This page provides a collection of materials, tools, and resources that we have created to help IPV survivors, advocates, and technologists discover and mitigate tech-based risks and vulnerabilities. All resources are free to download, use, and modify. We use these materials as part of our Computer Security Clinic for IPV survivors in New York City. 

consult.png

Tech Clinic Consultation Protocol

What is it? 

This document covers the steps that we follow in our IPV tech clinic consultations. It consists of the set of tasks that a consultant follows when meeting with a client. These tasks refer to the other materials provided on this page (e.g., TAQ, ISDi, Technograph). 

How is it used? 

You can use this as a guide to structure a consultation that assesses the likelihood of technology risks and vulnerabilities. In our clinic, the consultant keeps a copy of the consultation protocol with them and refers to it throughout the consultation. It is meant to ensure the entire protocol is completed.

Downloadable Resources

Consultation protocol (English) -- pdf

Consultation protocol (Spanish) -- pdf

TAQ.png

Technology Assessment Questionnaire (TAQ)

What is it? 

The Technology Assessment Questionnaire (TAQ) is a set of questions that are meant to help systematize problem discovery during consultations. It is not intended to be used verbatim, but rather as a reference to ensure the consultant covers important topics common in IPV tech abuse.

How is it used? 

The consultant should use the TAQ to guide a discussion of the client's technology concerns and abuse history, covering all questions that are relevant to the client.

Downloadable Resources

TAQ (English) -- pdf

TAQ (Spanish) -- pdf

iPhone.png

Privacy Checkup Guides

What are they? 

Our privacy checkup guides are intended to assist with manual inspection of a client's devices and accounts.

How are they used?

The consultant should refer to these guides to check the security and privacy settings of the client's devices and accounts. The consultant should focus on the settings relevant to the client's chief concerns (i.e., the client's reasons for seeking a consultation), and concerns surfaced via the TAQ.

Downloadable Resources

English: iOS, Google, Instagram, Facebook, WhatsApp, Snapchat, 2-factor authentication (various) 

Spanish: iOS, Google, Instagram, Facebook, WhatsApp, Snapchat, 2-factor authentication (various)

ISDi.png

IPV Spyware Discovery Tool (ISDi)

What is it? 

ISDi is a Python application that can scan iOS or Android devices for the kinds of apps used in IPV tech abuse (such as those listed in our app classification guide, and those identified in prior research). It is designed to be minimally invasive and does not require installing any applications on the client's device(s).

How is it used?

When explaining ISDi to the client, use these guidelines. With the client's permission, the consultant will plug in the client's iOS and/or Android device(s) over USB into a laptop running ISDi and perform a scan using ISDi's browser-based interface. Refer to the README for more on how to setup and run ISDi. Note that you will need to contact us to obtain the list of apps that ISDi checks for. 

Downloadable Resources

ISDi github repository

technograph_filled.png

Technograph

What is it? 

The technograph is a visual map that helps document relationships between (1) devices, (2) accounts, and (3) people (usually the client’s family). Drawing connections between entities gives the consultant a clearer picture of potential sources of compromise.

How is it used? 

When guiding discussion of the client's concerns via the TAQ, the consultant should keep a copy of the technograph with them and fill out the devices, people, and accounts that the client is describing. On the second page of the technograph, the consultant can fill in a timeline of relevant events to help visualize the client's technology footprint.

Downloadable Resources

Blank Technograph (English) -- pdf

Blank Technograph (Spanish) -- pdf

Example of a filled Technograph (English) -- png

app-guide.png

App Classification Guide

What is it? 

The app classification guide is intended to help explain various types of apps that can be used for IPV tech abuse (e.g., "dual-use" apps), and the type of information that they can provide in an abusive configuration.

How is it used? 

The consultant should use the app classification guide if ISDi discovers any relevant applications, or if the client is curious about the types of apps that are used in IPV tech abuse settings.

Downloadable Resources

App classification guide (English) -- pdf

App classification guide (Spanish) -- pdf