Cracking User Education with a Smokescreen

One of the things I've been discussing lately, is how to successfully educate the users of IT services at the university to consider security a little more. And by "users" I pretty much mean staff. The particular hot topic this week is people responding to spam with their usernames and passwords and then having their account used to send obscene amounts of spam. It seems emails/alerts etc advising them to NEVER give their password out are invisible to some...and like all things, the more we bang on about it the more invisible the campaign becomes.

Which is why I like simulations and games to help people see what happens when they do these things - without having to actually suffer the consequences.

This week, I've been checking out a new game called Smokescreen designed to do just this. It describes itself as:

Smokescreen is a cutting-edge game about life online. We all use Facebook, MySpace, Bebo and MSN to keep up with our mates - and we've all heard the stories about parties on Facebook being mobbed, or people getting stalked on MSN. The question is, what would you do if it happened to you?

For example, in the first challenge you are playing an online game and then encouraged to find out your rock star name made up of your town of birth, full name etc...which then turn out to be the exact security questions required to reset your password for the site which you've just handed over to the (evil!) game designer.

The game feels like it's designed for young teens, and I think it works well as a safe way of exploring the risks of using social networking services etc. The tone and characters wouldn't work well to solve our problem with staff, but perhaps the same approach would. I'm thinking of a cleverly written email to selected staff groups - looking very legitimate and asking them to confirm some basic personal details in order to complete some likely-sounding but fictitious admin task. If they comply, the payoff would be to then send them a scary reply message indicating their account is now open to attack etc. But that this time it wasn't for real...(of course those who don't fall for it get a reply telling them to be smug - this time!)

It could backfire, but would be fun to see who fell for it...?

Juicy Motivations?

Another of the talks I attented at dConstruct (see below) was Robin Hunicke speaking about "Loving Your Player with Juicy Feedback".

The first thing I learned from Robin, which of course I should have known, is why Monopoly gets boring so fast (when you figure out you can't win), and how you can fix it (by finding ways to level the playing field or change the rules so you still have a chance). I will make some changes to my own game - "The Never Ending Uni Quiz" (see futher below!) next week, as I'm fully aware that once a few people have very high scores, there's much less motivation for new players as they can't hope to climb to the top within their lifetime!

This issue of motivation for players is something my games-related colleagues and I spend a lot of time discussing. In a recent paper we concluded:

One observation that can be made ...is that creating a motivating, engaging game may be less about providing a range of motivating factors (although this is still important) and more about ensuring that there is a clear rationale for students to engage with the game (be it intrinsic or extrinsic) plus - crucially - a lack of demotivating elements.

In Robin's talk she broke games into 3 parts - The Mechanics (how it works, platform etc), The Dynamics (the playing of the game itself, points) and Aesthetics (what the player feels, how they respond). She talked a lot about how to ensure you got the emotional response from the player you wanted you had to design it in from the Mechanics stage up. She went on to recognise a fourth aspect of games - which she calls "juicy feedback" (in web terms a "sticky" site). This is the magic part where you really connect with a player and get real happy emotions out of them. (She suggests we play "Flower" a kind of zen console game to experience this).

Now I think "juicy feedback" is very closely linked with the motivation I mentioned above. How do we make them really LOVE it. I'll need to do some reading (this is her PhD topic) to fully grasp all this, but if I can combine some juicy feedback into educational games then fully engaged students having fun would seem a possible and desirable future.

The End of Ownership

On friday I attended dConstruct - a thought provoking technology conference. The first sessions of the day was Adam Greenfield talking about "Elements of Networked Urbanism".

Adam talked a lot about the ways technologies will be used in cities in the future. And one of the things that struck me most was his argument that, in cities at least, we will be moving a was from ownership of objects and more towards use of services. His examples of this were 1. Spotify for music - you now longer need to own a CD or even have a local copy of an mp3 file to listen to a partciular song and 2. City Car Club for cars - why own your own car for the few hours a day you drive it, rather pick up a car locally as and when you need it.

I was wondering what the logical extensions of this would be in Higher Education. We already have libraries and "pools" of computers that people use as they need. It seems to me a University campus is perhaps already where he predicts cities might end up. But we're an institution - all that stuff, Halls of residence, canteens etc is what you'd expect. I don't think I'd like a futuristic city to live in which effectively was one great commerce-led institution?

He also talked about sensors in objects - RFID tags on everything - inlcuding people. Would be pretty handy to know where everyone (staff and students!) was at a given time. Taking registers would be a cinch!