Privacy and Security in DoOO: First attempt at student resource

It has been a wild few months and it feels like there are a lot of things happening at once.

I’m thrilled that at St. Norbert we have gotten our Domains project off of the ground and I’m talking about and working with domains more than ever – which is wonderful.

However, a few months ago after attending DigPed Lab, those of you who follow regularly will recall, I had some serious questions about how to design for privacy and security with DoOO.

I had some great collaboration around this from comments on the post to backchannel conversations about what all is out there. I would be remiss if I did not particularly give a shout out to Tim C from Muhlenberg College and Evelyn Helminen from Middlebury College who gave me lots of feedback and resources. And of course to Chris G who just keeps me thinking about privacy in edtech in general.

I’d had some visions of pulling together a group who is interested in this topic but I found that things just moved too quick for me and I was in need of a resource that I could give to students before I could pull the group together. So, still working on that – if you have a particular need for this please put a fire under me.

I’ve struggled with this topic because it is such a nuanced thing. I love DoOO because of the focus on student ownership and agency. Privacy can be addressed with blanket best-practices but that is not the conversation that I’m interests me.

I feel our domains project at SNC is particularly blessed in that we have our Tech Bar. We visited University of Mary Washington in building it and got a lot of tips from Martha Burtis and the students who work at the Digital Knowledge Center. I’m telling you all of this because I think it is important to contextualize this resource that I’ve built for students.

This first little resource around privacy and security with DoOO that I’ve built is directed at students and is really just meant to give them a taste of what is possible around naming, making pages private, securing sites, etc. I created a little infographic around this and at SNC I printed them up as large bookmarks. The SNC version clearly says that a student can visit the Tech Bar for more information.

I made a more generic version of the resource and slapped an open license on it in case it might be helpful for others with DoOO projects. I’m hoping to think about this more, collaborate with others, and have more thoughts on this as we move forward.

PrivacyAndSecurityStudentsDoOO

Download link

On a somewhat related note I do want to draw attention to our most recent DigCiz call for engagement which is a parallel project to an interactive presentation that we will give at EDUCAUSE Annual Conference.  The call for engagement and the presentation basically ask the question “What do we owe students when we collect their data?”. To participate in the call just blog or tweet (Nate Angell even started a hypothes.is annotation of the post). To participate in the presentation come to the EDUCAUSE Annual conference presentation or participate in the twitter chat. All details on the post.

Designing for Privacy with DoOO: Reflections after DPL

The thinking for this post comes on the tail end of Digital Pedagogy Lab (DPL) where, despite not being enrolled in any of the data or privacy offerings, concerns of student data and privacy rang loud in my ears. This came from various conversations but I think it really took off after Jade Davis’ keynote and after Chris G and Bill Fitzgerald visited us in Amy Collier’s Design track to talk about designing for privacy. After the Lab I also came across Matthew Cheney’s recent blog post How Public? Why Public? where he advocates for public work that is meaningful because it is done so in conjunction with private work and where students use both public and private as options depending on what meets the needs of varying circumstances.

A big part of what attracts me to Domain of One’s Own (DoOO) is this possibility of increased ownership and agency over technology and a somewhat romantic idea I have that this can transfer to inspire ownership and agency over learning. In considering ideas around privacy in DoOO it occurred to me that one of the most powerful things about DoOO is that is it has the capability of being radically publicly open but that being coerced into the open or even going open without careful thought is the exact opposite of ownership and agency.

In a recent twitter conversation with Kris Schaffer he referred to openness and privacy as two manifestations of agency. This struck me as sort of beautiful and also made me think harder about what we mean by agency, especially in learning and particularly in DoOO. I think that the real possibility of agency in DoOO starts from teaching students what is possible around the capabilities and constraints in digital environments. If we are really concerned about ownership and agency in DoOO then we have to consider how we will design for privacy when using it.

DoOO does allow for various forms and levels of privacy which are affected by deployment choices, technical settings, and pedagogical choices. I hear people talk about these possibilities and even throw out different mixes of these configurations from time to time but I have never seen those listed out as a technical document anywhere.

So, this is my design challenge. How can I look at the possibilities of privacy for DoOO, refine those possibilities for specific audiences (faculty and students), and then maybe make something that is not horribly boring (as technical documents can be) to convey the message. I do want to be clear that this post is not that – this post is my process in trying to build that and a public call for reflections on what it could look like or resources that may already exist. What I have so far is really just a first draft after doing some brainstorming with Tim C during some downtime at DPL.

Setting Some Boundaries
This could go in a lot of different directions so I’m setting some boundaries up front to keep a scope on things. I’d love to grow this idea but right now I’m starting small to get my head around it. I’m looking to create something digestible that outlines the different levels of privacy around a WordPress install on DoOO.  DoOO is so much bigger than just WordPress, I know that but I’m not trying to consider Omeka or other applications – yet. Also, I’m specifically thinking about this in terms of a class or other teaching/learning environment. A personal domain that someone is doing on their own outside of a teaching/learning environment is another matter with different, more personal, concerns.

Designing for Privacy with DoOO
Right now I’m dividing things up into two broad categories that interact with one another. I need better titles for them but what I’m calling Privacy Options are stand alone settings or approaches that can be implemented across any of the Deployments which are design and pedagogical choices that are made at the onset. Each of these also afford for and require different levels of digital skills and I’m also figuring out how to factor that into the mix. I will start with Deployments because I think that is where this starts in practice.

Deployments:
Deployment 1 – Instructor controlled blog: With this deployment an instructor has their own domain where they install WordPress and give the students author accounts (or whatever level privileges make sense for the course). Digital Skills: Instructor needs to be comfortable acting as a WordPress administrator including: theming and account creation. Students gain experience as WordPress authors and collaborating in a single digital space.

Deployment 2 – Instructor controlled multisite: With this deployment an instructor installs a WordPress multisite on their own domain and each student gets their own WordPress site. Digital Skills: Running a multisite is different from running a single install and will require a bit more in the way of a digital skill set including: enabling themes and plugins, setting up subdomains and/or directories. Students can gain the experience of being WordPress administrators rather than just authors but depending on the options chosen this can be diminished.

Deployment 3 – Student owned domains: This is what we often think of as DoOO. Each student does not just get a WordPress account or a WordPress site but their own domain. They can install any number of tools but of course the scope of this document (for now) is just WordPress. Digital Skills: One fear I have is that this kind of deployment can be instituted without the instructor having any digital skills. Support for digital skills will have to come from somewhere but if this is being provided for from some other area then the instructor does not need to have the skills themselves. Students will gain skills in c-panel, installing WordPress, deleting WordPress

Privacy Options
Privacy Options looks at approaches, settings, or plugins that can be used across any of the Deployments:

1 – Visibility settings: WordPress Posts and Pages have visibility settings for public, password protected, and private. These can be used by any author on any post and by admins on posts and pages.

2 – Private site plugin: Though I have not personally used a private site plugin I know that they exist and can be used to make a whole WordPress site private. Tim mentioned that he has used Hide My Site in the past with success.

3 – Pseudonyms: There is no reason that a full legal name needs to be used. How do we convey the importance of naming to students. I took a stab at this for my day job but I’m wondering what else can be done.

4 – Search engine visibility setting: This little tick box is located in WordPress under the reading settings and “discourages search engines from indexing the site” though it does say that it is up to the search engines to honor this request.

5 – Privacy protection at the domain level to obscure your name and address from a WhoIs lookup. Maybe not a concern if your institution is doing subdomains?

6 – An understanding of how posts and sites get promoted. Self promotion and promotion from others. How different audiences might get directed to your post or site.

Some Final Thoughts
There is one approach that I’d actually been leaning toward prior to Digital Pedagogy Lab that raises questions about how to introduce this. I do worry about the technical barrier that comes with learning about these privacy options. All of the privacy options come with some level of digital skill and/or literacy that needs to be in place or acquired. In addition, I think that often the deployments are made before the privacy options are considered; yes yes I know that is not ideal but it is a reality. Because of this, is it maybe just better to tell faculty and students, in the beginning at least, to think of their DoOO or their WordPress as a public space? Mistakes happen and are we muddying the waters by thinking of DoOO or WordPress as private spaces where a simple technical mistake could easily make things public? Most people have so many options for private reflection and drafting; from Google Docs to the LMS, email to private messaging we have so many tools that are not so radically publicly open. Is there something to be said for thinking of the domain space as public space and using it for that – at least while building the skills necessary to make it more private?

I don’t have the answers but I wanted to open the conversation and see what others are thinking. Are there resources that I’m missing and how can this be created in a way that will be easy to understand and digestible? I’m thinking and writing and booking some folks for conversations to keep thinking in this way. Stay tuned and I’ll keep learning transparently.

Big thanks to Tim C and Chris G for giving feedback on a draft of this post.

Photo original by me licensed CC-BY