Study: SUI entry experience

[ninavizz]

Problem

In user research with newsrooms, it has been revealed that often Sources have been known to re-submit, under different codenames. There could be many reasons for this we don't know.

Anecdotally, feedback has been offered and core team contributors have observed on their own, that the broader experience around codenames feels rough and in need of refinement. Specific questions that have been raised:

• This is an unusual mental model—does the concept of "a codename" even make sense to folks?
• When a codename is generated, an account is created for the Source; is that concept clearly and resonantly being communicated to SUI users?
• By the time a user is arrives to the submit page, do they understand how journalist correspondence works in SD (and that they will need to return to that specific SD instance, with their codename, to retrieve journalist comms)?
• Is "codename" even the right moniker to use for a passphrase?
• Do users think or question if a codename is universal to all SecureDrops—as in, are they confusing SecureDrop as a centralized platform, or as a cloud submissions service?
• Does the submit page say too many things, or things in the wrong order, today?

Solution

Iterative design and research to address more broadly, how we speak to codenames and account concepts to users of the SUI.

End Goals

Across multiple iterations, the end goals of this ticket are to:

• Get sources to submit the correct types of information in the correct form fields across all pages of the SI experience.
• Get sources to understand that they are creating an "account" with the specific instance organization, when they enter a SecureDrop
  • So, they're creating an account on The New York World's SD, not with The Daily Bugle's SD.
  • That they're still anonymous and that the instance host still knows nothing about them, in spite of "an account" existing that is tied to information they'd submitted.
• Get new sources to always record their codename
  • Speak to the codename in a fashion that is easy for users of the SUI to understand and conceptualize.
  • From use on the Landing Page, through use in the product itself, and in all relevant supportive documentation.
• For Newsroom users to better understand how Source codenames are different from what we call codenames in the Newsroom experience.
• Open question: Is the moniker codename even what we should use to speak to that functionality with—and does it add confusion to things, to call it the same thing across multiple user-facing experiences?

[ninavizz]

Cross-referencing wackadoo use-case flagged in this SD PR tackled by the very awesome Dr G, as relevant to consider in these explorations.

[ninavizz]

Just re-installed Mullvad VPN on my machine, and was intrigued by their (conceptually similar to our /getcodename) page: https://mullvad.net/en/account/?token=

I know that it was informed by a significant UX effort—either by SimplySecure or friends of SimplySecure's—a year or two ago. I love how they simply and concisely explain how their similar anonymous identifier works—and within the context of the product.

What if we used the verbiage account name instead of codename? I'd love to do some meatspace intercept testing on this, in late Q1 2020 or early Q2.

Likewise, I also feel it succeeds because it provides a visual context for how the thing exists w/in the product, on that same page. Do with graphical guidance, what would otherwise require paragraphs nobody will read, to explain.

[ninavizz]

Adding onto this ticket, the more recently surfaced concerns with possible misunderstanding of content on the get-codename page. @eloquence the current biggie research project on my plate feels appropriate to track via this ticket.

[eloquence]

We're still planning to address this in Q3 (Jul-Sep), but have agreed to defer this for now in favor of fully focusing on the read/unread research, prototyping and design work.

[ninavizz]

Edited & removed labels, such that this issue might be tackled in one or two studies, vs multiple studies over years.

[ninavizz]

Completed with report and fully synthesized spreadsheet.

NOW LETS DO IT ALL OVER AGAIN 2 YEARS LATER, YEAH! <3