[HacktionLab] Fwd: Security Best Practice for vetting tech volunteers.
Tim Dobson
lists at tdobson.net
Mon Jan 27 23:38:16 UTC 2025
Thanks for the interesting reply!
On Mon, 27 Jan 2025 at 17:42, Garcon du Monde <gdm at fifthhorseman.net> wrote:
>
> - for option two, they've given some proof that they can do "good
> stuff" and so the challenge is then to get them to do (or keep them
> doing) "good stuff" for your organisation. as long as you can do
> this, then things are fine. they may well *also* do "bad things"
> (e.g. provide intel to the "enemy") - but you run that risk with
> every single existing member of your organisation anyway, including
> you!! that is, you never know when someone is going to be
> compromised: we all have shady things in our past that can be used
> against us if you figure out how, that's one of the main
> characteristics of being human.
>
Interesting approach. Like - I probably agree. Some advice someone else
gave was to go for logging, and auditability - which makes sense - and yes,
useful volunteers are at least useful - and since you'll never figure out
if you trust them or not, you might as well have useful ones... Try
explaining that approach to people though when the stakes are very high!
I think I've concluded that this job isn't for me. A poorly paid job,
that's filled with depressing news, where your job is stop very vulnerable
people from pwning themselves to a very capable adversary does not seem
like the fun it briefly appeared to be.
This is the job in question:
https://docs-google-com.translate.goog/forms/d/e/1FAIpQLSe7rpzdD8YDhgpYRUoVHtY2pmrjOtsXwEX26XsYid5-TlPHAA/viewform?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.aktivix.org/pipermail/hacktionlab/attachments/20250127/0796ef44/attachment.htm>
More information about the HacktionLab
mailing list