Agape-Apps: Building Baruch Together

[Brandon]

2 hours ago, Eryk said:

Why not use that server for a centralized "single source of truth"

Because it’s a privacy risk, I guess 

[Eryk]

Forgive me, friends, but I still fail to understand.

 

I am not talking about "the cloud" (some service provider who-knows-where). I am talking about "local" devices of the friends from one congregation. The server has to be one of those devices, correct?

 

Also, all the overseers need to have the personal data available to some degree, no? Even if it's just the emergency phone number for the publishers in a group - both the group overseer and the secretary will need to update that number. Do they do it separately on each of their devices, or is it done once (by either) and synched?

 

And if each device must have a local copy of the data (even if encrypted), it's more of a security risk than having just one device (a local server) holding the data, no?

[Jonathan1]

Indeed. An app is a great tool for congregation planning, but it should remain limited to that. It's good that group overseers and elders to maintain lists of contact information of brothers and sisters, including emergency contacts, but for privacy reasons, this should remain outside the scope of a planning app.

[trottigy]

I know I and many of my brothers and sisters have each other's names, numbers and addresses in their contact lists on their phones. I have had either a written or electronic contact list for more than 50 years. In fact, I remember moving into a new congregation many years ago and getting a nice paper copy of everyone's info as a gift. It was wonderful.

 

I can't help but wonder if people are just more paranoid than before. Anyway, Satan know where we all are. He too has a list. You can't hide away and assume that if somehow your personal info isn't written anywhere that you can escape what's coming. Jesus said, " if they persecuted me, they'll persecute you." (John 15:20). We'll be ok if we stay close to Jehovah's people and that is going to require them to know your personal info and for you to know theirs.

[Jonathan1]

2 hours ago, Eryk said:

I am not talking about "the cloud" (some service provider who-knows-where). I am talking about "local" devices of the friends from one congregation. The server has to be one of those devices, correct?

 

I understand where that perspective comes from. It can feel safer to have a PC physically located in someone’s home rather than “somewhere in the cloud.”. However, from a technical standpoint, a server is not a special type of hardware. A server is simply a role a system performs in a network. If a personal laptop is permanently connected to the internet to host data or provide synchronization, then that laptop is functioning as a server.

And that comes with the same exposure:

• It is internet-facing

• It must be patched continuously

• It must be hardened and monitored

• It becomes a potential attack surface

Professional hosting environments typically:

• Apply security patches quickly

• Use hardened operating systems

• Run behind managed firewalls

• Monitor for intrusion attempts

• Isolate workloads

A privately managed home PC usually does not have that level of operational security. It may feel safer because it is physically visible and under personal control, but technically, it is often less secure than professionally managed infrastructure. I know NWS uses a PC of a brother connected to the internet for congregation sharing.

 

 

The real question is:

Where is personal data stored?
And how exposed is that storage role?

In Baruch’s case, the server role is minimized and does not contain personal contact data at all. Baruch makes use of a professional hosting partner for security.

[Jonathan1]

2 hours ago, Eryk said:

Also, all the overseers need to have the personal data available to some degree, no? Even if it's just the emergency phone number for the publishers in a group - both the group overseer and the secretary will need to update that number. Do they do it separately on each of their devices, or is it done once (by either) and synched?

 

And if each device must have a local copy of the data (even if encrypted), it's more of a security risk than having just one device (a local server) holding the data, no?

 

Not all overseers need to hold the same personal data. Baruch follows a principle of role-based custody:

• The secretary maintains the official congregation records locally.

• A group overseer may maintain contact details for his own group locally.

• There is no automatic global synchronization of contact or emergency data.

If a phone number changes, it is updated by the responsible brother in his local records. It is not broadcast to every device.

This is intentional.

Regarding security risk: it is true that blindly replicating a full personal dataset to many devices would increase exposure.

But Baruch does not replicate a centralized personal database across all devices.

The model is:

• No central PII repository in the cloud

• No automatic full replication to all clients

• Only minimal, role-appropriate local custody

So the trade-off is not “many full copies vs one copy.”

The real comparison is:

One central, internet-facing system holding all personal data
versus
No central PII target, and limited local custody based on responsibility.

Baruch removes the central high-value target. That is the architectural decision.

[Jonathan1]

10 minutes ago, trottigy said:

I can't help but wonder if people are just more paranoid than before. Anyway, Satan know where we all are. He too has a list. You can't hide away and assume that if somehow your personal info isn't written anywhere that you can escape what's coming. Jesus said, " if they persecuted me, they'll persecute you." (John 15:20). We'll be ok if we stay close to Jehovah's people and that is going to require them to know your personal info and for you to know theirs.

 

Regardless of personal convictions, we operate within legal frameworks. In many countries — especially within the EU — religious organizations must comply with strict privacy regulations such as GDPR.

Religious affiliation data is classified as special category data under GDPR and therefore receives heightened protection.

If we build or use a planning system that processes personal data, we are legally required to:

• Minimize the data we collect

• Secure it appropriately

• Limit access

• Be able to justify how and why it is processed

This is not about paranoia. It is about stewardship and compliance.

If a congregation uses digital tools, those tools must be designed in a way that respects both spiritual responsibility and civil legal obligations.

[Jonathan1]

I would like to share a historical reflection to explain why data minimisation matters.

In the Netherlands, we learned a very painful lesson about centralized personal records.

 

Before World War II, the Dutch population registry was considered one of the most accurate and well-organized in Europe. Municipal records included detailed information such as:

• Religious affiliation

• Parents’ background

• Address history

• Family composition

For many years, this was simply good administration. It only became a problem after the regime change in 1940, when Nazi Germany occupied the Netherlands and took control of those records. Because the data was centralized, detailed, and well maintained, it became significantly easier for the occupiers to identify and locate Jewish citizens.

 

The result was tragic. Approximately 75% of the Jewish population in the Netherlands was deported and murdered — a percentage far higher than in neighboring countries such as Belgium (~40–45%), France (~25%), or Denmark (~1–2%).

 

The lesson is not that administration is wrong.

The lesson is that centralized, detailed personal records can become dangerous when circumstances change.

[Eryk]

3 hours ago, Jonathan1 said:

Baruch makes use of a professional hosting partner for security.

 

3 hours ago, Jonathan1 said:

If a phone number changes, it is updated by the responsible brother in his local records.

Thank you, @Jonathan1. This gives me a better understaning of your app and its limitations.