Today we chat with Zach Otte about the intersection of design, security, and privacy. Balancing these is an important part of the work he does at SpiderOak and he’s got some great insights to share. Zach has been at SpiderOak for four years and is the primary designer for the UI/UX of SpiderOak apps.
Adam Tervort (00:00):
Hello world and welcome back to another episode of SpiderBytes, the SpiderOak Podcast. I’m your host, Adam Tervort. Now today, I’m really excited to introduce you to an important member of the SpiderOak team. He is our head of design and the person who makes all of SpiderOak’s apps, both nice to look at and wonderful to use through his UIUX work.
Adam Tervort (00:26):
We’re also going to discuss quite a bit around the intersection and the balance of privacy, sustainability, security and design. I’m excited that you’re here, this is going to be a really great episode and we’ll get started on it right after these messages. This podcast is sponsored by SpiderOak. At SpiderOak, we believe security is important and it’s our mission to secure the world’s data from secure data compartments for collaboration and data storage, to protecting your backups with end-to-end encryption or even protecting communications in space. We want to be part of your plan to protect your most important data. Learn more at spideroak.com.
Adam Tervort (01:07):
Welcome back for another episode of SpiderBytes, a SpiderOak podcast. I am your host, Adam Tervort and today I’m excited to be joined by Zach Otte. Welcome Zach.
Zach Otte (01:18):
Hey Adam, how’s it going?
Adam Tervort (01:20):
Good. For those of you who don’t know Zach, he is one of the great design minds here at SpiderOak. And so today, in addition to talking about security and privacy, I’m excited to have all of you get a chance to have a peak inside Zach’s mind and learn more about the ways he approaches design and some of the choices that we make at SpiderOak around design and security. So Zach, why don’t you tell us a little bit about yourself?
Zach Otte (01:52):
Yeah. I am product designer here at SpiderOak like you said. I live in St. Louis, Missouri, and I am a proud dad of two young girls. Yeah. That’s pretty much my story.
Adam Tervort (02:06):
So any unusual tidbits or unique things that you like to do?
Zach Otte (02:11):
I actually just started to learn or attempt to learn how to make popup books, children’s popup books. I use the term lightly. It’s very rudimentary at this stage, but something that I thought would be cool to learn how to do so I’m trying to figure it out. Nothing elaborate yet, but yeah. It’s also a nice excuse to not look at a screen for a while. Yeah. I do all day long, so…
Adam Tervort (02:41):
Yeah. It’s nice to interact with paper and ink and tools like that.
Zach Otte (02:47):
Adam Tervort (02:48):
Yeah. Tell us a little bit about your work at SpiderOak. And if you like, give us some background too on how you got into design and why you chose that career.
Zach Otte (02:58):
Sure. I’m a product designer here, which for me at SpiderOak, concludes the overall experience design for the app, as well as the nitty gritty UI work, the actual pixel pushing, that kind of stuff. I got into design through a more traditional design print and marketing design work, but I’ve been into art and design since I can remember, probably started with being fascinated with album covers. I think that’s a pretty common intro to graphic design, but that was definitely how I found my way to it as well.
Adam Tervort (03:42):
Any favorite album covers we should go checkout?
Zach Otte (03:44):
Oh, that’s a good question. That’s an obvious one. I don’t even necessarily like the album that much, but the Joy Division album with the sound waves, the lines that look like sound waves. That’s an incredible cover. I think.
Adam Tervort (04:00):
Yeah, that is a good one. My favorite, I’m a jazz guy and Pat Martino’s one of my favorites. He had an album a couple of years ago called Kin. Is this amazing almost mosaic collage of the face of one of the members of the band.
Zach Otte (04:17):
Adam Tervort (04:18):
Yeah. Yeah. In some ways it’s sad that now that we all stream all of our music, we don’t get to see things like album covers or read liner notes like we used to.
Zach Otte (04:30):
It is challenging for me, because I love diving into whole albums not just single songs. But the whole experience of an album including the cover art, lyrics, all that.
Adam Tervort (04:48):
So my kids always tell me I’m really old when I say things like that.
Zach Otte (04:52):
Yeah. Even just the word album, feels antiquated in a way.
Adam Tervort (04:59):
Well, I guess we just embrace it, right? We remember the good old days, Zach.
Zach Otte (05:05):
Adam Tervort (05:05):
Well, let’s talk a little bit about design and CrossClave specifically. So when you’re making designs for CrossClave, this product, what are some of the security and privacy considerations that you have?
Zach Otte (05:20):
Sure. My approach to design for CrossClave is to really make the bleeding edge security tech that we do have under the hood, feel as familiar as possible for people and easy and in turn, easy to use as any other collaboration product out there that they may have used. That said, I think security and privacy and in the context of CrossClave means, in my mind, that we have to give users the confidence that they are in complete control over what they are sharing and with whom and CrossClave does that through compartmentalizing things. Having strict spaces for people to interact in. And so, at the highest level, the design consideration for me, is making that strict compartmentalization easy for people to navigate and easy for people to sift through. Yeah. If that makes sense.
Adam Tervort (06:49):
Yeah. And that’s an interesting idea of… We know, because we work here about out the platform level security and cryptography that happens, but I never really thought of the importance of signaling those things to users when they’re in the application.
Zach Otte (07:14):
Right. And there’s a line to walk there, I think between making it invisible when it can be and just making it feel familiar and not necessarily more secure, even though it is inherently. And then also the other side of the line, I guess, is revealing, making people aware of a security measure or something they’re doing that makes the app fundamentally more secure than any other app they might be using.
Adam Tervort (07:53):
Mm-hmm (affirmative). So how do you balance that? I think any company that does security or privacy based software, really has a balancing act between what’s secure and what’s private and features in usability. So how do you balance that? And I’d love to hear any examples you have of the conflict between those two and how you resolved it.
Zach Otte (08:24):
Yeah, this is like an epic, ongoing struggle for me and for design at SpiderOak. Being built on that blockchain platform that you mentioned, there are times when the technology under the hood necessitates a UX pattern that is just completely unfamiliar to people or just not quite what they’re used to. I think a really great example of that, is the onboarding joining a team process that we have for CrossClave. So we don’t use a traditional username, password approach that people might be used to, but rather we have behind the scenes, a pretty complex mutual authentication and exchange of secret keys going on.
Zach Otte (09:36):
And so in an earlier version of onboarding, we tried to map that process to familiar language like logging in and signing up. And it was just not very successful. I think a lot of folks found it profoundly confusing or some folks did. And in iterations since then, we’ve taken a bit more of a conversational approach where we have distinct paths that are represented as big interactive cards in the UI or clickable tappable cards in the UI. And they ask a very succinct, simple question followed by a succinct action too. So, got an invite code, join a team, just very straightforward question and action conversation there with the user. And it’s a very recent change, but so far I think the results have been pretty promising and folks are finding onboarding much simpler and easier. But yeah, it’s just a case where we tried to just adopt the familiar UX pattern that people are used to and it just didn’t quite fit our technology and our approach on the platform side. So we adapted and tried to make it easier rather than just sticking with the language people were used to.
Adam Tervort (11:38):
Yeah. And I think it’s difficult. Like I said, I think this is something every company that deals with security has to deal with because a lot of what we’re doing, things like key exchange.
Zach Otte (11:53):
Adam Tervort (11:55):
When you ask users to do key exchange on their own, it’s just a disaster. But that’s also a fundamental part of the system and why it works the way it does and why the security is so good is because key exchange is part of what we do. So yeah, I know that’s a tough balancing act.
Zach Otte (12:18):
For sure. Yeah.
Adam Tervort (12:20):
Well, let me ask you about another aspect of CrossClave that I know you’ve spent a lot of time on and in particular with CrossClave 14, which is just coming out is the file system. The way that we talk about and work with files in CrossClave and the new file experience that we’ve been working on for so many months. So, walk us through that a little bit. What were the challenges you ran into when you were designing a cloud based file system and how did you overcome some of those challenges?
Zach Otte (12:58):
Sure. I think in talking to people, we found that many folks gravitate toward that always online multiplayer editing experience that they may have had with other apps. However, many of our users also really value the asynchronous and offline work that it’s pretty important for the folks that use CrossClave now. So we sought to find a middle ground where people can launch a file from within CrossClave and any changes, launch it natively, offline and if they happen to be online, any changes to it will be tracked on the fly and can be pushed back to the cloud for other folks on the team to see. So the asynchronous design and taking that consideration also led us to a pretty unique approach for the version history of a file because people will be working on files at different times and pushing their changes at different times.
Zach Otte (14:34):
It required that we take a look at that. And so we had to do something a little more than just a linear version history. Yeah. I think the approach that we took is somewhere in between the more granular control of a complex version control system, like it or something, but we distilled it down to be more simple and more familiar, something akin to that linear version history, like a Dropbox or something like that. So I think it’s a really special experience and I think folks will really love using it. It’s really an empowering tool, that version history view that we’ve designed. Yeah.
Adam Tervort (15:51):
Yeah. And I spend a lot of my work day in CrossClave, so I enjoy this even in the older versions, but I’m really excited for the new version because it makes working with files that much easier. And I personally really appreciate the offline, the ability to work offline. I like to take my computer to the park and be able to work and not have to be connected in a lot of other tools, especially cloud-based tools just don’t even offer that.
Zach Otte (16:23):
Mm-hmm (affirmative). Yeah. It’s pretty important for a lot of people.
Adam Tervort (16:28):
Yeah. Well, let’s come back to more of the standard questions that we like to ask in these interviews. So what are the security and privacy problems that you consider in your day to day life and what are the tools or strategies you use to address those?
Zach Otte (16:45):
Yeah. I mostly just worry about the privacy of my kids really. That’s always at the forefront for me. One of them at least is getting to the age where she wants to start using social media. She’s very curious about it. And I’m trying to walk the line between curmudgeonly, privacy wonk dad and meme savvy. I don’t know, rad-dad, something like that. Yeah. That’s the biggest thing for me that I think about. Yeah. I mean, I worry about identity theft, stuff like that too, but that’s the big one for me.
Adam Tervort (17:37):
So what’s one thing you do to help, either to teach your kids or a method that you use to help keep them safe?
Zach Otte (17:46):
Yeah. Obviously I don’t have a solution for the ills of social media, unfortunately. But in terms of strategies, I just lean heavily into open and honest communication with them about what it means to share information on the internet. That once it’s shared it’s out in the world forever. And I also try to hammer home the idea that quote unquote free services, like all the social media platforms really are rarely ever free. And they’re really trafficking in the information of the people that are using the service and that there’s a hidden cost in that way, the cost of privacy. So I don’t know if it’s sunk in yet at all for them, but I’m trying to, maybe through repetition it’ll come back. When they need it.
Adam Tervort (19:02):
Well, it’s not just kids who need repetitions. It’s all of us, right?
Zach Otte (19:06):
Yeah. That’s very true.
Adam Tervort (19:10):
That’s great. Well, to close, the thing I love to do is hear favorite quotes. So do you have a favorite quote you’d like to share with us?
Zach Otte (19:20):
Yeah. I kept coming back to the opening line of one of my favorite books, but one of the most memorable and formative books for me as a young person, I’ve always loved the opening line of To 1984. And it’s, “It was a bright cold day in April and the clocks were striking 13,” and it’s just this incredibly succinct yet jarring line that really thrusts you into the frightening version of, at the time, the future. I just always really like that, but…
Adam Tervort (20:10):
Yeah. I think sometimes George Orwell is underestimated as a wordsmith.
Zach Otte (20:18):
Adam Tervort (20:18):
And the images that he can evoke with just a few words.
Zach Otte (20:24):
Adam Tervort (20:24):
Yeah. That’s great. Well, Zach, thank you so much. I appreciate it.
Zach Otte (20:29):
Of course. Had a great time as always talking to you Adam.
Adam Tervort (20:34):
All right. Well, we will be back in a few days with another episode of SpiderBytes. And once again, my guest today’s been Zach Otte from the design department at SpiderOak.
Adam Tervort (20:47):
Some things are best kept secret. You wouldn’t send your company’s financial data through snail mail on a postcard. So why would you use insecure digital collaboration tools? Introducing CrossClave, a file sharing and collaboration solution built with security in mind from the first byte. It’s like signal for business.
Adam Tervort (21:06):
CrossClave uses distributed ledger technology in end-to-end encryption to deliver a true zero trust system designed to protect you and your business’ most valuable data. When you need to share or collaborate on your most sensitive information, SpiderOak’s CrossClave is your only choice. Go to spideroak.com/podcast to get started with a free account, no credit card required.
Adam Tervort (21:33):
Thanks again for listening for all of us at SpiderOak, I’m Adam Tervort. We hope you enjoyed this episode. Subscribe to hear more episodes wherever you procure your podcasts from. If you’re interested in joining us as a guest on SpiderBytes, send me an email at email@example.com. We’d like to thank Mel Graves for the music, Earshot. And special thanks also go to our law firm, Dewey, Cheathem, and Howe, our autobody expert, James Bondo, the chairman of the SpiderOak math department, Horatio Algebra and to our staffing agency, Click and Clack. Thanks everyone
Jonathan discusses the risk to low-Earth orbit from Russia’s successful test of an anti-satellite weapon, and whether the kinetic threat is a big as the cyber one. Are non-attributable attacks in space the ones we really have to worry about? Transcript Christian Whiton (00:00): Welcome back to Cyber Context, featuring Jonathan Moore. I’m Christian Whiton. […]
In our first episode, SpiderOak CEO Dave Pearah talks with SpiderOak CTO Jonathan Moore about New Space and the challenges around security in orbit. We are moving into a new space age, one that’s about commercialization and scale. Access to space is getting cheaper by the year. Cadence of launches are increasing. There’s going to […]
This episode of SpiderBytes features Fábio de Salles from Brazil. Fábio works in business intelligence and has a strong background in security.