I have lots of whistles to blow. Things where if I expose them then the report itself will be instantly attributable to me by insiders who can correlate details. That’s often worth the risks if the corporate baddy who can ID the whistle blower is in a GDPR region (they have to keep it to themselves.. cannot doxx in the EU, Brazil, or California, IIUC).
But risk heightens when many such reports are attributable under the same handle. Defensive corps can learn more about their adversary (me) through reports against other shitty corps due to the aggregation under one handle.
So each report should really be under a unique one-time-use handle (or no handle at all). Lemmy nodes have made it increasingly painful to create burner accounts (CAPTCHA, interviews, fussy email domain criteria, waiting for approval followed by denial). It’s understandable that unpaid charitable admins need to resist abusers.
Couldn’t this be solved by allowing anonymous posts? The anonymous post would be untrusted and hidden from normal view. Something like Spamassassin could score it. If the score is favorable enough it could go to a moderation queue where a registered account (not just mods) could vote it up or down if the voting account has a certain reputation level, so that an anonymous msg could then possibly reach a stage of general publication.
It could even be someone up voting their own msg. E.g. if soloActivist is has established a history of civil conduct and thus has a reputation fit for voting, soloActivist could rightfully vote on their own anonymous posts that were submitted when logged-out. The (pseudo)anonymous posts would only be attributable to soloActivist by the admin (I think).
A spammer blasting their firehose of sewage could be mitigated by a tar pit -- one msg at a time policy, so you cannot submit an anonymous msg until SA finishes scoring the previous msg. SA could be artificially slowed down as volume increases.
As it stands, I just don’t report a lot of things because it’s not worth the effort that the current design imposes.
Those do not obviate the use cases I have in mind. Secure drops are useful tools for specific whistle blowing scenarios. But they are not a one-size-fits-all tool.
I routinely use framadrop and then transmit the links to regulators or whoever I am targeting to act on a report. But what if the target audience is not a specific journalist or regulator but rather the entire general public? The general public does not have access to reports submitted to the Guardian’s dropbox or NYTimes’ dropbox. Those are exclusive channels of communication just for their own journalists. The report then only gets acted on or exposed if the story can compete with the sensationalisation level of other stories they are handling. If I’m exposing privacy abuses, the general public does not give a shit about privacy for the most part. So only highly scandelous privacy offenses can meet the profitable publication standards of Guardian and nytimes. The reports also cannot be so intense as to be on par with Wikileaks. There is a limited intensity range.
The fedi offers some unique reach to special interest groups like this one without the intensity range limitation.
NYtimes is also a paywall. So even if the story gets published it still ends up a place of reduced access.
They are great tools for some specific jobs but cannot wholly replace direct anonymous publication. Though I must admit I often overlook going to journalists. I should use those drop boxes more often.
(edit) from the guardian page:
That
theguardian.securedrop.tor.onionURL caught my attention. I did not know about onion names until now. Shame it’s only for secure drops.