This repository has been archived by the owner on Apr 4, 2024. It is now read-only.
Use Case Personas - Explain Privacy Levels #18
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Is your feature request related to a problem? Please describe.
Request for each instance / type/levels of privacy and anonymity as a case studies to be presented on the website for onboarding + explaining the purpose, rationale, limits of the tool
Describe the solution you'd like
Take each of the use cases (below) and make them into personas, or representative users e.g. "the user needs to send and receive a message. What will happen?" and proceed to explain the levels of anonymity, privacy, encryption etc.
(as described by Glen): Lots of nuance, but the anonymity can be thought about differently depending on who we're talking about. If the service is Tor-only, while the identity of the key owner is know, their physical location won't be. And for someone visiting the Tor-only site, neither their identity nor location is known.
Since the message gets encrypted before being saved or sent, even if the end user reveals their identity, it's still encrypted. So if it's intercepted at any point, it's still safe and their identity is protected
Only the owner of the PGP key can read the message.
cases where you can use Tor and log in to a service - ie Facebook's onion service, your identity isn't anonymous since it's account-based (unless it's a burner account) but your location is.
Hush Line can be deployed as a public site or onion-only so if someone uses the service as a public site from a coffee shop, for example, the user will still have the same protections of obfuscating their IP address, though their physical location can be approximated
Now, even HTTPS offers some level of privacy. With that, someone monitoring a network can see that someone is on a particular URL (unless they use Tor or a VPN) but not see which page they're on, or the traffic in transit.
If you use the service from your home, without Tor or a VPN, someone can know that you're using the site, but they still won't be able to see the contents of your message or the traffic in transit
If this is a scenario where the source wants to be contacted, they can leave a contact method, or just keep it a one-way conversation
Describe alternatives you've considered
Um... well you could also make it something that isn't a persona, e.g. a tile, or present use cases in a different way.
Additional context
It started as a discussion on Keybase chat, 7:48am by DataDork, sciencedesign.contributors chat :)
The text was updated successfully, but these errors were encountered: