Blog posts tagged security

Return to latest posts

Someone taking a photo of some fly tipping to report on FixMyStreet

Sprint notes: 12-23 October

Here’s everything SocietyWorks is up to this sprint.

New development on FixMyStreet Pro

Photo first

One big area we’re working on this sprint comes from our development roadmap.

We’re referring to it as a ‘photo first’ workflow, and it’d enable users to take a snap of a street fault and upload it as a way of initiating a report. This all keys into a piece of research we’ve done which found that reports with photos attached have around a 16% higher chance of being fixed than those without.

As part of our exploration, Developer Dave’s been training an AI model to automatically scan each image and guess what category it falls into — very cutting edge!

But at the same time, we’re aware that we must keep every type of user’s best interests at the heart of all our development: we don’t want to sacrifice the simplicity that’s always been the key to FixMyStreet’s success, and the reason it has such vocal  advocates amongst its citizen users.

As an example of this: as we assess the available technology to help us work on this functionality, we’re being resolute about basing decisions on what the job needs, not which product has the most bells and whistles.

Geolocation

An avenue we’re also exploring as part of this work is the potential for extracting geolocation metadata from the photograph, which would cut down on the amount of detail the citizen needs to type in. However, here, again there are balances to be struck: we don’t want to increase the potential for errors where a phone’s GPS isn’t accurate enough, or where the data we pass onto councils isn’t as precise as they need it to be.

Mobile design and PWAs

Meanwhile, Designer Martin has been looking into the user experience on mobile, making improvements for what is increasingly the most popular way to report.

Design in progress on FixMyStreet mobile

We’ll soon be making the existing app redundant in favour of Progressive Web Apps (PWAs) — Martin’s work will still be relevant there, though.

PWAs are more flexible, allowing each council to incorporate their own branding and templates at no extra cost, and effectively offer residents what looks and feels just like a dedicated app. We’ve written a bit about these previously.

New development on Waste and Noise

Waste testing

Development continues on our Waste product. We’re integrating with Bromley and Veolia’s Echo system and doing plenty of testing around that — in particular, making sure it picks up on irregular dates such as bank holidays, and that it can handle the 48-hour window for reports of missed bin collections.

Noise and ASB

And, having completed our user research and consequence scanning exercises on the Noise concept, we’ve come to the conclusion that it should incorporate anti-social behaviour reports: Noise and ASB are so intertwined that it makes the most sense to combine them into a single service, albeit one that will divert each type of report to the relevant council department.

Feedback from our test users was all good, so we’ve now reported our findings back to Hackney and are waiting to hear if they’d like us to progress with integrating with their two back-end systems.

Meanwhile, you can see more about consequence scanning in the well-received session Martin led at LocalGovCamp a couple of weeks ago.

Security

Pen testing

We’ll be conducting one of our regular scheduled pen tests to ensure the security of FixMyStreet Pro.

New integrations

Symology and Alloy

We’re setting up a new instance of FixMyStreet Pro for our latest client: this one involved Symology, a system we’ve worked with extensively in the past, so it should be reasonably straightforward.

Hackney’s instance, an Alloy integration, should be going live by the end of this month, so we’re making plans for that.

One exciting feature here is that we’re looking into pulling ‘completion’ photos out of Alloy — that is, photos taken by the maintenance crew to show that the problem has been fixed — so we can display them on the relevant FixMyStreet report, and possibly also include them in an email update to the report-maker.

We’ve upped the security on FixMyStreet

We’ve recently introduced some stronger privacy and security measures on FixMyStreet, to make things safer for everyone. They also have some nice knock-on effects that help you with moderation.

Privacy

If you’re a FixMyStreet Admin, you can now:

  • Make a user anonymous across the site, so even if they’ve made multiple reports, their name won’t show on any of them on the live web pages. Removing users’ names is a frequent request, especially from those who may have strong personal reasons not to be identified online. Users already had the ability to anonymise their reports singly or in bulk themselves, but sometimes it’s easier to do it for them, particularly if they are distressed when making the request.
  • Remove a user’s account details entirely An important point in the forthcoming GDPR regulations is that we all have the right to request the removal of our personal data from databases. In this case, the user’s reports and updates remain, but not only is the name removed from public webpages as per the point above; their email address, phone number and any other personal data are scrubbed from our own servers, too, leaving no record.
  • Hide all a user’s reports/updates from the live site. In the event that you discover a large quantity of, say, abusive reports from the same person, you can now remove them all from the online environment at a single stroke.

Security

Security for users was already very good, but with the following improvements it can now be considered excellent!

  • All passwords are now checked against a list of the 577,000 most common choices, and any that appear in this list are not allowed.
  • Passwords must now also be of a minimum length.
  • If you change your password, you have to input the previous one in order to authorise the change. Those who haven’t previously used a password (since it is possible to make a report without creating an account), will receive a confirmation email to ensure the request has come from the email address given.
  • FixMyStreet passwords are hashed with an algorithm called bcrypt, which has a built in ‘work factor’ that can be increased as computers get faster. We’ve bumped this up.
  • Admins can now log a user out of all their sessions. This could be useful for example in the case of a user who has logged in via a public computer and is concerned that others may be able to access their account; or for staff admin who share devices.

Still got any questions about privacy or security? Drop us a line and we’ll be glad to answer them.


Image: Timothy Muza (Unsplash)

Join one of our regular webinars

Show webinar schedule

Schedule your one-to-one demo

Request a callback

See FixMyStreet Pro for yourself

Try our live demo