Leafcutter in Action

You may know 

More

PGP for Link is Live!

We're happy to announce that the PGP extension for CDR Link is officially available! This is a major addition to the CDR Link platform, making it possible for current and future Link users to communicate with their communities using PGP-encrypted email from within the Link interface.

More

The Year in CDR Tech

This year was difficult in so many ways, for so many people. We at CDR are grateful that during this hard time we were able to continue to serve our core communities by fielding requests for digital security assistance, providing crucial information about staying safe online, and building upon and improving CDR Link, our flagship helpdesk platform.

More

Our #RightsCon2020 Tech Demo

This year’s RightsCon was a different experience. As other public gatherings and conferences were cancelled or postponed, RightsCon was moved to an all-online format, with sessions being conducted via video conference. The format was different but the program was familiar: Just as at any other RightsCon, there were keynotes, fireside chats, panel discussions, workshops, tech demos and lightning talks. We at CDR were very glad to participate in some of the discussions on pressing topics in human rights and technology, and we’re grateful for the wealth of expertise that was shared throughout the week by so many of our colleagues and friends.

More

Announcing CDR's new Docs Site

Today, we at the Center for Digital Resilience are launching a new documentation site to support our flagship tool, CDR Link. We have developed CDR Link as an open source helpdesk solution that prioritizes privacy and security, and we have been hard at work creating new resources that prospective and current users may consult when they have questions. All of these new resources can be found at

More

Sunsetting the DSX

The path toward launching the Digital Security Exchange (DSX) started the day after the 2016 election, when many U.S. nonprofits began taking their operational security more seriously. Most of these groups didn’t know who to turn to for help with assessing needs, training staff, implementing best practices, and so on, so we embarked on setting up a helpdesk that would connect those seeking digital security assistance to those who could help.

More

Full Text of the Zammad Security Audit

Last month we posted that the good folks at Zammad incorporated a number of findings from our recent audit of their platform into their 3.3.0 release. We’re now pleased to publicly release the full audit.

More

Community-Driven Security Updates are Awesome!

The core of CDR Link is built upon the open-source project Zammad. Zammad is an amazingly flexible bit of technology, allowing for all kinds of ways to import and export data. By default, Zammad is a digital security helpdesk. However, we’ve been exploring and adapting it for many other uses, including as a disinformation data collection platform. Throughout our process one thing remains central – the integrity and security of what we build and use.

More

The many uses of CDR Link

As we close in on the end of the year, it feels like a good time to reflect on CDR Link, its progress thus far, and where we see our work heading in 2020 and beyond. This September members of the CDR team attended FIFAfrica in Addis Ababa, Ethiopia. While there, we officially launched the CDR Link platform and were able to demo the platform for a room full of potential users. The feedback was very positive and we’re looking forward to helping a number of potential users get set up with their own CDR Link instances. As interest has grown, so too has the number of potential use cases. While CDR uses Link as a system to triage requests for digital security assistance, the platform is flexible enough to accommodate any number of adaptations. So we’re currently exploring possibilities that lead us beyond the standard “digital security helpdesk” model (though we’re solidly using Link for that as well!).

More

Technology Talk: CDR Link

CDR Link makes it easy for your community to ask for digital security help—and for you to provide it. Interested in learning more about what CDR Link is, who it’s for and why it’s secure? Listen to this quick interview with CDR Security Director, Ingrid Skoog. Find out more about CDR and CDR Link at

More

CDR Link 1.0 is released!

CDR Link has reached 1.0 status! Wait - what is CDR Link? The CDR Link platform is for anyone wishing to offer their community a secure, multi-channel, mobile-first way to get in touch and ask for assistance. It enables an easy way for communities to ask for help and for responder to provide it. It’s super flexible and we’re excited to hear how people will be using it. This release is the culmination of about two years’ of work from concept to development to beta release to, finally, the 1.0. The CDR team – including the development team at Guardian Project – is excited to debut it!

More

An ecosystem of extensions

As we’ve mentioned before, CDR Link adheres to the Unix-like philosophy of utilizing an ecosystem of small, repurpose-able programs that handle discreet tasks well, rather than producing one monolithic thing that does many things badly. In software, the gold standard of this philosophy is the Debian project, in which thousands of volunteers maintain small programs that, in the aggregate, combine to form the Debian (GNU-Linux) operating system. If these volunteers worked to produce a single “blob” of a operating system, like macOS or Windows, that system would be less stable, less secure, and less flexible. CDR Link isn’t Debian, but we strive to apply the same philosophy.

More

Leafcutter: The glue binding the data together

CDR Link isn’t a single platform, it’s an ecoystem of interconnected technologies and data streams. Users file tickets in Zammad via extensions integrating email, web forms, Signal, WhatsApp, and Telegram. That data will be scrubbed and normalized and sent to MISP, the open-source threat sharing and analysis database. Third-party data from trusted parters will combine with ticketing data in MISP. All datasets will be made accessible for analysis and sharing with the non-technical community via a data usability and accessibility layer. Our name for the glue joining together all of these pieces is “Leafcutter.”

More