Principles underpinning Project MoodleNet: 2. ‘Safe’

Safe (CC BY-ND Bryan Mathers)

The principles underpinning Project MoodleNet are:

  1. Open
  2. Safe
  3. Private
  4. Ethical
  5. Transparent
  6. Connecte​d

But what do these mean in practice? In this second of a series of posts, we explore what ‘safety’ means as regards this project.

2. What ‘Safe’ means in practice

The Oxford English Dictionary lists five definitions for ‘safe’:

  1. (predicative) Protected from or not exposed to danger or risk; not likely to be harmed or lost.
    1. Not likely to cause or lead to harm or injury; not involving danger or risk.
    2. (of a place) Affording security or protection.
  2. (derogatory) Cautious and unenterprising.
  3. Based on good reasons or evidence and not likely to be proved wrong.
  4. Uninjured; with no harm done.
  5. (informal) Excellent (used to express approval or enthusiasm)

The first, third, and fourth seem most applicable to Project MoodleNet.

In addition, Wikipedia lists three different types of safety:

  • Normative safety: “when a product or design meets applicable standards and practices for design and construction or manufacture, regardless of the product’s actual safety history.”
  • Substantive safety: “when the real-world safety history is favorable, whether or not standards are met.”
  • Perceived safety: “the users’ level of comfort and perception of risk, without consideration of standards or safety history.”

Like every organisation that operates in the EU, Moodle is subject to the new GDPR. So, the ‘normative’ safety practices to which Project MoodleNet must adhere are reasonably prescriptive. Over and above this, we will adopt practices to prevent users being exposed to malware, phishing, and other security risks.

As GDPR focuses mainly on user data, there remain ‘substantive’ and ‘perceived’ safety practices. These might include, for example, content moderation and privacy controls which users have come to expect from other platforms that they use. No realtime democratic social network used at scale can completely prevent danger, harm, and risk, but they can be designed to minimise, to the greatest extent possible, the impact of these three things.

Working towards some sub-principles for Project MoodleNet, then, by creating a ‘safe’ social network for educators we mean:

  1. Protecting user data in line with GDPR and other relevant legislation (including copyright).
  2. Minimising educators exposure to danger, harm, and risk.
  3. Basing technical and design decisions on good reasoning and evidence.

Moodle is open-source software used around the world in many different languages and contexts. We know from experience that what works in one country or community doesn’t work in another, which is why one of the core strengths of Moodle is the way it can be customised and tailored for every environment.

We will discuss ‘privacy’ in the next post in this series, but it’s worth saying here that an important element of safety within a social network involves users having granular control over who can see what is shared.  What is appropriate in one place may not appropriate in another, and this applies even to the way that user updates are displayed. A contribution to a comment thread that might seem innocuous and unproblematic could be understood very differently when displayed by itself without the surrounding context. Part of making users feel ‘safe’ is therefore ensuring that the original context is preserved.

Likewise, copyright legislation is often local in jurisdiction, but global in interpretation and impact. Given that a key component of Project MoodleNet is the sharing and re-use of open content, we must ensure that licensing information follows shared content around the system. This licensing must cascade to the remixed content, ensuring that it is properly licensed. For example, it should not be possible in Project MoodleNet to remix a work that is licensed Creative Commons Attribution-NoDerivatives.

There are many elements to online safety, with there being a balance between:

  • The security of technical standards and protocols on which the system is based
  • The system itself
  • How users understand and use the system

Project MoodleNet will use established and well-documented standards and protocols that have proven to be robust and secure. We will build the system to respect user data, flagging up (for example in testing, prototype, and beta builds) when user data may be more at risk. Moodle will also engage in user education around best practices, building resources ourselves or directing users towards the best the web has to offer, such as Security Planner.

Ultimately, safety is an emergent property of a system, as it is made up of more than just its technical implementation. We will ensure, to the best of our ability, that the culture of Project MoodleNet is one that allows users to feel safe. There are numerous design decisions and iterations based on feedback to enable this to happen. By committing to Project MoodleNet being a safe place, Moodle is empowering educators to improve our world.