Author: sajolida Date: To: Christopher Sheats, Public mailing list about the Tails project Subject: Re: [Tails-project] Apply Creative Commons
Christopher Sheats: > On 10/13/2015 03:23 AM, sajolida wrote:
>> Christopher Sheats:
>>> I have interest in reusing some of the verbiage from the
>>> 'Warning' page [1] because of its importance for SecureDrop
>>> landing pages.
>
>> Cool! I'm the one who wrote most of it and "maintains" it at the
>> moment though it hasn't changed much in the last 3 years.
>
>> So first of all, any feedback is greatly welcome. For example, if
>> you think that some things are missing or too verbose.
>
> I will be happy to provide direct feedback, at least in the form of
> how we remix Tails warnings applicable to SecureDrop.
Ok.
>> And also, I'd like to give it some more love in the next year or
>> two to make it more efficient and hopefully shorter. Maybe by
>> integrating it differently in the new download tool we'll release
>> at the end of the year [1]. So if you have proposals regarding all
>> this, they are most welcome as well.
>
>> Also, we could think about how you could reuse our content
>> directly, without doing copy, paste, and modify. Would this help?
>
>> [1]: https://tails.boum.org/blueprint/bootstrapping/extension/ >
> Hmmm. This touches on a larger whistleblower support project I've been
> thinking about. I think. I have been exploring ways to lower the
> technical bar of threat modeling, at least in unique circumstances
> (like using SecureDrop) where the expectations are so confined that
> certain adversaries and vulnerabilities are known to exist and can be
> discussed.
>
> With simple check boxes, a user could, possibly, tick their
> requirements and goals and be given a narrowed threat model brief to
> work from. Currently, of the 17 organizations using SecureDrop, threat
> modeling is largely avoided even though there are certain adversaries
> and vulnerabilities inherent with document leaking. A user is expected
> to start only with solutions (SecureDrop and Tor, and maybe Tails if
> they are up to it). This is unethical behavior in my opinion, for a
> funded authority (a news media org, for example) to say, "it's too
> complex, so we won't inform users at all".
>
> I will think about it more. Thank you.
What you're saying here really make sense. Don't hesitate to keep us
updated and we'll see if we can help you without our limited resources.
