Agape-Apps: Building Baruch Together

[Brandon]

2 hours ago, Eryk said:

Why not use that server for a centralized "single source of truth"

Because it’s a privacy risk, I guess 

[Eryk]

Forgive me, friends, but I still fail to understand.

 

I am not talking about "the cloud" (some service provider who-knows-where). I am talking about "local" devices of the friends from one congregation. The server has to be one of those devices, correct?

 

Also, all the overseers need to have the personal data available to some degree, no? Even if it's just the emergency phone number for the publishers in a group - both the group overseer and the secretary will need to update that number. Do they do it separately on each of their devices, or is it done once (by either) and synched?

 

And if each device must have a local copy of the data (even if encrypted), it's more of a security risk than having just one device (a local server) holding the data, no?

[Jonathan1]

Indeed. An app is a great tool for congregation planning, but it should remain limited to that. It's good that group overseers and elders to maintain lists of contact information of brothers and sisters, including emergency contacts, but for privacy reasons, this should remain outside the scope of a planning app.

[trottigy]

I know I and many of my brothers and sisters have each other's names, numbers and addresses in their contact lists on their phones. I have had either a written or electronic contact list for more than 50 years. In fact, I remember moving into a new congregation many years ago and getting a nice paper copy of everyone's info as a gift. It was wonderful.

 

I can't help but wonder if people are just more paranoid than before. Anyway, Satan know where we all are. He too has a list. You can't hide away and assume that if somehow your personal info isn't written anywhere that you can escape what's coming. Jesus said, " if they persecuted me, they'll persecute you." (John 15:20). We'll be ok if we stay close to Jehovah's people and that is going to require them to know your personal info and for you to know theirs.

[Jonathan1]

2 hours ago, Eryk said:

I am not talking about "the cloud" (some service provider who-knows-where). I am talking about "local" devices of the friends from one congregation. The server has to be one of those devices, correct?

 

I understand where that perspective comes from. It can feel safer to have a PC physically located in someone’s home rather than “somewhere in the cloud.”. However, from a technical standpoint, a server is not a special type of hardware. A server is simply a role a system performs in a network. If a personal laptop is permanently connected to the internet to host data or provide synchronization, then that laptop is functioning as a server.

And that comes with the same exposure:

• It is internet-facing

• It must be patched continuously

• It must be hardened and monitored

• It becomes a potential attack surface

Professional hosting environments typically:

• Apply security patches quickly

• Use hardened operating systems

• Run behind managed firewalls

• Monitor for intrusion attempts

• Isolate workloads

A privately managed home PC usually does not have that level of operational security. It may feel safer because it is physically visible and under personal control, but technically, it is often less secure than professionally managed infrastructure. I know NWS uses a PC of a brother connected to the internet for congregation sharing.

 

 

The real question is:

Where is personal data stored?
And how exposed is that storage role?

In Baruch’s case, the server role is minimized and does not contain personal contact data at all. Baruch makes use of a professional hosting partner for security.

[Jonathan1]

2 hours ago, Eryk said:

Also, all the overseers need to have the personal data available to some degree, no? Even if it's just the emergency phone number for the publishers in a group - both the group overseer and the secretary will need to update that number. Do they do it separately on each of their devices, or is it done once (by either) and synched?

 

And if each device must have a local copy of the data (even if encrypted), it's more of a security risk than having just one device (a local server) holding the data, no?

 

Not all overseers need to hold the same personal data. Baruch follows a principle of role-based custody:

• The secretary maintains the official congregation records locally.

• A group overseer may maintain contact details for his own group locally.

• There is no automatic global synchronization of contact or emergency data.

If a phone number changes, it is updated by the responsible brother in his local records. It is not broadcast to every device.

This is intentional.

Regarding security risk: it is true that blindly replicating a full personal dataset to many devices would increase exposure.

But Baruch does not replicate a centralized personal database across all devices.

The model is:

• No central PII repository in the cloud

• No automatic full replication to all clients

• Only minimal, role-appropriate local custody

So the trade-off is not “many full copies vs one copy.”

The real comparison is:

One central, internet-facing system holding all personal data
versus
No central PII target, and limited local custody based on responsibility.

Baruch removes the central high-value target. That is the architectural decision.

[Jonathan1]

10 minutes ago, trottigy said:

I can't help but wonder if people are just more paranoid than before. Anyway, Satan know where we all are. He too has a list. You can't hide away and assume that if somehow your personal info isn't written anywhere that you can escape what's coming. Jesus said, " if they persecuted me, they'll persecute you." (John 15:20). We'll be ok if we stay close to Jehovah's people and that is going to require them to know your personal info and for you to know theirs.

 

Regardless of personal convictions, we operate within legal frameworks. In many countries — especially within the EU — religious organizations must comply with strict privacy regulations such as GDPR.

Religious affiliation data is classified as special category data under GDPR and therefore receives heightened protection.

If we build or use a planning system that processes personal data, we are legally required to:

• Minimize the data we collect

• Secure it appropriately

• Limit access

• Be able to justify how and why it is processed

This is not about paranoia. It is about stewardship and compliance.

If a congregation uses digital tools, those tools must be designed in a way that respects both spiritual responsibility and civil legal obligations.

[Jonathan1]

I would like to share a historical reflection to explain why data minimisation matters.

In the Netherlands, we learned a very painful lesson about centralized personal records.

 

Before World War II, the Dutch population registry was considered one of the most accurate and well-organized in Europe. Municipal records included detailed information such as:

• Religious affiliation

• Parents’ background

• Address history

• Family composition

For many years, this was simply good administration. It only became a problem after the regime change in 1940, when Nazi Germany occupied the Netherlands and took control of those records. Because the data was centralized, detailed, and well maintained, it became significantly easier for the occupiers to identify and locate Jewish citizens.

 

The result was tragic. Approximately 75% of the Jewish population in the Netherlands was deported and murdered — a percentage far higher than in neighboring countries such as Belgium (~40–45%), France (~25%), or Denmark (~1–2%).

 

The lesson is not that administration is wrong.

The lesson is that centralized, detailed personal records can become dangerous when circumstances change.

[Eryk]

3 hours ago, Jonathan1 said:

Baruch makes use of a professional hosting partner for security.

 

3 hours ago, Jonathan1 said:

If a phone number changes, it is updated by the responsible brother in his local records.

Thank you, @Jonathan1. This gives me a better understaning of your app and its limitations.

[foghorn]

3 hours ago, Jonathan1 said:

share a historical reflection to explain why data minimisation matters.

@Jonathan1 Thanks for that insightful history - losing control of that info was deadly. In WWII,  "centralized, detailed, and well maintained" data was probably in paper form. All the Nazis had to do was take over a building and they had it all. In other countries, the old yearbooks describe extreme efforts the SS had to go to in locating the key brothers. They even went so far as infiltrating congregations, qualifying to become servants, etc. 

   I am like @trottigy - since we are not under EU rules here, my android Contacts app is filled with contact information for several hundred brothers and sisters - in my congregation and others, too. That is extremely convenient - for now. Google assures me it is safe, but I suspect it is possible that bad actors could gain access to that contact data whenever they decide to. Or maybe already have... And to be honest, the easiest way to compromise a group of JW's is to find just one with an unlocked smartphone.

   But I am keeping watch. Being realistic, I expect conditions to turn against the congregations abruptly. I am watching for some sort of advance indication that will lead me to quickly go into "lockdown mode". Prior to that stage, I am expecting the organization to provide some strong guidance to prepare the way. 

   So I am even thinking ahead to whether this Baruch system might be useful in a severe persecution scenario. Maybe "as-is", maybe a special version??

 

[Jonathan1]

Dear Brothers & Sisters, I need your help and input.

What is in your opinion the best layout for a main congregation screen?

Shall I create a dashboard with the congregation status and seperate maintenance screens?

Or a combined screen with dashboard parts and maintenance parts?

[Jonathan1]

This is what I've created so far.

 

Congregation maintenance

[Jonathan1]

Circuit Overseer maintenance

[Jonathan1]

Meeting maintenance

[Jonathan1]

Online meeting maintenance

[Jonathan1]

In the top area there are charts containing:

• Age Distribution chart
• Families chart
• Activity chart
• <still empty>

 

[Brandon]

5 hours ago, Jonathan1 said:

In many countries — especially within the EU — religious organizations must comply with strict privacy regulations such as GDPR.

I’ve noticed here in my country (outside Europe) we’ve been shrinking the amounts of data as well. I found out not too long ago that when somebody’s removed from the congregation, we destroy all of their publisher record files. 
 

Our organization seems to be moving toward holding onto as little data as is necessary to function.

[jayrtom]

6 hours ago, trottigy said:

I know I and many of my brothers and sisters have each other's names, numbers and addresses in their contact lists on their phones. I have had either a written or electronic contact list for more than 50 years. In fact, I remember moving into a new congregation many years ago and getting a nice paper copy of everyone's info as a gift. It was wonderful.

 

I can't help but wonder if people are just more paranoid than before. Anyway, Satan know where we all are. He too has a list. You can't hide away and assume that if somehow your personal info isn't written anywhere that you can escape what's coming. Jesus said, " if they persecuted me, they'll persecute you." (John 15:20). We'll be ok if we stay close to Jehovah's people and that is going to require them to know your personal info and for you to know theirs.

In the US you don't have the same restrictions as in the EU, where we can't even keep a "not at home" record in the ministry or take any notes of return visits. 
The privacy required for this app is not related to enemies finding about us, but because of European laws. And ultimately, it's the organization that is found guilty not an individual publisher or congregation. So it is a serious matter, more than many are aware of

Edited 2 hours ago by jayrtom

[Jonathan1]

Do you like a more dashboard style and different maintenance screens?

[Jonathan1]

I'm also considering creating a Congregation Remove Procedure that allows the COBE to delete all data in the event of an emergency. If a situation like the current one in Russia arises, all data can be erased using this procedure. This procedure sends an event to all clients (publishers) that wipes the entire publisher app. All data will be deleted from both the apps, and no trace of the congregation will remain on the server.

[foghorn]

2 hours ago, Jonathan1 said:

Do you like a more dashboard style and different maintenance screens?

Yes - that is my personal preference. Some of our servants are not experienced software users. So keep it simple and clear, with fairly large print for the older ones. Consistency is important - UI elements in the same place every time. A very useful feature some programs offer is a "What do you want to do" box. It gives them a list of the most common tasks, and opens the necessary UI screen to get the task started.

 

Re: Congregation Remove Procedure: that sounds like a GREAT idea. It literally could save lives!