[HacktionLab] Fwd: Security Best Practice for vetting tech volunteers.

[Tim Dobson]

ahoy friends,

I'm looking at a potentially memorable activist job, assisting people in
$other_country with stuff that you and me might look at as important.

The government of $other_country would deem the organisation as Very
Interesting or Very Interesting Eager To Disrupt, and have active
operations.

An interview question is
> A volunteer from the $other_country has applied to your organization. How
can you verify them? Describe the procedure.

It occurs to me that basically, you'll _never_ be able to defeat a
nation-state intelligence test with screening procedures, and if you're
relying on volunteer support, you'll need to recruit volunteers... and so
you have to assume your behind the scenes work and infrastructure is
transparent to the other side?

Does anyone have a counterpoint to this? Or best practice?

Happy to chat on Signal or GPG if it'd make anyone more comfortable.

-Tim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.aktivix.org/pipermail/hacktionlab/attachments/20250114/3542e3f3/attachment.htm>