I’ve taken the liberty to start investigating, building and showcasing a possible platform configuration based on aforementioned considerations which has resulted in the following experimental setup. Within this topic you’ll find a justification of technical design choices.
Details about the organisations and elements used can be found below.
Hetzner is a privacy and environmentally conscious provider, offering infrastructure as a service on European data centers with a high degree of customisability at low cost, allowing automated setup of self-managed virtual server clusters, with good professional support and an active user community.
Alternatively, I would consider Infomaniak to be an excellent cloud provider located in Switzerland.
Discourse started off introducing the concept of threading as the basis for an online forum and has grown into a versatile communication platform allowing users to choose their own preferred means of communication for participating in online discussions. It allows private discussions based on managed group membership and also open membership discussions keeping out spammers with sophisticated trust levels depending on track record of engagement within the particular online community. It is an open source GNU General Public License, version 2 platform that can be self-hosted, customized and maintained and comes with plugins and API’s for integration with other cloud services. It has the functionality build in to provide subscribers the right to access, to rectify inaccurate or incomplete, and to the erasure of personal data.
Cohabitat is a global database of community-led housing projects where initiatives can add and maintain publicly available data about their projects. This database has a wordpress plugin allowing to select and show information about them them on a map.
Murmoriations is a protocol for the maintenance of distributed data using a collectively agreed information structure and also comes with a Wordpress plugin able to aggregate and show this information on a map.
So there are several community maintained databases and protocols available to store information about associated housing cooperatives. They all deserve some testing on adequacy, integratability and interoperability.
Gluu is a versatile identity provider that’s open source and can be self-hosted.
Currently Discourse is used for Authentication and Authorisation on all platform apps, but a separate dedicated identity provider probably gives superior security and functionality.
Co-op Credentials is a group of co-operatives working on identity management for co-operative memberships using verifiable credentials. They introduce a secure portable identity framework that has been build with support of the EU-funded European Self-Sovereign Identity Framework Lab. Those developments give rise to interesting new possibilities and questions about credential issuing and the selective disclosure of information. One of the state of the art technology developers Mattr made a short introduction to the concept of a Decentralized Identity Ecosystem. Although it is desirable to have more control over personal data sharing, it might - just like the permissions for myriads of internet cookies - also become a drag to continuously have to define who is or isn’t allowed to have access to some data. A user friendly platform probably would allow its users to define several circles of trust with preset permissions.
The system policies for the current virtual server where discourse has been installed state that the limit of 500 emails sent per hour must not be exceeded. With a lively discussion on a forum, combined with the functionality for users to participate in group discussions using email, quickly gives rise a large amount of emails being sent by the server platform.
Exceeding the current limit, one alternative would be to upgrade to one of the managed server offerings from Hetzner and another would be to use an external mail relay, some GDPR compliant examples of the latter are :
The Mailjet API is GDPR compliant
Some other alternative would be to use
The Brevo API is GDPR compliant
Laposta is yet another GDPR compliant mail service that comes with a convenient Wordpress plugin for the distribution of newsletters.
All options for sending larger amounts of email seem to add some expenses to the current low cost solution. Outsourcing mail delivery probably is a good idea anyhow because attaining and maintaining a good reputation on the internet for the provision of mass mail services (i.e. preventing that those messages will be qualified by receiving email servers as spam) requires constant attention. A mass mail service in cooperative ownership has not been found though. But there is choice between several good service providers at fair price levels and the technology does not seem to present a risk for vendor or network lock-in, so the necessity to have end user voice in strategic decision making seems less pronounced.
For GDPR compliance of the platform it would still be necessary to sift through the data processing agreement of the chosen external mail provider and inform platform users about the handling of personal data (names and email addresses) by them.
Currently Sign On (SSO) authentication and integration of Discourse is being tested with two other virtual servers: an instance of Nextcloud AIO and Wordpress
Nextcloud started of as privacy friendly cloud storage and is growing into a modular and versatile online collaboration platform. It has exemplary formal design principles, defining the collective goals, values and moral standards of their community of developers and users.
The current instance of Nextcloud AIO on cloud.cooperativehousing.eu is installed together with Collabora as collaborative Online Document Editor.
Protection of sensitive data on nextcloud can only practically be achieved in combination with strict rule based authorization and permissions on selected storage folders. Being investigated is the possible self-management of those folders by mandated representatives of member organisations and their identification and authorization by discourse.
Another practical requirement to allow protection of sensitive data on nextcloud would be to be able to prevent users from downloading to their own devices (the contents of) any document labeled as privacy-sensitive. For the storage to be useful, authorized users would nevertheless need to be able to view and edit those documents. Being tried out are the possibilities to do with Collabora Online Development Edition (CODE) and the other tools combined in Nextcloud All-In-One
It is good practice to make use of references in texts for the specification of information sources and the attribution of creative ownership, but it can be a drag to find and properly cite information sources without a reference manager. Zotero is a handy open source reference manager available under the Affero General Public License capable of sharing library items in user groups and comes with plugins for Collabora and Wordpess. Maybe its use could also be expanded to serve as a attribution and licensing backend for all creative content on a platform.
Wordress, licensed under the GPLv2, is running on a Hetzner managed webhosting server, and is currently being tested with DiscourseConnect for SSO, permission management for multiple organisations doing content management on a central web site and the integration of discourse forum topics into wordpress pages.
Being investigated is the possible self-management of particular sections on the website by mandated representatives of member organisations and their identification and authorization by discourse making use of the freemium version of PublishPress. This plugin is available under GNU General Public License and allows the configuration of fine-grained user permissions within wordpress.
Making use of the Askimet API for spam filtering is GDPR compliant. It is one of the ventures of Automattic, a global distributed company registered in the USA. At present the site can be considered personal, allowing the use of a free API key. When transferring ownership of cooperativehousing.eu to a legal entity it should be disabled or switched to a payed subscription for professional or commercial sites. With strict user authentication and credential management, this is perhaps a redundant function.
Full multilingual support for websites comes as a paid plugin for Wordpress. To reduce costs it has not been implemented yet but compatibility with wpml will nevertheless be a requirement in the selection of theme’s and plugins for wordpress.
Deepl is a European translation service with high security standards. But the free version of the Discourse API does not guarantee GDPR compliance when the texts that users send over to Deepl for translation include personal data. Automatic translation of forum posts is currently disabled. With a paid Deepl Pro license the privacy aspects of integrating access to automated translation services to the forum could be improved.
I use bitwarden is in combination with 2FA hardware keys for safe storage of the keys and secrets used in the project. It is an open source secrets manager that can be self hosted. I make use of a personal payed subscription for a managed vault located within Europe, because it gives more peace of mind when my storage is monitored and maintained full time. Bitwarden offers a stringent GDPR compliant security policy.