Initial research question: “What are the most effective governance and administration models/structures in place on medium-to-large sized Fediverse servers, and what infrastructural gaps (human and digital) persist?”
Our rationale at the project’s outset: “The Fediverse’s rapid expansion brings both opportunities and multifaceted risks. Our research seeks to identify current server administrators’ most promising models for mitigating those risks and outline the biggest and most important gaps in risk mitigation, with the aim of helping the broader Fediverse level up governance quickly, safely, and collaboratively.”
We were drawn to this research question because the socio-technical aspects of Fediverse governance often seem opaque from the outside—from outside any given server, and especially from outside the Fediverse. Most servers offer some documentation about their practices and a few offer extensive explanations and policies, but whole swathes of knowledge about the aspects of server management that extends beyond the more purely technical concerns of hosting, provisioning, and technical upkeep exists only as insider knowledge.
Above all, we wanted to understand more about what happens behind the curtain of Fediverse server operation, and distribute this knowledge widely to help other server teams level up together—and perhaps to uncover characteristics of server governance that might be meaningful to others trying to build sustainable alternatives to centralized commercial platforms, whether on the Fediverse or elsewhere.
DEF CON Franklin will infuse research from the hacker community into national security and foreign policy debates. We aim to lift up groundbreaking work happening across villages and deliver this critical research to key policymakers across the globe. Furthermore, Franklin will enhance DEF CON community impact to actively promote democracy, justice, and human rights. Aside from policy work, Franklin will establish a mechanism that empowers individual members of the DEF CON community to volunteer at under-resourced organizations supporting our critical infrastructure.
As an independent non-profit organisation, EU DisinfoLab gathers knowledge and expertise on disinformation in Europe. Through putting together research, investigative work and policy acumen, EU DisinfoLab is an active member of, and supports, a passionate and vast community that helps to detect, tackle, and prevent information disorders endangering citizens’ integrity, peaceful coexistence and democratic values.
AWS Kill Switch is a Lambda function (and proof of concept client) that an organization can implement in a dedicated "Security" account to give their security engineers the ability to delete IAM roles or apply a highly restrictive service control policy (SCP) on any account in their organization.
The actions you take with this tool are one-way operations. Do not test/experiment in production. Any SCPs applied or IAM roles deleted will remain in this state until manual action is taken to remove the SCP or recreate deleted role and/or policies. Ensure that you have the the ability to reverse these changes and incorporate the appropriate steps in your incident response playbooks.
If you need to lock down and lock out an AWS environment, this will do it for you, but it's the nuclear option.
The Movement Advancement Project (MAP) tracks over 50 different LGBTQ-related laws and policies. This map shows the overall policy tallies (as distinct from sexual orientation or gender identity tallies) for each state, the District of Columbia, and the five populated U.S. territories. A state’s policy tally scores the laws and policies within each state that shape LGBTQ people's lives, experiences, and equality. The major categories of laws covered by the policy tally include: Relationship & Parental Recognition, Nondiscrimination, Religious Exemptions, LGBTQ Youth, Health Care, Criminal Justice, and Identity Documents.
Click on any state to view its detailed policy tally and state profile, or click "Choose an Issue" above to view maps on over 50 different LGBTQ-related laws and policies.
Capital Research Center conceived of this project after identifying a need for more fact-based, accurate descriptions of all of the various influencers of public policy issues. Many so-called “watchdog” groups are instead opponents of the outlets they are watching. Armed with 30-years of research and data on advocacy organizations, foundations, and donors, CRC utilizes a universe of well-trained contributors to help build the individual and organizational profiles that populate the website.
CRC has a perspective on the public policy process as well, but this resource is more important than that. We let the information speak for itself—information that frequently is not cited in reports about these individuals and organizations.
InfluenceWatch strives to be comprehensive, and profiles are frequently updated and written in a manner that’s accurate and measured. InfluenceWatch brings unprecedented transparency to the funding, motives, and interconnections of the entities profiled.
The InfluenceWatch team constantly edits published profiles to present up-to-date facts, add new connections, provide more information or context, improve sources, and otherwise strengthen the value of all of the information on the website.
The increasing risk that the Supreme Court will overturn federal constitutional abortion protections has refocused attention on the role digital service providers of all kinds play in facilitating access to health information, education, and care—and the data they collect in return.
In a post-Roe world, service providers can expect a raft of subpoenas and warrants seeking user data that could be employed to prosecute abortion seekers, providers, and helpers. They can also expect pressure to aggressively police the use of their services to provide information that may be classified in many states as facilitating a crime.
Whatever your position on reproductive rights, this is a frightening prospect for data privacy and online expression. That’s the bad news.
The SANS Institute's sample security policy documents, which are free to use as frameworks or templates for more specialized security policies.