At Blueprints for Change, we are aware of the risks that come with digital communications around progressive advocacy issues, especially when malicious actors or repressive state authorities seek to thwart our work through surveillance and hacking. To protect ourselves and our community of collaborators, we have adopted the following processes.
SSL encryption for Blueprintsfc.org as well as all of its documents and signup processes
- Main wordpress site hosting our library is now SSL-encrypted with a valid certificate and therefore loads as https
- Our email signup is hosted by Mailchimp, which itself has pretty solid security practices
- Google docs (on which our guides are hosted) are themselves served through encrypted connections
Secure logins for platforms which contain community data
- Mailchimp is the only site for now which hosts a database of our audience’s emails. We have generated a complex password for this account, saved to a secure password manager account. Access to the Mailchimp account is also secured with two-factor authentification
- Admin logins for www.blueprintsfc.org have been updated to complex passwords and saved to a secure password manager account.
Anonymous browsing of site content and guides
- Our wordpress site, blueprintsfc.org, does use cookies but only to serve up the google docs embedded on the home page as well as to determine whether or not this is your first visit (to decide whether to show the mailchimp newsletter signup banner or not)
- The emails we gather for our Mailchimp newsletter, stay in Mailchimp and are not to be exported for any reason
- All of our public guides are google docs set to be viewable by anonymous users or without logging into a google account at all
Notification of privacy issues for those who exchange publicly on shared documents
- In some cases, we invite campaigner input on public google docs, which have been left open to comments or suggestions. When we do so and when people choose to use their google logins to comment or otherwise expose their identity on these public docs, we will notify them of the risks and offer them the possibility of submitting comments to our email account, which could then be posted anonymously.