You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
On the submissions page, if the recipient does not have PGP key, this text is displayed:
Your message will NOT be encrypted. If this message is sensitive, ask test to add a public PGP key. Here's how they can do it.
Since this is meant to be an anon whistleblower line, it shouldn't require out of band contacting nor should it encourage those with sensitive data to expose themselves.
Someone might have data about Area 51, and they may think that only the data is sensitive, but not the fact that they have it. They might then send a text, email, or submit to Hushline saying "I have Area 51 data I want to send, so upload a PGP key." This exposes them.
Describe the solution you'd like
The warning should continue to exist, and it should be above the text input box. and it should be full sized text, not smaller like it currently is.
The link in the help page is going to be confusing for the submitter. They don't need to know how a user uploads a PGP since they won't be the one doing it. They might not know or even care what PGP is. Maybe we don't want to say PGP at all. Having the docs linked in that message might be confusing. If I'm a leaker, what am I going to think when I see "Getting Started a Hushline Operator?" Do I want to be an operator? What does that even mean?
We could add a checkbox that says "Request that the recipient upload a PGP because you would like to contact them securely." When this is ticked, a banner is displayed when the recipient logs in. Also, on that particular message, there is some visual notification in their inbox. When they click the page, there is another banner that says "this user wants you to use PGP."
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
On the submissions page, if the recipient does not have PGP key, this text is displayed:
Since this is meant to be an anon whistleblower line, it shouldn't require out of band contacting nor should it encourage those with sensitive data to expose themselves.
Someone might have data about Area 51, and they may think that only the data is sensitive, but not the fact that they have it. They might then send a text, email, or submit to Hushline saying "I have Area 51 data I want to send, so upload a PGP key." This exposes them.
Describe the solution you'd like
The warning should continue to exist, and it should be above the text input box. and it should be full sized text, not smaller like it currently is.
The link in the help page is going to be confusing for the submitter. They don't need to know how a user uploads a PGP since they won't be the one doing it. They might not know or even care what PGP is. Maybe we don't want to say PGP at all. Having the docs linked in that message might be confusing. If I'm a leaker, what am I going to think when I see "Getting Started a Hushline Operator?" Do I want to be an operator? What does that even mean?
We could add a checkbox that says "Request that the recipient upload a PGP because you would like to contact them securely." When this is ticked, a banner is displayed when the recipient logs in. Also, on that particular message, there is some visual notification in their inbox. When they click the page, there is another banner that says "this user wants you to use PGP."
The text was updated successfully, but these errors were encountered: