Show Sidebar Log in
Commons In A Box Logo
  • Home
  • About
    • Project Team
    • Logos and Graphics
  • Showcase
    • CBOX Classic Showcase
    • CBOX OpenLab Showcase
  • Demo
  • Get Started
  • Documentation
    • Technical Guide
    • CBOX Classic Guide
    • CBOX OpenLab Guide
  • Support Forums
    • CBOX Classic
    • CBOX OpenLab
    • Developers Forum
  • News

Group Admins

  • Profile picture of Scott Voth

CBOX Pioneers

Public Group active 1 year, 5 months ago

Early adopters of the Commons In A Box share their experiences, provide links to their sites, and suggest improvements.

CBox suite and FERPA

Tagged: security

  • This topic has 4 replies, 4 voices, and was last updated 9 years, 7 months ago by Matthew K Gold.
Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • August 8, 2013 at 8:36 pm #3359
    Dale MacDonald
    Participant

    A combination of the various bbpress/private/hidden discussions and rumblings I’ve heard around campus have raised some questions in my mind about how to get CBox to pass a FERPA-oriented audit. Has anyone who is using CBox for classwork tried to get their institution to stamp this particular suite FERPA compliant?

    Dale.

    August 8, 2013 at 8:42 pm #3360
    Matthew K Gold
    Moderator

    I don’t think that there is cause for concern, Dale, aside from the
    BbPress bug. That bug is obviously major, but it will be fixed and
    aside from that, I’m not sure what cause there is for concern.

    August 9, 2013 at 8:01 am #3364
    Bowe Frankema
    Member

    Which issues could be a game breaker for Ferpa? Like any software there can always be some privacy issues if you run the software “out of the box”. But WordPress/BuddyPress/CBOX + our vetted plugins have proven themselves as being relatively safe. I’ve done many projects over the last year and so far it has proven itself to be reliable and safe. That being said I’m sure our team would be all over it if something causes security/privacy issues!

    August 9, 2013 at 8:14 pm #3383
    visionsynergy
    Participant

    @mrdale, I am not involved in academia (though I used to be a departmental director at Azusa Pacific University), so my own concerns are not with FERPA or any other legal requirements. My concerns are a little more at the people-might-be-thrown-in-a-North-African-jail-and-disappear-forever scenario.

    In our CBOX based community, many of our intended participants are humanitarian activists in various parts of the world. I work with a niche consulting firm that builds and advises partnerships/networks of faith-based nonprofits in more than 80 countries. Altogether, more than 2000 different organizations are involved. We are building our community for the leadership of those networks/partnerships. Over 3000 individuals have signed up to our launch list.

    One of the promises we have made to our constituency is that while we want to facilitate free and open communication, we will also pay serious attention to the security & privacy of the community. If people want to form and join what they believe are private/hidden groups, then those conversations should remain private. If people want to create collaborative docs or attach files, those documents and attachments should be locked down.

    So far, it’s a little touch-and-go, to be honest. As you’ve already seen in the help&support forum, there was a known issue with bbPress forum visibility settings for private/hidden groups:

    https://commonsinabox.org/groups/help-support/forum/topic/private-group-forum-posts-visible-in-public-feed/#post-3303

    I think some other security areas to pay special attention to are file attachments/sharing, the docs/wiki component, and group administration. Depending on your plug-ins and configuration, attachments (to docs/forums) can be exposed to the public. Group association, ownership, and visibility of the docs/wiki pages can be fiddly. If a private group is deleted, its associated docs and forum still exist, so there are constant admin cleanup tasks that must follow. I’m sure the list is much longer, but those are the big red flags on my list at the moment.

    After getting my site into a somewhat stable state, my next plan is to hire one of the white hat certified ethical hackers we know to bang away on the site and see if there are other security/privacy issues.

    In the end, it all comes down to trust. Your students, clients, or constituents trust that you (as the sponsor of the community) will keep the community platform secure and private. In my case, there are no second chances. So I’m taking a much more cautious approach now.

     

    August 9, 2013 at 8:44 pm #3384
    Matthew K Gold
    Moderator

    @visionsynergy: Like you, I think it’s vital that private interactions and
    documents be kept private; as you note, this is at the root of the trust
    that site members place in their online communities. On the CUNY Academic
    Commons (the project from which CBOX emerged), we have always given any
    privacy-related bugs the highest priority and have addressed them
    immediately. And our team has done the same on CBOX, as shown by the very
    comment thread you pointed to.

    We can’t promise that our software will be free of bugs (all software has
    bugs, though the owners of proprietary software projects tend to be less
    than open about them) — and it’s notable that we’re dealing with a complex
    system that involves a number of constituent parts (WordPress, BuddyPress,
    and BbPress) whose new versions occasionally cause hiccups. But in order to
    address bugs, we need to hear about them. I encourage you or anyone else
    working with CBOX to let us know about any privacy-related issues you find
    — either by posting here or on github — so that we can resolve them.

    Best,

    Matt

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.
Log In
Group logo of CBOX Pioneers
  • Home
  • Forum
  • Announcements
  • Docs
  • Members 71

Groups

Newest | Active | Popular | Alphabetical
  • Group logo of CBOX Classic Support
    CBOX Classic Support
    274 members
  • Group logo of CBOX Pioneers
    CBOX Pioneers
    71 members
  • Group logo of CBOX Developers
    CBOX Developers
    40 members
  • Group logo of CBOX OpenLab Support
    CBOX OpenLab Support
    22 members
  • Group logo of CBOX-OL Testing Partners
    CBOX-OL Testing Partners
    12 members

CBOX has its roots in the CUNY Academic Commons, which in turn was made possible through funding from The City University of New York itself.

CUNY Logo

CUNY Academic Commons Logo

City Tech logo

The Commons In A Box was made possible through the generous support of the Alfred P. Sloan Foundation.

Alfred P. Sloan Foundation Logo

NEH Logo

The CUNY Graduate Center has directly contributed to the CUNY Academic Commons, housing the project since its inception, and has contributed to CBOX through its GC Digital Initiatives.

CUNY Graduate Center Logo

CUNY Graduate Center Digital Initiatives Logo

Powered by Commons In A Box
css.php
Skip to toolbar
  • About WordPress
    • WordPress.org
    • Documentation
    • Support
    • Feedback
  • Log In
  • Register