Some inspiration about malicious PDFs here: https://github.com/jonaslejon/malicious-pdf

Notes / Evidence

During user testing, we learned that it was not obvious for participants some what risks working with documents presented.

Explain how Dangerzone can protect in publication security because it removes metadata from documents.

Notes / Evidence

A participant understood from reading the website that Dangerzone was more of a tool that could help in document intake security, but in reality it also protects journalists from accidentally posting documents with metadata.

Hi folks, congrats on setting up the dangerzone website - looking great!

A tiny nit: Near the bottom of the page, after all the different supported file formats, there's a line that reads "It’s still possible to get hacked with Dangerzone" and I'm wondering if it's meant to be formatted as a heading of some sort.

Dangerzone rocks, thanks for your work on this everyone. :)

What it looks like on safari

What it should look like

From user research some participants mentioned they wanted to see how the tool was like before downloading it.

Notes / Evidence

During user testing, a participant just wanted to know how to use the tool. They mentioned knowing that was more important than reading the history of the project (in the about page).

With the inclusion of arm-based macOS releases, we'll need to distinguish the download links.

Have a page explaining the features and how to use Dangerzone

Evidence / Notes

Having this available was suggested by a digital security trainer

Artifacts for MacOS and Windows are currently hosted on GitHub. Users downloading those from dangerzone.rocks should be able to verify their integrity. The are two ways to do so; either via checksums (e.g., SHA-256) or signatures.

In order to provide signatures for our artifacts, we need to explain to users how they can verify them with GPG on all of the supported platforms. For checksums, we can just provide the files produced by sha256sum. So, while signatures offer stronger guarantees, checksums are a simpler verification method for this release.

Now that this has more than one page, it might worth switching to Jekyll to simplify the maintenance story across pages.

From user testing we realized that all the features need some rewording.

No network access - one participant in a user study was confused about the meaning of sandbox. The original text assumes some prior knowledge of what a sandbox is. And two users mentioned that they thought the tool was "uploading" the document We can try to frame it as opening documents on your computer but in a more secure compartment isolated from the internet.

Optional OCR - this one has two potential issues: (1) people may not know what OCR is, to begin with. We should focus instead of saying that the document will be searchable, (which is what one pretends). (2) it may be confusing for some why this is even needed — if the document was originally searchable.

Reduced File Size - Similarly to the "optional OCR", this is written of someone who already knows Qubes Trusted PDF and its limitations, but for someone coming fresh into Dangerzone, the files at the end may look much larger than the original. This can lead to confusion and should be clarified.

Open Docs Safely - we mention here that people can make Dangerzone their default document viewer, but currently, Dangerzone may not be very usable for previewing files as one has to go through the conversion process first.

Notes / Evidence

During user testing, we learned that participants found various parts of the website confusing. On the homepage, the features were not clear and journalists referred a need to quickly understand what the tool is about and if it's for them. The about page has too much information. A participant suggested having an FAQ.

Per Fedora installation instructions, the GPG fingerpint should be on the website.