My take on privacy for this project is that we should educate users as good as possible, and let them decide for them. I was greeted with a lot of openness during my past sessions with Forgejo/Codeberg users, much more than I expected. People wanted to help out, and agreed to sharing the data with my. I expect that a non-moderated recording can be more challenging, because you do not see the receiving side to build trust. That's why I would probably focus on explaining who can access data. This is partially based on my notes in https://discourse.opensourcedesign.net/t/automated-recorded-user-tests/3908/12
Content for initial disclaimer (what should be explained to the user):
- once the recording is started, all data will be transmitted to the server and temporarily stored there
- admins of the instance (link to imprint) will have access to the recording
- the data will be automatically destroyed unless explicitly submitted (e.g. in case of a lost connection / computer crash, the data would be removed after x hours)
- the user can choose to cancel and delete the data during and after the recording
- have an option to also read the content of the second ("post") disclaimer early
After the recording ("post"):
- allow to immediately remove the data from the system
- provide a token / permalink for removing the data at a later time
- allow to select the maximum storage duration (longer storage can help to relax reviewers, but users could choose for how many days the data should be stored at most, capped to the instance-wide maximum)
- provide a list of users with access to the data (could be maintainers or user researchers of the project)
- allow the project to add further notes on how the data is processed and handled (custom text)
Optional content for "post" form:
- provide an email address to the project (e.g. for questions)
- the permalink for data removal could also be sent here
- option to submit further notes / remarks
- explicitly consent to publish the notes taken by the reviewers in anonymized form (similar to the data here)
- checkbox to review notes before publication (requires email address)
- checkbox to allow sharing the recording with other maintainers1
-
Here my idea is that sometimes you might want to share interesting data with developers or maintainers that are not part of the user research effort. Inviting people into my interviews was sometimes helpful, and this might be an alternative to it. The checkbox means: the participant trusts the listed user researchers to share the data only with other trusted parties ↩︎
My take on privacy for this project is that we should educate users as good as possible, and let them decide for them. I was greeted with a lot of openness during my past sessions with Forgejo/Codeberg users, much more than I expected. People wanted to help out, and agreed to sharing the data with my. I expect that a non-moderated recording can be more challenging, because you do not see the receiving side to build trust. That's why I would probably focus on explaining who can access data. This is partially based on my notes in https://discourse.opensourcedesign.net/t/automated-recorded-user-tests/3908/12
---
Content for initial disclaimer (what should be explained to the user):
- once the recording is started, all data will be transmitted to the server and temporarily stored there
- admins of the instance (link to imprint) will have access to the recording
- the data will be automatically destroyed unless explicitly submitted (e.g. in case of a lost connection / computer crash, the data would be removed after x hours)
- the user can choose to cancel and delete the data during and after the recording
- have an option to also read the content of the second ("post") disclaimer early
After the recording ("post"):
- allow to immediately remove the data from the system
- provide a token / permalink for removing the data at a later time
- allow to select the maximum storage duration (longer storage can help to relax reviewers, but users could choose for how many days the data should be stored at most, capped to the instance-wide maximum)
- provide a list of users with access to the data (could be maintainers or user researchers of the project)
- allow the project to add further notes on how the data is processed and handled (custom text)
Optional content for "post" form:
- provide an email address to the project (e.g. for questions)
- the permalink for data removal could also be sent here
- option to submit further notes / remarks
- explicitly consent to publish the notes taken by the reviewers in anonymized form (similar to the data [here](https://codeberg.org/forgejo/user-research/src/branch/main/interviews))
- checkbox to review notes before publication (requires email address)
- checkbox to allow sharing the recording with other maintainers[^1]
[^1]: Here my idea is that sometimes you might want to share interesting data with developers or maintainers that are not part of the user research effort. Inviting people into my interviews was sometimes helpful, and this might be an alternative to it. The checkbox means: the participant trusts the listed user researchers to share the data only with other trusted parties