About us

Security research and analysis

Most of the current AI offerings on the market can identify associations in large quantities of data, but can not work out complex phenomena of cause and effect or identify modifiable factors that can engender desired outcomes. Yet. We don't know what is more dangerous, a world run by Black Rock Aladdin like machines as if they can, or development of machines that can and then making ourselves dependent on these even more.

Systems thinking on the other hand, revolves around understanding correlations, causes and effects and is more than just a handy collection of tools and methods to explore complex systems with – it is also an underlying philosophy, an awareness of the role of structure in creating what we face, of powerful patterns operating on us, and of consequences of our actions. We use (adapted) systems thinking to include that which often gets overlooked.

Decision analysis the Satir way, has proven practical in tackling even the most complex problems, making it easy to compare (the possible effects) of decision alternatives.

Security effectiveness training

It all depends: On who the adversaries are, on the context, on what information needs protecting, on the assets (networks, software, data and information systems, development environments), on what is considered in scope and what not, and on the people using the system (i.e. the individuals working with the definition, implementation and maintenance of security policies), and whether lives depend on it or not.

For example, the design of digital defence for (W)HRD, Land, Nature and Earth rights defender cases is hard. Beneficiaries are often highly vulnerable, with critical security and protection needs that complicate any kind of support. The power dynamics between marginalised people(s) and the organisations serving them can complicate matters further. Not to mention cultural differences, often with a historical record of colonisation. And low levels of technology adoption and digital literacy mean that in many such contexts it can deepen dependencies on any support system. Having been raised Montessori, our approach is to involve (W)HRD people themselves in the design of Montessori type training with hands-on exercises and additional fun role-plays that raise awareness on problems and allow for exploring solutions that fit the context.

Especially role-plays in which people play the role of the adversary can be quite enlightening and open the door for more overlooked solutions. This has lead us to adopting red teaming and adapting it to colourful teaming for including more directions (and mindsets). Its success depends on coalition building and threat modelling, a process by which potential threats can be identified, enumerated, and prioritised – from a hypothetical attacker's point of view. With a systematic analysis of the probable attacker's profile, the most likely attack vectors, and assets most desired by an attacker, defenders can focus on what is most important to protect.

Organising and facilitating group processes

  • Retrospectives are useful for learning to learn without making mistakes: That is, to be willing to make mistakes (not always playing safe), to not repeat the same mistake over and over again, to learn from the mistakes others make, and to learn from the mistakes of our teachers/mentors/coaches.
  • Scenario planning is a way of studying tracks for understanding the dynamics that might shape the future.
  • Open Space is a known technology for making waves, raising awareness, and grounding further (privacy and security) work.
  • Network protocols: TCP/IP, SDH, SONET, Ethernet; Smartcard: ISO 7816, PC/SC, OCF
  • Computer languages: Hex, assembly, Ada, C, C++, Lisp and Prolog; Getting started with Python in our playground
  • Databases: Oracle, CSP
  • Reinica: MSc Major: Structural geology; Minor: Computer science
  • Nina: Engineer applied mathematics; MSc: Information technology
 /ut7 est une coopérative auto-gérée par ses salariés, une société de conseil en informatique et un organisme agréé de formation. Elle héberge depuis 2008 un collectif de programmeurs expérimentés se réclamant du mouvement des méthodes agiles de développement logiciel, et disposant d'une très solide expertise sur le sujet. The tracking.exposed group operates in the intersection between technology and politics. Search engine for IPFS

The confluence of surveillance and censorship, tight(er) regulations such as the GDPR, and lack of knowledge in using existing “free technologies” which improve privacy, security and quality of internet research for a specific context, its people and purposes, can undercut NGO effectiveness. Meanwhile, the data-mining and privacy and security business is booming and the siren song of certainty tempts people into wasteful spending and poorly informed decision-making, that is, if there even is such money to spend. Therefore we prefer to serve:

  • Small NGO organisations which are working to protect freedoms as described in the ICCPR and/or digital privacy as described in the GDPR.
  • Small businesses and independents with a focus on autonomy enhancing products and services, for example on passing on permaculture practices or on supporting equally privileged, equipotent participants in collaborative goals.

IT businesses, especially the security sector, over-charge the public sector and it annoys the %$#@ out of us, hence we set a not-for-profit price point for NGO's, and for everybody else our price is negotiable and depends on state and purpose of client and our personal (financial) state. In some cases where lives are at stake and people already marginalised to the point of having no resources at all, for example in the case of land right defenders for whom there is no funding available, our service can even be for free, just contact us. And in all cases, if learning is required to provide a service, in no way does a client ever pay for such learning hours, only for the actual service.

Selling without the siren song of certainty is a hard sell, not an impossible sell. Those that want to pay a lot for false feelings of certainty and security based on impressive on-the-spot wizardry are better off elsewhere.

Small organisations or individuals that want service with integrity, to the best of our abilities and to be informed of its limitations, possible errors and omissions, for a decent hourly rate that doesn't rip wallets to shreds, contact us for more information.

  • Last modified: 2020/03/16 20:03