SD Brand In Use

Note: This began as an attempt at a scrappy "Brand Use Guidelines" resource, and I finally resigned to just making a good, not-too-hard-to-follow regurgitation of all that's in my head; and I really look forward to FPF's first full-time designer taking-on the finalization of and really owning this!

My ask of everyone else— pls no lawyers, this is a Brand Use Guide, not a Trademark Guide. More on how they're different, below. xoxo

Brand Story

The origins of the SecureDrop brand are not very well known, and are probably best documented in what can be scraped from the web. It began as Strongbox, then was branded by The New Yorker as DeadDrop. At some point it matured into SecureDrop. note: Conor should be interviewed to learn more history!

What is known, is that dating back to ~2014, there was the SecureDrop logomark (aka "the cube") and there was a distinctive typeface used for the SecureDrop logotype (and the letterforms within the lettermark). To help with disambiguating branding terminology, this quick article is suggested.

Open source and security projects love their cubes, and SecureDrop is no different. When the most veteran of current contributors began our engagement with the project ~2014, an earlier version of "the cube" existed in bluish grays (since depreciated, as "Blurple").

Harris Lapiroff's 2018 design for the SecureDrop website gave birth to the current color palette, and to the schema of presenting the SD cube among a grid of hexagons. The primary "hexagrid" has no single hexagon a solid blue, rather the full plane glistening as a soft wave of gentle gradients. The website also contains a hexagrid in hues of purple, and grayscale. It was a brilliant solution for what at the time was only SeureDrop's second real step towards brand maturity, with a modest budget and the need for a modern website needed to support the project's growth.

Unfortunately the project-files Harris had developed with his team at the time, no longer exist; but a folder does exist on FPF's GDrive with explorations Nina did of a re-created grid in Photoshop, Illustrator, and Sketch.

Voice/tone and other brand elements have of course evolved organically, over the years—and have yet to be concretely documented. Some effort was made with the styleguide Ura was funded to develop (in Jekyll, so not maintained for many reasons) however a fresh start from a new set of eyes and perspective, would likely be very welcome!

Brand Use Guid... someday it'll happen!

To date, this PDF (authored by Nina) that was circulated for the 1.0 release of SecureDrop, is the closest artifact that exists, to a comprehensive brand use guidelines to date. So, yes: lots of room to grow!

David began a GDoc with support from a trademark attorney (Jon), to begin this process in early 2019 (Nina not involved):

Freedom of the Press Foundation (“FPF”) has implemented these guidelines to protect the integrity of the SecureDrop brand to ensure that users continue to view the SecureDrop name and trademark as signifying a trusted source for secure file transmission software.

These guidelines describe the only acceptable uses of the SecureDrop brand assets, including the SecureDrop name and logo. By using any of the SecureDrop brand assets, you consent to be bound by these guidelines.

Who guidelines should be written to support

Primary

• Newsroom, NGO, or Government customers desiring use of the SecureDrop brand on their Landing Page, and/or digital ad units to encourage tips.
• Funders seeking to include SecureDrop branding on a page listing supported projects.
• Peer/partner projects desiring use of SecureDrop branding for printed artifacts used at conferences, hackathons, or other events.
  • Note: This use should prior consent from an FPF employee, before proceeding.

Secondary

• FPF folks needing SecureDrop branding for fundraiser materials, swag, or other FPF created digital or printed materials.
• Customers desiring use of the SecureDrop brand for internal staff use.
• NGOs or individuals desiring use of the SecureDrop brand for printed or digitally published training or safety guides.
  • Note: This use should require prior consent from an FPF employee, before proceeding.

Licensing

This document is intended to be a brand use guidelines doc, not a Trademark document.

My own $0.02 as a longtime SD contributor, its only significant design contributor to-date, and the creator or modifier of most assets to-date as a contractor, is to please dear gods NOT use Creative Commons.

I transitioned my lengthy rant from this page, into a bonafide thinkpiece +15yrs in the making (that is still very much in progress), on why I so strongly dislike to CC. Pls consider a different license to use for SD creative stuff. Creatives aren't stupid, we can totally grok regular legalese licenses so long as they're linked to. In fact, most creatives expect that.

TL;DR, creatives never sought CC. It's the creation of a utopian lawyer with too many expensive degrees, and SecureDrop's brilliant, idealist, visionary founder, who also died far, far, far too young.

Name Use

SecureDrop is spelled as a single proper noun with no space between “Secure” and “Drop.” In plain-text it is to be written with the letters “S” and “D” capitalized (i.e., SecureDrop). It may be written in allcaps (i.e., SECUREDROP), however that is not preferred.

A legal finger-wag of bullets for the Trademark guide that should be presented visually in a brand-use guide:

You may not:

• Use any other capitalization or spelling when referring to SecureDrop.
• Add any other words or graphic elements that are not associated with SecureDrop or FPF.
• Use the SecureDrop name in your business, product, service, app, social media account, or other offering.
• Use the SecureDrop name in a way that implies an affiliation with, or sponsorship, endorsement, or approval by FPF of your products or services, unless express consent has been granted by Freedom of The Press Foundation's counsel or ED, Trevor Timm.

Color

Evolution

Color in the SD Cube

SecureDrop began in the world of Blurple, and has since evolved into a garden of sparkling RGB-specific hues from Smurfette to Cerulean, to Lazuli to Grimace. In 2019 the colors were updated to what is currently nicknamed the "tee-shirt palette." Design efforts in support of the Workstation needed to bring-in a greater diversity of hues, as well as colors that work well on low-contrast Lenovo displays; so the current palette seen below, came to be. It was further extended to include the Web UIs, and was used in developing the design system for the Source Inversion of the Source UI.

Analog vs Digital

When printing analog artifacts (swag, banners, brochures) each vendor's unique process and color space for both prepress and on-press processes, needs to be considered in choosing artwork to use. The SecureDrop colors are specifically RGB-spectrum colors that can easily be distorted (or "muddled") with an incorrect CMYK conversion; which many modern "direct-to-print" devices will often do.

Analog reproduction without Pantone Matching System (PMS) inks is strongly discouraged; especially on worn garments and stickers.

Using direct-to-garment or direct-to-item printing?

Unique and color-corrected CMYK logo files do exist, and are encouraged for use if in fact a vendor's equipment prints in CMYK composite process.

Most vendors will insist they "can work with RGB," because automated color conversions are a common software capability. They just usually suck. As such, it is best for a design professional with experience in printing or color correction, to manage conversions before the handoff.

For garment printing, "direct to garment" is often marketed as more environmentally responsible, yet that claim is negligible; especially in high-quality screenprinting shops that have state-of-the-art recovery processes.

CMYKOG (aka "hexachrome") devices also exist, however not to serve the needs of brighter blues. The presence of magenta and black, without a red-leaning blue is what "muddles" the SecureDrop colors on a CMYK device—so CMYKOG will only worsen it. CMYKOG machines are terrific things like bright green grass, reproducing skin tones, or things with a lot of reds that benefit where Magenta alone falls short.

More on spot colors, and how color works with digital machines.

Product

The product colors are varied, and shaped both for brand expression and accessibility/usability needs in a product. As such, "Urgent Coral" is much more a product-specific color and would not make sense on a tee-shirt; and "Limon" is unlikely to be recognized as part of the SecureDrop brand, but is the background color for success messages.

Yep, there's a LOT of blues, and that was to create an aesthetic with the product that is balanced and not overwhelmingly BLUE all the time. If that makes sense. Colors are used equally between the SDW Client and the +2.3.0 Source UI design system... and have yet to be implemented in the Admin UI and the web JI.

Logo

There are currently two presentations of the SecureDrop lockup, today: the "Over-Under" presentation and the "Side-By-Side" presentation. Within each, there are composite (RGB), monochromatic, and halftone (or, translucent) treatments.

Historically, the product logo SecureDrop installs with is a 500x500 large square with the "Over-Under" lockup on it. It is hoped to eventually replace that image with something to encourage organizations to brand their instances—but right now, that space is used for primary branding (that we hope customers replace with their own). The "Side By Side" was created a few years ago with the hope that it'd take off.

The "Cube"

The Solid Monochromatic version was created in 2019, and never really took-off. Explorations were done to update the website's primary logo with it, and they just weren't that great. It could likely be great for customer landing pages, but a proper design guide for this version would need to be created to evangelize those.

As such, the RGB Cube and the Transluscent Halftone version from the current website, are the two most common in use. The Solid Monochromatic version is however, in use in the minimized header for the website.

A few points that may or may not be relevant to each person's individual needs with the logo:

There's different versions for different display sizes & color spaces

If you are planning to use the "monochromatic" version (all one solid color of the cube) how large will you need it to be in it's end implementation? If it will be larger than 75px, there's a different version of that artwork, than for smaller reproductions. That is because the outline along the top and the keyhole will "disappear" if rendered the way both appear more elegantly within the broader composition, when rendered as they are at the larger size. FYI.

Color particulars based on reproduction methods and technologies are detailed, above. Please read relevant information carefully to ensure you grab the right source materials!

It was updated in 2019

In 2018, Ura Design in Albania was awarded an Open Tech Fund grant to update SecureDrop's branding. It was from that engagement, that today's cube-colors find their roots.

It's also not "square"

See the yellow sliver between the top of the blue cube an the black line? That is the tiiny gulf between what would make the regular logomark a truly square hexagon, and how the artwork exists for use outside a grid of hexagons.

Why not just make it square to keep things simple? Well, outside of a grid with other hexagons, the inferred lighting and the skew of the lock, all suggest dimensionality. When the stand-alone cube is a perfect hexagon, it just looks "off." Proportions matter.

...unless it's being used within a grid of hexagons!

Because, yes, we love our hexagons. :) Directory in GDrive with abundant hexagrid and animated hexagon explorations.

Typography

The typeface used in the SecureDrop branding, is Franchise Bold. It can be downloaded from the files directory in this repo (click on the "code" tab, up above). Nothing more is known about Franchise, unfortunately—as it's not a well established type family, and there appear to be multiple variations of it everywhere.

Page Notes

This page in its current form, is a draft that Nina put together. :) Erik, and possibly Trevor may even need to approve it.

David began a Brand Use Guidelines doc some time ago. He based it, largely on Spotify's BUG for developers, as FPF's lawyer suggested that. Trevor had also secured a lawyer involved to advise on licensing and use of specific language, etc.

In hindsight, I (nina) did want to add-in the note, that "Brand Use Guidelines" exist for a wide variety of organizations and use-types. They're no different than software, in needing to consider specific use-cases and user-types, as well as end-user needs.

Spotify is a very profit-centric brand, and its business model is a subscription music service through its platform. Its platform and service need to be branded, and then thousands of artists co-brand their works with its mark. So: its brand use guidelines need to be incredibly rigid, and to presume engagement from thousands of individuals—many in design departments at record companies, and a few self-publishing artists. It's number-one priority is profit, and because money is so central to its values, fiercely protecting its brand is of the utmost importance.

SecureDrop, by contrast, is not a profit-centric brand; and yet its brand usage still needs to be protected, because many end-users ascertain the credibility of a product (so in our case, its security properties) or its use-legitimacy, based on how "truthfully" they perceive its brand to be expressed in external contexts. So, for us, that matters. We also have learned a not-insignificant amount of information around how news organizations operate, and how under-supported orgs are in building their own landing pages. Similarly, for swag or conference materials, digital printing processes (direct-to-garment, direct-to-plate) not mediated by a design professional, vendors can easily muddle color-spaces that are often used for either cost or other reasons—and how to not muddle the brand colors needs to be documented.

Supporting end-user trust in legitimate instances of our product, is our primary goal; not protecting a public corporation's dumb thing. Users don't see licenses, they see strange combinations of elements that do or don't make sense as credible to them. This guide needs to clearly document how to do that right, for the people who've already decided they want do it right. A "Trademark Policy" guide is for managers needing to dot eyes and cross tees, or developers researching compliance. We already overwhelm the IT staff doing implementations, with technical LP requirements; so the design usually falls to the waist-side. It doesn't need to be an either/or, and FPF is doing everyone a disservice, implying that it is with zero LP UX guidance.

Of note, as EFF demonstrates, a Brand Use & Trademark Policy document, is very, very different from a Brand Use Guidelines doc.

IMHO more appropriate BUGs to base SecureDrop's off of, are Mozilla's, Firefox's, Slack's, and Salesforce's. BUG developed by designers, for practical use.

In swag or printed materials FPF produces, brand use accuracy mostly matters in satisfying the pleasure of contributors or donors, seeing our "thing" shine its brightest. In co-branded swag, newsroom-created training materials for internal use, or event materials OSS contributors or news media professionals will see/interact with, it's also the "see our thing shine" interests. OSS governance of brand use is incredibly low; "If it's a traffic cone in any way, it's VLC!" is about where OSS is at, with protecting brand assets.

TL;DR, pls spend the money on more developers for SD, or on technical writers making a Source User Guide or Source Safety Guide materials... and not on a lawyer's time or team effort, on this stuff. :)