Working in the Asian context
intros
- independent media – censorship, safe communications, testing different tools to see how we can do our jobs safely
- interested in learning more – have supported a few projects in SE asia. Project in tokyo that taught new approaches to UX
- tor – what is and isn’t working. Combining training with UX mostly in indonesia. Continue the work and the learning
- relocated to japan – does organizational security work but now discovering asia isn’t heard in many contexts. Eg; timezones and so on. How do we lift up the needs of asian activists and NGOs?
- working with ngos on digital sec in hong kong. Surveillance capitalism vis a vis authoritarian govts. Huge cultural contextual difference between the global west and asian countries..
- access for actual communities to novel circumvention tools / tech is still difficult – how can we develop these tools better to serve those most impacted?
- digisec trainer and helpdesk manager in thailand. Security Matters. Digital rights in thailand. Always translating training materials to the asian context. Advocacy – actual relationships with CSOs on the ground. Facebook – notifies of state-sponsored attack on organizers’ facebook profiles, shutting them down before a protest event
- wants to include more UX in asian digisec trainings, incorporating feedback from users, how they feel about the tools.. attended a tor training in hong kong
- working on decentralized identity things in berlin, dweb community
gap has been ongoing for a long time (between western and asian contexts)
challenge is how to deliver feedback to the western countries. Non-technical but still working to provide digital security knowledge to folks on the ground, activists. Testing different tools but without deep knowledge of them, the risks, etc
- how to communicate to the big tech companies? Eg Signal – police arresting human rights journalists using Signal. Demanding users input their passwords and then scrape their contacts/content.
- mobile vs desktop versions are different. Not deleted in the same way – easier to recover data from the desktop version. Registration linked to real ID phone # so makes it easy for authorities to trace entire groups.
- pressure to submit password is intense, nearly impossible to circumvent. Target entire communities of human rights defenders and their friends. At least 70 people have been corrupted by the police. Need to address this urgent case – how can we entirely delete the information? Still a persistant signal file on the laptop, difficult to clean the computer completely. Made guidelines for people on how to do this – tried to communicate with them directly.
- eventually made a patch for erasing history, but
how do you share updates with users?
- in the groups. Challenge is devices can be confiscated, and contacts garnered
- logins to desktop app to track activity on phones over signal
magic wormhole – things outside the tool itself were most important. Eg; where do you save the file? What is the source and is it trusted? Many tools don’t consider these other factors tat put folks at risk
- assumptions underlining tool dev’t are western-biased underlining surveillance capitalism which is not the reality in asian contexts. Not thinking in the way HR defenders in asia need.
Barriers to providers (infra, tool) to opening up their assumptions to incorporate the realities in asian civil societies. Every place just a different america
- barrier is understanding the context and culture.
- teams legally recruited by big tech often hire regional folks who are aligned with the national interest in eg thailand
- laws are problematic for many companies. Did the facebook oversight board have any effect? No.
- trust safety content moderation are super messy. No idea if there’s a local team moderating in alignment. Eg when social media accts of journalists and HR defenders got blocked for no reason – that is lack of user feedback loop. Issues of trust and safety, no channel of communication at all
- did well at self-training but less so at documentation. User feedback loops – how to speak directly to the developers. Collecting and communicating feedback – how can we approve these feedback loops?
- tor started a more intensive process of feedback loops around 2017-2018
- promoting and testing alpha builds with user feedback cycles and surveys
- localization lab can support – we are all acquainted and they are great :)
- difficult to get good feedback because target users are busy with their activism. That;s why trainers are so important – paired activity for those not intrinsically motivated by technology.
- need to better hold non-text feedback, since written lang can be so challenging
- feedback channels need to consider highly the risk of those doing that labor in difficult contexts. For us
- not difficult to do that communication, but the final link between groups and tech companies is challenging. So many companies try to support this – the main challenge for the companies / orgs is finding the right people and orgs working on the grounds to collect this feedback and convey it
- our responsibility in the asian context is to respond to and keep our people safe.
- in china most people still just use wechat – signal for the HR defenders.
- long-term dialogue. This is just a starting point – after the event, see how we can create more space / convo about this for orgs and activists in asia.
- very open to all who want to support. Gap is huge, we need more people to contribute to these conversations
- user feedback experience very community-based. Collecting their feedback about how they feel, is it useful. Did this for Tor, Signal, OONI, attempted with Telegram but they didn’t respond. How do we balance the power embedded in who leads those conversation.
- when isabella joined tor there were no UX / design teams. A problem is that these projects are not long-term sustainable.
- uplift the open source design movement – those teams are not talking with each other (designers) – then the burden is on the users to repeat this feedback to every project
all of these messenger scorecards.
Always getting into the weeds of the security when we should start broad. Do they listen to feedback? Is there a mechanism for providing it? If you can’t contact the devs they should be rated low. Beyond the fetishization of the codebase into how they exist in the ecosystem of support
always has to come back to the community and the circle of devt
- how do better incentivize / create better structures to demand these kind of feedback loops as critical and necessary ongoing work?
- word of mouth still more secure than any tools
- empower the local ambassadors on the ground
mapping out these gaps in all the existing tools for various asian contexts.
- What are other asian countries whose needs are not being served?
- localized, regionally-contextualized work. Access Now for instance in the philippines.
- Feedback cycles w/ users on the ground
- Localized training and feedback not always textual
- UX design teams need to work together better so burden is not on users to replicate their feedback to one tool provider after another
internet shutdowns – from asia to iran to africa and beyond
- what are the tools?
- what are the problems?
- sustainable feedback channels