Security tools are vital to ensure at-risk users like human rights defenders and activists stay safe while doing their valuable work of activism and defending human rights. However, the usefulness of these tools depends on how usable they are to this at-risk community. Many feedback collection activities have been done to provide security tool developers with quality user feedback to ensure they develop these tools with the at-risk users in mind. Through USABLE, feedback is constantly being collected from at-risk communities around the security tools they use to stay safe. Feedback has been collected on security tools like Signal, VeraCrypt, KeepassXC, BitLocker, Tor Browser, and many others. Through conducting different digital security training and tool feedback sessions in East Africa since 2018, I have been able to interact with many grassroots communities and collect their feedback on key tools that they use. Grassroots communities in East Africa are particularly unique in that they face several challenges like poor internet connectivity, lack of electricity, and limited resources and equipment. These factors can greatly limit the adoption of certain security tools. Below, I share my 10 tips for collecting quality user feedback from at-risk grassroots communities.
1. Understand the community using a particular security tool.
It is important to understand the community you intend to collect feedback for. Not only does it enable you to plan accordingly, but it also gives you a clear picture of the needs of that community. This also makes it easy for you to focus on collecting feedback for specific tools used by that community based on their threat models.
2. Know which security tool is used most by grassroots communities and focus on collecting feedback for that tool.
Knowing the tool used by particular communities gives you the ability to make necessary arrangements on collecting feedback on specific features of that tool that is commonly used by the community. Tools like Tor Browser or VeraCrypt have many features and there may be some features that are more frequently used by particular communities. Once you know which tool and its specific features are used by grassroots communities, feedback collection for that tool becomes a little easier than going into a feedback collection activity without knowing which tool or feature is mostly used by that community.
3. Know which method of feedback collection works best for that community.
Due to different factors and working conditions of grassroots communities, not all methods of feedback collection work for them. Grassroots communities, in particular, have many challenging factors which limit you from using certain methods of collecting feedback. For example, using virtual feedback collection methods like sending questionnaires or using surveys to collect feedback from grassroots communities is not a very practical method due to factors like limited access to the internet or low bandwidth.
4. Understand the schedule and availability of the community to provide user feedback.
A lot of grassroots human rights defenders are constantly in the field working and doing a lot of travelling within their communities. If you intend to conduct tool feedback collection outside digital security training, you will need to make sure your schedule matches theirs to ensure the tool feedback collection activity is not getting in the way of their important work. Therefore, know which local events, training, or workshops bring these communities together and use it as an opportunity to organize a tool feedback collection. Liaise with event organizers to publicize your tool feedback collection activity and find a suitable location and time for you to collect the tool feedback during the event.
5. Understand the barriers which exist and have the potential to hinder the community from using a particular security tool.
Before introducing grassroots communities to a new tool for which you want to collect feedback, know which barriers exist and have the potential to hinder its adoption by them. This will save you from wasting a lot of valuable time collecting feedback for a tool which the community has no interest in adopting simply because it’s not useful to them – no matter how useful or usable that particular tool is to another community. Barriers like lack of proper devices and equipment (like good laptops or smartphones) play a big role in the adoption of certain tools because certain tools work best on particular devices with specific system requirements. Also, certain tools like VeraCrypt are a little bit technical and need a certain level of expertise which many grassroots communities do not have.
6. Understand the context in which grassroots communities work.
Different communities work under different contexts and knowing this beforehand enables the feedback collector to prepare in advance on what tools they will collect feedback for from that community. Likewise, grassroots communities also work in different contexts and it is particularly challenging to collect feedback if the feedback collector does not know their working context.
7. Prepare a checklist to act as a benchmark when collecting the user feedback.
The type of feedback that you will collect from grassroots communities during a feedback collection activity will vary from inferior to superior. Having a checklist will enable you to quickly rank feedback for particular features of a security tool and will ensure that you evaluate the feedback collection activity before and after the activity.
8. Categorize feedback collected and rank them by quality. Remember, even inferior feedback can be useful to tool developers.
Collecting feedback from grassroots communities is challenging in terms of the quality of feedback you will receive. This is because people from grassroots communities are new to the idea of tool feedback collection, often get excited, and end up providing all the feedback they have. Collect all this feedback and categorize them according to the quality but submit all to the developers because all that feedback could potentially be useful to tool developers.
9. If possible, have a virtual call with a tool developer during the feedback collection activity with grassroots participants.
Having a video call with a tool developer during a feedback collection activity makes a great difference and can be very motivating for grassroots participants and puts them in the mood to provide feedback for that tool. Many participants of tool feedback collection activities often are in disbelief that the feedback they provide will lead to improvement of the tool, but once they actually get to see and talk with the developer of that tool, they instantly get excited to provide the feedback because they know it will create an impact.
10. Virtually stay in touch with grassroots participants even after initial physical feedback collection activity.
Sometimes collecting feedback from grassroots communities needs constant connection with participants. This is because more valuable feedback can be collected even after the initial activity. Following up with participants through a phone call or WhatsApp chat gives you the opportunity to understand the challenges they have been facing while using the security tool. This method of virtual feedback collection is very efficient, fast, and easy and helps you to reach out to participants without interrupting much of their schedule.
In conclusion, collecting user feedback from grassroots communities is very interesting despite the challenges that come with it but as a feedback collector, you have to always be accommodative and dynamic, ready to make changes as you go about collecting the feedback. One thing you have to keep in mind at all times is that tool feedback collection is a new and constantly evolving activity and it gets easier every time.