UX meeting 20181025

Logistics

Time

16:00-16:30 UTC

Attending

• @ninavizz, @redshiftzero, @emkll, @ultimatecoder

Place

https://meet.jit.si/QuickWizardsDanceHigh

Notes

Jaysinh (@ultimatecoder) intro/welcome

• Jaysinh—newish dev contributor—attended to get a lay of the land. Expressed team congtrats for 10.0 release.

Qubes Template Updates: User impacts & engagement approach

Mickael attended meeting to raise concerns encountered in https://github.com/freedomofpress/securedrop-workstation/pull/172. To summarize: to properly manage technical threats, workstation Template updates need to happen as often as possible—and upon completion, users will need to reboot the machine. These updates are set to happen automatically, and as such will happen whenever the team is ready to push them.

TL;DR Action items:

• Nina to include Client functionality of that dialog in user stories spreadsheet as Beta (tentative) must-do.
  • Messaging need: "Hey user, Qubes just finished installing an auto-update from the SecureDrop team. You need to reboot your machine to complete its installation." Objective: get users to reboot machines so updated security measures can be activated asap.
• Jen to follow-up with Erik on getting an initial meet-and-greet scheduled with Qubes team.
• Mickael to continue with PR on assumption need will be flagged to users via messaging within the Client itself.

---

Q (Nina): Could we just have the Admins do this to not burden our Journalist users with the task? Non-technical users may be uncertain of how to handle, and with tight journalist timeboxed availability to interface with SD we don't want to eat into that with admin-y tasks.

A (Mickael): Because so many of our customers have distributed newsrooms with admins and journalists in physically different locations with physically different hardware, that won't be possible.

Q (Nina): Ok. Since users will be shutting-down and rebooting between every use, I'd rather just hide this from users. It's not like they'll HAVE to make every Template update go live mid-session, ever—que?

A (Mickael): We don't know that—some updates could be to patch urgent security vulnerabilities. Sadly, we really do need to have users reboot immediately to make all Template reconfigs go live, immediately, for opsec best practices.

Q (Nina): Ok. Could we nest the messaging within the Client app itself, then? Qubes messaging is currently one of the problems identified in my GH Issue opened to track Qubes usability issues to discuss with their team. Today's messaging in Qubes is >50% things non-technical users will not understand, and I expect most Journalist users to subsequently tune-out Qubes notifications as a result.

A (Mickael): That sounds like the best approach; we'll explore that.

Tangential discussion: Broader Qubes usability issues, and getting our collected thoughts on their team's radar... as well as making personal introductions and early brainstorming to see what can get resolved without filing GitHub Issues. Mickael shared that he's had positive experiences thus far with the Qubes team being responsive to Issues filed as "Necessary for SD," and seeing those bumped-up in their priorities. End takeaways: we look forward to filing GH issues for things on Qubes repos, tho first want that initial meet-n-greet-n-brainstorm.