Beyond the Plus takes the safety and security of our members very seriously. We take measures to ensure that no one we associate with gets hurt, doxxed, or anything else like that. But security is a two way street, and there are things we expect our members to do as well for their own security, things we have less control over ourselves.
How We Keep Members Safe
For the former, we only collect the most basic of information on our members: their name, preferred contact method, and username. Your vetting info gets deleted once your membership application has been processed. The name is needed so we know we're interacting with, the contact method is needed for basic site functionality and for communication, and the username is required for basic site functionality as well. Only staff members have access to account information, so no members will be able to view info on other members.
Our event information is kept highly under wraps, and never exposed to the public. Only members know about when and where events will take place. If people on the outside are trying to compromise the safety of our members in events, then they would have to figure out both the time it is happening, as well as the venue it is taking place at. If someone figures out one of these things then it's possible to find the other, but with both being private it makes the chances of events being publicized extremely low. If somehow event information is leaked, the event will be rescheduled for member safety after the source of the leak is identified and steps are taken to prevent it from happening again. Events are only published a month in advance that way if a bad actor does get access then only a couple future events will need to be rescheduled. At events we bounce each person coming in to verify that they are either a member or a guest of a member.
We also hold a high standard of vetting for our members, using social media presence as a preliminary way to vet, followed up with a membership interview call where we ask more questions to deduce the intentions of someone attempting to join. Someone who is attempting to infiltrate the organization is going to have a hard time making it through these hurdles, and likely wont even bother. Even if someone ends up slipping through the cracks, they have no way of knowing anything about other members, and if they attempt to cause trouble at our events, they will be promptly taken care of. Additionally, photography is not allowed at our events, so if someone is seen trying to take photographs of other members they will be made to leave.
However, our organization will never not be under scrutiny, and there will be attention from bad actors. Our staff goes out of their way to research potential threats and keep an eye on them before anything bad happens, that way we can take appropriate precautionary measures. Our staff also always uses two-factor authentication and strong, unique passwords to prevent our accounts from becoming compromised. The computer server our data is on is hosted by a company with high standards of security, preventing anything from happening with the server. Access to the server is based on cryptographic keys, preventing anyone but our staff from getting inside. Aside from that, we apply good electronic security standards to our server in order to best prevent digital attacks such as hacking. Additionally, we never use unencrypted proprietary services, such as social media, to delivery information to our members.
On the inside, we hold strict rules for our members and staff intended to keep everyone out of harms ways. These include, but are not limited to, forbidding our members from using Bt+ as means of breaking the law, and to encourage or admit breaking the law. We forbid our members from intentionally starting drama or discourse, or harassing other members. We forbid our members from being discriminatory, including against race, sex, religion, identity, orientation, or anything else. We forbid our members from leaking private information about other members or about Bt+ functions and events.
How Members Are Expected To Keep Themselves Safe
For the latter, we expect our members to act with the assumption that the worst could happen. We do everything we can to prevent this, but the reality is that events like getting hacked are impossible to fully prevent. For those more security conscious, we recommend not using your legal name, using Signal, and then using a username that you don't use anywhere else. Again, we do everything we can to prevent information from getting leaked, but it doesn't hurt to take security precautions just in case. You can also opt to use our site through a program like TOR, which helps anonymize your connections to websites. And we always recommend using a VPN everywhere on the internet. When choosing a password, please choose something complex that you do not use on other websites.
Why use Signal instead of email? Signal is a proprietary chat service offering encrypted chats with disappearing messages. This offers a protection that email does not, because email is largely unencrypted, meaning that if you use email services like Gmail then companies like Google can spy on your messages. Email is also federated, meaning that if your email passes through a server ran by bad actors, then they can spy on the contents of your email. Email is also easy to extract personal information from. In some cases, all a bad actor needs is your email address, and from that they can learn your name, address, and other personally identifying information, largely because companies like Google sell that information to outsiders. We encourage members to use Signal, but if you're going to use email then please use a service like Proton Mail or Tutanota, as they are both encrypted and do not have your personal information to begin with.
At events, members concerned about their safety are encouraged to wear face masks or other garments that partially conceal the face.
How Members Are Expected To Keep Each Other Safe
Members are forbidden from releasing information about events or other members, and failure to do so is punishable up to revocation of membership. Members are expected to take the security of their fellow members seriously by not taking photos at event, taking pictures of other members without their permission, sharing information about event attendance or details online or in-person, and to keep their own security safe. Members are only allowed to share information about events to their guests who will be coming with them, and are forbidden from discussing event information in public, or even in unencrypted private spaces such as Discord.
Conclusion
We take the security of our members extremely seriously, and we expect members to take their our security and the security of each other seriously as well. Though at the end of the day we can only do so much, as events like getting hacked are impossible to fully prevent. We are actively looking for ways to increase member security, such as through encryption and compartmentalization. If you have any concerns about your safety or security please Contact us to let us know.