-
Notifications
You must be signed in to change notification settings - Fork 0
Source security and anonymity assesment of a securedrop instance
The goal of this experiment is to:
- measure the accuracy of a source assessement of a SecureDrop security level
- measure the influence of a security indicator on the source interface home page on the accuracy of this assessment
- measure how a security indicator on the source interface home page modifies the source workflow
A person is asked to impersonate a source who exfiltrated classified documents without compromising their anonymity. They are sitting with their back to the wall in a crowded coworking space, using a second hand laptop they just bought in cash and booted on tails. The documents are on another USB key.
They remember three news organizations providing a SecureDrop:
They implicitly trust these organizations followup with the documents.
The person is presented with a laptop running a tor browser and explained that:
- There are bookmarks for each SecureDrop landing pages
- The document named leak.txt is ready to be uploaded and already on the laptop
- If the person goes to the directory looking for The Intercept, they are instructed to act as if it was not in the directory
- Select one of the SecureDrop instances
- Submit the leak.txt document
- Find out which SecureDrop is less secure and which is most secure.
Knowing how SecureDrop instances compare to each other:
- Select one of the SecureDrop instances
- Submit the leak.txt document
Same as the first experiment but the source interface home page shows:
- https://invisible.institute/contact/ displays an "Excellent security: YES, Maximum security: YES" message
- https://theintercept.com/source/ displays an "Excellent security: YES, Maximum security: NO" message
- https://www.nrk.no/varsle/ displays an "Excellent security: YES, Maximum security: YES" message
The messages are on pieces of paper that are manually added to the screen when the source goes to the source interface home page.
Transcript of First experiment with participant 1
- The Intercept -> I would install a translator to better understand the landing page. In the page for the intercept. Once found, Control-C to copy. Goes to the address bar and pasts the URL. He correctly understands the SecureDrop. He submits the document.
- Sorting from the most secure to the least secure: He browses the page from the intercept. He thinks they all have the same SecureDrop, like DropBox. The intercept may not be secure? Two clicks only to submit? Maybe the others are done differently. I trust the Intercept. The other I don't know, I'm not able to judge. I would have to spend hours searching which is which. Maybe someone wants to send documents to the three medias? He browses NRK and says he would need hours of research. He clicks NRK info tab: they work on policy problems. It looks serious and well done. The topics are well organized. The invisible seems less serious, I'm lost. Is there just one page? Multiple pages? Oh, I see funders and that does not make me confident. Is it american. Even if I have not such a good impression with invisible, I'm still unable to sort them.
Who Uses SecureDrop?
Learn about SecureDrop's users!
- Brand Use Guide(ish)
- UI Standards + Guidelines
-
Prototypes Archive
- Random things by nina, over the months and through the iterations
- Design Principles
- SecureDrop's Figma
- Meetings Page
-
Contribute!
- Really, we need help from practitioners around the world!
- About Personas
- About Design Principles
- Framework for tackling UI design
- How We Figma (and so can you!)
- General UX Resources
- Survey Resources
- Redaction Guide
-
Template Docs
- FPF Only: UxR Participant Disclosure, New Study Template, Email Templates, etc., from +2019
- Digital UxR Tools
- Sample Participant Disclosure