Protecting your orgs identity

From California Technology Feestival Wiki
Jump to: navigation, search

Overview

  • Best Practice: Have a list of all your online relationships in one place (without the Passowords)
  • Bad Practice: Setting up online accounts using individual email accounts
  • Instead create 'service@yourdomain.org' and have it forward to at least two people
    • It will also let you know who is spamming
    • It is also an inventory of stuff
    • It teaches intentionality to your staff regarding vendors
  • NGOs should have password policies
    • Must periodically change the passwords
    • Have a set of global triggers.
    • If someone leaves, change everything
  • We are addicted to the utility savings
  • Increase the cost of surveillance
  • Data Security??? Make the assumption that your data is going to be breached and destroyed
    • How deal? Backup!
    • When making backups, make sure it's via https
    • Your backup media needs to be encrypted and stored in multiple offsite location
    • Set up a recipricol relationship to store each other's backups. They'll tell you if your data is
  • Physically destroy your USB on sensitive machines
  • There are like 5 domains tht if they went offline, the whole progressive movement is over
    • Salesforce, change.org
    • Backup your stuff!
  • FDroid is an alternative to android store that will guarantee your app is not a spiked copy
  • Gunner's been whining about spying and such for years

He's been validated By Ed Snowden

  • Game Theory: In the simplest of games, there's mathematics that govern the correct move to make

Simple underlying idea: The side with more information wins Gunner thinks about the cloud as a playing field of information and we're already at a disadvantage There is a war going on with our data as the pieces on the chess board (mixed analogy)

  • What can be done to change the odds in our favor? How can we create mechanisms for redundancy and resilience
  • You want two things
    • Access to your data
    • To not be spied on
  • Biggest activist fail: Giving away our addresses freely

facebook.com/myorg

  • You are letting an org control how people reach you
  • You need to have people reach you through your domain name, not your SM accounts
    • You have control over your information that way
    • Your domain is utter control over your address
  • It is a worst practice to do your domain registration and your hosting at the same place
    • eff GoDaddy. They will
    • Use Ghandi.net GKJ.net
    • If one half starts sucking, you should be able to move it
  • NGOs should forbid their staff from using non-org email accounts
  • Email addresses are proxies for relationships between staff and allies
    • If they are fired they can still email back and forth with people as though they were still acting on your behalf
    • The org should also control their contact lists
  • Worst Practice
    • setting up their gmail accounts to send and receive their work email addresses
    • You should be in solidarity with activists and not choose convenience
  • When you fire someone, you must immediately change their email password and set it to forward/be monitored
  • Think about where the legal jurisdiction is for your org
    • Can the government come in and shut down your hosting?
  • Real Talk: One of the places that orgs consistently lose control of their online identity
    • Not keeping up on the contact info on thier online accounts
    • Did an intern set up your website? Make sure they set the contact email as the official org email