HackMD
  • Beta
    Beta  Get a sneak peek of HackMD’s new design
    Turn on the feature preview and give us feedback.
    Go → Got it
      • Create new note
      • Create a note from template
    • Beta  Get a sneak peek of HackMD’s new design
      Beta  Get a sneak peek of HackMD’s new design
      Turn on the feature preview and give us feedback.
      Go → Got it
      • Sharing Link copied
      • /edit
      • View mode
        • Edit mode
        • View mode
        • Book mode
        • Slide mode
        Edit mode View mode Book mode Slide mode
      • Note Permission
      • Read
        • Only me
        • Signed-in users
        • Everyone
        Only me Signed-in users Everyone
      • Write
        • Only me
        • Signed-in users
        • Everyone
        Only me Signed-in users Everyone
      • More (Comment, Invitee)
      • Publishing
        Please check the box to agree to the Community Guidelines.
        Everyone on the web can find and read all notes of this public team.
        After the note is published, everyone on the web can find and read this note.
        See all published notes on profile page.
      • Commenting Enable
        Disabled Forbidden Owners Signed-in users Everyone
      • Permission
        • Forbidden
        • Owners
        • Signed-in users
        • Everyone
      • Invitee
      • No invitee
      • Options
      • Versions and GitHub Sync
      • Transfer ownership
      • Delete this note
      • Template
      • Save as template
      • Insert from template
      • Export
      • Dropbox
      • Google Drive Export to Google Drive
      • Gist
      • Import
      • Dropbox
      • Google Drive Import from Google Drive
      • Gist
      • Clipboard
      • Download
      • Markdown
      • HTML
      • Raw HTML
    Menu Sharing Create Help
    Create Create new note Create a note from template
    Menu
    Options
    Versions and GitHub Sync Transfer ownership Delete this note
    Export
    Dropbox Google Drive Export to Google Drive Gist
    Import
    Dropbox Google Drive Import from Google Drive Gist Clipboard
    Download
    Markdown HTML Raw HTML
    Back
    Sharing
    Sharing Link copied
    /edit
    View mode
    • Edit mode
    • View mode
    • Book mode
    • Slide mode
    Edit mode View mode Book mode Slide mode
    Note Permission
    Read
    Only me
    • Only me
    • Signed-in users
    • Everyone
    Only me Signed-in users Everyone
    Write
    Only me
    • Only me
    • Signed-in users
    • Everyone
    Only me Signed-in users Everyone
    More (Comment, Invitee)
    Publishing
    Please check the box to agree to the Community Guidelines.
    Everyone on the web can find and read all notes of this public team.
    After the note is published, everyone on the web can find and read this note.
    See all published notes on profile page.
    More (Comment, Invitee)
    Commenting Enable
    Disabled Forbidden Owners Signed-in users Everyone
    Permission
    Owners
    • Forbidden
    • Owners
    • Signed-in users
    • Everyone
    Invitee
    No invitee
       owned this note    owned this note      
    Published Linked with GitHub
    Like BookmarkBookmarked
    Subscribed
    • Any changes
      Be notified of any changes
    • Mention me
      Be notified of mention me
    • Unsubscribe
    Subscribe
    # 資訊安全與隱私保護的 UX 檢核表 (DSPPUX-Checklist) 這份檢核表的設計目的,在於針對為敏感社群開發工具時,應如何增強資安與隱私保護的建議。 * * * ### 第一階段:研究與構思 在你開始打造工具、平台或科技產品前,你會希望能了解你的使用者。「使用者研究」通常包括收集、分析各種潛在的使用者(和研究對象)的意見、資訊和行為。 1. 「使用者研究」牽涉許多不同的方法——訪談、人類學田野、焦點團體、問卷等等<sup>[1]</sup>——幾乎所有的方法,都會需要收集到其他人的資料,而此時你就需要思考如何保護研究對象的資訊。 ###### *回答下列問題來評估你的做得如何!* ##### 通訊與資訊收集 ☐ 針對如何儲存研究對象的資訊,我已評估過目前方法的潛在風險,包括: 數位的筆記(例如我儲存我的筆記在雲端平台,或是在我的硬碟裡) 我把這些研究筆記儲存在 ___________________________ ☐ The medium I store notes in is relatively secure — it is end-to-end encrypted, and difficult for third parties to access (such as law enforcement requests). 我儲存筆記的工具是相對安全的 - 是點對點加密且第三方很難輕易取得(包括執法單位要求) ☐ My research does not create a digital paper trail. (For instance, I consider how metadata, like the times we have contacted each other, can expose at-risk users.) 我的研究過程不會留下數位的足跡。(例如,我已審慎考慮過關於我與其他人討論的 metadata,像是時間戳記等,可能會讓某些人暴露在風險中) ☐ If I have identifiable information about my participants, I have thought about where I will store this information. I have created a plan for keeping this information safe. 如果我的專案有收集使用者或參與者的識別資料,我已經有仔細想過如何儲存這些資料,並建立一套確保資料安全的計畫。 ☐ I have a list of topics I should not ask my intended audience about. 我有一個「這些資料不該詢問使用者」的列表。 ☐ I know the kinds of topics I should keep off-record. 我知道哪些資料我應該完全不儲存。 | 小提醒 | | ------------- | | *通訊與資訊收集:* | | [a] Always use end-to-end encrypted channels when you can, and train your contact to securely contact you. 如果可能,永遠使用點對點加密的頻道,並且引導你的研究對象與夥伴使用加密頻道與你聯繫。| |[b] Secure the data you keep and pay attention to protecting the identities of people in your research.在初期研究階段的時候,記得保護你的資料,並隨時注意如何保護研究對象的身份識別資料。 |[c] If metadata is a concern for your audience (e.g. having evidence of you and the contact chatting or calling), do you have an alternate method of communicating? 如果溝通過程中產生的 metadata 可能會危及到你的研究對象,例如,產生了你與某人通話、聊天的證據,你是否有想過替代的通訊方案?| ##### Due Diligence ☐ I have a trusted network to vet my research subjects. ☐ If I keep documentation of my research process, I have considered the risks of keeping that information. (The same concerns in Communications and Information Gathering apply.) 我將我的 | Tips | | ------------- | | *Due Diligence:* | | [a] Partner with human rights organizations or have them as part of your research network.| ##### Diversity and Inclusion ☐ The language I use to describe my project is written simply, and is free of jargon. ☐ I work closely with someone — within the group that I am researching — to be mindful about their culture. ☐ I always ask for consent. I remind people of safety and security concerns. ☐ I use participatory research methods. | Tips | | ------------- | | *Diversity and Inclusion:* | | [a] Always respect and consider diversity and inclusion in your process — tone, words, contact methods, etc.| |[b] Always be empathetic and considerate. ### PHASE II Prototyping and Building With the initial research results, you now have a direction to build the prototype of your tool, tech, or platform. During this process, in particular to test your demo, you may have several checkpoints to refer back to or continue your initial research. 2.Building a product / service that balances security and usability necessarily brings up questions of practicality. ###### *Answer the following to gauge how you are doing.* ##### Contextual Concerns ☐ My design is applicable across a wide spectrum of connectivity environments. (e.g. Networks at refugee camps, places with frequent internet shutdowns.) ☐ My font settings are suitable for the language(s) of my user groups. ☐ My design considers the local digital literacy level. (I have thought about what tasks my audience are able to do, e.g. if they can download tools on their own or if they need help.) ☐ My design incorporates universal features. (e.g. The connotations of icons, interpretations of signs and colors across cultures, etc.) ☐ My design is culturally sensitive. (e.g. It considers cultural taboos of the user group.) | Tips | | ------------- | | *Contextual Concerns:* | | [a] Local connectivity and internet environment varies dramatically from place to place, country to country. If you can not test it in the field, ensure you have trusted representatives in your network to gather local test results.| ##### Practicality Concerns ☐ I have reviewed the types of technology\ies local people are using. ☐ I have a device — similar to that of the intended users — that I can test with. ☐ I understand the security limitations of the tested devices. ☐ My tool / tech / platform is easy for people to acquire / setup. ☐ I have considered the repercussions of whether my tool / tech / platform costs data, collects personal information, or requires other things on the user’s end. ☐ My tool / tech / platform does not use a lot of storage space. ☐ My interface is accessible to people with disabilities. (e.g. following WCAG guidelines.) ☐ I have considered whether my system collects sensitive data. ☐ My system’s design uses end-to-end encryption and takes other measures to prevent third-party access (e.g. access to my server). ☐ I have considered whether my tool / tech / platform should allow cloud settings. ☐ I have considered the physical security needs of using my tool / tech / platform. ☐ I have thought about whether internal documentation should store sensitive data. ☐ My internal documentation takes measures to prevent third-party access, such as using full-disk encryption and end-to-end encryption (e.g. I have thought about people trying to access our servers remotely and in person). ### PHASE III Release and Feedback Once you have a final product, prepare a thorough release strategy and document the process. It is very important to create a culture of feedback — always be open to feedback, and think of constructive ways to gather feedback. 3.Your research continues in this phase as you are coming back to the conversation you had with your testers. practicality. ###### *Answer the following to gauge how you are doing.* ##### Distribution Strategy ☐ I have identified specific platforms or channels for my tool to reach out through. ☐ I am working with someone who has relationships and trust in the communities I am reaching out to. ☐ For gathering feedback, I am providing people with safe channels to contact me (e.g. end-to-end encrypted emails). ##### Training and Documentation ☐ I have created a user manual or guide. ☐ It is easy for people to see the updates for my tool / technology / platform. (Consider if you have a public webpage or portal and if you regularly update them and track the updates.) ##### Evaluation and revisions ☐ I revisited my research methods and analysis. ☐ My work met my original research objectives. ☐ If I have learned anything new in the test, I have written it down in my documentation. ☐ I have a contingency plan for unexpected situations (e.g. Connectivity issues, a trusted alternative network, Code of Conduct, a mechanism for reporting problems, etc.). | Tips | | ------------- | | *Comms and Info Gathering:* | | [a] It is always a good practice to allow people to reach you securely and anonymously. Consult newsroom whistleblowing platforms for tips and recommendations.| | *Evaluation and revisions:* | | [a] It is particularly important to set a Code of Conduct and problem tracking mechanism for your tool / tech / platform if you aim to nurture a community through your rights-protecting product or service. | * * * For further information, inquiries, user research resource, or partnership opportunities, please contact: ##### Natalie Cadranel, natalie@open-archive.org ##### Anqi Li, anqi@accessnow.org ##### An Xiao Mina, an@meedan.com ##### Caroline Sinders, csinders@gmail.com Current and Past Contributors also include: Martin Shelton, Matt Mitchell, Soraya Okuda, TTCat [1] For more about user research methods, visit Nielsen Norman Group’s summary at https://www.nngroup.com/articles/which-ux-research-methods

    Import from clipboard

    Advanced permission required

    Your current role can only read. Ask the system administrator to acquire write and comment permission.

    This team is disabled

    Sorry, this team is disabled. You can't edit this note.

    This note is locked

    Sorry, only owner can edit this note.

    Reach the limit

    Sorry, you've reached the max length this note can be.
    Please reduce the content or divide it to more notes, thank you!

    Import from Gist

    Import from Snippet

    or

    Export to Snippet

    Are you sure?

    Do you really want to delete this note?
    All users will lost their connection.

    Create a note from template

    Create a note from template

    Oops...
    This template is not available.


    Upgrade

    All
    • All
    • Team
    No template found.

    Create custom template


    Upgrade

    Delete template

    Do you really want to delete this template?

    This page need refresh

    You have an incompatible client version.
    Refresh to update.
    New version available!
    See releases notes here
    Refresh to enjoy new features.
    Your user state has changed.
    Refresh to load new user state.

    Sign in

    Forgot password

    or

    By clicking below, you agree to our terms of service.

    Sign in via Facebook Sign in via Twitter Sign in via GitHub Sign in via Dropbox

    New to HackMD? Sign up

    Help

    • English
    • 中文
    • Français
    • Deutsch
    • 日本語
    • Español
    • Català
    • Ελληνικά
    • Português
    • italiano
    • Türkçe
    • Русский
    • Nederlands
    • hrvatski jezik
    • język polski
    • Українська
    • हिन्दी
    • svenska
    • Esperanto
    • dansk

    Documents

    Tutorials

    Book Mode Tutorial

    Slide Mode Tutorial

    YAML Metadata

    Contacts

    Facebook

    Twitter

    Feedback

    Send us email

    Resources

    Releases

    Pricing

    Blog

    Policy

    Terms

    Privacy

    Cheatsheet

    Syntax Example Reference
    # Header Header 基本排版
    - Unordered List
    • Unordered List
    1. Ordered List
    1. Ordered List
    - [ ] Todo List
    • Todo List
    > Blockquote
    Blockquote
    **Bold font** Bold font
    *Italics font* Italics font
    ~~Strikethrough~~ Strikethrough
    19^th^ 19th
    H~2~O H2O
    ++Inserted text++ Inserted text
    ==Marked text== Marked text
    [link text](https:// "title") Link
    ![image alt](https:// "title") Image
    `Code` Code 在筆記中貼入程式碼
    ```javascript
    var i = 0;
    ```
    var i = 0;
    :smile: :smile: Emoji list
    {%youtube youtube_id %} Externals
    $L^aT_eX$ LaTeX
    :::info
    This is a alert area.
    :::

    This is a alert area.

    Versions

    Versions and GitHub Sync

    Sign in to link this note to GitHub Learn more
    This note is not linked with GitHub Learn more
     
    Add badge Pull Push GitHub Link Settings
    Upgrade now

    Version named by    

    More Less
    • Edit
    • Delete

    Note content is identical to the latest version.
    Compare with
      Choose a version
      No search result
      Version not found

    Feedback

    Submission failed, please try again

    Thanks for your support.

    On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?

    Please give us some advice and help us improve HackMD.

     

    Thanks for your feedback

    Remove version name

    Do you want to remove this version name and description?

    Transfer ownership

    Transfer to
      Warning: is a public team. If you transfer note to this team, everyone on the web can find and read this note.

        Link with GitHub

        Please authorize HackMD on GitHub

        Please sign in to GitHub and install the HackMD app on your GitHub repo. Learn more

         Sign in to GitHub

        HackMD links with GitHub through a GitHub App. You can choose which repo to install our App.

        Push the note to GitHub Push to GitHub Pull a file from GitHub

          Authorize again
         

        Choose which file to push to

        Select repo
        Refresh Authorize more repos
        Select branch
        Select file
        Select branch
        Choose version(s) to push
        • Save a new version and push
        • Choose from existing versions
        Available push count

        Upgrade

        Pull from GitHub

         
        File from GitHub
        File from HackMD

        GitHub Link Settings

        File linked

        Linked by
        File path
        Last synced branch
        Available push count

        Upgrade

        Danger Zone

        Unlink
        You will no longer receive notification when GitHub file changes after unlink.

        Syncing

        Push failed

        Push successfully