Dangerzone.rocks website
This is a static website, currently hosted at https://dangerzone.rocks/
You can edit it locally and test it in your browser without the use of a webserver or a static site generator.
Contents of the dangerzone.rocks website
This is a static website, currently hosted at https://dangerzone.rocks/
You can edit it locally and test it in your browser without the use of a webserver or a static site generator.
Some inspiration about malicious PDFs here: https://github.com/jonaslejon/malicious-pdf
During user testing, we learned that it was not obvious for participants some what risks working with documents presented.
Explain how Dangerzone can protect in publication security because it removes metadata from documents.
A participant understood from reading the website that Dangerzone was more of a tool that could help in document intake security, but in reality it also protects journalists from accidentally posting documents with metadata.
Hi folks, congrats on setting up the dangerzone website - looking great!
A tiny nit: Near the bottom of the page, after all the different supported file formats, there's a line that reads "Itβs still possible to get hacked with Dangerzone" and I'm wondering if it's meant to be formatted as a heading of some sort.
Dangerzone rocks, thanks for your work on this everyone. :)
From user research some participants mentioned they wanted to see how the tool was like before downloading it.
During user testing, a participant just wanted to know how to use the tool. They mentioned knowing that was more important than reading the history of the project (in the about page).
With the inclusion of arm-based macOS releases, we'll need to distinguish the download links.
Have a page explaining the features and how to use Dangerzone
Having this available was suggested by a digital security trainer
Artifacts for MacOS and Windows are currently hosted on GitHub. Users downloading those from dangerzone.rocks should be able to verify their integrity. The are two ways to do so; either via checksums (e.g., SHA-256) or signatures.
In order to provide signatures for our artifacts, we need to explain to users how they can verify them with GPG on all of the supported platforms. For checksums, we can just provide the files produced by sha256sum
. So, while signatures offer stronger guarantees, checksums are a simpler verification method for this release.
Now that this has more than one page, it might worth switching to Jekyll to simplify the maintenance story across pages.
From user testing we realized that all the features need some rewording.
No network access - one participant in a user study was confused about the meaning of sandbox. The original text assumes some prior knowledge of what a sandbox is. And two users mentioned that they thought the tool was "uploading" the document We can try to frame it as opening documents on your computer but in a more secure compartment isolated from the internet.
Optional OCR - this one has two potential issues: (1) people may not know what OCR is, to begin with. We should focus instead of saying that the document will be searchable, (which is what one pretends). (2) it may be confusing for some why this is even needed β if the document was originally searchable.
Reduced File Size - Similarly to the "optional OCR", this is written of someone who already knows Qubes Trusted PDF and its limitations, but for someone coming fresh into Dangerzone, the files at the end may look much larger than the original. This can lead to confusion and should be clarified.
Open Docs Safely - we mention here that people can make Dangerzone their default document viewer, but currently, Dangerzone may not be very usable for previewing files as one has to go through the conversion process first.
During user testing, we learned that participants found various parts of the website confusing. On the homepage, the features were not clear and journalists referred a need to quickly understand what the tool is about and if it's for them. The about page has too much information. A participant suggested having an FAQ.
Per Fedora installation instructions, the GPG fingerpint should be on the website.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.