Open runasand opened 10 years ago
Maybe it might be wise to implement it in the repo somewhere. It might also be wise to implement it in securedrop itself.
This is going to be included as a section on the new SecureDrop website, which is currently in development.
Closing as the source guide is on GitHub and the website links to it.
The source best practice guide is different than the how-to use securedrop for sources guide
Sent from my iPhone
On Dec 6, 2014, at 10:08 PM, Kevin M. Gallagher notifications@github.com wrote:
Closing as the source guide is on GitHub and the website links to it.
— Reply to this email directly or view it on GitHub.
Thanks @trevortimm, I forgot. What should we do - did you have lawyers review it yet?
The Source Guide should be sufficient here: https://docs.securedrop.org/en/stable/source.html
@conorsch Trevor was referring to a separate guide we were once working on which was more like "best practices for leaking information" rather than how to technically use the source interface. You may want to inquire about the status of that. (see Hackpad)
This is a very important and worthwhile issue. We should remove all organization-specific content from this source operational security guide, remove the "how to use the source interface" part (since it's covered by the current Source Guide) and make any other necessary updates. At minimum, there should be a section with the "Do"s and "Don't"s distilled into a table at the top of the page for the benefit of sources who will not read a long guide.
Example dos and don't for this table include:
securedrop.org
or any other sites related to leakingWe should be mindful of how this advice changes in the different locales SecureDrop is located in, as common investigation practices and legal protections obviously depend on the country.
This content should go on:
securedrop.org
is being redesigned and a very large warning will appear for potential sources who are accessing SecureDrop through Tor) Does anyone have an archive of the content behind the link in @runasand's OG post? I'm just getting a dead Dropbox page. :(
@ninavizz Yes, we made sure to archive the old hackpad contents before hackpad closed down. Will be able to dig up a URL for ya and send along!
Still relevant but reducing priority given that some of this work has since been done.
See also the recap in freedomofpress/securedrop#4259 for additional background on historical materials that could be re-examined for this purpose. To make continued progress on this, we may want to identify some more tightly scoped targeted improvements. @martinshelton is working on some smaller tweaks in this PR: https://github.com/freedomofpress/securedrop-docs/pull/48
Adding @martinshelton per expression of interest on internal channel, a few weeks ago.
Note to @eloquence: I don't feel this is appropriate to transfer from the SD repo, as this repo is specific to a single touchpoint (docs) and communicating with & guiding sources is a multi-touchpoint experience; with developer docs, not advisable as the primary point of information.
@conorsch wd also love to get that earlier mentioned doc Runa had been working on, shared here! @huertanix may know where it lives, too.
We have a source best practice guide that we really should update and publish somewhere.