The Dandelion Hub – A (technical) review of an open-source web app (R/Shiny, MariaDB) to support global civil-rights movements

In the following blog I am taking a critical look a the The Dandelion Hub platform (https://dhub.global), which seems a promising open-source project to support the global civil-right movements, or in the words of the developers “to create a movement of movements for science, people power, and a livable future”. Can’t be wrong, can it?

1. Challenge

The Dandelion Hub describes difficulties of civil rights movements. They are often based on private initiatives (“grassroots movements”) are diverse, decentralized with flat hierarchies and without strict organization and run on a minimal budget.

Although many movements have similar general progressive values (eg “justice”) they focus on different aspects, eg women’s right, rights of people of colour, ecological justice (climate, biodiversity), which may make them seem fragmented, in-cohesive, and weak. In addition, the actions and communication are often scattered over dozens social media platforms, which adds to this impression.

2. Opportunity

This is were the Dandelion Hub platform tries to come in by providing “a central platform for decentral actions”, they aim “to aggregate single actions of different movements and present them as one collaborative movement for a better world to increase its impact on society.”

3. Solution

The Dandelion Hub seems to have the “Dandelion Database” at its core, where “actions” (I think, predominantly, protests and civil resistance actions) can be reported and stored, thereby, creating a common database of actions, which are scattered across multiple social media channels. The other two core features seem to be two “Dandelion Hub Networks” integrated – or rather associated – with the web app.

  1. The Dandelion Database, https://dhub.social
  2. The Dandelion Hub Socialize Network (based on the Mastodon software), https://dhub.social
  3. The Dandelion Hub Mobilize Network (based on the Mattermost software), https://dhub.mobi

The main motivation for providing the add-on social networks seems to be to create 1) a sort of “virtual neighborhood” for activists, which is based on open-source, non-corporate controlled software (cf Mastodon software, “open-source Twitter”) and 2) to provide a free team communication and collaboration software for organizing actions, which is also based on an open-source, self-hosted software (cf Mattermost, “open-source Microsoft Teams”).

As stated on the website, the Dandelion Database, which assigns each “action” a numeric identifier, allows to identify specific actions and follow them on social media, e.g. by searching for the hashtag, or find the relevant channel on the Mattermost platform, so interested citizens can join the action, thereby, providing an “integrated workflow”.

4. Software & Language Stack

  1. R (Version 3.5.1), R language
  2. R/Shiny, R & HTML & CSS & Javascript
  3. MariaDB, SQL
  4. Mastodon (open-source, social network), Ruby on Rails and others
  5. Mattermost (open-source, team collaboration platform), Google Go & Javascript
  6. Nginx web server, configuration language
  7. Postfix mail server, configuration language
  8. GIT (open-source, version control), CLI commands

4.1 R/Shiny

The Dandelion Hub uses the R/Shiny framework which allows to quickly protoype data-based, interactive web pages. The website uses this features for:

  1. web front end
    1. data entry form (simple vs advanced)
    2. data displays
      1. table (single vs multiple actions)
      2. static map
      3. dynamic map
    3. Documentation
  2. database backend

This separation of the web frontend and the database backend is rather elegant as it allows other websites (with different languages) or other SQL clients (eg DBeaver, MS Excel wit SQL/MariaDB driver) to connect to the database. It is nice that the read-only access details are readily available on the website (Documentation > DHub design).

4.2 MariaDB Database

The database is based on the MySQL-compliant MariaDB SQL database, which is integrated with the web frontend as it allows to submit full (!) WHERE SQL clauses to filter data, which gives considerable power to the users.

However, a common problem with SQL web frontends is the risk of SQL injections to compromise the database or gain otherwise prohibited access to the database. After a look at the source code it seems the R code uses basic functionality to check the input information (sqlInterpolate) to be written to the database and avoids attacks in the SQL filter clause by only querying the data with a read-only connection.

The data scheme is quite (too) elaborate and one may wonder whether all the details are relevant. For example, the classification of actions according to a nomenclature by Gene Sharp (1973) seems a bit outdated and over the top. I guess this may more relevant for social research than for on-the-ground civil rights movements.

The more useful features includes the action identifier which is complemented with an action series identifier and a version identifier. The purpose of this seems to be able to add multiple versions of a single action (without loosing track of the original action) and also to group different actions to one cluster, for example, if multiple actions for women’s righte (#metoo) are carried out at different places. So, in a way this allows a clustered, version-controlled action database, which is rather cool.

4.3 Mastodon/ActivityPub

The Dandelion Hub links also to a server instance with open-source federated social network, the Dandelion Hub Socialize platform, which is an externally hosted Mastodon server. The Mastodon software allows a decentralized, federated social network based on the ActivityPub protocol, which I guess is in line with the more democratic values of the website, but still rather uncommon, in comparison the the real social media “elephants” like Facebook and Twitter. However, I wont go into this in more detail, because this external server is not actually part of the website.

4.4 Mattermost

The Dandelion Hub also includes a team communication and collaboration platform based on the open-source, self-hosted Mattermost software. Mattermost has become a rather popular MS treams /Slack alternative in the developer community, but is not clear how it will be used for organisation of civil-rights actions. The website mentions that it contains “pre-configured checklists” for typical civil resistance actions, eg road blocks, which can be used by activists, however, I did not explore this further. From a privacy perspective, it seems anyone can register, but communication can be moved to private, password-protected channels. However, as far as the Mattermost website states currently no end-to-end encryption is included to protect user privacy.

4.5 Nginx

It seems the web app and the social networks are run on an nginx 1.14/1.16 web servers (https://www.whatsmydns.net), which is among the most popular servers on the web for high-load traffic. Connections seems to be properly encrypted using TLSv1.2 with an corresponding certificate (let’s encrypt).

4.6 Postfix

From the mail header, one can see that the Mattermost server uses a postfix server to send verification emails, e.g for user logins. A check of the SMTP configuration shows that it using encryption for sending mail (TLSv1.2), however, there seem to be some issues with the certificates (not explored further). However, the standard DNS records (SPF, DKIM, DMARC, rDNS) seem to be configured garuanteeing privacy and succesful mail delivery.

4.7 GIT

Dandelion Hub is embracing the open-source idea of its software stack and also makes its source-code available to the public on the Bitbucket GIT code repository, where one can explore the code in more detail.[4]

5. Summary

In total, the website The Dandelion Hub is an interesting project with a technically mostly clean design and programming with decent privacy and security. The project is still rather knew with a small user base but has a promising approach.

References

[1] https://dhub.global

[2] https://dhub.social

[3] https://dhub.mobi

[4] https://dhub_global@bitbucket.org/dandelionhub/dhubpublic.git