How Civil Society Organisations (CSOs) in Russia can work in a new digital reality
All is not lost: how Civil Society Organisations (CSOs) can align their work in a new digital reality
14 March 2022
The Social Information Agency (ASI) and Blagosphere Media Centre’s joint venture, Media Club discusses how CSOs should prepare for new digital conditions, including how to secure their website, which services will assist their work, and if there is a threat of a complete network outage.
Step one: Create a tunnel
Web developer and founder of the Anna Ladoshkina Bureau Studio, Anna Ladoshkina, advises CSOs to download a virtual private network or a VPN. This is a secure encrypted connection that allows a user to bypass local restrictions and maintain confidentiality online.
Ladoshkina explains that “a VPN is a tunnel between your computer and the Internet. Special services make this tunnel as secure as possible and choose optimal routing of access”.
According to Ladoshkina, it is better to download several VPN programs. This is in case of a shutdown, or complete Internet outage. If one of the services shuts down or stops working, you can still access the Internet with one of the other services.
Ladoshkina suggests reading the VPN installation guide. It points towards a selection of trusted services and has an FAQ section.
You can also try to create a personal VPN. The Amnesia VPN service allows you to create a tunnel on your own service network without disclosing any information, even to VPN providers.
Step two: Keep communicating
It is reasonable to consider transferring over to communication services and social networks that continue to work in Russia and have no plans to impose sanctions on users. The most popular option is Telegram.
“Telegram has worked under sanctions before, so it will likely continue to work. It has already proved itself in the fight against regulation, so this is a reasonably dependable platform”, says Anna Ladoshkina.
There are also foreign messenger applications that can be good backup options including Signal, Delta Chat and Tox. Don’t forget email either, as this is a great opportunity to send out electronic newsletters and keep supporters in touch.
Step three: Keep up to date
The first thing that may cause difficulties in the running of an organisation’s website, is its unique online address, or domain name. The worst thing that could happen here is domain partitioning. This is when the domain registrar terminates the contract, and the domain owner loses the right and technical ability to administer it.
“But so far, the domain registrars are taking a neutral position and there is no real threat. There are however positions of individual registrars who declare that they will not serve Russian domains. It is worth monitoring to see if you specifically need to duplicate your domain names with Russian registrars”, advises Ladoshkina.
If a CSO has a contract with foreign registrars, it may be difficult to continue paying for the domain. Therefore, if possible, it is worth paying for the use up to two years in advance.
The second thing that may cause difficulties is a Secure Sockets Layer (SSL) certificate. This is a security technology that provides an encrypted connection between the site and the browser, preventing malicious sites from intercepting user data.
The best thing to do is monitor all possible changes in this situation. Organisations can use the table of information on the Core App website. It contains up to date news about services that have been shut down, ceased working, and continue to work in Russia.
Similar challenges may arise with hosting domains. Ladoshkina advises subscribing to the company’s newsletter and monitoring its work to understand what problems it may face. It is worth changing a domain host only as a last resort as it is very resource-intensive and difficult.
“So far, the position in most cases is balanced and neutral. People from different countries participate in the creation of open-source products. And they have always got along with each other, and the use of products continues in different areas”, the developer notes.
Step four: Secure your work
Similar difficulties may arise with name servers that contain the information necessary for the proper operation, functioning and display of an organisation’s website.
“There is an additional threat with Distributed Denial of Service (DDoS) attacks, which are now being purposefully organised on Russian resources. If you use the servers of a well-known Russian registrar which is also used by large state resources, you could be in danger of being caught in the middle”, explains Ladoshkina.
To secure the operation of an organisation’s website they can use name servers designed to protect against DDoS attacks. For example, the Deflect service works for free with social and non-commercial projects.
Backups, copies of data that contain all site information from design to texts, will also allow you to save information. This will enable an organisation to completely restore its web page in the case of a DDoS attack.
Step five: Checklist
“The probability of us making a mistake is much higher than someone coming along with a hammer and smashing everything up on purpose. Therefore, using this situation as a precedent, it is worth bracing yourself and checking if everything is in place”, advises Ladoshkina.
The developer has compiled a checklist for CSOs:
- Link accounts to both phone and email. This means that if one of them is unavailable, access can be restored using the other.
- Check account access. Do you know all your passwords? Are all accounts linked to active email addresses?
- Make a backup copy of your website.
- Subscribe to newsletters of domain providers.
- Pre-emptively prepare and download any essential data.
- Test out alternative services.
- Introduce alternative means of communication into your daily work.
- Use computer programs that also work offline.
Step six: Get up to speed with third-party services
In addition to websites and social networks, there are problems with third-party services that CSOs use. Now that there are more and more difficulties in paying service providers, there is a risk of losing access to them.
The best way to prepare for this risk is to pay in advance. This way the programs will continue to work until the subscription expires. If said service is not critical for the work of a CSO, Ladoshkina does not advise buying their subscription for a long time in advance and suggests prepaying for a maximum of three months. During this time, an organisation can search for a suitable replacement or decide on a complete phase-out of the third-party service.
The second risk is the refusal of companies to work with users from Russia. There is no universal solution. CSOs can try to extend their use via VPN, but we don’t know how long this will work.
If an organisation offers services on a certain social network, for example, conducts live broadcasts on Instagram, which is currently blocked in Russia, then communication will be impossible. You should look for a replacement social network to use.
Changes in the operation of donation services and banks
- Leica is a plugin for crowdfunding and collecting donations on the site continue to work.
- Payment aggregators work according to new banking rules which are technically unchanged.
- Russian banks operate depending on sanctions. Ladoshkina advises duplicate accounts in banks that are not subjected to strong external pressure.
- Look for alternative ways to attract donors. For example, you can use crypto wallets, but before that, you should weigh up all the pros and cons.
- Donations from abroad are getting more and more problematic but this is beyond CSO’s control.
Step seven – Keep calm and stay in touch
In addition to the technical issues, CSOs shouldn’t forget to prepare their audience. First and foremost, they must launch an information campaign to tell their audience how to find them outside of blocked social networks.
Communication channels can be duplicated. Creating a multi-channel presence is an opportunity to be safe because we don’t know which networks will be shut down tomorrow or whether new ones will spring up. Therefore, it is not worth abandoning channels where there is usually an audience for an organisation.
If the CSO hasn’t communicated with the audience via email newsletters recently, now is the time to return to the email marketing format.
“It has not yet been possible to completely cut off local area networks (LAN), even when there were complete shutdowns. A complete shutdown won’t work forever. Everything is so interconnected that no matter who cuts it off, it will always find a way to maintain some kind of connection”, concludes Ladoshkina.
Translated by Ysabelle Smith