KnowYourPrivacy - A privacy quiz app, what do you think?

Hi there,
recently I was building a prototype website as a usability study in my university.
I called it “KnowYourPrivacy”.

The idea was that a user can answer some questions about what apps & services they are using and what threats they care about most. Then they get some overview how well they are protected against the treats and get recommendations on how to improve.

It was meant to make privacy more accessible to “normal” people and starters.
It was meant to be a personalized guidance, for all kinds of people in the privacy spectrum.

I believe this app has potential to help people understand their digital setup, build their threat model and improve their privacy step by step.

Currently the Website lives in gh-pages and is still in early stages / a prototype.
It can be visited here: https://jonaslouison.github.io/KnowYourPrivacy/#/
The code lives here: https://github.com/jonaslouison/KnowYourPrivacy
I made it open source and was wondering what your opinions are.

Here are some questions that could help development:

• What new features could be helpful, what would you like to see?
• Are there any bugs/errors?
• What is your general feeling about the app, is it easy to understand, what does it lack?
• Would you use it / recommend it to others?

So the current flow is Home → Quiz → Dasboard → Wiki → Action (e.g. change to a more privacy respecting service)

Personally I believe that there is still a gap between the the quiz and the dashboard, in the sense that the dashboard is full of information but with little guidance on what to do.

I was thinking of making a results page that is more easy to parse/read through with a clearer guidance on which tasks to tackle, e.g.:

• a checklist for each service
• quick wins like use a different search engine or a browser with a quick tutorial on how to copy over your bookmarks
• a setup guide/pack you can easily install with preconfigured reccomended services

Also there are some inconsistencies with the recommendations e.g. wiki vs. dashboard that needs to be eliminated.
And I was thinking of creating a tool to compare two or more services against each other.

Let me know what you think, I am excited!
Regards,
Jonas

“N/A” as an answer for all questions.

After selecting multiple devices in the first question, the second question does not permit selecting multiple browsers. The last question should have the drag-and-drop at the top instead of the bottom. Other devices are given point values even though they may not have been initially selected.

Identity compartmentalization.

Never.

I stopped once I noticed there can be only one answer per question. I use multiple browsers and email services.
I see the potential, keep going.

This was interesting. Thanks for sharing. It would also be better if we could select more than just the one option.

It’s not a quiz, it’s a survey.

{406AE970-FA30-4CAD-B42C-F706BA4D1578}681×160 6.82 KB

I don’t understand the reasoning for including “privacy-focused” and “non-privacy-focused” as options. Surely part of your intended audience will not know which is which. It is your job, from how I am interpreting your project, to educate them on that. You would have to trust that they understand the difference in the first place before you use their responses for anything. This stems from a more fundamental issue on how you gather information. To give good, concrete advice, you need decently granular information to go off of. “Privacy-focused” and “non-privacy-focused” is vague, not granular. You cannot give good advice (other than general advice) to someone who says that they use a “privacy-focused browser” or a “non-privacy-focused email provider”. The information being collected needs to be more granular (which also means that, as others have pointed out, surveyees need to be able to select multiple options). This granularity point also applies to the threat modeling section as well. You need to collect more information about the surveyee. I don’t think ranking specific threats from highest to lowest concern reflects their threat model well. What information you should collect or how you should collect it, I’m not too sure unfortunately. You should talk with social scientists, whose profession includes collecting survey information.

Another thing to note: you should have two distinct stages for gathering survey information (as @Encounter5729 notes, this is a survey and not a quiz). You are (1) gathering information about the surveyee’s digital setup, (2) gathering information about their goals and values to construct a threat model, (3) comparing that digital setup to the constructed threat model to identify gaps, and (4) providing advice on how they can address those gaps by changing their digital setup to fit the constructed threat model.

So one is for gaining granular insight on the surveyee’s digital setup and the other is for accurately constructing the surveyee’s threat model. These two should be kept separate. Threat models usually stay the same while digital setups are more fluid. If this is the kind of website where people are intended to return to (which I imagine it is), then threat modeling and digital setups should remain distinct and separate. The ideal goal, I imagine, is that people come back again and again as they slowly implement your recommendations over time. They change their digital setups in accordance with your recommendations, meanwhile their threat model stays relatively the same.

Another issue I have is with your wiki. You label your tools as “Good”, “Acceptable”, “Caution”, and “Avoid”. But what is the basis for this? It isn’t that I agree or disagree with how you are labeling them. You claim that the project is “for all kinds of people in the privacy spectrum”, which means that you should account for multiple threat models, but your labeling is counter to this. If you want to provide good general information for beginner privacy advocates, these labels are fine. But if you want to be nuanced and account for different kinds of threat models, get rid of those labels and provide threat model labels or indications. This is something that Privacy Guides does.

I cannot drag the threat tiles on question 14. (Because of this, I can’t see what takes place on the dashboard, so I also can’t provide feedback on that.)

I don’t think “quiz” is the correct term to use. I agree with @Encounter5729 that this is more of a survey. Your website should reflect that. The intended audience is not “[discovering] how private [their] digital life really is”, they are discovering how well their digital setup is fulfulling their threat model.

All valid points, I’ll look into it. Thanks for the constructive feedback!

Thanks for your efforts.

This need to be a deeper privacy analysis. At the moment only surface