Infosec-handbook.eu as a reliable source for Wikipedia?

Their About says Benjamin likes contributing to Wikipedia, so I’d email him if I could find an address, because he’s familiar with the rules, I assume.

I found their two articles on eelo aka /e/ to be credible, well written, detailed…good.

Eelo found them to be credible too, because they responded and created Gitlab issues (6 of 12 still open).

However, other editors at Wikipedia could not find other reliable secondary sources mentioning Infosec-handbook.eu, so it fails the reliable source criteria - It’s not if you’re good; it’s if someone else good says you’re good. Or something like that.

Anyway, does anyone know of published papers, books, or other reputation credentials “stuff” to help show reliability of ISH?

To be clear, I’m not asking for any support at Wikipedia, because that would be wrong, or against the rulez. I’m asking if anybody can point me to info’ I could use, because I’m sure it’s out there, somewhere, but my searches have failed me.

Thanks

PS. How about that mysterious, “3rd party” app store site, huh?? Oops. /e/ doesn’t like talking about that!

The only thing I can definitely say that they are bad at transparency and in my opinion every project like this needs transparency and a git repository where changes can be publicly audited.

… every project like this needs transparency and a git repository …

This doesn’t help with my question, but… my feedback:

I’m almost ashamed to (rarely) comment on github, over a year after it was bought by Microsoft, arguably the worst organization in history for privacy and software. I’m sure you’ve discussed it, but I’d rather fold than keep running on a Microsoft site.

Transparency has its pluses and minuses. For technical topics, private, peer review can be better and more efficient than giving a voice to every person with an opinion, or a personal agenda (financial or other) to push, like with eOS at wikipedia. As a viewer of your site, I find the recommendations interesting and useful as starting points. However, when I try to find out why, for example LineageOS is highlighted, but Replicant or microG-Lineage is only “worth mentioning,” I can’t find a vote tally or a concise explanation of the decision, after 30 minutes to an hour of searching and reading. Popular on reddit doesn’t do it for me. My knowledge tells me Replicant is more private, but LineageOS is more usable, assuming you want to use your camera, GPS or WiFi for example. So I know judgment calls are being used, and somebody is dictator or ruling committee, in the end.

Whether to publish all the comments received, or to even address each one, item by item, is a question of style and how much voice to give to strangers, so I can appreciate both ways.

Thanks for the feedback on infosec-handbook, and I hope the above is useful feedback. I appreciate what you’re doing at Privacytools.

Can you send your e-mail to the address mentioned here (https://infosec-handbook.eu/contact-email/#e-mail) again, please? We didn’t got your e-mail so far.

There are no global rules for Wikipedia. Benjamin mainly contributes to the German version of Wikipedia. Their rules already differ from the rules of the English version. We don’t recommend any blog on the internet as a sole source for articles, because web content is short-lived. This includes our blog as well.

So please send your question again.

We have a changelog on every article page and list any change that affects the content of our articles. We do not list fixed typos or very small changes like punctuation. Regarding your link: We will comment this on Reddit.

Besides, our full blog content is in a private repo on Github. So in theory, it is already audible, however, we didn’t decide to make this repo public so far.


In general, send us any feedback to our e-mail address (https://infosec-handbook.eu/contact-email/#e-mail) or via the Fediverse (https://mastodon.at/@infosechandbook) please. Since we operate our blog in our leisure time, we don’t have resources to monitor any possible platform on the web for feedback. Thanks for your understanding.

We have had multiple discussions about this, most recently in PTIO Needs to Ditch Github and I am also wishing we could move from GitHub.

I don’t know about this particular subject, but I guess usability may have put it on top if you are correct. I didn’t check the git history for this post, but depending on how old it is, it may be done by a single person, while if it’s more recent, it has required approval of at least two team members.

I think everyone is doing their best.

I hope to see it public in the future.

As mentioned on Reddit, here is the link to a new separate repo: https://github.com/infosec-handbook/blog-content.

Please note that this repo starts on Jan 19, 2019. Before, we had a private Git repo on Keybase, and weren’t able to move the full history.


Regarding the initial request by @yae, we think this is solved now. We didn’t got any e-mails from this user.

1 Like

Regarding the initial request by @yae, we think this is solved now. We didn’t got any e-mails from this user.

No, not solved. There is no reason to send email now, because we are discussing it here. If you can point me to things to make infosec-handbook site look like a more reliable source for Wikipedia, please do.

I found your discussions regarding this topic on Wikipedia (English version).

Wikipedia clearly states that “personal websites” and “personal blogs” are considered “questionable” (https://en.wikipedia.org/wiki/Wikipedia:Reliable_sources#Self-published_sources_(online_and_paper)).

Wikipedia also states: “Anyone can create a personal web page, self-publish a book, or claim to be an expert. That is why self-published material such as books, patents, newsletters, personal websites, open wikis, personal or group blogs (as distinguished from newsblogs, above), content farms, internet forum postings, and social media postings are largely not acceptable as sources. Self-published expert sources may be considered reliable when produced by an established expert on the subject matter, whose work in the relevant field has previously been published by reliable, independent publications.” (Source)

As mentioned before, this is totally reasonable. More importantly, this isn’t an issue with infosec-handbook.eu, but affects most other blogs. So there is little to no chance to use our content as the only source for your edits on Wikipedia.

Self-published expert sources may be considered reliable when produced by an established expert on the subject matter, whose work in the relevant field has previously been published by reliable, independent publications.

This ^ was what I was hoping you might provide, because the about says you go to industry conferences.

Attending conferences and connecting with other security professionals doesn’t imply that you publish anything. At the moment, we likely can’t provide anything that meets the criteria of Wikipedia.

By the way, just publishing anything doesn’t improve this. For instance, there is a big difference between a scientific paper published by a university, and a scientific paper that is part of the proceedings of several security conferences.

For purpose of Wikipedia, this is worth almost as much as a peer reviewed journal publication, unfortunately, but it’s a start. :slight_smile:

" I loaded a packet-capture app on the phone and also relied on some very salty blog posts from Infosec Handbook, a European site that took a very gimlet eye to Duval’s promises of getting Google out of his devices."

FYI, Gael “explains” transparency, and e app store:

But this isn’t related to “Infosec-handbook.eu as a reliable source for Wikipedia?”, is it?

It is, to the extent Mikaela said in the first comment,

The only thing I can definitely say that they are bad at transparency and in my opinion every project like this needs transparency and a git repository where changes can be publicly audited.

I wasn’t sure if that comment on transparency is directed at /e/ or infosec handbook, but it sidetracked the discussion some, to transparency…

This was about our blog. We improved transparency by:

  • pushing every change of contents to a Git repo on codeberg.org,
  • publishing monthly reviews that contain information about what we did in the last 30 days, and what we will do in the following month,
  • adding changelogs to the bottom of our articles as soon as we change content substantially to further explain changes, and
  • indirectly providing snapshots of our blog on platforms like archive.org (this is the default for most websites on the internet, however, there are also blogs that block archive.org).

If there are any further suggestions, please tell us here, via e-mail, or via these other channels.

and meanwhile we decreased our transparency in form of @jonah moving blog.privacytools.io outside of git/Jekyll to Ghost CMS with no plans for transparency :crying_cat_face: