search

globaleaks / GlobaLeaks

GlobaLeaks is free, open source software enabling anyone to easily set up and maintain a secure whistleblowing platform.
https://www.globaleaks.org
Other
1.21k stars 264 forks source link

Consent of the custodian on anonymous reports #4110

Open clsbn opened 1 month ago

clsbn commented 1 month ago

What version of GlobaLeaks are you using?

4.15.5

What browser(s) are you seeing the problem on?

All

What operating system(s) are you seeing the problem on?

macOS

Describe the issue

In an anonymous report in the presence of the custodian role when the recipient requests access to the identity, without the custodian's consent, the report is immediately revealed as anonymous.

Proposed solution

I think that correct behavior should still require the custodian's consent also to reveal its anonymous nature.

evilaliv3 commented 1 month ago

Thank you @clsbn

Actually i designed the current custodian feature was implemented for the Italian National Anti-corruption Authority and the general consensus is that for the process to work users need to know if the identity is present or not. Requesting an authorization to open a box that is empty was considered.

Please feel free to provide your evaluations clarifying why you consider this proposal important and lets see what the other community members think.