glenn-sorrentino
commented
1 month ago That's just in testing. Messages are disabled entirely until a key has been uploaded.
Open brassy-endomorph opened 1 month ago
glenn-sorrentino
commented
1 month ago That's just in testing. Messages are disabled entirely until a key has been uploaded.
Is your feature request related to a problem? Please describe.
On the submissions page, if the recipient does not have PGP key, this text is displayed:
Since this is meant to be an anon whistleblower line, it shouldn't require out of band contacting nor should it encourage those with sensitive data to expose themselves.
Someone might have data about Area 51, and they may think that only the data is sensitive, but not the fact that they have it. They might then send a text, email, or submit to Hushline saying "I have Area 51 data I want to send, so upload a PGP key." This exposes them.
Describe the solution you'd like
The warning should continue to exist, and it should be above the text input box. and it should be full sized text, not smaller like it currently is.
The link in the help page is going to be confusing for the submitter. They don't need to know how a user uploads a PGP since they won't be the one doing it. They might not know or even care what PGP is. Maybe we don't want to say PGP at all. Having the docs linked in that message might be confusing. If I'm a leaker, what am I going to think when I see "Getting Started a Hushline Operator?" Do I want to be an operator? What does that even mean?
We could add a checkbox that says "Request that the recipient upload a PGP because you would like to contact them securely." When this is ticked, a banner is displayed when the recipient logs in. Also, on that particular message, there is some visual notification in their inbox. When they click the page, there is another banner that says "this user wants you to use PGP."