evilaliv3
commented
9 months ago Thank you @mapreri
The custodian user role is a feature built for the Italian national authority for anticorruption that as community we do not endorse so much and this is why it is not directly exposed and not so much documented.
A custodian is a user which role is to read motivated requests by recipients to access the identity of a whistleblower and that are enable to grant this authorization.
The feature makes some sense but is impractical an risky for many reasons:
- when whistleblowers provide their identity there is always a reason and they are trying to get ultimate protection: hiding this information to recipients in this situation can raise risks. Recipient are entitled to access this information is provided and they should know about this information when they operate to ensure to not make wrong steps.
- technically the identity of a whistleblower is not contained in a question name and surname. The identity of the whistleblower is part of the fact they tell and the metadata they share. One cannot think than hiding just the name and the surname makes it not possible for recipients to identity users and relying on this assumption can an other time lead to significant issues.
What do you think?
mapreri
What version of GlobaLeaks are you using?
4.13.18
What browser(s) are you seeing the problem on?
Other
What operating system(s) are you seeing the problem on?
Linux
Describe the issue
The current documentation, as live in https://docs.globaleaks.org/en/main/ - does not seem to ducument what is a custodian user and in which case it might make sense to have one.
Proposed solution
No response