Connect with your team. Connect with people who need your support.
ResourceConnect lets you provide digital services safely, efficiently, and cost effectively.
End-to-End Encrypted Web Chat
With ResourceConnect you'll have a dedicated web address that anyone can use to chat with you; without having to create an account or sign into another service. Whether they're using their computer, tablet, or mobile device's browser, all messages will be end-to-end encrypted with a key only you control.
Your staff can then log into ResourceConnect's Provider Chat to view and respond to all messages. Providing on-line support has never been easier.
Text messaging is more popular than ever and by signing up for SMS chat you can be sure that you are reaching more of the individuals you are looking to serve. With ResourceConnect's SMS chat service, you'll receive a phone number in the area code of your choice that will allow people to communicate with you no matter what kind of cell phone they have. All SMS messages are then delivered to your Provider Chat portal, right alongside the Web Chats making it easy for staff to respond.
With the Internal Chat, there is finally a simple and safe alternative to un-secure email or standard chat services. Your team can use the ResourceConnect Internal Chat to coordinate who should take the next chatter or discuss other organization-wide matters where confidentiality is key. All communications will be end-to-end encrypted with the same unique encryption key, and messages will be automatically erased at expiration intervals of your choice.
Video and Audio Calls
Speak face-to-face or voice-to-voice with people within your organization or with people seeking your support. Simply click the "Start Call" button within the chat to be connected to the other person. No extra app or plugin to download. No extra account to sign up for. The call simply happens right in the same browser window as the text chat.
Video and Audio calls are completely private and end-to-end encrypted.
This functionality is part of our standard 'Web Chat' package. No limits on number of calls. No limits on how long they can last.
Online Support Groups
Conduct online support groups by inviting web chatters to join special support group rooms. An unlimited number of participants can then chat together at once. Providers can moderate the group via simple tools to enable/disable chatters ability to type or to ask chatters to virtually raise their hands. Currently, support groups are chat-based and do not include video capabilities.
Additional Features Specifically Built for Nonprofits
Messages are erased at intervals you control
Canned Messages save your staff from typing the same messages over-and-over
Receive alerts by email when there's a new message and no one is online to see it
Create as many user accounts as you'd like with no difference in price
Your SMS number can forward to the voice number of your choice
Extensive documentation helps you use this powerful tool safely and confidently
Need to see ResourceConnect in action to truly understand? We get it. Watch the demonstration video below for a complete walkthrough of the system.
ResourceConnect is priced for nonprofits like yours.
Payments are month-by-month. There is no contract to sign.
You surely have a ton of other questions about ResourceConnect, how it works, and what you can expect. The section below is an attempt to answer all of the questions we receive, or expect to receive. Let us know if you have any other questions that can't be answered here.
About ResourceConnect & Initial Setup
Who created ResourceConnect?
ResourceConnect was created by the same team that created EmpowerDB.
What privileges does an administrator have?
A user with Administrative privileges can access the Administrative Settings for your organization's account.
Actions available in the Administrative Settings include:
• Adding / editing User Accounts
• Adding / editing Canned Messages
• Changing message expiration time periods
• Changing auto-response messages
• Viewing / changing organization's encryption key
• Accessing the billing and usage information
What is EmpowerDB?
Our other product is EmpowerDB. It's a cloud based database built for direct service nonprofits to keep track of the clients they serve.
If your organization is on the look out for a new database, and you appreciate our focus on providing secure and user-friendly products at an affordable price, you can learn more about EmpowerDB here.
Also note that in the future there will be lots of exciting integrations between ResourceConnect and EmpowerDB. Plus, EmpowerDB members receive a discount on their ResourceConnect usage. See the Pricing section for more.
Can more than one user be signed on at once?
Definitely! ResourceConnect was designed for multiple users at an organization to use at once. The "Internal Chat" feature allows users to coordinate with each other about which chatters they might take and share other important information.
Note that only one person may use a single user account at one time. If someone else tries to log in with that user account, the original person will be kicked off the system. This is one of the reasons why we include in our terms of service a stipulation that you MUST make a separate user account for every person who uses ResourceConnect. Read more about that policy here.
How many user accounts can we create?
As many as you'd like! There is no limit on user accounts and no price differences for the number of users you add.
When agreeing to use the Web Chat, we actually require that you to create a separate user account for every person who uses the system. Read more about that policy here.
How many administrator accounts can we create?
There is no limit on the number of administrator accounts you can create. However, with the extra privileges of an administrator, we hope that you don't make users administrators without good reason.
Why do you require all users to have their own user account?
With other services that charge per user, it can be common for budget conscious nonprofits to get in the habit of creating one user account that multiple people share. We do not charge per user account specifically to prevent this unsafe situation from happening.
There are two main reasons why we feel it is unsafe to have multiple people sharing the same user account...
First, if one of the people using a shared account were to leave your organization for "unfriendly" reasons, you will want to have the ability to immediately turn off access to that person's ResourceConnect account in order to prevent them from accessing the system and acting irresponsibly. If you had multiple people using the same account, you would have to change the password, notify all of the other people about the password change, and potentially do the same with your encryption key. With this hassle ahead, you may be tempted to trust that the exiting person wouldn't act irresponsibly and just keep the shared account credentials the same. It should go without saying that extending this amount of trust to a former employee or volunteer has the potential to backfire.
The second reason we require all users have their own accounts is because only one person can be signed in with a particular account at once. If someone else tries to log in using that same account, the first person will be kicked off the system. Thus, if one account was being used by multiple people, there could be a situation where Advocate A is talking to Jane Doe, then Advocate B signs on with the same account and kicks out Advocate A. Advocate B will now see all of the messages that Advocate A and Jane Doe exchanged.
We understand that with organizations with a large volunteer base may find it cumbersome to make individual accounts for all users. But we hope that the security implications described above, and the fact that we place no limits or price differences on number of users, can persuade you to go through the process of creating separate user accounts for everyone.
Do you have a setup and administration training video?
We have made this training video to walk you through the entire setup process. The various settings in the admin panel are also explained in greater detail in that video.
The Admin Training Video, along with the Provider Training Video, also can be great tools to help you decide whether ResourceConnect will be a good fit for your organization's needs.
Is there a demonstration version of ResourceConnect we can test on first?
Second, you can just sign up for an account and use that as your test version. We offer a one month free trial for just this reason. We know sometimes organizations need to see and experience something themselves before they can commit to using it.
Note, that the SMS chat is only available for paid subscriptions.
What kind of support will we get with ResourceConnect?
If you simply have questions about using ResourceConnect, we expect you to take a look through this FAQ section first to see if your question has already been addressed. Our goal is to have this FAQ section be a complete resource of any and all questions an organization could have while setting up and using the system. If you don't see your question addressed, reach out to us via the Contact section here and we'll get back to you within one or two business days. We'll most likely respond to you with links to the FAQ section that we've since added or updated to address your question.
If you're having any issues with the product, you can let us know using the same Contact form. Please be as detailed about what's happening, including, if possible, the steps that have happened that lead to the problem. We are committed to making sure ResourceConnect works as flawlessly as possible. We will respond to any reports of something going wrong as quickly as possible. If you leave your phone number, we may just give you a call to make addressing the problem go quicker.
Will you do a demonstration of ResourceConnect for our organization?
Sure. We just ask that you make the process as quick and easy for us as possible. Get the form all ready for us to sign. Send us a message using the 'Contact Us' form that you have a form that you'd like us to sign. We'll message you back letting you know what email address to send it to.
Do we need to sign a contract?
We do not have a user agreement you must sign. You simply sign up for the service via the 'Join' button on the left. And as long as you pay your bills you'll keep using the service.
We bill on a month-to-month basis. Each month you'll be charged for the next month's fee, plus your previous month's SMS message usage (if you have SMS chat enabled).
Can you fill out a security questionnaire and/or sign a form so we can get approval to use ResourceConnect?
We're sorry, but since ResourceConnect is a low-cost, subscription service we are not able to spend time filling out forms or questionnaires that you may need in order to begin using a service. Our other product, EmpowerDB, is structured, and priced, to allow us to give a lot more one-on-one attention to prospective and existing clients. So we may be open to filling out questionnaires or paperwork for organizations looking to join ResourceConnect and EmpowerDB together.
We hope that the questions and answers in this FAQ section provide all of the information an organization would need to go through the process of gaining administrator approval.
Is it possible to send chatters an automatic response when they first reach out?
Users with administrative permissions have the option to go to the Admin Panel and craft a variety of different automatic responses.
You can write one automatic response that will be sent to web chatters when no staff members are online. And another that will be sent to web chatters when there ARE staff members online.
There's another pair of custom messages that can be sent to SMS/Text chatters when staff are or aren't online.
You'll also be able to set a custom message that will display for when your web chat is turned off.
There is also an optional feature that puts web chatters into a queue. If you activate this feature you'll be able to set a custom message that will appear if someone is placed in your queue.
Will ResourceConnect give us statistics about the conversations we have?
Yes it will! You'll get basic statistics about how many conversations you had during any time period you choose.
Note, "number of conversations" isn't necessarily the same as
"number of people communicated with". It's not possible to get an accurate number of people without violating a chatter's privacy.
You'll also be able to see how many incoming and outgoing messages were sent in each conversation, potentially giving you a sense of how lengthy typical conversations are.
We're also excited to one day integrate EmpowerDB's data forms and reporting functionality into ResourceConnect. Someday soon EmpowerDB users will be able to set up a post-conversation data collection form that ResourceConnect users will be required to fill out at the end of a conversation. That data will then be available in EmpowerDB's comprehensive and easy to use reporting tools.
ResourceConnect does not support setting up a survey that must be answered before the chatter is connected to an advocate. We want your first priority to be helping people, and your second priority to be data.
We support the idea of giving chatters a survey to fill out after their interactions with you. This can be accomplished now with your preferred online survey tool (EmpowerDB can be used to collect anonymous online surveys). Simply set up a Canned Message that provides the link to the post-conversation survey and ask your staff to send that message at the end of each conversation.
Does ResourceConnect support emojis or pictures?
ResourceConnect supports emojis! You can send emojis to chatters by clicking the "smiley face" icon on the bottom left. You can also see emojis sent by chatters via SMS message. Web chatters cannot send you emojis.
ResourceConnect does not support pictures at this time. They raise concerns about confidentiality and liability, and also pose an added complication for the encryption process. We could be convinced to give adding support for pictures another shot if our users felt like this was needed.
Can ResourceConnect translate messages?
ResourceConnect CAN translate messages in any conversation. This service is turned off by default. It can be activated in the 'General Settings' portion of the Admin Panel.
Why are you so obsessed with confidentiality and security?
Our original background is in providing services to Domestic Violence and Rape Crisis Centers where confidentiality and security are paramount. If the safety issues we warn about aren't an issue for the type of people you serve, you may choose to be more lax around this topic.
But look, even though the people you serve may not have such life-or-death consequences surrounding their confidentiality, if you were to ask them "Would you want someone else to see this conversation?" how do you think they're respond? We feel like the majority of cases people would respond "No". So why shouldn't you take every step possible to make sure you treat their information with as much security as possible?
Why are your prices so different than other web chat services?
Other services you may have seen that offer built-in web chats are built for businesses, not non-profits. They're staffed by executives and developers who expect salaries of hundreds of thousands of dollars a year and a never ending supply of kale chips in the snack room. Plus, their businesses are funded by venture capitalists receiving 1,000% profits on their investments.
We've built ResourceConnect because we care about the missions of the non-profits who use our services. We don't expect outlandish bonuses and the world's best DJ's playing at our all-staff meetings. We are doing the same job as you, just going about it in a different way.
Are our credit card details stored on your server?
No. We use Stripe to handle our payments. They're the second largest credit card processing company in the world. Your credit card details are saved only on Stripe's PCI compliant server.
Can we use ResourceConnect for some other purpose?
Any organization, or individual, can use ResourceConnect for anything they want... unless what you're doing violates the our own principals. Things that we wouldn't want you to use ResourceConnect for include: organized crime, drug dealing, taking away women's reproductive rights / pressuring women out of abortions, attempting to get people to change their sexual orientation, supporting right wing extremists politicians or causes, etc... You know, despicable stuff like that.
How much does ResourceConnect cost?
Our Pricing section above, and this FAQ section, aims to answer all of your pricing questions.
There are no hidden fees or taxes!
What are the specifics of the free 30 day trial?
You can try out almost all of ResourceConnect for 30 days for free. No credit card required.
The only part that isn't part of the 30 day free trial is the SMS chat and WhatsApp chat. Those tools cost us money in telecommunications fees so we're not inclined to offer a free period for that.
If you're interested in SMS chat, we encourage you to sign up and experiment with just the Web Chat. The SMS Chat will functional almost identical to the Web Chat. Just imagine that instead of someone communicating with you via a webpage they are communicating with you from their SMS application of choice. Then on your end everything will be the same except conversations will have an "SMS" indicator instead of a "Web" indicator.
Can our free trial be extended?
We recognize that 30 days might not be enough time to get all your ducks in a row and get started actually using the service. However, to be fair to all our users we won't extend the free trial beyond 30 days.
Another option for you is to put your account on hold. Go to your Web Chat settings and click on the "Disable Web Chat" link on the bottom right. This will make it so you won't get billed when your 30 day trial is up. If you re-enable the Web Chat after your 30 day trial period, you'll be required to pay your first monthly subscription fee.
If you follow the above steps to put your account on hold, you won't be putting a pause on your 30 day trial. Your 30 day trial ends thirty days after you sign up for the service.
When would we pay for phone call minutes?
If you subscribe to one of our SMS plans, you have the option of either purchasing a phone number from us, transferring your phone number completely from us, or having only the SMS functionality of your phone number handled by us.
Read more about the process of using a phone number you already have here.
If you have only the SMS functionality of your phone number handled by us, you will NOT pay for phone call minutes. Your voice functionality will still be handled entirely by your existing phone provider.
If you purchase a brand new phone number from us... OR transfer your phone number completely to us... ResourceConnect will be responsible for the voice functionality of your phone number. You don't have to advertise that people can call you at your phone number if you don't want to. But if someone does mistakenly call the number it would be nice to not have a robot yell at them for doing the wrong thing. So calls to your ResourceConnect number should be forwarded to some other number you own.
You get to set in the SMS Chat admin settings what OTHER phone phone number calls to your ResourceConnect-owned number will be forwarded to.
We charge a per-minute fee for these forwarded phone calls because our telecommunications provider charges us these fees. We have basically zero mark-up on these fees. We don't want per-minute, or per-message fees to get in the way of you using the system to its full potential.
And just to be clear, even though the call is being forwarded to some other number, the entire length of that conversation counts towards this per-minute fee. That's because when a call is forwarded, the forwarding party is still technically in the middle of the connection. The way the global telecommunications system works, if the forwarding number were to drop out, the whole connection would drop out.
When would be pay a phone number transfer fee?
You would pay a phone number transfer fee if ALL of the following applied to you:
• You're subscribing to one of our SMS plans
• You want to bring over a phone number you already own
• You're not an EmpowerDB member
This is a one-time fee to account for the time it takes us to go through the transfer process with you. It's not an incredibly lengthy process but it's enough for us that we want to recoup those costs.
You can also purchase a brand new phone number via our system to use for your SMS conversations. If you do that you will not pay a phone number transfer fee.
Click here to read more about the phone number transfer process.
When would we pay for message translation?
Message translation is available as an additional option for your account. It is disabled by default. It can be enabled in the Admin Panel's 'General Settings'.
Once enabled, users will have the choice of whether they would like specific messages to be translated to another language, or whether they want an entire conversation to be translated automatically. For either choice, each individual message that gets translated will get charged this per-message fee.
This fee covers the costs that Google's Translate API charges us for performing the translation.
Remember, messages that get translated are no longer zero-knowledge encrypted. The message is sent to the ResourceConnect server in plain text (but not saved on the server in plain text). Then that plain text is sent to Google Translate API (where Google likely saves the message forever so their artificial intelligence robots can always be learning what kinds of things people are translating.)
Also remember that even though computers have gotten better at translating, they're still not as good as humans. Thus, they could be incorrectly translating key parts of conversations about sensitive matters.
Is there a way to predict our SMS message usage rates?
ResourceConnect's per-message SMS usage fees could certainly cause some budgeting anxiety. The reality is there's no way to know how much your SMS service will be used. And no way to know how many SMS messages would sent and received in a typical conversation.
Remember, the per-message fees only applies to SMS and WhatsApp messages. Web Chat conversations have no per-message fees.
What we can tell you is that very few of our members go over $5 USD a month in message usage fees. Will you be one of the few that goes over that? Again, there's really no way to know!
Once you sign onto the system, you'll have access to real time usage statistics that will show you how many SMS messages you've accumulated during any time period.
There is no way to put a limit on the number of messages you send/receive. You can certainly cancel your service entirely if you feel like it's costing you too much.
No. There will be no additional taxes or fees. What you see on our Pricing page will be exactly what you will pay.
Is there a cost per user?
There is no cost per user. The prices you see on the Pricing section above are for your entire account. You can add as many users as you'd like at no additional cost.
We don't like charging per user because that leads organizations to do unsafe things to save money; like have multiple people share the same user account. When this happens, and one user leaves the organization, it becomes a challenge to truly remove them from the service since you've now go to change the password for the shared account and let everyone else know what the new password is. So organizations will either be inclined to keep the account credentials the same and just assume the person who left the organization won't abuse their access... or change the password and send the new credentials over insecure email.
Is there a cost per conversation we have?
No. You can have as many conversations you like with no additional charges.
There are costs per SMS message sent or received, however.
Do we have to pay with a credit card?
Unless you're an EmpowerDB member, your only option is to have a credit card entered and have that charged every 30 days.
EmpowerDB members will have their ResourceConnect usage added to their EmpowerDB account quarterly. Then those costs will be paid by check.
Can we pay for a full year in advance?
We currently only support monthly payments via credit card. We'd like to offer more flexible payment options in the future.
Is your billing period monthly or every 30 days?
We actually bill on 30 day intervals and not monthly intervals. So once in a blue moon you'll be charged on the 1st of a month and the 31st of the same month.
In our documentation we sometimes will still say "monthly" for simplicity sake. We're definitely not trying to trick you into paying for an extra day of service six months of the year. To be honest, we bill in 30 day intervals because it was just easier to do the math around billing in 30 day intervals instead of monthly intervals.
What is the Community Forum?
The Community Forum is a place for ResourceConnect members to discuss the challenges related to providing digital services. We at ResourceConnect often get asked questions from prospective members that are more about the organization aspects of providing digital services and less about how ResourceConnect actually works. We want the Community Forum to be a place where those questions can be asked and the people actually on the front lines can answer them.
We also will use the Community Forum to ask our members for feedback about various aspects of ResourceConnect. Typically this is to get feedback on new features.
Finally, this forum is a continuation of our goal to design software that allows people to come together as a community. We're excited about the possibilities for growth that can come from organizations from all over the world working together to support each other on how best to provide digital services.
Who can access the Community Forum?
Any ResourceConnect user with an administrator account can view and post on the Community Forum. It can be found in the ResourceConnect Admin Settings page.
The forum can even be used by organizations whose account has gone past its free trial period and thus are not paying members.
Why is the Community Forum moderated?
We want the Community Forum to be a place for organizations to easily find conversations that are relevant to the issues they are facing. And when they find that conversation, we want them to be able to see a thorough discussion related to that topic.
We believe the best way to make that possible is to approve all posts before they go live on the forum. That way we can make sure posts are on topic and contain content that is relevant to other organizations. You can read here for more information on the types of posts we typically won't approve.
You will receive an email notification letting you know when your post has been approved. If it was not approved you will get an explanation about why.
What kind of posts won’t get approved?
The ResourceConnect Community Forum is a moderated message board. Messages won't show publicly until someone on the ResourceConnect staff approves it. We may not approve a post. If we do, you'll receive an email notification along with a reason why.
Here are the most common reasons why we'd not approve a post:
Asking for technical support or general questions about how to use ResourceConnect.
Please use the Support page to report issues with the system or ask questions about ResourceConnect's normal operation.
Only saying "Thanks".
In order to make sure the topics on the Community Forum are easy to read and rich with information, we won't approve posts that ONLY say "Thanks". We encourage you to use the "Thanks" button instead to show your appreciation; and even potentially earn someone else a free month of ResourceConnect! It's no problem to begin a post with a ‘Thanks' to someone and then continue on with other questions or feedback. We just won't approve a post if it's ONLY a message saying Thanks.
Proposing a new feature.
We really do want to hear from you about what you'd like added to ResourceConnect! But we ask that you submit those ideas to the Support page first. If we think it could be a good idea, but it would help to get feedback from the entire community, we will be the one to ask about it on the forum.
Disclosing confidential information
Certainly posts that include actual chatter names won't be approved. But also be aware that telling stories about chatters that include very specific information could lead to an individual person being identified. Remember that your organization name is posted publicly along with your message. Combining your organization's service area with specific details about a person could lead to someone feeling like they were able to identify a chatter.
What is the “Thanks” button on messages?
Clicking the "Thanks" button on a message is your way to, well... say thanks! We want to encourage everyone to share and give back to the community. Someone seeing that their post helped others is uplifting.
We are also using the "Thanks" option as an extra incentive to encourage people to write posts on the forum. On the first of every month the person whose post has the most "Thanks" will receive a credit for one free month of ResourceConnect!
Some more details about our "Most Thanked Posts" promotion:
• The credit will only cover an organization's base monthly rate; no matter their subscription plan or currency. It will not cover any additional monthly usage fees.
• Once a post receives the "Most Thanked Post" distinction it will not be eligible for this distinction again. But it can still be thanked!
• "Thanks" from users within your own organization aren't counted when tallying up which post has the "Most Thanked Post".
• One organization, or user, can receive the "Most Thanked Post" distinction an unlimited number of times.
What is the “Reply” button on messages?
Ah, the most confusing part of the Community Forum! The "Reply" button doesn't EXACTLY mean "Reply". It actually means "The person who wrote this post will get an email notification that you've replied if you click the ‘Reply' button and write your message that way."
Originally, we tried making the button say that but there was something about a twenty-six word long button that just didn't seem right. So we shortened it to "Reply" instead.
The "replies" will appear at the bottom of the topic just like any other message. The message will have an indicator that it was a "Reply".
If you don't see the "Reply" button next to a message, it's because the person writing the message has chosen to not get email notifications for replies. You can still respond to them at the bottom of the topic. But they just won't get an email notification that you have.
If you write a message and choose to allow email notifications on replies, you can always turn this off later if the email notifications get too overwhelming.
Can I change my public display name?
The "Internal Display Name" on your user account and your organization name will be posted along with any message you write on the Community Forum. If you change your Internal Display Name or your organization name in the admin settings, all of your past Community Forum posts will change automatically.
There is no way to make your Community Forum posts be attributed to anything other than this pre-programmed name. So if this is a concern to you, then you might want to just not post on the forum.
Your name will not be shown to anyone if you simply "Thank" a post.
Can I edit or delete my post later?
You can edit your post until it's been approved. But after it's been approved it can no longer be edited. This is to make sure that an approved post doesn't get edited into something that would no longer be approved.
Could we make it so you CAN edit posts and then if you do we just approve it again? I guess we could! But we'd rather do other stuff. Reach out to us in the Support page if there's a situation where you really do need to edit a post. We'll either edit it for you or build in this functionality that for some reason we're being persnickety about building.
How do we safely get the encryption key onto our computers?
Before using the Provider Portal, each user must enter your organization's unique encryption key into their computer. Getting a sixteen character randomly generated key from one person to another can be challenging. Especially considering it is not safe to send this key through email, SMS, or insecure chat.
To address this problem, ResourceConnect allows an administrator currently signed into the Provider Portal to have their key "passed" from their computer to another user who is requesting it.
ResourceConnect offers two potential ways to accomplish this:
Send in a selfie:
A user can send in a picture of themselves taken with their computer. An administrator can then verify that the person is who they say they are and click a button to have the encryption key sent to their computer. (This option is available to all sites by default but can be turned off in the Admin Settings)
Tell an inside joke:
A user can simply write something that only an administrator would recognize as coming from them. This option is the least secure method. It could be very easy for an attacker to write something that would trick an administrator into believing they are someone else. Thus, this option should only be activated and used if staff at an organization are generally opposed to sending in pictures of themselves or are using devices without webcams AND having the encryption key entered in manually is somehow prohibitive. (This option is not available by default but can be turned on in the Admin Settings)
How are chatters assigned their six digit numbers?
The six digit numbers assigned to the people chatting with you are made up completely at random. The numbers have nothing to do with the person you're talking with. For SMS conversations, the numbers have nothing to do with the person's phone number.
We assign numbers to people purely because there needed to be some way of differentiating between Person A and Person B! You can always use the Rename feature to change the name of a person you're chatting with, though we understand that in the majority of situations you aren't getting people's names.
It IS possible that two different people will be issued the same number. Perhaps, Jane Doe uses the chat and gets assigned the number 123456. Then if her session gets deleted or expires, the number 123456 is up for grabs again. Some other person, chatting with any other organization, could randomly be assigned that number again. We feel, though, that with 900,000 numbers to pick from, the chances of you seeing the same number twice is very rare… and the chances of you realizing you've seen the same number twice are even rarer.
How do you recommend responding to harassing individuals?
We strongly recommend that you completely cease engaging with someone as soon as you realize they are harassing instead of seeking support. A harasser is just looking to get some kind of reaction out of you. If you give ANY kind of response to their behavior, you are declaring to them that they have been successful.
So this means, do NOT do any of the following:
• Tell them goodbye
• Ask them to stop messaging you
• Delete them
• Try to make them see the error of their ways
• Get angry at them
• Respond pretending that they're not actually bothering you
• Threaten them with legal/police action
Instead, the moment you realize someone is a harasser, simply Ignore or Mute them. You would choose to Ignore someone if there were no reason to see any more of their messages. You would choose to Mute them if there was a reason why you might need to see the kinds of messages they were sending (for example, if the harasser was an abuser of a person you're providing services to.) The harasser will not know they have been ignored or muted, they will continue to send messages, get no reaction from you, have no validation for their actions, and eventually (some taking longer than others) stop messaging you.
We do not recommend deleting a harasser who is still online. If someone is deleted, they will be sent to the Quick Escape location. For a harasser looking for ANY kind of reaction, this, again, counts as a success. They will just use the back button to go back to the chat, get issued a new chatter number, and continue their behavior.
We are unable to block a person from using the system. Unfortunately, no technology exists that can stop a determined individual from continuing to act abusively on the internet. You MAY choose to turn on the 'Capture IP Addresses' feature to record a chatter's IP address. However, we strongly encourage you to not use this ability as a way to convince a harasser to leave you alone. It is incredibly easy for someone with minimal technical knowledge to use a variety of IP addresses. If you tell someone you have recorded their IP address and they can now be identified, you will only be encouraging them to message you again from other IP addresses they know they can't be identified from. You should only capture a chatter's IP address if you are TRULY at the point of wanting to get law enforcement involved so they can request the harasser's identity from their Internet Service Provider; which can be a long and complicated process that often results in no information if the harasser used a public/shared internet connection or lives in an area outside of your law enforcement's jurisdiction.
ResourceConnect does not allow you to block IP addresses from using your web chat. Read more on the reasons why here.
In conclusion, people acting abusively on the internet is unfortunately just a fact of life at this point. We fully support efforts of any organization looking to change the dynamics of why this behavior appears to be so prevalent in our society. But any attempt for you to correct this behavior in someone via the ResourceConnect chat will have a much more likely chance of causing more problems than it solves.
What do the different icons mean next to conversations?
The list of conversations to the left of the Provider Portal will have various icons or styling to give you information about the current state of the conversation.
Below is a diagram showing the various icons you may see and what they mean.
Why must chatters be "Assigned to Me" before we can respond to them?
Before a user can respond to a chatter, they must select the "Assign to Me" option. This option exists as both a button that shows up in the conversation, or an option in the conversation settings (the three-dot-settings icon to the right of the conversation name).
Selecting this option means this user now becomes the only person who can see the conversation with this chatter. If it's a Web Chat, the chatter receives a notification that the user has joined the chat.
The user may choose to Unassign the conversation so that any other user may talk to the chatter.
The Assign/Unassign feature has been built with confidentiality in mind. The person you're communicating should be made to feel like they are disclosing information with just the one person they are speaking to, not an entire organization's worth of people. Having the chatter's conversation visible to everyone in an organization would be like taking a hotline phone-call and putting it on speaker phone.
A conversation may also be transferred to another user.
What is the “Rename” option and when would it be used?
One of the options available in the settings of a conversation is 'Rename'.
This option allows a user to change the name that appears for this person away from the six digit numbers that are randomly assigned. If a user is switching back and forth between multiple conversations at once, it may be helpful to have different names for the conversations instead of just random numbers.
If your organization is in the practice of asking for, or obtaining, the real names of chatters, the conversation name could be changed to the name of the person you're communicating with.
The name could be changed to something else distinct about the person that would help in differentiating them from other chatters. Perhaps "DV Survivor", "Relative of Survivor", or "Eastern Texas".
Or the name could be changed to something that would help other users on the Provider Chat know which person would be an appropriate fit to talk to the chatter. Perhaps "Spanish Speaker", or "Legal Assistance" or "Jackie, She's Yours".
Finally, it could be possible that none of these uses cases would be helpful to you. If so, you are completely free to never use the "Rename" feature.
Some other things to note about the names of conversations you set:
The people you're chatting with will not see what you've named them. They will always appear to themselves as being named "You".
The name one person assigns to a conversation will be visible to all users signed into the Provider Chat. So let's keep it professional, folks!
Names are saved on the ResourceConnect server and are encrypted with your organization's unique encryption key. So if the chatter's real name is used, know that that name is protected under the same zero-knowledge encryption setup as the rest of ResourceConnect.
If someone who you've named leaves the chat and comes back, the system will NOT know they are the same person. They will get issued a brand new six digit code.
What is the “Mute” option and when would it be used?
One of the options available in the settings of a conversation is 'Mute'.
This option allows a user to tell the system to no longer show notifications of new messages from this chatter. The user will still be able to access the channel and read the messages, but they will not get notified of any additional messages.
The chatter will not be notified that they have been muted.
Muting a conversation only affects the user who has selected this option. All other users who may be on the Provider Chat will still get new message notifications from the chatter; unless, of course, they mute them too.
Two common examples of when a conversation might be muted are:
1) A user may Mute a chatter who is yet to be assigned to a user because they know this person is not an appropriate fit for them.
2) Someone is acting abusively and the user wants to still be able to see what they're saying, but doesn't want to keep getting alerted about new messages coming in. (Read more about dealing with abusive individuals here)
What is the “Ignore” option and when would it be used?
One of the options available in the settings of a conversation is 'Ignore'.
This option allows a user to tell the system to remove the chatter from the Provider Chat screen. The user will not see this chatter in their list of conversations and will no longer have access to their messages. This is similar to the Delete option, but with one key difference: the chatter will not know they have been ignored. To them, it will seem like their messages are still reaching you.
This option will likely exclusively be used when dealing with harassing/abusive people. Read more on what to do in these situations here.
Some other things to note about ignoring a conversation:
If one user decides to ignore a conversation, ALL users on the Provider Chat will also have that conversation ignored.
If someone is ignored on the Web Chat, they could simply reload the page, or open the chat in another window, and the system will not realize they are the same person. Their will no longer be ignored and their messages will be visible.
If someone is ignored on the SMS Chat, the system will remember who they are for the period of time set in the "Ignored Caller Deleting" dropdown in the SMS Settings Administrative Panel. However, note that all SMS messages by ignored chatters WILL still count towards your SMS Unit consumption. (More on that here.) Thus, you may be more inclined to Ignore harassing Web Chatters and Mute harassing SMS Chatters.
And, as we've said above, neither Web or SMS chatters will know they've been ignored.
What is the “Delete” option and when would it be used?
One of the options available in the settings of a conversation is 'Delete'.
This option allows a user to tell the system to remove the chatter from the Provider Chat screen and delete all their messages and everything about them from the server.
We highly recommend you Delete every conversation as soon as it's finished. We live in a world where all data is saved forever and can be accessed in an instant. But ResourceConnect is not a data storage service, it's a communication service. Once your communication is done, there should be no reason to keep it.
To put it another way, if you wouldn't record someone's phone call, you shouldn't be keeping their text conversation!
Deleting Web Chat Conversations:
If the Web Chatter is still online when you delete their conversation, they will be redirected to their ###Quick Escape location.
This feature could be useful in situations where a user suspects that the person they are chatting with might currently be in distress, or someone else has commandeered their computer. Being redirected to the Quick Escape location will clear their screen of the previous messages that have been sent and remove all immediate visual clues that the chatter was using ResourceConnect. An abusive person could still press the browser back button, or look at the browser history, and see that ResourceConnect was previously being used. But the contents of the conversation will be cleared.
However, Deleting a conversation of an abusive individual who is still online is not recommended. In this case, the abusive individual WILL know that their conversation has been deleted. They will simply go back to the chat screen, be immediately connected again, and be re-energized to try and get deleted again. Read more about how to deal with abusive individuals here.
Deleting SMS Conversations:
Deleting an SMS conversation clears all encrypted messages, and the chatter's phone number from the ResourceConnect server.
If someone who has been deleted messages again, the system will consider them a completely new person and assign them a brand new six digit number.
There is no concept of "Online" or "Offline" for SMS chatters. And there is no way to re-direct SMS chatters to an alternate location upon deletion. Read more about SMS safety considerations here.
What is the "Transfer" option and when would it be used?
One of the options available in the settings of a conversation is 'Transfer'. This option allows a user to transfer a conversation to another user.
The conversation CAN be transferred to a user who is not currently signed on. If a conversation is transferred to a user who isn't signed on, that user will get an email notification once that chatter sends them a message.
The user who the conversation gets transferred to will not be able to automatically see the previous messages in the conversation with the former user.
If a conversation where no user has responded yet gets transferred, the chatter won't be notified they've been transferred. If any user has responded to the chatter, though, the chatter WILL see that they've been transferred. We won't make the system do otherwise. We feel strongly that a chatter should always be aware of who they are talking with and disclosing information to.
What is the “Unassign” option and when would it be used?
One of the options available in the settings of a conversation is "Unassign".
After a conversation has been Assigned to you, and you become the only person who can communicate with that chatter, you could be in a situation where you would want another one of your colleagues to talk with this person. Perhaps you're going off-shift. Perhaps you've realized that the person you're talking to has needs that are better addressed by someone else.
Selecting "Unassign" moves the chatter back to the Unassigned category. All other users will see them in their list. Any other user, including yourself, can click "Assign" on their conversation to begin responding.
It's important to note, though, that selecting "Unassign" will clear all messages in the conversation. This is because the person you were speaking to had thought they were communicating with just you. If the past messages came along with the conversation after it was Unassigned, it would negate the protections described in the Assigned feature here. The person you're chatting with will not be alerted to the fact that their past messages have been cleared. The name of the chatter WILL be visible to all other users, however.
In the future, there will be an "Invite" button that will allow you to add another user to the conversation without the messages being cleared. In this instance, the chatter will be informed that another person has joined the conversation.
What is the “Delete Message” option and when would it be used?
By hovering over a message and clicking the "Info" icon to the right of the message, a user can select an option for "Delete Message".
When selected, the message is removed from the user's screen, the chatter's screen, and the ResourceConnect server.
The two common uses of this feature are:
A user has sent a message to a chatter but realized there was some kind of mistake in the message contents. The user may want to delete the message and retype it.
A chatter has sent a message that the user has decided is so ill-advised, that it's worth making an attempt to get the message stricken from all record. For example, a survivor of domestic abuse threatening the life of their abuser. In this case, after deleting the message, the user should explain to the chatter why the message was deleted and caution against further statements.
In both of the cases above, it is important to remember that just because a message has been deleted off all users' screens, the chatter's screen, and the ResourceConnect server; this does NOT mean the chatter hasn't taken a screen shot of the message.
What are “Canned Messages” and when would they be used?
A provider may find that they are writing the same messages to chatters over and over. Some examples of frequently sent messages would be: welcome messages, safety checks, goodbyes, referrals to other organizations, instructions on how to get support in unspoken languages.
To help prevent providers from typing the same information, users with administrative permissions can go to the Admin Panel and edit the organization's list of Canned Messages.
These Canned Messages can then be selected by users by clicking the "Can" icon to the left of where a message is typed.
Once a Canned Message is selected, it's contents get added to the chat box. The user can either send the message as is, or modify the message before sending it.
The same list of canned messages is available for Web and SMS conversations. When setting up Canned Messages, you will see at the bottom right of the text box an indication of how many SMS Units that message is. To keep your SMS Unit consumption costs down, you may want to keep an eye on the number of SMS Units the Canned Message is if you're setting up a message that could be used frequently over SMS. You could also have multiple versions of the same message, one long-form response that staff know to use for Web conversations, and an abbreviated response for SMS conversations.
All Canned Messages that are set up on the Admin Panel will always show up for all users.
Why can’t the Provider Chat be accessed on a smartphone or tablet?
If a provider tries logging into the Provider Chat via any devices that declares itself to be a mobile device (smartphones and most tablets), the user will see a message letting them know the Provider Chat must be used on a desktop or laptop computer.
This limitation is in place purely due to our strong feelings that a provider carrying in their pocket a device that can access so many confidential conversations would be a significant security risk. That device could get lost or stolen, revealing confidential information to a stranger. Or someone who knows the provider could be using their phone and inadvertently see information they shouldn't see. These are only two of the many horrific situations we imagine could come up with having such important information being so portable.
Also, we feel like a provider should be their best-typing-self when they're providing others with support. Smart phones and tablets do not allow for providers to be at their best-typing-self. Providing people with emotional support on complex issues seems like a bad place for autocorrect embarrassments, unfortunate typos, and responses that are delayed because the provider is battling with a keyboard less than 2 inches wide.
How do I translate messages?
First, to translate a message, your organization must have 'Allow Message Translation' turned on in the General Settings.
Once that feature has been turned on, an individual message can be translated by clicking the three-dot-settings icon to the right of a message and choosing "Translate". (SMS messages currently cannot be translated)
If the message was from you, you'll be asked to specify which language you'd like to translate the message into. The system will know which language your message is in by looking at what you have selected in the 'Chat Language' field of your user settings.
If the message wasn't from you, you'll be asked to specify which language to translate from. The default option is 'Unknown Language'. If left at 'Unknown Language', the system will attempt to figure out which language the message is in and then translate from that language. You'll be shown which language the system decided the original message was in.
It's completely acceptable to save a bit of time by not finding the correct language in the list and leaving the 'Translate From' as 'Unknown Language'. If you know the language, then the system will likely know the language too, and the message will be translated appropriately.
When translating an individual message, you'll also see a prompt asking if you'd like all future messages in the conversation to be translated between these two languages. Remember, message translation comes at a per-message cost. So long conversations that have all their messages automatically translated could end up racking up your organization's bill.
To turn off auto-translate, select the 'Turn Off Auto Translate' option in the conversation's settings.
Individual messages can be set to translate into more than one alternate language. But at this time auto-translate will only work with two languages. Please contact us if you need to be able to auto-translate into three or more languages in the same conversation. We will have some questions for you about the dynamics of multi-lingual conversations.
Should I click the "Remember Me" button when logging in?
Listen, we're not here to tell you not to click the "Remember Me" button on log in forms. We're just here to make sure you know that it's important to know what it means when you click the this button.
When you click the "Remember Me" button it means anyone can jump onto your computer and access your ResourceConnect messages. Is that really what you want? Is that really okay for your situation?
"What! No one would dare jump onto my computer and do that!"
Oh really?! You'd be surprised. People can do pretty odd things sometimes.
Perhaps it wouldn't be the worst thing to re-type in your password every time just to give you the peace of mind that someone can't hop onto your computer and see things they shouldn't see and interact with people they shouldn't interact with.
Perhaps perhaps perhaps?
What concerns should I be aware of if using message translation?
Message translation is an optional feature that can be turned on in the 'General Settings' of the Admin Panel. All conversations, except for SMS conversations, can have their messages translated either individually or via an 'Auto-Translate' option.
You will be charged a per message cost for this translation. See the Pricing section of the homepage for what this cost will be for you.
Aside from the costs, there are some major issues with message translation you need to be aware of before you proceed.
Any message that gets translated will NOT be protected with zero knowledge encryption. Each translated message gets sent to the ResourceConnect server in plain text. We don't save it anywhere. We need it sent to us in plaintext so we can send off to the Google Translate API. Google's own terms of service for this feature DO say that they reserve the right to use, store, AND reproduce messages sent to their service to translate. Our guess is they save all messages that get sent to them so their artificial intelligence machines can gain insight into what people are asking to have translated... and that Google would have the wherewithal to not publish a message that had personally identifying information in it. But you do need to be aware that these messages are being saved in plain text on some Google server somewhere... which could be retrieved via a court order AND that major companies have this thing where they tend to act in their best interest instead of yours.
Also, you should be aware that machine translation may make you feel like you have super powers. But machine translation may not perform well with conversations about sensitive topics such as abuse. Message translation machines have been fine-tuned to perfectly translate common phrases like "Where is the library?". But they have much less experience translating the kinds of nuanced conversations that can often occur on ResourceConnect. And when having these important conversations, it can be vital to be sure you know exactly what's being said to the other person as well as what's being said to you.
Instead of using our message translation feature, you may want to consider setting up a series of "Canned Messages" in a variety of languages asking chatters to either call another organization who speaks their language, or call you so you can have a third party language translator assist you.
How long are conversations saved for?
Administrators have the option to set how long conversations are saved in their version of ResourceConnect. The options available range between 15 minutes and 3 months.
We limit the options to three months because we do not believe ResourceConnect should be used as a data storage service. We want ResourceConnect to be thought of as purely a communication tool; an extension of your phone where conversations aren't ever saved.
We want to encourage our customers to share the same philosophy of deciding how they should handle conversations on ResourceConnect. This can be hard in our digital age where we're so used to instinctively saving everything indefinitely. But it is worth asking yourself why you'd want to record the text of every chat interaction you have if you wouldn't feel comfortable recording the audio of every phone call you have.
Then ask another question... After a phone call would you record some notes about the call and put in some record to be saved later? For most people the answer to this is 'yes'. So we encourage the same to be done with ResourceConnect. Write a summary of the chat somewhere in case it's needed, then delete the actual conversation in ResourceConnect.
And if you're looking for a good, secure place to store confidential information like phone or chat notes, might we suggest our sister product, EmpowerDB?
Is it possible for administrators to see the chats of the people they're supervising?
This is not something that is possible on ResourceConnect. And, for confidentiality reasons, it's something we will not make possible.
We encourage you to treat digital services in all the same ways as you'd treat providing support to people over the phone. If you wouldn't have a supervisor listening in on an advocate's voice call without the consent of the person they're speaking to, the same shouldn't be done for digital chats.
We recognize that a supervisor needs to be able to properly train advocates who take the chats. But we would hope that you can apply the same methods of supervision to advocates who have voice conversations as you would advocates who have digital conversations.
Two other tangential things to note...
With ResourceConnect you CAN transfer a conversation from one user to another. And when a Web Chat conversation is transferred the chatter will see a prompt asking if they would like their past messages shared with the new user.
And you can use the "External Groups" feature to invite a chatter into an External Group that has been set up for multiple users to have access to and respond in. Thus in the External Group the chatter can be talking to more than of your users. But they would be made fully aware that this is happening.
Again, those two examples likely don't strictly address this question. But they are somewhat related so we thought we'd bring them up.
Why am I not getting ResourceConnect email notifications?
First things to clear up if you're looking for New Chatter email notifications...
- Make sure you have users who have the "Unread Message Notifications" option selected in their account.
- Also be sure you know that you won't get a notification email if a notification email has already been sent to you in the past 5 minutes. (This 5 minute period is to prevent our system from sending out too many emails).
- Know that you only get notification emails when the first message is sent in the conversation. A web chatter simply opening up a new chat session does not generate a notification email.
- If you have users online when that new message comes in, you won't get an email notification right away. An email notification will be sent only after the amount of time you've set in the "Email Notifications With Users Online" setting has elapsed. If before that amount of time occurs, any user clicks on the new conversation that has come up, no notification email will be sent.
If you've confirmed you understand all of the above and still believe you are not receiving notification emails, please follow these steps to diagnose why this might be happening...
Look into your Spam/Junk folder to make sure these messages aren't being sent there. If you see them there, see if you can get your email platform to NOT treat messages from 'email@example.com' as Spam.
It's also possible your organization has an email filtering system that you don't have control over. Ask the IT people at your organization to look into whether your infrastructure could be filtering out emails from resourceconnect.com. Ask if they can just whitelist the entire domain. Feel free to send them this entire FAQ article.
Another thing you should try is creating a test user account and set the email address to be a personal email address using a common email service provider like Gmail. Go through the process of testing the service to see if that personal email address got a notification email. If the personal address got the notification email, but your other work email addresses didn't, then the problem is definitely with your organization's infrastructure; and we wouldn't be able to help with that.
If you've looked into all of the above, please check in with us. We'll want to know if you've tried the test mentioned above. So please make sure you mention to us the personal email address you used for this test and keep that test account active. We'll want to double check on our end that you conducted that test properly. If it looks like you did, we'll see if there are other steps we can take to evaluate what's going on.
Why am I not hearing notification sounds?
ResourceConnect will play a sound when a new message comes in and another sound when a new web chatter arrives. Each user has the choice of sound they hear by clicking on their name in the Provider Portal and changing the notification sound settings that appear.
Sometimes we get reports of people not hearing these sounds like they think they should. Here are the steps to take to help figure out what's going on...
Let's first try to rule out the obvious. Maybe your computer is on mute? Or doesn't have a speaker at all? Or one of your chosen notification sounds is 'None'?
The next common reason people report sometimes not getting new message notification sounds is because they're already viewing the conversation that the message has happened in. By design, the system only plays a sound when a message comes through in a conversation you're NOT currently viewing.
Finally, know that if your computer is sleeping then you not only won't hear notification sounds but ResourceConnect won't recognize you at being online at all. As far as the system is concerned when a computer is sleeping it's completely off. Check your computer's settings to see what your computer does when it "sleeps". Sometimes a computer will just turn off its screen and you'll still be connected to ResourceConnect and hear sounds. Other times it will turn off both the screen and disconnect from all normal activity.
Why must I click on the page before I can hear sounds?
The Provider Portal will show a popup message after five seconds if you haven't clicked anywhere on the page AND your account has notification sounds enabled.
This is because of an annoying (but actually kinda helpful in most situations) protection put in place by most modern browsers. In order to prevent web pages from blasting sounds in your face all the time, browsers make it so you must interact with the page before any sound will play. That's all fine and dandy for preventing advertisements from shouting at you, but it gets in the way of situations where you really do want sounds to play no matter what.
Since there's no great technological way around this problem, and always hearing notification sounds is so important to your use of ResourceConnect, we have that alert appearing after a few seconds to remind you that the browser needs you to click on the page before it can play sounds.
And you really can click anywhere. Once the message goes away you've done your job. Good work!
How do you recommend making strong passwords?
We believe the information contained, and passing through, ResourceConnect is of the utmost importance. Thus, we recommend making a strong password for your ResourceConnect account and not succumbing to all of the password cheating strategies that we normally get tempted by.
But how to make a strong password that can actually be remembered? We have three methods that we recommend:
1) Random Words
Quick, go grab a book. Any book. Open to a random page. Point to a word at random. Don't look for a word that you like. That's not how random works.
Got your word? Alright, now do it again.
Now you have two totally random words. Listen, you can definitely remember two random words. People as far back as the 90's used to be able to memorize the phone numbers of everyone they knew. And you are WAY smarter than those fools from the 90's.
Unfortunately two random words isn't good enough. You've gotta make it a bit more complicated. Do at least two of these things:
• Add a number or symbol to the beginning, middle, or end of your two words
• Intentionally misspell one of the words
• Replace some letters in the words with a number or symbol
• Capitalize some random part of the word
• Translate one of the words to another language
2) Sentence Initials
Think of a sentence that is memorable to you but not an incredibly popular sentence. For example, the chorus of that new Taylor Swift song probably won't work.
Type out the initials of that sentence. Like this:
(Anyone who can tell us what song that comes from wins one free month of ResourceConnect)
Unfortunately, those initials aren't good enough. You've gotta make it a bit more complicated. Do t least two of these things:
• Mix up the capitalization
• Put in some punctuation
• Put in a random number somewhere
• Spell out one of the words completely instead of just putting the initial
3) Full Sentence
This one's similar to the above. But this time, let's just type the full sentence out. It's more typing, sure, but at least you're typing something real and not a bunch of gibberish.
Yet again, you should be adding a bit more randomness to your password than just that sentence. Put a weird symbol in there somewhere unexpected, misspell a word, etc, etc.
Actually Remembering It
So now you've got your fancy, secure password. Congrats! Now how do you remember it?
You COULD write it down on a post-it note that you'll "definitely" throw away soon. But you probably know by now that we're gonna green-light that idea.
Instead, we recommend this...
Log into the system with your new password.
Log into the system with your new password.
Log into the system with your new password.
Log into the system with your new password.
Log into the system with your new password.
Log into the system with your new password.
Log into the system with your new password.
Yup, seven times. Haven't you seen the research that people don't actually remember something unless they hear it seven times? Well that applies to passwords too. Probably.
Type your password seven times today, and use that password consistently in the days to follow, and you'll remember it.
Still worried you'll forget it? Use a password manager. A REAL password manager. Not a notepad file you keep on your phone or computer. A real password manager would be something like the following:
Final Guilt Trip
If you cheat on making your password, you might get away with it. You might never be hacked. No harm will come to you and the people you provide services to. And you'll get to feel so proud of yourself for breaking all the rules and getting away with it. There's something distinctly human about that feeling, isn't there?
But really, why risk it? Even if there's only a 5% chance that breaking the rules will have negative consequences, why keep that 5% on the table? The information in ResourceConnect is important enough that it's worth removing all possibilities of something going wrong.
And in exchange for you following the rules, you get something extra special. You get the feeling that you're one of only 1 out of 1,000 people who actually decided to make positive choices about their security. And at the end of the day, feeling like you're a better person than the vast majority of the world is a much better feeling than breaking rules and getting away with it.
How do I change my password?
To change the password for your user account, follow these steps:
* Log into the Provider Chat page.
* On the top right you'll see your name. Click there.
* Choose "User Account"
* A new window will appear that will allow you to change your password.
If you've completely forgotten your password:
* Go to the Provider Chat log-in page: https://www.resourceconnect.com/provider/login
* Choose 'Forgot Password' on the bottom right
* Follow the prompts to change your password
What do we do if a user is having trouble entering their password?
As far as we're concerned, there's only two potential reasons why a user could be getting "Incorrect Username/Password" messages when trying to log in...
1) The user has some kind of extension on their computer that is interfering with the login form. Perhaps a password manager that thinks it's doing you a favor by manipulating the form for you? Try disabling any extension that you feel like might be interfering. Or try logging in via another browser that wouldn't have any extensions on it (you don't actually need the encryption key to try logging in with another browser.) We are not able to assist you if you find
2) Someone is typing something wrong. Yes, this happens. And sometimes it happens to a person in back-to-back tries. So just keep going through that password reset process and make sure you're entering the password you think you're entering and then logging in with the username and password you think you're logging in with. You can try opening a notepad file and typing in your password there so that you can see it in plain text; perhaps you can copy it directly into the password reset form and/or login form. Don't save the notepad file, though! The notepad file is just so you can visually see the password better and use it to copy and paste from so you can be sure there's no typing errors. Also make sure when you're logging in, you're logging in with the correct email address. Copy and paste the email address the system is sending notifications to if you're unsure what email address to use. Email addresses are not case sensitive. Passwords are.
Again, to us, those are the only two possibilities. Could a third possibility be that the ResourceConnect server has some kind of error on it? In most cases we try to be humble enough to accept that we could have written code that fails in fringe cases. But for this... yeah, no... we haven't written code that fails in a fringe case. The code for the login form is really straightforward. It kinda either always works or always doesn't work. Every time we get into debugging these situations it's always, always one of the two situations above. So please just try and be as meticulous as possible in trying to go through the steps above to get to the bottom of your login issues.
What happens if we forget our encryption key?
If you forget your encryption key, you will not be able to fully sign into the Provider Chat. We cannot help you recover your encryption key. If you lose it, it's gone forever!
First, it might not actually be lost. If you have SOME computer that is able to log into the Provider Chat, then the key IS saved on that computer. To see what it is, you must go to that computer, log in as an administrator, go to your Organization's Account settings (button on the top right of the Provider Chat), select Web Chat Settings, and then scroll down to the "Encryption Key" section. Click the "View Key" button to see your key.
If you don't have any computer that is capable of logging into the Provider Chat, you have lost your encryption key! You can reset it, but know that all of your past messages will have to be erased. To reset your key:
Log into the Provider Chat as an administrator
On the screen that asks for your encryption key, click on "Admin Settings" on the bottom right
Make sure you're in the "General Settings" tab
Scroll down to the Encryption Key section
Click the link for "Create New Key"
Go through the Key Generation Process again
Write down the new key
Don't lose it this time
Click "Reset Key"
How do you recommend we store our encryption key?
Protecting your ResourceConnect encryption key is imperative to keeping the information contained, and passing through, the ResourceConnect server confidential.
What Not to Do
Yes, we've got to start with the "Don't"s. You should never be sending the key through email/text or saving it on your computer. Once the key is stored or sent in some kind of digital format, it becomes impossible to delete.
Next, don't let non-administrators copy the key for themselves; even if they say they'll abide by all the rules on this page. This doesn't make you an untrusting person. This makes you a realistic person who cares about the confidentiality behind the data the key protects.
Do: Write in a Safe Place
When you first get your key, write it down on a card. Something like a blank business card or an index card. Make sure you clearly write out any letters that could be ambiguous. For example, zeros and the letter 'O' can sometimes be confused with each other when being hand-written.
Keep this card locked in a very safe place. Not just in your desk drawer or your locked office. Put it in an actual container meant for actually locking and securing information.
Other ResourceConnect users will need the encryption key on their computer to use the service. They can enter it in manually. But we offer two alternate options for having the key "passed" from an administrator's computer to another user who is requesting it. Read more at: [link]
If neither of those alternative options work for your situation, you must get the key to the other user to enter in manually. The only two safe ways to do this is to give them the key in person or tell it to them over the phone.
Do: Store in a Password Manager
Password managers make for great places to store encryption keys. When we say "Password Manager" we do not mean a Word/Excel file you keep on your computer or a note you keep on your smartphone. We mean an actual program designed to manage your passwords.
Each password manager requires one "master password" be created to gain access. Just like our recommendations above for your ResourceConnect encryption key, you should never save this master password in a digital file. Either write it down and keep it in a locked place or be sure you've memorized it.
Why would the encryption key not stay on someone's computer?
There are a few situations where ResourceConnect will ask for the encryption key to be entered multiple times on an individual computer. Here are the three common situations this occurs and the solutions for each:
1) You're using a different browser:
The encryption key is specific to the browser someone is using. For example, let's say the encryption key was entered while someone was using Google Chrome, then they found themselves using Microsoft Edge (perhaps if they clicked a link in an email and Edge is actually their default browser). In this case the key must either be entered again into the new browser or the user needs to switch back to their original browser.
2) Your browser is clearing cookies/site data:
Another common situation is that the browser is set to erase all cookies and local/site data once it's closed. This can often be a default setting with Firefox. But other privacy-minded people may have set their browser to behave this way as well. To disable this setting, follow steps depending on which browser you're using:
If Using Mozilla Firefox
• Click the Firefox settings on the top right (three horizontal lines)
• Select "Options"
• In the new window that comes up, select the "Privacy" tab
• In the "History" section, make sure "Firefox will" is set to "Remember history".
• Click "OK" to save changes.
If Using Microsoft Edge
• Click the three-dot-settings icon on the top right
• Select "Settings"
• Next, select "Privacy and services"
• Scroll down and look for the "Choose what to clear every time you close the browser" option. Choose that.• Make sure "Cookies and other site data" is turned off (switch flipped to the left)
• Click the Chrome settings on the top right (three dots in a line)
• Select "Settings"
• Select "Privacy and Security" from the menu on the left.• Next, select "Site Settings".• Then choose "Cookies and site data"
• Make sure the "Allow sites to save and read cookie data" option is flipped on
• Make sure the "Clear cookies and site data when you quit Chrome" setting is off
• Make sure ResourceConnect isn't listed in any of the "Block" or "Clear on exit" sections at the bottom.
If you had to change any of the settings listed above, follow these steps to verify the changes you made fixed the issue:
• Close down ALL of your browser windows.
• Next, open your browser again and go to the ResourceConnect Provider Chat. After logging in, you will likely be asked to enter the encryption key again. Enter it again for, hopefully, the last time.
• Now close down ALL your browser windows again
• After everything has been closed, open your browser again and go back to the ResourceConnect Provider Chat. At this point you should NOT be asked to enter the encryption key again.
If you want to retain your privacy settings to erase all web page data on exit but keep the data for ResourceConnect, you may be able to find ways to configure this in your browser. But we'll leave it to you to get that sorted out.
3) You're using a different Windows log-in
Similar to the issue described in #1 above, the encryption key is really only saved on one browser on one Windows log-in. We typically say an encryption key has to only be entered "once per computer" because in 95% of the situations that's the case. But for organizations that have different users enter different user names and passwords on the initial Windows log-in screen, you will need to enter the encryption key on for each person's Windows log-in. Even though everyone is still using the same computer, ResourceConnect has no way of knowing this because the way browsers operate is to treat all Windows log-ins as being completely separate from each other. There is no way around this limitation.
If none of the above solutions solve your problem, you may have a more serious issue. Please contact your on-site IT support to let them know about the problem. Please ask them to verify that cookies and local/site data are being saved properly on your browser as this is by far the most likely cause of the issue. Please send them this FAQ article link. It might also be helpful for IT people to know that ResourceConnect's encryption key is actually saved in local storage and not as a cookie.
Why is the system saying I've entered the encryption key wrong?
If you're trying to enter your organization's encryption key and it's not being accepted, the reason is simply because you're entering it wrong. Hey... it's okay! It's sixteen characters of complicated randomly generated text. It's bound to happen that something is getting recorded or typed in incorrectly.
Before we get started with describing how to figure this situation out, we want to make sure you know the following:
* ResourceConnect staff cannot help you recover your encryption key. We do not have it.
* There is no limit on the number of attempts you can make to enter the key.
* If you have an administrator account and you're just trying to access the Admin Settings pages, you don't actually need the key on your computer. At the bottom right of the screen asking you for the Encryption Key should be an "Admin Settings" link. Click there and you'll be taken to the Admin Settings page.
* An admin can create a new key at any time. You do not need the old key to make a new key. See the paragraph above for how to get access to the Admin Settings page. Once you're there, select General Settings, scroll down a bit to the Encryption Key section, select Create New Key, and read those instructions carefully. If there are no users at your organization with an Admin account and thus can't get at this page at all, use the Contact Us form on our homepage and let us know your situation.
* Finally, know that there IS a way to get an encryption key onto a computer without having to type it in manually. As long as it exists on one person's computer it can be passed to another person's computer using 'Encryption Key Passing'. This video explains this process more.
Alright, now that you know all that, here's now how to proceed with getting your encryption key issues sorted out depending on your situation.
No other computer has the key on it
If no other computer is able to successfully log into the Provider Portal Chat page, and your key is not being accepted, then there's really not anything else that can be done besides creating a new key. ResourceConnect does not save your encryption key. We cannot help you recover your key.
To create a new key, visit the Admin Settings page by clicking the "Admin Settings" link at the bottom right of the screen asking you for your Encryption Key. If you don't see this link it's because your user account is not set with Admin privileges. Use the contact us form on the homepage to let us know no one at your organization is an administrator and can log into the Admin Settings page.
Once you're in the Admin Settings page, go to "General Settings", look for the "Create New Key" link, and then read those instructions carefully.
Some other computer has the key on it
If some OTHER computer is able to successfully log into the Provider Portal Chat, that means the key IS on their computer. So it IS possible to sort this out.
Someone with administrative privileges should sign into their computer and go to the General Settings section of the Admin Settings. Scroll down to find the "Encryption Key" section and click the "View Key" button. This is your organization's encryption key. The other person can now attempt to recite the key they see to you, or write the key down and give it to you.
It is not safe to email the encryption key or send it in an instant message or SMS message. They are not secure forms of communication.
There's another handy way to make sure what someone is typing in is matching exactly what your encryption key is. You can take these steps:
* On the computer that does have access to the key, follow the steps described above to view the key.
* Copy the key to the clipboard.
* Visit this page: https://www.miraclesalad.com/webtools/md5.php
* Paste the key into the "String" text box there. The key doesn't get transmitted away from that web page so it's safe to put the key there.
* The MD5 Hash of your key is shown below. MD5 hashing is a cryptographic thing that has many uses. Here we're using it to verify that text that one person is entering is the same as text as another person is entering.
* On the computer that is having trouble having the key entered into it, go to the same MD5 Hashing page: https://www.miraclesalad.com/webtools/md5.php
* Type in what they believe the key is into the "String" textbox
* The two parties can now compare the MD5 hash they got with each other. It IS safe to email an MD5 hash. If both parties are on the phone with each other, they can just make sure the first three characters match each other; you don't have to recite the whole MD5 to each other. If the MD5 Hash doesn't match then it is simply the case that the text that the second person is typing is not the same text as what the first person has entered in. There's really no other way to say it. It's just not a match. Try other ways to relay the key between the two parties that don't have any potential for misunderstanding.
If the MD5 Hash has been verified to match, the person having issues entering the key should copy it directly from the MD5 Hash page they just typed in and paste it into the page on ResourceConnect asking for the encryption key.
If after ALL that, the key still isn't being accepted, please verify that both users going through this process are really signed up for the same provider account. Maybe the other user is actually signed up for some completely other provider account which will have a completely different key.
If you have verified that, please contact us in the Support page of the Admin settings. Confirm that you have read this article. Confirm that you did the MD5 Hash comparison and that the hashes were the same. Finally, let us know the email addresses for the two users who went through the process.
What is Markdown formatting?
There are a few places on ResourceConnect where you can write text with Markdown formatting. The Provider Chat box is currently NOT one of them. You'll see a "Markdown formatting allowed" notice next to any text box that allows this.
Markdown formatting is a way to add simple formatting to text without knowing computer code and without having fancy formatting controls.
There's a lot you can do with Markdown formatting. This link explains in more detail.
But here's a summary of the common formatting options:
*This text will be italic*
**This text will be bold**
# This text will be a large header
## This text will be a smaller header
> This text will look like a block quote
* This will be
* A list of
And finally, in ResourceConnect you can always paste in a URL and the system will turn it into a clickable link. But if you want the link to have specific text different than the URL you would do...
[This will be the link's text](http://www.thelinkaddress.com)
How do we get you further information about errors we're experiencing?
Note, this article is mostly for existing ResourceConnect users to reference if they are experiencing issues and we need further information.
A screenshot is usually helpful to make sure we're all on the same page. (EmpowerDB users, we ask that you NOT send screenshots on that service but DO ask for them here). Make sure no confidential information appears on any screenshot you send.
If you don't already have a method for taking screenshots you can follow these steps:
• Go to the page where you are seeing the issue
• Press the "Print Screen" button on your keyboard. It may be abbreviated like "Prnt Scr"
• Open up a new Microsoft Word document
• Press Control-V on your keyboard to paste in the screenshot
• Save that document and send to us
• Hold down the Shift, Command, and 3 on your keyboard. They must all be pressed at the same time.
• The screenshot file will be saved to your desktop. Verify you have the right file and send that to us.
It can also help to know what browser is being used by the affected person. If you are telling us about an issue on behalf of one of your staff make sure they follow these instructions and not you.
• Go to this web address: http://thismachine.info
• Copy the big, grey text at the top of the page that is after "You appear to be using:"
• Paste that text into a message to us
Sometimes the only way we can get clear information is if you send us information from the Browser Console after an issue has already occurred. Again, this must be done by the person who is experiencing the issue. And it must be after the issue has occurred but not before the person has reloaded the Provider Chat page.
Note, there would never be any confidential information in the log file you send us.
Here's how to get us what we need depending on your browser:
• Go to the page where an issue has already occurred (but you haven't reloaded the page)
• Right click anywhere on the page and choose 'Inspect'
• A 'Developers Tools' window will now appear. At the top of that window you should see a tab for "Console". Click there.
• Scroll down to the bottom of the Console information and right click on the empty space below the > symbol on the bottom left. Choose the option "Save as...". If you don't see that option you likely haven't right-clicked far enough down in that window.
• Save the log file to some location on your computer
• Send us that log file.
• You can now click the "x" on the Console window to remove that from your screen.
Firefox & Microsoft Edge:
It will be very similar steps as Chrome above, but with slightly different wording.
Safari does have a way of showing the Browser Console but it is more involved and the log data is only collected after the Browser Console is displayed; which means you'll need to have the Browser Console up on your screen BEFORE the issue happens.
• Mouse over the top of the screen so the menu appears. If you don't see the "Develop" menu option (you likely won't), follow these steps.
• Click on the "Safari" menu option and then select "Preferences"
• Click on Advanced
• Check the option for "Show Develop menu in menu bar"
• Close the Preferences menu
• Go to the "Develop" menu and choose the option for "Show Error Console"
• Wait for the issue to occur.
• When the issue occurs right click on the bottom of the console window, choose to save the log file, and send to us.
How do we cancel our account?
If you'd like to no longer use ResourceConnect you have two options:
First, you can choose to just disable your Web Chat. You will no longer be expected to pay for ResourceConnect. Any outstanding/unpaid invoices for your account will be deleted.
You will still have access to our Community Forum. And you will continue to receive some email updates from us if we announce new features that we feel like you might be interested in.
To do that... sign into ResourceConnect's Admin Settings, select "External Web Chat" in the menu on the left, scroll down to the bottom and look for the "Disable Web Chat" link. Follow the directions at that link.
Your section option is to completely delete your account. Again, any outstanding/unpaid invoice will also be deleted. But if you choose this option you will be completely removed from our system.
To completely delete your account... visit ResourceConnect's Admin Settings, select "General Settings" in the menu on the left, then choose "Disable Account" on the bottom right.
Remember, if you're logging into ResourceConnect, are being asked for your Encryption Key, and you don't have that key... you don't actually need your key to delete your account. You should see an "Admin Settings" link at the bottom right of the page asking for your Encryption Key. Click there and you'll have access to the Admin Settings section that will let you perform these functions.
What are the safety risks of using the Web Chat?
The ResourceConnect Web Chat features a couple major security features which make it a great choice for confidential web-based communications...
The ResourceConnect Web Chat is end-to-end encrypted. Thus, only you and the person you're chatting with can read the contents of the messages being sent. Even our own staff are not able to read the contents of your messages, and thus would be unable to hand over any readable content in the event of a court order.
The contents of the messages do not get saved anywhere on the user's device. Unless the user has taken screenshots of their conversation, once the chatter closes their browser window or a message has hit its message expiration date, that message will be completely gone. Also, once a message has hit its message expiration date, or one of your users deletes it or the conversation it was used in, that message will be permanently removed from the ResourceConnect servers.
However, there are still some important safety risks to be aware of and warn the people who will use this service about...
First, there is no technology anywhere, and never will be, that can prevent information from being read on a device that has a virus, malware, spyware, etc installed on it. If a spyware or virus program is able to record keystrokes or take screenshots every X number of seconds, there's nothing that can be done to make this device safe.
You should always inform users of this risk before they even visit ResourceConnect. You should inform them again via the ###Auto Response messages you set up. And you should inform them a third time within the first message that one of your users sends the chatter. Read more in our implementation guide here.
If a person believes their device even has the potential to have been compromised, it is safer for them to use another device to communicate with you on ResourceConnect or give your organization a call from an unmonitored phone.
Second, you should be aware that an eavesdropper who listening to the internet traffic of a ResourceConnect chatter will be able to see that the person is communicating with someone on ResourceConnect. They won't be able to see which provider they're talking to, but they will likely be able to put two-and-two together if they saw that the user was on your organization's webpage and then they were suddenly using ResourceConnect. Again, because ResourceConnect is end-to-end encrypted, anyone listening in on the internet traffic won't be able to see what is being said. They will only be able to see that something is being said. In certain situations, this could pose a risk. Usually, however, if a person is worried their internet connection could be monitored, they should also be concerned their device has also been compromised. Thus, they should not use ResourceConnect unless they can do so from another location.
Note that the mention of these security risks is not an indication that we believe ResourceConnect is not a safe form of communication. We are simply giving you all the information available for what risks are out there. If you get in the practice of identifying whether these risks apply to the person you're communicating with, then ResourceConnect can be a great tool for safely communicating with people in need.
Also keep in mind that ResourceConnect is not meant to stop people from calling your organization. A phone call can sometimes be the safest and most efficient method of communicating. Feel free to use our service as a way to better ease people into communicating with you over the phone or visiting you in person.
How do we add the ResourceConnect chat to our webpage?
Your organization's webpage likely already has a section where visitors are told about your phone support hotline. We recommend adding an additional line below your phone number with wording like "Chat with us here".
We recommend that this button leads to another web page on your own site that explains what the web chat is, and the security issues that the visitor should be aware of. Particularly you should explain that while the web chat is encrypted, if their computer has been compromised, someone else could still see the chat conversation. You should strongly encourage visitors to either find a safe, untampered with computer for the chat, or to call your phone support line from a safe phone. See here for more information on the safety considerations of the web chat.
After explaining the safety implications, there can be another button/link that leads directly to your ResourceConnect Web Chat URL, or opens another page on your website that includes the Web Chat embedded in an iframe.
Further instructions for both options are below...
Button/link to Web Chat Page:
This is the simple way of getting people to the Web Chat. It's perfectly fine to just go this route.
You would simply create an HTML link that directs to your WebChat URL: https://www.resourceconnect.com/[your alias]/chat
<a href='https://www.resourceconnect.com/[your alias]/chat'>Start WebChat</a>
We recommend that you DO NOT make this link open the ResourceConnect chat page in a new window/tab. In other words, do not use the "target" attribute in your HTML link. The issue here is the Quick Escape button in the chat page. If you had the chat page open in a new window/tab and the chatter clicked "Quick Escape", they would be directed to the Quick Escape location. However, your organization's web page will still exist as another tab open on their browser and be visible on the chatter's computer.
Embedding the Web Chat on Your Webpage:
If you are embedding the ResourceConnect chat inside your own webpage, you will use the URL: https://www.resourceconnect.com/[your alias]/embed
Embedding the chat would be done using an HTML iframe. For example:
<iframe src='https://www.resourceconnect.com/[your alias]/embed' id='resourceconnect' width='500' height='700' allow='camera;microphone'></iframe>
We are not able to help you get the embedded chat on your page. You will need to find someone with experience writing HTML code to configure this functionality for you. It is up to your developer to dictate how the embedded chat appears on your page.
Again, it's very important that the chat window does not appear on the user's page until they have read your safety warning and consented to starting the web chat. This means you would need to set up your site like the following:
• A "Chat with us" link on your homepage, or in the header that appears throughout your site. That link leads to...
• A "Safety check" page making sure people know not to use the site on computers that could be compromised. This page would feature another "Chat with us" button leading to...
• A final page on your site with the Web Chat embedded in an iframe.
The /embed link and the /chat link are almost identical. The difference is, on the /embed link, there will be no header with your organization name and Quick Escape button. If embedding the chat window in your organization's web page, you should include a prominent Quick Escape button somewhere on your own web page.
Also, if using the embed option, there are some additional steps you must take if you want your organization's Quick Escape button to be triggered when you delete a chat conversation or a chat conversation goes idle.
If your web site doesn't already use jQuery, add in jQuery by including this line anywhere on the page:
When you delete a conversation, or a conversation goes idle, ResourceConnect will change the iframe target location to be a blank page on the ResourceConnect domain. The code above listens for a change in the iframe's location. If it senses that change in location it will trigger a click on the Quick Escape button you've placed on your outer page. It starts this listening three seconds after the page has been loaded in; otherwise the initial load of the iframe would cause this redirection to happen.
If all of this sounds like too much for you, or you're not capable of including a prominent Quick Escape button, please go the "Button/link" route described in the first section above.
You should not use the abbreviated URL, rc.chat/[your alias], in your own web page. This address should only be used in situations where a person would need to type in the URL to your chat and you want to save them the trouble of typing out the full www.resourceconnect.com/[your alias]/chat address. Or you would use it within an SMS message so you don't use up as many characters as the full address.
Is there anything that can be done to make chatting with Web Chat safer?
There is no way to reliably tell if a computer or smartphone has been compromised. If a person even has a suspicion they could be using a device that could have been compromised by someone else, there is no safe way to have confidential conversations on it.
If, by chance, a person is certain their device has not been compromised, but is concerned about someone listening on their web traffic and seeing they're communicating on ResourceConnect or visiting your organization's webpage, they can use a VPN or the Tor browser to hide their internet traffic from eavesdroppers.
Do you track chatter's IP addresses?
By default, ResourceConnect does not store the IP addresses of web chatters. You do have the option, though, of tracking the IP Address of all chatters, or only for specific conversations. If you do activate the option to capture IP Addresses, chatters will always see a notice letting them know you have recorded their IP Address and that information could be used to identify them.
We built our service to be the gold standard in confidentiality. So we hope these pleas help convince you to keep your account at the default level of not tracking IP addresses.
First... just having an IP address typically doesn't allow you to identify an individual. But that person's Internet Service Provider (ISP) can fill that gap and provide information about who was using that IP address. ISPs routinely provide this information when law enforcement goes through the proper channels.
Thus, if you were to capture a chatter's IP addresses, that would mean the following people would have a way to individually identify your chatters: Anyone on your team with access to this information; anyone at ResourceConnect; anyone who works for Google's hosting service (our hosting provider); anyone who successfully issued a court order to you, ResourceConnect, or Google; and anyone who successfully hacked into the accounts of you, ResourceConnect, or Google.
Next... even without assistance from an ISP, it can still be possible to identify someone by piecing together publicly available information learned from an IP address with other bits of information that the chatter discloses. Using freely available tools on the internet, anyone can find out some pretty revealing information by just looking at an IP address. For example, universities, government offices, and major institutions typically have their official names publicly associated with their IP addresses.
As an example, let's suppose a chatter had this IP address: 22.214.171.124
Click on that IP address link and you'll be taken to a ubiquitous IP lookup tool called InfoSniper. We can see that it's the IP address belongs to Wheelock college; a college of less than a thousand people in the Boston area. Now let's say the chatter also disclosed they were of a specific ethnic minority group. Anyone who happens to know the student body of Wheelock college now has a pretty good idea who the chatter is.
This is just one of dozens of examples we can imagine for how someone could piece together small bits of information to lead to some pretty safe assumptions about who someone is.
There's a final concerning situation about using an IP addresses to identify someone. Let's say you were concerned by something a chatter said and used their IP address to find them and provide assistance. You may be completely correct that the chatter, or someone in the chatter's household, is being harmed. But unless there's a proper safety plan for those in harm's way that deals with what happens after the authorities have left, the chatter could be put in even greater danger by having the authorities intervene.
Of course the hope is that when the authorities leave they're leaving with the offending person. But offenders have a pesky way of talking their way out of situations, or getting lawyers to talk them out of situations. Other times law enforcement, or the judicial system as a whole, doesn't always do their jobs properly. And yet other times there isn't proper legal grounds to keep an offender in custody for prolonged periods of time.
We understand that there could be other situations that you don't feel like apply to those described above and thus merit the collection of IP addresses. So if you really must turn on the feature to capture IP addresses of web chatters, then we suppose you must.
Finally, just to get every piece of information out there on this subject... we'd like to add the following...
If the 'Capture IP Addresses' feature was turned off on your account at the beginning of an active conversation, the chatter's IP address was not stored on ResourceConnect's servers in any way. It's not even in a hidden log file. We've actually gone through great lengths to make sure we don't have any record of these IP addresses (unless the provider has turned this feature on). Please don't send us a court order to get this information, we simply don't have it.
Can you help me locate someone using our web chat?
Every so often we get panicked support messages from users asking if we can provide information that will help them locate someone using the web chat. Typically this is due to a chatter saying they, or someone in their household, is in immediate danger.
By default, ResourceConnect does not collect any information about chatters that can be used to identify them. You may activate one of the 'Capture IP Addresses' option in the 'General Settings' to change this default behavior. But IP addresses can only be done on active web chats. If the chatter has already left the chat, their IP address cannot be captured.
In general, though, you should know that our goal with ResourceConnect is to be a confidential and anonymous communication tool. We completely understand and sympathize with the dire situations that come up. Situations where if you DID have someone's IP address you could perhaps provide assistance.
Our recommendation (which certainly won't eliminate all of these issues) is to structure your services such that chatters are told ahead of time the ways you can or can't help them... and what you will or won't discuss with them.
Finally... just to really put a really firm period at the end of this sentence... when we say we don't have any information that can help identify someone, that is absolutely the case. There is no need to double check with us to just make sure there's something else you don't know. We really, truly, definitely have nothing we can give you to help you identify a chatter. And that is because we have designed the system, and gone to pretty great lengths, to make certain we are not storing any additional information that could be used to identify chatters.
Why must chatters approve for their past messages to be shared with a new user?
When a web chatter is communicating with one user, then gets transferred to another user or gets picked up by another user, that new user doesn't not immediately see the past messages in the conversation. The web chatter will automatically be shown a prompt asking if they would like to share their past messages in the conversation with this new user.
This is done purely to protect the privacy and confidentiality of the chatter. The messages they shared previously were shared with the understanding that they were being said to just one person. So it should be the chatter's choice if their previous messages should be shared with this new person.
You may think that a chatter would have assumed that their messages were automatically visible to the entire organization. So perhaps an individual person may not have had any issue if their past messages were immediately visible to another user. However, a core tenet of privacy and confidentiality is to not just assume that someone's information can be shared beyond its original intent. Privacy and confidentiality is about making sure people are fully aware of where their information is going and giving them the choice of where else it goes beyond that.
When would I see the "no longer viewing the chat page" message?
If you're communicating with someone using a desktop or laptop browser and they switch to another tab OR someone using a smart phone who switches away from the chat page... you'll see a status message in the conversation letting you know they're no longer viewing the chat page.
If they come back to viewing the chat page, you'll see a notification letting you know they've returned to viewing the chat page.
You can still send messages while they're viewing another page. ResourceConnect intentionally does not show chatters notifications or make sounds to let them know about new messages. So they won't see your message until they switch back to the chat page.
It's possible after you see this message you'll see the Lost Connection status message. This is normal behavior of some smartphones. As long as they come back to view the chat page in the next 30 minutes, they will be reconnected and see any messages you sent while they were away.
You could also see this message right before the Left Chat message. Some browsers will send a "I'm not longer looking at this page anymore" message right before they send the "I'm leaving forever" message. Browsers are so weird.
When would I see the "lost connection to chat server" message?
The best way to explain the "lost connection to chat server" message is to talk about what you might see before or after it. In ResourceConnect there are three somewhat similar status messages you might see: No Longer Viewing Chat Page, Lost Connection, and Left Chat Page.
If in quick succession you see the "No Longer Viewing Chat Page", "Lost Connection", and then "Left Chat Page" messages OR just the "Lost Connection", and "Left Chat Page" messages... this is just the normal process of the chatter closing the chat page.
If you see the "No Longer Viewing Chat Page" and then "Lost Connection" message... this is almost certainly someone on a smartphone who has switched to another browser window/app. While away from the chat page some smartphones cut the active connection to ResourceConnect. You can send a message while they're off doing something else. But they won't get any kind of notification that you've sent a message. If they don't come back to the chat page after 30 minutes the system will just consider them gone forever.
If you ONLY see the "Lost Connection" message... this is one of two things...
The most likely situation is this is someone on an iPhone who has simply closed the chat page. Safari on iPhone doesn't send the "Left Chat" message like all other browsers do. So annoying! In these situations the chat window will still give you the option to respond. But really the conversation is over and the chatter won't get any further messages. Unfortunately there's no way for the system to tell the difference between this kind of "Lost Connection" event and the others listed in this document. Get your act together Apple!!!
The other reason why you might ONLY see the "Lost Connection" message is if someone's internet has truly cut out unexpectedly. This would be your classic "cat tripped over the modem cable" or "train went through a tunnel" scenario. If the chatter's connection gets restored in the next 30 minutes they will be reconnected to the chat and see any messages you sent while they were away.
When would I see the "left chat page" message?
When a chatter has closed the chat page, clicked a link within the chat page, or reloaded the chat page... their browser SHOULD send a "goodbye" message to the ResourceConnect server. This status message is letting you know this "goodbye" message was received.
That "goodbye" message is not ALWAYS received, though. It seems like Safari on iPhone is the rude one not sending this polite "goodbye". Thus it could be possible that you'll JUST see the "lost connection to the chat server" message. It may look like it's possible to send a message back. But in these cases the chatter is truly gone. Their browser just didn't send the typical signals back to let us know.
Once you see that a chatter has left the chat page, that conversation is completely done. It's no longer possible for them to reconnect. No messages can be sent in either direction.
If the chatter has reloaded the page, or presses the back button to get back to the chat page, they will be assigned a brand new conversation. There is no way to know whether that new conversation is the same person.
What is the Quick Escape button?
Unless you're using the Embedded Web Chat Link, people communicating with you via the Web Chat will see a "Quick Escape" button on the top right of their screen. Pressing this button will immediately end the person's ResourceConnect session and send them to an alternate web site. The default is to send to Google.com. But you are able to set for your account another generic website that this button will lead to.
The system will attempt to notify the provider that the Quick Escape button was pressed. But it's possible that the chatter's browser will change the page before this signal can be sent to the ResourceConnect server. Either way, the provider will definitely see that the person has left the chat.
On the chatter's end, it is possible to click the back-button to get back to the ResourceConnect chat page. None of the messages from that conversation will appear. The system will consider this a brand new session from a brand new person. It may be a safety issue if someone besides the chatter clicks the 'back' button and sees that the chatter was speaking with your organization on ResourceConnect. Again, they won't be able to see the past conversation; but they'll know that a conversation was had. This is one of the many reasons why you should do a safety check with the chatter at the very beginning to make sure they are in a situation where their digital record won't be an issue.
Deleting a Web Chat conversation while the person still has the window open will send them to the Quick Escape location. This could come in handy if you suspect that the person you're chatting with is in distress or someone else has commandeered their computer. Note that even though the messages will be removed from the chatter's browser, this don't necessarily mean that no one on the chatter's end took screen shots of the conversation.
Deleting any SMS Chat conversation will not redirect an SMS chatter to another location. And all messages will remain on the person's phone unless they manually delete them. This type of functionality is not possible with SMS. Read more about deleting conversations here.
If someone leaves the chat, what happens when they click the 'back' button?
If someone leaves the chat, either by clicking on a link in the chat, clicking the "quick escape" button, or because a user deleted their conversation and the chatter's computer was forced to the quick escape location... AND THEN that person clicks the "back" button on their browser... they will be redirected back to your organization's ResourceConnect chat page.
The prior conversion will not be visible. The chatter will look as if it's a new conversation. The provider will not have any indication it's the same device revisiting the page.
It is still understandably a concern that someone else could go onto the chatter's device, press the back button, and see that they were at least having a chat conversation with your organization.
Unfortunately, there is no way around this technological limitation. Aside from making sure a chatter is using a device that someone else doesn't have access to, we just have two recommendations. Either recommend the chatter use their browser's 'incognito mode' to chat with you, then close the browser window entirely when the conversation has ended. OR ask the chatter to take steps to clear their browsing history when a conversation has ended.
Again, it's just not technologically possible/advisable to change this browser behavior.
We have seen some attempts at getting around this limitation. But no workaround we've seen works equally across all browsers, which would lead to core functionality failing on unsupported browsers. And for the browsers these attempts do work on... major browsers generally have a history of sussing out how developers are trying to make browsers behave in ways that they weren't intended to and then coming out with updates that make the workaround no longer functional.
We have also seen some organizations use special "quick escape" code that attempts to redirect a browser to a series of different pages before landing on one final alternate web page. We don't like that solution because, like all workarounds to this issue, it adds risky complexity to functionality that is vitally important to always work properly. Also it makes the "quick escape" no longer "quick". A browser may take a handful of seconds to bounce around to all the required pages. Someone else walking into the room while this was happening would certainly be suspicious of a wildly flashing browser. And finally, the originating chat page DOES still show up in the browser history and can still be accessed by hitting the 'back' button multiple times.
Why do chatters leave the chat when they click on a link we send?
If you send a chatter a link and they click on it, their current window will redirect to that link. Their ResourceConnect conversation will then be terminated. The chatter can use their 'back' button to come back to the chat but they will appear as a brand new conversation.
We intentionally do not have links open up into a new window/tab because we are worried about this situation:
- Chatter clicks on a link
- Chatter has a new tab open up
- Someone else comes into the room
- Chatter no longer has a "Quick Escape" option. They would have to close down the new tab that opened up and then click on the Quick Escape button.
We are open to revisiting this policy. But we would hope any discussion about adopting other behaviors could take our original concern into consideration.
Can people seeking support use the Web Chat on their smartphones?
Yes, people coming to you for support may use their web browser on their smartphone to communicate with you via the Web Chat.
Unlike the concerns we have with Providers using the Provider Chat on their mobile devices, we do not have the same level of apprehension about one person having one conversation on their own device (as long as, of course, the provider has confirmed that their device is safe to use).
And, of course, people may use their phones to communicate with you via the SMS Chat. Though we believe the Web Chat is the safer option, so we encourage providers to get chatters to use the Web Chat, when possible.
What do we do if someone we're chatting with is having trouble with the chat page?
Every so often we get reports of strange behavior someone on the External Web Chat page is experiencing. Things like the chat randomly disconnecting on them.
These issues are especially difficult to get to the bottom of due to the fact that it is often inappropriate to be asking the chatter for technical information about what's happening on their end and the issues are so specific to the chatter's device. Also, ResourceConnect's confidentiality protections are great for privacy but not so great when we need more information for debugging.
We very much want to make sure the ResourceConnect External Web Chat page functions properly for all users. If you get someone experiencing issues with the External Web Chat page, the following things could help us get a handle on what's going on:
1) If it's appropriate to ask the person, you could try asking them what web browser they're using and what kind of device they're using (PC, Mac, Android, iPhone, etc)
2) Try taking a screenshot of the Provider Chat page that shows what you were seeing when the person you were chatting with was having issues. Contact us and send that screen shot so we can see more clearly what the issue was.
3) Don't delete the chat conversation in the system until we've had a chance to take a look.
While the above steps could help, it may be the case that it's not enough on our end to solve the problem. For that we are truly sorry. Sometimes it takes a few people reporting the same kind of situation, each new person giving another clue than the person before them, until finally all the clues add up to what is happening.
So please do keep us informed of these odd situations as they come up. But hopefully you understand the dynamics and why we might not be able to do more than gather information at this time.
Can we block lewd chatters from using the web chat?
Unfortunately there is nothing that can be done technologically to block individual people from using this service. At least, nothing that can be done that wouldn't interfere with the strict confidentiality protections that ResourceConnect has in place to protect chatters who are depending on absolute privacy.
There are three ways in which any web based platform can TRY to block people from using its service. Here are all three and why they aren't workable for ResourceConnect.
Block an IP Address
Each person who uses the internet has an IP Address assigned to them by their internet service provider. Even if you chose to activate the 'Capture IP Address' feature and record chatters' IP addresses, it would not be possible/advisable to block one particular IP address. Here are some situations to explain why:
* DSL, Fios, and mobile data internet connections have different IP addresses daily. So if you block someone on one of these connections today they won't be blocked tomorrow.
* Someone could be using the service from a large institution like a university or library where many people share the same IP address. So you could end up blocking an entire institution from accessing youe service.
* An abuser could be attempting to impersonate a survivor to gain information about them. Even if they are unsuccessful, if their IP address is blocked you have now blocked the survivor from accessing services.
* It's trivial to get around IP address restrictions with things like VPNs, tor browsers, etc...
Put a Cookie on Someone's Machine. Then block That Cookie.
It would be easy enough to have everyone who uses the service have a random ID saved as a cookie on their machine. Then if someone was abusive you could just block the machine that had that cookie.
However, this would be very easy for someone to get around. They'd just have to use a new browser, go in incognito mode, use a different computer, or clear their cookie history.
Require An Account To Be Created To Use The Service
This is the only way to slow down someone who is intent on abusing ANY web based platform. If you require people to make accounts and then if someone is abusive you block the account. Someone can always sign up again with a different email address. But there's only so many times they can do that.
ResourceConnect is built to be a barrier free, leave-no-trace form of communication. So this option is completely off the table.
So that's it. Those are the three ways to block someone. And none of them work for ResourceConnect.
The best thing we can recommend is to just click the "Ignore" button on the conversation. Don't respond at all. Not even with a 'Please stop messaging'. These people get a kick out of you giving some kind of response. So if you just hit the ignore option, they'll not know they've been ignored. They'll keep saying lewd things. Your staff won't see it (that time, at least). And when they get no response from you they get less of a thrill.
Now this certainly doesn't prevent this person from signing on a moment later to try the same thing again. And doesn't prevent the staff person from having had the unpleasant conversation to begin with.
But we are unfortunately not able to give you better options at this time. ResourceConnect is built to protect the privacy and confidentiality of survivors of abuse. That does have the unfortunate effect of providing cover for people who want to be abusive. There is no way for technology to know who it should keep the privacy and confidentiality of and who it shouldn't. It has to be privacy and confidentiality for everyone, or for no one.
What are the safety risks of using the SMS Chat?
SMS messages do get encrypted on the ResourceConnect server with your organization's unique encryption key as soon as they arrive. Thus, we are not able to provide readable messages in the event of a court order.
SMS Chat messages cannot be end-to-end encrypted. SMS technology was created long before end-to-end encryption was widely available.
Because the messages aren't encrypted, this means that cell phone providers can, and do, keep copies of SMS messages on their servers. Verizon makes public that they keep messages for up to four days. Verizon can even, at times, show the contents of a user's text messages when logging into the Verizon account portal. Other cell phone providers say they don't keep the contents of messages, but nothing is stopping them from doing so.
All cell phone providers keep logs of which phone numbers their subscribers are texting to. These logs show up on billing statements. If a person seeking support from you is using a family phone plan, or someone else gains access to their phone bill, it will be clear that they had a conversation with your organization.
Next, the SMS routing service we use, Twilio, is handling these SMS messages in plain text too. Twilio provides a way for the ResourceConnect server to delete a message from their server after it's been sent; a function we utilize. But unless you're on the development team at Twilio, the reality is there is no way of knowing whether or not that's actually happening.
Phone spyware is also very good at recording SMS messages. Thus, all of the same recommendations of warning users to not use ResourceConnect on a device that could have been tampered with apply to SMS conversations as well.
Finally, while messages sent via the Web Chat will disappear at an interval that you control, it is not possible for SMS message to automatically expire on a user's phone. The only way to get a message off a person's phone is for that person to manually delete them.
These factors are the reason why we recommend that providers using the SMS service ask users, either in the SMS auto response or the first few messages to the user, to switch to use the Web Chat instead. This would be a case where using the abbreviated URL - rc.chat/[your alias] would be acceptable.
Note that the mention of these security risks is not an indication that we believe ResourceConnect is not a safe form of communication. We are simply giving you all the information available for what risks are out there. If you get in the practice of identifying whether these risks apply to the person you're communicating with, then ResourceConnect can be a great tool for safely communicating with people in need.
Is there anything that can be done to make chatting with SMS Chat safer?
Using a "dumbphone" reduces the risk of spyware. We know of no spyware that is possible to run on dumbphones. However, just like smartphones, SMS messages will still stay on the phone unless manually deleted, and there will still be records of the SMS messages with the cell phone company.
Using a third party app like Whatsapp for SMS messaging may also reduce the risk of the messages being picked up via spyware. Spyware cannot access the contents of applications like Whatsapp unless the phone is rooted. However, if someone has put spyware on a phone it's very likely that they also went through the (not that much) trouble to root it too.
You can ask the people you chat with over SMS to manually delete the conversation after you've finished. But it's very possible many people will ignore or forget this recommendation.
Do we need a phone to use the SMS chat?
No. All SMS/text messages come through your ResourceConnect Provider Chat page. You do not have an actual phone that these messages arrive at.
SMS chatters appear in your list of conversations just like External Web Chat or Internal messages do. But you'll see that it's an SMS/text chat by an "SMS-" prefix to the chatter's default name.
When you respond in an SMS conversation, a SMS/text message is sent back to the person and appears on their phone. On their end their conversation looks like any other SMS/text conversation they have with anyone else.
But on your end, everything is conducted through the single Provider Chat page. That way there's no passing around a physical phone from one person to another.
Can we use a phone number we already have?
Yes, this is possible in a variety of situations.
Because the process involves manual work on our end, we charge a one-time $80 USD fee for getting your number transferred to us. This will be billed to you upon successful completion of the process.
The following instructions assume you already have created an account on ResourceConnect.
The steps for using a phone number you already own depend on whether your existing number is:
A landline and your SMS messages are not being routed to another provider (common):
The process is fairly simple. We'll be in touch to verify you actually own the number. Then you'll be emailed a form which requires an agency e-signature. SMS routing happens almost immediately after that. If you are using your existing number for voice calls, your voice service will not be affected. We will not charge you a per-minute fee for calls.
A landline and your SMS messages ARE being routed to another similar service (rare):
The process adds an extra level of complication. You must first request from your existing provider to release your phone number from their control. Again, this option assumes this provider is handling ONLY your SMS messages for your landline number. It can take a couple days to a week before your number is fully released from your existing provider. During this transition period, SMS messages to your phone number will not being seen by anyone. This is a major concern to be aware of. We have no control over how long this process takes. And we certainly have no control over when your provider chooses to begin this process. When your phone number is fully freed from your current provider, we would take the steps listed in the section above to transfer your landline's SMS capabilities to our system. This last part of the process does tend to happen within an hour or two. If you are using your existing number for voice calls, your voice service will not be affected at all during this time.
A cell phone:
If your existing number is a cell phone, it is unfortunately not possible to transfer just SMS to ResourceConnect. If you wanted to continue using the number for voice calls, you could transfer the entire number to ResourceConnect; both voice and SMS. ResourceConnect would then be THE owner of this phone number and not your current cell phone provider. Your cell phone service for this phone number would essentially be canceled by taking this step. You'd then be able to set ResourceConnect to forward voice calls to another number of your choosing. The forwarding number could be a cell phone or landline, and you could change this number any time you want, as many times as you want. If you choose this option, we would charge you a per-minute cost for any voice call that came through your phone number. We get charged this per-minute cost via our telecommunication provider, thus we do unfortunately have to charge you for these fees.
A toll free number:
In most cases it should be possible to transfer just your SMS service to ResourceConnect and leave your voice service through your current provider. There's really no way to tell if you are one of these "most cases" until we try it. So we'll go through the relatively easy process of trying to just transfer your SMS capabilities to our service (as described in the first 'landline' section above). Then if that gets rejected we'll have to transfer your entire number to ResourceConnect; voice and SMS. Thus, ResourceConnect will completely own your toll free number. Voice calls to your toll free number can then be routed to whatever other phone number you'd like. The forwarding number could be a cell phone or landline, and you could change this number any time you want, as many times as you want. If you choose this option, we would charge you a per-minute cost for any voice call that came through your phone number. We get charged this per minute cost via our telecommunication provider, thus we do unfortunately have to charge you for these fees.
To proceed with any of the options above, please contact us via the 'Support' page of ResourceConnect's Admin Settings. Please let us know which of the above situations you believe applies to you. We'll get back to you right away with the next steps.
Can we see the phone number of someone talking to us on SMS chat?
A user with administrator privileges can view an SMS chatter's phone number by visiting the Usage page in the ResourceConnect admin settings and selecting the conversation ID of the SMS chatter. As long as the conversation is still active, the phone number will be visible on that page.
Typically we don't like storing information that can be used to identify people. But in this case we MUST store a chatter's phone number in order to make it so you can send messages back to them. And since our philosophy is to make it so you can see all the information that we can see, we've made it so at least users with admin privileges can access this information.
Also... we won't create a setting in which even admins at your organization can't see a phone number. We understand that having access to a chatter's phone number could put you a situation in which you are issued a court order to retrieve it. But, honestly, part of the reason why we make this information visible to you is so that it's you getting that court order and not us. We don't want to be put in a situation where we are forced to provide information about a provider's account that the provider doesn't want us to. Instead, we go through great lengths to design the service to wherever possible not store identifying information AND make it so you can see everything that we have access to.
If you don't like the idea of phone numbers being retained on the system, you can ask your advocates to be in the practice of deleting a conversation as soon as it's completed. OR set your SMS message expiration times to be a very aggressively low value so that the server deletes it automatically. That way the number gets removed from ResourceConnect very quickly and neither us or you can provide the phone number.
Can we be the first to send someone a SMS message?
We have intentionally NOT made this possible. You can only message someone once they have messaged you.
While we can see some practical uses for this ability, we see a lot more ways that this ability could lead to abuse or unsafe situations.
Can transferred SMS conversations have their past messages shared?
With Web Chat conversations, when a conversation is transferred from one user to another, the chatter sees a special message asking if they want to share their previous messages with the new user. If the chatter agrees, their past messages will be shared with the new user in a special section of the chat.
This same functionality is not possible with SMS chat. When an SMS conversation is transferred to another user, the other user will not be able to see the past messages. This is in accordance with our confidentiality policy of making it so the things a chatter said to one person always only get seen by that one person.
With SMS chat there isn't the same ability to send a fancy message to the chatter asking for their permission to share their past messages. All SMS can be is text going back and forth. So since there's no explicit way to get this confirmation from the chatter, the system can't be programmed to send the past messages to the new user.
What is an SMS Unit?
One SMS message may be multiple SMS Units. SMS messages can only be 160 characters long. Modern phones are able to get around this limitation by breaking apart a message longer than 160 characters into 153 character chunks**. Thus, a message that is 450 characters long may only seem like one message, it would need to be broken up into three chunks, and count as three SMS Units.
In ResourceConnect, when typing in a message to SMS users, you will see grey text on the lower right side of the message box letting you know the number of characters and SMS Units of what you've written.
Messages that will count towards your SMS Units:
• All incoming SMS messages (including messages from ignored chatters)
• All outgoing SMS messages (including the automatic response messages)
Web Chat messages do not count towards your SMS Unit usage.
**The chunks have to be 153 characters long instead of 160. The extra seven characters are occupied by hidden "(1 of 3)" suffixes that tell the receiving phone in what order to put the chunks back together again.
Why do you charge per SMS Unit?
Our telecommunications provider charges us a per SMS Unit fee. We charge basically their same exact fee plus a bit more to cover credit card processing fees. So we're not actually making any money off of SMS usage fees. We want to keep these costs to you as low as possible.
Each country has a different SMS message rate. In the US and Canada the incoming SMS unit rate is the same as the outgoing. Most other countries charge different rates depending on whether the message is incoming or outgoing.
EmpowerDB members only pay a reduced rate because their payments are handled through quarterly invoices paid by check, so there are no credit card fees getting in the way.
Why do you charge a per minute rate for phone calls?
If you purchase a phone number through our service, or choose to completely port over your existing number to our service, you will be charged a per-minute rate for all calls to your number.
If you have only transferred the SMS functionality of your existing phone number to our service you will not be charged a per-minute rate for calls. And the rest of this FAQ article does not apply to you. Your phone calls are still handled completely by your existing voice provider and any charges you receive for calls are dependent on your arrangement with your existing voice provider.
We charge a per-minute rate because our telecommunications provider charges us these fees, so we must pass on those charges to you (plus a bit extra to account for credit card fees).
You can avoid this per-minute cost by not entering a voice enabled phone number that calls to your ResourceConnect phone number should transfer to. Calls to your SMS number will result in a robot-voice explaining that the phone number cannot be called.
However, we do think that it makes sense to forward calls to your SMS number to a voice-enabled number; even if you do not advertise your SMS number as a number that can be called. If someone mistakenly calls your SMS number it's nice to have their call automatically directed to someone who can help.
You'll be able to see your voice call usage fees in the "Usage" section of the ResourceConnect Admin Settings. If you see that the calls to your phone number are resulting in higher than expected fees, you can disable call forwarding by removing the phone number that phone calls are forwarded to. However, we have found that for organizations that don't advertise their SMS number as one that can be called, the per-minute expenses are less than a dollar a month. And, again, to us, that seems worth it in order not to frustrate the people who inadvertently call this number.
Finally, know that if a call is forwarded by ResourceConnect to another number, you will be charged for the entirety of that call's duration. For example, if the call gets forwarded to your hotline number, then gets forwarded to an answering service, and then your answering service forwards that call to an advocate... and that whole call takes twenty minutes... then you will get charged by ResourceConnect for a twenty minute call. Whenever a call is forwarded, the originating telecommunications provider is still hanging on to the call. They must still exist as one of the links in that chain. Thus, the per-minute rate is applied to the entire call.
What provider do you use to route SMS messages?
We use the Twilio service to rent phone numbers and courier the SMS messages from ResourceConnect to the people you're texting with.
There are a handful of other companies out there that provide this service. Twilio is by far the most expensive, but was the only company we contacted that offered a way to remove the contents of SMS messages from their server after the message was sent. All other providers kept the contents of SMS messages on their servers from anywhere to seven days to seven years! This was not acceptable for the confidential conversations that will be held on the ResourceConnect platform.
Twilio also has the reputation of being the most reliable and established of these companies; another positive when building a system that a great deal of people will be depending on.
Why do you need a telecommunications provider to route SMS messages?
We use the Twilio service to rent phone numbers and courier the SMS messages from ResourceConnect to the people you're texting with.
Any platform you use to message people via SMS will need to partner with a specialized telecommunications provider to handle these messages. The infrastructure needed to route SMS messages is so complex that it's not possible, or practical, for the vast majority of businesses to create and maintain themselves.
The SMS messages that get sent through Twilio's service ARE passed through in plain-text. This means that it is conceivable that someone at Twilio could retrieve the messages via court order or violation of internal company policy. This is an unfortunate reality of using SMS messaging in ANY configuration. We hope we've made clear in other articles in this section why we believe SMS messaging is not the best choice for confidentiality; and that redirecting SMS chatters to the web chat would be best if the conversation needs to have that additional level of privacy.
All this being said, we've been very satisfied with the quality of service that Twilio provides. Their customer support has also been top-notch.
Do we need to constantly keep ResourceConnect open to receive messages?
The ResourceConnect Provider Portal is where you'll receive all incoming SMS messages. This page does not need to be kept open in order to receive messages.
If no user has the Provider Portal open when a message arrives, the message will still be saved. You'll be able to determine through the admin settings whether your users receive a notification email that a new message has come through when no one is online. When one of your users comes is able to sign in, they'll be able to see the message waiting and respond.
Why is there no "Idle Chatter Disconnect" option for SMS?
On the Web Chat, there is an administrator setting that allows you to control the amount of time a chatter can leave their screen idle before being sent away to another page. This is a security feature that is aimed to prevent confidential conversations from staying up on an abandoned computer screen.
It is not possible to have a feature like this for SMS. Unlike the Web Chat, with SMS there is no "connection". So with no "connection", there can be no such thing as an "idle connection".
When someone sends an SMS message it gets passed along through the telecommunications superhighway and the message eventually gets to you. End of story. When you send a message back, that message also gets passed along the way and eventually ends up on the person's device. You have zero control over how that message is displayed or kept on the other person's phone. Think of it as being exactly the same as you having zero control over what someone does with a letter you send them in the mail.
The only thing you have control over is how long the message, and the record of who sent it to you, stays on the ResourceConnect server. To control how long SMS messages stay on the ResourceConnect server, you can modify the Read and Unread Message Expiration settings in the SMS control panel.
Why do you charge for SMS messages from people who've been ignored?
Even though you've ignored an SMS caller, you will still be billed 1 cent per message they send. This is because Twilio charges us .75 cents per text message no matter what number is sending or receiving the message. There is no way to know whether the person texting you has been ignored until that message gets to the ResourceConnect server. The ResourceConnect server recognizes that as an ignored person and doesn't show you the message. But Twilio did its job of delivering the SMS message to us, so they expect to be paid their .75 cents.
There unfortunately is no way to tell Twilio to ignore SMS messages from certain people and thus not even try and deliver it.
Because of this, you may want to not ignore people harassing you over SMS. If you mute them instead, you'll still be able to get a sense of how much their abusive behavior is costing you.
Ignored text messages will show up as a separate item in the "Billing" section on the Admin Panel so that you can at least have an idea of how big an impact this unfortunate reality plays on your pocketbook.
Do you store the phone numbers of people using SMS chat?
Unfortunately, we have to store the phone numbers of people communicating with you via SMS chat. When you send a response back, we have to know what phone number to send the message to! These numbers are not, and cannot, be encrypted; the server has to be able to read them in order to properly send and receive messages.
If having people's phone numbers stored on our server is problematic, you can either set your SMS message expiration settings to be a very small number, like 15 minutes, or you can get in the habit of immediately deleting SMS conversations once you've finished.
Once a conversations has expired, or has been deleted, that person's phone number is fully removed from our system.
If we decide to leave ResourceConnect, can we take our SMS number with us?
Yes. Let you know that's what you'd like to do and we'll give you the required information to transfer the number to your new provider.
You should wait until the number is transferred before actually canceling your ResourceConnect account.
Unlike the process of porting numbers in to ResourceConnect, we will not charge you for this service.
Can we change our SMS phone number?
We do not make this possible for you to do on your own. Here's the situation we're concerned about:
• An organization acquires an SMS support phone number.
• The organization let's people know to contact them at that number.
• That contact information spreads as information is bound to do
• The organization wants to stop using that phone number. They get a new number and let's people know about their new SMS number.
• The organization is not able to track down all the places where their old SMS phone number was shared.
• The old phone number gets picked up by some random stranger
• Someone seeking support finds the organization's old phone number and sends it a message. They are now communicating with a total stranger when they thought they were communicating with you.
If you do want to change your phone number, you must contact us and let us know. We'll want to ask you some questions to figure out why you're switching your number and see how likely the above situation is to occur.
What happens if someone calls our SMS number?
In the ResourceConnect admin panel you can set a phone number to redirect calls to your SMS line to. This means you could, in theory, advertise just one number for people seeking support to either text or call. This also means that you could regularly change this phone number depending on who is on shift at any particular time.
However, call forwarding will cost an additional 2.5 cents per minute. Again, this is a situation where the price is determined by our SMS call provider Twilio, not us.
If you set no phone number to redirect calls to, people who call your SMS number will hear an automated message that the number they called isn't set up to receive voice calls. You will not be charged for this message.
If you want to have one phone number for your voice hotline and a separate phone number for your SMS support, our recommendation is to go ahead and set your SMS number to forward calls to your voice number. Then just keep an eye on the costs involved in your admin panel. If people are only mistakenly calling your SMS number every so often it shouldn't be a huge burden to have those extra costs - and it will help the people making this mistake to receive support sooner. If you see the call forward costs starting to get out of a range that you're comfortable with, then you can turn off call forwarding by removing the forwarding number. And at that point perhaps rethink how you're advertising your services to prevent people from dialing your SMS number by mistake.
We currently don't have this built in, though. Purely because it hasn't yet come up as an issue. We find that it's the web chat that is abused more often since people generally know that they have more anonymity using a web based platform.
IMPORTANT: It is not possible to block people from using the web chat. Read here for more information.
If you are getting a repeated lewd SMS chatter, have a user with administrator accounts go to the Usage section of the admin controls and copy down the phone number associated with that conversation. Please verify that this one phone number is associated with more than one inappropriate conversation. Then let us know you have this situation and we'll see about building in this feature.
Can we have more than one phone number?
No. You can create a separate ResourceConnect account, though, and acquire another number for that account.
One email address can be registered for more than one account.
Can I acquire a very specific phone number?
Unfortunately the chances of a specific number being available to purchase are very very low. Aside from the fact that the number you're looking to use may already be taken by someone else, our SMS service provider Twilio - like all telephony service providers - only has access to specific blocks of phone numbers. Blocks of phone numbers are usually distributed by their three digit prefixes (the three digits that come after the area code and before the last four digits of a number).
It may be possible for you to acquire this other phone number via some other service provider, as if you were planning on using their service, then go through the process of porting the number to us and then cancel your other service after the first month. But we have yet to find a universal way of figuring out which other telephony service provider you would need to contact to purchase a specific number.
Can we get a short code/six-digit SMS number?
Yes, but it's very expensive. Since there are only a limited number of short codes available, all telecommunication companies charge a premium price. The telecommunication provider we use, Twilio, charges $1,000 per month. Others we've seen charge mostly the same or even more.
On top of that monthly $1,000 charge, we would want to charge you a one time fee of $2,000 to be held basically as a security deposit in case you end up not paying your bills and we get stuck with the $1,000 charge for a month or two.
You'll need to contact us to coordinate around the purchasing of a short code SMS number.
Video & Audio Calls
How do video/audio calls work on ResourceConnect?
Watch this video to see how simple and straightforward Video and Audio calls are in ResourceConnect!
How much do video/audio calls cost?
The video & audio call features in ResourceConnect are currently free for the remainder of the year as we support organizations responding to the COVID-19 pandemic.
In 2021 when we begin charging for the service, video & audio calls will be part of the standard Web Chat functionality. There will be no additional charge for this service.
There is not currently, and will not be in the future, any limits or price differences on how many video/audio calls you make or how long they last. This feature is simply be part of the standard functionality of ResourceConnect.
Are there limits on number of calls or how long they last?
There are no limits on the number of video or audio calls you make. There are no limits to how long they last.
Thus, you could set up a thousand users on your account and have all of them video chatting 24 hours a day, 7 days a week. That would be totally fine with us! (But perhaps not fine with your users.)
We are able to do this because, unlike other video chat platforms, the video and audio call connection between you and the person you're talking to is a direct, peer-to-peer connection. The web traffic from that call does not pass through our servers at all. Which means we don't have to pay for a big, beefy server that can handle all that traffic.
How is the call quality?
The video and audio quality of the calls are as good as you'll possibly get.
Since the data for the calls goes directly between callers, not through a server we control, the call quality depends solely on the internet speeds of the two parties on the call.
If you've experienced a call with poor quality, we recommend testing your internet speed with this tool. You may have a poor quality call if either party's upload or download speed is less than 5 Mbps.
If the call doesn't happen at all, that's a different story. If you think both parties are using a supported browser and the calls don't work at all please let us know.
Is there an app to install?
No app to install! Everything should work entirely within the standard functionality of a supported we browser.
What browsers will video / audio calls work with?
Only the most up-to-date browsers will be able to make and receive video / audio calls. This means there will be some browsers that can use the rest of ResourceConnect without issue but get a warning message if they try to make and receive video / audio calls.
Below a breakdown of where things stand with each browser.
To find out what browser you're using, you can visit this web page.
Google Chrome on PC, Mac, ChromeOS, Android:
Anyone using Google Chrome on their PC, Mac, Chromebook, or Android shouldn't have any problems.
Google Chrome on iOS (iPhone/iPad):
Apple does not allow other browsers besides Safari to access the functionality needed for our video calls. What a bummer! iPhone/iPad users will need to use Safari until Apple comes to their senses.
In the beginning of 2020 Microsoft released a completely re-designed version of their Edge browser. Only that brand new version supports video calls on ResourceConnect. You'll need version 79 or higher. The best way to know whether you're on the new version of Edge is if the browser logo looks like this. If your Edge browser isn't prompting you to update, you may need to visit the Microsoft Edge web page to upgrade to the new version.
Should work fine on all recent versions of Safari on Macs, iPhones, and iPads.
Should work fine on all recent versions of Firefox.
Video/Audio calls are not supported on Internet Explorer. But keep in mind that you might think you're using Internet Explorer but are actually using Microsoft Edge (Microsoft made those the logos for those two browsers maddeningly similar).
Also note that ResourceConnect's Provider Chat page will not work at all on Internet Explorer. The External Web Chat page should just barely function for text chat.
Can web chatters initiate a video / audio call?
No. In external web chat conversations, only the provider can be the one to choose the option to initiate a video or audio call.
Are video / audio calls end-to-end encrypted?
Yes. The calls are end-to-end encrypted. The only one who can view the contents of these calls are you and the person who you are talking with.
The data for these calls doesn't even pass through ResourceConnect servers. A direct connection is established between you and the person you're speaking with.
This is all achieved through a communication framework called WebRTC. These encryption and privacy protections are built right into WebRTC.
Many other video chat platforms use WebRTC as well. But most other services choose to route their video calls through their own servers in order to do things like add layers of fancy video processing, combine video streams into group calls, and collect valuable data on the people using their services. When other platforms do this, the calls are no longer end-to-end encrypted and the platform can view the contents of the video call if they wish.
With ResourceConnect, the video/audio connection is made directly between peers and thus WebRTC's end-to-end encryption is preserved.
Do chatters need to sign up for an account to receive video calls?
People visiting your web chat page do not need to create an account of any kind.
After the chatter and the provider discuss the option of having a video call, the provider sends a request to start a video call, and the chatter confirms. It's as simple as that.
Why doesn't a sound play for web chatters when a call comes in?
There is intentionally no "ringing" sound played for web chatters when a call comes in. This is in consideration of a chatter who may not actually want a video or audio call to happen and thus wouldn't want to have attention be drawn to them from their device making a ringing noise.
If one user calls another user, the other user's computer will make a ringing noise.
Can we make group calls?
Group video calls are currently not supported.
We are exploring ways to bring this functionality to the system. We have a plan that would make it so multiple people could be on one "group" call... but everyone on the call could only see one or two people at a time. A group moderator would be in charge of switching between who is visible on the call.
Group calls with a "tiled" view where everyone can see everyone else may be impossible to do in a way that is end-to-end encrypted and doesn't require both parties to install an app (both things that we require with all our features for proper safety and confidentiality)
Can video / audio calls be made via SMS chat?
No. This functionality only exists for external web chatters and other users within your organization's account.
If you want someone you're communicating with over SMS chat to be on a video or audio call, you'll need to get them over to your web chat page (which should work on any smart phone) and then initiate the video or audio call there.
Can we still type while on a video or audio call?
Yes, the chat functionality will still be fully functional while you're in a video or audio call. So if something is just better said via text, feel free to still use that while the call is taking place.
How do file uploads work?
We're making a brand new series of instructional videos to better show key features like this. But for now here's a simple description.
On the bottom left of the Provider Chat page is a "File Attachment" icon. Click on that icon and you'll see a button to upload a file. Click on that "Upload File" button and you'll be presented with a window to choose the file on your computer you want to upload. If the file that's selected is one of the file formats that we support, and is under our file size limit, that file will be encrypted with the Provider's encryption key and uploaded to our service. Anyone else in the chat will be able to see that a file has been uploaded and download it.
If the file is an image type, there will be an additional "View Image" link to view the image from within the chat.
External Web Chatters cannot sent files by default. A provider user must first choose the "Allow File Uploads" option for that conversation (via the three-dot settings icon next to the conversation name) Once that option is selected, the chatter will see a notice that they have been given permission to send files. They will then see a "File Attachment" icon similar to the Provider.
If a web chatter sends an image file, clicking on "View Image" will show a blurred version of that image. Clicking on the image un-blurs it.
An SMS conversation can send files to the Provider; typically this will just be images. But the Provider cannot send files back.
Web chatters in an External Group will not be able to upload files. But a Provider can send files to everyone in the External Group.
What file formats can be uploaded?
ResourceConnect will only allow a handful of file formats to be sent through the system. Our goal is to just allow the bread-and-butter file types that are proven to be safe and not possible to contain a virus**.
The file formats that are supported are:
Common image formats like JPG, GIF, and PNG
Word processing file types like: .docx, .doc, .xlsx, .xls, and .txt
We will not support .ZIP files. We understand that ZIP files are a very handy way to bundle a bunch of files together to send all at once. But they are also a very handy way for people to disguise viruses. Email platforms, like GMail, have gotten good at looking inside ZIP files to see if there's a virus and prevent them from getting to your inbox. But since ResourceConnect's file sharing service is end-to-end encrypted we can't look inside of ZIP files at all. So in order to protect you we simply just won't allow them to be uploaded through our service.
We also won't support video file types. We are nervous about people using our service to share inappropriate video files. And video files are typically larger than our allowed 5mb file limit.
We could potentially be convinced to allow other types of files. But, again, the goal is to just keep things simple and only allow what we know is safe.
**Yes, that's right. It's impossible to get a virus from opening any of the file types that we support. As long as you keep the software on your computer updated (which, these days, you almost have to go out of your way to not keep your software updated) AND as long as you're not Edward Snowden... you cannot get a virus from those very common file types. These days when a person is trying to send a virus they will send a PDF that tries to trick a person into following other steps that will give them a virus. But opening a PDF itself cannot give a computer a virus.
Is there a file size limit?
Yes. ResourceConnect limits files to be under 5 megabytes.
This isn't really about us conserving space on our server. File storage these days is dirt cheap!
The 5mb limit is more because ResourceConnect's end-to-end encryption means that each computer has to do all the work to encrypt and decrypt the file. Anything over 5mb has the potential to really slow down certain computers. So in order to not cause frustration, we've just capped the size of how big files can be.
Is there a limit to the number of files that can be uploaded?
Nope. Go nuts.
Why must web chatters be given permission to upload files first?
It just really seemed like a bad idea for web chatters to be able to immediately send files in these conversations. Honestly, we're concerned about people sending sexually explicit pictures to unsuspecting advocates.
SMS chatters can send image files without being granted permission first. Advocates should practice a higher level of caution when choosing to view image files that SMS chatters have sent.
Why do images from web chatters start off blurred?
Even though you may feel like you trust the person who you're communicating with, and have given them permission to send you files, there could always be a situation where someone is not actually who they say they are and has decided to use the file sharing feature for inappropriate purposes. So we've made it so the images begin as blurred. If after you've seen the blurred version of the image, you're confident that the image is something you want to indeed see more of, clicking on the image un-blurs it.
When clicking the "Download File" button, the original, un-blurred image is always downloaded.
How do files get deleted?
You can think of each file like a message in the same way as any other message. If the file/message's expiration setting is up, that file/message gets deleted. This deletion is permanent. We have no way of recovering deleted files.
If a conversation that a file was sent through gets deleted, then the files inside of it get permanently deleted too.
Are the files end-to-end encrypted?
Yes. The files that are uploaded through conversations are encrypted with the provider's unique encryption key. So like everything on our service, ResourceConnect staff have no way of viewing the files and no way of handing over a readable version of the file if compelled to by a court of law.
Are the files backed up?
The files are NOT backed up. We want it so that when a file is deleted it's gone, gone, gone. Having frequent backups makes that concept a huge challenge.
We recommend using ResourceConnect as a file sharing service, not a file storage service.
How much does this feature cost?
File uploads are part of the standard package of ResourceConnect. For 2020 ResourceConnect is free for web chat only. So if you're using just the web chat then file uploads are free to you too. You must, though, enter in your credit card information to activate the service. You will not be billed until January 1st of 2020.
There are no additional charges based on how many files you upload or how large the files are you upload.
How do External Groups work?
Watch this video for a full rundown of how External Groups in ResourceConnect works:
Can external chatters send us private messages while in the group?
We have intentionally decided to not add the ability for external chatters to still be able to send private messages to the group moderators while in an external group.
We thought of two ways to make this possible, and both posed some safety and confidentiality issues.
The first way to do this would be to make it so the external chatter had two browser windows. One for chatting with the group and another for chatting privately with the group moderator. Two windows means two "Quick Escape" buttons. And having two buttons does not align with the concept of someone in a potentially precarious situation needing to be able to clear their browser with just one click.
The other way to allow private conversations to be sent at the same time as being in a group chat, is to have some sort of way for the chatter to choose whether the message they're sending should be sent to the entire group or just the moderator. The concern is that a chatter would choose the wrong option by mistake and a message they meant to send just the moderator would be sent to the entire group. This is something that has likely happened to all of us in other video chat platforms! But an embarrassing moment for us in a an all-staff video call isn't the same as an embarrassing moment for a survivor in a group chat.
Can other users turn off notifications for the group?
If you have other users who have access to a certain External Group but aren't participating in it, they will, by default, get notification sounds whenever a new message is sent.
To turn this off they simply need to click on the three-dot-settings icon for the group conversation and choose "Mute". The group name will be crossed out (to denote it's muted) and they will not receive any more notifications about new messages unless they un-mute it.
This staff person will still be able to see all messages in the group, however. So if that would be inappropriate you should simply go to the External Group admin settings and remove this user person from having access to the External Group.
When someone new joins the group, will they see the past messages?
No. This is intentional. New external chatters will only see the messages that happened from the point they joined the group and after.
This is because the other members of the group may have said certain things with the understanding of who was currently in the group. They may not have wanted one of their messages to be seen by anyone other than who they knew to be in the group at that moment.
Can we remove someone from an External Group?
Yes. Providers will see all group participants in a panel on the right and can click the "x" button to remove a person from the group.
If someone is removed, their screen will be sent to their quick escape location. They can always attempt to go back to your general chat page and request to be added to the group again. You can then choose the "Ignore" or "Delete" option for this conversation.
Other external chatters will see when someone is removed from the group.
Can we stop group members from typing?
Yes. Providers will be able to see a list of all group participants on a panel to the right. Clicking the "keyboard" icon for each participant will make it so their typing ability is disabled or enabled.
A participant whose typing ability has been disabled can click the "Raise Hand" icon to let the group moderator know they'd like to type again.
Does External Groups support video or audio calls?
Unfortunately not at this time. We're thinking about how to add this though. Read here for more.
Can SMS chatters join external groups?
No. This feature is only available for web chat.
Will external chatters be able to raise their hand?
Yes. Once an external chatter accepts an invite into a group, they will see a "Raise Hand" icon on the bottom left. They may click this icon to let the group moderator at the provider know that they would like to take a turn writing.
Group moderators can also use the "Raise Hand" icon to conduct simple polls. For example a moderator could say "Raise your hand if you have children under three-years-old."
Other external chatters will not be able to see who else has raised their hands.
Providers will be able to click on the icon that shows an external chatter has raised their hand in order to "Un-raise" their hand. But a provider can not raise someone's hand for them.
Will external chatters be disconnected due to inactivity?
When in a one-to-one chat, external chatters will be disconnected if they don't send a message within the amount of time you set in the "Idle Chatter Disconnect" settings. But once a chatter accepts an invitation to join an External Group, this feature is turned off. Thus, the chat will stay active on their page indefinitely.
If at any point you feel like a chatter is no longer at their computer, a user can click the "x" button next to their name to exit them from the group and make their screen go to your "Quick Escape" location.
And at the end of each group session, you can click the "x" button next to each chatter's name to make sure this chat window does not stay up on each chatter's computer.
Technical / Security
Is information encrypted in transit via an SSL/TLS connection?
Yes. Plus, our servers are configured to only support the latest, and most secure versions of the SSL/TLS protocol. We're proud of our A+ rating on SSL labs.
Is information encrypted at rest on the ResourceConnect server?
Yes. All Web Chat messages are encrypted before they even get to our server via each organization's unique encryption key. SMS messages are encrypted with a public key unique to each organization. Read more details about the encryption process here.
Can you describe the encryption process?
Provider Key Generation:
When setting up a new account, or at any time thereafter, an administrator at an organization creates a new encryption key.
The key is created on the user's browser, not on the ResourceConnect server. We use the Forge.js cryptographic library for this, and all other, cryptographic functions described here. The randomness of this key, and all future randomness described here, is provided extra entropy by collecting mouse movements and keystrokes.
Encryption keys are 16 characters of numbers, letters, and symbols. This gives us about 100 bits of entropy. Lower than the 128 bit encryption that Forge operates on, but we believe it is more than enough to provide effective security.
The encryption key that is displayed to the user is put through a stretching function. This stretched encryption key is the true key that is used in the encryption actions to follow. For the rest of this description, we will just refer to this stretched encryption key as THE encryption key.
Once the key is generated by the user, the following steps are taken:
The key is hashed using SHA-256. The resulting hash is sent to the ResourceConnect server. In the future, this hash will be delivered to users so that the Provider Chat can verify that the correct encryption key has been entered on a user's machine.
Next, a new public and private key pair are generated. The private key is encrypted using the previously generated encryption key. The public key, and the encrypted private key, are sent to the ResourceConnect server and stored along with the provider record.
Logging Into Provider Chat
When a user logs into the Provider Chat for the first time, they are asked to enter their site's unique encryption key. They enter the key, the system stretches it, hashes it, then compares the result to the hash on file. Again, this is all done on the user's side and not on the ResoureConnect server.
The provider's encrypted private key - which was already sent to the user - is now decrypted using the validated encryption key. This private key kept in the browser's memory.
All future communications by this provider to the ResourceConnect server must include the provider's encryption key hash in order to further authenticate the message.
Web Chat Communications
When a chatter starts the Web Chat, a new encryption key is generated for the session. This key is not displayed to the user, so it can be a true 128-bit random key.
This key is then hashed with SHA-256 and encrypted with the provider's public key. The hash and the encrypted encryption key are sent to the provider, as well as saved on the ResourceConnect server. All future messages from this chatter will require the hash in order to validate they are coming from the same person.
Once the provider receives the first message from a chatter, they use their private key stored in memory to decrypt the chatter's encrypted encryption key. The chatter's encryption key is then saved in memory and used to encrypt and decrypt all future messages with this person.
Inbound SMS Messages
When a message is delivered to the ResourceConnect server by the Twilio service, it arrives in plain text. It is immediately encrypted on the server using the provider's public key.
The encrypted message is then delivered to the Provider Chat. The user's device will then decrypt the message using their private key stored in memory.
Outbound SMS Messages
When a message is sent by a user to an SMS Chatter, it is encrypted using the provider's public key. Both the encrypted message AND the plain text message are sent to the ResourceConnect server. The message MUST be sent in plain text because Twilio, must have the message in plain text in order to send it.
The plain text message is not stored on the ResourceConnect server. It only exists for a fleeting moment in memory as it gets passed off to Twilio.
The public-key-encrypted message is stored on the ResourceConnect server. If the Provider Chat window is reloaded and the user needs to have their past SMS messages redelivered to them, their message will be sent back down and decrypted via the private key stored in memory.
Do you collect IP Addresses of people using the web chat?
We host our services with Google Cloud Compute. We use their Council Bluffs, Iowa data centers. You can read more about Google's data centers here.
For anyone, especially international organizations, concerned about the U.S. Government's ability to issue court orders to hosting providers to retrieve data held on their servers, we would like to remind you that all data saved on the ResourceConnect server is encrypted with a key that only your organization has. And all Web Chat data is encrypted using this key before it even reaches the ResourceConnect/Google server.
It's because of this that we firmly believe that your data is actually not hosted at Google's Data Center in the United States. Your data is hosted only on the machines that have your encryption key saved on them. Those are the only machines that actually have a possibility of reading the data. It is mathematically impossible for anyone else to read your data without your key.
Here's an analogy we use to further drive home this point... Let's say you had a valuable ceramic bowl that you wanted us to keep safe for you. But before you gave us the bowl you smashed it with a hammer a million times until it turned into a fine powder; then you gave us that powder. At that point are we then actually holding your bowl? We feel like the answer is 'No'. Your bowl is no longer your bowl. Anyone looking at this ceramic powder wouldn't even be able to tell what it used to be. (For the sake of this analogy let's assume you have a magic wand that can turn the powder back into a bowl.)
We feel like the same is the case with your data. We are not actually holding your data; we are only holding the indistinguishable fragments of what your data used to be. And when we give you back the indistinguishable fragments of your data your computer does some "magic" decryption to turn those fragments back into something that's readable.
We recognize that many jurisdictions have regulations that require data to be hosted locally. We completely agree with the reasoning behind these regulations. The U.S. Government does, indeed, over-reach with their powers from time to time (to put it mildly). But these regulations were all written before the rise in end-to-end encryption services. Any provider who builds an end-to-end encrypted service is creating their platform to protect against the same eventualities as the regulators who write laws requiring local data storage. We will make ourselves completely available to any regulator who wants to learn more about end-to-end encryption in an effort to modernize their regulations. And we are actively engaged in various conversations with regulators outside of the U.S. to help bring them on board.
In the meantime, if you'd like to use ResourceConnect but are faced with a "local data storage" regulation; it's up to you whether you agree with our ardently held belief that your data is actually stored only on your own computers (which is about as local as you can get!)
What is your backup/data-retention policy?
The source code, SQL structure, and some SQL tables are backed up daily. These daily backups are kept on the same server as the live data and are retained for one week. Then, weekly backups are copied to an Amazon S3 bucket. These weekly backups are retained for a year.
We do not backup the SQL tables containing client information and messages. Even though these messages are encrypted, it just doesn’t seem worth keeping copies of messages around that don’t really need to survive the unlikely technological disaster.
Is ResourceConnect HIPAA Compliant?
Yes it is. But we always like to remind people that HIPAA is not the magical security regulation that some people think it is. It is incredibly easy for any provider to claim they are HIPAA compliant and there exists no regulatory system to verify providers' claims.
There are much more telling questions to ask a provider in order to find out if the product they offer is secure. We have tried our best to include all of these potential questions in this FAQ section. Let us know if you have a technical question that is not mentioned here.
Is ResourceConnect open source?
It is, and it isn't. Almost all of the key actions that require security and confidentiality are done via the web browser of providers and the people providers are communicating with. Since all code that takes place in the browser is visible to anyone with a certain amount of technical understanding, it could be said that this code is open source.
The code that exists on our servers is not open source. But there's really not anything unique happening there. We have one LAMP server that doles out the standard HTTP fare, and a Node/Websockets server that basically makes sure already-encrypted chat messages get from Point A to Point B.
Feel free to sign up for an account and use your one month free trial period to get someone with technical know-how to look at the code in the Provider Chat to verify the claims we're making.
Taking a look at the data that gets sent to and from the Node server can be a good first step in assuring the communications are end-to-end encrypted. Here's a quick guide on where to look in Chrome Developer tools:
• Log into the Provider Chat
• In Developer Tools, go to the Network Tab
• In the "Filters" section click on "WS" to see only the Web Sockets connection
• You should now see "ws.resourceconnect.com" on the left. Click on that.
• Then in the resulting section that appears, click on the "Frames" tab
• Finally, you may need to drag one of the horizontal lines in that section down to make visible the list of frames being sent using the Web Sockets connection.
• Click on a frame to see the data being sent. Most frames will be "heartbeat" messages that don't show anything special. Try to see if you can find a frame of when a message was either being sent or delivered.
How long are messages retained?
Individual messages are kept on the ResourceConnect server until they expire or are manually deleted. A single message can be manually deleted. An entire conversation's worth of messages can also be deleted at once. We recommend deleting an entire conversation's worth of messages as soon as the conversation is over. In today's world there is too often a tendency to feel like if something is digital it must be retained forever. But try to think as ResourceConnect as just a digital version of a phone hotline. If you wouldn't record the phone calls with someone you shouldn't keep around your messages on ResourceConnect.
Messages expire automatically depending on the settings that an administrator sets in the Admin panel. Web and SMS chat messages can be set with different lengths of time. For example, you can set all Web messages to be removed from the server after 1 hour.
When a message is deleted (either by expiration or by a manual action) it is as gone as it possibly can be. Absolutely nothing about the message's existence is kept on the ResourceConnect server. The message is removed from user's and web chatters screens. Note that either your user or a web chatter could have taken a screen shot of the message. Unfortunately there's nothing we can do to prevent that from being a possibility or even recognize if a screen shot has been taken.
Also note that the only way to delete messages on an SMS chatter's phone is for that person to manually delete them. There is no way for a provider, or even a phone company, to delete messages off someone's phone. This is yet another reason why you should try not to have confidential conversations over SMS.
What kind of meta-data is stored for messages/chatters?
The following information is collected for each chatter:
• A random six digit ID
• The Provider the conversation is related to
• The user at the Provider currently assigned to the conversation
• The list of users who currently have the conversation muted.
• Whether the conversation is ignored or not.
• The date/time the conversation started
• The date/time the conversation was last active
• Potentially a custom name of the chatter if any Provider user has entered one. The name is encrypted with the provider's unique encryption key.
• If an SMS Chatter: The phone number in plain text.
• If a Web Chatter: The unique encryption key for the conversation, encrypted with the Provider's public key
• If a Web Chatter: A SHA-256 Hash of the encryption key used for the conversation
• If a Web Chatter: Some salt
The following information is collected for each message:
• The date and time the message was sent
• The date and time the message was first read by the Provider
• Which Provider it was to
• Which system assigned client ID the message is related to
• If a message from a user, the user at the Provider who sent the message
• The encrypted message
• If an SMS message: The unique encryption key used to encrypt the message, encrypted on the ResourceConnect server with the Provider's public key
• If an SMS message: The Initialization Vector used to encrypt the message
Also, you may notice from the above that the encryption scheme is different depending on whether the conversation is a web chat or an SMS chat. This is all by necessity. Some reasons why are discussed here.
Is it possible for ResourceConnect to have a data breach?
Yes. Any internet based provider who claims to have a service that is completely immune to data breaches is either lying to you or is completely oblivious to the realities of the world we live in. The technology that powers our world is amazing and gets more and more amazing every day. But it's still technology designed and operated by humans. And humans make mistakes.
We at ResourceConnect take all the same steps any responsible service provider would take to protect their systems. Things like keeping software updated, penetration testing, reviewing logs of suspicious activity, protecting against injection/XSS attacks, denying massively repeated requests from the same IP address, restricting administrative access to the server to only key individuals and only on secured devices, etc.
But with all those steps taken, the unthinkable could still happen. One look at any week's technology headlines provides the proof that no one is immune from this being a potential situation.
This is why we believe Zero Knowledge encryption is absolutely key. With Zero Knowledge encryption, a data breach does not mean confidential data is exposed. A further set of catastrophic failures would have to also occur before confidential data could ever be read by an outside party.
What would you do in the event of a data breach?
We would send an email with all relevant information to all users at all providers who have administrative privileges.
If we experienced a data breach and didn't have full knowledge about what occurred, we would possibly shut down the service immediately and without warning while we investigated.
Does ResourceConnect ever go down for maintenance?
We have ResourceConnect mirrored on another server. All updates are build and tested there before being released to the live server.
When updates are applied to the live server we must reboot the server, which disconnect all users (chatters and users). All users are shown an alert that this is about to happen and are given a few minutes to finish up their conversation.
After the server is rebooted, any web chatter will be assigned a new six digit ID and the conversation will be disjointed from the pre-reboot conversation.
We cannot say with what regularity this might happen. It all depends on the current needs of our users and our current production schedule. But we are aware of the inconvenience this reboot causes and thus do not do it regularly and try to do it during non-busy times.
What are your plans in case of unexpected downtime?
Simply put, we'd fix the problem. And if we felt like the unexpected downtime had a long duration or produced errors that chatters or users could find concerning, we would update all users set with administrative privileges.
What browsers will ResourceConnect work on?
The ResourceConnect External Web Chat page should work on all browsers. The experience will be very poor on Internet Explorer. But it will still function. Hopefully at this point very few people are still using Internet Explorer.
The ResourceConnect Provider Portal page will work on updated versions of Chrome, Firefox, Edge, and Safari. It will not work on Internet Explorer at all. When using Internet Explorer, or some very out of date version of Chrome/Firefox/Edge/Safari, a provider user will see an error message explaining the issue.
It should be incredibly rare that a provider user would be using an outdated version of Chrome, Firefox, Edge, and Safari. It's not possible to say exactly what the cut-off is for which versions those browsers are supported vs not. For your internet safety in general, you really should just make sure your browser is always set to upgrade to the newest versions and don't ignore your browser's warnings to update.
Also, make sure you understand that Microsoft's current web browser is called "Edge". You may think you're using Internet Explorer but actually be using Microsoft Edge.
The end-to-end encryption of ResourceConnect is retained for all supported browsers.
Does ResourceConnect support any kind of Single Sign On?
Single Sign On is a special framework that allows a person to have one password/login that gains them entry into any other supporting system.
ResourceConnect does not support this feature.
Use this form to get in touch with us!
Ready to get started with ResourceConnect? You're just a button click away from the sign-up form.