SecureDrop intercept interviews questions


Intercept Interviews are designed to increase understanding and dialogue through a series of quick questions that take no more than 10 to 15 minutes of dialogue. More at

The interviewee is a SecureDrop user

Note: Adapted from Tails intercept interview guide


  • Who I am, what I am doing, and why I’m conducting the interview.

Getting the interviewee’s consent:

  • You can answer my questions to the extend that you feel comfortable and stop at any moment.
  • We want to keep this information publicly available for contributors of the project but in generic terms, removing personally identifiable information.

The user

  • Who are you? What do you do?

SecureDrop & you:

  • How did you come to be interested in SecureDrop and get started?
  • What is your level of expertise with SecureDrop ?
  • What do you use it for? How often?

Pros & cons:

  • What are the three things that you like the most in SecureDrop?
  • What are the three things that you dislike the most in SecureDrop?

Good bye:

  • Thank you!
  • Would you give us your email if you want to keep in touch for future questions or go deeper? Emails are stored encrypted and only accessible to the core contributors.
  • Do you know of anybody else using SecureDrop and that would be worth interview

The interviewee is a SecureDrop developer

Note: Adapted from TorDev Intercept Interview Questions

These questions are designed to be utilized for interviews that occur in the moment - chance meetings, introductions, etc. This guide does not always need to be referenced directly and with some practice it is possible for the general flow and key questions to be recalled by the interviewer.


The SecureDrop team and Open Source Design seek to better understand the SecureDrop development process, the context under which users employ SecureDrop and support greater engagement and understanding of user needs in the tool development process. Our objectives are to:

Find more intersections for developers/users to work together to make more robust tools. Increase the ability of developers to assess the needs of users and integrate those needs into the development process. Create a framework that can be used by developers to better understand the needs of users and design to address those needs.

The initial phase of research is focused on understanding the landscape of the space and the SecureDrop development process. We are spending time in conferences (IFF, International Journalism Festival etc.) to get to know more developers and understand what their priorities are when creating tools.


  • Opening engagement question about how they got involved?
  • Goal: establish rapport
  • How did you get involved in this meeting today?
  • Why are you here?
  • What are you hoping to accomplish while here?


  • Think of a SecureDrop user. Describe this person for us.
  • How do you engage with your users?
  • What interaction do you have with users?
  • What interaction would you like to have with your users?
  • What are the biggest barriers between you and your users?
  • What do you need in order to close that barrier?

Usability and Development Process

  • How does the user fit into your development process?
  • How does the usability of SecureDrop fit into your development process?
  • When you think about your target users, what is the relationship between SecureDrop being easy for them to navigate and SecureDrop being considered secure?
  • Where do you see the tradeoffs between usability and security?
  • When are those tradeoffs not worth it?
  • When are they worth it?
  • If someone came to you and said “here are a series of things you can do to increase the usability and usefulness of your tool among end-users,” what might your first reaction be?
  • How does the concept of usability fit into your definition of privacy and security?

Low Priority

  • What do you see as the primary difference between security and privacy? How do you define them? How are they related?
1 Like

@dachary and everyone

I’ve modified the Intercept interview to focus it on SecureDrop. Interview scripts are things that evolve, you never get “the ideal” script.

I’ve probably made some mistakes, so I’d like to get your thoughts and comments about the questions I’ve included, topics I’ve not included, the way I explain things. Please leave a comment here (it’s not possible to comment on the wiki).

I’ve given some background, and rationale, but if anything isn’t clear, just let me know, and I’ll try to explain.


1 Like

By “SecureDrop users,” are we referring to journalists using SecureDrop, or whistleblowers?


Hi @huertanix,

Good question: right now, I suggest focusing on SecureDrop journalist users, as opposed to whistleblower/sources.

I’ll make that clear in the user interview.

I expect that it’ll be easier to find journalists willing to talk to us. OpSec-wise it will be easier to conduct research with journalists rather than sources.

I would like to understand how sources use SecureDrop, however I expect this to take more time to establish trustworthy links with them.

1 Like

Sounds good! The questions overall look good. A thing that may also be worth checking for is making sure their idea of what SecureDrop is matches ours–some journalists have interchangeable terms for things, so if they might be calling a GlobalLeaks instance a secure drop, a Signal number for sources secure drop–we have a generic name that’s usually mentioned in the same space as other tools, so it sometimes get confused for other things.

1 Like


Yep already there - users “mental model” vs the system model (or also vs the developers mental model).

SD user interview script:
“In your own words, can you tell me what SecureDrop is?”

SD contributor interview script:
“In your own words, can you tell me what SecureDrop is?”

From these two points of view - we can see what the USERS mental model is and how it compares to the contrinutors mental model.