-
Notifications
You must be signed in to change notification settings - Fork 0
Qubesclientresearch
The purpose research is to understand how SecureDrop (SD) users handle submissions they've received via SecureDrop.
The research will cover from the point they receive the submissions to the point it is used in a story, or not used.
This research is to provide evidence for design decisions for the Qubes SD client.
The objectives are to:
- develop an understanding of the workflows different types of SecureDrop users have
- understand how SD users handle and work with the information after they've received it from sources
- document individual user workflow from the point the submission is received, to the point it begins to be used/or not in a story
- generate insights to inform the design of low-fidelity prototypes for the Qubes workstation SD client application
Due to the diverse nature of the SD userbase, it's preferable that we can recruit a broad cross-section of users.
From doing some basic desk research about the organisations, the researcher has identified some basic attributes. They:
- have geographically disperse offices (organisations should have at least 1 office in a different city)
- work across different timezones
- cover stories of international significance
- cover stories of national significance, sometimes working with foreign journalists if there is an international aspect to the story
- work with internal journalists exclusively
- work with a mixture of internal and external journalists
- work with external journalists exclusively
- varied volume of submissions (it is not important to if submissions are classed as actionable)
- have no/or small IT / editorial system support / digital teams
- have large self-contained IT / editorial system support / digital teams
NB: this section is based on assumption.
These organisations have multiple physical locations, have offices in more than 1 country, they work across different timezones.
Due to their international presence they cover both national and international stories. They will also work with external journalists on a regular basis, who have expertise on certain subject matters.
Due to the nature of their work, their geographical reach, they receive stories which have varying information security needs.
They receive a large number of submissions - the majority are not actionable.
Due to their size, they have editorial support teams - staff who provide specialist information physical, and operational security support to journalists and editorial staff.
These support teams will be main active users of SecureDrop.
Similar to the "large" organisations above, these organisations may have multiple physical locations, have offices in more than 1 country, they work across different timezones.
Despite their international, or regional coverage, they focus on nationally relevant subjects.
They will have correspondents in foreign countries. They will focus on nationally relevant stories with an international aspect.
They do not actively investigate internationally relevant stories, instead relying on syndicated newswire providers.
They will also work with external journalists, however it is an exception rather than the norm.
They receive a large number of submissions - the majority are not actionable.
They will have an investigative unit, or a small number of investigative journalists. These journalist will be active users of SecureDrop, possibly without any information security or digital security expertise assigned to them.
These organisations will be more difficult to define. may be loosely coupled journalists,
Despite their small size, they will often cover national and international stories, . Due to their size, they will work almost exclusively with external journalists, or
| Organisation type | Number of participants |
|---|---|
| International | 5 |
| National | 3 |
| Small | 2 |
This research is focused on the workflow of the people who work with SecureDrop. Therefore the people we need to recruit for this research:
- spend a significant proportion of their time (they use SecureDrop at least 1 times per day or at least 60-70%) of the working time interacting with SecureDrop
- have a mixed level of technical ability (i.e. we do not want only infosec or systems administration staff)
- have varying number of years working for the organisations
- NOTE: others?
(NOTE: This is a proposal)
Confidentality of information and anonymity of participants will be provided by 1) providing participant organisation with signed confidentality agreement (NOTE them and researcher or FPF?), 2) removing information which can identify individuals, organisations, their location, or any specifics about computer networks, etc.
Depending on the location of the organisations that agree to take part in the research, this will be a mixture of remote and in-person research.
(NOTE This is a proposal. I'd like to get thoughts on it's suitability. This only works if the participant commit to it.)
The participant would be required to create a detailed, rich daily record of their SecureDrop activities.
The use of detailed diary studies could prove useful in this context. The participant would be able to decide on what information to provide - they could provide aliases, obfuscate specifics as needed.
These will be structured interviews focusing on the workflow the participant has for dealing with source submissions, inline with the research detobjectives above.
The participant will be asked to provide detail of their daily SecureDrop activities.
These will be confidential and anonymous.
Where in-person research is possible the indepth individual interviews (above) will be carried out in-person, ideally in the participant's office.
Again where in-person research is possible, observing the user (i.e. "shadowing") in their work environment will provide deep insight into how they deal with submissions after receiving them.
It will also allow the researcher to pick-up areas of interest they may not have forseen.
- Finalise research plan
- Recruit participants
- Schedule research
- Write diary study protocol
- Write interview protocol
- Schedule research
- Send research briefing and consent forms
- Send diary study overview
- Remote interviews
- Contextual inquiry (in-person) if possible
- Remote interviews
- Analysis
- Create research outputs
- Hierarchical Task Analysis (NOTE: proposal)
- Identify workflow commonalities
- Identify workflow components
- Create low-fidelity prototypes which meet user workflow needs
Who Uses SecureDrop?
Learn about SecureDrop's users!
- Brand Use Guide(ish)
- UI Standards + Guidelines
-
Prototypes Archive
- Random things by nina, over the months and through the iterations
- Design Principles
- SecureDrop's Figma
- Meetings Page
-
Contribute!
- Really, we need help from practitioners around the world!
- About Personas
- About Design Principles
- Framework for tackling UI design
- How We Figma (and so can you!)
- General UX Resources
- Survey Resources
- Redaction Guide
-
Template Docs
- FPF Only: UxR Participant Disclosure, New Study Template, Email Templates, etc., from +2019
- Digital UxR Tools
- Sample Participant Disclosure