privacyguides.org/docs/about/criteria.md

44 lines
2.2 KiB
Markdown
Raw Normal View History

---
title: General Criteria
---
<div class="admonition example" markdown>
<p class="admonition-title">Work in Progress</p>
The following page is a work in progress, and does not reflect the full criteria for our recommendations at this time. Past discussion on this topic: [#24](https://github.com/privacyguides/privacyguides.org/discussions/24)
</div>
Below are some things that must apply to all submissions to Privacy Guides. Each category will have additional requirements for inclusion.
## Financial Disclosure
We do not make money from recommending certain products, we do not use affiliate links, and we do not provide special consideration to project donors.
## General Guidelines
We apply these priorities when considering new recommendations:
- **Secure**: Tools should follow security best-practices wherever applicable.
- **Source Availability**: Open-source projects are generally preferred over equivalent proprietary alternatives.
- **Cross-Platform**: We typically prefer recommendations to be cross-platform, to avoid vendor lock-in.
- **Active Development**: The tools that we recommend should be actively developed, unmaintained projects will be removed in most cases.
- **Usability**: Tools should be accessible to most computer users, an overly technical background should not be required.
- **Documented**: Tools should have clear and extensive documentation for use.
## Developer Self-Submissions
We have these requirements in regard to developers which wish to submit their project or software for consideration.
- Must disclose affiliation, i.e. your position within the project being submitted.
- Must have a security whitepaper if it is a project that involves handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- Third party audit status. We want to know if you have one, or have one planned. If possible please mention who will be conducting the audit.
- Must explain what the project brings to the table in regard to privacy.
- Does it solve any new problem?
- Why should anyone use it over the alternatives?
- Must state what the exact threat model is with their project.
- It should be clear to potential users what the project can provide, and what it cannot.