We met with six sounding board members in July to discuss the challenge of how to initiate communication with someone who reaches out from a repressive context. We came up with three areas to consider, and a few first-hand tools that sounding board members have used.
Areas to consider:
- Identity permanence: how can you link multiple exchanges with the same person? and do you want to? identity permanence in communications occurs when you communicate via an account that someone sets up and uses more than once and identity impermanence (where you coordinate a meeting place – like a Cryptocat chat or a Jitsi meet – but don’t require an account or an identity to access). Both can be helpful.
- Authentication: how can you know that the account or the user you are speaking with is who you think you are speaking with?
- Tech infrastructure requirements: how difficult is to to find and assemble what’s necessary to communicate using a given channel (configure a globalleaks platform, or install a chrome and a chrome extension, or just visit a web url); how good is their internet connection; will they be calling from an internet cafe?
We discussed two main approaches:
1. Generating one-time channels to coordinate conversations. A few tools for this include:
2. Set-up information submission systems to manage information sharing. A few tools for this include:
When we brainstormed how we could share this information in a useful way, someone suggested we turn the list of considerations into a list of questions that could help others find the right approach for their situation (look at questions on the EFF secure texting scorecard as an example). So we gave it a shot, using the tools that came up in our conversation:
We’d be happy to update the table above with more information regarding SecureDrop and Redphone – please add your experience with these tools in the comments below or contact us directly.
What other strategies, tactics or tools have you found useful for carrying out secure, initial conversations?