There will be a lot of people who want to capitalize on the new activist energy that you should consider staying away from, both shady actors and the incompetent sincere. If a website, twitter account or special number requires you to hand over identifying information like an email address, or especially a US phone number, before they offer up any information to you, run screaming. Trust goes both ways. An organization that’s in it for the greater good will empower you to protect yourself, not slurp up your data with next to nothing to give back. Remember the Beyoncé Rules and have some standards.
- WHY do they need your information to be helpful? Why can’t they give you the information you need without collecting yours?
- Are they collecting ONLY the information they need for the task?
- How MUCH information are they giving you up front? Is it a paragraph or multiple pages of resources?
- How do you know they are who they say they are? Clever names, mission statements and even slick HTTPS hosted websites are crazy cheap and not good enough. Twitter accounts and URLS can be made to look legit by playing on the names and logos of real organizations. Be careful.
- Do they have a listing in Charity Navigator? If they aren’t a 501(c)3 where does the money come from?
- What PEOPLE, verifiable real human beings, are behind the project? Can you find them on social media? Wikipedia? Talks posted on YouTube? Alumnae networks? Have you ever met anyone who’s met them?
- Do they list phone numbers? If you do a reverse lookup on the number what comes up?
- Do physical addresses resolve on google maps? Does the street view look shady?
- Do a whois lookup on the URL. If its a private listing that’s fine, but how long has it been active?
- Where is the organization sourcing its information from? In house research? By whom? What process did they use to collect it? Do they let others use it? If no, why not?
- How long will they keep your data? Can you ask them to delete it? Who can verify that they actually did?
- Is the code they’re using to collect and store this data open? If not, is it vetted by 3rd party auditors? Are they using a reputable service / platform to manage their data? Will they even tell you who?
- Are they even pretending that your data is safe? What technical measures do they say they’ve taken? “We take industry standard security measures” means “we do nothing” because there are none. You want details. Don’t worry if you don’t understand the jargon, that’s what search engines are for.
- Are there events you can attend to BEFORE handing over information?
And if there is no website? Just a number to text? Don’t do it. Don’t do it. Don’t do it unless:
- It’s for an organization that you’ve vetted.
- They already have your phone number.
- You have confirmed that the text/request has come from them by getting human on the phone from a number you’ve looked up independently first. (Or, you know, it is exactly the number you heard them announce from a giant stage)
- It’s clear whether or not the request is being handled by a 3rd part contractor (likely). If so, vet the contractor. The contractor will have you in their database now, too. You will be tracked across campaigns.
Even when these small little pop up organizations are the nicest people, they still won’t know how to protect you. Even many longer running organization don’t, but at least they aren’t a flash in the pan. If you hand over your information it will be going into a database that isn’t encrypted, with no protocol for controlling what employees or contractors get a hold of it. Some little pop up certainly can’t afford the lawyers for when the DOJ comes knocking. Privacy policies are a pinky promise. If the organization has no assets, they have nothing to loose by ignoring them.
The best way to get active is to get ACTIVE. Push past the clicktivsm and go meet people face to face at meeting you don’t have to sign up for to get into. People amassing databases will never consider you a friend or stand with you when they’re needed. People you keep running into at meetings just might.