-
Notifications
You must be signed in to change notification settings - Fork 685
SecureDrop Workstation User Stories
See this forum post for background on this page.
I want to download and decrypt a single submission, so that I can inspect it.
I want to view files in various formats (e.g., PDF, JPG, DOC, AVI), so that I can assess them.
I want to see whether there are unread submissions on SecureDrop, so I can inspect them if needed.
I want to download all unread submissions as a batch, so that I can quickly look at any documents that have not been triaged.
I want to download all submissions as a batch, so that I can clear the backlog in a single session.
I want to highlight submissions relevant to other journalists, so that I can effectively collaborate with them.
↑ Note: This is currently accomplished through “starring” submissions.
I want to communicate with sources, so that I can get clarifications or make requests.
I want to delete spam or garbage submissions, so that I can focus on real submissions.
I want to delete individual submissions that have been dealt with, so that I can minimize the risk of source exposure and keep the submissions queue manageable.
I want to delete entire sources that have been dealt with, for the same reason.
I want to search/filter by source codename so that I can find a source I am looking for.
I want to cycle my 2FA credentials in case I lose my phone or get a new one, so that I can continue to log in and prevent account compromise.
I want to change my password in case I need to upgrade an insecure legacy password to a diceware passphrase, or need to cycle the passphrase, for the same reason.
I want to cycle confusing codenames assigned to sources (e.g., “azithromycin”), so that I can more easily remember them.
↑ Note: While SecureDrop doesn’t offer document management, export or annotation tools, Tails comes with a number of tools (file manager, applications) which users are currently using to perform some of these tasks.
I want to export the redacted submission so that I can work on it on my regular computer.
I want to be notified on a device I use regularly if there is source or journalist activity so that I know I need to check my SecureDrop workstation.
↑ Note: Submission email notifications are in the works in the near-term.
I want to create a trusted PDF from a source PDF, so that I can transfer it to another computer (a trusted PDF being one that contains only the original text/image content and no extraneous embedded content or metadata).
*↑ Note: User research interview
AvatarJumboPickyCavortFeudFeeds
confirmed that this is important, and sometimes achieved with separate air-gapped Macs.
I want to securely redact parts of documents, so that I can work with them with other journalists without risking source exposure.
I want to securely redact metadata for the same reason.
I want to get fast software updates, so that I can make of new features when they are available, so that my software is maximally reliable, and so that my workstation is always maximally secure.
I want to see which submissions are being dealt with already by other journalists, so I can avoid duplicating work.
I want to see which journalists are working on which source documents, so that I can coordinate and follow up with specific journalists in my organization.
↑ Note: This is where we need the most user research to validate that these reflect real world needs.
I want to organize the submissions I am dealing with by recent activity, so that I can focus my attention on sources who have recently submitted or responded.
↑ Note: This was specifically referenced in one user interview.
I want to organize the submissions I am dealing with into queues such as “to do”, “in progress”, “rejected” so that I can manage my work effectively.
↑ Note: User research interview
AvatarJumboPickyCavortFeudFeeds
confirmed that maintaining a "rejected" pile could be useful.
I want to annotate the submissions I am dealing with so that I can more easily identify the contents, e.g., “Tax haven document dump - South America”.
I want to securely talk with the source and ≥1 other journalists in a single conversation, so that we can communicate and collaborate effectively.
↑ Note: User research interview
AvatarJumboPickyCavortFeudFeeds
suggested this may not be very important (inter-journalist comms more important). "[Communicating via] SecureDrop is very annoying because it is slow." But, normally only one journalist is communicating with a source at a given time.
I want to securely discuss source documents with other journalists, so that we can safely collaborate and prioritize our work.
↑ Note: User research interview
AvatarJumboPickyCavortFeudFeeds
suggested this is very important.
I want to securely regenerate text in images so that image-based metadata cannot identify my source.
↑ Note: This could be accomplished via open source OCR tools, but would also require tools to specifically mark up the images to be OCR’d. OCR quality will be highly variable depending on source document.
I want to safely compose notes for my story so that I can work on it with minimal risk of exposure.
↑ "I use LibreOffice in a VM."—user research interview
AvatarJumboPickyCavortFeudFeeds
.
I want to install or request new software packages so that I can read submissions in unusual formats that are not installed by default on my workstation.