Cryptoparty: a fun way to learn about security

At this year’s Internet Freedom Festival, Ian Drysdale and I met human rights workers from all over the world.

Many of the people we met risk their lives in the work they do. In a digital world, they rely on technology to keep themselves and their contacts safe. Too often, ‘security’ is something that’s difficult and boring. People sometimes think that passwords are annoying and that encryption is complicated.

But that’s a problem.

Encryption and anonymity, and the security concepts behind them, provide the privacy and security necessary for the exercise of the right to freedom of opinion and expression in the digital age

– Human Rights Council, United Nations, May 2015

It’s important that everyone understands this stuff so we tried to make it fun.

Cryptoparty is a fun way to learn

Screen Shot 2017-04-26 at 16.34.48Inspired by what we’d heard, the Digital Product Research team hosted the Co-op Digital’s first Cryptoparty – a fun space for people to gets hands-on with digital security. It’s a place to discuss, to play and to have a bit of fun.

Cryptoparty is a worldwide movement. It’s a community with few rules and a mission to help people learn to protect their digital lives.

We made great passwords using dice

Screen Shot 2017-04-26 at 16.35.02Passwords aren’t the best way to get a party started. We mixed in some dice and a codebook containing thousands of words, and turned it into a game. Using a jazzy worksheet, we rolled dice and looked in the codebook to make strong, memorable passwords.

People liked the physical aspect of rolling dice and looking in a book. With no computers involved, it felt safe from hackers. The only snag was the 3 desks needed to display the 36 printed pages!

We sent secret messages with Signal

The second activity had people sending secret messages to their loved ones. We installed the free, open source Signal messaging app. Signal was built from the ground up to respect your privacy. As a result, it has become the trusted choice for many journalists and NGOs.

Playing with Signal was a great way to introduce people to end-to-end encryption. That means your messages can’t be read by anyone, including those who make Signal.

If you use WhatsApp you’ll have seen that it also uses end-to-end encryption. The underlying technology is the same – WhatsApp partnered with the Signal developers to build it – but Signal is designed for a more privacy-conscious audience than WhatsApp. All of Signal’s code and design discussions are public, allowing anyone to scrutinise the organisation and the app. That helps build trust that there’s nothing sneaky going on.

We browsed the web privately

In the last activity people installed the private Tor browserCitizens in authoritarian countries use Tor to bypass internet censorship. NGOs use Tor to research illegal activities by corrupt officials. Officials and politicians themselves use Tor to carry out sensitive work. Millions of ordinary people use Tor to protect against identity thieves, unscrupulous marketers, corporations and authoritarian governments.

Tor protects your identity by bouncing your requests through servers around the world. People were surprised when they realised they were viewing the web from Canada or Sweden!

Encryption and anonymity is for everyone

Technology enables wonderful new ways of connecting with each other. How we use technology can be used against us by corporations, criminals and governments. Laws made by ‘good’ governments are inherited by ‘bad’ ones. Historically, arguments about privacy have missed the point, forgetting that privacy sits right after “innocent until proven guilty” in the universal declaration of human rights.

To face the future, we’re going to need better debate and better laws. We want to encourage open and inclusive discussion around these issues. Security and privacy affects everyone, so we all need to co-operate and have a say in shaping the future.

This stuff is important. That’s why we party with crypto!

Would you like to see more work in this area?

Paul Furley
Engineer

Being trusted with data

Being ‘trusted with data’ is something we talk about a lot. It is, of course, what we’d like to happen to the Co-op. To help us reach that point, we’ve done some work to define what it means to us and we’ve just begun to look at how we’re going to develop our ideas in 3 areas.

We spoke to lots of groups within the Co-op including our Digital Advisory Board before deciding that we believe being trusted with data is made up of 3 things. These are:

  1. Integrity.
  2. Transparency.
  3. Meaningful consent.

Image shows a triangle with 'Co-op: trusted with data' in the centre and the each of the 3 corners has one of the following words in it: 'integrity', 'transparency' and 'meaningful consent'.

Here’s how we’re developing these 3 areas.

Being transparent with how we’re using data

We want to build the right set of tools and technology to manage and link our data across the Co-op. We’re calling the concept our ‘data layer’, and we’re using ‘layer’ rather than ‘hub’ because we think our approach should be consistent and integrated across the Co-op, as opposed to being centralised. Most importantly, like Mike said at the Co-op AGM 2016, we’re committed to becoming transparent with how we use our data.

To do this we want to understand more about which processes, habits, culture and tools we should adopt to meet our members’ data needs. Our first step to building a data layer is to start a discovery using a multidisciplinary team and user research-lead approach to find out:

  • what we need to do to be trusted with data
  • which expectations can we set or stretch
  • how can we communicate with them on the topic of data
  • how a data layer looks in terms of engineering and data management and what opportunities that offers

We’ve just kicked off this piece of work so we’ll talk more about this later in the year.

Data integrity

Data integrity is about about making sure that data is correct, well-managed and secure. Our Head of Data Governance and Integrity, Ian Thomas will tackle this in 2 ways:

  1. By helping us think about data standards, usage and regulatory requirements as part of everything we do. Ian’s already working directly with our Membership team to simplify how we handle member data. This will make it easier to be transparent around how we hold it. We’re also working closely with Rob Bowley and the engineering team on information security.
  2. By working towards consistent standards and approaches to our data across the Co-op with the wider data governance community. We believe that by co-operating with our colleagues we can share good practice and improve our governance.

Consent to use and share data

The third area we’re looking at is consent for us to use and share data. This is a topic that organisations don’t like talking about if they don’t have a position of transparency. We’re going to start the conversation with our members about data consent because we think that speaking to them will help us do the right things with data and will help us gain their trust.

Initially we’ll use our Member Voice surveys to start asking questions about data consent, and we’ll be speaking about it at our AGM. We’re also holding an event called Shaping our Co-op: Data Trust and Transparency Event to get feedback from our members on trust and consent. In combination with the data layer research we aim to get a comprehensive view of what we need to build in order to be truly trusted with data.

We’ve just begun these important pieces of work and we’ll keep talking about them.

Rob McKendrick
Head of Data Engineering

Steve Foreshew-Cain: paying £9 million to local causes and hosting our first digital operations show and tell

Steve: Hello and welcome to the weekly Digital update. Now the eagle-eyed amongst you will recognise that I’m not Mike Bracken but given that I have shaved my beard off for Easter this week you might also not recognise who I am. So, I’m Steve Foreshew-Cain and I’m the Chief Operating Officer for the Digital group.

As is the tradition in these updates we start with a big number and it’s important big number this week because this week marked the day that we gave away £9 million to our community local causes nominated by our members.

And there’s another big number associated with membership this week which is that we have welcomed 800,000 new members to the Co-op since we launched our renewed membership proposition. An impressive achievement by any standard.

The other important thing to call out for those of you who are interested in the community work that we do is an opportunity to get directly involved in that by joining as a Member Pioneer. The deadline for that, to sign up, for that is the 26th of this month so less than a week away, but if you’re a colleague or if you’re a member of the Co-op you still have an opportunity to join that important work.

Another important activity this week was the first of our digital operations show and tells where we talked about platforms, we talked about service management and we talked about security and how those capabilities form a part of the digital services that we deliver and we operate.

And as is also traditional in our weekly update we say a big hello to new members of the Digital Team to a big shout out to Ian Thomas and Michael Davis who’ve joined our data team and a big hello to Debbie Roycroft who’s joined as a software engineer in our digital engineering practice.

And of those of you who are watching this because you’re interested in the work that we’re doing here at the Co-op as ever the opportunity to come and join us exists so please look at all of the opportunities that we have out there and get in contact.

Steve Foreshew-Cain
Digital Chief Operating Officer

The Federation: our plans are progressing

Victoria: Hi, I’m Victoria Howlett and I’m the Federation Manager over at Federation House as part of the Co-op Digital team.

The Federation is a digital community hub. The Co-op Digital team and Co-op have put this together and it’s based on the Co-op’s ethical values.

Federation is going to be home to many different tech and digital businesses. It’s going to have a co-working floor with private offices on that floor which seat from 6 to 8 people. We’re also going to have hot-desking options on that floor so permanent desks, flexible desks, that will be available to book through the website.

We’ve been extremely lucky to be in contact with two wonderful ladies of Nomad Clan who are the artists and you’ll see some fantastic work that they’ve done throughout the north of England. We’ve ask them to look at the history of Manchester way beyond it being a Roman city and they’ve been to the archives of the Co-op and we’re going to combine that to create something really unique and unusual as it will be the first entrance point for the building, so that’s really exciting.

Roughly we’ll have 12, 13 private suites ranging from 3,000 square feet down to 300 square feet, so there’s a lot of difference there, and so were able to be home for lots of different companies and startup businesses.

It’s really exciting actually that we’re welcoming Thought Works into the Federation and they’re taking the whole of the fourth floor which is really exciting.

One thing that Co-op wanted to ensure is that they’re here to nurture, help nurture, businesses so that businesses can grow. This is really going to feel like home and for a lot of businesses and we think that that’s essential for businesses to be comfortable relaxed and grow.

So we’ve gone very neutral pastel colours, very relaxed environment, there’s Chesterfield sofas that are in yellow, there’s hanging wicker baskets that people can go and get some time out in, there’s picnic benches that will be around in the kitchen area just to relax on and then again, we’ll have the spiral staircase that will lead down to the coffee shop floor, so nobody feels closed off. We really do want everyone to feel like they can have a wander around and see see what’s going on and communicate really well with each other.

So very, very excited about the future Federation. Personally, I see Federation just going to go from strength to strength and will be around for a long time helping businesses in Manchester.

Victoria Howlett
Federation Manager

Giving local causes the £9 million our members have earned

Co-op members earn 5% for themselves and 1% for their local cause when they buy Co-op own-brand products. The local cause funds have been building up since we launched our new membership in September and have reached approximately £9 million.

Six months on, we’re now starting to pay that £9 million to the 4000 local causes over the UK.

To celebrate, we worked with director Shane Meadows to show some of the projects our members have been supporting. Here’s his film.

Thank you to our members for helping us make a difference to your local communities. Like George the Poet says in the opening line of the film, “Great things happen when we work together.”

If you haven’t already, join us and become a Co-op member.

Mike Bracken
Chief Digital Officer

We’ve updated the ‘forms’ bit of our design manual

On 26 January 2017 we posted to say we’d released our design manual so we could start to share design styles, patterns and advice for people building digital services at Co-op.

We’ve now updated the section about making forms. We’ve done this so that our forms are clear, simple and easy to understand for anyone who wants to use them.

The forms section now includes information about ‘inputs’ (any point that the user gives us data), ‘patterns’ (ways to solve commonly occurring problems) and advice about how to design a good form.

Form inputs and patterns

We’ve updated our form input and pattern guidance with things that the design team has learned over the past 2 months.

You can use the manual to find out why, when and how to:

  • use things like radio buttons, checkboxes and text areas
  • ask people for personal information like their name, address, date of birth and so on
  • tackle recurring patterns like validation messages and ‘progressive reveals’ (showing more information based on a previous answer)

Designing a good form

But, we didn’t want it just to be a pattern library. As Steve Krug said in his foreword to ‘Forms that work‘ by Caroline Jarrett and Gerry Gaffney:

“[Form design] isn’t just about colons and choosing the right widgets. It’s about the whole process of making good forms, which has a lot more to do with making sure you’re asking the right questions in a way that your users can answer than it does with whether you use a drop-down list or radio buttons.”

So, we’ve included advice about forming, structuring and wording questions to encourage us to consider the effect on the user at every point of the interaction.

What’s next

The next thing we’re going to look at is how we should design tables and data visualisation at Co-op. This will include research about:

  • how words and figures are presented
  • horizontal and vertical space
  • type sizes and weights
  • lines
  • colour
  • basic trends and comparisons

We’ll update you with the things that we learn.

Tell us what you think

Check out our updates to the form section and let us know what you think — you can now send us feedback directly from each page of the manual, without having to email.

Your feedback will make the design manual better.

Joanne Schofield
On behalf of the Design Manual Team

What we’ve learnt since coop.co.uk went live

Users come to coop.co.uk to find whatever Co-op thing they’re looking for. The site’s been live for almost 3 weeks now.

To help us design the new site, we looked at how customers and members were using the old one. For example, we ordered the content so the most popular things appear first. We’ve been looking carefully at the data to monitor traffic and see if any user journeys are broken and so far, everything’s looking good.

Thorough prep paid off

We changed the old site for a few reasons: the content management system was difficult for us to develop and improve; the performance was slow and some sections of the site weren’t responsive.

The old site had been up and running for 8 years and the team that was working on it wasn’t the same as the one that set it up. Over the years, documenting different parts of the site had got messy and complicated but we knew that and planned for the problems we thought we’d face.

Positive results from our biggest change

The biggest change we’ve made is improving the search function. We stopped it searching old content so that it didn’t return results that were out of date and for the first time searches can find food stores.

Since then, we’ve seen the number of searches increase by 28% (admittedly, this could be seen as a positive or negative thing) but the number of search refinements has dropped by 13%. That’s when a user’s first search didn’t return a result they were looking for so they search again using different terms. This means people are finding the results they want, quicker.

We’re still learning though

Five days after we launched we added a feedback box on the search results page. A recurring piece of feedback that we’ve had through it is that users are struggling to add points to their Membership card.

“I went shopping and forgot my Membership card. I’m just trying to add my points. ”

“I forgot to take my Membership card. I have my receipts, can I add my points.”

We’ve now created a ‘Forgotten card. Add your Co-op rewards’ page in response to those comments.

Making things better and quicker

To help make the site quicker and potentially save on server costs we’ve been making improvements to our codebase. We’re halfway through refactoring the backend which should more than double the server response time and add improved resilience under load.

Looking at the analytics

As part of the piece work, we also looked at our old urls. I blogged back in January 2016 about why we got rid of 20 websites to improve the quality of our content. We’ve got rid of lots more since then. We took down 400 pages of information on Co-op estates and we’ve put in lots of redirects from searches. The most notable one is when people search for our funeral homes we direct them to the new Funeralcare branch finder.

Despite the cull, there hasn’t been a massive drop in the number of page views. The blue line is the new site and the orange is the old site.

Screen Shot 2017-04-11 at 15.40.45

All this is just the latest chunk of work we’ve been doing – we know there’s still a long way to go. As always, we want to improve the site so if you have feedback, we’re keen to hear it.

Peter Brumby
Digital Channels Manager