Many of the most at-risk communities around the globe rely on open source privacy and security tools. However, these tools are often designed, developed, and maintained by individuals or small teams who have little to no access to their target audience — journalists, activists, human rights defenders, and other high-risk groups. This often results in tools that poorly fit the threats, challenges, and/or accessibility or usability requirements of end-users. Internews and the USABLE Team have worked with many community members across the globe to support tool developers who want to better understand their users’ needs, security practices, and operating environment, establishing stronger feedback loops between the communities who make the tools and the communities who use them.

The activities and resources shared below were inspired by existing formal methods of feedback collection and were adapted by the USABLE team, digital security trainers, and user-experience (UX) specialists. They take into account the specific limitations of open source projects and the sensitivities around working with high-risk communities. More details on each of the below activities can be found in the UX Feedback Collection Guidebook.

Human-Centered Design and the Development Ecosystem

Human-centered design is a principle that intentionally places humans, their needs, their concerns, and their experiences front and center when building a system. The blogs listed below provide an introduction to this principle and how it fits into the development of privacy and security tools as well as the role of trainers and auditors in the process.

Blogs

• Introduction to Human-Centered Design and User-Experience
• Understanding Development Ecosystems and the Role of Trainers and Auditors

Incorporating Feedback Collection

This section includes blogs, podcasts, activities, and templates to help digital security trainers (new or experienced), user-experience (UX) specialists, trusted facilitators, and open source tool teams understand the value and process of capturing feedback where possible and how to share it with developers. When done effectively, this process can transform the design and development of the most commonly used privacy and security tools for at-risk users. For more information, see Part I and Part II of the guidebook.

Blogs

• Selecting a Tool and Identifying Developers
• Overview of Feedback Collection Activities

Podcasts

• An Introduction to Personas and Archetypes
  Find the transcript for this recording at: https://usable.tools//pdfs/AXIS/AXIS_PersonasIntro.pdf
• Communicating the Importance of feedback Collection to Users

Activities

• Collecting Feedback to Better Understand the User: This set of activities focuses on better understanding the users, or participants, who are the target user-group for specific open source security and privacy tools. These activities are designed to capture: current practices, user needs, operating environment challenges, risks and threats, and common user questions.

  • Activity: User Stories
  • Activity: Mapping Digital Security Practices, Concerns, and Questions
  • Activity: Persona Generation
  • Activity: Adversary Archetype Generation (coming soon)
  • Activity: Organizational Archetype Generation (coming soon)

• Collecting Tool-specific Feedback During Trainings: This set of activities focuses on capturing tool-specific user feedback. These activities are designed to capture usability and accessibility challenges that prevent at-risk users from easily adopting tools. Once shared with developers, this tool-specific feedback will lead to the design and development of more usable and accessible privacy and security tools for at-risk users that need them most. All outputs can be shared with developers to inform design or development processes and decisions.

  • Activity: Pluses vs. Deltas
  • Activity: Mark-up a Screen-shot
  • Activity: Tool Task Ranking (Individual)
  • Activity: User and Observer Activity
  • Activity: Tool Matrix: Plotting Usability vs. Adoption
  • Activity: Tool Task Usability Ranking (as a group)
  • Activity: Tool-Specific Task Usability Ranking (as a group)

Templates

• User Story Template
• Persona Template
• User Template
• Observer Template
• Sample Tasks for Tool Task Ranking Worksheet
• Tool Task Ranking Worksheet
• Follow-up Feedback Survey Template
• Adversary Archetype Template
• Organizational Archetype Template

Synthesizing Feedback and Connecting with Developers

This section includes resources and guidance for digital security trainers and user experience experts who may be less familiar with communicating with tool teams. From communication channels to best practices, this section supports facilitators with the basic skills needed to connect with tool teams and share relevant feedback. For more information, see Part IV: Communicating with Developers and Tool Teams in the guidebook.

Blogs

• Synthesizing and Prioritizing Feedback
• Communicating with Developers
• Github for Non-developers
• Communication Channels for Sharing Feedback

Activities

• Virtual “Ask Me Anything” with Developer
• Bug Reports
• GIFs as Feedback Method

Community-developed Resources

This section includes resources created by digital security trainers in the community who have experience incorporating feedback collection during trainings.

Blogs

• 10 Tips for Collecting Quality User Feedback from Grassroots HRDs, Activists, and Security Tool Users, written by Gole Andrew.
• A Very Short Story About Digital Security For Young Women, written by Juliana Harsianti.

Podcasts

• Making Easy Decisions: The Digital Security Checklist You can make easy decisions about digital security. Listen as Łukasz walks us through a helpful checklist to make simple decisions about the tools we decide to use. View the checklist at https://lukaszkrol.net/due_diligence/.

Find the transcript for this recording at https://usable.tools//pdfs/AXIS/AXIS_Lukasz.pdf/

Featured Resources for Feedback Collection