January 16 2025 GM

Bitpart: Sending Secure Automated Messages Over Signal

Glitter Meetups What are Glitter Meetups Notes from Past Glitter Meetups Virtual Events Calendar Join the TCU Mattermost

• Date: Thursday, January 16
• Time: 9am EST / 2pm UTC
• Facilitator: Mardiya
• Featured Guest: Throneless Tech
• Where: On TCU Mattermost "IF Square" Channel.
  • Don't have an account to the TCU Mattermost? you can request one following the directions here.

Join us on January 16, to hear from Throneless Tech, a technology worker-cooperative based in Washington, DC, as they share their new product:

• Bitpart, a platform that allows activists, journalists, and human rights defenders to send automated messages over Signal.
• Learnings from design research which led to them developing use cases for helpdesks, tiplines, sharing VPNs, sharing e-sims, and a distribution list for organizing & emergency alerts.
• A prototype that they would love for you to try out!

What is Glitter Meetup?

Glitter Meetup is the weekly town hall of the digital rights and Internet Freedom community at the IF Square on the TCU Mattermost, at 9am EDT / 2pm UTC. It is a text-based chat where digital rights defenders can share regional and project updates, expertise, ask questions, and connect with others from all over the world! Do you need an invite? Learn how to get one here.

Notes

Could you introduce yourselves, and tell us more about what Throneless does and what is Bitpart?

• Throneless Tech is a technology worker-cooperative based in Washington, DC. Throneless specializes in building technology for social justice oriented community organizations, activist groups, and non-profits. https://throneless.tech/
• Bitpart is an automated messaging platform designed for activists, journalists, and human rights defenders in repressive environments, and the organizations that support them, to set up helpdesks, tiplines, distribute codes for VPNs or eSIMs, or send a message to many contacts individually. It can be set up and used via existing secure messaging platforms like Signal, without requiring users to download any additional software.
• There is an open source version to allow for self-hosting, while for activists and organizations who may not have their own servers, there is a version hosted by us (Bitpart’s developers, Throneless Tech).

How could people use Bitpart?

You can use Bitpart in two main ways:

1. To send automated messages, for instance if you distribute codes for VPNs or eSIMs or have a helpdesk or tipline. This would save you time and repeated messages at the beginning of a conversations, but end users would still be able to connect to a human.
2. To send messages to many people at once (who have consented to receiving messages from you), for instance a distribution list for organizing or emergency alerts. This maintains the privacy of all users, compared with sharing information via a group.

What were some of the use cases you envisioned, and researched while designing Bitpart?

• Bitpart emerged from some of the team’s past work and organizing, and so when we initially conceived of it, it was for:

1. Sending organizing messages to a large group of people without identifying each other (i.e. keeping the group safe if an individual is detained and their device is taken)
2. Automating the process of sending VPN codes
3. Supporting helpdesks

• Through design research we validated these 3 use cases, and learned of others: namely Bitpart’s potential use for running newsroom tiplines, and distributing eSIMs. We also learned that some organizations would want to use the distribution list functionality to share emergency alerts/ security alerts.
• Other potential use cases we came across (which we are currently not building for) include: secure data collection, such as for sensitive grant applications; and sharing digital security information.

How do you plan on launching it for groups to use and continuing to collect feedback on it?

• We're planning on rolling it out in March, both the version hosted by us and the open-source version. Via the hosted version we'll have channels for supplying feedback as we continue to develop and improve it

Is there also it an API or command-line tool? how do I connect it to Signal? What is the workflow?

• For the hosted version you'll interact with it via the web-based dashboard, if you're hosting it yourself there's also a command-line client. Currently it is linked to Signal as a secondary device (we recommend having a Signal account set aside just for this purpose) but we're looking at standalone registration as well.

What information/data, if any, is collected and/or logged?

• We only collect as much data as is necessary to carry out the conversations and delete it soon after (it is stored encrypted while it is in use)

Are there any unwanted use-cases of has the team thought about specific unwanted effects?

• We are being very specific with our research and use cases so that Bitpart is appealing as much as possible to our target audience (and not to bad actors). Bitpart’s repository will be open source, and like all open source projects we can’t guarantee that it won’t be used by bad actors. But we are doing everything we can. For the version hosted by Throneless, we are testing different models to see how to balance potential abuse without compromising user privacy, such as different registration models.

For the managed version, are there rules for type of clients/partners allowed?

• We definitely don't want the platform used for spam or other abusive use cases. There are limits to how much we can keep track of that while maintaining user privacy, but we'll have rules and guidelines for acceptable use of the hosted version.
• We will have a code of conduct and an acceptable use policy. One of the things that we’ll be testing is how much we will know about people using the hosted version (for instance will it be a registration process or lighter?) Again, we’re trying to balance privacy/ anonymity and deterring or limiting potential use by bad actors

In regards to development and design what digital accessibility practices (such as WCAG) are you striving for Bitpart to conform to?

• In regards to accessibility, we’re working with a team called Superbloom to ensure we’re designing to the latest WCAG standards. The current alpha version of the dashboard is also being built to WCAG standards, but it may be updated significantly after we sync more on it with Superbloom.

Have you all been working with VPN service providers on the VPN code distribution application of Bitpart?

• We have spoken with some orgs who are distributing VPN codes but haven't yet spoken to VPN providers like Outline. Great idea! Will DM you about this to follow up.

Are you able to support setting up self-hosted Bitpart's for other organizations as a service?

• Yes, setting it up for other orgs is a service we can provide!

Any technical overview on how it connects/uses to Signal? Bespoke implementations of Signal Library? other?

• It's all written in Rust, using the Rust version of the libsignal-protocol library as well as libraries from the Whisperfish project. Using those libraries it connects directly to Signal.
• So it basically works as a full-fledged Signal client. it supports running multiple connections to Signal simultaneously on different numbers, with one number per bot workflow.

What did you learn from your design research? Any key insights beside the ones you have already shared?

• We spoke with 28 people based in 15 countries - 7 activists, 2 journalists, 15 organizations which support human rights defenders and journalists, and 4 tool builders, to understand things like communication patterns, risks people faced, and if and how Bitpart could potentially be useful.
• We learnt a lot! Here are a few keys learnings:
  • Activists know what messaging tools are more secure and what digital security steps they should be taking - but it’s only when a crisis happens that they might switch over to using a different messaging tool.
  • Being mindful that messaging is essential to organizing, but activists/HRDs are mostly using the same devices and messaging tools for contacting family and friends.
  • We also learnt that often activists are in many groups on messaging apps. Some of these are small groups of a few people where much of the planning and coordination takes place. But often activists are in these larger groups where they might not know everyone and may want greater anonymity, to help manage their risk. It’s here that we envisage Bitpart’s distribution list will be most useful.

• This is just the tip of the iceberg tbh - happy to share more (fully anonymised) insights directly with anyone who’s interested!

How would you like people to try your prototype asynchronously and how should they reach you afterwards to share their thoughts?

• We are looking for people interested in testing Bitpart (as admins/ bot creators), so if you’re currently running or looking to run a helpdesk, tipline, send VPN or eSIM codes, or sending secure messages to large groups of people individually
• Message +12025560817 on Signal to get a feel for Bitpart as an end user for a distribution list. (Please note that this is a prototype and will only work for the next few hours.)
• DM @sacha_robehmed on Mattermost or get in touch via email at sacha@throneless.tech.