March 31 2022 GM

Glitter Meetups What are Glitter Meetups Notes from Past Glitter Meetups Virtual Events Calendar Join the IFF Mattermost

Glitter Meetup is the weekly town hall of the Internet Freedom community at the IFF Square on the IFF Mattermost, at 9am EST / 1pm UTC. Do you need an invite? Learn how to get one here.

Date: Thursday, March 31st

Time: 9am EDT / 1pm UTC

Who: Dr. Gina Helfrich

Where: As a guest of the Glitter Meetup on IFF Mattermost Square Channel.

• Don't have an account to the IFF Mattermost? you can request one following the directions here.

The BASICS Project

Internews’ BASICS project (Building Analytical and Support Infrastructure for Critical Security tools) aims to increase capacity and improve long-term sustainability for critical open source digital security tools used by human rights defenders around the world. BASICS accomplishes this through two main activities:

1) building ties between tool teams and the communities they serve by placing skilled individuals from targeted and vulnerable populations with the tool team as contributing specialists who help address tool needs (as identified through a collaborative assessment and planning process)

2) creating privacy-conscious methods to track tool usage and prioritize development needs through the Clean Insights privacy-respecting analytics methodology and toolkit (SDKs for Android, iOS, Javascript, Python, and Rust).

• Dr. Gina Helfrich is Senior Program Officer for Global Technology at Internews. She has spent the past seven years leveraging her extensive experience in program management and strategic communications to make technology better serve the needs of marginalized and at-risk people. Presently, she manages global technology programs in digital rights and digital safety that ensure access to a free and open internet and help protect journalists and human rights defenders. Prior to Internews, Gina served as Director of Communications & Culture at NumFOCUS, a non-profit supporting open source scientific software and data science communities. Gina has worked to advance diversity, equity, and belonging in the technology, higher education, and non-profit sectors for nearly two decades. She is the former Director of the Harvard College Women’s Center at Harvard University and earned her Ph.D. in Philosophy from Emory University with a specialization in ethics and women’s and gender studies. She lives in Austin, TX, USA with her husband and two adorable cats. Gina's Mattermost handle for MM announcements: @ginah

Notes

Our featured guest is Dr. Gina Helfrich (@ginah)! She is Senior Program Officer for Global Technology at Internews. She has spent the past seven years leveraging her extensive experience in program management and strategic communications to make technology better serve the needs of marginalized and at-risk people. Presently, she manages global technology programs in digital rights and digital safety that ensure access to a free and open internet and help protect journalists and human rights defenders.

Can you tell us a bit about BASICS and how it works?

• BASICS is a 2.5 year project that has just concluded. The whole idea of it was to try to help address some of the challenges facing open source digital safety tools.
• Open source digital safety tools are so important for at-risk populations and organizations globally, but you would be surprised to learn that many such tools are maintained by individuals or small groups of volunteers who are often under-resourced, lack the ability to receive grant funding, and do not have the means to hire additional support to advance their project’s goals. Also, many of the developers who maintain these tools are based in Western countries, with limited exposure to targeted and vulnerable populations who use their tools.
• BASICS aimed to improve the sustainability, quality, and capacity of critical open source security and privacy tools in two ways:
• 1) Addressing core capacity gaps and improving the tool teams’ diversity by embedding experts who can also represent the needs and experiences of marginalized populations directly in the tool team
• 2) Providing long-term support by helping tool teams integrate privacy-respecting metrics and impact measurement techniques to be able to track usage patterns, and consequently improve their knowledge of how tool features are being adopted and used -- see cleaninsights.org (this is work led by the amazing folks at Guardian Project)

And, even though the project is over, what was/is the ideal project that BASICS serves in these ways?

• The "ideal" project would be an open source digital safety tool that is widely used by at-risk individuals, where they could accomplish so much more with their tool if only they had some additional help!
• Umbrella, MISP, Briar, Lookyloo, Tahoe-LAFS, Calyx, KeePassXC, Qubes, SecureDrop, Mailvelope, I2P (Invisible Internet Project), Save, Thunderbird (the PGP feature team, specifically), and Tella

How was BASICS useful for these Open Source Software teams?

• Well we developed "Capacity Action Plans" with each tool team, that consist of several milestones that they hoped to achieve over the course of the program.
• Almost all of the tools achieved at minimum 50% of their CAP milestones.
• And if you look at the milestones that were directly impacted by the work of the expert consultants that we matched with the tool teams, then the completion rate was typically higher than 75%
• Each team has their own unique needs and goals so it was important to use that to measure by.
• In more detailed terms, the consultants supported the tool teams to improve all kinds of areas, such as user research, or building out features to support a major new release, or communications/marketing, or user experience/interface, etc. etc
• We had over 20 consultants working in all different areas
• well, overall the Capacity Action Plans were quite broad, but we also asked the tools to focus in on their "top 5" areas. So typically they would work with 1-2 consultants who were focused on their areas of greatest need

Did the project among each other share information as well?

• To a degree, yes. We definitely had consultants who met together although they were working with different teams -- for example a user experience person meeting with a user research person.
• I think this is one of the areas where we could have done a better job and where I would look to improve in future. Something like a Mattermost forum I think would have served well, but we instead had an email discussion list which wasn't super heavily used.

After processing the rates and plans, are thre any trends or patterns you have noticed in regards to challenges or opportunities? Maybe that need of having a common forum?

• Yes to the latter! I think one of the trends/patterns we noticed were that many of the tool teams had to really reassess their onboarding process for absorbing a new team member.
• But the good news is that once they realize that, most of the teams made updates to their onboarding processes to address the gaps for the future.
• Along with that, just emphasizing that it can take sometimes up to 6 weeks for a new contributor to really become fully comfortable and integrated to the team.
• The lesson overall is: the more time, the better, I think. So we had the majority of the consultant matches requested to be extended beyond their original end date (and we did extend them)
• All of the teams we spoke to after their matches said that it was very helpful to have the additional support, so I think it just emphasizes how grateful they are for resources to be invested.
• I think that is slowly improving, though -- and I hope publicizing the strategies we used and the positive impact of programs like BASICS may help

And follow up plans/more funding for open source?

• One of the challenges is that funders are still only recently waking up to the importance of funding for maintenance -- you cannot always fund the shiny new thing and just act like the maintenance will take care of itself.

Where did you see improvements in the open source projects?

• So it varied a lot from project to project.
• But for example there were some nice "wins" with the Clean Insights privacy-respecting analytics implementations https://cleaninsights.org/impact
• And then there were things like very much improved documentation on a project, such as Briar
• Or an improved user interface for the PGP feature on Thunderbird
• Or I2P who basically re-did their entire website in a way that I think makes it much friendlier and more easy to understand.

You have some content regarding Clean Insights, do you want to talk a bit about them?

• Clean Insights is the brainchild of the Guardian Project, who were our partner on BASICS
• it is a toolkit, available in 5 different programming languages, that allows developers to set up specific measurements to answer questions that they have without surveilling their users and also while protecting as much user information as possible
• so for example, Mailvelope ran a Clean Insights campaign to ask: which mail services are most used by the users of our PGP encryption tool?
• and knowing the answer to that will help them understand which mail service they should focus their energy on to ensure it's a smooth integration and good experience
• also the folks at OKthanks developed some templates for how to ask users for consent to participate, which were a very important part of the effort
• over time the developer documentation and resources will continue to improve and increase
• Guardian Project is committed to maintaining the content and they have been pretty successful so far at attracting resources to support it
• actually they have this very fun campaign where they will send you free coffee ("Insightful Beans") in exchange for a consultation about Clean Insights https://cleaninsights.org/beans
• It's a challenge, actually, to try to convince people out of the two main perspectives on analytics, which is either 1) "We're not going to measure anything because we're so serious about privacy" or 2) "We'll just use Google Analytics"
• Some other things I can say about BASICS -- I feel like we learned that there are LOTS of people out there, especially from the so-called "Global South" -- who are eager and interested to work on open source projects. So the more that we can build pathways to support those connections, the better.

So that would be something that we could learn about the project overall, there something that you could take from it for the future?

• A few things: one is that most of these open source digital safety tools are just so happy to have help -- and there are tons of skills they would love to benefit from besides just coding (although of course coding is helpful, too). So if anyone has some spare time then I would recommend reaching out to any of these tools to offer some support in the areas of your expertise.
• Another is what I mentioned above, that it's so important for funders to acknowledge that maintenance of these tools is critical for the safety of at-risk people, and to be willing to provide funds and resources just for maintenance activities.
• And then I guess thirdly that we hope that Clean Insights will really start to get traction and take off -- and more of the community will embrace the privacy-first approach to analytics.

Anything else you want to add about BASICS, the tools, the community or Clean Insights?

• Just to lift up how hard the people work who are behind the digital safety tools that so many of us use all the time -- they are not necessarily paid (some of them work 100% volunteer time) and they put many many hours into ensuring that their tools are secure and as user-friendly as they can.