Recommended Settings

This runbook contains recommended settings in addition to those mentioned in other runbooks.

1. Add a privacy policy for employees of the internal reporting office.
2. Add a second admin with the privilege to change user passwords. It renders GlobaLeaks highly compromised, if you lost your only admin account with this privilege.
3. Allow the whistleblower to select the recipients, if you staff the reporting office with at least one internal ombudsperson. You can configure this in the following ways:
   • Set the respective recipients in channels.
   • Allow whistleblowers to select their recipients in channels.
   • Configure custom questions as multiple choice input or checkbox and link the selection to the recipients.
4. Enforce regular password changes.
5. Set up notifications to notify administrators of software issues.
6. Set up notifications to notify developers of software issues.

Not recommended

1. Disabling the privacy notice (Tor Browser).
2. Enforcing the use of the Tor Browser.
3. Disabling notifications for recipients of reports.
4. Configuring access controls (restricting to IP addresses).
5. Using individually configured questions. It is better to use question templates.