Documentation

Note

This documentation is thank to the support of our community. Join us and contribute with your additions and suggestion. In any of the page you find a link that enables you to provide suggestions and corrections. We remind you that in case of any software issue or bug you may always report on the ticketing system.

• GETTING STARTED
  • Introduction
  • Design principles
    • Security, and privacy and anonymity
    • Accessibility, internationalization and inclusivity
    • Flexibility and scalability, interoperability
    • Open Source, sustainability and digital sovereignty
  • Glossary
• SETUP & MAINTENANCE
  • Installation
  • Initialization
    • Choose the primary language for your site
    • Choose a name for your project
    • Configure the account for the administrator of your whistleblowing site
    • Configure the account for the first recipient of reports
    • Read and accept the license
    • Complete the wizard
  • Backup and restore
• REPORTING DOCUMENTATION
  • Getting informed
    • What you need to know before reporting
    • Where to find this information
    • Seek support from experienced Civil Society Organizations (CSOs)
  • Reporting
    • Submit a new report
    • Save your access code
    • Access a report
      • View report information
      • Attach a new evidence
      • Read and send comments
      • Provide your identity (optional)
• USER DOCUMENTATION
  • Common to all users
    • First Login
    • Login
    • Configure your preferences
    • Enable Two-Factor-Authentication (2FA)
    • Access and save your account recovery key
    • Change your password
    • Reset your password
    • Request support
  • Admin
    • User interface
      • Settings
        • Settings
        • Files
        • Languages
        • Text customization
        • Advanced settings
      • Users
        • User roles
        • User options
      • Questionnaires
        • Steps
        • Questions types
        • Common question properties
      • Channels
        • Data retention policy
      • Case management
      • Notification
        • Notification settings
        • Notification templates
      • Network
        • HTTPS
        • Tor
        • IP access control
        • URL redirects
      • Sites
        • Sites management
        • Signup module
      • Audit log
    • Common configurations
      • Configure the logo
      • Enable languages
      • Configure notification settings
      • Configure recipients
      • Customize the graphic layout
        • Example 1: custom background
        • Example 2: custom font
  • Recipient
    • Access the list of the existing reports
    • Order and filter reports
    • Select reports
    • Enter a report
    • Refresh the list of reports
    • Search a report
    • Export the list of reports
    • Access a report
    • Mark a report as important
    • Set a reminder
    • Silence email notifications
    • Manage users’ access to report (optional)
      • Grant access to a report
      • Revoke access to a report
      • Transfer access to another recipient
    • Perform actions on a report
      • Edit the expiration date
      • Mask a report (optional)
      • Change the status of a report
      • Delete a report (optional)
    • Export a report
      • Download a report
      • Print a report
    • Refresh a report
    • Label a report
    • View report information
    • Access the reporting person’s identity (optional)
    • View and download an attachment
      • Upload a file
      • Send a comment
  • Additional users
    • Analyst
    • Custodian
• TECHNICAL DOCUMENTATION
  • Roadmap
    • Release Cycle
    • Objectives
    • Release Types
    • Release Workflow
    • Feature Prioritization
    • Testing and Quality Assurance
    • Long-Term Vision
  • Requirements
    • Hardware requirements
    • Software requirements
    • Supported browsers
  • Features
    • User features
    • Legal features
    • Security features
    • Technical features
  • Security
    • Threat model
      • Users matrix
      • Anonymity matrix
      • Communication security matrix
      • Identity disclosure matrix
      • Usage scenarios matrix
      • Data security matrix
      • Threats to anonymity and confidentiality
        • Browser history and cache
        • Metadata
        • Malware and trojans
        • Network and reverse proxies
        • Data stored outside the platform
        • Environmental factors
        • Incorrect data retention policies
        • Human negligence
        • Advanced traffic analysis
    • Application security
      • Architecture
      • Anonymity
      • Authentication
        • Password
        • Receipt
      • Password security
        • Password storage
        • Password complexity
        • Two-factor authentication
        • Slowdown on failed login attempts
        • Password change on first login
        • Periodic password change
        • Password recovery
      • Web application security
        • Session management
        • Session encryption
        • No cookies
        • HTTP headers
          • Strict-Transport-Security
          • Content-Security-Policy
          • Cross-Origin-Embedder-Policy
          • Cross-Origin-Opener-Policy
          • Cross-Origin-Resource-Policy
          • Permissions-Policy
          • X-Frame-Options
          • Referrer-Policy
          • X-Content-Type-Options
          • Cache-Control
          • Clear-Site-Data
        • Crawlers policy
        • Anchor tags and external urls
        • Input validation
          • On the backend
          • On the client
        • Form autocomplete off
      • Network security
        • Connection anonymity
        • Connection encryption
        • Network sandboxing
      • Data encryption
      • Application sandboxing
      • Database security
        • Secure deletion
        • Auto vacuum
        • Limited database trust
        • Limited database functionalities
      • DoS resiliency
        • Proof of work on users’ sessions
        • Rate limit on users’ sessions
        • Rate limit on logins, whistleblowers’ reports and attachments and operations
      • Other measures
        • Browser history and forensic traces
        • Secure file management
          • Secure file download
          • Safe file opening
          • PGP encryption
        • Encryption of temporary files
        • Secure file delete
        • Exception logging and redaction
        • Entropy sources
        • UUIDv4 randomness
        • TLS for smtp notification
    • Encryption protocol
      • Encryption’s workflow
      • Encryption’s details
        • Algorithms
        • Users’ credentials
        • Users’ keys
        • Data encryption’s keys
      • Key generation
      • Key recovery
      • Key escrow
    • Security audits
  • Development
    • Development environment
      • Requirements
      • Setup
      • Run
      • Building the docs
    • Software libraries
    • Database schema
    • Release procedure
    • Release versioning
    • Release tagging
    • Release packaging
    • Package publishing
    • Repository signing
    • Continuous integration
      • Unit tests
      • E2E tests
  • Quality assurance