Sign up to save your podcasts
Or
Share Tent Talks Featuring: Heidi Trost
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Tent Talks Featuring: Heidi Trost
Session Overview
In this Tent Talks session, Heidi Trost dives deep into the evolving relationship between AI, privacy, and the future of UX. She introduces a helpful mental model involving three key players in the cybersecurity ecosystem: Alice (the user), the threat actor (the adversary), and Charlie (the design of the system). Through this lens, Heidi explores how invisible interfaces and AI agents are shifting the landscape of privacy and security, often creating tension and confusion for users like Alice.
Heidi emphasizes that while AI can enhance usability and offer powerful new capabilities, it also opens up major risks—especially when users are unaware of how their data is being used or what rights they have. She calls for UX designers to become advocates for Alice, learning enough about the underlying technology to design responsibly and communicate clearly. Throughout, she stresses the importance of trust, transparency, and cross-functional collaboration to build safer, more user-friendly systems.
How do less visible interfaces change perceptions of privacy and security?
- Introduced a model with three roles: Alice (user), threat actor, and Charlie (system design).
- AI-powered tools like transcription at a doctor’s visit or smart glasses can provide value but also raise privacy concerns.
- Users often don’t know what rights they have or how their data is being used.
- Trust is key—users behave differently based on how much they trust the system, even when that trust is misplaced.
- Invisible interfaces make it harder to know when data is being collected, creating new security and ethical concerns.
What are the biggest risks with AI agents acting on users’ behalf?
- AI agents can access email, financial accounts, and more—making life easier for users but also for threat actors.
- The broader the access, the bigger the attack surface.
- Onboarding and setup must balance ease of use with friction that promotes awareness.
- Advocates for “secure by default” settings—like Firefox’s built-in safe browsing—as best practice.
- Good UX needs to clearly explain choices and risks specific to users’ context, which security often fails to do.
Can AI help users understand privacy, or does it create false security?
- Answer is both—it depends on how Charlie (system design) shows up.
- Currently, Charlie is like an annoying coworker who interrupts Alice with jargon and unclear warnings.
- AI has potential to become a helpful sidekick, like Daniel Miessler’s concept of a digital perimeter protector.
- Danger lies in over-reliance; users might trust AI too much and stop questioning or verifying.
Advice for UX designers building AI-driven experiences:
- Learn the dynamics of Alice, Charlie, and threat actors—security is a constant game of reaction and adjustment.
- Understand enough about the tech to ask the right questions and push back on bad decisions.
- Don’t gather or store more data than needed—reduce risk at the source.
- Prepare for multimodal experiences: voice, gestures, facial expressions, and text.
- Communicate clearly what the system is doing and why, without overwhelming users.
- Make system limitations visible—users need to know what AI can and can’t do.
- Allow for reversibility: let users undo mistakes the AI makes.
- Embrace cross-functional collaboration—design alone can’t solve this, but it must lead the way.
- “You can’t lose data that you don’t gather—or don’t keep.”
- “Charlie is the security UX—and UX people, you are in charge of Charlie.”
- “Trust changes how Alice behaves—even if the trust is misplaced.”
- “The holy grail is building in security and privacy so Alice doesn’t have to think about it.”
- “Help Charlie help Alice.”
- “The Venn diagram of engineering, design, security, law, and product—that’s where the magic happens.”
- Human-Centered Security by Heidi Trost
- Daniel Miessler – Security researcher and writer (danielmiessler.com)
- Firefox – Example of secure defaults in UX design
About Tent Talks
Chicago Camps hosts irregularly scheduled Tent Talks with people from all across the User Experience Design community, and beyond. Who really likes limits, anyway--If it's a cool idea, we'd love to hear about it and share it!
What is a Tent Talk? That's a great question, we'd love to tell you.
Tent Talks are short-form in nature, generally lasting from 10-20 minutes (ish) in a recorded format--we like to think of them as "S'mores-sized content" because that's pretty on-brand. Tent Talks can be a presentation on a topic, a live Q&A session about the work we do, or the work around the work we do, or really just about anything--we don't want to limit ourselves, or you.
You should send along an idea or topic of your own so we can learn from you, as well! You don't have to be a published author or a professional speaker on a circuit to be good at your job, so please, put yourself forward, and let's have some fun, talk, and share your experience with others!
View all episodes
By Chicago Camps
5
11 ratings
Session Overview
In this Tent Talks session, Heidi Trost dives deep into the evolving relationship between AI, privacy, and the future of UX. She introduces a helpful mental model involving three key players in the cybersecurity ecosystem: Alice (the user), the threat actor (the adversary), and Charlie (the design of the system). Through this lens, Heidi explores how invisible interfaces and AI agents are shifting the landscape of privacy and security, often creating tension and confusion for users like Alice.
Heidi emphasizes that while AI can enhance usability and offer powerful new capabilities, it also opens up major risks—especially when users are unaware of how their data is being used or what rights they have. She calls for UX designers to become advocates for Alice, learning enough about the underlying technology to design responsibly and communicate clearly. Throughout, she stresses the importance of trust, transparency, and cross-functional collaboration to build safer, more user-friendly systems.
How do less visible interfaces change perceptions of privacy and security?
- Introduced a model with three roles: Alice (user), threat actor, and Charlie (system design).
- AI-powered tools like transcription at a doctor’s visit or smart glasses can provide value but also raise privacy concerns.
- Users often don’t know what rights they have or how their data is being used.
- Trust is key—users behave differently based on how much they trust the system, even when that trust is misplaced.
- Invisible interfaces make it harder to know when data is being collected, creating new security and ethical concerns.
What are the biggest risks with AI agents acting on users’ behalf?
- AI agents can access email, financial accounts, and more—making life easier for users but also for threat actors.
- The broader the access, the bigger the attack surface.
- Onboarding and setup must balance ease of use with friction that promotes awareness.
- Advocates for “secure by default” settings—like Firefox’s built-in safe browsing—as best practice.
- Good UX needs to clearly explain choices and risks specific to users’ context, which security often fails to do.
Can AI help users understand privacy, or does it create false security?
- Answer is both—it depends on how Charlie (system design) shows up.
- Currently, Charlie is like an annoying coworker who interrupts Alice with jargon and unclear warnings.
- AI has potential to become a helpful sidekick, like Daniel Miessler’s concept of a digital perimeter protector.
- Danger lies in over-reliance; users might trust AI too much and stop questioning or verifying.
Advice for UX designers building AI-driven experiences:
- Learn the dynamics of Alice, Charlie, and threat actors—security is a constant game of reaction and adjustment.
- Understand enough about the tech to ask the right questions and push back on bad decisions.
- Don’t gather or store more data than needed—reduce risk at the source.
- Prepare for multimodal experiences: voice, gestures, facial expressions, and text.
- Communicate clearly what the system is doing and why, without overwhelming users.
- Make system limitations visible—users need to know what AI can and can’t do.
- Allow for reversibility: let users undo mistakes the AI makes.
- Embrace cross-functional collaboration—design alone can’t solve this, but it must lead the way.
- “You can’t lose data that you don’t gather—or don’t keep.”
- “Charlie is the security UX—and UX people, you are in charge of Charlie.”
- “Trust changes how Alice behaves—even if the trust is misplaced.”
- “The holy grail is building in security and privacy so Alice doesn’t have to think about it.”
- “Help Charlie help Alice.”
- “The Venn diagram of engineering, design, security, law, and product—that’s where the magic happens.”
- Human-Centered Security by Heidi Trost
- Daniel Miessler – Security researcher and writer (danielmiessler.com)
- Firefox – Example of secure defaults in UX design
About Tent Talks
Chicago Camps hosts irregularly scheduled Tent Talks with people from all across the User Experience Design community, and beyond. Who really likes limits, anyway--If it's a cool idea, we'd love to hear about it and share it!
What is a Tent Talk? That's a great question, we'd love to tell you.
Tent Talks are short-form in nature, generally lasting from 10-20 minutes (ish) in a recorded format--we like to think of them as "S'mores-sized content" because that's pretty on-brand. Tent Talks can be a presentation on a topic, a live Q&A session about the work we do, or the work around the work we do, or really just about anything--we don't want to limit ourselves, or you.
You should send along an idea or topic of your own so we can learn from you, as well! You don't have to be a published author or a professional speaker on a circuit to be good at your job, so please, put yourself forward, and let's have some fun, talk, and share your experience with others!