We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

File sharing & storage for human rights organizations

00:00

Formal Metadata

Title
File sharing & storage for human rights organizations
Subtitle
A design research case study
Title of Series
Number of Parts
490
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
33
35
Thumbnail
23:38
52
Thumbnail
30:38
53
Thumbnail
16:18
65
71
Thumbnail
14:24
72
Thumbnail
18:02
75
Thumbnail
19:35
101
Thumbnail
12:59
106
123
Thumbnail
25:58
146
Thumbnail
47:36
157
Thumbnail
51:32
166
172
Thumbnail
22:49
182
Thumbnail
25:44
186
Thumbnail
40:18
190
195
225
Thumbnail
23:41
273
281
284
Thumbnail
09:08
285
289
Thumbnail
26:03
290
297
Thumbnail
19:29
328
Thumbnail
24:11
379
Thumbnail
20:10
385
Thumbnail
28:37
393
Thumbnail
09:10
430
438
Designwissenschaft <Informatik>Observational studyMIDITime zoneAuthorizationSoftware developerUsabilityBuildingLecture/ConferenceMeeting/Interview
Information securityProjective planeRight angleData storage deviceSelf-organizationInformation privacyMoment (mathematics)Open setFundamental theorem of algebraFilesharing-SystemLecture/ConferenceMeeting/Interview
Term (mathematics)Projective planeFitness functionChannel capacityLogicInformation securityShared memoryPhase transitionProcess (computing)File systemDifferent (Kate Ryan album)Moment (mathematics)MereologySelf-organizationMultiplication signSoftware testingRight angleLink (knot theory)ArmTask (computing)Representation (politics)Computer programmingComputer fileData storage deviceInheritance (object-oriented programming)Total S.A.Archaeological field surveySensitivity analysisDialectCollaborationismGroup actionUniform resource locatorSeries (mathematics)Digital photographyBitGraphical user interfaceObservational studyCASE <Informatik>Identity managementUsabilityRow (database)FamilyInternetworkingTrailEndliche ModelltheorieMathematical singularityStaff (military)Order (biology)Open sourceSpacetime2 (number)Direction (geometry)Selectivity (electronic)Filesharing-SystemLecture/ConferenceMeeting/Interview
Phase transitionData storage deviceFile systemSelf-organizationRight angleMultiplication signDifferent (Kate Ryan album)View (database)CASE <Informatik>Shape (magazine)Form (programming)Lecture/Conference
Computer fileInformation securityCollaborationismUsabilityInformation privacyAxiom of choiceDifferent (Kate Ryan album)Computer fileEmailSelf-organizationIntercept theoremInformation privacyAxiom of choiceLaptopInformation securityDivisorRight angleMereologyEndliche ModelltheorieLatent heatFreewareBitData storage deviceStress (mechanics)1 (number)Office suiteProcess (computing)Touch typingArithmetic meanPhase transitionFitness functionComputer animation
Axiom of choiceRight angleSelf-organizationCollaborationismComputer fileCASE <Informatik>MereologySoftwareMultiplication signRegulator geneAdditionComputer animation
Computer filePersonal digital assistantCollaborationismFocus (optics)UsabilityRevision controlCollaborationismCASE <Informatik>Shared memoryRevision controlReal-time operating systemUsabilityProjective planeDataflowComputer animation
CollaborationismUsabilityPhase transitionPhase transition2 (number)CollaborationismShared memoryMereologyRevision controlObservational studyUsabilityComputer fileContext awarenessView (database)TrailMathematicsComputer animation
Revision controlControl flowPairwise comparisonAsynchronous Transfer ModeRevision controlObservational studyView (database)Computer fileMathematicsUsabilityTrailMereologyGradientGoodness of fitSelf-organizationUser interfaceData storage deviceFilesharing-SystemSoftware testingFile systemComputer animation
Computer fileSynchronizationMereologySoftware testingFilesharing-SystemInterface (computing)Real numberRight angleSelf-organizationComputer-assisted translationCoefficient of determinationMenu (computing)Shared memoryTask (computing)Computer animation
MaizeCodeGroup actionSynchronizationShared memoryTask (computing)CodeDot productLevel (video gaming)SynchronizationMathematicsSingle-precision floating-point formatDirection (geometry)Closed setCASE <Informatik>Computer animation
SynchronizationCASE <Informatik>MathematicsMereologyShared memoryComputer animation
Revision controlControl flowSoftware testingUser interfaceComputer fileProcess (computing)Commitment schemeSoftware testingSelf-organizationInformationMathematicsRevision controlAreaScheduling (computing)MereologyRight angleShared memoryInterface (computing)Computer animation
Ideal (ethics)InternetworkingSpacetimeMultiplication signProjective planeBitOrder (biology)Right angleBuildingSoftware developerComputer animation
Multiplication signPlanningRight angleProjective planeExpected valueExpert systemCommitment schemeSelf-organizationInternetworkingTheory of relativityLattice (order)FreewareComputer animation
Web pageInformationInformation privacySelf-organizationProjective planeTouchscreenLimit (category theory)Software frameworkMultiplication signBand matrixField (computer science)Connected spaceEndliche ModelltheorieSoftware testingMaxima and minimaRight angleDesign by contractReal numberDrop (liquid)Point (geometry)Slide ruleDisk read-and-write headComputer animation
Open sourceSoftware developerFile formatSelf-organizationFeedbackProjective planeSoftware testingDependent and independent variablesWordMereologyCASE <Informatik>Multiplication signRight angleOpen setVariety (linguistics)WebsiteRule of inferenceShared memoryVapor barrierMathematicsPoint (geometry)Block (periodic table)Degree (graph theory)Different (Kate Ryan album)SpacetimeArithmetic meanNeuroinformatikServer (computing)BlogProcess (computing)EmailGroup actionService (economics)Statement (computer science)Physical systemPlanningGraphics tabletChannel capacityFile systemSoftwareCryptographyElectronic mailing listQuicksortContext awarenessComputer animation
Open sourcePoint cloudFacebookOpen set
Transcript: English(auto-generated)
Welcome, everyone. I am Abigail Garner, and joining me is Alon Barr. We are with Least Authority, based in Berlin. We have a team that is across 19 time zones. Least Authority
is committed to building and supporting the development of—I'm not mic'd. The mic is for the live, but I'll speak up. Least Authority is committed to building and supporting
the development of usable technology solutions and ethical business practices—one moment—and ethical business practices that support the privacy as a fundamental human right and secure
solutions for everyone. So this project is supported by Open Technology Fund, and it is looking at file sharing and storage for human rights organizations. We're looking
to make this process more secure for human rights organizations. This is using Tahoe
LAFs, a secure file system that is open source. Also, the tools being used for this integrated with Tahoe LAFs are GridSync, Magic Folders, and Magic Wormhole. We'll have links to those at the end. The four partner organizations that are human rights organizations that's
been really key to our research are based in Mexico, Nigeria, India, and Argentina. We work with them throughout this process. It's going to be about 18 months in total.
It was important for us, and our criteria is to look at organizations that had a human rights track record. They also had expressed a need for secure file storage and sharing, and that they also had the capacity in terms of time and staff to participate in a long-term project. And finally, we wanted to make sure that it had the global diversity to
represent different regions. So why human rights organizations? When we focus on human rights organizations, we're looking at groups that have very sensitive data—things that have identities, even if it's not names. It may be people in locations or experiences
that really tie that data to a particular person. And we're talking about things like witness testimonies, films, photos, so a lot of things that would be high risk if they were found. Also, if they were found by people that should not be seeing them. Also, in terms of
the threat model, their risks are very high. We're talking about things like harm to your body or threats to yourself or your family members and situations like detention or interrogation. Also, these organizations, because they're doing such
work that is pressing and often under stressful situations, they have limited resource and time to learn new tools. So if we can make these tools more usable for them, they're more likely to adopt them. And then we also, as we make them more usable for human rights organizations,
we're making them more usable for everyone. And finally, this is aligned with least authorities' mission to participate within the internet freedom space and human rights.
Thanks, Abigail. I hope I'll speak loud and clear enough for everyone to hear me also in the back. Okay, thanks. So what did we want to learn as part of the research that we did for this project? So we did the research as part of two phases, and I'll tell you about both phases. So in the first phase, the goal for the research was to find out what the file sharing, what the file storage
needs are of human rights organizations. So we did that research by first selecting human rights organizations, and Abigail spoke to that just a second ago. And then we shared a survey with them that they filled out to explain what they're doing at the moment when they want to share files or store files. And we followed up with foundational interviews, basically where we had
a chance to talk to them more in depth about the things that they filled out in the survey. That was the first phase. In the first phase, we discovered that the sharing use case was the one that we probably wanted to focus on for the remainder of the project. And I'll tell you a little bit more about how we came to that, but just to share what the second phase then looked like. And the second phase we're actually still in, but the research that we've
done so far basically focused on first describing those file usage as file storage or file sharing needs of human rights organizations a bit more in depth, and also focusing more on collaboration. And secondly, to do a usability study of one of the open source tools that we work with that Abigail mentioned, GridSync. And GridSync is the graphical user interface
of Tahoe Labs. So we did more foundational interviews with these organizations and an additional organization. And then we did a moderated usability test, which means that we had the organizations and the people that we tested with run through some tasks using GridSync so
that we can see how usable the program is at the moment. Is it actually something that they can work with? Is it easy to use? Etc. So what did we learn as part of this research? In the first phase, as I mentioned, we did mostly needs finding, and we won't have time to share everything that we learned, so we'll just share some highlights. We learned that organizations have different file storage and sharing needs. Well, this may sound self-evident, but it's not
as self-evident as it may seem. And it's important for us to keep that in mind because human rights organizations come in many shapes, forms, colors, and everything. They do many different things. They have different use cases, and that means that there's also generally not a one-size-fits-all for the work that they do. One thing that was interesting in that sense is
that we learned about the different ways that they choose the tools that they work with. There are many different factors that fed into this choice. And so, for example, when human rights organizations choose a tool to work with, security practices matter and security threats that they face. Abgeld talked about the threat modeling that they need to do to understand what
kind of threats they're facing, from whom, etc. And that also leads to different kind of security practices. So some organizations may fear that their laptops will be stolen from their office, and instead they put things in the safe. Or they might fear that their laptops will get stolen when they go into the street because they might get mugged, and so they don't take their laptops into the street. Or they might fear surveillance of their digital equipment, so they might fear
that if they send an email that there will be something intercepted. And it also changes the kind of tools that they choose. Other factors that contribute to this choice of tools are the file size of a particular thing that they want to share. Does it fit into an email or not? Do they need to share through some different means, like WeTransfer or Dropbox? Whether they need to
collaborate with other organizations as part of it? How easy specific tools to use? The privacy features of particular tools or the reputation that they have? Whether a tool costs or whether it's free or how much it will cost? And lastly, the choice of the partners that they work with.
I'll tell you a little bit about that one now. So the partners of human rights organizations, so the other organizations human rights organizations work with, they have a large role to play when organizations choose what tools they can use. Human rights organizations tend to not work in isolation. They're usually part of networks.
They collaborate. They do campaigns together. They do research together. And that leads to the fact that when they use a tool, they often look through their partners to understand what tools the partners are using, and when they have a sense for what tools the partners are using, they might affect the tools that they can choose. Or vice versa, when they think, oh, we want to use this tool, then they consider, well, actually, I'm not
sure if this partner organization could work with that or would work with that, so we might need to reconsider. And also some organizations actively give advice to other organizations for what tools to use. So there was an interesting thing for us to find out about how these partner organizations or these human rights organizations play such a key role. Another thing we learned is that collaboration is really an important use case. So oftentimes
it's not about extending a file to another party. It is often about working together in specific documents. So that was really a thing that struck us as part of this research. So some of the recommendations that we came out of this research with were that we wanted to focus on the collaboration and sharing use cases. And we figured, well, within the scope
of what we can do within this project, we can't go to, let's say, real-time editing together, but we can do asynchronous editing, and we can look at things like version control, which really matter when you collaborate together on something. We thought we can figure that we can also improve the sharing workflow of the tools that we work with, and overall
improve the ease of use of the tools. So the second phase of research, we decided to focus on sharing collaboration and also to do this usability study that we mentioned before. So just one thing that we wanted to
highlight from this version control finding that we learned as part of this second phase is that version control is especially important when collaborating. So when people are working by themselves in a particular file, being able to go into earlier versions, et cetera, seems to be less critical as when people are working together on the file. We identified four needs in that context. One is the need to be able to restore earlier
versions of a document or a file or to view earlier versions. Two would be to view track changes. Three would be to see when changes were made. And four to see who has made changes. I also want to share just a few highlights from the usability study that
we did with GridSync. This is the user interface of GridSync, so this is the file storage and file sharing tool that we use with Tahoe Labs. So we asked the organization that we worked with as part of the test to see if they can share this real cat folder with a recipient. Just wanted to ask people in the audience, how would you do that? If you see this interface and you want to share the real cat folder, what would you do? Any idea? Sorry.
You would drag and drop? Okay. Right click on folder? Sorry? Okay, so right click on folder or on the three dot menu? So, sorry.
Click on the white? Okay. On the invite, you said. Yes, gotcha. So, we learned that when we asked this question that this was actually not something that was very intuitive to people. And so this important task that we had for people to share something with
others seemed not to be as easy as it should be. So basically the way it works now is that people can indeed click on invites and then click on create invite code. Or they can indeed right click or click on the three dots and then choose sync with device and create invite code. But even if people reach that stage, it wasn't necessarily clear to them
that yes, this is the path for them to follow. This is the most effective way and yes, now they're certain that they're doing the thing that they're seeking to do. Something that did work well as part of the research that people seem to understand that this sharing use case was something where people sync a folder together. So it's not something that you share in one direction, but once you share something with another person,
then the other person can also make changes to that folder and also then what happens with that folder on your own device. So some of the recommendations we came out of this research with is to focus on version control on previous versions, when changes were made, who made changes, to improve things in a sharing workflow to make sure that the user intent is reflected in the way people can access the interface and also provide more guidance in
some areas. And also we actually need to do more user testing as part of the outcomes on particular aspects of this. I will hand it over to Abigail. Since a key part of this research has been working with our partner organizations,
we wanted to share some information we'd like to pass on if you're thinking about working human rights organizations in this situation. We had about four months scheduled to find these four partners that would commit with us for this project. And we underestimated how much
time we would need for that. It took us about seven months. And that has to do with some suspicion around what we're doing, building that trust. And some of the no's that we heard were because they actually had bad experiences with other development projects. So there's also some learning to happen there. And we ended up, we've now extended our project a bit in order
to do that. But the way that we did our outreach was we went to the internet freedom space and the human rights space, introduced people, got introduced to people, and then they introduced us to people. But that took quite a while, longer than we anticipated. It's really important that we compensate these individuals as the professionals and the experts
that they are. So keep that in mind. They're not going to do this work for free. They already have enough on their plate. So make sure that you work that into your budget and be upfront with them about what incentives you can offer so that you're really not wasting their time if it's not going to work in their plan. What we were able to do with this project is invite
them to meet us in person at a conference that they would be attending anyway. So Internet Freedom Festival or Rights Con, they would be there and we would cover their travel expenses and their hotel and other related expenses in exchange for two to four hours of meeting with us during that time. Defining the expectation, making the clear expectations and commitment
really helps the organizations get a sense of what you're asking for, that there are no surprises. So we developed a memorandum of understanding, an MOU, that really told them which activities we were doing, how many hours each of them would take. The maximum time over
this project is 32 hours. And we also made it clear that this was a non-binding agreement, not even a contract. That was important because of the suspicion that they may somehow be legally liable for something along the way or if they need to drop out at some point, they can do that
without consequences. We faced challenges with low bandwidth and other connectivity limitations. We did some of our user testing remotely and there were specific challenges to that. One of them, of course, is when they're sharing their screen with us, we can't see their faces. So
they would talk through what they're doing and we could glean from that and from what was on the screen. But those problems that come up that you kind of work through, you see how they work around them and it informs our work more, on a positive note, it informs our work
in being aware of the real challenges and circumstances that human rights organizations are dealing with in the field. And finally, to be aware that their threat modeling may not fit your framework of what is safe and what is private. So keep that in mind every time you
include them in discussing your project, whatever it is, check back with them. It also, that builds trust and it also keeps them engaged with the project because, for example, they know where it falls down and each one of these organizations consented to have their names in the slides with the understanding that that would also be online. So we continue to do that in every
time that we mention them. So don't presume that it's okay with them until you've checked. Right now, we have discussed our findings with our team, including the developers, and that is currently underway for making those changes. And then we will go back to the organizations
again and do more user testing. At that point, we will work with them in deployment and that will inform how we do documentation for broader deployment in the future. And those are
the tools, the open source tools that we're using, as well as our website and a blog post specifically about this project. What questions are there? What file storage and sharing tools
that they use? A wide variety for different purposes. And so in some cases, they're just
sending an email. In some cases, they make sure that they're sending encrypted email. There are other situations where they don't even want it to be anywhere except on their computer and the other person's computer. And so they are walking a USB to that other organization.
I mean, because so many of these organizations work with others. And then depending on Google Drive is a big one and also very popular because their partners are also working. And so if they need it, they see it as someone said, we just need to get the work done. And so
sometimes assessing safety over convenience, that's constantly the dance for them. What else? Does that come? CryptPads. Yeah. CryptPad was a big one for... But one of the
feedback about that is the formatting is not there the way they'd like it in collaboration. NextCloud. Yeah. I'm sorry. Say again. How many people are using our tool right now?
With the human rights organizations? They have not deployed it yet. So they've just participated in the user testing so far. What was their feedback?
The feedback on GridSync and what we showed them there? Yeah. So many of them said that, well, this is actually something that worked quite easily. And yes, we can work with this. And at the same time, as we did the test, that was not always as evident, right? So this is
part of the lesson that organizations or people, when they use something and they go through motions and they've learned how it works and okay, yes, I can use this. This is fine. This is workable. But at the same time, to get to that process, actually, there are a lot of stumbling blocks. And so there are all sorts of things that we learned from there that, oh, actually, this is not so self-evident or this is not as clear as it should be for people to use it
without any barrier. Any other questions? So as part of the agreement that we have with
these organizations, they've agreed that if they want to, that they can deploy the tool that we will offer them. And so that is something that we're looking forward to do in the next few months. And so we have to see exactly how that will be, if there's something that they can work with, if they also have the facilities to work with that,
server space and all these kind of things. But generally, there is a willingness and interest to use that, yes. Any other questions? Please. How it works technically on the
hosting side? So as part of this particular project, it seems like we will not provide
the hosting ourselves, but that we will help them with organizing, hosting for themselves so that they can actually use their own servers for that. So some of these organizations use their own servers and they're used to using their own servers, so we can help them deploy Talon Labs in such a context. We had a statement of what we were doing
that improved the more we learned when we heard people's resistance or misunderstanding of what we were trying to do. So we had a statement of that plan, and then we distributed that to various mailing lists and through other people's personal networks. That's how that worked.
Yeah, I can speak to that. The question is, when organizations would talk about their resistance and the negative experiences they had with other development projects, I can speak to it very generally to say that they would put a lot of work and effort into
their feedback, and then the response of the people that were developing the tool was not necessarily that they didn't give a reason for why it was wrong, only flippant responses like, yeah, we're not going to do that, or one of the quotes was, that's not sexy.
So they're kind of like putting this heartfelt effort into sharing what their risks are and sharing what their experiences are and saying, here's what we need, and then developers saying, yeah, maybe you need that, but we're not going to do that. Thanks very much. Thank you.