Skip to content
wiki.fftac.org

Designing A Who Cares Wizard For 2Ia - Source Excerpt 05 - UX, accessibility, privacy, multilingual, and CMS integration

Back to Designing A Who Cares Wizard For 2Ia

Summary

This source excerpt begins near UX, accessibility, privacy, multilingual, and CMS integration and preserves the surrounding evidence from 2IA.org/agent-file-handoff/Archive/2026-05-17-who-cares-wizard/Designing a Who Cares Wizard for 2IA.org.md.

**Source path:** 2IA.org/agent-file-handoff/Archive/2026-05-17-who-cares-wizard/Designing a Who Cares Wizard for 2IA.org.md

**WC-18 Journalism, source protection, or online-speech support.** *Issue.* Use this when the person is a journalist, media lawyer, source-protection advocate, or someone facing a press-freedom or online-speech issue that needs specialist support. *Contacts.* [RCFP Legal Hotline](https://www.rcfp.org/legal-hotline/), [1-800-336-4243](tel:+18003364243), [Freedom of the Press contact](https://freedom.press/contact/), [info@freedom.press](mailto:info@freedom.press), [FPF service request](https://freedom.press/digisec/programs/request-our-services/), [EFF legal assistance](https://www.eff.org/pages/legal-assistance), [info@eff.org](mailto:info@eff.org). *Blurb.* RCFP is the official specialist hotline in this catalog for journalists and media lawyers, while Freedom of the Press Foundation provides digital-security services and general contact routes for journalists and newsrooms. *Next steps.* Use the hotline first if there is an imminent legal deadline or arrest risk, and do not send sensitive information through a general contact form unless the receiving organization explicitly supports it. *Final-page snippet.* “Separate the legal problem from the security problem. You may need both a hotline and a digital-security support route.” citeturn18view10turn24search0turn24search3turn18view9

**WC-19 Protester, organizer, or activist digital-security support.** *Issue.* Use this when organizers, activists, civil-society groups, or protesters are worried about targeted digital attacks, account compromise, or spyware. *Contacts.* [Access Now Helpline](https://www.accessnow.org/help/), [help@accessnow.org](mailto:help@accessnow.org), [+1 (888) 414-0100](tel:+18884140100), [Amnesty Security Lab Get Help](https://securitylab.amnesty.org/get-help/), [share@amnesty.tech](mailto:share@amnesty.tech), [EFF legal assistance](https://www.eff.org/pages/legal-assistance), [ACLU state affiliates](https://www.aclu.org/affiliates). *Blurb.* Access Now’s helpline is a 24/7 technical support route for civil society; Amnesty’s Security Lab provides surveillance-abuse and forensic support for at-risk civil-society members, but it also notes capacity limits for some public forensic requests. *Next steps.* Save notifications, suspicious messages, device details, and the date the concern began before contacting anyone. *Final-page snippet.* “If you think your accounts or devices are targeted, document first, change as little as necessary, and contact a specialist support route quickly.” citeturn18view11turn19view6turn18view12turn14search2turn18view9turn19view5

**WC-20 Volunteer, research, or policy collaboration with 2IA.** *Issue.* Use this when the user is not trying to solve a personal incident first, but wants to help, research, translate, audit, or draft policy. *Contacts.* [2IA Volunteer](https://2ia.org/volunteer/), [2IA Contact](https://2ia.org/contact/), [2IA Methodology](https://2ia.org/methodology/), [2IA Public Records](https://2ia.org/public-records-and-foia/), [NIST Privacy Framework](https://www.nist.gov/privacy-framework), [privacyframework@nist.gov](mailto:privacyframework@nist.gov), [NIST AI RMF](https://www.nist.gov/itl/ai-risk-management-framework), [aiframework@nist.gov](mailto:aiframework@nist.gov). *Blurb.* This route should explicitly support volunteer roles, researcher workflows, and policy design. 2IA already names useful roles such as accessibility review, translation, records tracking, research, and technical maintenance, and NIST’s privacy and AI frameworks provide policy-side scaffolding. *Next steps.* Read methodology first, choose a bounded contribution, and propose a narrow deliverable: an accessibility review, translation pass, records tracker, vendor-contract audit, or appeal/correction checklist. *Final-page snippet.* “Bring a bounded contribution. The fastest useful help is a narrow, reviewable piece of work.” citeturn2view3turn1view1turn2view1turn5view0turn17view5turn16search0turn16search3turn16search20

## UX, accessibility, privacy, multilingual, and CMS integration

The core UX recommendation is simple: **one question per screen, with the label or legend doubling as the page heading, and a visible “Step X of 20” indicator above it**. GOV.UK explicitly recommends one question per page because it helps users focus, and notes that using the label or legend as the heading helps screen-reader users hear the question only once. USWDS recommends separate headings, visible progress, short labels, semantic headings, and accessibility testing in the real implementation, not just in isolated components. Placeholder text should not carry meaning that belongs in a label. WCAG 2.2 should be the baseline target. citeturn17view0turn17view1turn17view2turn17view3turn7search13

The wizard should therefore avoid: multi-question accordion pages, modals that trap navigation, unlabeled icon-only answers, placeholder-only prompts, or free-text-heavy screens. Each screen should include a short hint line, an “I’m not sure” option, and a quiet “Browse all routes” escape hatch. Because the flow is 20 levels long, users should also be able to choose a **brief result** or **detailed packet** near the end rather than being forced to read the same amount of content. That is especially important for distressed users and for mobile users. citeturn17view0turn17view1turn17view3

Privacy and consent deserve first-class UI treatment. 2IA’s own privacy and contact pages, plus NIST and ICO guidance, support a very strict pattern: data minimization by default, purpose-specific consent, no pre-ticked choices, and no vague bundling of consent into general terms. The wizard should show a short interstitial before the first question, and a second, route-specific interstitial before any outbound handoff to an official complaint form. The first notice should say not to enter secrets, passwords, private third-party data, or material the sender lacks the right to share. The second should summarise what the destination site will likely collect and retain. citeturn2view0turn2view2turn6view0turn17view5turn17view6

A model consent note for the wizard is:

> **Before we continue:** use this tool for ordinary, lawful, non-sensitive questions. Do not paste passwords, classified material, medical details, or private third-party data. We do not save your answers unless you choose **Save on this device**. External complaint sites may collect and retain your information under their own rules.

That text is justified by both 2IA’s own warnings and the different privacy postures of official portals. DOJ allows complaints without email or phone but cannot provide updates in that case; HHS OCR says it will not investigate unnamed complaints and also offers alternative formats, relay services, and language assistance; CFPB says users need name, email, phone, address, and a secure account, forwards complaints to companies, may publish de-identified complaint data, and retains complaints under federal records rules. citeturn18view2turn18view4turn20view8turn18view0

Multilingual support should be implemented as **real content parity, not cosmetic translation theater**. W3C requires correct language declaration in HTML and discourages using `meta` declarations for language. USWDS recommends a consistent language selector and says users with limited English proficiency are more successful when they can work in their preferred language, especially under stress. It also distinguishes between a full-language selector when **all content is translated** and a “selected multilingual content” pattern when only parts of the site exist in other languages. For 2IA, that means the first release should architect for translations but should not imply full-language parity until every wizard step and every end-node page is translated. The language selector should sit above navigation and respect right-to-left layouts when needed. citeturn17view4turn17view7turn17view8turn17view9turn20view10

From a CMS standpoint, the public evidence strongly suggests a theme/plugin CMS, probably WordPress-style, though that remains an inference. If that inference is right, the cleanest implementation is a custom page template or block tied to three core content objects: **questions**, **contacts**, and **end nodes**. Each end node should store the title, concise issue summary, blurb, organization/contact cards, phone/email/form links, preparation checklist, persona-specific notes, source URLs, `last_reviewed`, and `correction_log`. Each contact card should also store `data_disclosure_note`, `language_support`, `accessibility_support`, and `official_or_ngo`, because those differences are material for user consent. That content model also ports cleanly to any other server-rendered CMS if the WordPress-style assumption proves wrong. citeturn0view0turn2view0turn1view1turn5view1