Background
Mailvelope is a free browser extension that offers end-to-end encryption for your existing email address. Encrypt your emails without changing your email provider! Encryption and decryption occur exclusively on your device, ensuring that your private data never leaves your device unencrypted.
Mailvelope is a return client of Clean Insights. During their initial integration, they discovered most commonly used webmail providers. Now, Mailvelope is teaming up with the Clean Insights team again to create a new measurement campaign and consent user experience. This time around Mailvelope shifted their focus to a new aspect of the extension: the installation and onboarding experience.
Motivation for Implementing Clean Insights
“The first round we got a lot of information, but we didn’t find things to do based on it. I think this second round will be more actionable, it’s getting really interesting.”
-Thomas, Mailvelope founder
Objectives and Questions
Understanding the installation and onboarding experience fails and successes. To do so, Mailvelope and the Clean Insights team worked together to create a “Funnel” to track user progression through installation, first launch, key generation, and message decryption & encryption.
This round of Clean Insights had a few additional goals:
- Display a consent dialog to % of users on the first load of the extension. This should explain that they’d gather whether or not the user did steps A, B, C and the time between each step. It should make clear that privacy is taken seriously and we don’t keep PII.
- Remove the old Clean Insights consent UI from the codebase.
- Collect any of the steps tracked below as “Events” at a daily granularity with locally calculated time deltas included in the Event.
Implementation Process and Challenges
Together with their team, we designed a “Funnel” of actions that they hoped their users would successfully complete. This funnel tracks how users progress through the stages of installation, launching the extension for the first time, generating (or importing) keys, and then encrypting and decrypting messages.
Specific steps and events which are recorded:
- The first time the user loads the extension
- A key is uploaded or a key is generated (perhaps worthwhile to differentiate)
- A user decrypts the email from the keyserver
- A user encrypts and sends an email
- A user decrypts an email not from the keyserver
Approach to Implementation
While Mailvelope has the skills and capability to implement this internally, they lacked the capacity to do so. Thankfully, third-party implementers were able to fulfill Mailvelope’s requirements smoothly due to the open-source nature of their software. And, it presented a great opportunity for one of the original Clean Insights developers to further their work with Mailvelope.
Impact on Development and Decision-Making
If Mailvelope detects a notable decrease between two consecutive steps, it will help pinpoint an area that requires enhancement in the onboarding process. Simplifying onboarding is crucial since PGP email is known for its complexity, and Mailvelope strives to alter that perception.
Metrics and Data Insights
This has been the most intricate implementation to date involving stats tracking to record timing intervals between steps and to monitor various methods of completing tasks, such as importing or generating a key separately.
The team has merged the new consent and measurement campaign into the development environment but have a few more steps to take internally before pushing it to the wild for measurement in Summer 2024.
Crucial Design Decision: Affirmative consent
Upon receiving user feedback about the initial campaign’s consent, where users could opt-out by default, they opted to create a new consent process that clearly explains the rationale behind supporting Mailvelope through this type of data donation.
Instead of having users automatically opted-in upon installation (with the option to opt-out anytime thereafter), we worked with Mailvelope to design a new affirmative consent user experience. Below are some mockups of the new affirmative consent language and design.
Next Steps
A new challenge
Supporting longtime users in the wild will take ongoing work after the implementation. Google Chrome is soon planning to change the way extensions work. In order to keep supporting Mailvelope, Clean Insights will need to enhance our SDK to meet Google’s new requirements, and Mailvelope will have to integrate it.
Closing
In this round, Mailvelope has chosen to assess user completion rates for onboarding and the successful sending/receiving of encrypted emails. This strategic move aims to boost the success rate by concentrating on the specific step(s) where users are prone to abandoning the process. Additionally, they have updated their consent procedure based on user input. Now, only 1% of users are automatically opted in and are required to explicitly choose yes or no, rather than having to uncheck a box.
We are so grateful for all the support and confidence the Mailvelope team continues to place in Clean Insights. We look forward to hearing their feedback and actionable steps determined by the insights gleaned from this round of implementation.