Open holmesworcester opened 2 months ago
Let's have some bullets to see if users understand what "deactivate" will do and what "remove" will do.
Bullets for "Deactivate":
Bullets for remove:
@holmesworcester here's the Figma.
@holmesworcester
I’ve made some updates to the Figma and I have some thoughts/questions
Notes:
"Scenario 3" above actually splits into a few cases:
The user does "leaves community" on one or more of their devices - nobody else sees them as deactivated and their other devices are unaffected. Maybe they only want quiet on their desktop and not their phone, or vice versa.
The user "deactivates" themselves using their profile - they need an invite link to get back in.
The user "removes" themselves from their own profile - their account is irrevocably destroyed so they'd need to make a new one later.
I think it's an interesting question whether we do 2 or 3. Let's assume that we want to, do some designs and get feedback. We should note to users that the best way to remove themselves is to do "leave community" on all their devices. The warning would be: "Be sure to run Quiet on your other devices to ensure deactivation has taken place. You should probably leave this community on all devices to be sure."
Since the profile is per community (I could be Jason in one and Bob in another) It seems there are only 2 'removal' options for the user:
I presume both of these would happen by going to Community (E.g. nyc-activism), navigating to a profile and going through the flows for either of those options. Both of these would be community-based.
If we want the ability for a user to remove or deactivate all data or all communities, it seems we'd need a concept of a global user. Otherwise, I would not expect to leave other communities if I removed myself from one. And I may not want to deactivate myself from all communities, but rather just one.
Thoughts?
@holmesworcester With that said, I started to rough out some things around self-deactivation from a community and Self-removal from a community, but they are more about communicating my misunderstandings or questions, and to give us a starting point for discussion.
Overall there are a lot of unanswered questions on this spec and feels very wide in scope. I think it's in need of your attention so we can focus and be intentional with next steps. Hopefully the rough starts help guide us. Maybe we can workshop when you are feeling better.
This looks good. I left some comments and made a few copy changes.
The main idea here is that one reason for self-deactivation is that users want to remove evidence of being part of a community from their phone.
We'll still have a recovery key on there but we don't need to label it at all in our locally stored data, and we don't need to show anything in the UI.
The main idea seems clear. We're now looking a possibilities for where users end up in various scenarios. Based on your reply and comments in figma my understanding is as follows:
Are we seeing this this same? If so, next step is to update the mockups to reflect this thinking.
Sounds good to me
I've updated the two flows we've been discussing:
Let me know if you have anything else on those.
@holmesworcester In addition to those items above, some other things awaiting feedback/discussion:
For reactivation, I think the best option is this one.
Though I think "deactivated" would be better here than "inactive" for consistency.
For reactivation, I think the best option is this one.
For where to put the 12-word backup code, immediately after opening the reactivation link is best.
Thank you. Here's the latest Figma
Outstanding would be exploring desktop for all of this, but I'd wait until we've decided if all this works.
This looks good!
I got some feedback on this that seems actionable. Comments in Figma.
When an admin removes a user, we should be able to re-instate that user with no data loss. What would the UI for this look like?
User story:
A newsroom has journalists who sometimes work in a dangerous area where their phone can be seized by law enforcement. Before travel to this area, an admin suspends the user, or perhaps the user suspends themselves. This deletes all message and community data from their device--except the restoration key, which is not visible in the device UI. When the user returns, to restore the user the admin marks them as re-instated (they appear as removed in a list of users) and then sees a special invite link to provide to the user. The user would open the invite link and their account is restored using the restoration key stored on that device. Their account is fully restored, including DMs.
Additional feature: to delete Quiet completely from their device, the user can write down the restoration key as a series of words, like a BIP39 passphrase.
Notes: