August 6 2020 GM
Time: 9:00am EST / 1:00pm UTC+0
CDR Link, is a privacy and security-focused helpdesk that allows individuals to offer their community a secure, multi-channel, mobile-first way to ask for digital security help using everyday messaging apps, like Signal, Whatsapp, and Telegram. CDR Link is encrypted and open-source, built on the Zammad helpdesk and using a number of open-source extensions to increase user privacy and security. It is also flexible, and can be adapted for users that require the secure submission of data from the field into a secure platform for analysis and further sharing.
Presenters Fabiola Maurice and Josh Levy, The Guardian Project
We have the amazing Fabiola Maurice and Josh Levy (you can find them on Mattermost as @fabb and @levy), from The Guardian Project, who will be discussing CDR Link. The CDR Link is a privacy and security-focused helpdesk that allows individuals to offer their community a secure, multi-channel, mobile-first way to ask for digital security help using everyday messaging apps, like Signal, Whatsapp, and Telegram.
- Link is a helpdesk platform that makes it easy for security responders to address the needs of members of their communities: CDR Link is an active helpdesk being used by close to a dozen existing communities, including a MENA-region community that CDR works closely with. It's also FLOSS software that can be used and adapted by anyone. Here's the website explaining a bit about the project, their documentation and the Gitlab repos
- CDR Link is multichannel and it integrates common software as Signal, WhatsApp, Telegram, Facebook, email, sms and more. This means that, for example, a member of a community can ask for help over WhatsApp, and that message is received (securely) on Link, and a helpdesk operator can message back over WhatsApp as well. Link is basically a dashboard that shows incoming "tickets" that "agents" can respond to. Right now it's definitely optimized for desktop since it's a fairly complex system and the open source helpdesk Link is built on, Zammad, is desktop only.
- Another thing about Link is security: some existing helpdesks have PGP built in, which is great, but limited since they require the person asking for help to also have PGP installed.
- Because Link works with Signal and WhatsApp, it's easy to securely ask for help, and to securely receive a response, right on your mobile device in the apps you already use. If a message is sent over Signal or WhatsApp, it's end-to-end encrypted, with Link decrypting the message upon arrival and storing it on its server (similar to how messages are stored on a phone).
- They have a few models for helping groups get it set up. The most common is to set up and host the platform for them, with the group running the helpdesk themselves. But some groups have totally set it up themselves without much assistance from CDR.
- When we talk about the hardness of the technical setup of the platform, Josh explained that the server-side setup is somewhat complicated and involves deploying docker containers, running a few scripts, etc. Even though it looks complicated, the team offers a lot of documentation and video user guides they are happy to help with the set up, on Youtube and on their website.
- Fabiola and Josh shared some tips to get started with our own helpdesk:
- For the technical setup, the hosting provider is important. Their team uses Greenhost for most of their instances, but also AWS depending on the need. Because AWS is Amazon, there are definitely some concerns, but it also makes it much easier to quickly deploy and to maintain the helpdesk.
- For actually using the helpdesk, Link is great because it makes it easy to work with teams. So tickets come in and can be assigned to people depending on expertise, availability, or even sensitivity (agents can have different levels of permissions so they only see what you want them to see)
- So putting together that team, understanding who can see what, who's available when, is really helpful.
- For contacting the helpdesk, it depends on the platform:
- For Signal and WhatsApp, you'll message to a certain number, just like you do to a regular person. The helpdesk responder will see that number, which is definitely something to keep in mind.
- If using email, you would send an email to a dedicated address, like firstname.lastname@example.org and the responder will see the person's email address.
- Other platforms include SMS (not secure and agent will see number, but useful in some cases), Twitter (via @ replies or direct message), and Telegram (agent will see username)
- Once we talked about the set up and how the CDR Link works, Fabiola and Josh shared with us the knowledge that they got from working with several communities throughout the Link. They learned a lot about how different communities are managing incoming requests for help, and the ways that they've been bootstrapping that work with very few resources. There are some amazing use cases that show that running a helpdesk is so much about understanding your community and being responsive to people's needs, no matter the platform.
- The CDR Link is Open Source, so there are a few ways to support it, especially on the Signal and WhatsApp integration projects (both of which build on code written by Josh King already). These projects are Sigarillo and QuePasa.
- Also, Fabiola and Levy shared with the community their upcoming project: "Waterbear". It is built on top of Link, and it's designed to help researchers gather and analyze evidence of disinformation: https://digiresilience.org/tech/waterbear