Squadbox :heart::mailbox_with_mail:

Fight harassment with your squad. Learn more at squadbox.org.

Hi! :wave:

Thanks for checking out our repository! Squadbox is a tool to help people who are being harassed online by having their friends (or “squad”) moderate their messages.

In this README we cover: * The motivation behind the project * A broad overview of how it works * Who we are * What we need help with * How you can get involved!

Motivation

Online harassment has become an increasingly prevalent issue - according to recent reports by Data & Society and the Pew Research Center, nearly half of internet users in the United States have experienced some form of online harassment or abuse. Unfortunately, solutions for combating harassment have not kept up. Common technical solutions such as user blocking and word-based filters are blunt tools that cannot cover many forms of harassment, and can be circumvented by determined harassers.

Recently, researchers have tried to use machine learning models to detect harassment, but these models can be easily deceived and are often biased by their datasets. Given the strong evidence that automated tools are ineffective on their own, we propose that a better alternative is to continue engaging humans in the moderation process. However, while human moderators already make up many of the reporting pipelines for platforms, harassment targets cannot currently count on platform action to shield them from harassment.

We conducted interviews with several targets of online harassment, and found that without existing effective solutions within platforms, targets often turn to the help of friends, using techniques such as giving friends password access to rid their inboxes of harassment, or forwarding unopened emails to friends to moderate. This motivates the design and implementation of tools like Squadbox, that is able to work externally from platforms to combat harassment.

How it Works :wrench:

People experiencing harassment sign up and create squads which they "own", and invite their friends or other trusted individuals to become moderators for their squad. The "owner" of the squad can set up filters to automatically forward potentially harassing incoming content to Squadbox’s moderation pipeline. When an email arrives for moderation, a moderator makes an assessment, adding annotations and rationale where needed. The message is then handled in a manner according to the owner’s preference, such as having the email delivered with a special tag, placed in a particular folder, or discarded.

Currently, Squadbox only works with email messages. We have plans to work on integrating it with other platforms like Twitter in the near future!

Who We Are

We (@amyxzhang, @kmahar, @karger) are a team of human-computer interaction researchers from the Haystack Group at MIT CSAIL. While this started as a research project, with the help of the Mozilla Foundation's Open Leaders program, we are now working to convert it to a full-fledged open source project in order to expand the number of people contributing and maximize the project's impact.

Please feel free to reach out to us on Github or via email at [email protected]! :email:

You can join our mailing list here!

What We Need Help With

We're looking for anyone who is passionate about this issue to help us build and improve Squadbox! We need programmers to help us code, designers to improve the interface and user experience, and people with experience and knowledge about online harassment and moderation to help guide our design choices, create resources for owners and moderators, etc.

Getting Involved

Before you get started, please review our contributor guidelines.

We use the issue tracker to keep a list of work to be done on the project. We have a label for "good first issues" for getting your feet wet - you can see those issues here. If you're interested in working on one of them, go ahead and comment and we'll help you get started! :tada:

We have both coding and non-coding issues you can work on - while most on the list are coding, the non-coding ones can be found here.

If you'll be working on a coding issue, follow the coding setup instructions to get a local version of the project up and running.

Issues

Bump ipython from 2.3.0 to 7.16.3

opened on 2022-01-21 19:25:52 by dependabot[bot]

Bumps ipython from 2.3.0 to 7.16.3.

Release notes

Sourced from ipython's releases.

7.9.0

No release notes provided.

7.8.0

No release notes provided.

7.7.0

No release notes provided.

7.6.1

No release notes provided.

7.6.0

No release notes provided.

7.5.0

No release notes provided.

7.4.0

No release notes provided.

7.3.0

No release notes provided.

7.2.0

No release notes provided.

7.1.1

No release notes provided.

7.1.0

No release notes provided.

7.0.1

No release notes provided.

7.0.0

No release notes provided.

7.0.0-doc

No release notes provided.

7.0.0rc1

No release notes provided.

7.0.0b1

No release notes provided.

6.2.1

No release notes provided.

... (truncated)

Commits

• d43c7c7 release 7.16.3
• 5fa1e40 Merge pull request from GHSA-pq7m-3gw7-gq5x
• 8df8971 back to dev
• 9f477b7 release 7.16.2
• 138f266 bring back release helper from master branch
• 5aa3634 Merge pull request #13341 from meeseeksmachine/auto-backport-of-pr-13335-on-7...
• bcae8e0 Backport PR #13335: What's new 7.16.2
• 8fcdcd3 Pin Jedi to <0.17.2.
• 2486838 release 7.16.1
• 20bdc6f fix conda build
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/amyxzhang/squadbox/network/alerts).

Python migration

opened on 2021-07-17 01:30:39 by MatthewZGong

Migrated the website to run on: Python: 3.7 Django: 3.2.5

Requirements3.txt are the updated packages for running the program in python 3 and Django 3. Django-Annoying was deprecated pydns was replaced with py3dns ipaddr library was added directly to django wsgiref was added directly to python

Instead of running python manage.py synced: python manage.py makemigrations python manage.py migrate --run-syncdb

User profile byte change

opened on 2021-07-12 04:41:28 by MatthewZGong

Fixed an issue with the Login and Register. When creating the UserProfile Database the error would say "Specified key was too long; max key length is 1000 bytes". Changed max length of email address from 255 to 250 as 255 goes to 1020 bytes (1 character is 4 bytes).

Bump django from 1.6.11 to 2.2.24

opened on 2021-06-10 19:12:41 by dependabot[bot]

Bumps django from 1.6.11 to 2.2.24.

Commits

• 2da029d [2.2.x] Bumped version for 2.2.24 release.
• f27c38a [2.2.x] Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.
• 053cc95 [2.2.x] Fixed CVE-2021-33203 -- Fixed potential path-traversal via admindocs'...
• 6229d87 [2.2.x] Confirmed release date for Django 2.2.24.
• f163ad5 [2.2.x] Added stub release notes and date for Django 2.2.24.
• bed1755 [2.2.x] Changed IRC references to Libera.Chat.
• 63f0d7a [2.2.x] Refs #32718 -- Fixed file_storage.test_generate_filename and model_fi...
• 5fe4970 [2.2.x] Post-release version bump.
• 61f814f [2.2.x] Bumped version for 2.2.23 release.
• b8ecb06 [2.2.x] Fixed #32718 -- Relaxed file name validation in FileField.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/amyxzhang/squadbox/network/alerts).

Bump markdown2 from 2.3.0 to 2.4.0

opened on 2021-06-02 21:46:11 by dependabot[bot]

Bumps markdown2 from 2.3.0 to 2.4.0.

Changelog

Sourced from markdown2's changelog.

python-markdown2 2.4.0

• [pull #377] Fixed bug breaking strings elements in metadata lists
• [pull #380] When rendering fenced code blocks, also add the language-LANG class
• [pull #387] Regex DoS fixes

python-markdown2 2.3.10

• [pull #356] Don't merge sequential quotes into a single blockquote
• [pull #357] use style=text-align for table alignment
• [pull #360] introduce underline extra
• [pull #368] Support for structured and nested values in metadata
• [pull #371] add noopener to external links

python-markdown2 2.3.9

• [pull #335] Added header support for wiki tables
• [pull #336] Reset _toc when convert is run
• [pull #353] XSS fix
• [pull #350] XSS fix

python-markdown2 2.3.8

• [pull #317] Temporary fix to issue #150
• [pull #319] Stop XML escaping the body of a link
• [pull #322] Don't auto link patterns surrounded by triple quotes
• [pull #324] Add class configurability to the enclosing tag
• [pull #328] Accept [X] as marked task

python-markdown2 2.3.7

• [pull #306] Drop support for legacy Python versions
• [pull #307] Fix syntax highlighting test cases that depend on Pygments output
• [pull #308] Add support for Python 3.7
• [pull #304] Add Wheel package support
• [pull #312] Fix toc_depth initialization regression
• [pull #315] XSS fix

python-markdown2 2.3.6

• [pull #282] Add TOC depth option
• [pull #283] Fix to add TOC html to output via CLI
• [pull #284] Do not remove anchors in safe_mode
• [pull #288] fixing cuddled-lists with a single list item
• [pull #292] Fix Wrong rendering of last list element

... (truncated)

Commits

• 3149185 prepare for 2.4.0 release
• 887e958 Update CHANGES.md
• 7b65126 Merge pull request #387 from trentm/regex-dos
• c4b4ccb Be forgiving
• e1954d3 Pretty comment alignment
• 96dff22 Regex DOS fixes
• 330d34c Merge pull request #381 from timgates42/bugfix_typo_because
• b98813f docs: fix simple typo, becase -> because
• cf9c53d Merge pull request #380 from dkasak/fenced-code-block-additional-tag
• b9e3ec7 Pygments test fix for new version
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/amyxzhang/squadbox/network/alerts).

Bump django-registration from 1.0 to 3.1.2

opened on 2021-04-06 17:46:06 by dependabot[bot]

Bumps django-registration from 1.0 to 3.1.2.

Commits

• 2db0bb7 Merge pull request from GHSA-58c7-px5v-82hh
• f314570 Bump version numbers for 3.1.2.
• 41460db Add CVE number to release notes.
• d68ec81 Add release notes for security advisory.
• 8206af0 Filter sensitive POST parameters in error reports
• 8e5a695 Merge pull request #224 from quroom/ko-translation
• e60d468 Update korean translation
• 5666558 Merge pull request #221 from TomasLoow/master
• 25a668e Fix up basepython for local runs.
• 8298d82 And do it properly.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/amyxzhang/squadbox/network/alerts).