Search our AI Skills
-
AI Skill
- Access Fingerprinter
- Accessibility Design
- Accountability Profile Builder
- Accountability Profile Verification
- Ad Campaign Optimization
- Advisor Action Framework
- AEO RECOMMENDATION TOOL - SYSTEM PROMPT
- Agentic Task Execution
- AI Candor Probe
- AI Citation Tracking
- AI Content Authenticity Detection
- AI Coworker Trust Protocol
- Ai Document Analysis
- AI Inference Boundary Review
- AI Journalism
- AI Project Showcase Skill
- AI Self-Report Calibration
- AI Vision Diagnosis
- Antigravity Browser QA
- Antigravity Parallel Debug
- Antigravity Test Orchestration
- Apache HTTPD Configuration
- API Design
- Appellate Brief Writer
- Apple Human Interface Design System
- AppSec Engineer — API Security Specialist
- AppSec Engineer — Cloud & Container Security Specialist
- AppSec Engineer — DevSecOps Specialist
- AppSec Engineer — IAM Security Specialist
- AppSec Engineer — Security Testing & Incident Response Specialist
- Arborist / Tree Care Specialist
- Atlanta Gardening
- Atlanta Guide
- B2B Media Consulting
- Botanical Garden Taxonomist
- Botanist / Plant Scientist
- Brand Voice Development
- Breach Data Analysis Specialist
- Business Proposal Evaluation
- Canvas Strategic Nonviolence
- Career Assessment
- Celery Task Management
- Chapter 22: Safety & Guardrails
- Chapter 26: Security Standards
- Chapter 28: Cursor Skills
- Children's Garden Educator
- Citation Checker
- Civic Tech Privacy Architecture
- Civil Resistance Theory
- Claims Integrity Audit
- CloudKit + Tauri Debugging
- Code Review
- Community Engagement Features
- Community Engagement Manager
- Competitive Analysis
- Conflict Zone Osint Specialist
- Conservation Biologist
- Content Gap Analysis
- Content Strategy
- Contract Analysis
- Conversational UI Design
- Cooking Technique Tutorial
- Copywriting
- Corporate Intelligence Investigator
- Culinary Knowledge Lookup
- Curator of Living Collections
- Customer Journey Methodology
- Customer Support
- Cyber Threat Literacy Journalist
- Dark Web Literacy Journalist
- Data Interpretation
- Democratic Health Monitoring
- Democratic Health Monitoring
- Dependency Hygiene
- Design Systems
- Dify Knowledge Base Management
- Director of Education
- Director of Horticulture
- Director of Science & Research
- Dive Conditions Forecasting
- Dive Planning
- Dive Site Data Ingestion
- Diversity, Equity & Inclusion (DEI) Coordinator
- Docker Compose Management
- Document Research Specialist
- Domain Infrastructure Investigator
- Education Curator
- Education Program Coordinator
- Eighth Amendment Legal Expert
- Election Law and Administration
- Election Threat Scenario Planner
- Election Threat Scoring
- Email Campaign Automation
- Email Parsing — Travel Bookings
- Environmental Osint Specialist
- Estate Accounting
- Estate and Trust Management
- Estate Document Extraction
- Estate Jurisdiction Engine
- Estate Manager — Build Plan
- Estate Manager — Updated Product Roadmap
- Estate Professional — CPA / Accountant
- Estate Professional — Elder Law Attorney
- Estate Professional — Enrolled Agent
- Estate Professional — Estate Planning Attorney
- Estate Professional — Financial Advisor
- Estate Professional — Insurance Agent
- Estate Professional — Probate Attorney
- Estate Professional — Probate Litigation Attorney
- Estate Professional — Real Estate Agent
- Estate Professional — Real Estate Appraiser
- Estate Professional — Real Estate Attorney
- Estate Professional — Tax Attorney
- Estate Professional — Title Company
- Estate Task Automation
- EventKit Calendar Sync
- Executive Advisor Board — Build Plan
- Executive Advisor Board — Updated Product Roadmap
- Executive Board Advisor
- Executive CCO (Chief Customer Success Officer)
- Executive CEO
- Executive CFO
- Executive CHRO
- Executive CMO
- Executive COO
- Executive CPO (Chief Product Officer)
- Executive CRO (Chief Revenue Officer)
- Executive CTO
- Executive General Counsel
- Expat Planning
- Expat Tax Compliance
- Fact-Checking
- Family Gamification Design
- FastAPI Development
- Federal Register API Integration
- FIFA 2026 World Cup Travel Advisory
- Fifth Amendment Legal Expert
- Financial Analysis
- First Amendment Legal Expert
- Flask Application Development
- FLUX Image Generation
- FLUX Operations
- Fourteenth Amendment Legal Expert
- Fourth Amendment Legal Expert
- Garden Technician
- Gardener / Groundskeeper
- Gene Sharp 198 Methods
- Generative Engine Optimization
- Geolocation Verification Specialist
- GIS / Mapping Specialist
- Grateful Dead Historian
- Greenhouse Manager
- Greenhouse Technician
- Guided Content Journeys
- Head Gardener / Garden Manager
- Herbarium Curator
- Horticulturist
- Image Generation Service Operations
- Immigration Detention Rights Expert
- Immigration Know Your Rights Expert
- Immigration Removal Defense Expert
- Immigration Workplace Enforcement Expert
- Influencer Marketing
- Infrastructure Operations
- Infrastructure Upgrades
- Integrated Pest Management (IPM) Specialist
- Interaction Design
- Internship Program Coordinator
- Interview Coaching Design
- Investigation Workflow Designer
- Irrigation Specialist
- ITI Audience Development
- ITI Consulting Intake
- ITI Content Strategy
- ITI Financial Modeling
- ITI Marketing Tone & Brand Voice
- ITI MD to Wordpress HTML Converter
- ITI Quality Assurance
- ITI Report Synthesis
- ITI Strategic Planning
- ITI Technology Strategy
- ITI Token Compression Skill
- Java Development
- Journey Mapping
- Landing Page Optimization
- Lead Qualification
- Legal Research Specialist
- Litigation Support Ediscovery Analyst
- Local SEO Optimization
- Marine Life Identification
- Market Research
- MCP Client for Tauri
- MCP Server Development
- Meal Planning
- Media Verification Specialist
- Meeting Management
- Mental Load Equity Design
- Multi-Agent Deliberation Design
- Multilingual Content Management
- Music Discovery
- n8n + Dify Testing
- n8n Debugging
- n8n Workflow Development
- Network Analysis Specialist
- News Credibility Scoring
- Nginx Reverse Proxy
- Objection Handling
- Onboarding Design
- Osint Automation Frameworks
- Osint Identity Researcher
- Osint Training Curriculum Designer
- Patriot Access Fingerprinter
- Patriot News Orchestrator
- Patriot Press Freedom Tracker
- Patriot Private Citizen Inclusion Gate
- Patriot Sanity Check
- Patriot Source Scanner
- Patriot Speech Analyzer
- Patriot Voting Research
- Pinecone Embedding Management
- Podcast Production
- Policy Analyst Legislative Specialist
- Political Speech Analyzer
- Portfolio HTML Files - Creation Summary
- PostgreSQL Administration
- Presentation Design
- Press Release Writing
- PRISM ZIP Code → Zone Lookup
- Privacy Compliance
- Product Design
- Product Roadmap Update Prompt
- Professional Selection
- Project Management
- Prompt Auditor
- Proposal Evaluation
- Public Corruption Ombudsman
- Public Records Research Specialist
- Public Relations Manager
- RabbitMQ Messaging
- Recipe Formatting
- Redis Operations
- Release Management
- Requirements Writing
- Research Associate / Lab Technician
- Retirement Calculator Engine
- Roadmap Build Planning
- Safety Guardrails
- Salary Negotiation Frameworks
- Schema Markup Generation
- School Programs Specialist
- Scope Control
- Scouting Trip Planning
- Screenshot Capture Guide
- Secure Source Communication
- Seed Bank Curator
- SEO & AEO Optimization
- Separation of Powers Legal Expert
- Session Context Protocol
- Sixth Amendment Legal Expert
- Skills Index
- Social Media Content Calendar
- Spokesperson Profile Builder
- Stable Diffusion Image Generation
- Tauri Desktop Development
- Tavily & Pinecone Integrations
- Tavily API Quick Reference - Factchecker Plugin
- Tech Debt Analysis
- Technical Writing
- Tenth Amendment Legal Expert
- Test Plan Writing
- Therapeutic Horticulture Program Manager
- Transportation Osint Investigator
- Travel Planning
- Trump Corruption Accountability Tracker
- Trump Family Financial Tracker
- Trump Voter Impact Framing
- Truth Bridging Talking Points
- Truth Reconciliation Design
- Truth Reconciliation Implementation
- TSP Route Optimization
- Twenty Second Amendment Legal Expert
- UI Design
- Us Truth Reconciliation Roadmap
- UX Research
- Vibe Coding Guardrails
- Video Scripting
- Visual Brand Design
- Volunteer Coordinator
- Voter Suppression Law
- Voting Rights Act Expert
- Weather Underground PWS Integration
- Weather-Disease Modeling
- Wildlife Habitat Certification Guide
- Wireless Spectrum Osint Specialist
- WordPress Development
- WordPress Role-Based Access
- WordPress SEO Plugin Integration
- Workflow Adapter Integration
- Show Remaining Articles (283) Collapse Articles
-
Product Showcase
- AEO Optimizer Product Showcase
- AI News Cafe Product Showcase
- AI Project Showcase: Journey Mapper (Customer Journey Mapper)
- AI Project Showcase: SEO Assistant with LLM
- Estate Manager Product Showcase
- Executive Advisor Board Product Showcase
- Expat Advisor Showcase
- Factchecker Product Showcase
- Farmers Bounty Product Showcase
- Gardener's Bounty AI Assistant Product Showcase
- GD Claude Chatbot Product Showcase
- IT Influentials Agent POC Product Showcase
- IT Influentials Agent Product Showcase
- IT Influentials Express Agents Product Showcase
- My TravelPlanner Product Showcase
- Patriot Agent Product Showcase
- Patriot University Showcase
- ScubaGPT — Product Showcase
- ScubaGPT Showcase
- WordPress Plugin Clone Safety Checker Showcase
- Show Remaining Articles (5) Collapse Articles
-
ITI Knowledge System
- Chapter 1: Introduction
- Chapter 10: n8n — Debugging & Operations
- Chapter 11: Dify — Knowledge Bases & RAG
- Chapter 12: The ITI Workflow Adapter
- Chapter 13: The ITI Shared Library
- Chapter 14: WordPress Plugin Development
- Chapter 15: Desktop Apps with Tauri 2
- Chapter 16: Python Services
- Chapter 17: iOS & macOS with Swift
- Chapter 18: Claude & the Anthropic API
- Chapter 19: Prompt Engineering
- Chapter 2: Workspace Overview
- Chapter 20: Agents, Skills & Pipelines
- Chapter 21: Knowledge Bases
- Chapter 22: Safety & Guardrails
- Chapter 23: Build Session Protocol
- Chapter 24: Required Product Artifacts
- Chapter 25: Testing
- Chapter 26: Security Standards
- Chapter 27: Deployment
- Chapter 28: Cursor Skills
- Chapter 29: Cursor Rules
- Chapter 3: The Docker Stack
- Chapter 30: MCP Integrations
- Chapter 31: Builder and Agent Roles
- Chapter 32: Builder's Portfolio
- Chapter 33: Claims Integrity & Content Governance
- Chapter 4: Daily Operations
- Chapter 5: Infrastructure Upgrades
- Chapter 6: PostgreSQL & pgvector
- Chapter 7: Redis
- Chapter 8: Nginx Reverse Proxy
- Chapter 9: n8n — Workflow Development
- Show Remaining Articles (18) Collapse Articles
-
AI Agent
-
User Guide
- ADMIN-SHORTCODES.html Update Summary
- Factchecker Plugin - Installation Guide
- Factchecker Plugin - Troubleshooting Guide
- Farmers Bounty - Quick Start Guide
- Farmers Bounty - Troubleshooting Guide
- Farmers Bounty - User Guide
- Farmers Bounty Chatbot - Complete Documentation
- Farmers Bounty Desktop User Guide
- Farmers Bounty Plugin - Gardener's Review Guide
- Farmers Bounty Plugin v6.6.0 - Release Notes
- Farmers Bounty v2.0 - Complete User Guide
- Farmers Bounty v5.3.0 - Complete User Guide
- SEO Assistant with LLM
- 🌱 Farmers Bounty Homepage Shortcode - Quick Start
- 🌱 Farmers Bounty Shortcodes
- 🌹 Grateful Dead Chatbot - Quickstart Guide ⚡
- Show Remaining Articles (1) Collapse Articles
-
Requirements
-
ScubaGPT
-
Grateful Dead Chatbot
-
Farmers Bounty
- 01 current state analysis
- 02 architecture overview
- 03 data sources
- 05 cost analysis
- 06 database schema
- 08 ui ux changes
- 09 ai context optimization
- 10 testing validation
- 11 risk mitigation
- 12 implementation checklist
- ADMIN-SHORTCODES.html Update Summary
- Atlanta Gardening
- Beneficial Insects Guide for Georgia Gardens
- Botanical Garden Taxonomist
- Children's Garden Educator
- Farmers Bounty - Quick Start Guide
- Farmers Bounty - Troubleshooting Guide
- Farmers Bounty - User Guide
- Farmers Bounty Chatbot - Complete Documentation
- Farmers Bounty Desktop User Guide
- Farmers Bounty Plugin - Gardener's Review Guide
- Farmers Bounty Plugin v6.6.0 - Release Notes
- Farmers Bounty v2.0 - Complete User Guide
- Farmers Bounty v5.3.0 - Complete User Guide
- Glossary
- Integrated Pest Management (IPM) Specialist
- PRISM ZIP Code → Zone Lookup
- Public Relations Manager
- Recipe Formatting
- Research Associate / Lab Technician
- School Programs Specialist
- Seed Bank Curator
- Volunteer Coordinator
- Weather-Disease Modeling
- Wildlife Habitat Certification Guide
- 🌱 Farmers Bounty Homepage Shortcode - Quick Start
- 🌱 Farmers Bounty Shortcodes
- Show Remaining Articles (22) Collapse Articles
-
Technical Document
- Accessibility Design
- Agentic Task Execution
- AI Candor Probe
- AI Coworker Trust Protocol
- AI Inference Boundary Review
- AI Vision Diagnosis
- Antigravity Browser QA
- Antigravity Parallel Debug
- Antigravity Test Orchestration
- AppSec Engineer — IAM Security Specialist
- Chapter 22: Safety & Guardrails
- Chapter 26: Security Standards
- Civic Tech Privacy Architecture
- ClaimReview Schema Integration
- Claims Evidence Registry
- Code Review
- IT Influentials Express Agents Product Showcase
- Java Development
- MCP Client for Tauri
- MCP Server Development
- Nginx Reverse Proxy
- Pinecone Embedding Management
- PostgreSQL Administration
- Product Roadmap Update Prompt
- Prompt Auditor
- RabbitMQ Messaging
- Redis Operations
- Release Management
- Retirement Calculator Engine
- Roadmap Build Planning
- Schema Markup Generation
- ScubaGPT — Architecture
- ScubaGPT Safety Guardrails - Quick Reference
- Session Context Protocol
- Stable Diffusion Image Generation
- Tauri Desktop Development
- Tavily & Pinecone Integrations
- Tavily API Quick Reference - Factchecker Plugin
- Tech Debt Analysis
- Test Plan Writing
- Travel Planner — n8n + Dify Integration Guide
- UI Design
- UX Research
- Vibe Coding Guardrails
- WordPress Plugin Clone Safety Checker Showcase
- Workflow Adapter Integration
- Show Remaining Articles (31) Collapse Articles
-
Answer Engine Optimizer
-
SEO Optimizer
-
Travel Planner
-
Fact Checker
-
Estate Manager
-
ITI Operations
- Access Fingerprinter
- Accessibility Design
- Advisor Action Framework
- Agentic Task Execution
- AI Candor Probe
- AI Content Authenticity Detection
- AI Coworker Trust Protocol
- AI Inference Boundary Review
- AI Project Showcase Skill
- AI Self-Report Calibration
- Antigravity Browser QA
- Antigravity Parallel Debug
- Antigravity Test Orchestration
- Apple Human Interface Design System
- AppSec Engineer — API Security Specialist
- AppSec Engineer — DevSecOps Specialist
- Chapter 32: Builder's Portfolio
- CloudKit + Tauri Debugging
- Code Review
- Content Strategy
- Customer Journey Methodology
- Customer Support
- Data Interpretation
- Dependency Hygiene
- End-User Documentation Requirements Document
- Farmers Bounty Plugin - Gardener's Review Guide
- Generative Engine Optimization
- Guided Content Journeys
- Influencer Marketing
- Infrastructure Upgrades
- Interaction Design
- IT Influentials Agent POC Product Showcase
- IT Influentials Agent Product Showcase
- IT Influentials Express Agents Product Showcase
- ITI Audience Development
- ITI Consulting Intake
- ITI Financial Modeling
- ITI Quality Assurance
- ITI Report Synthesis
- ITI Strategic Planning
- ITI Token Compression Skill
- Market Research
- MCP Server Development
- Multi-Agent Deliberation Design
- Multilingual Content Management
- n8n Debugging
- n8n Workflow Development
- Pinecone Embedding Management
- Privacy Compliance
- Product Roadmap Update Prompt
- Project Management
- Prompt Auditor
- Proposal Evaluation
- Redis Operations
- Release Management
- Requirements Writing
- Roadmap Build Planning
- Safety Guardrails
- Scope Control
- Screenshot Capture Guide
- Stable Diffusion Image Generation
- Tavily & Pinecone Integrations
- Technical Writing
- Test Plan Writing
- UI Design
- UX Research
- Vibe Coding Guardrails
- Wordpress Plugin Install Safety Features
- Show Remaining Articles (53) Collapse Articles
-
ITI Marketing
- Articles coming soon
-
Patriot University
-
Personal Assistant
< All Topics
Print
Civic Tech Privacy Architecture
Posted
Updated
ByPeter Westerman
name: civic-tech-privacy-architecture
description: Design zero-PII and privacy-preserving architectures for civic technology. Anonymous authentication, log sanitization, metadata stripping, adversarial threat models (nation-state adversaries), MITM detection, certificate transparency. Use when designing privacy architectures for civic tech, implementing anonymous auth, building adversarial threat models, or auditing civic platforms for privacy compliance.
Civic Tech Privacy Architecture
Instructions
Design privacy-preserving system architectures for civic technology products where users may face retaliation from powerful adversaries — including governments, employers, or abusive partners — for their use of the product. The threat model assumes nation-state-level adversaries with legal authority to compel data disclosure.
Threat Model
Define adversaries and their capabilities:
| Adversary | Capabilities | Goal |
|---|---|---|
| Nation-state (domestic) | Subpoena/warrant authority, ISP cooperation, device seizure | Identify users, their activities, and associates |
| Nation-state (foreign) | Network surveillance, DNS poisoning, certificate forgery | Monitor dissidents, journalists, activists |
| Employer/institution | Device management, network monitoring, physical access | Identify employees using civic tools |
| Intimate partner | Physical device access, shoulder surfing, account credentials | Monitor and control partner’s civic engagement |
| Platform compromise | SQL injection, API exploitation, social engineering | Exfiltrate user data in bulk |
Zero-PII Architecture
Design systems that cannot reveal user identity even if fully compromised:
- No PII at rest: The database, if dumped, must not contain names, emails, phone numbers, IP addresses, or any data linkable to a real identity
- Anonymous accounts: Authentication via cryptographic tokens, not email/password. Support WebAuthn/passkeys without email recovery
- Ephemeral sessions: Session tokens rotate frequently. No persistent session cookies
- No behavioral fingerprinting: Do not collect or store browser fingerprints, device IDs, or usage patterns that could re-identify anonymous users
- Aggregate-only analytics: If analytics are needed, use differential privacy techniques. Never store individual event streams
Anonymous Authentication
Implement authentication that proves authorization without revealing identity:
- Token-based registration: User generates a keypair locally. Public key registers on server. No email, no phone, no name
- Recovery via secret shares: Split a recovery key into N shares using Shamir’s Secret Sharing. User stores shares in separate locations
- Group credentials: Where applicable, use group signatures that prove “this user is a member” without revealing which member
- Deniable authentication: In contexts where users may be compelled to reveal credentials, support deniable authentication schemes where a coerced login shows a sanitized view
Log Sanitization
Prevent logs from becoming a liability:
- IP stripping: Strip source IPs at the load balancer before they reach application logs. Log only country-level geolocation if needed for abuse prevention
- Request sanitization: Remove or hash all query parameters, headers, and body content from access logs
- Timestamp coarsening: Round timestamps to 15-minute windows to prevent correlation with external surveillance data
- Retention limits: Access logs deleted after 48 hours. Application logs deleted after 7 days. No archival
- Audit log separation: If an audit log is legally required, store it in a separate system with strict access controls and document exactly what it contains
Metadata Stripping
Metadata is often more dangerous than content:
- EXIF removal: Strip all EXIF data from uploaded images before storage
- Document sanitization: Remove author names, revision history, and embedded metadata from uploaded documents
- Email header stripping: If the platform sends email, use a shared sending address with no per-user identifiers in headers
- Link decoration removal: Strip UTM parameters, click tracking IDs, and referrer data from all URLs
Network Security
- Certificate transparency monitoring: Monitor CT logs for unauthorized certificates issued for the platform’s domains
- MITM detection: Implement certificate pinning in native apps. For web, use HSTS with long max-age and preload
- Onion service: Provide a .onion address for Tor users. Do not block Tor exit nodes
- DNS-over-HTTPS: Recommend or enforce DoH/DoT for users to prevent DNS-level surveillance
- CDN considerations: Evaluate CDN providers for their response to government data requests. Prefer providers with strong transparency reports
Adversarial Testing
- Red team the architecture: Before launch, engage security researchers to attempt de-anonymization using only data the system stores
- Compelled disclosure simulation: Simulate receiving a subpoena/warrant and verify that the data you could produce does not identify individual users
- Network analysis resistance: Verify that traffic patterns do not reveal user identity (e.g., consistent packet sizes, timing obfuscation)
- Device seizure scenario: If a user’s device is seized, what can an adversary learn from local app data? Minimize this surface
Inputs Required
- Adversary threat model (which adversaries, what capabilities)
- Product type and core user journey
- Jurisdictions where users and servers operate
- Legal compliance requirements (data retention laws, lawful intercept mandates)
- Platform targets (web, native mobile, desktop)
Output Format
- Adversarial threat model document with capability matrix
- Zero-PII architecture diagram showing data flows and storage boundaries
- Anonymous authentication specification
- Log sanitization policy with retention schedule
- Metadata stripping checklist by data type
- Network security configuration guide
- Adversarial test plan with red team scenarios
Anti-Patterns
- Security theater: Implementing encryption but logging plaintext data elsewhere in the stack
- Email-based identity: Requiring email for account creation in a system designed for anonymity
- Trust the CDN: Assuming CDN/hosting providers will resist government requests without evaluating their track record
- Compliance over safety: Implementing data retention mandated by law without designing the retained data to be non-identifying
- VPN recommendation as architecture: Telling users to “use a VPN” instead of building privacy into the system architecture
- Metadata blindness: Encrypting content but ignoring metadata (timestamps, IP addresses, access patterns) that reveals just as much
- Single point of failure: Storing all privacy-critical data in one system where a single compromise exposes everything
Table of Contents
