Blog

Here are links and notes from the presentation "Iterative UX: Find It Cambridge" (most recently given at Drupaldelphia).

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Maecenas tempus, nibh non finibus sollicitudin, ligula magna tempus nibh, ut maximus libero lorem ut sem. Nunc tincidunt sit amet enim in euismod. Fusce dignissim feugiat bibendum. Aliquam erat volutpat. Aliquam eu sem id nulla varius scelerisque et sit amet ipsum. Nulla scelerisque vestibulum felis, a porttitor turpis imperdiet nec. Nam id laoreet nibh. Aenean quis elit cursus, vehicula nibh a, aliquam mauris. Vestibulum facilisis vestibulum cursus. Pellentesque auctor libero id condimentum commodo. Suspendisse potenti. Maecenas diam sem, ornare in ex porttitor, euismod lacinia dolor. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Sed sollicitudin fermentum massa. Sed et ipsum nec massa consequat lobortis sed non quam. Donec rhoncus condimentum quam sed gravida.

We are experts in Drupal migrations. We can move content from your old site to your Drupal 8, 9, or 10 site so that you can keep working with all of your old content, all while gaining access to the flexibility, functionality, and forward-compatibility of modern Drupal.

Perhaps most important, while helping improve your content architecture and moving everything to your upgraded site, we will preserve your old site's SEO, which may have been years in the making. Agaric migrations keeps crucial paths on your site—which have been indexed by search engines, linked to from around the web, and bookmarked by your visitors—working or redirected to equivalent content.

Whether you are merging seven types of content containers (that were all basically blog posts) into one—or splitting a ninety field complex posting form into different content types with appropriate functionality for different purposes—we make your old content work the way you want to work now. By improving your old content, not only improving your website around it, you gain the flexibility to repurpose the old content for the lengthening tail of new ways of using old content. Devices and channels are continually changing, and it's not just about displaying content any more. Audio formats are increasingly popular, and providing access to your content as data, to be remixed or related to other content can make your website content much more than an archive. We bring your old content into new environments where its value can be unlocked.

The professionals come to us

Other (excellent!) web development shops often contract out to us for help with the content migration portion of site rebuilds and rebrands that they are working on, especially the hardest parts.

Similarly, clients will hire us for capacity building for migrations specifically. Agaric can provide a combination of services to give you the ability to get your website upgrade done well and efficiently. For example, we can train internal staff to be able to take on more migration and development work, without needing us. And we can also, at the same time, take on the most complex parts of the migration that do not seem likely to need repeating, or we can help where you get stuck.

Find It makes it easier for a small team in government to make sure that there are resources available for a variety of residents' needs.

We can look at the recent popularity of some widely used platforms like Zoom and ask ourselves some questions as to why we still use them when we know a lot of terrible things about them. Agaric prefers to use a free/libre video chat software called BigBlueButton for many reasons, the first one being the licensing, but there are many reasons.

Zoom has had some major technology failures, which the corporation is not liable to disclose. At one point, a vulnerability was discovered in the desktop Zoom client for MacOS that allowed hackers to start your webcam remotely and launch you into a meeting without your permission. The company posted a note saying that they fixed the issue. Unfortunately, the Zoom source code is proprietary and we are not even allowed to look at it. There is no way for the community to see how the code works or to verify that the fix was comprehensive.

The Zoom Corporation stated early on that the software was encrypted end-to-end (E2EE) from your device to the recipient's device. This was untrue at the time, but the company states that it has been corrected for users on their client app. While it is no longer true that E2EE is unsupported, it does require that you use the proprietary Zoom client for E2EE to work. Without E2EE, any data that is retrieved on its way from your computer to a server can be accessed! The only real security is knowing the operators of your server. This is why Agaric uses trusted sources like MayFirst.org for most of our projects and we have a relationship with our BigBlueButton host. The Intercept also revealed that Zoom users that dial in on their phone are NOT encrypted at all

BigBlueButton does not have a client app and works in your browser, so there is no E2EE. The idea for E2EE is that with it,  you "do not have to trust the server operator and you can rely on E2EE" because the model implies that every client has keys that are protecting the transferred data. However: you MUST still use a proprietary client in order to get the benefits of E2EE support, so once again you MUST trust Zoom as you have no permission to examine the app to determine that the keys are not being shared with Zoom.

Of course there is always the fact that hackers work day and night to corrupt E2EE and a Corporation is not obligated to tell you the customer every time there has been a security breach, and this information is usually buried in the terms of service they post - sometimes with a note saying the terms are subject to change and updates. A Corporation is not obligated to tell you, the customer when there has been a security breach" unless any personal information is exposed. There are now mandatory timely disclosure requirements for all states: https://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification-laws.aspx ...Can Zoom really be trusted? As with some laws, the fine that is applied is low and affordable and subject to the interpretation of the courts and the status of knowledge your lawyer is privvy to - meaning most Corporations normally have a battery of lawyers to interpret the law and drag the case out until you are... broke.

In the case of BigBlueButton encryption, E2EE would only make sense if there are separate clients using an API to connect to the BBB server so a user does not have to trust the BBB server operator. If the user trusts the server operator, then there would be no need for E2EE." Lesson learned: It is always best practice to know and trust your server hosts as they are the ones that have the keys to your kingdom. 

Some technology analysts consider Zoom software to be malware. Within companies that use Zoom, employers are even able to monitor whether or not you are focusing on the computer screen during meetings which seems excessively intrusive. Speaking of intrusive, the Zoom Corporation also shares your data with FaceBook, even if you do not have a FB account - that could be a whole blog in itself, but just being aware of some of the vulnerabilities is a good thing to pass on. Some of the bad stuff remains even if you uninstall the Zoom app from your device! Even though a class action suit was filed over privacy issues, the company stock still continued to rise.

Those are many reasons why we do not support Zoom. But there are also many reasons why we prefer BBB over Zoom. Besides, BBB has many great features that Zoom lacks:

1. Easily see who is speaking when their name appears above the presentation.
2. Chat messages will remain if you lose your connection or reload and rejoin the room.
3. Video is HD quality and you can easily focus on a persons webcam image.
4. Collaborative document writing on a shared Etherpad.
5. Easily share the presenter/admin role with others in the room.
6. Write closed captions in many languages, as well as change the language of the interface.
7. An interactive whiteboard for collaborative art with friends!

One huge advantage of free software, like BBB, is that you can usually find their issue queue where you can engage with the actual developers to report bugs and request feature enhancements. Here is a link to the BigBlueButton issue queue.

So, why do people keep using a platform like Zoom, even though there are many features in BigBlueButton that are much better? 

There is very little publicity for free software and not many know it exists and that there are alternative solutions. You can find some great suggestions of software and switch to it by using this site called switching.software. The marketing budget for Zoom is large and leads you to believe it has everything you will need. Sadly their budget grows larger everyday with the money people pay for subscriptions to the platform. As a result, many people go with it as it is already used by their friends and colleagues, even though there are reports of irresponsible behavior by the Zoom Corporation. This is why the New York school system does not use Zoom and many organizations are following suit. The company gives people a false sense of security as it is widely used and very popular.

Of course, there are reasons to avoid other proprietary chat platforms too...

Agaric offers BigBlueButton for events and meetings. Check out our fun BBB website at CommunityBridge and test drive the video chat yourself!

If this discussion interests you, please share your thoughts with us in the comments.

Looking to learn more about problems with Zoom? There are a lot of articles about Zoom scandals.

• If you need to leak a zoom video without being identified, you need to be very careful!
• Zoom censorship of Palestine seminars sparks fight over academic freedom
• Zoom encryption is not suited for secrets
• Zoom is unclear about whether or not the app is actually end-to-end encrypted, which it isn't.
• And, yes - the wikipedia page has a good summary of some issues
• Stallman provides resources on what is bad about Zoom also

Looking to learn more about protecting your privacy online? These links have some helpful information and videos for tech-savvy people and organic folks alike!

• The Hated One
• Rob Braxman Tech
• Safe Services

2021 could be the year we all begin to STOP supporting the Corporations that oppress us. 

Special thanks to Keegan Rankin for edits!

This goes well beyond an organization's web site, of course. Web developers may be the ones to introduce it to organizations, though, so we should be prepared. Here's the gist.

Organizations must request any personal data in clear and plain language describing the specific pieces of information and how it will be used, such that consent can be given freely and unambiguously through an affirmative action.

This means you need to be always thinking of why you are collecting information, and not collecting information you don't need at all, and deleting any personal information you no longer need. You can collect nearly anything if you get clear consent, but if you have a legitimate business interest for the data you collect, you'll have even fewer requirements, and the people who use your site or service will have a smoother experience.

You further need to allow people to export their personal data, to rectify inaccurate data, and to challenge decisions you make on the basis of their personal data. If you don't have a legitimate business interest for the data (or it's overridden by people's rights), then you must also provide a mechanism for people to erase their data.

If your business interests involve spying, lying, or trying to manipulate people into bad financial, personal, and political decisions— maybe re-think your business. At the very least, try to avoid becoming part of the infrastructure for a police state.

It's GDPR day, a wonderful opportunity to think ethically, and explore another way to put your customers, clients, or constituents first!

Resources

From most thorough to most practical.

• The whole regulation
• The regulation, as a web site, with a page per section
• A quick-read news article on the likely implications
• The business case for complying when not legally obligated
• Official document "The GDPR: New Opportunities, New Obligations" (PDF)
• UK information commisioner's guide to GDPR for small and medium organizations
• Guidance: Legitimate Interest Assessment (PDF)
• Privacy policy recommendations
• General Data Protection Regulation Drupal module, with a built-in checklist and tools for tracking and deleting sensitive data