If you’ve been online and an activist for long enough, you’re probably familiar with the tools of the trade – an endless deluge of disorganized Google Docs, pages Slack Workspaces and channels, Office files emailed back and forth with a long tail of FINAL_REV_FINAL2 notes added on the end. You have also probably experienced some of the downsides to these tools – files that go missing when their owner disappears, valuable Slack conversations lost to the black hole of the 10,000 message limit, or confusion with volunteers who don’t have an Office license to edit that doc.
It doesn’t have to be this way. Now more than ever before, it’s easier to take your data and your tools into your own hands, rather than relying on the prying eyes and high costs of Amazon, Apple, Microsoft, or Google. Your chapter can make the switch from programs that harvest your data and restrict features from non-paying users to useful, free, open-source software – with lower effort and cost than ever before. As a bonus, you’ll also be avoiding some of the world’s worst tech companies and adding another barrier for snoops in law enforcement to hop over should they come after your data.
There are some bumps along the way if you stick with pure Open Source software, so there’s also detailed help on where to strategically used freemium, closed-source solutions like Google Docs to get maximum utility with the lowest cost and risk to your chapter.
This guide represents the path to a final state of a chapter’s digital infratructure — I’ve tried to cover as much as possible so there are no gaps in the tools organizers are asking for. It contains essential information for two main groups of people.
First, it’s designed to be a technical walkthrough so that anyone armed with a credit card and an internet connection can follow the instructions. There are not an overabundance of volunteers in any left org, let alone experienced systems administrators, so this guide is designed such that it can be executed by an org of any size, with any volunteer capacity, and with only basic technical skills.
The second purpose is to provide leadership an explanation of what these tools are, why they have been chosen instead of others, and how they will help your chapter make the world a better place. While still important for the tech folks to know, these sections will be of particular interest to those who will justify the costs of the software, use the software, convince others to switch to it, and so on.
Review the table of contents below to get an overview of all the topics we’ll be covering, or simply scroll down to begin.
Table of Contents
There are technical and organizational requirements to make the changes described in this document a successful reality. This requirements section isn’t an exact list of either, but it should provide most of them up front so you and your chapter can be prepared.
Part 1 will get you startef with the foundation of your new technology platform. We will cover:
- Buying a domain name
- Configuring DNS
- Setting up your VPS
- Setting up and learning the basics of Cloudron
Part 2 – Collaboration utilizes the foundation set up in Part 1 to build an alternative to Google Drive & Docs and Asana/Trello. Alternatively, we’ll look at two ways to use Google tools that should improve your chapter’s operations.
We will cover:
- The basics of Nextcloud
- Setting up Nextcloud on Cloudron
- Setting up Collabora on Cloudron
- Learning how email, calendar, and contacts work for an individual using Nextcloud
- Groups and circles in Nextcloud and Cloudron
- Features you can use with free Google accounts, and what paying for Google along with Cloudron can get you
- Learning how to utilize the tools above in a safe and secure fashion
Part 3 – Chat will move on from replacing Google or Office products to replacing Slack and similar services with free ones. There are many options for this particular need. In particular, we’ll cover:
- Evaluating your current Slack use to identify what’s important to you
- What alternatives are available
- Which alternatives are likely the best given your needs
- A brief overview of Signal
- An overview of Matrix/Element
- Installation and configuration of Matrix/Element
- Overview of safety features and moderation controls for Matrix/Element
We’ll take a brief detour after Collaboration to discuss security in depth, with questions like:
- Who are you trying to be protected from?
- How much are you willing to pay for protection — in time, money, or volunteers?
- What can you do to retain privacy and security with unknown and countless hostile entities that would like to see you fail?
You only need three major things to complete the vast majority of this guide. Click their names for an explanation, or jump below.
A domain name is the name of your chapter, or something catchy like socialism.tools. This is that thing you type into the address bar in your browser.
I prefer Gandi as a registrar as they are are trustworthy and not too expensive. They also integreate with Cloudron.
A Virtual Private Server, or VPS, is a computer that lives in the cloud. It’s called a virtual private server because it’s not really a black box sitting somewhere — it’s a part of a very powerful server, running many people’s servers at the same time but separated from each other (thus, private).
If you are extremely cost-constrained, you can use a computer you already own and keep it on 24/7 at home. Be aware this is much more difficult to set up, riskier, and will likely have worse performance than a VPS.
My preferred piece of self-hosting software called Cloudron. It will run on your VPS. Cloudron mainly acts as an application controller. It can install apps for you with one click, set them up for you, and keep them updated. The entire platform, all apps, and the OS also keeps itself updated and auto-applies sensible security settings. In addition, the platform provides user management and email services to all your apps. Installing, configuring, and updating apps can be confusing or time-consuming, and Cloudron does it for you for a price that is far, far lower than other (business-focused) options. Cloudron is run by a small company in Germany. There are free alternatives that perform similar functions, but Cloudron is the best.
There are some other optional purchases throughout the guide.
There is no away around the fact that this solution — as with any open-source solution — is going to cost money, probably more than you spend on technology now. Big tech companies can subsidize free usage of things like Google Docs, OneDrive, Zoom, or Slack by charging their business customers a lot of money. This arrangement also means that many essential features, especially security features, are locked behind an enterprise paywall your chapter will never be able to afford.
But despite the cost of running free software, I think this is worth it to take control of your chapter — why become socialist if you don’t want to take big bets, eh? 😉
The cost breakdown will look something like this:
This adds up to $440 per year (less than $10 a week), or more if you pay for Cloudron monthly. This is the cheapest possible configuration I could find that could reasonably support a chapter.
If your chapter has a very tech-savvy Linux expert on hand, you could probably get away with not paying for Cloudron, but remember — someday, someone else will need to inherit this technology stack. You might be unavailable when something breaks, and things like chat and email can be critical to people’s safety. Cloudron makes it easy to give multiple people access both to the platform itself and all the apps therein, and it included support from the Cloudron developers. That simplicity and peace of mind is a huge part of why Cloudron is worth the money.
Disclosure: The two links above for a VPS and Cloudron are referral links; if you purchase services after clicking on them, I get a discount on the VPS and license key used to run socialism.tools. Vultr gives you $100 to start, which is a great deal.
Organizational requirements are harder to define than technical requirements as every organization is built differently. With any organization undergoing significant technological change, however, there are two solid principles to follow that I’ll outline below.
Firstly and most importantly: communicate. This is the most critical piece of the advice in this entire document, and arguably the hardest.
For the tech folks especially: Whoever wants to begin any process of techincal change must ensure that leadership is aware of what changes are being proposed, how it will affect the functioning of their work as leaders and the work of the membership at large, and so on. Communicating early and often with your leadership will be key, particularly with a long or complex project like this. Be concise, use plain language (keep technical languge to the mimimun needed for people to understand what is changing) and focus on what leadership cares about.
If leadership is struggling with the limitations of free versions of enterprise tools, don’t romanticize the open-source movement or talk about privacy — tell them about features or tools they can get by making the switch. Having specific examples of projects or needs that could benefit from the new tools is always a good idea – if you have comrades you know well on working groups or committees, ask them what their pain points are and what they need help with, then come up with a solution.
This may seem like common sense, but I have a lot of experience in this process (in the corporate sphere, at least), and it’s shocking what is regularly overlooked.
The second principle goes along with the first, and it is simply be honest. Don’t present the new solution as a magic wand – obviously, you should talk about what is does better, but you also need to talk about what might be worse.
Finding use cases in the chapter where the tools under-perform what was there previously might encourage you to look for alternatives during the scoping process and prevent re-work later. In the worst case, some groups will remain on old tools. This can be frustrating, but if you show people you are listening to them, they will likely be more receptive to trying the new program again when you find a solution. If you try to force or cajole them into using a solution that does not fit their needs, they will (rightfully) distrust you.
Part 1 — Foundations
Preparing your domain name
Buying your domain name is like buying your digital identity. As a reminder, the domain name of this site is socialism.tools. In this case, we’re going to use the same place to both buy our domain and host our DNS records. DNS records are like directions for computers — when someone types in socialism.tools into their web browser, the DNS record is what routes that request to my server’s IP address. We’ll get an IP address later, but we do need to start with a domain.
ALREADY HAVE A DOMAIN?
If you already have a domain, great! You can keep your current domain registrar if you want. However, your DNS provider needs to be on this list of providers that Cloudron supports.
To begin, go to gandi.net and make an account if you don’t have one already. After sign-up, you should now have the option to purchase a domain name.
You can type in your domain name, including your top-level domain. These are .com, .biz, .org, .tools, etc. There are tons of top-level domains, and if you aren’t sure which one you want, leave it out and see what Cloudflare suggests. For fun, let’s say we’re helping Albuquerque DSA set up their site. I like the .group TLD, so I’ll use that for this example.
Complete the purchase process. You will be asked for your address and contact information — this information is not public. Gandi has something called WHOIS privacy on by default, so if someone tries to look up who owns a domain, it will not show them your information. Gandi is required to keep this information for legal purposes, so keep that in mind.
We need to do one more thing with Gandi. Get an open Notepad or empty document open — we need to save a special string of text. Here’s what to do:
- Click your username in the top-right corner
- Click user settings
- Click Change password and configure access settings
- Click add an API key
Now, copy the string of text that appears on the screen to your doc. Only share this string with people you entrust your entire chapter infrastructure to. This key lets application using it change routing rules for your domain.
Preparing your VPS
Now we need somewhere to point that fancy new domain name! There are many options to choose from when selecting a company to provide you a VPS. Cloudron recommends four options that offer one-click easy installation.
Vultr is what I use, and is a popular option that offers one-click installation. It also has one of the best user interfaces available, to make managing your resources and sharing them with others easier. Digital Ocean is another popular alternative that offers slightly less performance per dollar, but has a wider variety of services built-in.
You can click here to set up a new Vultr account with $100 in credit. Once you have an account, you can create a new server using the plus button on the product page. Click Deploy new server, and then choose the location closest to you.
Under “Server Type” select “Marketplace apps” and select “Cloudron”.
Leave “Basic” selected and choose the size of your server. The absolute bare minimum is the $10/mo server and I wouldn’t recommend this unless you really, really don’t have any money. If you plan on installing more than two or three apps, especially if you want to use WordPress, I would strongly recommend going up to the $20 plan at a minimum.
Important: you can very easily upgrade your server, but downgrading is much more difficult.
Next, you’ll choose a data region. If you’re trying to avoid surveillance by the government by selecting a different country, I have bad news — it will not help. For performance reasons, choose a data center as close to your members as possible.
more about surveillance
This guide can help protect you from some bulk collection activities. Bulk collection activities are things like Google mining your search history for ad data, or the NSA’s bulk collection of unencrypted data (The EFF has more information on this topic.)
“Secret government documents, published by the media in 2013, confirm the NSA obtains full copies of everything that is carried along major domestic fiber optic cable networks.” —EFF.org
Storing your data outside large providers, and using end to end encryption offered by apps like Matrix can give you a layer of protection.
But this is not a guide on how to hide from the feds or a very committed attacker. If sufficiently experienced attackers— such as the NSA — want to get your online data, assume they will. Do not transmit via computer or store anything you think could be used against you on computer if this is a concern.
An in-person conversation somewhere away from security cameras or a very crowded, noisy public place is a simple and mostly effective tactic for discussing sensitive information (without your phone!). We’ll discuss more chapter-wide security policies later.
Select the checkboxes for IPv6 and Block storage. IPv6 is a new networking technology I see no reason not to have. Block storage will come in handy later for backup purposes; we’re not going to cover that here.
Leave everything else as-is, unless you want to pay for DDoS protection. I don’t think smaller orgs need this, but if it gives you some peace of mind, go for it.
Your server hostname can be set to something custom for vanity purposes, and you likely don’t need to worry about labels.
Congratulations! In a few moments, your VPS will be built and have Cloudron ready to go! Wait for the installation process to complete before moving on to the next step — configuring your new Cloudron install.
Once the process completes, click the IP address (those numbers) to copy it to your clipboard. Then paste the IP address into your browser’s URL bar and do not include http://www or anything else.
If you get a message saying the site is not secure, press “Advanced” and then “Continue” – you should only see this message when you first setup the server. You should see Cloudron’s DNS Setup page. We are now going to connect the domain name you created earlier to our server.
Type in your domain name, select Gandi, then API Token, and paste in the API token you saved to Notepad or Sticky Notes earlier in the Domain section. After a few moments, you should be prompted to create your Cloudron username and password. Your email must be valid – double check it!
After that, you’ll want to create a Cloudron.io account. This is the account you’ll use to pay for a license to Cloudron (or try it for free).
a very quick cloudron tour
Once you’re on the Cloudron dashboard, let’s take a moment to get familiar with it. Clicking your username in the top-left corner of the screen will open the menu. Feel free to add a new icon and some flavor text under Branding. Domains and Certs is where you can add more domains — this is helpful to manage a sub-project using the same infrastructure as the same site.
For example, if Albuquerque DSA has as Medicare for All action, they can register albqm4a.org and then add it to Cloudron to run their WordPress blog, email inboxes and so on. This can be a big cost-saver with multiple projects.
One quick note: If you are self-hosting Cloudron at home, enable DDNS on the Networking page.
You now have a solid foundation on which to continue building a suite of tools for your comrades. In the next section, we’ll start with the biggest tool first — Nextcloud, your open-source swiss army knife.