Our commitment to security and privacy is outlined in our statement of values :
The tools that we use to communicate and collaborate will respect and enhance participants' privacy to the greatest extent possible. If we are required to use systems or networks that we believe to be inherently insecure, we commit to providing clear guidance to our collaborators on how to protect themselves, their identity, and their location while working with us.
If you are collaborating with us -- as a workshop participant, as a contributor, as an advisor, as an ally -- we encourage you to read the following security considerations:
We may occasionally share documents with you via established web sites that routinely collect personal information. For example, we might invite you to view and complete an online survey. In this situation, we encourage you to protect your privacy by taking the following steps before visiting the survey link:
-
Logging out of any web sites or services that you may be currently signed-in to, e.g., Facebook, Google, etc.
-
Using the private browser feature of your web browser. Each web browser is different, but this feature is typically called "Incognito" or "Private browsing." You can learn more about this feature by using the "Help" menu in your browser and searching for "privacy."
Where possible, we will refrain from circulating links that may inadvertently compromise your personal information. We will typically do this by directing you to web sites that do not require you to sign-in, and by relying on sites where we have a reasonable belief that information collection is limited.
Similarly, during your involvement with the project, you may hear about new and interesting mobile applications. We encourage you to approach these mobile applications with common sense and some basic vigilance. Here are some common scenarios to be aware of:
-
Some mobile applications (a good example is the popular messaging application Viber) will request access to the contacts on your phone. You should be aware that many of these applications will send your contacts (sometimes insecurely) from your phone to another location. This could result in inadvertently providing your entire address book of contacts to another party.
-
Many popular mobile applications claim to be "secure," when in fact they offer very little in the way of protection at all. This can be difficult to assess, so we recommend that you attempt to undertake some basic research [can we suggest trustworthy sites that publish good research?] before installing and trusting new mobile applications (we provide some specific recommendations of tools that we believe to be more secure below).
While collaborating with us, we may ask you to submit written material. If you would like to take steps to help ensure that this material is not easily read by others, we encourage you research your options or ask us for assistance. Beautiful Rising is not able to provide digital security training at this time, but each team member has been briefed to be able to provide you with straightforward options for communicating with them security.
If communicating with the Beautiful Rising project would put you at risk in any way, please refrain from doing so directly, and explore alternative, possibly indirect ways to contact us, such as the following:
Each member of the Beautiful Rising team has a published public PGP key. That key can be used to secure your communication with that person, reducing the risk of the message being read by another party. Securing your communication in this way does not remove the evidence that you've communicated with us.
If you are not familiar with PGP, please contact the team member you want to communicate with and ask for alternative ways to transmit information to them.
Most members of the Beautiful Rising team have published their identity on the service Chat Secure . Chat Secure is an "Encrypted Messenger for iOS and Android" that enables you to send short messages securely to members of our team.
We are also investigating the Telegram messenger at this time. If you are using Telegram already, please let us know. [Telegram seems the less buggy and more user-friendly of the two -- perhaps we should promote it first?]
We may also ask to speak with you on the phone, or you may find that a voice call is the easiest way to convey some information. Most members of the team are set-up to initiate and receive calls using the encrypted voice application called Redphone on Android or Signal on iOS. If you have the option of communicating with one of these mobile applications, we recommend it -- keep in mind, however, that these applications require a wifi or data connection.
To facilitate one-on-one or multi-party video conferences, we have set up Jitsi Meet. It is an equivalent to Google Hangouts and similar systems. In the course of collaborating with us, we will provide you with access to this tool and will encourage you to use it instead of other, potentially less-secure alternatives.
If you have questions about this document, please contact us (securely if possible) using one of the methods above. Failing that, you can send an e-mail to phillip AT beautifultrouble DOT org.
- [√] Simplify the language
- Review Dave's edits and comments in [awkward bold brackets]
- This still kind of reads like a Terms & Conditions statement... I wonder if we could/should distill it into a "3 ways to communicate with us securely" document, followed by a "learn more" directory of links to resources, services, tutorials, etc?