I am helping a newly formed (non-violent) activist organization set up some of their technologies with privacy and security at top of mind. They have given me some high level requirements/use cases and I have some ideas but I am primarily looking for feedback on the best potential tools they could utilize to meet their needs. If there is critical information missing that could help please let me know and I’ll do my best to provide answers.
Broadly speaking this is a small US-based political organization with very little technical experience or resources that is mainly concerned with government entities spying on their communications as well as their financial activities. Their primary use cases are the following:
- A privacy focused email service provider
-
They need to be able to send bulk emails to mailing lists they maintain with greater than 250 recipients and receive (both PGP encrypted and non-encrypted) replies at this address.
-
The provider should prioritize minimal user data collection or sharing (ideally they’d love to be anonymous to the provider), be open source, allow for semi or totally anonymous billing options, and be resistant to US government warrants.
-
Proton, Startmail, Riseup, any others come to mind?
- Listserv functionality/Collaborative Message Boards
-
They want to be able to collaborate with other members of the group and allow for both private DMs as well as group discussion threads on various topics.
-
Users should be anonymous to outside observers/other users and ideally both users and admins should be anonymous to the platform provider. But admins should be able to see profile information about users (the email address they signed up with for example).
-
Users should not be required to use SMS for sign up nor MFA (they will have non-US group participants plus obviously there are security concerns with SMS).
-
They want membership to some parts of the message board to be by invitation only while other threads could be public facing but with limited access for those users.
-
Everything should be E2EE and open source, ideally audited as well.
-
Because many users will prefer to see updates via email they would like listserv or similar functionality (both being notified and ideally being able to reply to a thread via email and have everyone on the thread or list be notified).
-
I am not sure any 1 provider can support all of this, but so far it seems like Element or Status would come the closest?
- The Ability To Receive Private Donations
-
They want non-technical users to be able to easily donate online without corporate or government entities being able to connect donors to recipients.
-
I know this one is tricky but I want to emphasize that the priority is “private” donations, not necessarily anonymous. Donors and recipients can know who one another are. Government/Corporate entities can know that someone is receiving funding as long as they can’t see from whom they receive it from. And those entities can see that someone is donating money, as long as they can’t figure out where it ends up going.
-
Donors will not treat these donations as tax deductible, there is no 501c3 association.
-
Recipients will be US based, but donors may be from non-US countries.
-
… GNU Taler? Coindrop? Silent Donor? StealthEX?
All advice welcomed and appreciated.