Research guidelines

Now that we have started to do research with users, it would be good to draft some guidelines for how to handle and store the data we gather.

I have started a pad to collaborate on the guidelines

https://public.etherpad-mozilla.org/p/securedrop_userresearch

1 Like

@belenbarrospena these guidelines are great :100:. To be perfectly honest, I was a little surprised by all the preliminary precautions @ei8fdb took with interviewee at IFF. My (wrong) instinct would have been to jump right in and ask questions instead. I now understand it makes a subtle difference and builds trust. And I believe these guidelines also help in that sense.

It may seem a minor point but… maybe not. I still do not understand why or how people are a lot more talkative when @ei8fdb asks them question. And the interview I just transcribed is a remarkable example. I conducted the interview which lasted about 20 minutes total. Then @ei8fdb asked two more questions and it went on for another 10 minutes. Magic? I don’t think so. Combinations of tiny little things called experience: more likely :wink:

In other words: I think I understand why and how the proposed guidelines are a building block of a functional UX team, even though I’m unable to fully explain why. Thanks for drafting it!

Before taking a photograph, we cover all personal information.

Do you mean cover in the sense of hiding ?

Transcriptions and notes are kept for 3 years.

I think it would be great to keep them forever. Would that be a problem if we are careful to remove all personal information?

Non SecureDrop contributors may request access to the research data, but it is unlikely to be granted.

I would be inclined to remove this part and keep things simple. During IFF we told interviewees that they could decide after reading the transcript that they want it:

  • destroyed
  • only shared with the interviewer
  • only shared with the SecureDrop team
  • made public

If we introduce the idea that anyone can ask for the transcript, the distinction between the SecureDrop team and the general public becomes blurry, don’t you think?

Not to speak for @belenbarrospena, but I think that’s exactly what she meant. :wink:

I’ve updated it to “Before taking a photograph, we hide all personal information, to maintain privacy.”

I can’t see any negative reason for keeping anonymised information as long as its useful - that we learn something from it.

The question we need to keep asking ourselves is - “Is this data useful?”

If not, we should delete it.

How about:

“Transcriptions and notes are reviewed every year. If we feel we have nothing else to learn from them, we delete them. This is to preserve participant privacy.”

I’ve made a few changes - @belenbarrospena, @dachary, and anyone interested, can you review the latest:

https://public.etherpad-mozilla.org/p/securedrop_userresearch

Please critique. :slight_smile:

I think we should mention it in the Thursday standup to get wider comment from everyone.

1 Like

I think these are ready. Where should we publish them? The UX wiki?

This doesn’t mean they are set in stone: everybody can make comments and give feedback at any point, and we can just change them accordingly.

Just one small comment about keeping research data: personally, I have a strong preference for keeping only the minimum amount of data, and avoid the “hoarding” approach. I can sympathise with the inclination to keep everything, but the reality is that most of the time we do nothing with it. And it’s not that the research will go away if we delete the data: the analysis will always be there.

Having said that, I think the approach to review materials every year is reasonable, although it does mean someone needs to be responsible for actually reviewing and deleting! :slight_smile:

:+1: as well. IMHO the UX wiki is a good place to publish them.

During the long conversation we had on gitter with @ei8fdb, it occurred to me that ancient user research (including the raw material) is welcome when we need to reconsider a UX decision, to refresh our memory (or to discover the research because we did not participate).

The topic which made me realize how precious old research data is the mailbox metaphor. How did it come to be? Why was it decided to have a webmail like web interface for the journalist to collect and download submissions? Archaeological research says it was first introduced seven years ago:

commit 8b1b3580137a57c76f27a9c90101926255da2b5b
Author: Aaron Swartz 
Date:   Sat Jul 16 10:02:50 2011 -0400

    journalist view, replies

 crypto.py                                       |  4 +-
 journalist.py                                   | 59 ++++++++++++++++++++++
 journalist_templates/col.html                   | 22 ++++++++
 journalist_templates/index.html                 | 10 ++++
 journalist_templates/reply.html                 |  7 +++
 source.py                                       | 67 +++++++++++++++----------
 {templates => source_templates}/generate.html   |  6 +--
 source_templates/index.html                     |  9 ++++
 source_templates/lookup.html                    | 42 ++++++++++++++++
 {templates => source_templates}/lookup_get.html |  1 +
 store.py                                        | 12 +++++
 templates/index.html                            |  9 ----
 templates/lookup.html                           | 18 -------
 13 files changed, 209 insertions(+), 57 deletions(-)

But we don’t have records of the discussions, debates, pros/cons: we only have the conclusion which is the code itself.

I’ve published the guidelines in the UX wiki

https://lab.securedrop.club/main/ux/wikis/User-Research-Guidelines

2 Likes