Difference between revisions of "Wikispooks talk:Anonymous Submissions"
m |
|||
Line 9: | Line 9: | ||
You should also remind people that they can submit files which have been encrypted using your published PGP public encryption key when they are using this Anonymous Uploads form. | You should also remind people that they can submit files which have been encrypted using your published PGP public encryption key when they are using this Anonymous Uploads form. | ||
+ | |||
+ | (signature added following {Peter's feedback) | ||
+ | |||
+ | [[User:Tourist|Tourist]] 09:03, 31 May 2010 (IST) | ||
+ | |||
*'''Thanks for the feedback - useful stuff. This is the current situation: | *'''Thanks for the feedback - useful stuff. This is the current situation: |
Revision as of 08:03, 31 May 2010
Could you give us some assurance that the evil Flash form will never sneakily "phone home" to Adobe (as so many of their products have done in the past), thereby betraying the submitter's IP Address and web browser details etc. to various snoopers ?
Does it set a Flash Local Shared Object "super cookie" ?
You would be better off using a standard SSL encrypted web form, ideally with a proper WikiSpooks.com Digital Certificate, or perhaps another one (e.g. as used by your web hosting provider), provided that you inform people beforehand which webserver the form is being run from.
You should also remind people that they can submit files which have been encrypted using your published PGP public encryption key when they are using this Anonymous Uploads form.
(signature added following {Peter's feedback)
Tourist 09:03, 31 May 2010 (IST)
- Thanks for the feedback - useful stuff. This is the current situation:
The WikiSpooks site is run by people (mainly myself) who are not complete dummies on the finer points of security, but neither do we claim to be at the technical cutting edge. The anonymous upload form does NOT 'phone home' to Adobe - or anywhere else, but you only have my personal assurance on that. During the next month or so, the form will be changed and be resident on a subdomain of the main Wikispooks domain and server. It will employ SSL and be certified by a recognised authority. At present the form DOES report the originating IP address but, as with the Apache server logs, the reports are deleted regularly. - See Privacy Policy and its caution/disclaimer. WikiSpooks is an unsupported low budget operation undertaken in good faith. It is not perfect but its purpose and ethos is exactly as explained in the Project documentation. All this is not to say that our esteemed SIS's are not perfectly capable of setting something very like this as a honeytrap, or monitoring/interfering in nefarious ways - they quite clearly are - but as JFK himself said:
"A man does what he must - in spite of personal consequences, in spite of obstacles and dangers and pressures - and that is the basis of all human morality."
I'm just doing what I've got to do the best I can.
PS - It would help if you added your sig to discussion contribs. It appears on the 'recent changes' page but having it in the discussion avoids confusion --Peter P 08:47, 31 May 2010 (IST)