editing for voice and clarity -- just trying to dial in.

drafts/Chapter03-03-OrgBestPractices.md

@@ -15,13 +15,13 @@ Before we even talk about tools for taking confidential tips securely, there are
 
 1. Who is going to maintain the page? If you’re reading this, the person maintaining the secure tip page for your newsroom might be you. Make sure you know what that entails, and that there's a plan in place for handing off ownership if you leave the newsroom.
 
-2.  The page should be somewhere easily accessible, and under the newsroom's control. Don't
+2.  The page should easily accessible, and under the newsroom's control. Don't
 
-3.  Host secure tip pages with HTTPS, not over an unsecured HTTP connection. This prevents unwanted third parties from snooping on would-be sources’ connections to your tip page. If your site doesn't already default to HTTPS, address that first. ASK: WHAT SHOULD YOU DO?
+3.  Host secure tip pages with HTTPS, not over an unsecured HTTP connection. This prevents unwanted third parties from snooping on would-be sources’ connections to your tip page. If your site doesn't already default to HTTPS, address that first. Two excellent resources to help make the case: [The US CIO's excellent and thorough explanation](https://https.cio.gov/everything/), and [Chrome's Developer Blog](https://developers.google.com/web/fundamentals/security/encrypt-in-transit/why-https).
 
 4. HTTPS prevents an eavesdropper from sniffing out anything beyond the domain name, so your tips page should not be served from a dedicated subdomain (eg. https://tips.example.com), but on a subdirectory of your primary website (eg. https://www.example.com/tips).
 
-5.  Your institution should be prepared to advertise the page widely. A secure tip page only works if people read it *before* reaching out.
+5. The newsroom should be prepared to advertise the tips page widely. A good tips page only works if people read it *before* reaching out.
 
 **So what goes on the page?**
 
@@ -74,46 +74,39 @@ Many of us already have a professional email address, desk phone, cell phone, or
 
 Some common secure communication channels include [Signal](https://signal.org/), [WhatsApp](https://whatsapp.com/), [Off-the-record messaging](https://wikipedia.org/wiki/Off-the-Record_Messaging), and PGP for email encryption. Each has advantages and tradeoffs:
 
-+ [Signal](https://signal.org/) is a free and open source secure messaging app for [iPhone](https://itunes.apple.com/us/app/signal-private-messenger/id874139669) and [Android](https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en), developed by [Open Whisper Systems](https://whispersystems.org/). There is also a [desktop](https://signal.org/download/) application available.
-
-    + Signal supports encrypted messaging and phone calls. Signal’s developers designed the service to retain as little metadata as possible: all they know is the user’s phone number, sign-up time, and the time when the user was last active. Signal also allows messages to "self-destruct" automatically after a preset amount of time, leaving behind as little information as possible. For help getting started, read [Signal for Beginners](https://medium.com/@mshelton/signal-for-beginners-c6b44f76a1f0).
++ [Signal](https://signal.org/) is a free and open source secure messaging app for [iPhone](https://itunes.apple.com/us/app/signal-private-messenger/id874139669) and [Android](https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en), developed by [Open Whisper Systems](https://whispersystems.org/). There is also a [desktop](https://signal.org/download/) application. Signal supports encrypted text messaging and phone calls. Signal’s developers designed the service to retain as little metadata as possible: all they store is a user’s phone number, sign-up time, and the time when the user was last active. Signal also allows messages to "self-destruct" automatically after a preset amount of time, leaving behind as little information as possible. For help getting started, read [Signal for Beginners](https://medium.com/@mshelton/signal-for-beginners-c6b44f76a1f0).
 
     + Tradeoffs: While Signal’s servers retain [very little metadata](https://whispersystems.org/bigbrother/eastern-virginia-grand-jury/), the app is  not designed to prevent live metadata surveillance. The users in conversation should not be considered anonymous.
 
 + [WhatsApp](https://whatsapp.com/) has over a billion users on [iPhone](https://itunes.apple.com/us/app/whatsapp-messenger/id310633997) and [Android](https://play.google.com/store/apps/details?id=com.whatsapp) and uses similar encryption to Signal. It’s easy to use, and with the right settings, can be a decent option for routine communications. WhatsApp users can share more types of files than Signal, and it can be
 a great way to send documents.
 
-    + Tradeoffs: Importantly, some settings must be tweaked to maximize the security  of the app, and to make it safer for routine use. By default, WhatsApp backs up unencrypted messages to iCloud or Google Drive. Backups should be disabled.To learn more about how to improve WhatsApp security, read [Upgrading WhatsApp Security](https://medium.com/@mshelton/upgrading-whatsapp-security-386c8ce496d3).
-
-    + Like Signal, WhatsApp stores user phone numbers. WhatsApp is owned by Facebook and shares the user's phone number (which can help Facebook map connections) and user analytics with the social media company. Facebook can also be forced to share its troves of user data in response to a court order or subpoena.
-
-+ [Off-the-record](https://en.wikipedia.org/wiki/Off-the-Record_Messaging) or OTR is a messaging encryption standard. OTR can be installed as a plug-in for messaging clients, such as [Pidgin](https://pidgin.im/) or [Adium](https://adium.im/), typically using an open messaging standard called [XMPP](https://en.wikipedia.org/wiki/XMPP).
+    + Tradeoffs: Importantly, some settings must be tweaked to maximize the security  of the app, and to make it safer for routine use. Under some circumstances, WhatsApp backs up unencrypted messages to iCloud or Google Drive by default: users may need to confirm that backups are be disabled. [Upgrading WhatsApp Security](https://medium.com/@mshelton/upgrading-whatsapp-security-386c8ce496d3) is an excellent guide to ... upgrading WhatsApp securit.
 
-    + OTR can encrypt communications with sources on a variety of inter-operable messaging clients. Read the Electronic Frontier Foundation’s primer on getting started with OTR for [Windows](https://ssd.eff.org/en/module/how-use-otr-windows), [Mac](https://ssd.eff.org/en/module/how-use-otr-mac), and [Linux](https://ssd.eff.org/en/module/how-use-otr-linux).
+    + Like Signal, WhatsApp stores user phone numbers. They also [store substantially more data](https://www.whatsapp.com/legal/#privacy-policy) -- your address book, who you contact most often, and other information about how you use the service. WhatsApp [shares that data with their parent company, Facebook](https://www.eff.org/deeplinks/2016/08/what-facebook-and-whatsapps-data-sharing-plans-really-mean-user-privacy-0). Facebook,and WhatsApp can be forced to share their user data in response to a court order or subpoena.
 
-    + OTR allows users to accept messages from anyone using an OTR client, including some anonymity-protecting clients such as [Tor Messenger](https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily). If your contacts have the know-how, this can be an asset for protecting their anonymity.
++ [Off-the-record](https://en.wikipedia.org/wiki/Off-the-Record_Messaging), or OTR is a messaging encryption standard. OTR can be installed as a plug-in for messaging clients, such as [Pidgin](https://pidgin.im/) or [Adium](https://adium.im/), typically using an open messaging standard called [XMPP](https://en.wikipedia.org/wiki/XMPP). OTR can encrypt communications on a variety of inter-operable messaging clients. The Electronic Frontier Foundation provides a primer on getting started with OTR for [Windows](https://ssd.eff.org/en/module/how-use-otr-windows), [Mac](https://ssd.eff.org/en/module/how-use-otr-mac), and [Linux](https://ssd.eff.org/en/module/how-use-otr-linux). OTR allows users to accept messages from anyone using an OTR client, including some anonymity-protecting clients such as [Tor Messenger](https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily). If your contacts have the know-how, this can be an asset for protecting their anonymity.
 
-    + Tradeoffs: Not everyone is familiar with OTR, and you’re much more likely to receive an OTR message from a savvy user than anyone else. OTR should not be confused with the "off the record" setting in Google Hangouts.
+    + Tradeoffs: Not everyone is familiar with OTR -- you’re much more likely to receive an OTR message from a savvy user than anyone else. OTR should not be confused with the "off the record" setting in Google Hangouts.
 
-+ [Pretty Good Privacy](https://en.wikipedia.org/wiki/Pretty_Good_Privacy) is an email encryption standard, most commonly used to secure email. PGP uses public key cryptography: messages scrambled with the "public" key can only be unscrambled with the corresponding "private" key. The public key can be shared widely, so anyone can create a scrambled message that can only be read by the user who holds the corresponding private key. Users typically post their public key in an accessible place, such as a personal website, byline, or a [public keyserver](https://pgp.mit.edu/pks/lookup?search=nytimes&op=index).
++ [OpenPGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy) is an email encryption standard, most commonly used to secure email correspondence. Note that PGP (Pretty Good Privacy) and GPG (GNU Privacy Guard) are two implementations of the same standard, so you may see GPG and PGP used interchangeably. PGP uses public key cryptography: messages scrambled with a "public" key can only be unscrambled by the corresponding "private" key. The public key can be shared widely, so anyone can create a scrambled message that can only be read by the user who holds the corresponding private key. Users typically post their public key in an accessible place, such as a personal website, byline, or a [public keyserver](https://pgp.mit.edu/pks/lookup?search=nytimes&op=index). The Electronic Frontier Foundation has resources for setting up PGP on [Windows](https://ssd.eff.org/en/module/how-use-pgp-windows), [Mac](https://ssd.eff.org/en/module/how-use-pgp-mac-os-x), and [Linux](https://ssd.eff.org/en/module/how-use-pgp-linux).
 
-    + The Electronic Frontier Foundation has resources for setting up PGP on [Windows](https://ssd.eff.org/en/module/how-use-pgp-windows), [Mac](https://ssd.eff.org/en/module/how-use-pgp-mac-os-x), and [Linux](https://ssd.eff.org/en/module/how-use-pgp-linux).
-
-    + Tradeoffs: PGP is infamously tricky to use, even for security geeks. It’s easy to make a mistake that will compromise your sensitive communications. Most importantly for news organizations, PGP only secures the body of an email: email addresses, timestamps and subject lines are all still sent in plaintext, exposed to eavesdroppers. You are likely to get more "return on investment" with simpler channels, such as Signal.
+    + Tradeoffs: PGP is famously tricky to use, even for security geeks. It’s easy to make a mistake that will compromise sensitive communications. And PGP only secures the body of an email: email addresses, timestamps and subject lines are all still sent in plaintext, exposed to eavesdroppers. You are likely to get more "return on investment" with simpler channels, such as Signal.
 
 **Secure Organizational Channels**
 
 When done properly, physical mail and [SecureDrop](https://securedrop.org/) can both be good ways for sources to avoid giving personally identifiable information. The catch is, your sources have to know what to do.
 
-+ Physical mail. Regular old-fashioned mail is a solid way to receive sensitive tips because sources don’t need to give their return address. [The U.S. postal service takes images of the exterior of paper mail](http://www.nytimes.com/2013/07/04/us/monitoring-of-snail-mail.html), so if you want, you can encourage sources to put a return address inside the envelope instead. Physical mail can be a great way to send physical documents as well as electronic media, such as SD cards or small USB devices.
++ Postal mail. Regular old-fashioned postal service physical mail is a solid way to receive sensitive tips because sources don’t need to provide a return address. The U.S. postal service does [collect images of the exterior of paper mail](http://www.nytimes.com/2013/07/04/us/monitoring-of-snail-mail.html), so encourage sources to leave off the return address (or put it inside of the envelope). Physical mail can be a great way to send paper documents as well as electronic media, such as SD cards or small USB devices.
+
+    + Tradeoffs: The main drawback is that mail is one-time communication. If you advertise your office address for accepting tips, encourage sources to give you a way to reach them if you have questions. Also, many workplaces are able to see who accessed a particular document, as well as review individual printer usage: a tipster who prints out a sensitive document at work may be caught by their own infrastructure before the document even reaches a newsroom.
 
-+ Tradeoffs: The main drawback is that physical mail represents a one-off communication. If you advertise your office address for accepting tips, encourage sources to give you a way to reach them so that you can ask them about any materials they share.
++ [SecureDrop](https://docs.securedrop.org/en/stable/index.html) is an encrypted submission system that can help news organizations receive documents and exchange messages with sources. SecureDrop uses the Tor anonymity network, which encrypts and bounces web traffic around the globe, making it much more difficult for eavesdroppers to determine the original source of a tip. This is one of the best options available for protecting confidentiality.
 
-+ [SecureDrop](https://docs.securedrop.org/en/stable/index.html). SecureDrop is an encrypted submission system that can help news organizations receive documents and exchange messages with sources. SecureDrop uses the Tor anonymity network, which encrypts and bounces web traffic around the globe, making it much more difficult for eavesdroppers to determine the original source of a tip. This is one of the best options available for protecting confidentiality.
+  + Tradeoffs: Sources using SecureDrop don’t have to provide identifying information unless they choose to do so. This added protection for sources can sometimes present challenges for newsrooms that need to verify the legitimacy of an anonymous leak.
 
-+ SecureDrop requires dedicated equipment and an administrator familiar with the basics of Linux and Bash shell. [Learn more about setting up SecureDrop here](https://docs.securedrop.org/en/stable/index.html).
+  + SecureDrop requires dedicated equipment and an administrator familiar with the basics of Linux and Bash shell. The SecureDrop docs provide a good overview of the process of [setting up SecureDrop](https://docs.securedrop.org/en/stable/index.html). ASK: LINK TO OUR LESSON.
 
-+ Tradeoffs: With SecureDrop, sources don’t need to provide identifying information unless they choose to do so. The added protection for sources can sometimes present challenges for newsrooms that need to verify the legitimacy of an anonymous leak.
 
 **Verification**