06162018
Please pardon my very direct questions. I love the concept, but I play devil's advocate against things I love to make them better.

Technology:

A. Is pursurance encrypted by the client before transmissions to the servers to be stored at rest?

B. Does pursurance require its own server or server instance (VPS etc.) or can it be run on a shared hosting enviornment?

C. Can one pursuance server manager more than one pursuance?

C. You claim to be representing writers, journalists, non-projects, activists, etc. which may not be the most technical people; will there be an auto-installer for non-technical groups and orgraniations? Writers, journalists,

E. Is Pursurance designed with Internationalization in mind and is there planned localization efforts in place? What happens with Pusurances across countries? Is Pursuance GDPR compliant (joke lol)?

F. Are the pursuance copies on other pursuance servers stored in whole or parts(think RAID 0 versus 5)? Is there more than one full copy incase of multiple comprosmised servers? Can you select where your backup copies are?

Security/Tracking

A. You said no email required but how do I get invited to the network? Is this a link? If an email, is this invite email tracked? where is the server located where it is being sent from?

B. Does the server track user authentication attempts? Does it track authorization failures? Does it track auth Does it log changes to documents like Version Control? log login activity (ips incase not using Onion server) ? do you use an SSH key to login to it?

C. Does the server log or network itself track who refers who? You describe in your talk from May 16,2018 that you eliminate all the bad people that you only invite people you trust and then they only invite people they trust. So for 400 on your kickstarter I gain trust? --- sounds like bought trust not truly credible person to me -- bad people have money newsflash! --- also secondly any of these organizations who invite people to help then then those people can invite someone they trust. You are building a trust pyramid in a sense. One bad card in the house of cards and ... they all fall down.

D. 'All or nothing trust model' - 6 Levels of granularity is a SOME or nothing trust model and will not be sufficient especially for organizations with unique 'consultants' or who may assign a task to another pursuance. The problem of fixing this later gets exponentially worse as your number of pursuance servers grows(especially after you get out of 'BETA') and thus your usership and therefore the assigned roles which would need to be re-assigned if permissions system was changes. Proof: Wordpress started off with a set number of roles: Administrator Role, Editor Role, Author Role, Contributor Role, Subscriber Role but the eco-system quickly learned that one role doesnt always fit especially for businesses/organizations/teams so the plugin Members by Justin Tadlock (100,000+ active installs) was developed to provide custom role creation that assigned permissions on a more CRUD level. Full transparency and the EXACT permissions required. Every document on security says assign the MINIMUM permissions required NOT the average. This will become a HUGE LIMITATION on your system the second your Plugin Eco-System is launched and then it will become a role hinderance versus allowing plugin to create new more granualar roles instead of assigning permission to those 6 generic categories.

E: 2Factor Authenitcation WITHOUT email address? ---- so you use phone number text message or a pin number or? Wouldnt this be counter intuitive to anonymity?

F. --- 'Transparent as I want or private as I want' -- is there a non-authenticated 'front end' that maybe auto builds a portal for users to read content designed by the pursuance collaborators?

Legal

A. How do you protect yourselves from being accused of aiding and abeting criminals in violation of the Patriot act? Your Activism coordinator is a self proclaimed 'pirate, anarchist, and overall shit distruber' according to your Kickstarter video. Piracy 'the unauthorized use or reproduction of another's work.' is highly illegal and collusion is a dangerous subject to advertise.

B. When you say SpyFree. Spies meaning from other organizations? or?

C. You are going to make this product availably globally, but there is a ban on exporting certain encryption technology to sanctions countries or so I assume? Have you weighed the risks here? Even though you are a non-profit, you are still a Corporation that carries risk and providers services that are seizable. You even mention in your presentation that pursuance servers can self-heal in these cases from duplicates stores on other servers?

23. Hypothesis is a browser plugin or a softare app on your device? Wouldnt that be a security issue because now you know who Stored the annotation and all who clicked on it unless someone is using a secure browser the entire time? Think if one of your people is a SPY (another reason nothing is spy-free -- most organizations are hacked from inside -- Snowden etc) who shared the Hypothesis links and they supoena that site to find out the members IP's thus circumventing your entire anonymity.

22. What I meant by MetaData, Like CryptTag, is the MetaData searchable? Does it store tags about a task that are searchable basically?

21. Can we pay for a pursuance server with Karma points? Such as can we work off our Pursuance hosting plan with you guys (to keep it simple)?

Here is 4 more for consideration:

1. So there is a way to compromise the device itself prior to encryption and then when the data is decrypted it compromises the viewers device for example using compromised files, strings that call command lines etc.

2. What MetaData is stored? Who choses what MetaData is used?

3. Shared hosting - depends on enviornemnt - Is there a minimum tech spec Memory or Storage space wise?

4. You can recruit from the pursance server you are on OR the whole PUBLIC network? how are the skills defined? Like Graphic Designer or Graphic Designer with B.A and 6 years experience who knows Adobe Photoshop etc?

I will add 16th question(again answer mine last): Can you assign permissions/roles to tasks or is it pursuance as a whole?.....they may be a contributor on one Task but a 'Leader' on another and those are different roles and they should not be able to do some of the CRUD operations on the contributor task within the Pursuance hierarchy.

From david-tuley: How will users be rated within pursuance?

From greg: Also, what will stop someone from making a pursuance title that is good, but assigning someone that is low tier some kidn of task ?

From greg: What about people who can't see the tasks and the tasks are what they are searching for?

From robert-green: steve can you discuss overlaps with a tool like slack?

From raymond-johansen: Will the Pursuance System be audited before we go live with sensitive ops and campaigns?