Skip to content

DEPRECIATED — User Research Guidelines

Jump to bottom
Nina Eleanor Alter edited this page Feb 21, 2022 · 1 revision

NOTE

The below was created when UX for SecureDrop was entirely crowdsourced and not led by FPF. Since, far more rigor has been brought to the process—in large part to un-bias findings from prior outreach restrictions to only orgs in the internet freedom community. Please find equivalent document in the GDrive.

Original Page Contents

We aim to treat our research participants with utmost respect. Our main priority during research activities is their well being, preserving their privacy and anonymity.

We treat participants not as research subjects, but as co-creators of insights that can help us improve SecureDrop. We are immensely thankful for their time, and for their willingness to share their knowledge and experience.

We aim to create trustworthy relationships with research participants, if they are willing. We do this because we are committed to keeping our users at the centre of our software design process.

We publish these guidelines because we want to be transparent about our research practices, and ensure that SecureDrop contributors and others know what to expect from our research activities. We also hope these guidelines might help other free and open source projects with their own research work.

If you have feedback or questions about these guidelines, please contact us by email on uxATsecuredropDOTorg or leave a message in the research guidelines forum thread: https://forum.securedrop.club/t/research-guidelines

  1. We aim to capture data from all our user research activities for analysis purposes. We obtain informed consent (usually written, sometimes verbally) from research participants before collecting data.

  2. The data can take the form of notes, audio recordings, video recordings and photographs. Before taking a photograph, we hide all visible personal information, to maintain privacy.

  3. All data is stored password protected in the confidential wiki of the UX team. We keep a backup of all research data on the disk of at least one UX team member.

  4. Audio recordings are transcribed. Once transcribed, the audio file is deleted from storage. Transcriptions and notes are reviewed every year. If we feel we have nothing else to learn from them, we delete them. This is to preserve participants' privacy.

  5. Video recordings are kept until we complete the research analysis process. Then we delete them from storage. Short video clips might be extracted. These are reviewed every year. If we feel we have nothing else to learn from them, we delete them. This is to preserve participants' privacy.

  6. Photographs are reviewed every year. If we feel we have nothing else to learn from them, we delete them. This is to preserve participants' privacy.

  7. All research data, except video, is anonymised. In notes and transcriptions we use pseudonyms instead of real participant's names, and we remove all personal information such as locations, institutions and third-party names. We aim to anonymise photographs before we take them by hiding all visible personal information. We further obfuscate photograph content as necessary.

  8. We share the anonymised transcription with the research participant by email, to ensure it accurately portrays the outome of the research session. Participants can request amendments. They can also request the destruction of the data by sending a simple mail to uxATsecuredropDOTorg.

  9. Only SecureDrop user experience contributors have access to research data by default. Other SecureDrop contributors can request access to the research data, which is likely to be granted.

  10. We will never publish research data, but we might quote from notes and transcriptions in research reports and presentations. As part of the informed consent process, participants can request not to be quoted.

  11. Video clips might be shown in presentations to SecureDrop contributors. As part of the informed consent process, participants can request that no video clips from their research session are kept. In extraordinary circumstances, we might want to include video clips in public presentations. Research participants will be contacted in advance to obtain explicit consent in these cases. Participants' faces, if captured in the video recording, will be blurred to make them unrecognizable to the best of our ability.

  12. The research analysis process is carried out by SecureDrop contributors using the affinity diagram approach.

  1. The SecureDrop user experience team produces a report summarizing the research findings. There may be two versions of this report: one with video clips available to SecureDrop contributors only, and one without video clips that will be publicly available. Apart from the removal of the video clips, both reports are identical.

  2. We aim to review these research guidelines every year and update them if necessary.

These guidelines were developed publicly by the Secure Drop community at:

https://public.etherpad-mozilla.org/p/securedrop_userresearch

Who Uses SecureDrop?
Learn about SecureDrop's users!

Design

Contributors

Learn!

User Research

Et cetera

Clone this wiki locally