PSST User Stories¶

• for User Story Narratives based on these points, see: [https://guardianproject.info/2012/04/14/user-scenarios-to-guide-our-crypto-development/ User scenarios to guide our crypto development]

The Small Cabal¶

• small group of people and meets up in person
• needs to communicate as securely and anonymously as possible
• all sign every other's key in person
• local-only, unpublishable signatures
• no one uploads their keys to any other server or device
• generate a revocation certificate and hook it up to their panic button app
• panic button broadcasts the revocation certificate to a pre-determined list of people

Diffuse Activist Organization¶

• working in a country that aggressively tracks communications
• many people meet in person at various places around the country
• some people also travel to regional and national meet-ups
• very few participants meet everyone in the organization
• the central forum for the whole group is on the internet
• lots of big group discussions and announcements

• each person has a key, they post it to the PGP keyservers
• they generate a revocation certificate
• they do not post any signatures to the key servers
• whenever they meet another person that they trust, they sign each others' keys and swap all signature data using direct p2p communication

• they establish the first step of trust via OTR question/answer
• they can then check whether they have PGP trust path to each others' keys

• when they hit the panic button the post the revocation certificate to the keyserver
• each client automatically checks the public keyservers regularly for revocations

Multinational Org¶

• many people work in countries where the government does not aggressively monitor communications
• a handful of people work in high risk environments from time to time
• there are also local contacts in aggressively monitored countries working with the org

• local operatives use only private signatures

• the public figures want to have a public trust profile
  • they use the public PGP infrastructure
  • they publicly share all public signatures
  • private signatures are in lsign format, so they cannot be shared

• all signatures are always sent to the key owner via email
• signer can mark the signature as private or public
  • a private signature uses an "lsign" which cannot be exported to the keyservers
• the key owner can then decide how to manage the signatures
  • privately import the signature to their keyring, where it will be stored in an unpublishable format
  • publicly import the signature into their keyring and sync it via the public PGP servers

Improv Movement organized via social networking¶

• loosely or barely connected groups of people
• want to avoid active keyword, etc filtering
• relatively open and public infrastructure
• frequently infiltrated in certain pockets

• TOFU/POP (Trust On First Use/Persistence of Pseudonym)
• OTR question/answer, if they have shared context
• can share TOFU/POP status with others to build trust in keys

Foreign Journalist, Diplomat, or Business Person¶

• clear outsider status
• want to keep private communications private in the face of government monitoring
• has strong links to institutions outside of the country in case of trouble
• needs standard crypto tools made easy to use