Update index.html

scidsg · Apr 11, 2024 · ab07738 · ab07738
1 parent 07306f1
commit ab07738
Showing 1 changed file with 7 additions and 5 deletions.
diff --git a/index.html b/index.html
@@ -161,14 +161,16 @@ <h3>Frequently Asked Questions</h3>
 			            <h4><a href="#" class="faq-question"><img class="arrow" src="design-system/images/website/icon-chevron.png"> How anonymous is Hush Line?</a></h4>
 			            <div class="faq-answer">
 			            	<p>Hush Line requires no personally identifying information (PII) for tip line owners to use the service, including an email address. We scrub IP addresses and country codes from access logs and don't timestamp messages or relate account data in any way.</p>
-
 			            	<p>While we do not log IP addresses, attackers who have the capability to observe network connections may be able to see your IP address if using our clearnet address.</p>
-
 							<p>We offer an Onion service for users with advanced privacy needs, which can be accessed using the <a href="https://torproject.org/download" target="_blank" rel="noopener noreferrer">Tor Browser</a>, making connections and activity completely anonymous.</p>
-
 							<p>Message submitters are not required to create an account and may also choose to use our Onion service to access the app.</p>
-
-							<p>But there are plenty of ways to deanonymize yourself... 👇</p>
+			            </div>
+			        </li>
+			        <li>
+			            <h4><a href="#" class="faq-question"><img class="arrow" src="design-system/images/website/icon-chevron.png"> Is Hush Line end-to-end encrypted?</a></h4>
+			            <div class="faq-answer">
+			            	<p>Hush Line uses <a href="https://github.com/openpgpjs/openpgpjs" target="_blank" rel="noopener noreferrer">OpenPGP.js</a> for client-side encryption, giving users who add their public PGP key end-to-end encryption for their messages. Users who disable JavaScript use server-side encryption. Adding your PGP key enables only you to have technical access to the decrypted message. Neither the server administrators nor an attacker with access to the server can learn their contents. <a href="https://github.com/scidsg/hushline/blob/main/docs/1-getting-started.md" target="_blank" rel="noopener noreferrer">Setting up PGP is easy using our getting started guide</a>.</p>
+			            	<p>Message data is always stored encrypted at rest on our database, and server access is limited to relevant members of the technical staff.</p>
 			            </div>
 			        </li>
 			        <li>