Broken link to EFF intro

[dmundra]

@alanna-casey and @openprivacy

On this page https://guidebook.civicactions.com/en/latest/common-practices-tools/security/encryption/, the link to https://ssd.eff.org/module/introduction-public-key-cryptography-and-pgp is going to 404 now in the below paragraph snippet.

If you'd like some background on how encryption works, start by reading An Introduction to Public Key Cryptography and PGP, a Surveillance Self-Defense (also an excellent read) tutorial from your friends at the Electronic Frontier Foundation [Donate!]

Do you have a recommendation for a suitable replacement?

[openprivacy]

Hi Daniel! Sorry to see that page is gone, glad you found the broken link. Here is a page I quickly found that could be a short-term replacement, but is probably not what we want long-term. I can look more when I get back to work.

https://users.ece.cmu.edu/~adrian/630-f04/PGP-intro.html

(back now - failed to send this - catching up on email now...)

Thanks, =Fen

Sent from my phone

On Mon, Jan 16, 2023, 10:12 AM Daniel Mundra @.***> wrote:

Assigned #1011 https://github.com/CivicActions/guidebook/issues/1011 to @openprivacy https://github.com/openprivacy.

— Reply to this email directly, view it on GitHub https://github.com/CivicActions/guidebook/issues/1011#event-8237364937, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABGLJ7Z377BNIXZQMDZEBTWSVQMBANCNFSM6AAAAAAT43L66A . You are receiving this because you were assigned.Message ID: @.***>

[dmundra]

Thanks @openprivacy. No rush on this, we just caught it in our weekly link checker.

[dmundra]

@openprivacy did you want to go with that link or did you find another link?

@sfmcgee if you are adding to the same file maybe you can update the link as well? Thank you!

[grugnog]

@openprivacy I wonder if we should consider streamlining this page. We don't use email internally any more, and I (and many people) barely use it with friends/family either. For privacy conscious folks there are plenty of FOSS alternatives that offer much better security, privacy and ease of use than email+GPG in my opinion. I question some of the value around promoting Bitcoin and commercial VPN services also, and I think the browser extensions could fit better into a security page (since they aren't encryption related). I think it would be useful to collect share some general resources on learning about encryption though, in terms of understaning the different types how/where they can be used (not just privacy, but also security and authentication etc). We could use a more hands-on GPG signing primer in the Git page though.

[openprivacy]

@grugnog Agree with all your comments and suggestions. This might be a good general encryption link: https://ssd.eff.org/module/deep-dive-end-end-encryption-how-do-public-key-encryption-systems-work

WRT private browsing: yes, not encryption so can move the extensions (where?) but as this page is "Protecting your Privacy" a link to that page would be useful. (Maybe should rename the page, removing "with Encryption"?)

WRT GPG signing of Git commits: would like to see that added to https://guidebook.civicactions.com/en/latest/practice-areas/engineering/security-compliance/ (another page that needs some cleanup) and indeed, I'd like to move the last section of the Security Policy (Server and Site Security) to that Engineering/security-compliance page, too.

[edit: addition] Shall I propose some changes in a PR?

[sfmcgee]

@openprivacy - I have an action in Issue #1051 to add instructions for signing git commits. I'll add it to the security-compliance page.

[dmundra]

@openprivacy yes please propose changes in a PR! Thank you!

[openprivacy]

@sfmcgee -

I have an action in Issue #1051 to add instructions for signing git commits. I'll add it to the security-compliance page.

Please feel free to update that page. Lots is outdated, such as:

• Drupal 7 & Drupal 8 (replace with Security in Drupal)
• LogStash/GrayLog, Nagios, ... Pingdom are pretty ancient
• ...and lots more if you want to get into it :-)