މޮޑެރޭޝަން ޕޮލިސީModeration policy

Baaruveri runs two parallel tiers of identity. Both are first-class; neither is a downgrade of the other.

• Anonymous tier— for everyday civic speech: reading, voting, posting comments on threads, replying. No eFaas verification required. We don’t log your IP. Rate limits use a device fingerprint that we cannot reverse to identify you.
• eFaas-verified tier — required for two acts: signing a petition (because the threshold mechanic has to be enforceable against the government, and that means each signature has to be unique and verifiable) and posting in flagged-issue threads (a small set of issue tags where coordinated inauthentic behaviour is most damaging — currently judiciary; the list is published below).

Why two tiers and not one: forcing eFaas for everything would silence the people the platform exists to amplify. Allowing anonymity for everything would make threshold-triggered accountability mechanics unenforceable. Two tiers is the only shape that works for both jobs.

The following issue tags require eFaas verification to post (reading and voting are still anonymous). The list is public and changes go through a public deliberation:

• Judiciary — coordinated brigading observed in 2024-2025; verified posting reduces the harm without removing the conversation.

All other tags (housing, climate, fisheries, education, decentralisation, procurement) accept anonymous-tier posting in v0. The flagged list is reviewed every quarter with a public consultation thread before any addition.

We do not pre-screen posts. The moderation flow is:

1. Anyone reads, votes, posts.
2. Anyone reports a post they think violates the policy.
3. A human reviews within 24 hours (target; v0 has one moderator).
4. If the post is removed, the action and the rationale go into a public takedown log (see §05).
5. The author can appeal once; the appeal review goes into the same log.

We don’t use automated moderation. We don’t use ML classifiers to predict likely violations. The platform is small enough that a human reading is the right tool, and the cost of algorithmic errors against political speech is asymmetric.

The narrow list of removable content:

• Specific, credible threats of violence against an identifiable person.
• Doxxing — publishing someone’s NID, home address, phone number, or comparable PII without consent.
• Sexual content involving minors, full stop.
• Coordinated inauthentic behaviour proven via post-publication forensics (the same content posted from multiple accounts in a coordinated burst). Individual heated speech does not qualify.
• Petition signature fraud — gaming the eFaas verification flow.

Things we don’t remove: criticism of public officials, claims that turn out to be wrong but were posted in good faith, sharp rhetoric, anonymous accusations against named institutions (institutions are not protected the same way individuals are).

Every removal lands in a public log. The log row includes: post permalink, timestamp of removal, the removable category from §04, the moderator’s rationale (1-3 sentences), appeal status, and the original author’s username (anon or verified).

Takedown log lives at /about/takedowns — empty until the first takedown happens, then every row from then on. The log is the accountability mechanism on the moderation side: if you think we’re removing the wrong things, the log is your evidence.

The Maldives civic space is rated obstructedby CIVICUS as of the 2024 monitoring cycle. That means there are credible, documented patterns of consequence for citizens who speak about specific institutions. Baaruveri’s anonymous tier is built for that reality:

• No IP logging on anon-tier posts.The reverse proxy strips X-Forwarded-For before the request reaches application code. We can’t hand over what we don’t keep.
• Device fingerprint, not user fingerprint.Rate limits use a hash of UA + screen geometry + a rotating salt. The hash isn’t reversible to a person and rotates monthly.
• Takedown log is public. If a request to remove a post comes from a government channel, the request itself goes in the log alongside the action — citizens can see who asked.
• Verified tier is opt-in, never inferred.If you post anonymously about housing and verified about a petition, we don’t link the two. The eFaas claim is scoped per action.

Honest scope cuts. These land post-v0:

• Real eFaas OIDC integration (currently a stub).
• The takedown log page itself (the policy is in place; the public log lands when the first real takedown happens).
• Polis-style consensus clustering on contested threads (the data shape is ready; the UI lands when there are enough votes per claim to make the clustering meaningful).
• An appeals board independent of the platform team.

One human reviews reports in v0. To reach them:

• The Report button on any post (preferred — routes the post URL with your message).
• Email moderation@baaruverifor anything that doesn’t fit the report flow (this is a v0 placeholder — real address lands with eFaas).

Response target: 24 hours for active reports, 7 days for appeals.