Re: [Tails-project] Apply Creative Commons

Delete this message

Reply to this message
Author: Christopher Sheats
Date:  
To: sajolida, Public mailing list about the Tails project
Subject: Re: [Tails-project] Apply Creative Commons
Hello!

On 10/13/2015 03:23 AM, sajolida wrote:
> Christopher Sheats:
>> I have interest in reusing some of the verbiage from the
>> 'Warning' page [1] because of its importance for SecureDrop
>> landing pages.
>
> Cool! I'm the one who wrote most of it and "maintains" it at the
> moment though it hasn't changed much in the last 3 years.
>
> So first of all, any feedback is greatly welcome. For example, if
> you think that some things are missing or too verbose.


I will be happy to provide direct feedback, at least in the form of
how we remix Tails warnings applicable to SecureDrop.

>
> And also, I'd like to give it some more love in the next year or
> two to make it more efficient and hopefully shorter. Maybe by
> integrating it differently in the new download tool we'll release
> at the end of the year [1]. So if you have proposals regarding all
> this, they are most welcome as well.
>
> Also, we could think about how you could reuse our content
> directly, without doing copy, paste, and modify. Would this help?
>
> [1]: https://tails.boum.org/blueprint/bootstrapping/extension/
>


Hmmm. This touches on a larger whistleblower support project I've been
thinking about. I think. I have been exploring ways to lower the
technical bar of threat modeling, at least in unique circumstances
(like using SecureDrop) where the expectations are so confined that
certain adversaries and vulnerabilities are known to exist and can be
discussed.

With simple check boxes, a user could, possibly, tick their
requirements and goals and be given a narrowed threat model brief to
work from. Currently, of the 17 organizations using SecureDrop, threat
modeling is largely avoided even though there are certain adversaries
and vulnerabilities inherent with document leaking. A user is expected
to start only with solutions (SecureDrop and Tor, and maybe Tails if
they are up to it). This is unethical behavior in my opinion, for a
funded authority (a news media org, for example) to say, "it's too
complex, so we won't inform users at all".

I will think about it more. Thank you.

Christopher