Applied User Research : how?

Bonjour @ei8fdb @belenbarrospena,

Like every developer, I can’t help it: I come up with solutions that are perfect in my head (of course!), such as Project Enough. The temptation is great for me to defend my vision and claim it is justified by my recent discovery of User Research and its benefits. But in reality I’m not sure how to apply User Research to this project.

My first impulse, after writing down this latest SecureDrop simplification is to revisit the output of the our first remote KJ Technique, looking for items that would make me question its validity.

I also thought it may be better to keep an open mind and just not try to mix the two. The project Enough is experimental, learning by doing, with a high risk of hitting a wall because the solution does not address an actual problem. The User Research is about building a mental model and trying to match it with a conceptual model too early may not give any meaningful results. Or worse… it could tempt me into tweaking the mental model to match the conceptual model.

Your advice on how to go about this would be very precious. I’m torn between my impulse to do things. And my desire to understand where this is going instead of bumping into walls like a headless chicken :wink:

You haven’t actually designed anything there. Nor will user feedback get you there.
What you have is a mental model that delineates security into tangible convenience.

What you could say is you have the other piece of the puzzle on how to do security. The problem then becomes regular security, and how it transgresses into extra security.

From my point of view, I don’t see how you see things tying together. It sounds functionally feasible and logical.

From what I can tell, a NC app is a good way to turn already existing infrastructure into something that leads to SD.

What did you have in mind for functionality, what are the different roles, what does it look like?

For the Nextcloud based part:

  • The source is given a URL and files uploaded via this URL end up in a folder
  • The journalist uses a Nextcloud account to browse, download and sort the documents
  • It looks like Nextcloud with a theme

UI improvements will then be done based on User Research and usability testing.

Your position is the position all designers find themselves in :slight_smile: torn between the time it takes to carry out research and make sense of its output, and the temptation to jump straight into solutions.

We should not think about user research and coming up with solutions as “either or”. In fact, they are both part of the same thing. That thing is called design.

What you are learning about SD users is already bearing on the new solutions you are coming up with, and playing with possible solutions is really the only way of fully understanding the problem. I know it sounds like a bit of a loop: that’s beause it is! Design is an iterative practice. So keep on doing both: play with solutions, and talk to users, and do both at the same time. Out of it all something will come. It might not be perfect, but it will definitely get progressively better.

I know this is not a very straightforward answer, but I hope it makes some sense! :slight_smile:


It does, thanks ! Maybe @ei8fdb has reservations about some of the ongoing actions items?

There are many axioms. One of which is perfect.

Arriving at one of them from any differently pointing other is a non-sequitur.
No amount of user feedback and iteration will make you arrive there.

We are at step 0, pointing broadly against a narrow goal somewhere.
You add a description of ingredients to get there.

I think what you have is not a misconception, and that my reply qualifies as user feedback.

Why is the theme important, what is wrong with Nextcloud.
Is there some esoteric reason, or is there a benefit to the user being fooled into thinking Nextcloud isn’t being used.

For most journalists, they are most often their own source.

Is this better than e-mailing yourself, using Dropbox, etc etc etc.

Can the whole enough project teach the journalist to use the extra, minus things that make it extra? Exactly that would be a goal, and both could be changed to facilitate it.

Can the enough project use an already existing Nextcloud instance, by being an app in it?

What I am getting at there is the media house might have NC already, so where is effort best spent, and how close does either get to the goal of being exactly the same?

Yes, that would work, I think. As long as the journalist has two things in addition:

  • A path to activate SecureDrop
  • A self assessment of the security concepts they need to understand to usefully protect sources with SecureDrop