If you're looking for a chance to get paid to write meaningful open source software, here's one of those rare opportunities. Fully remote.

We're hiring additional software engineers to join the SecureDrop team, an open source platform to protect journalists & whistleblowers. Our posting outlines the specific skillsets we're looking for:

If this describes you, please get in touch! Happy to answer questions.

@eloquence, unrelated but have the FPF considered not using CloudFlare? I understand if the freedom of the press doesn’t always align with the freedom of the readers, but I wish for it in this case:

Cc @resist1984 in case of further discussion

@cnx @eloquence Indeed it's a bit disturbing that #FreedonOfThePressFoundation uses #Cloudflare. The site also sends people to another (more hostile) Cloudflare site (creator-spring) to buy t-shirts, which then blocks Tor users. Visiting via is just a blank page which further pressures people to access via CF. CF gets the payment details of FPF supporters. Not good.

@eloquence @cnx BTW, this article is good but misses an important point: Harlo Holmes warns that malicious js could compromise users but gives no remedy to that. She should suggest #ElectronMail & #Hydroxide as ways to avoid on-the-fly javascript.


What would be in your opinion the safest way to download ElectronMail on Debian ?
Their .deb (which is not automatically updated if I understand correctly) or their snap (which uses an unsafe technology) ?

@eloquence @cnx

@eloquence my experience with washpo's use was awful in that they outsourced me to an intel community insider who wanted to make some money for his law firm and silence me by launching a qui tam with the government option to then get a gag order, rather than any of their own journalists. However the problem was not secure drop itself, but the organization misusing it... That being said, this seems fascinating...

@eloquence things that keep me awake at night include #signal's crappy #électron based desktop client. While it uses a sqlcipher db, it stores the key used in the clear on the filesystem. That seems awfully forensic friendly. And they prefer aes256 with the originally mandated and now known defective 14 round key scheduler, rather than 28 rounds...

@tychosoft @eloquence What?! Ok, I think I’m gonna stick to the mobile app then.

Sign in to participate in the conversation

A Fediverse instance for people interested in cooperative and collective projects.