com) and with a pair of keys used to encrypt everything (no more choosing which key pair is "master", I say)
  • pro users should be able to generate their own keys at registration time - an optional help+upload screen for that might work (I'll make some mocks soon)
• Lavaboom Business and Premium users can have custom email addresses
  • again, we can either generate keys for them or accept theirs
• we need migration tools not just for contacts, but also for keys and emails (MIME formatted?)
  • most business owners already have a solution in place and tons of data that needs to be carried over

[andreis]

mocks

[vLooz]

I wonder if it may be better to restrict any own KeyPair adding and generation to the pro, premium and business accounts. Free account would just offer a no-brainer Lavaboom address with a default KeyPair and 1 GB of space. No more.

[andreis]

And no PGP encryption, unless they pay! :smile:

== edit

Jokes aside, for us it doesn't matter where on the user's computer the keys are generated (i.e. in the browser or in the terminal), but for them it can make a (mostly psychological) difference, since there's a well known attack at key generation time - and if Lavaboom was evil or compromised we could get their data this way.

[vLooz]

We don't differentiate enough over storage, when we give a free user 1 GB. With 1 GB most of them won't feel no incentive to change to a pro or premium account for years (we won't exist as a company anymore then without income). So I thought it might make sense to differentiate over pro features :-)

[vLooz]

for you @andreis :)

[andreis]

You are an evil genius @vLooz

[vviikk]

Should be feasible. No issues for me. @let4be?

[vLooz]

Some improvements after yesterdays meeting: