The use of AI and Digital Sovereignty 

OC is strongly focused on digital sovereignty, the idea that your data should belong to you and should not be used by corporations to make their profits. For the same reason, the use of your data for AI training should be your choice, and not the default. On OC your data is never used for AI training or marketing. 

So where does this leave AI in relation to this service. AI is a powerful tool when used for good, and that is how we are employing it. A service like this costs real money to delivery, takes real time to develop and administer. Reducing time and cost is fundamental to providing a free service available for all community orchestras. AI when applied to administrative tasks can help here. It allows us to do a lot. Way more than was possible only a short time ago, so we will us AI strategically for good reasons, and not the wrong reasons.

How OC protects your data

Authentication & Passwords

Any service that allows you to have a customised view and manage your own data needs to have a way to authenticate. The traditional username and password is the worst way to do it - password overload leads to weak password, leads to compromised accounts. We don't use passwords at all. Your email is you key to the service. Enter your email and the system will send you a magic link via email to log in securely. Or, you can use one of the major service providers to authenticate, such as Google or Discord. Unlike many services though, when you use these to authenticate we only ask for four pieces of information.

1. Email address

2. Profile name

3. Profile picture

4. Service ID

That's it. No phone number, no personal details, no documents, no rights to access your personal data = nothing for hackers to steal.

To ensure you don't get locked out of your account you can set a secondary email for recovery, and link more than one service provider to your account.

Identity on the Service - Verification

When you first log in you start out as an unverified member. There are very view services you can access, but you can manage your profile, see the orchestra directory, apply to join an orchestra, and find public events such as concerts.

In the public parts of the service only your profile name (username) is displayed. While unverified, only one channel is available to chat in, and chat options are limited. You can't post URLs as links for example. To get full access to the service you need to join a real world orchestra. This is the beauty of the system, verification is done though the real world organisations that you become part of. One you officially join a community orchestra, then you are automatically verified, and can access more of the services in the system.

Identity inside your Orchestra - The Safe Haven

Once you have joined an orchestra and gone through their approval processes, things open up for you. Within an orchestra that you are a member, your real name becomes your identifier. Now you are with friends you know and can trust. You can access the private chat channels specific to your orchestra and talk openly with just your fellow members. Within your orchestra chatrooms you can have private channels for subgroups such as committee members, moderators, or other special groups that want their own chat space. No more hunting through email chains to find information.

Direct Messages

OC does not support direct messaging (DMs) within the chatrooms. What is said is said openly to all. This removes the risks associated with unsolicited contacts. OC is not the place for that. To ensure safety though, the chatrooms have robust moderation capabilities, and it is trusted members of your own orchestra doing the moderation. Lets hope its never needed but if someone crosses the line, anyone can report it and we take a hyper-cautious approach to moderation. Because you are talking within your own community most of the time, its unlikely to be an issue.

Email Broadcasts

As an orchestra administrator if you have ever tried to manage email distribution groups you will know what a pain that is. People change emails, members come and go, its overhead no-one wants to manage. OC takes away that issue. As an orchestra admin you can broadcast an email, either to everyone or to specific users, and not have to worry about the list of emails being up to date, or forgetting to BCC everyone. All broadcasts are also saved in the app and users are notified if they have outstanding broadcasts to read. The system manages that for you. From a members perspective this means their email addresses remain protected from unwanted exposure. Every email gets sent directly to the member via the service, which should result in fewer messages ending up in spam filters!

Online Communities

While OC is focused on the real world connections, there are times when a community of interest may be formed which is entirely virtual. These communities are clearly distingusable from physical orchestras. The rules within them are slightly tighter. Firstly, your real name and email are never exposed, even to administrators of those groups. Moderation is enforced more seriously to ensure the communities remain healthy. Access is a privilege not a right.

Protecting against tracking

You might be wondering why the chatrooms don't have Gifhy? While they are fun to have, including them opens up a big data tracking issue. Gifhy is owned by Meta and every time you post a gif you are providing another breadcrumb for them to track. So, we can live without it. Similarly when you authenticate with a major service like Google or Apple you are telling them you are connecting to OC, but as we don't request any information other than the four fields listed above, the exposure is minimal. Just know that if your Google or Apple accounts are compromised, your account here will likewise be exposed, so ensure you are using two factor authentication on the important accounts.