The GEC Bot does two things:
- It receives WhatsApp messages from people who want to talk to the GEC anonymously
- It sends responses back to people anonymously too
$ export REDIS_ADDR=redis:6379
$ export DATABASE=/tmp/database.db # Created if it doesn't existThis bot provides some default messages, defined in config.go
- Greeting response is sent when a recipient sends a message sends us a greeting
- Thank You response is sent when a recipient sends us a message and is capped at a max of 1 per 30 mins
- Disclaimer response is sent to ensure recipients don't send us stuff we can't deal with.
These can be overrided with the following respective environment variables:
$ export GREETING="Hello <3"
$ export THANK_YOU="Thanks! We'll get back to you"
$ export DISCLAIMER="Be aware that there's stuff we can't do!"For each new recipient we generate a random code name using the Diceware Password Generator, as per:
l, err = diceware.Generate(3)
if err != nil {
return
}
id = strings.Join(l, "-")We then check whether this ID is already present in our database. This gives keys like:
overhand-subdivide-thaw
promotion-basically-unreal
clumsily-tag-gizmoThese are used to group messages from a recipient later on, through slack.
However
The process of generating an ID and assigning it to a WhatsApp recipient is not a one-way transformation. With access to either the burner phone driving this app, or the underlying database, its possible to figure out who sent what message. This is unavoidable, and good security practice is necessary.
This application passes messages along via redis streams; these are lightweight, as quick as we need them, and can be run in cluster. This is important; by segregating as much as possible from the outside world/ outside users we can keep user data secure.
See the Gender Equality Community kubernetes operator
