🌍 The Crumbforest: A Local‑First Learning Infrastructure for Child Protection

UNHCR‑Aligned Version · v1.0

Author: Branko May Trinkwald
Affiliation: OZM gGmbH · CrumbCrew
Date: February 2026

Executive Summary

The Crumbforest is a local‑first, offline‑capable, child‑centred learning infrastructure designed for use in fragile, low‑connectivity, and high‑risk environments, including refugee settlements, displacement settings, and humanitarian classrooms.
Its primary purpose is to provide safe access to digital learning tools without storing personal data, without requiring cloud connectivity, and without exposing children or communities to digital surveillance risks.

The system runs on widely available, low‑cost hardware (Raspberry Pi, ESP32), uses open standards (Debian, Go, PostgreSQL + pgvector, WireGuard), and is designed so that every component can be audited, reset, or rebuilt locally.

The Crumbforest aligns with the following UNHCR principles:
- Minimal Data & Consent: fully adherent to UNHCR Data Protection Policy (Principles 1–3).
- Do No Harm: no persistent identifiers, no remote analytics, no profiles, no tracking.
- Protection Mainstreaming: architectures designed to prevent misuse, coercion, or surveillance.
- Local Agency: can be operated by schools, community centres, and youth mentors without external dependency.
- Low Connectivity Resilience: usable entirely offline, functional in constrained environments.

1. Purpose & Context

Children in humanitarian settings face structural barriers:
- Unreliable electricity
- Intermittent or absent internet
- Expensive or unsafe digital platforms
- High risk of data exploitation or surveillance

The Crumbforest provides a safe, local alternative.
It is not a cloud service, commercial platform, or learning management system.
It is an infrastructure pattern — a way to build learning spaces that:
- work offline
- can be repaired locally
- do not collect data
- keep children safe by design

This is consistent with UNHCR Child Protection Minimum Standards (CPMS 2024):
- Standard 7 (Education)
- Standard 9 (Data & Information Management)
- Standard 11 (Community-based Child Protection)

2. System Roles

The Crumbforest avoids digital identity, accounts, and profiles.

KrĂŒmel (Learners)

Any child engaging with the system.
No login. No persistent account. No behavioural data recorded.

Local Mentors / Meisters

Teachers, youth workers, volunteers who maintain the device.
They hold:
- an SSH key (no passwords)
- the ability to reset the system
- the ability to approve new nodes

This follows the CPMS principle of "adult presence and accountable supervision."

OZMAI (Local AI Assistant)

Runs offline, limited to local content only.
No external inference, no internet queries, no external data flow.

CrumbShaolin (System Protectors)

Small group of trusted adults responsible for hardware integrity.
Their role parallels traditional “Focal Points” in humanitarian IT governance.

3. Technical Architecture (UNHCR‑Compliant)

Base Stack

Layer Technology Reason
OS Debian GNU/Linux Stable, audited, long-term support
API Go (single binary) Reliable, simple deployment
Database PostgreSQL + pgvector One system, one source of truth
VPN WireGuard Minimal attack surface, auditable
AI Local inference via Ollama No cloud dependency
Edge ESP32/WLED Affordable visible feedback devices

Security Principles

  • All internal services bind to 10.x.x.x (VPN only).
  • Public exposure limited to Nginx 80/443.
  • SSH key‑only, no password logins.
  • Full system reset possible in under 60 seconds.
  • No telemetry. No logs containing personal data.

=> Matches: UNHCR Data Protection Guideline – Minimal Data Principle.

4. Protection Framework: “KrĂŒmelschutz”

KrĂŒmelschutz is the system’s built‑in safety guarantee:

4.1 No Personal Data

  • No usernames
  • No age, gender, location
  • No behavioural tracking
  • No browsing history
  • No cloud sync

=> Compliance with UNHCR Principle 2 – Purpose Specification
=> System cannot produce identifiable harm.

4.2 Local-Only by Default

If internet exists, the system still operates offline.
If internet does not exist, nothing breaks.

=> CPMS Standard 9: Safe Information Management

4.3 Reset Without Residue

A reset removes all temporary data.
Children leave no digital trace.

4.4 Explicit Boundary (“Passkante”)

Requests that would create a profile or leak sensitive data are blocked systematically.
This boundary is transparent and documented.

=> Protects against coercion, exploitation, and inadvertent data disclosure.

5. Humanitarian Use Cases

5.1 Refugee Settlements

  • Community learning hubs
  • Digital literacy workshops
  • Youth safe spaces
  • Offline coding & robotics clubs
  • Psychosocial support through creative technology

5.2 Low‑Connectivity Rural Schools

  • Curriculum-aligned lessons stored offline
  • Safe experimentation with coding, electronics, and AI
  • Teacher training without cloud reliance

5.3 Emergency Deployments

  • Pelican-case portable kits
  • Solar-compatible
  • Operates without GSM, WiFi, or power grid

5.4 Child-Friendly Spaces

  • ESP32 LEDs visualize activity → reduces fear of tech
  • AI characters (animal metaphors) support educators gently
  • No risk of accidental exposure to harmful content

6. Star Map: Voluntary, Not Mandatory

Crumbforests can form a voluntary network over WireGuard.
Each site retains full autonomy.

Joining the mesh requires:
- local approval
- resonance with safety principles
- no obligation to share data

No node has authority over another — this reflects community-based protection models.

7. Operational Maintenance

Local Ownership

Systems should be operated by:
- local teachers
- youth mentors
- community volunteers

No dependency on external vendors.

Maintenance Tasks

  • daily integrity check script
  • weekly updates
  • periodic reset
  • hardware check (SD cards / power)

Transparency

All code is open-source.
All logs are local and can be inspected by parents, teachers, and humanitarian staff.

8. Compliance & Ethical Guarantees

The Crumbforest aligns with:

✔ UNHCR Data Protection Policy
- Lawfulness & fairness
- Minimal data
- Purpose limitation
- Confidentiality & security

✔ CPMS Standards
- Participatory design
- Non-discrimination
- Safe information handling

✔ Sphere Standards
- Appropriate technology
- Community involvement
- Sustainability

✔ UNESCO AI Ethics Recommendations
- Human agency
- Safety & security
- Environmental sustainability

9. Limitations & Boundaries

  • Not a replacement for national curriculum
  • Not a surveillance or attendance tool
  • Not suitable for high-security biometric systems
  • Not compatible with cloud-based learning analytics

These limitations are intentional and ethically necessary.

10. Conclusion

The Crumbforest demonstrates that digital learning infrastructure can be:
- safe
- local
- offline
- auditable
- child‑centred
- community‑owned

It reframes education as community capability — not a cloud service.

In humanitarian work, where the safety of each child is paramount, the Crumbforest offers a replicable model for creating protected digital spaces where curiosity can grow without risk.

For children.
For educators.
For communities.
For the future.

đŸŒ±đŸ’š