We get a fair number of questions about our computer security. Enough that we’ve written this post so we can stop responding individually.
Often these questions are in the form of
Blah is owned by a big corporation, and the CIA spends their days reading what you say on it! You are morally defective for using it. You should use this small, poorly maintained free/libre open source thing I wrote yesterday instead!
This is rarely from someone who is actively engaged with Trans Rescue in other ways. They aren’t concerned that our social media presence is lacking, that we don’t have a robust system to support passengers emotionally, that we need to incorporate subsidiary chapters or improve our grant writing or any of the very, very long list of things we actually need to work on. So we need to ask, why worry about THIS? And why choose a public attack, if you are well meaning?
Please don’t do that. If you have an actual concern about our security, drop us a PM or send an email to contact@transrescue.org. If you wish to follow CERT responsible disclosure procedure drop us an email saying so. That is the responsible thing to do, not declare your disgust on mastodon. We do have a computer security team. It’s made up of professional security engineers. If you’re interested in joining it, send an inquiry with a resume to volunteer@transrescue.org .
While we always love more volunteers, honestly, if your motivation to volunteer is to do l33t h3x0r stuff you will be disappointed. This is a WordPress site, folks. If you volunteer to come help us as a programmer you are more likely to be asked to stand up and maintain a CRM or figure out why some plugin isn’t working with some external service. The guy who does maintain this site puts a lot of work into it, and we are keenly aware that he could be doing virtually the same work on a site that sells mattresses and making bank doing it. We are endlessly grateful for his service.
We are practical. Our mission is to get trans people out of dangerous places. It is a deadly serious job. We use the tools that work, including some provided by large companies whose ethics we despise. We are not security hobbyists. Our passengers are mostly people who only have access to a phone, sometimes a very cheap one, and who rarely have advanced computer skills. They want to live in safety and freedom, not play with tech.
We DO have state and non-state actor threats. And we have highly secure systems for dealing with those situations. We will not, I’m sorry, discuss our security with you, for the simple reason that it’s not secure. Anti-reconnaissance is a basic principle.
I’m sorry if this offends your religion. We offend other people’s religions too. The majority of our passengers are fleeing from Islamic or fundamentalist Christian societies. If our cyber impurity makes us blaspheming heathens in people’s eyes, I guess they join that club.