this is frankly really scary. if you’re in a socialist org, please make sure that they’re not so lax with security like this. also, why the actual fuck are they using google products. we are fucking doomed here in the west man. To be clear I think this is probably more on the local chapter of your org than the national org, but even then I really think national orgs need to be giving out a lot more training about this kind of thing, and quite frankly booting out the leadership of local chapters if they’re lax like this.
tweet text here
PSL security culture: I left almost a year ago, their members locally know I don’t like them, but I’m still in some shared folder where I can see sensitive event and recruiting information
I highly recommend to the people joining orgs to take serious steps and ask questions around security. What if this got into the wrong hands? Out of courtesy I’m censoring the names. I have plenty more screenshots of events in case they try to refute this but I recommend they just hold this L quietly
*4 images showing proof
What would be an alternative to Google’s spreadsheets? Best thing I can think of is a Nextcloud deployment. I would just prefer to host this kind of shit in a private git repository somewhere but of course that would understandably not fly with 99% of the people.
There are free NextCloud providers. CryptPad also seems promising and can also be self-hosted. I can’t think of any good reason to use Google Drive/Sheets/… aside from a short adjustment period when switching to an E2EE equivalent
Someone that works for whatever org you work with owns a domain. Make it run by the org. You can make nextcloud have logins for your known members to see sensitive data.
im not exactly sure either. In this case, I dont even know why you need a spread sheet for this case exactly (in one of the screenshots it looks like they just had who was responsible for what during an event?). I understand that is 100% why people use them, the ease of use, but we need to come up with better solutions imo. Obviously the most sensitive stuff should be kept person to person and not put on the computer, but even with less sensitive information i think we should be doing better than potentially offering up all that info to the feds for essentially free, make them commit resources to infiltrate our groups, not just work with google real quick to get access to whatever they need. Even if our solutions are somewhat clunky, we should 100% be willing to put the time/resources into training people to be tech literate enough to use them