Updated, September 2018
Welcome Community Advocates,
Here is a run down of how we created this website and how much it cost.
In 2016, we set up a Google forms survey which was similar to the one you see on the HOME page except that it allowed a text description of assaults. There were 17 responses in 24 hours. It became immediately apparent that the stored responses (in some cases containing potentially identifying information) were not safe from legal subpoena. We quickly destroyed this first survey to protect the responders.
With this failed first attempt in mind, we set out to do the survey again, in a safer way for a responder’s personal information. We bought a domain and hosting site from Orange Website, located in Iceland, with the thought that “off shore” would give a layer of protection to the data.
Peareports.com, annual domain cost = $20.09
Bronze Hosting, with email plan, annual coast = $53.38
We also knew we wanted transparency (no human hands massaging the data) in graphically reporting the responses. We bought Formidable Forms, a WordPress survey plugin. We have been very pleased with how FF has worked for our purposes. The FF tech folks are great too; they got back to us quickly, and repeatedly, to help answer questions–of which we had many. As a side note, we also used this plugin to set up the PATH petition.
Formidable Forms, $49.00 yearly.
We also needed to be able to display documents on the Exie Leaks page. We used the free WordPress plugin Embed Any Document which works nicely.
At this point, we were ready to install the free Word Press theme “Twenty Seventeen” with our web hosting site.
For over a month, we beat our head against a solid block of Ice-land. We are very glad our site is now protected by this Game-of-Thrones wall of ice, but in the end, we simply could not load it ourselves.
We hired a Fivver tech to upload the WordPress site for us. This took over a month. Of note: CiCi (cyber security guru below), gave an above-average threat factor to this choice, so don’t do this, but do find an expert to help you load your website to Orange.
Once the site was live, we reloaded the “Twenty Seventeen” free theme and got busy building the pages. As mentioned above Formidable Forms worked great. The only problem with the free Twenty Seventeen theme, was it doesn’t seem to have a sidebar widgets for pages, we had the Fivver tech add those.
Cost of WordPress theme (free), site setup, added security and sidebar coding = $150.00 (one time)
In order to utilize the Paypal donations buttons we had to set up a bank account. In the event we go over $10,000 USD in donations, we will have to apply for non-profit status. This is costly and takes about a year to get IRS approval. We can’t imagine exceeding $10K, but it is important to know about this financial limitation. Bank fees ($24/year) and tax-filing work ($250) work out to be about $274 per year.
CiCi suggested we use a small local bank or credit union. They also suggested we gently notify the bank, that the account has the potential of being cyber targeted, so they have the highest level of “watch” on outgoing transactions.
Licensing and Copyright considerations
We decided to license the website with a Creative Commons License which allows copying and customization with attribution, but no commercial use. We ask that you do the same with your iterations so that this effort is not monetized by a bad actor and remains available to all to copy in the same way. There is no cost for CC (other than a suggested donation) for this licensing service.
One time cost = $150. Total estimated costs to keep website running = $400/year — please donate!
Our time associated with this effort has been 3 months.
It also needs to be said that we could not have launched this website without the generous advice of many great legal, financial, PR, and security tech experts. None of these good folk charged us for their advice. Had we paid for these services, our cost would have been exorbitantly high.
Thank you to all you unnamed experts, you know who you are.
We appreciate you.
On the PATH petition.
Most of the people who created this reporting site are also members of our alumni action group, see Mission Statement. After PEA released their misconduct reports in August 2018, it made sense for us to respond and set up a signature petition utilizing this website. We created a PATH page, added the cover letter/petition and appendix as sub pages. This was very easy (don’t forget to add them to your live menu).
We decided to use the Formidable Forms plugin again to build the petition ourselves, because it allowed us to host the data ourselves. We also wanted to be able to assure alumni that they could give us their email for future contact, without concern of being spammed by a free plug-in.
To make FF work correctly, there is a bit of coding needed that is not easy to find on their website “help” docs. However, during their business hours, FF tech support has always gotten back to us within 24 hours with a response that works. So, just build this help turn-around into your time frame. We think it has been worth it to be able to maintain the integrity of our data.
Our initial assessment that protecting the survey responses would be difficult was correct. Please note: We are NOT giving you legal advice here. We strongly suggest you talk to an attorney. So, take the below as amateur findings and advice:
1) Our bigger dream to parlay the willing survey respondents to a more complete survivor led investigative report was impossible. Individuals (us) do not have attorney-client privilege with reporting victims. Anything shared with us has zero legal protections.
2) There is no way to protect this website from legal subpoena. With this fact in mind, we set out to craft multiple-choice and drop-down answers to the survey questions that were both descriptive and informative, without being identifying.
The end result is, even if the website is subpoenaed, there is nothing to see behind the scenes, or to “discover” in legal-speak. All the responses roll automatically to the home page (or the petition) and are not stored with an IP address. Additionally, we instruct the super-cautious to use a public access computer (like the library) to a access the survey.
All the information is hidden in plain sight.
3) We needed to have the website “hack” tested, to insure the data could not be altered. We used a super-secret cyper-security expert (SSCSE, or more fondly CiCi) to help us with this.
CiCi made suggestions to keep the site from being infiltrated. They were not pleased with a potential back door they found. They also advised that the person who registered the website needed to tighten up their cyber security. They suggested this article from the ACLU also.
If you are the registrar, these are important steps. They are daunting and some previously unheard of, so take them one at a time.
Just don’t skip them.
a. Personal Computer. Back up all important work, print anything you can’t lose and store in a fireproof safe. Encrypt with a bit locker if possible.
b. Passwords. Convert all personal passwords to a system that gives random, and different passwords for every single account. Lastpass is suggested. Write and store the most important ones in the safe-or, bury list in a tin box under a rock–where ever you feel is safer.
c. Set up Google Authenticator for personal and website emails, social media accounts, and especially the hosting and WordPress login sites. Never use multi-factor authentication that includes SMS text, telephone number, or biometrics. Convert all messaging to the encrypted Signal App.
4) Therapist. Get one.
If you have been active in your survivor community for long, you have undoubtedly helped victims stutter-step their way through telling their harm. The emotional toll of supporting your peers can crush even the healthiest survivor.
We suggest from day one, that you have the number of a good crisis hotline in your area memorized to refer. You will burn yourself out if you try to perform this role, and you will be triggered yourself. Work deliberately at mental and spiritual balance, so that you do not get sidelined by your/their trauma.
Even if you are not fielding crisis calls, the most frequent emotion we encounter when just talking to our hurt peers, is fear. Fear is a healthy response to perceived harm, but so often our perception is completely skewed by hyper-vigilance and PTSD symptoms. Distrust and fear can quickly create havoc in a nascent survivor community.
Be kind and patient. Give each other space to grow and come to the healing place that is right for them–in their time. Some are able to face their harm square in the eye from day one. Some take 10, 20, 50 years.
Do what you can, with the people you have in your community who are able. Support the rest, with low expectations for their active participation, until they can love and heal themselves. Many times we’ve seen survivors emerge from lurking quietly in a support group to sudden, full-tilt public activism.
Bottom line: you can not do healing work for others.
Pushing survivors forward, robs them of the choice to take steps themselves, and quickly creates bad feeling and strife within a community group. Strive for a supportive confederation of independent survivor-states, where individuals are empowered to get things done, but always have the freedom of inaction or dissent.
Good luck and be well. Please let us know if this information was/is helpful to you and how your survivor community is doing.
With affection and solidarity,
Phillips Exeter Academy Survivor Community