Another step towards crowdfunding

[Micah Lee]

Hi, I think this is my first post to this list, but I've been a lurker
for a bit.

This campaign looks pretty awesome. I tweeted the video and it's getting
some pickup: https://twitter.com/micahflee/status/411569314097934336

I hope you don't mind a bit of feedback.

On 12/13/2013 10:57 AM, Werner Koch wrote:
> I was somehow able to convice Sam not to install Wordpress like blogging
> software right now.  Which also means that for comments you need to
> resort to gnupg-users ;-).

One way that I think the blog could be improved is by providing
permalinks for the individual posts. I actually wanted to tweet the
"Preparing for launch" post, but the only URL I could tweet is
http://blog.gnupg.org/, so I decided to post the YouTube URL instead.

Looking back through this list archives it appears that this fundraising
campaign actually has a "matching grant", to use non-profit development
language? Each donation is doubled?

If so, that can be a major selling point for getting donations this
"giving season". Each year for 3 years now EFF has had a wildly
successful video game-themed "Power Up Your Donation" campaign that's
based on matching grants, and it's currently going on for the next
couple days: https://supporters.eff.org/donate/power-up-2013

In the video you say that GPG is used by the government, hackers, and
billion dollar companies. I think when promoting GPG it's good to
include in that list activists, journalists, whistleblowers, and
ordinary people that care about privacy. I think you can brag about
widespread use amongst this same set of people:
https://www.torproject.org/about/torusers.html.en

In fact, organizations like Tactical Technology Collective do GPG
trainings for activists all the time, and Edward Snowden insisted on
Glenn Greenwald using GPG before they wrote any emails of substance. The
use of GPG amongst journalists has blown up in the last 6 months now
that everyone knows they're being spied on.

Finally, if you're raising money to rebuild the website, could you add
HTTPS to your to do list? Using HTTPS, making HTTP redirect to HTTPS,
using the HSTS header, using perfect forward secrecy ciphersuites, and
all those other best practices? I'm well aware of the drawbacks of CAs
and centralized trust, but I don't think that's a very good reason to
not protect privacy of website visitors by default.

--
Micah Lee

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20131213/680c5ace/attachment.sig>