REPHRAIN Map
The REPHRAIN Map is a dynamic knowledge resource/framework on online harms and risks. The Map provides a shared understanding of this landscape and establishes a baseline for the current state-of-the-art research, significant literature, relevant research tools, and practices. The current list of harms, risks and vulnerabilities is built upon the UK online harms bill and Solove’s taxonomy of privacy as its fundamental origins. The Map provides a framework where this categorization of harm is drawn to a set of high-level positive properties or social goods violated by these harms.
The Map serves as a communication tool to stakeholders in academia, industry, law, policy, and regulation for the developments in the online harm and risks space. It reflects the multidisciplinary research conducted within the REPHRAIN Centre by fifty-plus projects and more than a hundred researchers who conduct cross-cutting research on security, privacy, policy and other social aspects of technology-mediated harms and risks. It was co-created in an iterative and exploratory manner, where each iteration evolved through a series of one-to-one meetings, co-design workshops, surveys and scoping sessions with the Centre's stakeholders.
We are actively looking for feedback and contributions to bolster this vital resource: please contact rephrain-map-requests@bristol.ac.uk with any comments or suggestions.
REPHRAIN Toolbox
The REPHRAIN Toolbox is a one-stop shared set of resources for researchers, practitioners, policy-makers, regulators and citizens – providing a world-first Privacy Enhancing Technologies (PETs) testbed, datasets, benchmarks, reference scenarios. Testbed / benchmark validated novel tools, methods and prototypes will be substantiated as REPHRAIN Evaluated Artefacts providing a blueprint for new rigorous certification programmes, paving the way for market distinguishers for service providers and assurance / trust to consumers.
Data Archive
At REPHRAIN, we believe in transparency and sharing knowledge with the wider community. Many of our projects involve collecting useful data that we plan to make available to you where appropriate.
Currently in draft, the REPHRAIN data archive will provide researchers and
appropriate partners in the community with access to a library of verified and
peer-reviewed datasets and benchmarks, aiding developments in privacy and harm reduction
online.
REPHRAIN researchers have also assembled a framework for working with and
producing sensitive datasets related to different types of online harms, with
the aim of ensuring security, privacy, quality and rigour in published data.
This framework considers the following:
- best
practice for storage, sharing and analysis of large datasets, ranging from
in-person interviews to social media communications and Machine Learning
models;
- utilising
literature review, interviews, workshops and training for researchers
REPHRAIN Testbed
TestbedOS is a testbed for launching virtual machines on abstract topologies to support research and testing. GitHub repository: https://github.com/Bristol-Cyber-Security-Group/testbed-os
In addition to the tooling in the testbed, we aim to deliver a variety of example test cases that showcase the capability of the testbed as a reference to build your own test cases. The testbed uses yaml files to describe the testbed components to be deployed. The testbed will parse the yaml file and create the artefacts in the yaml file, create the network described in the yaml and then deploy the various virtual machines on this network. These steps are described further in the rest of the documentation.
Privacy Clinics
Privacy Clinics, an initiative by REPHRAIN and the Equitable Privacy project, stand at the forefront of empowering community groups and the organisations that serve them to proactively build capabilities for online privacy.
Policy & Regulation
Academic Lead: Asma Vranaki, Madeline Carr
Protecting citizens online is a complex, multifaceted policy challenge, involving highly contested debates at both domestic and international levels. These debates encompass critical issues such as rights, privacy, responsibility, liability, legality, and the effectiveness of interventions.
At the domestic level, our policy work engages closely with key governmental and regulatory efforts to tackle online harms, including those led by DSIT, DCMS, the Home Office, and Ofcom. Internationally, this strand engages with broader initiatives, such as those spearheaded by the European Union, ensuring a cohesive approach to global challenges.
To tackle these intricate issues, we convene a diverse range of experts and stakeholders. This includes academics and practitioners across fields such as law, economics, public policy, human rights, international relations, law enforcement, software and hardware design, and international standards. Additionally, we incorporate the perspectives of citizens through innovative approaches like citizens’ juries, fostering a comprehensive and inclusive dialogue.
The Policy and Regulation team has a proven track record of impactful engagement, having conducted significant community consultations and responded to key calls for evidence. These efforts have culminated in a series of expert-informed documents developed in collaboration with the REPHRAIN community, which can be found below:
- REPHRAIN Making sense of the Twitter Takeover
- Call for Evidence: Connected tech: smart or sinister?
- DCMS consultation: Security and Privacy settings in Apps and App Stores
- Call for evidence: Misinformation and trusted voices
- Call for evidence: First phase of online safety regulation
- Home Office consultation: Unauthorised access to online accounts and personal data
- Call for Papers by the All-Party Parliamentary Group – REPHRAIN Response
- REPHRAIN White Paper: Metaverse and Web 3.0
- Towards a Research Agenda: Tackling violence against women and girls online
- Ofcom Consultation Response: Protecting children from harms online
- REPHRAIN response to the SITC’s Call for Evidence: Social Media, Misinformation and Harmful Algorithms
- REPHRAIN Policy Brief – Client-side scanning in private communication: security and privacy risks
- REPHRAIN Policy Brief – Privacy risks in female-centred technology (FemTech)
- REPHRAIN Policy Brief – PETS for SMEs – Jan 2025
- REPHRAIN’s response to Ofcom’s Call for Evidence: Researchers’ Access to Information from Regulated Online Services – Jan 2025
Notably, REPHRAIN played a central role in the debates on end-to-end encryption (E2EE) and privacy-impacting clauses in the Online Safety Bill. We were invited by DCMS to undertake an independent evaluation of the prototypes selected as part of the government’s Safety Tech Challenge Fund, producing not only the scientific evidence but also the first systematic evaluation framework for child abuse detection tools.
The report was highlighted by the BBC and subsequently led to interviews and coverage on BBC Newsnight, Al-Jazeera and TechCrunch, as well as being widely referenced in open letters by UK and EU researchers to their respective parliaments, as well as a central citation in Ofcom’s Approach to implementing the Online Safety Act. Consequently, Claudia Peersman was invited to discuss this work at events hosted by the UK Parliament, United Nations, the European Data Protection Supervisor (EDPS) and the Home Office.
Capability Approach Manifesto
We live in a world where data collection, storage and processing are pervasive. There is a increased push towards adoption of digital technologies in every walk of life — be it access to welfare services, financial services, healthcare, migrants fleeing oppression/conflict. – there is a growing consensus that humans should enjoy the same rights in the digital space as they should in the physical world as evidenced in debates concerning digital technology regulation around the world. An important pillar for the realization of this right is the development of protection mechanisms that allow everyone irrespective of their personal and environmental circumstances to exercise this right. Academics working in the field of privacy and security face an unprecedented challenge to develop inclusive protection mechanisms.
Conventionally, systems are evaluated among a specific group of users within particular contexts for usability. Such evaluations have made significant contribution to technical improvements and bringing individuals at the centre of technology adoption, but they are not enough. Usability assessments are not in a position to identify vulnerable individuals and/or individuals from diverse realities of health, education, ability and socio-political circumstances. These realities are important and can negatively affect the ability of individuals to protect themselves while they engage with digital systems. Consequently, security & privacy becomes a privilege enjoyed by a few. The thesis of our work is we should move away from utilitarian evaluation of surface features and evaluate what real opportunities individuals have in terms of their education, health and environment to protect themselves. We propose protection mechanisms should be founded upon capability approach-based evaluation of vulnerability, age, education, physical and mental ability, language barriers, gender, access to technology, freedom from oppression among many important contextual factors. This is a paradigm shift from utilitarian evaluation of surface features to a bottom-up assessment of individuals as they are situated within their contexts.