summaryrefslogtreecommitdiffstats
path: root/wiki/src/blueprint/personas.mdwn
blob: 45db411581aaf7c212fd0dc44907460984ce831d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
[[!meta title="Personas"]]

[[!toc levels=3]]

# Big picture

This is about [[!tails_ticket 11162]].

# External resources about personas

  - General
    - [Personas on usability.gov](http://www.usability.gov/how-to-and-tools/methods/personas.html)
    - [Focus on the Job, Not the Customer](https://blog.intercom.com/when-personas-fail-you/)
    - [User Profile Randomizer](https://github.com/seamustuohy/user_profile_randomizer)
    - [Describing personas](https://medium.com/@indiyoung/describing-personas-af992e3fc527)
  - Privacy and security
    - [Gus Andrew's User Personas for Privacy and Security](https://medium.com/@gusandrews/user-personas-for-privacy-and-security-a8b35ae5a63b#.8lyxpkom4)
    - [AccessNow's A First Look at Digital Security](https://www.accessnow.org/a-first-look-at-digital-security/)
      is formatted a bit like personas.
    - [Developing Personas from the Internet Freedom Needfinding Framework](http://internetfreedom.secondmuse.com/framework-elements/developing-personas/)
    - [USABLE.tools](https://usable.tools/personas/)
    - [Waxing Poetic with SwiftOnSecurity](https://swiftonsecurity.tumblr.com/post/98675308034/a-story-about-jessica)
  - Accessibility and inclusion
    - [Designing for the extremes (or why your average user doesn’t exist)](https://sugoru.com/2013/07/14/designing-for-the-extremes/)
    - [Personas for Accessible UX](https://www.slideshare.net/whitneyq/personas-for-accessible-ux)
    - [Inclusive Design at Microsoft](https://www.microsoft.com/en-us/design/inclusive)

# Data sources

- [*Mozilla*: 10 Fascinating Things We Learned When We Asked The World ‘How
  Connected Are You?’](https://blog.mozilla.org/blog/2017/11/01/10-fascinating-things-we-learned-when-we-asked-the-world-how-connected-are-you/).

- [*Kevin Gallagher & Nasir Memon*, New Me: Understanding Expert and
  Non-Expert Perceptions and Usage of the Tor Anonymity
  Network](https://www.usenix.org/system/files/conference/soups2017/soups2017-gallagher.pdf):
  has some interesting insights on the mental model of Tor for
  non-expert users.

- [*Ruogu Kang et al.*, “My Data Just Goes Everywhere:” User Mental
  Models of the Internet and  Implications for Privacy and
  Security](https://www.usenix.org/system/files/conference/soups2015/soups15-paper-kang.pdf).

- [*Rick Wash & Emilee Rader*, Too Much Knowledge? Security Beliefs and
  Protective Behaviors Among United States Internet
  Users](http://www.rickwash.com/papers/security-survey.pdf): studies a
  large representative sample of United States Internet users about
  different causal beliefs related to computer security, and about the
  actions they regularly undertake to protect their computers.

- [*Javier Garza Ramos*, Journalist Security in the Digital
  World](http://www.cima.ned.org/wp-content/uploads/2016/03/CIMA-Journalist-Digital-Tools-03-01-15.pdf)
  is a survey of 154 journalists worldwide on their digital security
  practices.

- [Jennifer R. Henrichsen](https://www.asc.upenn.edu/people/jennifer-r-henrichsen) is
  doing a research with journalists and digital security trainers to
  shed light on journalists' perceptions toward digital security
  technologies, including motivations to adopt and barriers to adoption.
  In March 2017, the results of her research were not published yet.

- [EFF: Privacy By Practice, Not Just By Policy: A System Administrator
  Advocating for Student Privacy](https://www.eff.org/deeplinks/2017/03/privacy-practice-not-just-policy-system-administrator-advocating-student-privacy)
  is an interesting story about the use of Chromebooks in schools and
  the internal resistance about its threat to privacy.

- [Tails-project: Regarding USB sticks for domestic violence
  survivors](https://mailman.boum.org/pipermail/tails-project/2017-March/000757.html)

# Collective brainstorming in August 2016

Use cases:

- A small group of English-speaking journalists use Tails to analyze an
  archive of leaked documents and prepare articles about them.

- A well-established music teacher uses Tails to bypass the software and
  network limitations on his professional laptop.

- Someone living in a controlled housing uses Tails to avoid having all
  his Internet browsing monitored by the staff.

- A political scientist in Egypt uses Tails to send his findings to
  Germany while avoiding State surveillance.

- A woman who lives with someone abusing her uses Tails to communicate
  stealthily and without living traces on the home computer.

- A political activist uses Tails to coordinate with their affinity
  group and organize a demonstration.

- A person suffering from cancer uses Tails to learn about their disease
  while avoiding their employer learning about their condition.

- A group of people preparing a plea for defending activists in court
  uses Tails to prepare the plea and store the documents in a safe
  place.

- A free software contributor uses Tails to translate the security tools
  used by their community into Bahasa Indonesia.

- A whistle-blower uses Tails to store and edit to-be-leaked documents
  securely.

- A lawyer uses Tails to communicate with their client in a secure and
  anonymous fashion.

- A Tails developer uses Tails to develop Tails and understand better
  the struggling of users.

- A university student uses Tails to publish publicly-funded but
  copyrighted scientific papers online.

- Union workers use Tails to coordinate about labor struggle over their
  company's network.

- A Russian tourist uses Tails to access their online bank account
  without getting their credential stolen.

- A nomadic person with no personal laptop uses Tails to carry the same
  computing environment and personal documents around.

- A abuse contact uses Tails in order to communicate with survivors
  contacting them.

- A person without their own Internet access uses Tails to use an
  uncensored Internet.

- A teenager uses Tails to escape parental control filter.

- A group of people use Tails to write a book together and publish it.

- A scientist uses Tails to report and transcribe interviews while
  preserving the personal identifying information of the interviewees.

- Webmasters of a cop-watching website use Tails to reduce their chance
  of being caught while reporting on police violence.

- A photographer uses Tails to store and work on pictures before
  publication.

- A person without the need for a big storage uses Tails as their main
  operating system to have more privacy.

<a id="2017-08"></a>

# Collective process from August 2017

Summary of a 2 hours session we did with 12 core contributors.

This process is inspired by the workshop described in _The Essential
Persona Lifecycle_ by Tamara Adlin and John Pruitt, Chapter 4 *Persona
conception and gestation*.

- General explanation of what personas are and why they are useful (15')

- Everybody prepares, in silent, sticky notes describing a user and their goal. (15')

  For example:

  - "*Women that go through domestic violence and wants to escape from that.*"
  - "*Webmasters of a sensitive website that wants to hack on it.*"

- All together we assimilate these sticky notes and the ones identified
  in August 2016 by *types of users*. (30')

  We start with predefined categories based on last year's output and
  adding new ones or splitting existing ones as needed. There should be
  no more than 10 stick notes per category.

  - Predefined categories:
    - Activist
    - Censorship evader
    - Contributor
    - Darknet customer
    - Information freedom fighter
    - Nomadic
    - Privacy geek
    - Surveilled at home

  - Final categories:
    - Activist
    - Censorship evader
    - Contributor
    - Darknet customer
    - Evil people
    - Information freedom fighter
    - Journalist or researcher
    - Law enforcement
    - Nomadic
    - People helping others in shit
    - People we don't want to help
    - Privacy geek
    - Sensitive content creator
    - Surveilled at home
    - Surveilled at work

- The facilitator takes pictures of the resulting assimilation and
  removes the user categories.

- All together we assimilate again the same stick notes and group them
  by *user goals* (45').

  User goals are short sentences starting with "*I want...*" or "*I need...*".
  There should be no more than 10 stick notes per category. Sticky notes
  that fit in more than one goal can be duplicated.

- All together we summarize these goals by identifying main goals and
  subgoals. (10')

  - Final goals:

    A.  I want to hide personally identifying information or sensitive information about myself
      - I want to keep content & information secret from my government
      - I want to keep information secret from my family and close people
      - I want to access sensitive information stealthily
      - I want to hide my identity
      - I want to hide my location and identity
      - I want to hide my location
      - I don't want to raise suspicion

    B.  I want to communicate and collaborate securely
      - I want to communicate securely with known peers
      - I want to communicate securely with unknown peers
      - I want to communicate with others who are under surveillance
      - We want to share and work on documents privately

    C.  I want to store information safely
      - I need to safely store my data
      - I want to edit or anonymize my data

    D.  I want to leave no trace on the computer
      - I need to use a computer that is not mine

    E.  I want information to be free
      - I want to access censored information online
      - I want to publish sensitive information

    F. I want to avoid corporate & governmental information gathering on my data
      - I want to understand people using Tails
      - I just want more privacy

# Skeletons

After this collective session, the core team working on the personas (3
people) started preparing skeletons, rough descriptions of each persona,
based on the main goals identified earlier. Each persona is primarily
focused on a single main goal but also corresponds to some subgoals of
other categories.

On top of demographics, background, and technical skills information,
our framework includes holistic security and threat modeling information
(based on the [Personas Framework for Internet
Freedom](http://internetfreedom.secondmuse.com/framework-elements/developing-personas/)
developed by SecondMuse):

  1. Name (genderneutral)
  2. Occupation
  3. Background
  4. Motivations
  5. Challenges and threats
  6. Communications
  7. Goals
  8. Use cases
  9. Definition of security
  10. Key Technologies used regularly
    a. Features used in Tails
    b. Features used outside of Tails
  11. Threat perception
  12. Security precautions

## Kim

- **Occupation**

- **Background**

  - Kim is a gay youth from Nigeria that has been institutionalized.
  - Kim has been abused at home.
  - Kim is using a shared a computer.

- **Motivations**

  - Kim is searching for help and support groups online and also tries
    to find solidarity.
  - Kim wants to feel normal.
  - Kim wants to avoid surveillance from mentors in the institution they
    lives in.
  - Kim does not want to leave traces on the shared computer and prefers
    to hide their identity by accessing information stealthily.

- **Challenges and threats**:

  - The computer room is crowded
  - Can't meet with support groups openly and has to do it online
  - Surveillance from mentors
  - Time is limited
  - Fear of previous abusers
  - Worried about saving information safely
  - Needs to know keyboard shortcuts for switching applications in case
    somebody walks behind them
  - Needs safe storage for email addresses and nicknames
  - Needs access to books online
  - Needs to use a pseudonym
  - Needs a stealth or dedicated email address
  - Needs to store data in the cloud or an encrypted device in case Kim
    gets searched

- **Communications**

  - Support groups online: forums, websites
  - Known peers: chat, email
  - Unknown peers: chat, email, forums
  - Psychologist online: forums, websites

- **Goals**

  A.  I want to hide personally identifying information or sensitive information about myself
    - I want to keep content & information secret from my government
    - I want to keep information secret from my family and close people
    - I want to access sensitive information stealthily
    - I want to hide my identity
    - I want to hide my location and identity
    - I want to hide my location
    - I don't want to raise suspicion

  B.  I want to communicate and collaborate securely
    - I want to communicate securely with known peers
    - I want to communicate securely with unknown peers

  D.  I want to leave no trace on the computer
    - I need to use a computer that is not mine

  E.  I want information to be free
    - I want to access censored information online

- **Use cases**

- **Definition of security**

- **Key technologies used regularly**

  a. Features used in Tails

  b. Features used outside of Tails

- **Threat perception**

- **Security precautions**

## Alex

- **Occupation**

  - Alex is an investigative journalist doing high stake reporting on
    the government, and in particular some members of the government who
    are involved in corruption, drug and human trafficking.

- **Background**

  - Alex lives in Mexico and reports on the mafia and drug related
    corruption of politicians.
  - Alex is visiting the country to interview locals and needs to get
    out of the country with the collected information and media safely.
  - Alex needs to communicate with journalistic partners and sources and
    to protect these communications as well as the identity of Alex'
    interview partners.
  - Alex needs to store and edit the collected information safely. They
    also need to keep metadata in order to prove the evidence.
    Furthermore they also need to send big videos files over the
    Internet for somebody else to edit it.

- **Motivations**

  - Publish information about corrupted politicians and harm they did.
  - Turn public opinion against these people.

- **Challenges**

  - Access information
  - Publish under pseudonyms
  - Hide their location and identity
  - Stealth research by visiting journalists
  - Bring information outside of the country

- **Communications**

- **Goals**

  A.  I want to hide personally identifying information or sensitive information about myself
    - I want to keep content & information secret from my government
    - I want to access sensitive information stealthily
    - I want to hide my identity
    - I don't want to raise suspicion

  B.  I want to communicate and collaborate securely
    - I want to communicate securely with known peers
    - I want to communicate securely with unknown peers
    - I want to communicate with others who are under surveillance
    - We want to share and work on documents privately

  C.  I want to store information safely
    - I need to safely store my data
    - I want to edit or anonymize my data

  E.  I want information to be free
    - I want to publish sensitive information

- **Use cases**

- **Definition of security**

- **Key technologies used regularly**

  a. Features used in Tails

  b. Features used outside of Tails

- **Threat perception**

- **Security precautions**

## Riou

- **Occupation**

  Riou is a student in Hong Kong, who participates in the Umbrella
  movement.

- **Background**

  - Riou organizes a public massive protest against new government
    policies and laws. The organizers need to be stealthy and anonymous,
    but the protest needs to be public and advertised. The organizers
    need to send out strategic information to the press and to the
    public so that citizens actually know where to show up. In order to
    publish this information they use websites which are not in the
    country, so that the government cannot censor this information.

  - During the protest they leave their phones at home. They are doing
    most of their communication beforehand. Although they take photos
    and videos of the protests and try to publish this information on
    websites which are censored within the country. They got to get it
    online as soon as it's produced on social media and they also want
    to stream the protest and speeches. They might want to do that on
    devices that are not theirs, so that they can hide their involvement
    in the organization of this protest.

- **Motivations**

- **Challenges**

  - Use networks
  - Access information online
  - Use applications that the government is not monitoring
  - Use mesh applications

- **Communications**

  - Local group chat
  - Encrypted emails

- **Goals**

  A.  I want to hide personally identifying information or sensitive information about myself
    - I want to keep content & information secret from my government
    - I want to hide my identity
    - I want to hide my location
    - I don't want to raise suspicion

  B.  I want to communicate and collaborate securely
    - I want to communicate securely with known peers

  E.  I want information to be free
    - I want to access censored information online
    - I want to publish sensitive information

- **Use cases**

- **Definition of security**

- **Key technologies used regularly**

  a. Features used in Tails

  b. Features used outside of Tails

- **Threat perception**

- **Security precautions**

Next steps
==========

1. Create tickets for the following steps [[!tails_ticket 14525]]
1. Draft "*Privacy geek*" skeleton
1. Check back yellow post-it notes
1. Refine good enough draft skeletons
  - Link to actual stories or research if we have it
1. Ask for comments on tails-project@boum.org
1. Ask the project to prioritize the 4 skeletons according to different dimensions
1. Write 1st version of foundation document:
  - Find images (photos or drawings) for the personas
  - Consider using 2 images per persona so that we have a
    genderneutral persona
  - Reference data
1. Prepare summary for developers:
  - Two A4 pages per persona?
  - Have a detailed version and a condensed version?