Before I actually did most of the research for my US govt whistleblower DB and guide, I had written a review of SecureDrop, and a redteaming and theory of change document.
I made a comment that unless your system has people actively using it for drug trade or similar, it probably hasn't been stress-tested to be secure enough for government whistleblowers.
After I wrote the database and guide, I noticed the following, I had borrowed the maximum number of suggestions, especially the technical opsec part, from the guide written by TAILS (run by Tor project), and not from EFF or ACLU or securedrop or whichever other org. I read many of the guides and came to the same conclusion.
Disclaimer - I realise people at these orgs might be reading me criticising them here. I will say though that I don't really assign much moral blame for it. Chilling effects are real. I wish they were as ASI-pilled as I was, but that's a whole separate discussion.
Subscribe
Enter email or phone number to subscribe. You will receive atmost one update per month