In review of #4666, @zenmonkeykstop observed
As an aside, the footer language appears a bit stilted - "stewarded" isn't in common usage and it's more natural to refer to "the Freedom of the Press Foundation" rather than "Freedom of the Press Foundation" - the combination of the two gives the footer text a phishy vibe for me.
Let's kick this around to make sure we pick wording that works for everyone. To recap, the revised footer was spec'd in #4662, with the following language about FPF:
SecureDrop is free and open-source software stewarded by Freedom of The Press Foundation.
Adding a bit more context in a comment, but inviting everyone to weigh in before feature freeze (EOD 8/29).
We discussed this language a bit in past UX meetings. "Stewarded" was chosen as a term intended to convey leadership beyond maintenance (e.g., in community engagement, fundraising, training; pursuing long term efforts like the workstation), but it's a word that's admittedly easy to stumble over. Common meanings suggest managing something on behalf of someone else, which is a recipe for incorrect translation if we're not very careful, but also for misunderstanding in English.
"Maintained by" would be the easy and conservative choice commonly used in open source projects. (The only accuracy caveat is that we are open to maintainers who are not affiliated with FPF.) I still have a soft preference for "stewardship" but I admit its negatives weigh pretty heavily, so we may want to default back to the conservative choice if we can't find something better.
As for "the FPF" vs. "FPF", I have no preference (our docs use both inconsistently), and am happy to go with "the Freedom of the Press Foundation" if nobody has any concerns about that edit.
"Maintained by" implies "keeps from breaking" to me, vs product evolution and growth.
"Developed by" isn't exactly accurate, either, because Aaron/Kevin created it. Likewise, as a non-dev contributor I personally find references to "development" to exclude wisdom informing a product outside engineering things... which obvs bothers me a lot.
The point of the language in the footer is to speak to accountability; that someone is accountable for this product and stands by its assertions, with something to lose if they're being deceptive. Consumer-culture-centric language is what users will expect, because we're trained to trust language that alludes to concepts of "ownership." FOSS projects, of course, eschew concepts of centralized control... so we're in an odd spot.
Non-technical user comprehension needs to identify a governing/accountable body responsible for SD, is the goal of whatever word does get used. Because FOSS is still a relatively foreign concept to mainstream society, I don't think that introducing new verbiage is really avoidable; unless it's sought to speak to SD as a project by developers, for developers.
I'll poke around to see how Mozilla speaks to Firefox as its thingy. Its the only mainstream FOSS app I can really think of.
I personally dislike "the FPF" because it feels extraneous for UI copy (whereas in a document, I'd prefer it)... but I'm also happy to defer that one to what others may think?
In the Apple app store:
"Firefox is the independent, people-first browser made by Mozilla, voted the Most Trusted Internet Company for Privacy"
Also: © Mozilla and its contributors 2018
It helps with both, that "Mozilla" is much less of a mouthful than FPF... and that there's no debate about if there should ever be a "the" preceding it.
In the footer on their page tho, they reference "...the Mozilla Corporation's not-for-profit parent The Mozilla Foundation." So maybe that's how they can do the © thing (which I personally dislike, on an aside—so am not advocating for... even though it is what most clearly/simply accomplishes the semiotic goal).
I'll poke around elsewhere, over the weekend...
Random Sunday reading that's tangentially related... http://fossmarks.org/
SecureDrop is a project of Freedom of The Press Foundation. It is is free and open-source software, published under a GNU Affero General Public License v3. SecureDrop is made by a team of community contributors with project leadership, funding, and support from Freedom of The Press Foundation. <—It's a bit of a mouthfull, but I've been sitting on that for a couple of days and kind of really like it. What do you think, @zenmonkeykstop?
Alternately, pulling from how things are summarized on the GH project page's readme: SecureDrop is free and open source software, managed by Freedom of The Press Foundation.
SecureDrop is a project of Freedom of The Press Foundation (FPF), published under a GNU Affero General Public License v3.
Made by a team of community contributors with project leadership and support from FPF.
_(ok, done with being a comments-hog on this ticket! looking forward to feedback & continued discussion)_

I would advocate for keeping the language under 100 characters, or I fear we risk turning this into fine-print that ticks many boxes but does not serve our audience well. The most important concepts to communicate are IMO the following:
It's free/open source software. This is important because it means that the code can be externally reviewed, but it also conveys to a source that no organization's SecureDrop is special or magical -- others can set this up, too.
FPF leads development. This is important because it creates clear accountability for the software itself. Leadership also speaks to more than "just maintenance": funding, strategic direction of the project, ensuring that it continues to meet journalists' needs.
While I personally really like the concept of open source stewardship (so does GitLab, to name just one example), I think the potential for confusion may be too great.
I'd suggest the following alternative wording:
SecureDrop is free and open source software. Its development is led by the Freedom of the Press Foundation.
I would advocate for keeping the language under 100 characters, or I fear we risk turning this into fine-print that ticks many boxes but does not serve our audience well.
100% on board with this. Especially since a new sentence will be added once the TL;DR Learn More page goes live, in a subsequent release.
The most important concepts to communicate are IMO the following:
• It's free/open source software. This is important because it means that the code can be externally reviewed, but it also conveys to a source that no organization's SecureDrop is special or magical -- others can set this up, too.
• FPF leads development. This is important because it creates clear accountability for the software itself. Leadership also speaks to more than "just maintenance": funding, strategic direction of the project, ensuring that it continues to meet journalists' needs.
Ok. :) What that, I'd like to back-up to re-frame the task at hand: Sources (not journalists) need a marker of credibility and accountability in the SecureDrop UI, where folks have been trained to expect it—as a copyright, in the footer. But because we're us, we're avoiding use of the tried-and-true signifier of accountability because it goes against our values. Which is good! BUT, that signifier and the larger paradigm it speaks to is what users have been trained to to identify, as the stamp of accountability & legitimateness.
We (the SD team) read privacy policies, because we are privacy dorks... and, we know how things really work behind the velvet curtain. Most people, do not—and are also not privacy dorks—and instead look to semiotics to establish trust. And so the original UX repo Issue came about.
As such, the challenge has been: what to put in place of the copyright blab to promote trust, credibility, and to identify accountability, to a culturally-mainstream whistleblower? That person could be a government analyst, a financial executive, a foreman on a construction crew, an admin assistant. Maaaybe an IT person, but also maybe a number of other vocations that culturally intersect with digital things, zilch. Most likely, this individual has access to information through a role in management—not because they have a job in IT (or another vocation that intersects with geekery).
SecureDrop is free and open source software. Its development is led by the Freedom of the Press Foundation.
By using the above text, we're evangelizing a whole new set of values and approach to accountability, instead of more simply providing the user the evidence of accountability they're looking for—and in terms outsiders to our world can understand. Kind of like asking a person if they're religious, with "He is Risen and I follow Him!" as their response, instead of more simply "Yes, I'm Christian."
If we communicate in a language familiar to us but alien to most, it's more alienating and crappy than helpful or persuasive.
SecureDrop is a project of Freedom of The Press Foundation, and is published under a GNU AGPLv3 license.
Nobody knows what a GNU AGPLv3 license is, either—but publishing things under a license does fit within mental models of ownership and accountability in more... ahem, "traditional" social structures. The truly curious at least has a new term to Google—and the not-so-curious who is simply looking for that wax-stamp of officialness, gets their basic needs met and can move on.
Also: FWIW, I'm a techie, and until a few years ago didn't know that an advantage of FOSS is external review... and tbh, didn't even understand why that would even be a good thing, until I became friends with hackers through SRL. _shrugs_
Why I like the above proposed single line, is because:
"SoftwareName is free and open source software" to me, is akin to asking a person what their religion is... and receiving a theistic affirmation in the language of their creed, instead of a "yes" or "no" answer—possibly followed by a qualifier of more detail that is commonly understood (such as "I am Hindu," or "I am agnostic.")The latter is more about respecting where they're at and their needs, than it is about furthering my own agenda. I want us to respect the needs of mainstream users with what goes in that line of text. In addition to rep'ing the team's values... and providing doors into FOSS that users have cognitive agency with.
I know, I never cited objection when the blab "...and is stewarded by FPF" was in the footer. I should have, but the term "stewarded" made up for that in my brain.
Anywho, looking forward to discussing, further.
...FYI, a separate footer for the newsroom UI (Journo/Admin) was designed, but not discussed for 1.0. Could be relevant to this discussion:

From my perspective, I think the goals here should be:
In my view, I don't think we _need_ to say explicitly in the footer what license is used, or that the project is FOSS. Showing the license seems more confusing since the number of people who know what open source means is probably higher than the number of people that understand what the various licenses are.
Would people have major issues _not_ including "free and open-source" even keeping in mind that users might not know what this means? (i.e. we'd be dropping terms that users don't understand without explanation)
@redshiftzero Would simply SecureDrop is a project of Freedom of The Press Foundation cut your mustard on the above?
Others?
"SecureDrop is a free software project managed by Freedom of the Press Foundation"? "Managed" is more active than "maintained"; more familiar than "stewarded"; covers all the effort involved, as opposed to "developed" (though to me, development doesn't mean just programming); and doesn't imply that we are the only contributors. It keeps the FOSS reference for those who care, signalling all the virtue at the cost of one word, and providing the differentiation between the software and the instance. "This site runs SecureDrop, a free software project ..." could do that even more strongly, though.
@rmol I'm somewhat cautious of using "managed" since people on the other side of the screen generally don't know websites involve code or management of code and may presume we're managing their submissions.
Let's make a decision today, so we can update the string tomorrow before string freeze.
We'll include whatever is in develop in the first round of user testing; if it tests poorly, we can update it with the next release.
Here's an attempt at a quick summary. I'd ask folks to weigh in with any final suggestions before end-of-day eastern time today, so @redshiftzero can make the final call.
"free and open source software", "free software", etc.:
"maintained":
"managed":
"stewarded":
SecureDrop is a project of Freedom of The Press Foundation.
SecureDrop is a free software project managed by Freedom of the Press Foundation.
SecureDrop is a free software project maintained and led by Freedom of the Press Foundation.
SecureDrop is free and open-source software stewarded by Freedom of The Press Foundation. (current)
SecureDrop is free and open source software. Its development is led by the Freedom of the Press Foundation.
SecureDrop is a project of Freedom of The Press Foundation, and is published under a GNU AGPLv3 license.
SecureDrop is a project of Freedom of The Press Foundation. It is is free and open-source software, published under a GNU Affero General Public License v3. SecureDrop is made by a team of community contributors with project leadership, funding, and support from Freedom of The Press Foundation.
I vote "SecureDrop is a project of Freedom of the Press Foundation," but if people want another verb in there, my preference is for "maintained."
Guerilla research conducted to probe language use in secure/risk-sensitive web contexts:
https://drive.google.com/open?id=1D1l2t-EyHnQS6gkLnYRAFoc20Gk5aW_P
Thanks for that bit of additional research! It's interesting to see the very mixed responses. Personally, I find the bank scenario not a good match for the news organization/SecureDrop comparison, mainly because I think it brings to mind different associations. Most people bank with large corporations, and open source in the consumer-facing aspects of online banking is virtually unheard of as far as I know.
Even as an open source technologist I would be surprised to see, say, Wells Fargo using an open source widget, it just doesn't fit with the overall mental model of how these companies operate. Whereas I don't see anything surprising about, say, The Intercept using Coral Project as its open source discussion forum.
All that said, I don't have strong views on whether or not we should include "open source" language in the footer. I feel the biggest utility in such language is if it actually points to the code, and since we avoid external links, I'm OK not having it at all in the Source UI.
I used the banking analogy, for a few reasons...
"Guerilla" research is very different than more structured research; and without moderation, I needed the scenario to keep folks focused w/o my involvement.
When we do structured research, participants can ask all the questions they want, and a researcher is present to field questions. The context is also very different when on a page dedicated to research, vs an open social forum dedicated to sharing pictures of our kids going back to school or venting about package thieves. :)
My primary takeaway, are that the responses are all over the place; and varied enough to merit a more structured study.
Zooming out a bit and going back to what the purpose of this text is: it answers the question, "who the heck made SecureDrop--surely not XYZ News Org on their own"? It creates commonality across SD instances, and accountability (the organization behind the platform).
For someone to be reading the footer, they have to have taken some steps to get there already, and in those steps is where their own education/discovery is probably happening. IMO, the place for education/discovery (What does 'stewarded by' mean? What is AGPLv3 license? Is it good that this is open-source software?) is not at the moment that they are trying to figure out the Source/Journo interface. But just stating the name of the project and of the organization means that the user, at a time that it doesn't interrupt their workflow, can choose to go investigate the nuts and bolts if they are curious.
I guess what I'm trying to say is that using the platform could be an emotionally-charged moment for people, so I think that, without being patronising, the experience should be as unsurprising and uneventful as possible, and I feel like throwing in terms or concepts count as semi-"eventful" intrusions on the user.
Yup! We need to be examining the entire source journey, and to be considering the footer as just one small artifact, within it. Really looking forward to diving into this with you and everyone else at the SD retreat, in a few weeks!
Thanks for the very detailed thoughts all (and your Facebook survey @ninavizz! 😇). Since the fact that the inclusion of "Free and Open Source" would mostly be for us advertising FOSS, I'm gonna agree with @rocodes on this - let's go with a simpler/shorter variant: "SecureDrop is a project of Freedom of The Press Foundation.".
Most helpful comment
Zooming out a bit and going back to what the purpose of this text is: it answers the question, "who the heck made SecureDrop--surely not XYZ News Org on their own"? It creates commonality across SD instances, and accountability (the organization behind the platform).
For someone to be reading the footer, they have to have taken some steps to get there already, and in those steps is where their own education/discovery is probably happening. IMO, the place for education/discovery (What does 'stewarded by' mean? What is AGPLv3 license? Is it good that this is open-source software?) is not at the moment that they are trying to figure out the Source/Journo interface. But just stating the name of the project and of the organization means that the user, at a time that it doesn't interrupt their workflow, can choose to go investigate the nuts and bolts if they are curious.
I guess what I'm trying to say is that using the platform could be an emotionally-charged moment for people, so I think that, without being patronising, the experience should be as unsurprising and uneventful as possible, and I feel like throwing in terms or concepts count as semi-"eventful" intrusions on the user.