TwitterFacebook

Setup

  1. Pre-orgainization investments
    1. Create a branded 3r party email for organization stuff something like Vote${CANDIDATE}@gmail.com
      • This email should be keeps under lock.  Don’t just give out the password, even to the core people.
    2. Verify that pre-organization investments are allowed in your district. If they are not then organize before completing the rest of this section.
    3. Activate a dedicated phone number (optional).
      • This is to enhance the separation of public and private life and is optional.
    4. Buy a dedicated PO BOX (optional)
      • This is to enhance the separation of public and private life and is optional.
    5. Buy a branded domain (optional).
      • Most hosting providers will include a domain in their plan (BlueHost.com)
      • domains.google.com
      • Having a separate domain registrar from web hosting means that if one is compromised the other should still be secure.
      • This will help with branding (optional)
      • Avoid putting the current office in the domain, the office sought will probably change.
      • ${CANDIDATE_FNAME}${CANDIDATE_LNAME}.org
    6. Buy a short term hosting plan that can be upgraded at a later date
      • This will help with branding (optional)
      • BlueHost.com
    7. Create branded emails for committee officers (optional)
      • This is to enhance the separation of public and private life and is optional.
      • This will help with branding
      • Candidate, Chair, Treasurer
      • ${NAME}@${CANDIDATE_FNAME}${CANDIDATE_LNAME}.org
      • ${OFFICE}@${BRANDED_DOMAIN}
      • ${NAME}@${BRANDED_DOMAIN}
  2. Organize
    • Each state has their own requirements for organization.
    • If pre-organization investments are not allowed create a personal, but dedicated 3r party email like ${NAME}${RANDOM}@gmail.com.  Just like many people have a real and spam email you should have a dedicated committee email.

Branding

People are more likely to support candidates that look professional.  I believe that each one of these will help you look more professional.

  • Website & E-Mail (High Impact Medium Cost)
    • Owning a domain has a professional feel.
    • Buy a branded domain
      • Most hosting providers will include a domain in their plan (BlueHost.com)
      • domains.google.com
      • Having a separate domain registrar from web hosting means that if one is compromised the other should still be secure.
      • Avoid putting the current office in the domain, the office sought will probably change.
      • ${CANDIDATE_FNAME}${CANDIDATE_LNAME}.org
    • Buy a hosting plan.
      • Make sure it also does website and email.
      • BlueHost.com
  • Social Media (High Impact Low Cost)
    • Most people want to interact with you via social media.
    • Inactive social media accounts will be detrimental to you campaign so you should limit the number of accounts to a manageable number.  There are platforms such as Hootsuite that will augment you ability to manage multiple accounts, but these tools cost money.
    • When opening social media accounts avoid using personal emails.  Use the dedicated committee email.  If the platforms allows for delegation(Facebook, YouTube, etc) use it.
      • Committee@${BRAND_DOMAIN}
      • Committee@gmail.com
  • Office Space (High Impact High Cost)
    • Having a dedicated physical location has a professional feel.
    • It will allow you to meetup volunteers at a branded location.
  • PO Box (Medium Impact Medium Cost)
    • Owning a PO Box has a professional feel.
    • Traditional mail is not used now a days.
  • Redirect misspelled and variations of domains related to the candidate (Low Impact Medium Cost)
    • This is mostly about preventing the opposition from misusing related branding.

Security

  • Prefered
    • Password Manager
      • Password Depot by AceBit
      • Using a password manager will allow you to use strong passwords and different passwords without having to remember them all.  If you have trouble remembering something like 6=3R9a}/^z`7<E3#Qg@l you should use a pass phase for you master password.  A pass phrase is something like “correct horse battery staple”.  You should use different passwords because if one of them is compromised then only that one is compromised.
      • Keep an eye out for vulnerabilities found in your password manager software.  I don’t know of any vulnerabilities in Password Depot, but you don’t know me so why should you trust me.
    • U2F
      • Some sites support U2F which is a dongle you put in your USB port that interfaces with your web browser to prove you are the owner of the account.
      • The hardware should be unduplicateable so if the dongle goes missing revoke the dongles authentication.
      • Keep an eye out for vulnerabilities found in the FIDO U2F protocol.
      • Keep an eye out for vulnerabilities found in the hardware implementing the U2F protocol.
    • Code Generater
      • Some sites support code generators.  This is going to either be an application on you phone (RSA, Google Authenticator, etc…) or a physical card with a display.
      • Keep an eye out for vulnerabilities in the software or hardware code generator.
  • False Security
TwitterFacebook
Done by some committee