-
Notifications
You must be signed in to change notification settings - Fork 0
UX meeting 20190523
Erik Moeller edited this page Jun 7, 2019
·
4 revisions
Attending: David, Nina, Erik, and lots more—I just can't remember! 🗡
-
Updates happen too infrequently
- "many cycles lost in training, to just updating hardware"
- "Could we surface an update calendar or the need to update more often, in docs?"
- Could we create a maintenence calendar in GCal for Admins to follow?
- Could we create something for Firefox to help with this?
- ^ If calendar created, including backup reminders wd be good, too!
-
Password Management
- Wd be good to use one w/ Admin access to user accts to help curmudgeon/flake users
- KeePassX has usability flaws
- Reccommending one or two shd be done for Qubes
- "Dirty" transfer drives a prob, despite solid guidance in training
- Team speculation that Qubes' simplification of allthings likely to solve for?
-
"Tips" circulation and ongoing learning
- How to do?
- Training newsletter?
-
Quickstart Guide
- Many newsrooms have either requested or taken it upon themselves to create a 1-pager 20-step guide
- Wd be nice to solicit these getting shared via Redmine or direct email, to kickoff FPF project to consolidate and distribute one, ourselves; nicely designed, security flaws omitted. Shiney. Easy. Could include tips, too.
- Nautilus file manager in Gnome
- Cornucopia of usability probs
- Discussion of sucky laptops
- Desktop shortcuts, frequent workaround
- Keyboard shortcuts observed in users working with common software clients, but not moreso than in any other environment
- Trainers generally observe, but also write notes
- Not mentioning clients, specifically... but will speak to org sizes & platforms
- Common themes:
- Orgs rarely update TAILS drives
- Updates usually prompted via security bugs, such as Tor/Firefox
- Extremely difficult to find org that keeps these up to date
- Question: Is there something in the Qubes front that oculd facilitate automagic updates?
- Jen: There is a script that will do these so there's no thing that pops-up
- There is a prompt that shows-up when Tails goes online... which is a new thing (year and a half?). We try to deal with this in training; many cycles lost in training, to just updating hardware. How can we instill need for updates and maintenance in the docs? Is there a way to do this with design? Something in Firefox that could do this?
- Erik: Issue bites us with backups a lot.
- Erik: Recommended maintenance calendar to spell it out and make it super easy?
- Different USB prob comes up often... in shuffle of drives there tends to be a lax approach to how the transfer devices are being used. Sometimes they'll be encrypted, sometimes they won't. We talk about deletion in training—wiping the drives, proper sanitation techniques... transfer drives tend to be "dirty." Both ZIP, decrypted and encrypted, all sprinkled and mixed in with drive, wrt things escaping SVS.
- Question: Is it possible in how TAILS is configured, to look for that? Could see like moving certificate headers... wd that be problematic?
- Jen: No scripting in SVS; there could be a script to flag to user that
- Transfer of files from JWS to SVS; requires ALL files transfers. Qubes addresses this by mitigating that. Transfer of files from JWS or SVS to Newsroom, process we want to have guardrails around. Shd explore, later.
- When in SD workshop, it's the first time many users ever do Linux
- Question: Is it possible in how TAILS is configured, to look for that? Could see like moving certificate headers... wd that be problematic?
- Erik: Would be nice to give news orgs regular tips. Is that a newsletter, or a tip of the day integrated into the workstation? Even for SD today don't leverage functionality they have. They don't configure language, set the logo, etc.
- David: Putting a bow on it... newsrooms have requested or taken upon themselves to create a 1-pager 20-step "This is how you do SD" overview guide. Could, should we do this? Would there be value in this? Maybe something to consider wd be such an artifact?
- Nautilus, file manager in Gnome (on Linux, not TAILS drives):
- Admin workstations are rarely brand-new machines; they have crappy screens, things that look regular sized on our screens look way big on theirs. Tor browser window for Save dialog is made gigantic in Gnome, as an example. Controls in Nautilus not intuitive; nobody at any of these newsrooms is Linux users.
- Save Dialog especially, sucks; has directory highlighted by default, hitting save-as won't save in directory visible—saves in directory selected.
- Dealing with files, especially; concept of "files" difficult for some users so used to modern cloud services obfuscating these things.
- Users encounter when saving files from Tor browser.
- 3 different download directory in TAILS. Tor browser imposes one, too. Would not happen outside Tails OS experience.
- What if the user hits the back button?
- Less-than-quality laptops used. Trackpads are the biggest frustration ever, for people using them.
- Some folks use desktop shortcuts
- Having to click on a desktop shortcut to open a thing w/o a strong visual indicator that something is loading. No active state on desktop shortcuts in Gnome(?!). Using some kind of workaround that sucks. Users repet-i-select not knowing what is happening.
- Nautilus decompresses files so quickly & w/o animation; filenames very similar, so people often go in and don't think anything happened; they don't notice identical file w/ slightly different name.
- Some folks use desktop shortcuts
- Discussion around how Qubes does archives; Erik mentions File Roller as Qubes utility SD is supporting.
- Remember passphrases for encrypted drives; too many passphrases. People confuse even 2 passphrases.
- Admins remembering everyones passphrase via a secure method, a good workaround for user curmudgeonry
- Frequency of use does help memory retention.
- Increased exposure of Linux probable to smooth those bumps?
- Bulk of learnings shared on FPF private messaging
-
Usability Issues w/ KeePassX (password manager built into Tails).
- Copy and Generate buttons too closely co-located.
- David: Which password manager will ship with Qubes?
- Jen: May make more sense for users to save logins on mobile device or own laptop.
- Qubes questions:
- WRT passwords overhead...
- FDE & User passwords could be the same (via Jen and Erik)
Who Uses SecureDrop?
Learn about SecureDrop's users!
- Brand Use Guide(ish)
- UI Standards + Guidelines
-
Prototypes Archive
- Random things by nina, over the months and through the iterations
- Design Principles
- SecureDrop's Figma
- Meetings Page
-
Contribute!
- Really, we need help from practitioners around the world!
- About Personas
- About Design Principles
- Framework for tackling UI design
- How We Figma (and so can you!)
- General UX Resources
- Survey Resources
- Redaction Guide
-
Template Docs
- FPF Only: UxR Participant Disclosure, New Study Template, Email Templates, etc., from +2019
- Digital UxR Tools
- Sample Participant Disclosure