+ Add a card
Common Ground · Strategy Cards

Strategy Cards

A working deck of collective-action strategies against algorithmic harm, read through an LGBTQIA2S+ lens. Filter by where the strategy lands in the pipeline, what it tries to do, and whether there’s documented community evidence yet. The data behind this deck is edited in a shared Google Sheet and re-synced on every build.

Print PDF (Letter landscape, double-sided)

Mechanism
Motivation
Evidence
01
DATAOPT-OUT

Data Refusal, Data Strikes and Data Leverage

Data leverage refers to strategies users can employ to influence systems that depend on their data, by altering their data-related contributions. Vincent et al., 2021 outline three strategies: withholding or ceasing contributions (data strikes), deliberately corrupting data (data poisoning), and intentionally sharing data with value-aligned platforms (conscious data contribution). Drawing on feminist and Indigenous scholarship, Data refusal frames non-participation as a political act that challenges the authority of data collectors.

Difficulty
CollectiveAny
№ 01 / 17Vincent et al., 2021; Zong & Matias, 2024
01Data Refusal, Data Strikes and Data Leverage
LGBTQIA2S+ ExampleData Refusal practices refer to the refusal of harmful data regimes rather than negotiation within them, a commitment articulated most directly in feminist data scholarship (FeministDataManifestNo). Within the LGBTQIA2S+ context, evidence of this can be seen in how trans activists handle data about their own communities. Stevens & Doğan, 2025 interview 16 activists working across community healthcare, media production, and policymaking, asking how trans activists use data in their activism (Stevens & Doğan, 2025). They find that participants' tactical approaches to data and data science are consistent with contemporary approaches to data refusal, while the study itself moves past refusal to theorize a broader trans data epistemology. Doğan et al., 2025 extends these tactics can benefit data advocacy and CSCW research and design (Doğan et al., 2025).
References
  1. Vincent, N., Li, H., Tilly, N., Chancellor, S., & Hecht, B. (2021). Data Leverage: A Framework for Empowering the Public in Its Relationship with Technology Companies. Proceedings of the 2021 ACM Conference on Fairness, Accountability, and Transparency.
  2. Zong, J., & Matias, J. N. (2024). Data refusal from below: A framework for understanding, evaluating, and envisioning refusal as design. ACM Journal on Responsible Computing.
  3. Feminist Data Manifest-No --- manifestno.com. https://www.manifestno.com/.
  4. Stevens, N., & Doğan, A. L. (2025). Trans data epistemologies: Transgender ways of knowing with data. Big Data & Society.
  5. Doğan, A. L., Stevens, N., & D'Ignazio, C. (2025). Trans Data: A Research and Design Agenda from Trans Activists' Transformative Data Science. Proceedings of the ACM on Human-Computer Interaction.
02
DATAINTERVENE

Data Poisoning

Data poisoning attacks involve perturbing input samples so that, when they are used for training AI models, they negatively affect the model’s performance (Biggio et al., 2012). The goal of this strategy is influence the model performance when "poisoned" data points are used during training.

Difficulty
CollectiveMedium–Large
№ 02 / 17Biggio et al., 2012
02Data Poisoning
Community LensResearch Gap While literature does not have a lot of evidence of LGBTQIA2S+ community using data poisoning style interventions to prevent harm in algorithmic decision making. Use of tools such as NightShade (Shan et al., 2024) has been documented by artists to prevent explotation of their art without artist consent.
References
  1. Biggio, B., Nelson, B., & Laskov, P. (2012). Poisoning Attacks against Support Vector Machines. ICML.
  2. Shan, S., Ding, W., Passananti, J., Wu, S., Zheng, H., & Zhao, B. Y. (2024). Nightshade: Prompt-Specific Poisoning Attacks on Text-to-Image Generative Models. SP.
03
DATAOPT-OUT

Unlearnable Examples

Unlearnable examples (Huang et al., 2021), adds error-minimizing noise to training data samples so that machine learning models cannot extract meaningful patterns from them. The goal of this noise can be seen as a way to trick the model into believing there is "nothing" to learn from these example(s). These perturbations cause the model to treat the protected data as uninformative.

Difficulty
CollectiveSmall–Any
№ 03 / 17Huang et al., 2021
03Unlearnable Examples
Community LensResearch Gap Examples of unlearnable examples can be seen in cases such as Sun et al., 2022 which protects open-source code from unauthorized training usage. However, no direct evidence of LGBTQIA2S+ community using tools like unlearnable examples in literature has been documented.
References
  1. Huang, H., Ma, X., Erfani, S. M., Bailey, J., & Wang, Y. (2021). Unlearnable Examples: Making Personal Data Unexploitable. ICLR.
  2. Sun, Z., Du, X., Song, F., Ni, M., & Li, L. (2022). CoProtector: Protect Open-Source Code against Unauthorized Training Usage with Data Poisoning. WWW.
04
DATAOPT-OUT

Data Defences

Data defences (Agnew et al., 2024) enable data owners to prevent large language models (LLMs) from inferring personally identifying information (PII) from textual content. These defenses operate by embedding adversarial prompt injections, specifically crafted to prevent PII extraction, within the original text.

Difficulty
CollectiveAny
№ 04 / 17Agnew et al., 2024
04Data Defences
Community LensResearch Gap Data defenses are realized by Agnew et al., 2024, who automatically generate adversarial prompt injections that, appended to input text, reduce an LLM's ability to infer PII about the subject or reuse copyrighted content, with a public tool for protecting text before publication (wagnew3.github.io/LLM-Data-Defenses). No direct evidence of LGBTQIA2S+ community use of data defenses in literature has been documented.
References
  1. Agnew, W., Jiang, H. H., Sum, C., Sap, M., & Das, S. (2024). Data Defenses Against Large Language Models. arXiv preprint arXiv:2410.13138.
05
DATAAUDIT

Data Archival & Activism

Data archiving and Data Activism can serve as an act of grassroots resistance. Currie & Paris, 2018 argue that preserving data over the long term is itself an activist project, discussing two literatures that have largely developed in isolation. They identify several shared affinities between archival activism and data activism: both respond to institutional neglect of marginalized perspectives, both seek to make overlooked issues visible and taken seriously in public discourse, and both push beyond standard ways of recording history and presenting statistical evidence. Related practices of counter-data production involve communities assembling their own case records and statistics not only to fill gaps left by official sources but also to reframe public narratives, influence policy, and support affected communities (D’Ignazio et al., 2025)

Difficulty
CollectiveSmall–Medium
№ 05 / 17D’Ignazio et al., 2025; Currie & Paris, 2018
05Data Archival & Activism
LGBTQIA2S+ ExampleData archival and activism is documented in Doğan et al., 2025, who study trans activist data practices through a restorative/transformative data science lens and find that recording occurs beyond counting, through archiving and documenting unstructured forms of data. Concrete instances include DigitalTransgenderArchive, a repository preserving and providing access to transgender history, and Felkner et al., 2023, a community-sourced benchmark generated from a community survey to measure anti-LGBTQ+ bias in language models.
References
  1. D’Ignazio, C., Cruxên, I., Martinez Cuba, A., Suarez Val, H., Dogan, A., & Ansari, N. (2025). Geographies of missing data: Spatializing counterdata production against feminicide. Environment and Planning D: Society and Space.
  2. Currie, M. E., & Paris, B. S. (2018). Back-ups for the future: archival practices for data activism. Archives and Manuscripts.
  3. Doğan, A. L., Stevens, N., & D'Ignazio, C. (2025). Trans Data: A Research and Design Agenda from Trans Activists' Transformative Data Science. Proceedings of the ACM on Human-Computer Interaction.
  4. Digital Transgender Archive. https://www.digitaltransgenderarchive.net/.
  5. Felkner, V. K., Chang, H. H., Jang, E., & May, J. (2023). WinoQueer: A Community-in-the-Loop Benchmark for Anti-LGBTQ+ Bias in Large Language Models. ACL (1).
06
MODELAUDIT

Confidentiality Attacks (Repurposing)

Confidentiality attacks compromise a platform's ability to secure its data and models. Platforms developing AI systems often treat their models as proprietary assets, making them accessible only through paid APIs. However, these models remain vulnerable to model extraction attacks, in which an adversary with black-box access to a prediction API attempts to reconstruct the underlying model by using its predictions to train a substitute model (Tramèr et al., 2016).

Difficulty
CollectiveSmall (skilled)
№ 06 / 17Tramèr et al., 2016
06Confidentiality Attacks (Repurposing)
Community LensResearch Gap No direct evidence of LGBTQIA2S+ community use of model extraction as resistance has been documented in literature.
References
  1. Tramèr, F., Zhang, F., Juels, A., Reiter, M. K., & Ristenpart, T. (2016). Stealing Machine Learning Models via Prediction APIs. USENIX Security Symposium.
07
MODELAUDIT

Integrity Attacks / Adversarial Examples (Repurposing)

Integrity attacks aim to subvert or change the behaviour of algorithmic systems. Users wishing to correct algorithmic behaviour without relying on platforms may be motivated to repurpose these attacks to either evade algorithmic decisions or modify data to get favorable outcomes. Example of repourposing can be seen through Adversarial examples which are perturbed inputs designed to "trick" machine learning models into making incorrect predictions at inference time (Goodfellow et al., 2015; Szegedy et al., 2014).

Difficulty
CollectiveSmall (skilled)
№ 07 / 17Goodfellow et al., 2015; Szegedy et al., 2014
07Integrity Attacks / Adversarial Examples (Repurposing)
Community LensResearch Gap Facial recognition is a heavily documented site of LGBTQIA2S+ harm, particularly automatic gender recognition (Keyes, 2018, Scheuerman et al., 2019). One of the response pathways has been regulatory, such as LGBTQ groups joining the ACLU facial recognition letter (Tech). However, no direct evidence of community use of tools / repurposing integrity attack such as Fawkes or LowKey has been documented in literature.
References
  1. Goodfellow, I. J., Shlens, J., & Szegedy, C. (2015). Explaining and Harnessing Adversarial Examples. International Conference on Learning Representations 2015.
  2. Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., & Fergus, R. (2014). Intriguing Properties of Neural Networks. arXiv.
  3. Keyes, O. (2018). The Misgendering Machines: Trans/HCI Implications of Automatic Gender Recognition. Proc. ACM Hum. Comput. Interact..
  4. Scheuerman, M. K., Paul, J. M., & Brubaker, J. R. (2019). How Computers See Gender: An Evaluation of Gender Classification in Commercial Facial Analysis Services. Proc. ACM Hum. Comput. Interact..
  5. Tech, L.. LGBT Tech signs ACLU letter on facial recognition --- lgbttech.org. https://www.lgbttech.org/post/lgbt-tech-signs-aclu-letter-on-facial-recognition.
08
MODELINTERVENE

Availability Attacks (Repourposing)

Availability attacks aim to compromise the reliability of a system or hinder users' access to it, effectively degrading its normal functionality. Shumailov et al., 2021 introduce sponge examples, inputs crafted to drastically increase energy consumption during inference.

Difficulty
CollectiveSmall–Any
№ 08 / 17Shumailov et al., 2021
08Availability Attacks (Repourposing)
Community LensResearch Gap No evidence of LGBTQIA2S+ community use has been documented in literature, consistent with the absence of any realized resistance use of sponge examples.
References
  1. Shumailov, I., Zhao, Y., Bates, D., Papernot, N., Mullins, R., & Anderson, R. (2021). Sponge Examples: Energy-Latency Attacks on Neural Networks. 2021 IEEE European Symposium on Security and Privacy (EuroS&P).
09
MODELINTERVENE

Algorithmic Collective Action (ACA)

Algorithmic Collective Action (ACA), introduced by Hardt et al., 2023, provides a framework for analyzing how coordinated data modifications by groups of individuals can influence the behavior of deployed models. Given a collective data-modification strategy, the ACA framework can determine the minimum collective size required to achieve a desired level of success, as well as how success scales with collective size.

Difficulty
CollectiveSmall (skilled)
№ 09 / 17Hardt et al., 2023
09Algorithmic Collective Action (ACA)
Community LensResearch Gap Algorithmic Collective Action as formalized by Hardt et al., 2023, coordinated data modification that moves a deployed model toward a target with success scaling in collective size, has no documented LGBTQIA2S+ instance. The nearest documented collective practice is algospeak (Steen et al.), where LGBTQ+ creators collectively alter language to contest TikTok moderation that has suppressed queer content without guideline violations. Algospeak is could also be considered part of folk-theorisation.
References
  1. Hardt, M., Mazumdar, E., Mendler-Dünner, C., & Zrnic, T. (2023). Algorithmic collective action in machine learning. International Conference on Machine Learning.
  2. Steen, E., Yurechko, K., & Klug, D.. You Can (Not) Say What You Want: Using Algospeak to Contest and Evade Algorithmic Content Moderation on TikTok. Social Media + Society.
10
PLATFORMAUDIT

Folk Theorisation

When users encounter an algorithmic system, they can form an experiential understanding of these systems based on their interactions. This understanding, termed folk theorisation (Karizat et al., 2021), could involve trying various inputs, creating community knowledge, and trying to understand the working of the algorithms through trial and error. Folk theorisation could be used to form a shared understanding of the system.

Difficulty
CollectiveAny
№ 10 / 17Karizat et al., 2021
10Folk Theorisation
LGBTQIA2S+ ExampleFolk theorisation is a well documented LGBTQIA2S+ practice. Monea, 2023 shows queer TikTok users building intuitive folk knowledge of the platform's blackboxed algorithm and opaque moderation, then obscuring words and scenes to evade cisheteronormative censorship, and DeVito, 2022 documents how transfeminine creators theorise and navigate algorithmic visibility. Single-actor and expressive variants such as Chokly, 2024 also are examples here for folk theorisation.
References
  1. Karizat, N., Delmonaco, D., Eslami, M., & Andalibi, N. (2021). Algorithmic Folk Theories and Identity: How TikTok Users Co-Produce Knowledge of Identity and Engage in Algorithmic Resistance. Proc. ACM Hum. Comput. Interact..
  2. Monea, A. (2023). Cruising TikTok: Using algorithmic folk knowledge to evade cisheteronormative content moderation. AoIR Selected Papers of Internet Research.
  3. DeVito, M. A. (2022). How Transfeminine TikTok Creators Navigate the Algorithmic Trap of Visibility via Folk Theorization. Proc. ACM Hum.-Comput. Interact..
  4. Chokly, K. (2024). Today’s Gender Is No: Genderbot’s Algorithmic Platform Resistance. TOPIA: Canadian Journal of Cultural Studies.
11
PLATFORMAUDIT

Everyday Algorithmic Auditing

Users, during their everyday interaction with algorithmic systems, may notice and report inaccuracies, discriminatory behavior, or harms that algorithms cause on the platform. Shen et al., 2021 describe the process where users of a system detect, understand, and interrogate harms of the system from their everyday interactions as everyday algorithm auditing. It offers a user-driven solution for communities to observe and report harms they encounter in their regular interaction with algorithmic systems.

Difficulty
CollectiveAny
№ 11 / 17Shen et al., 2021
11Everyday Algorithmic Auditing
LGBTQIA2S+ ExampleEveryday algorithmic auditing (Shen et al., 2021), where users surface harmful algorithmic behaviour through ordinary interaction, for instance Dennler et al., 2023, a Queer in AI participatory workshop critiquing and redesigning bias bounties from queer perspectives.
References
  1. Shen, H., DeVos, A., Eslami, M., & Holstein, K. (2021). Everyday Algorithm Auditing: Understanding the Power of Everyday Users in Surfacing Harmful Algorithmic Behaviors. Proceedings of the ACM on Human-Computer Interaction.
  2. Dennler, N., Ovalle, A., Singh, A., Soldaini, L., Subramonian, A., Tu, H., Agnew, W., Ghosh, A., Yee, K., Peradejordi, I. F., Talat, Z., Russo, M., & Pinhal, J. D. J. D. P. (2023). Bound by the Bounty: Collaboratively Shaping Evaluation Processes for Queer AI Harms. Proceedings of the 2023 AAAI/ACM Conference on AI, Ethics, and Society.
12
PLATFORMOPT-OUT

Platform Migration & Conscious Data Contribution

Platform migration involves users collectively moving to alternative platforms, either as protest or to seek environments better aligned with their values. Migration can function as a form of data strike (Vincent et al., 2019) when it withdraws user-generated content and engagement from an incumbent platform, while simultaneously serving as conscious data contribution (Vincent & Hecht, 2021) to a competitor.

Difficulty
CollectiveLarge
№ 12 / 17Vincent & Hecht, 2021
12Platform Migration & Conscious Data Contribution
LGBTQIA2S+ ExampleExample of platform migration is can be seen in documented cases for queer communities in Pan et al., 2025, which traces users moving from TikTok to RedNote after the temporary US TikTok ban and the diffusion of the #wlw hashtag into RedNote.
References
  1. Vincent, N., & Hecht, B. (2021). Can" Conscious Data Contribution" Help Users to Exert" Data Leverage" against Technology Companies?. Proceedings of the ACM on Human-Computer Interaction.
  2. Vincent, N., Hecht, B., & Sen, S. (2019). ``Data Strikes'': Evaluating the Effectiveness of a New Form of Collective Action against Technology Companies. The World Wide Web Conference.
  3. Pan, Z., Zhang, R., Luo, J., Zhang, Y., Deng, Y., & Ma, X. (2025). From Platform Migration to Cultural Integration: The Ingress and Diffusion of #wlw from TikTok to RedNote in Queer Women Communities. Companion Publication of the 2025 Conference on Computer-Supported Cooperative Work and Social Computing.
13
PLATFORMAUDIT

Harm Reporting Infrastructure

Harm reporting infrastructure provides channels through which users can document and aggregate evidence of algorithmic failures. This includes platform-internal reporting mechanisms (e.g., flagging or appeals processes), as well as external databases (McGregor, 2020, AIAAICRepository), which catalogs real-world AI failures to prevent their recurrence. Recent work has proposed reporting-based frameworks for identifying systematic algorithmic harms from individual user reports (Dai et al., 2025). Unlike everyday algorithmic auditing, which describes an organic user-driven process, harm reporting infrastructure refers to the systems and tools that facilitate the collection and aggregation of such evidence.

Difficulty
CollectiveMedium–Large
№ 13 / 17Dai et al., 2025
13Harm Reporting Infrastructure
LGBTQIA2S+ ExampleBoth the AI Incident Database (McGregor, 2020) and the AIAAIC Repository (AIAAICRepository) catalog harms affecting LGBTQIA2S+ people, for example AIAAIC's entry on the HRT Transgender dataset that exposes how trans people's data was collected without consent.
References
  1. Dai, J., Gradu, P., Raji, I. D., & Recht, B. (2025). From Individual Experience to Collective Evidence: A Reporting-Based Framework for Identifying Systemic Harms. Forty-Second International Conference on Machine Learning.
  2. McGregor, S. (2020). Preventing Repeated Real World AI Failures by Cataloging Incidents: The AI Incident Database.
  3. AIAAIC - AIAAIC Repository.
14
PLATFORMINTERVENE

User-Facing Resistance Tools

Mechanisms described in various other cards have been packaged into user-facing tools that lower the technical barrier to adoption. These tools bridge the gap between academic research on adversarial techniques and practical community use.

Difficulty
CollectiveAny
№ 14 / 17
14User-Facing Resistance Tools
LGBTQIA2S+ ExampleSeveral mechanisms are packaged into downloadable or web tools that lower the technical barrier: Glaze (Shan et al., 2023) and Nightshade(Shan et al., 2024) for artists, Fawkes (Shan et al., 2020) and the LowKey (Cherepanova et al., 2021) webtool for facial privacy, and the LLM Data Defenses tool (wagnew3.github.io/LLM-Data-Defenses) for text. These are general-purpose and available to anyone, not built for or specific to LGBTQIA2S+ users. The community relevance lies in who chooses to deploy them, for example trans users adopting facial-privacy tools against recognition to prevent automatic gender recognition, not in the tools themselves being community-specific.
References
  1. Shan, S., Cryan, J., Wenger, E., Zheng, H., Hanocka, R., & Zhao, B. Y. (2023). Glaze: Protecting Artists from Style Mimicry by Text-to-Image Models. Proceedings of the 32nd USENIX Conference on Security Symposium.
  2. Shan, S., Ding, W., Passananti, J., Wu, S., Zheng, H., & Zhao, B. Y. (2024). Nightshade: Prompt-Specific Poisoning Attacks on Text-to-Image Generative Models. SP.
  3. Shan, S., Wenger, E., Zhang, J., Li, H., Zheng, H., & Zhao, B. Y. (2020). Fawkes: Protecting Privacy against Unauthorized Deep Learning Models. Proceedings of the 29th USENIX Conference on Security Symposium.
  4. Cherepanova, V., Goldblum, M., Foley, H., Duan, S., Dickerson, J., Taylor, G., & Goldstein, T. (2021). LowKey: Leveraging Adversarial Attacks to Protect Social Media Users from Facial Recognition. arXiv.
15
PLATFORMAUDIT

Algorithmic Abandonment

When users or media highlight discriminatory behavior, this can build public pressure on the platforms to correct this behaviour. In some cases, platforms might also decide to discontinue harmful algorithms. Johnson et al., 2024 define algorithmic abandonment as a decision made by actors with jurisdiction over the system to discontinue the process of developing, deploying, or using the algorithm due to its (potential) harms.

Difficulty
CollectiveLarge
№ 15 / 17Johnson et al., 2024
15Algorithmic Abandonment
Community LensResearch Gap Hern Microsoft retires Face API features such as infer emotional states, gender, age, smile, facial hair, hair, and makeup.
References
  1. Johnson, N., Moharana, S., Harrington, C. N., Andalibi, N., Heidari, H., & Eslami, M. (2024). The Fall of an Algorithm: Characterizing the Dynamics toward Abandonment. FAccT 2024.
  2. Hern, A.. Microsoft limits access to facial recognition tool in AI ethics overhaul --- theguardian.com. https://www.theguardian.com/technology/2022/jun/22/microsoft-limits-access-to-facial-recognition-tool-in-ai-ethics-overhaul.
16
PLATFORMAUDIT

Demanding Less Discriminatory Algorithms

AI systems often show model multiplicity (Black et al., 2022), where several models reach similar accuracy but make different decisions or behave differently overall. When models perform equally well but some cause less harm to affected groups, communities can reasonably push for the less harmful ones to be used. Black et al., 2023 argue that service providers should have a legal obligation to look for and adopt less discriminatory algorithms (LDAs) that reduce unequal harm across groups.

Difficulty
CollectiveMedium–Large
№ 16 / 17Black et al., 2023
16Demanding Less Discriminatory Algorithms
Community LensResearch Gap No direct evidence of LGBTQIA2S+ community use of model mutiplicity as legal resistance has been documented in literature.
References
  1. Black, E., Koepke, J. L., Kim, P., Barocas, S., & Hsu, M. (2023). Less Discriminatory Algorithms. Social Science Research Network.
  2. Black, E., Raghavan, M., & Barocas, S. (2022). Model Multiplicity: Opportunities, Concerns, and Solutions. Proceedings of the 2022 ACM Conference on Fairness, Accountability, and Transparency.