Gender and Tech Resources - User contributions [en]

Taller Autodefensa Digital, Encuentro LBT Feminista, Ecuador

2017-06-19T14:09:36Z

B01:

{{Activities
|Title of the activity=Taller Autodefensa Digital, Encuentro LBT Feminista, Ecuador
|Category=Privacy Advocacy, Digital Security, Gender and Tech
|Start when ?=2017/01/27
|End when ?=2017/01/29
|Number of hours if only one day ?=3
|Where is located the activity ?=Country
|Geo-localization of the activity ?=-0.8627452999999999, -80.5299541
|Who organize it=Fundacion Causana
|organisation(s) website=http://www.causana.org/
|For whom is it organized=Lesbianas y personas trans viviendo en Ecuador
|How many people trained=80
|Motivations for organizing training=Entre del 27 al 29 de enero de 2017, en el pueblo de Crucita provincia de Manabí, nos encontramos kuerpas diversas venidas desde varias ciudades del Ecuador: Tulcán, Ibarra, Cuenca, Quito, Loja, Guayaquil, Pasaje, Quevedo, Riobamba, Manta, Portoviejo, Santa Ana y kuerpas nómadas de Alemania, Colombia y Venezuela que bajo la consigna de KUERPAS SOBERANAS trabajamos, discutimos, cuestionamos y compartimos experiencias y aprendizajes sobre derechos, salud, espacios públicos, realidades locales, incidencia, organización, autodefensa digital, arte disidente, música, poesía, risas, diversión y placer ...

El 7mo. Encuentro LBT feminista fue una jornada maravillosa. Quedamos fortalecidxs y nos llevamos nuevos retos para continuar, entre todxs, la lucha por una vida digna y equitativa!

Gracias a lxs compas que facilitaron los diferentes talleres y actividades.

Ibarra nos espera para el 8vo. Encuentro LBT!
|Topics addressed=seguridad digital, privacidad, lesbianismo, trans, sororidad
|Links about the activity=http://www.causana.org/2017/02/07/las-voces-del-7mo-encuentro-lbt-feminista-de-ecuador/
http://www.causana.org/2017/01/31/7mo-encuentro-lesbitrans-feminista-del-ecuador/
|Upload content=7mo-encuentro.jpg
}}
{{Planning and documentation
|Detailed schedule and contents=la agenda de trabajo contempló los siguientes temas: Marco jurídico y ejercicio de derechos; salud sexual lésbica; kuerpas disientes y espacio público; autodefensa digital; arte como expresión de contracultura (serigrafía, poesía, música); gordofobia.
}}
{{Learning outcomes}}

Taller Autodefensa Digital, Encuentro LBT Feminista, Ecuador

2017-06-19T13:07:57Z

B01:

{{Activities
|Title of the activity=Taller Autodefensa Digital, Encuentro LBT Feminista, Ecuador
|Category=Privacy Advocacy, Digital Security, Gender and Tech
|Start when ?=2017/01/27
|End when ?=2017/01/29
|Number of hours if only one day ?=3
|Where is located the activity ?=Country
|Geo-localization of the activity ?=39° 28' 11", -0° 22' 35"
|Who organize it=Fundacion Causana
|organisation(s) website=http://www.causana.org/
|For whom is it organized=Lesbianas y personas trans viviendo en Ecuador
|How many people trained=80
|Motivations for organizing training=Entre del 27 al 29 de enero de 2017, en el pueblo de Crucita provincia de Manabí, nos encontramos kuerpas diversas venidas desde varias ciudades del Ecuador: Tulcán, Ibarra, Cuenca, Quito, Loja, Guayaquil, Pasaje, Quevedo, Riobamba, Manta, Portoviejo, Santa Ana y kuerpas nómadas de Alemania, Colombia y Venezuela que bajo la consigna de KUERPAS SOBERANAS trabajamos, discutimos, cuestionamos y compartimos experiencias y aprendizajes sobre derechos, salud, espacios públicos, realidades locales, incidencia, organización, autodefensa digital, arte disidente, música, poesía, risas, diversión y placer ...

El 7mo. Encuentro LBT feminista fue una jornada maravillosa. Quedamos fortalecidxs y nos llevamos nuevos retos para continuar, entre todxs, la lucha por una vida digna y equitativa!

Gracias a lxs compas que facilitaron los diferentes talleres y actividades.

Ibarra nos espera para el 8vo. Encuentro LBT!
|Topics addressed=seguridad digital, privacidad, lesbianismo, trans, sororidad
|Links about the activity=http://www.causana.org/2017/02/07/las-voces-del-7mo-encuentro-lbt-feminista-de-ecuador/
http://www.causana.org/2017/01/31/7mo-encuentro-lesbitrans-feminista-del-ecuador/
|Upload content=7mo-encuentro.jpg
}}
{{Planning and documentation
|Detailed schedule and contents=la agenda de trabajo contempló los siguientes temas: Marco jurídico y ejercicio de derechos; salud sexual lésbica; kuerpas disientes y espacio público; autodefensa digital; arte como expresión de contracultura (serigrafía, poesía, música); gordofobia.
}}
{{Learning outcomes}}

Taller Autodefensa Digital, Encuentro LBT Feminista, Ecuador

2017-06-19T13:05:00Z

B01:

{{Activities
|Title of the activity=Taller Autodefensa Digital, Encuentro LBT Feminista, Ecuador
|Category=Privacy Advocacy, Digital Security, Gender and Tech
|Start when ?=2017/01/27
|End when ?=2017/01/29
|Number of hours if only one day ?=3
|Where is located the activity ?=Country
|Geo-localization of the activity ?=-0.8709762801336776, -80.53227424621582
|Who organize it=Fundacion Causana
|organisation(s) website=http://www.causana.org/
|For whom is it organized=Lesbianas y personas trans viviendo en Ecuador
|How many people trained=80
|Motivations for organizing training=Entre del 27 al 29 de enero de 2017, en el pueblo de Crucita provincia de Manabí, nos encontramos kuerpas diversas venidas desde varias ciudades del Ecuador: Tulcán, Ibarra, Cuenca, Quito, Loja, Guayaquil, Pasaje, Quevedo, Riobamba, Manta, Portoviejo, Santa Ana y kuerpas nómadas de Alemania, Colombia y Venezuela que bajo la consigna de KUERPAS SOBERANAS trabajamos, discutimos, cuestionamos y compartimos experiencias y aprendizajes sobre derechos, salud, espacios públicos, realidades locales, incidencia, organización, autodefensa digital, arte disidente, música, poesía, risas, diversión y placer ...

El 7mo. Encuentro LBT feminista fue una jornada maravillosa. Quedamos fortalecidxs y nos llevamos nuevos retos para continuar, entre todxs, la lucha por una vida digna y equitativa!

Gracias a lxs compas que facilitaron los diferentes talleres y actividades.

Ibarra nos espera para el 8vo. Encuentro LBT!
|Topics addressed=seguridad digital, privacidad, lesbianismo, trans, sororidad
|Links about the activity=http://www.causana.org/2017/02/07/las-voces-del-7mo-encuentro-lbt-feminista-de-ecuador/
http://www.causana.org/2017/01/31/7mo-encuentro-lesbitrans-feminista-del-ecuador/
|Upload content=7mo-encuentro.jpg
}}
{{Planning and documentation
|Detailed schedule and contents=la agenda de trabajo contempló los siguientes temas: Marco jurídico y ejercicio de derechos; salud sexual lésbica; kuerpas disientes y espacio público; autodefensa digital; arte como expresión de contracultura (serigrafía, poesía, música); gordofobia.
}}
{{Learning outcomes}}

Taller Autodefensa Digital, Encuentro LBT Feminista, Ecuador

2017-06-19T13:01:40Z

B01:

{{Activities
|Title of the activity=Taller Autodefensa Digital, Encuentro LBT Feminista, Ecuador
|Category=Privacy Advocacy, Digital Security, Gender and Tech
|Start when ?=2017/01/27
|End when ?=2017/01/29
|Number of hours if only one day ?=3
|Where is located the activity ?=Country
|Who organize it=Fundacion Causana
|organisation(s) website=http://www.causana.org/
|For whom is it organized=Lesbianas y personas trans viviendo en Ecuador
|How many people trained=80
|Motivations for organizing training=Entre del 27 al 29 de enero de 2017, en el pueblo de Crucita provincia de Manabí, nos encontramos kuerpas diversas venidas desde varias ciudades del Ecuador: Tulcán, Ibarra, Cuenca, Quito, Loja, Guayaquil, Pasaje, Quevedo, Riobamba, Manta, Portoviejo, Santa Ana y kuerpas nómadas de Alemania, Colombia y Venezuela que bajo la consigna de KUERPAS SOBERANAS trabajamos, discutimos, cuestionamos y compartimos experiencias y aprendizajes sobre derechos, salud, espacios públicos, realidades locales, incidencia, organización, autodefensa digital, arte disidente, música, poesía, risas, diversión y placer ...

El 7mo. Encuentro LBT feminista fue una jornada maravillosa. Quedamos fortalecidxs y nos llevamos nuevos retos para continuar, entre todxs, la lucha por una vida digna y equitativa!

Gracias a lxs compas que facilitaron los diferentes talleres y actividades.

Ibarra nos espera para el 8vo. Encuentro LBT!
|Topics addressed=seguridad digital, privacidad, lesbianismo, trans, sororidad
|Links about the activity=http://www.causana.org/2017/02/07/las-voces-del-7mo-encuentro-lbt-feminista-de-ecuador/
http://www.causana.org/2017/01/31/7mo-encuentro-lesbitrans-feminista-del-ecuador/
|Upload content=7mo-encuentro.jpg
}}
{{Planning and documentation
|Detailed schedule and contents=la agenda de trabajo contempló los siguientes temas: Marco jurídico y ejercicio de derechos; salud sexual lésbica; kuerpas disientes y espacio público; autodefensa digital; arte como expresión de contracultura (serigrafía, poesía, música); gordofobia.
}}
{{Learning outcomes}}

Taller Autodefensa Digital, Encuentro LBT Feminista, Ecuador

2017-06-19T13:00:54Z

B01:

{{Activities
|Title of the activity=Taller Autodefensa Digital, Encuentro LBT Feminista, Ecuador
|Category=Privacy Advocacy, Digital Security, Gender and Tech
|Start when ?=2017/01/27
|End when ?=2017/01/29
|Number of hours if only one day ?=3
|Where is located the activity ?=Country
|Geo-localization of the activity ?=-0.86218818937893, -80.524635314941
|Who organize it=Fundacion Causana
|organisation(s) website=http://www.causana.org/
|For whom is it organized=Lesbianas y personas trans viviendo en Ecuador
|How many people trained=80
|Motivations for organizing training=Entre del 27 al 29 de enero de 2017, en el pueblo de Crucita provincia de Manabí, nos encontramos kuerpas diversas venidas desde varias ciudades del Ecuador: Tulcán, Ibarra, Cuenca, Quito, Loja, Guayaquil, Pasaje, Quevedo, Riobamba, Manta, Portoviejo, Santa Ana y kuerpas nómadas de Alemania, Colombia y Venezuela que bajo la consigna de KUERPAS SOBERANAS trabajamos, discutimos, cuestionamos y compartimos experiencias y aprendizajes sobre derechos, salud, espacios públicos, realidades locales, incidencia, organización, autodefensa digital, arte disidente, música, poesía, risas, diversión y placer ...

El 7mo. Encuentro LBT feminista fue una jornada maravillosa. Quedamos fortalecidxs y nos llevamos nuevos retos para continuar, entre todxs, la lucha por una vida digna y equitativa!

Gracias a lxs compas que facilitaron los diferentes talleres y actividades.

Ibarra nos espera para el 8vo. Encuentro LBT!
|Topics addressed=seguridad digital, privacidad, lesbianismo, trans, sororidad
|Links about the activity=http://www.causana.org/2017/02/07/las-voces-del-7mo-encuentro-lbt-feminista-de-ecuador/
http://www.causana.org/2017/01/31/7mo-encuentro-lesbitrans-feminista-del-ecuador/
|Upload content=7mo-encuentro.jpg
}}
{{Planning and documentation
|Detailed schedule and contents=la agenda de trabajo contempló los siguientes temas: Marco jurídico y ejercicio de derechos; salud sexual lésbica; kuerpas disientes y espacio público; autodefensa digital; arte como expresión de contracultura (serigrafía, poesía, música); gordofobia.
}}
{{Learning outcomes}}

Main Page

2016-09-16T12:29:30Z

B01:

__NOTOC__ __NOEDITSECTION__

<div class="bloc-news">
{{MainPageActualities|align=left|title=Actualities|
* Some news and update about our Gender and Technology Institute in Ecuador can be found here : https://gendersec.tacticaltech.org/wiki/index.php/Gender_and_Technology_Institute,_Ecuador
* You can view a very nice TV Show by Luchadoras about the GTI in Ecuador here : https://frama.link/Luchadoras-GTI-on-Youtube
}}
</div>
<div class="activities">
{{HalfMainPageBlock|align=left|title=Activities|
<DynamicPageList>
category = Activities
count = 4
</DynamicPageList>
* [[:Category:Activities| All the activities ...]]
----
* [[Form:Activities|Create a new activity !]][[Form:Activities/es| Crear una nueva actividad !]]
}}
</div>
<div class="tutorials">
{{HalfMainPageBlock|align=left|title=Tutorials|
<DynamicPageList>
category = Tutorials
count = 4
</DynamicPageList>
* [[:Category:Tutorials| All the tutorials ...]]
----
* [[Form:Tutorial|Create a new tutorial !]][[Form:Tutorial/es|Crear una nueva tutorial !]]
}}
</div>
<div class="storytelling">
{{HalfMainPageBlock|align=left|title=Storytelling|
* [[A feminist internet and its reflection on privacy, security, policy and violence against Women]]
<DynamicPageList>
category = Storytelling
count = 3
</DynamicPageList>
* [[:Category:Storytelling| All the storytelling ...]]
----
* [[Form:Storytelling|Create a new storytelling !]] [[Form:Storytelling/es|Crear una nueva storytelling !]]
}}
</div>
<div class="howtos">
{{HalfMainPageBlock|align=left|title=How To's|
<DynamicPageList>
category = How To
count = 4
</DynamicPageList>
* [[:Category:How To| All the how to ...]]
----
* [[Page:Create a new how to|Create a new how to !]][[Page:Crear un nuevo how to|Crear un nuevo how to !]]
}}
</div>
<div class="activities-map">
{{MainPageMap|align=left|title=Activities Map|
{{
#ask:
[[Geo-localization of the activity::+]]
| ?Geo-localization of the activity
| format=leaflet
| layers=osm-mapnik
}}
</div>
}}
__NOTOC__

Main Page

2016-09-14T18:12:08Z

B01:

__NOTOC__ __NOEDITSECTION__

<div class="activities-map">
{{MainPageActualities|align=left|title=Actualities|
* Some news and update about our Gender and Technology Institute in Ecuador can be found here : https://gendersec.tacticaltech.org/wiki/index.php/Gender_and_Technology_Institute,_Ecuador
* You can view a very nice TV Show by Luchadoras about the GTI in Ecuador here : https://frama.link/Luchadoras-GTI-on-Youtube
}}
</div>
<div class="activities">
{{HalfMainPageBlock|align=left|title=Activities|
<DynamicPageList>
category = Activities
count = 4
</DynamicPageList>
* [[:Category:Activities| All the activities ...]]
----
* [[Form:Activities|Create a new activity !]][[Form:Activities/es| Crear una nueva actividad !]]
}}
</div>
<div class="tutorials">
{{HalfMainPageBlock|align=left|title=Tutorials|
<DynamicPageList>
category = Tutorials
count = 4
</DynamicPageList>
* [[:Category:Tutorials| All the tutorials ...]]
----
* [[Form:Tutorial|Create a new tutorial !]][[Form:Tutorial/es|Crear una nueva tutorial !]]
}}
</div>
<div class="storytelling">
{{HalfMainPageBlock|align=left|title=Storytelling|
* [[A feminist internet and its reflection on privacy, security, policy and violence against Women]]
<DynamicPageList>
category = Storytelling
count = 3
</DynamicPageList>
* [[:Category:Storytelling| All the storytelling ...]]
----
* [[Form:Storytelling|Create a new storytelling !]] [[Form:Storytelling/es|Crear una nueva storytelling !]]
}}
</div>
<div class="howtos">
{{HalfMainPageBlock|align=left|title=How To's|
<DynamicPageList>
category = How To
count = 4
</DynamicPageList>
* [[:Category:How To| All the how to ...]]
----
* [[Page:Create a new how to|Create a new how to !]][[Page:Crear un nuevo how to|Crear un nuevo how to !]]
}}
</div>
<div class="activities-map">
{{MainPageMap|align=left|title=Activities Map|
{{
#ask:
[[Geo-localization of the activity::+]]
| ?Geo-localization of the activity
| format=leaflet
| layers=osm-mapnik
}}
</div>
}}
__NOTOC__

Main Page

2016-09-14T18:03:12Z

B01:

__NOTOC__ __NOEDITSECTION__

<div class="activities-map">
{{MainPageActualities|align=left|title=Actualities|
* Some news and update about our Gender and Technology Institute in Ecuador can be found here : https://gendersec.tacticaltech.org/wiki/index.php/Gender_and_Technology_Institute,_Ecuador
* You can view a very nice TV Show by Luchadoras about the GTI in Ecuador here (youtube) : https://frama.link/Luchadoras-GTI-on-Youtube
}}
</div>
<div class="activities">
{{HalfMainPageBlock|align=left|title=Activities|
<DynamicPageList>
category = Activities
count = 4
</DynamicPageList>
* [[:Category:Activities| All the activities ...]]
----
* [[Form:Activities|Create a new activity !]][[Form:Activities/es| Crear una nueva actividad !]]
}}
</div>
<div class="tutorials">
{{HalfMainPageBlock|align=left|title=Tutorials|
<DynamicPageList>
category = Tutorials
count = 4
</DynamicPageList>
* [[:Category:Tutorials| All the tutorials ...]]
----
* [[Form:Tutorial|Create a new tutorial !]][[Form:Tutorial/es|Crear una nueva tutorial !]]
}}
</div>
<div class="storytelling">
{{HalfMainPageBlock|align=left|title=Storytelling|
* [[A feminist internet and its reflection on privacy, security, policy and violence against Women]]
<DynamicPageList>
category = Storytelling
count = 3
</DynamicPageList>
* [[:Category:Storytelling| All the storytelling ...]]
----
* [[Form:Storytelling|Create a new storytelling !]] [[Form:Storytelling/es|Crear una nueva storytelling !]]
}}
</div>
<div class="howtos">
{{HalfMainPageBlock|align=left|title=How To's|
<DynamicPageList>
category = How To
count = 4
</DynamicPageList>
* [[:Category:How To| All the how to ...]]
----
* [[Page:Create a new how to|Create a new how to !]][[Page:Crear un nuevo how to|Crear un nuevo how to !]]
}}
</div>
<div class="activities-map">
{{MainPageMap|align=left|title=Activities Map|
{{
#ask:
[[Geo-localization of the activity::+]]
| ?Geo-localization of the activity
| format=leaflet
| layers=osm-mapnik
}}
</div>
}}
__NOTOC__

Main Page

2016-09-14T18:02:20Z

B01:

__NOTOC__ __NOEDITSECTION__

<div class="activities-map">
{{MainPageActualities|align=left|title=Actualities|
* Some news and update about our Gender and Technology Institute in Ecuador can be found here : https://gendersec.tacticaltech.org/wiki/index.php/Gender_and_Technology_Institute,_Ecuador
* You can view a very nice TV Show by Luchadoras about the GTI in Ecuador here (youtube) : https://frama.link/Luchadoras-on-Youtube
}}
</div>
<div class="activities">
{{HalfMainPageBlock|align=left|title=Activities|
<DynamicPageList>
category = Activities
count = 4
</DynamicPageList>
* [[:Category:Activities| All the activities ...]]
----
* [[Form:Activities|Create a new activity !]][[Form:Activities/es| Crear una nueva actividad !]]
}}
</div>
<div class="tutorials">
{{HalfMainPageBlock|align=left|title=Tutorials|
<DynamicPageList>
category = Tutorials
count = 4
</DynamicPageList>
* [[:Category:Tutorials| All the tutorials ...]]
----
* [[Form:Tutorial|Create a new tutorial !]][[Form:Tutorial/es|Crear una nueva tutorial !]]
}}
</div>
<div class="storytelling">
{{HalfMainPageBlock|align=left|title=Storytelling|
* [[A feminist internet and its reflection on privacy, security, policy and violence against Women]]
<DynamicPageList>
category = Storytelling
count = 3
</DynamicPageList>
* [[:Category:Storytelling| All the storytelling ...]]
----
* [[Form:Storytelling|Create a new storytelling !]] [[Form:Storytelling/es|Crear una nueva storytelling !]]
}}
</div>
<div class="howtos">
{{HalfMainPageBlock|align=left|title=How To's|
<DynamicPageList>
category = How To
count = 4
</DynamicPageList>
* [[:Category:How To| All the how to ...]]
----
* [[Page:Create a new how to|Create a new how to !]][[Page:Crear un nuevo how to|Crear un nuevo how to !]]
}}
</div>
<div class="activities-map">
{{MainPageMap|align=left|title=Activities Map|
{{
#ask:
[[Geo-localization of the activity::+]]
| ?Geo-localization of the activity
| format=leaflet
| layers=osm-mapnik
}}
</div>
}}
__NOTOC__

Workshop Digital security, Tech sans Violence, RDC

2016-07-29T13:42:29Z

B01:

{{Activities
|Title of the activity=Workshop on digital security for the Tech without violence day
|Category=Digital Security
|Start when ?=2015/12/08
|End when ?=2015/12/10
|Number of hours if only one day ?=3
|Geo-localization of the activity ?=-0.4829632, 15.893622400000027
|Who organize it=Si jeunesse savait
|organisation(s) website=https://www.facebook.com/feministes/
|For whom is it organized=WHRD, HRD
|How many people trained=25
|Upload content=Sijeunessesavait.jpg
}}
{{Planning and documentation}}
{{Learning outcomes}}

Workshop Digital security, Tech sans Violence, RDC

2016-07-29T13:38:50Z

B01:

{{Activities
|Title of the activity=Workshop on digital security for the Tech without violence day
|Category=Digital Security
|Start when ?=2015/12/08
|End when ?=2015/12/10
|Number of hours if only one day ?=3
|Geo-localization of the activity ?=-0.228021, 15.82765900000004
|Who organize it=Si jeunesse savait
|organisation(s) website=https://www.facebook.com/feministes/
|For whom is it organized=WHRD, HRD
|How many people trained=25
|Upload content=Sijeunessesavait.jpg
}}
{{Planning and documentation}}
{{Learning outcomes}}

Workshop Digital security, Tech sans Violence, RDC

2016-07-29T13:37:07Z

B01:

{{Activities
|Title of the activity=Workshop on digital security for the Tech without violence day
|Category=Digital Security
|Start when ?=2015/12/08
|End when ?=2015/12/10
|Number of hours if only one day ?=3
|Geo-localization of the activity ?=-0.228021, 15.827659
|Who organize it=Si jeunesse savait
|organisation(s) website=https://www.facebook.com/feministes/
|For whom is it organized=WHRD, HRD
|How many people trained=25
|Upload content=Sijeunessesavait.jpg
}}
{{Planning and documentation}}
{{Learning outcomes}}

Main Page

2016-07-14T18:46:44Z

B01:

__NOTOC__ __NOEDITSECTION__

<div class="activities-map">
{{MainPageActualities|align=left|title=Actualities|
* '''GTI in Ecuador''' in june, link will comme ...
* A new resource to avoid electromagnetic fields [https://gendersec.tacticaltech.org/wiki/index.php/Funda_de_Faraday_para_el_tel%C3%A9fono_m%C3%B3vil here]
</div>
}}
<div class="activities">
{{HalfMainPageBlock|align=left|title=Activities|
<DynamicPageList>
category = Activities
count = 4
</DynamicPageList>
* [[:Category:Activities| All the activities ...]]
----
* [[Form:Activities|Create a new activity !]][[Form:Activities/es| Crear una nueva actividad !]]
}}
</div>
<div class="tutorials">
{{HalfMainPageBlock|align=left|title=Tutorials|
<DynamicPageList>
category = Tutorials
count = 4
</DynamicPageList>
* [[:Category:Tutorials| All the tutorials ...]]
----
* [[Form:Tutorial|Create a new tutorial !]][[Form:Tutorial/es|Crear una nueva tutorial !]]
}}
</div>
<div class="storytelling">
{{HalfMainPageBlock|align=left|title=Storytelling|
* [[A feminist internet and its reflection on privacy, security, policy and violence against Women]]
<DynamicPageList>
category = Storytelling
count = 3
</DynamicPageList>
* [[:Category:Storytelling| All the storytelling ...]]
----
* [[Form:Storytelling|Create a new storytelling !]] [[Form:Storytelling/es|Crear una nueva storytelling !]]
}}
</div>
<div class="howtos">
{{HalfMainPageBlock|align=left|title=How To's|
<DynamicPageList>
category = How To
count = 4
</DynamicPageList>
* [[:Category:How To| All the how to ...]]
----
* [[Page:Create a new how to|Create a new how to !]][[Page:Crear un nuevo how to|Crear un nuevo how to !]]
}}
</div>
<div class="activities-map">
{{MainPageMap|align=left|title=Activities Map|
{{
#ask:
[[Geo-localization of the activity::+]]
| ?Geo-localization of the activity
| format=leaflet
| layers=osm-mapnik
}}
</div>
}}
__NOTOC__

Main Page

2016-07-14T18:41:30Z

B01:

__NOTOC__ __NOEDITSECTION__
<p class="welcome-msg">''Welcome to this wiki about "Securing Online and Offline Freedoms for Women : Expression, Privacy and Digital Inclusion"</p>
<div class="activities-map">
{{MainPageActualities|align=left|title=Actualities|
* ''''GTI in Ecuador''' in june, link will comme ...
* A new resource to avoid [[Funda de Faraday para el teléfono móvil|electromagnetic fields]]
</div>
}}
<div class="activities">
{{HalfMainPageBlock|align=left|title=Activities|
<DynamicPageList>
category = Activities
count = 4
</DynamicPageList>
* [[:Category:Activities| All the activities ...]]
----
* [[Form:Activities|Create a new activity !]][[Form:Activities/es| Crear una nueva actividad !]]
}}
</div>
<div class="tutorials">
{{HalfMainPageBlock|align=left|title=Tutorials|
<DynamicPageList>
category = Tutorials
count = 4
</DynamicPageList>
* [[:Category:Tutorials| All the tutorials ...]]
----
* [[Form:Tutorial|Create a new tutorial !]][[Form:Tutorial/es|Crear una nueva tutorial !]]
}}
</div>
<div class="storytelling">
{{HalfMainPageBlock|align=left|title=Storytelling|
* [[A feminist internet and its reflection on privacy, security, policy and violence against Women]]
<DynamicPageList>
category = Storytelling
count = 3
</DynamicPageList>
* [[:Category:Storytelling| All the storytelling ...]]
----
* [[Form:Storytelling|Create a new storytelling !]] [[Form:Storytelling/es|Crear una nueva storytelling !]]
}}
</div>
<div class="howtos">
{{HalfMainPageBlock|align=left|title=How To's|
<DynamicPageList>
category = How To
count = 4
</DynamicPageList>
* [[:Category:How To| All the how to ...]]
----
* [[Page:Create a new how to|Create a new how to !]][[Page:Crear un nuevo how to|Crear un nuevo how to !]]
}}
</div>
<div class="activities-map">
{{MainPageMap|align=left|title=Activities Map|
{{
#ask:
[[Geo-localization of the activity::+]]
| ?Geo-localization of the activity
| format=leaflet
| layers=osm-mapnik
}}
</div>
}}
__NOTOC__

Main Page

2016-07-14T18:05:08Z

B01:

__NOTOC__ __NOEDITSECTION__
<p class="welcome-msg">''Welcome to this wiki about "Securing Online and Offline Freedoms for Women : Expression, Privacy and Digital Inclusion"</p>
<div class="activities-map">
{{MainPageActualities|align=left|title=Actualities|
* '''Actu 1''' : GTI in Ecudaor
* '''Actu 2''' : Ecochonis are back
</div>
}}
<div class="activities">
{{HalfMainPageBlock|align=left|title=Activities|
<DynamicPageList>
category = Activities
count = 4
</DynamicPageList>
* [[:Category:Activities| All the activities ...]]
----
* [[Form:Activities|Create a new activity !]][[Form:Activities/es| Crear una nueva actividad !]]
}}
</div>
<div class="tutorials">
{{HalfMainPageBlock|align=left|title=Tutorials|
<DynamicPageList>
category = Tutorials
count = 4
</DynamicPageList>
* [[:Category:Tutorials| All the tutorials ...]]
----
* [[Form:Tutorial|Create a new tutorial !]][[Form:Tutorial/es|Crear una nueva tutorial !]]
}}
</div>
<div class="storytelling">
{{HalfMainPageBlock|align=left|title=Storytelling|
* [[A feminist internet and its reflection on privacy, security, policy and violence against Women]]
<DynamicPageList>
category = Storytelling
count = 3
</DynamicPageList>
* [[:Category:Storytelling| All the storytelling ...]]
----
* [[Form:Storytelling|Create a new storytelling !]] [[Form:Storytelling/es|Crear una nueva storytelling !]]
}}
</div>
<div class="howtos">
{{HalfMainPageBlock|align=left|title=How To's|
<DynamicPageList>
category = How To
count = 4
</DynamicPageList>
* [[:Category:How To| All the how to ...]]
----
* [[Page:Create a new how to|Create a new how to !]][[Page:Crear un nuevo how to|Crear un nuevo how to !]]
}}
</div>
<div class="activities-map">
{{MainPageMap|align=left|title=Activities Map|
{{
#ask:
[[Geo-localization of the activity::+]]
| ?Geo-localization of the activity
| format=leaflet
| layers=osm-mapnik
}}
</div>
}}
__NOTOC__

Template:MainPageActualities

2016-07-14T18:04:32Z

B01: Created page with "<div class="large-12 columns mainpage-half-block-wrapper" style="float:{{{align}}}"> <div class="mainpage-block-title"> =={{{title}}}== </div> <div class="mainpage..."

<div class="large-12 columns mainpage-half-block-wrapper" style="float:{{{align}}}">
<div class="mainpage-block-title">
=={{{title}}}==
</div>
<div class="mainpage-block-body">{{{1}}}</div>
</div>
<noinclude>[[Category:Model page format]]</noinclude>

Main Page

2016-07-14T18:00:05Z

B01:

__NOTOC__ __NOEDITSECTION__
<p class="welcome-msg">''Welcome to this wiki about "Securing Online and Offline Freedoms for Women : Expression, Privacy and Digital Inclusion"</p>
<div class="activities-map">
{{MainPageMap|align=left|title=Actualities|
* '''Actu 1''' : GTI in Ecudaor
* '''Actu 2''' : Ecochonis are back
</div>
}}
<div class="activities">
{{HalfMainPageBlock|align=left|title=Activities|
<DynamicPageList>
category = Activities
count = 4
</DynamicPageList>
* [[:Category:Activities| All the activities ...]]
----
* [[Form:Activities|Create a new activity !]][[Form:Activities/es| Crear una nueva actividad !]]
}}
</div>
<div class="tutorials">
{{HalfMainPageBlock|align=left|title=Tutorials|
<DynamicPageList>
category = Tutorials
count = 4
</DynamicPageList>
* [[:Category:Tutorials| All the tutorials ...]]
----
* [[Form:Tutorial|Create a new tutorial !]][[Form:Tutorial/es|Crear una nueva tutorial !]]
}}
</div>
<div class="storytelling">
{{HalfMainPageBlock|align=left|title=Storytelling|
* [[A feminist internet and its reflection on privacy, security, policy and violence against Women]]
<DynamicPageList>
category = Storytelling
count = 3
</DynamicPageList>
* [[:Category:Storytelling| All the storytelling ...]]
----
* [[Form:Storytelling|Create a new storytelling !]] [[Form:Storytelling/es|Crear una nueva storytelling !]]
}}
</div>
<div class="howtos">
{{HalfMainPageBlock|align=left|title=How To's|
<DynamicPageList>
category = How To
count = 4
</DynamicPageList>
* [[:Category:How To| All the how to ...]]
----
* [[Page:Create a new how to|Create a new how to !]][[Page:Crear un nuevo how to|Crear un nuevo how to !]]
}}
</div>
<div class="activities-map">
{{MainPageMap|align=left|title=Activities Map|
{{
#ask:
[[Geo-localization of the activity::+]]
| ?Geo-localization of the activity
| format=leaflet
| layers=osm-mapnik
}}
</div>
}}
__NOTOC__

Digital security workshop - Les Degommeuses

2016-07-04T14:01:20Z

B01:

{{Activities
|Title of the activity=Digital security workshop - Les Degommeuses - in Montreuil / Paris
|Category=Privacy Advocacy, Digital Security, Gender and Tech
|Start when ?=2016/06/04
|End when ?=2016/06/04
|Number of hours if only one day ?=3
|Where is located the activity ?=World level for international activities
|Geo-localization of the activity ?=48.85449836511, 2.4359497055411
|Who organize it=Les Dégommeuses
|organisation(s) website=http://www.lesdegommeuses.org/

https://twitter.com/LesDegommeuses
|For whom is it organized=LGBT refugees from various african countries : Zimbabwe, Malawi, Zambia, Nigeria, Libya, Uganda,
|How many people trained=12
|Motivations for organizing training="Les Dégommeuses" is a french NGO devoted to inclusive process threw women and sport, they invited a dozen of LGBT refugees from various african countries, one part of the project was to hold this workshop about digital security to increase the level of privacy and anonymity for those activists
|Topics addressed=Digital security and privacy with a gender focus, feminist approaches to tech, alternative emails, Software Libre, mobile security, safe space, online identities,
|Links about the activity=https://gendersec.tacticaltech.org/wiki/index.php/Digital_security_workshop_Les_D%C3%A9gommeuses_-_Paris

https://twitter.com/simplonco/status/735848385538850818
|Upload content=LesdegommeusesDigitalSecurity.jpg
}}
{{Planning and documentation
|Detailed schedule and contents=Program :
* Issues about Security, Privacy, Anonymity
* Mapping activities and risks
* Draw your tech day
* Ask yourself good questions
* Secure your devices and data
* What is Internet ?
* How the data are circulating in the network
* Reduce your digital shadow
* Use emails in a safer way
* Preserve your anonymity, circumvent censorship
* Social network, safe space, online identities
* Téléphone mobile / intelligent
* Specific questions
* Good practices, a synthesis
* Identifying good resources
|Methodologies for training=Methods
# Sharing Issues about Security, Privacy, Anonymity
# Mapping activities and risks
# Understand when / where / how data are exchanged, stored
# Practical methods to reduce our digital shadow, increase our anonymity
|Existing toolkits and resources=Good ressources
* Security in a box https://securityinabox.org/
* Me and my shadow https://myshadow.org/
* Zen manual https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual
* Holistic security : Physical security, Psycho-social security, digital security https://holistic-security.tacticaltech.org/
* Dating apps : https://www.eff.org/deeplinks/2012/02/comparing-privacy-and-security-online-dating-sites http://www.forbrukerradet.no/appfail-en/ https://grindrmap.neocities.org/overview.html
* A webserie about privacy, big data, surveillance ... "Do not track me" https://donottrack-doc.com/en/episodes/
|Gender and tech tutorials used=Holistic security - A day in your life, Holistic security - Self care, Threat analysis - Information Mapping I,
}}
{{Learning outcomes
|Feelings=too short !
|Feedbacks=good
|START=adjust the level of practical content, theoretical content, methodology aspects
|STOP=giving too much details on how internet works
|KEEP=the mix between personal histories, anecdotes, facts at a world scale, and the content of the workshop by itself
}}

Digital security workshop - Les Degommeuses

2016-06-27T16:58:17Z

B01:

{{Activities
|Title of the activity=Digital security workshop - Les Degommeuses - in Montreuil / Paris
|Category=Privacy Advocacy, Digital Security, Gender and Tech
|Start when ?=2016/06/04
|End when ?=2016/06/04
|Number of hours if only one day ?=3
|Where is located the activity ?=World level for international activities
|Geo-localization of the activity ?=48.85449836511, 2.4359497055411
|Who organize it=Les Dégommeuses
|organisation(s) website=http://www.lesdegommeuses.org/

https://twitter.com/LesDegommeuses
|For whom is it organized=LGBT refugees from various african countries : Zimbabwe, Malawi, Zambia, Nigeria, Libya, Uganda,
|How many people trained=12
|Motivations for organizing training="Les Dégommeuses" is a french NGO devoted to inclusive process threw women and sport, they invited a dozen of LGBT refugees from various african countries, one part of the project was to hold this workshop about digital security to increase the level of privacy and anonymity for those activists
|Topics addressed=Digital security and privacy with a gender focus, feminist approaches to tech, alternative emails, Software Libre, mobile security, safe space, online identities,
|Links about the activity=https://gendersec.tacticaltech.org/wiki/index.php/Digital_security_workshop_Les_D%C3%A9gommeuses_-_Paris

https://twitter.com/simplonco/status/735848385538850818
|Upload content=LesdegommeusesDigitalSecurity.jpg
}}
{{Planning and documentation
|Detailed schedule and contents=* Issues about Security, Privacy, Anonymity
* Mapping activities and risks
* Draw your tech day
* Ask yourself good questions
* Secure your devices and data
* What is Internet ?
* How the data are circulating in the network
* Reduce your digital shadow
* Use emails in a safer way
* Preserve your anonymity, circumvent censorship
* Social network, safe space, online identities
* Téléphone mobile / intelligent
* Specific questions
* Good practices, a synthesis
* Identifying good resources
|Methodologies for training=# Sharing Issues about Security, Privacy, Anonymity
# Mapping activities and risks
# Understand when / where / how data are exchanged, stored
# Practical methods to reduce our digital shadow, increase our anonymity
|Existing toolkits and resources=* Security in a box https://securityinabox.org/
* Me and my shadow https://myshadow.org/
* Zen manual https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual
* Holistic security : Physical security, Psycho-social security, digital security https://holistic-security.tacticaltech.org/
* Dating apps : https://www.eff.org/deeplinks/2012/02/comparing-privacy-and-security-online-dating-sites http://www.forbrukerradet.no/appfail-en/ https://grindrmap.neocities.org/overview.html
* A webserie about privacy, big data, surveillance ... "Do not track me" https://donottrack-doc.com/en/episodes/
|Gender and tech tutorials used=Holistic security - A day in your life, Holistic security - Self care, Threat analysis - Information Mapping I,
}}
{{Learning outcomes
|Feelings=too short !
|Feedbacks=good
|START=adjust the level of practical content, theoretical content, methodology aspects
|STOP=giving too much details on how internet works
|KEEP=the mix between personal histories, anecdotes, facts at a world scale, and the content of the workshop by itself
}}

Digital security workshop - Les Degommeuses

2016-06-27T16:33:49Z

B01:

{{Activities
|Title of the activity=Digital security workshop - Les Degommeuses - in Montreuil / Paris
|Category=Privacy Advocacy, Digital Security, Gender and Tech
|Start when ?=2016/06/04
|End when ?=2016/06/04
|Number of hours if only one day ?=3
|Where is located the activity ?=World level for international activities
|Geo-localization of the activity ?=48.8544983651096, 2.435949705541134
|Who organize it=Les Dégommeuses
|organisation(s) website=http://www.lesdegommeuses.org/

https://twitter.com/LesDegommeuses
|For whom is it organized=LGBT refugees from various african countries : Zimbabwe, Malawi, Zambia, Nigeria, Libya, Uganda,
|How many people trained=12
|Motivations for organizing training="Les Dégommeuses" is a french NGO devoted to inclusive process threw women and sport, they invited a dozen of LGBT refugees from various african countries, one part of the project was to hold this workshop about digital security to increase the level of privacy and anonymity for those activists
|Topics addressed=Digital security and privacy with a gender focus, feminist approaches to tech, alternative emails, Software Libre, mobile security, safe space, online identities,
|Links about the activity=https://gendersec.tacticaltech.org/wiki/index.php/Digital_security_workshop_Les_D%C3%A9gommeuses_-_Paris

https://twitter.com/simplonco/status/735848385538850818
|Upload content=LesdegommeusesDigitalSecurity2.jpg
}}
{{Planning and documentation
|Detailed schedule and contents=* Issues about Security, Privacy, Anonymity
* Mapping activities and risks
* Draw your tech day
* Ask yourself good questions
* Secure your devices and data
* What is Internet ?
* How the data are circulating in the network
* Reduce your digital shadow
* Use emails in a safer way
* Preserve your anonymity, circumvent censorship
* Social network, safe space, online identities
* Téléphone mobile / intelligent
* Specific questions
* Good practices, a synthesis
* Identifying good resources
|Methodologies for training=# Sharing Issues about Security, Privacy, Anonymity
# Mapping activities and risks
# Understand when / where / how data are exchanged, stored
# Practical methods to reduce our digital shadow, increase our anonymity
|Existing toolkits and resources=* Security in a box https://securityinabox.org/
* Me and my shadow https://myshadow.org/
* Zen manual https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual
* Holistic security : Physical security, Psycho-social security, digital security https://holistic-security.tacticaltech.org/
* Dating apps : https://www.eff.org/deeplinks/2012/02/comparing-privacy-and-security-online-dating-sites http://www.forbrukerradet.no/appfail-en/ https://grindrmap.neocities.org/overview.html
* A webserie about privacy, big data, surveillance ... "Do not track me" https://donottrack-doc.com/en/episodes/
|Gender and tech tutorials used=Holistic security - A day in your life, Holistic security - Self care, Threat analysis - Information Mapping I,
}}
{{Learning outcomes
|Feelings=too short !
|Feedbacks=good
|START=adjust the level of practical content, theoretical content, methodology aspects
|STOP=giving too much details on how internet works
|KEEP=the mix between personal histories, anecdotes, facts at a world scale, and the content of the workshop by itself
}}

Digital security workshop - Les Degommeuses

2016-06-27T16:31:50Z

B01:

{{Activities
|Title of the activity=Digital security workshop - Les Degommeuses - in Montreuil / Paris
|Category=Privacy Advocacy, Digital Security, Gender and Tech
|Start when ?=2016/06/04
|End when ?=2016/06/04
|Number of hours if only one day ?=3
|Where is located the activity ?=World level for international activities
|Geo-localization of the activity ?=48.863776059093844, 2.4485430121421814
|Who organize it=Les Dégommeuses
|organisation(s) website=http://www.lesdegommeuses.org/

https://twitter.com/LesDegommeuses
|For whom is it organized=LGBT refugees from various african countries : Zimbabwe, Malawi, Zambia, Nigeria, Libya, Uganda,
|How many people trained=12
|Motivations for organizing training="Les Dégommeuses" is a french NGO devoted to inclusive process threw women and sport, they invited a dozen of LGBT refugees from various african countries, one part of the project was to hold this workshop about digital security to increase the level of privacy and anonymity for those activists
|Topics addressed=Digital security and privacy with a gender focus, feminist approaches to tech, alternative emails, Software Libre, mobile security, safe space, online identities,
|Links about the activity=https://gendersec.tacticaltech.org/wiki/index.php/Digital_security_workshop_Les_D%C3%A9gommeuses_-_Paris

https://twitter.com/simplonco/status/735848385538850818
|Upload content=LesdegommeusesDigitalSecurity2.jpg
}}
{{Planning and documentation
|Detailed schedule and contents=* Issues about Security, Privacy, Anonymity
* Mapping activities and risks
* Draw your tech day
* Ask yourself good questions
* Secure your devices and data
* What is Internet ?
* How the data are circulating in the network
* Reduce your digital shadow
* Use emails in a safer way
* Preserve your anonymity, circumvent censorship
* Social network, safe space, online identities
* Téléphone mobile / intelligent
* Specific questions
* Good practices, a synthesis
* Identifying good resources
|Methodologies for training=# Sharing Issues about Security, Privacy, Anonymity
# Mapping activities and risks
# Understand when / where / how data are exchanged, stored
# Practical methods to reduce our digital shadow, increase our anonymity
|Existing toolkits and resources=* Security in a box https://securityinabox.org/
* Me and my shadow https://myshadow.org/
* Zen manual https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual
* Holistic security : Physical security, Psycho-social security, digital security https://holistic-security.tacticaltech.org/
* Dating apps : https://www.eff.org/deeplinks/2012/02/comparing-privacy-and-security-online-dating-sites http://www.forbrukerradet.no/appfail-en/ https://grindrmap.neocities.org/overview.html
* A webserie about privacy, big data, surveillance ... "Do not track me" https://donottrack-doc.com/en/episodes/
|Gender and tech tutorials used=Holistic security - A day in your life, Holistic security - Self care, Threat analysis - Information Mapping I,
}}
{{Learning outcomes
|Feelings=too short !
|Feedbacks=good
|START=adjust the level of practical content, theoretical content, methodology aspects
|STOP=giving too much details on how internet works
|KEEP=the mix between personal histories, anecdotes, facts at a world scale, and the content of the workshop by itself
}}

Digital security workshop - Les Degommeuses

2016-06-27T16:28:08Z

B01: Created page with "{{Activities |Title of the activity=Digital security workshop - Les Degommeuses - in Montreuil / Paris |Category=Privacy Advocacy, Digital Security, Gender and Tech |Start whe..."

{{Activities
|Title of the activity=Digital security workshop - Les Degommeuses - in Montreuil / Paris
|Category=Privacy Advocacy, Digital Security, Gender and Tech
|Start when ?=2016/06/04
|End when ?=2016/06/04
|Number of hours if only one day ?=3
|Where is located the activity ?=World level for international activities
|Who organize it=Les Dégommeuses
|organisation(s) website=http://www.lesdegommeuses.org/

https://twitter.com/LesDegommeuses
|For whom is it organized=LGBT refugees from various african countries : Zimbabwe, Malawi, Zambia, Nigeria, Libya, Uganda,
|How many people trained=12
|Motivations for organizing training="Les Dégommeuses" is a french NGO devoted to inclusive process threw women and sport, they invited a dozen of LGBT refugees from various african countries, one part of the project was to hold this workshop about digital security to increase the level of privacy and anonymity for those activists
|Topics addressed=Digital security and privacy with a gender focus, feminist approaches to tech, alternative emails, Software Libre, mobile security, safe space, online identities,
|Links about the activity=https://gendersec.tacticaltech.org/wiki/index.php/Digital_security_workshop_Les_D%C3%A9gommeuses_-_Paris

https://twitter.com/simplonco/status/735848385538850818
|Upload content=LesdegommeusesDigitalSecurity2.jpg
}}
{{Planning and documentation
|Detailed schedule and contents=* Issues about Security, Privacy, Anonymity
* Mapping activities and risks
* Draw your tech day
* Ask yourself good questions
* Secure your devices and data
* What is Internet ?
* How the data are circulating in the network
* Reduce your digital shadow
* Use emails in a safer way
* Preserve your anonymity, circumvent censorship
* Social network, safe space, online identities
* Téléphone mobile / intelligent
* Specific questions
* Good practices, a synthesis
* Identifying good resources
|Methodologies for training=# Sharing Issues about Security, Privacy, Anonymity
# Mapping activities and risks
# Understand when / where / how data are exchanged, stored
# Practical methods to reduce our digital shadow, increase our anonymity
|Existing toolkits and resources=* Security in a box https://securityinabox.org/
* Me and my shadow https://myshadow.org/
* Zen manual https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual
* Holistic security : Physical security, Psycho-social security, digital security https://holistic-security.tacticaltech.org/
* Dating apps : https://www.eff.org/deeplinks/2012/02/comparing-privacy-and-security-online-dating-sites http://www.forbrukerradet.no/appfail-en/ https://grindrmap.neocities.org/overview.html
* A webserie about privacy, big data, surveillance ... "Do not track me" https://donottrack-doc.com/en/episodes/
|Gender and tech tutorials used=Holistic security - A day in your life, Holistic security - Self care, Threat analysis - Information Mapping I,
}}
{{Learning outcomes
|Feelings=too short !
|Feedbacks=good
|START=adjust the level of practical content, theoretical content, methodology aspects
|STOP=giving too much details on how internet works
|KEEP=the mix between personal histories, anecdotes, facts at a world scale, and the content of the workshop by itself
}}

Digital security workshop Les Dégommeuses - Paris

2016-06-27T15:32:45Z

B01: /* Téléphone mobile / intelligent */

== Issues about Security, Privacy, Anonymity ==
* Data and states
* Data and companies
* Data and citizens
* Data and art
[[File:deadrop2.jpg|center]]

== So what ? ==
* '''Holistic security''' : Physical security + Psycho-social security + digital security http://holistic-security.org/
* '''A global recipe''' : Autonomous infrastructures - Free Libre Open Source Softwares - end to end encryption
* '''Make some noise !''' encrypt to increase the cost of surveillance
[[File:content_holisticsecurityvenn.png|center]]

== Mapping activities and risks ==
'''Cloud of ideas and words related to security''' > questions to establish a baseline of privacy and security knowledge

== Draw your tech day ==
'''Draw your interactions with your digital devices''', from the morning to the moment you go to bed, including what kind of data you receive, you produce, you transfert and exchange with other people

== Ask yourself good questions ==
# Read up and '''educate yourself about your country's internet laws and policies'''. Some security technologies such as encryption are illegal in some countries, for example.
# Inform yourself about your '''country's laws and policies in relation to freedom of expression, right to privacy and against online and offline harassment'''. Those laws do not exist in all countries, and when they exist they are not framed and applied in the same way.
# Keep your '''computer and devices clean and healthy''': Updating your software, running a firewall, and protecting yourself from virus infection are fundamental to the security of your data
#'''Map your data''': What kind of data do you produce and/or manage? With whom? Where is this data stored? Which devices or online platforms hold your data? Most importantly, how sensitive is your data and what would happen if this particular data suddenly disappeared or was seen and copied by a third party?
# '''Secure your data''': Especially where our data is stored online, it is crucial to '''choose strong passwords, or better passphrases''', and to use a different one for each of our accounts.
# '''Connect safely to the internet''': When going online, especially if you are transmitting personal data and passwords, it is crucial to always use an encrypted connection which ensures that your data cannot be seen by anyone as it travels from your computer to the website you are visiting or to the service you are using.
# '''Anonymise your connections''': There are sometimes good reasons to hide your physical location and your internet activities. Tor browser anonymises your connections when you're browsing the internet, by hiding the sites you are visiting from your internet service provider, and hiding your location from the sites you visit.
# '''Secure your communications''': you might want to consider tools you can use and ways you can change your behavior to increase your security when using mobile phones as well as options for email and instant messaging
# '''Practice self-care''': Nothing is secure if we only think about technology and we neglect our wellbeing. If you are exhausted, stressed or burnt out, you might make mistakes that impair your security.

'''You should repeat periodically this exercise of permanent risk analysis so as to update the threat model and the answers you could put into practice'''

== Secure your devices and data ==
=== Computer ===
* '''Switch your computer to linux''' ;)
* '''Protect your computer against malware and virus''' https://securityinabox.org/en/guide/malware
* '''Protect your information from physical threats''' https://securityinabox.org/en/guide/physical
* '''Create and maintain secure passwords''' https://securityinabox.org/en/guide/passwords
* '''Destroy sensitive information''' https://securityinabox.org/en/guide/destroy-sensitive-information

=== Mobile phone / tablet ===
*'''Use mobile phones as securely as possible''' https://securityinabox.org/en/guide/mobile-phones
*'''Use smartphones as securely as possible''' https://securityinabox.org/en/guide/smartphones
*'''Encrypt your mobile phone''', basic Android security setup guide https://securityinabox.org/en/guide/basic-setup/android

== What is Internet ? ==
'''A network of networks of computers''' : Your computer > Internet Service Provider > router > gateway > backbone > sever serveur / routeur
* http://maps.level3.com/default/ ou http://www.submarinecablemap.com/#/landing-point/marseille-france
* http://www.teliasoneraicmap.com/
* http://www.vox.com/a/internet-maps 40 maps that explain the internet

[[File:Global-Global-IP.png|center]]

=== What is an IP address ? ===
'''An IP address identify your computer inside a local network''' (it is a private IP, for example 192.168.1.101), then your internet box provide you '''a public IP address''' connected to Internet (for example 82.239.0.211). Each network devices is identfied by a unique physical address called the MAC address (for example f4:6d:04:3a:ef:55)
* visualize your ip address and the geolocalization of your computer http://whatismyipaddress.com/
* demo traceroute : visualize where your traffic is going http://www.yougetsignal.com/tools/visual-tracert/

[[File:1-what-is-ip-address.png|center]]

== How the data are circulating in the network ==
If you tried the previous link, you can see that your request reach a server that can be on the other side if the world. But there are third parties that collect informations and datas on your navigation, most of the time to gather informations about you and to sell it for commercial purposes (we call them data brokers), so in function of the website, one single request can be tracked by up to more than twenty other companies ...
* https://trackography.org/ > Choose a country and a newspaper and see who is collecting data when you go to this website

<embedvideo service="vimeo">https://vimeo.com/163562609</embedvideo>

=== Internet role play ===
'''Each person become an element of the network :'''
* Computer A
* ISP box at home
* Gateway to Internet
* Backbone
* Trans-oceanic cable
* Gmail server
* Autonomous Tchat server
* Public wifi access point
* Computer B
'''Now, let's send a "normal" e-mail from computer A to computer B and let's see who can read what between metadatas and the content of the mail. Repeat the exercise with an encrypted e-mail, with a normal tchat and an encrypted tchat'''

[[File:FacebookHI5OrkutMAP.jpg|center]]

== Reduce your digital shadow ==
=== The web - Browser and plug-ins ===
* '''To remove adds''' : ublock origin https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
* '''To prevent tracking''' : betterprivacy https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/
* '''To reduce our digital shadow''' : Privacy Badger https://www.eff.org/privacybadger
* '''To use as much as possible encrypted communication''' between our computer and the server : HTTP'''S''' everywhere https://www.eff.org/https-everywhere
* '''To avoid viruses from web pages''' and javascript https://noscript.net/
* '''To avoid viruses from Flash content''' : flashblock https://addons.mozilla.org/en-US/firefox/addon/flashblock/

[[File:webplugins.png|center]]

=== Alternative search engines ===
'''To add a new search engine to Firefox''', see https://support.mozilla.org/en-US/kb/add-or-remove-search-engine-firefox
* https://duckduckgo.com/ see also the bangs https://duckduckgo.com/bang : if you add "!w" to your request, it will search directly on wikipedia
* https://www.qwant.com/
* https://startpage.com/
* https://searx.laquadrature.net/ meta hackable search engine

[[File:searx.png|center]]

=== Evaluate the traceability of your system and browser ===
'''The "fingerprinting"''' allow one to identify us in function of our configuration : operating system, browser configuration, plug-ins, size of our screen, ...
* to make a test : Panopticlick http://panopticlick.eff.org/

=== Remove metadata from files ===
'''Metadata are included in pictures, text documents, videos''', and can include geolocalization, the name of the autor and many more informations
* see the tool [http://sourceforge.net/projects/exiftool/ Exiftool] : to remove metadata :
exiftool "-all:all=petit chaton" -overwrite_original *.ogg

<embedvideo service="vimeo">https://vimeo.com/106165094</embedvideo>

== Use emails in a safer way ==
=== Alternative email providers ===
* https://help.riseup.net/
* http://no-log.org/
* http://autistici.org
* https://www.openmailbox.org/
* https://mailinabox.email/

=== Disposable emails ===
* https://www.guerrillamail.com/
* https://www.sharklasers.com/
* http://maildrop.cc/
* http://throwawaymail.com/
* http://yopmail.com/
* http://clipmail.eu
* https://addons.mozilla.org/fr/firefox/addon/bloody-vikings/

=== Encrypt mails with PGP ===
'''With a combination of thunderbird and enigmail plug-in :'''
* PGP avec enigmail et thunderbird https://securityinabox.org/en/guide/thunderbird/windows
* Tutorial from FSF https://emailselfdefense.fsf.org/en/
* 15 reasons not to start using PGP http://secushare.org/PGP
=== Communication and exchange services ===
'''Let's use alternative services without any commercial purposes''' FLOSS (Free/Libre Open Source), to replace skype, dropbox, doodle, google doc, ... :
* Dégoogleise Internet https://degooglisons-internet.org/

[[File:Carte2015-victoires-en.png|center]]

=== Tchat ===
* pidgin with à OTR https://otr.cypherpunks.ca/
* https://crypto.cat/
* https://pond.imperialviolet.org/
* https://ricochet.im/
* https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily

=== Visioconference ===
* chat with visioconference with jit.s https://jitsi.org/Main/Download / installation : https://jitsi.org/Documentation/SetUpJitsiAccount / open an account https://jit.si/
* directly in the browser : https://meet.jit.si/ or https://www.mozilla.org/fr/firefox/hello/
* Tox to replace skype https://tox.im/

== Preserve your anonymity, circumvent censorship ==
'''Use Tor''' (The Onion Router), '''Tails''' (Live Linux amnesic operating system), '''a VPN''' (create a tunnel between you and your vpn provider)
* TOR : https://www.torproject.org/projects/torbrowser.html.en
* TAILS : https://tails.boum.org/install/
* VPN : https://help.riseup.net/fr/vpn
<br />

[[File:Htw3.png|640px|center]]
<br />
<br />

'''Understand the difference between encryption and anonymity'''
* video gpg tactical tech https://tacticaltech.org/projects/decrypting-encryption https://vimeo.com/132517596
<embedvideo service="vimeo">https://vimeo.com/132517596</embedvideo>
* tor browser : https://www.youtube.com/user/TheTorProject
<embedvideo service="youtube">https://www.youtube.com/watch?v=JWII85UlzKw</embedvideo>

== Social network ==
=== Let's ask some good questions ===
'''How is the web service on which I'm willing to sign in is earning money ? What is its economical model ? '''

'''Set up the privacy settings of your account''', strong passwords, use d'https

'''Define which kind of information you are publishing''', did everybody agreed ? :
*who can see the informations I published
*Who is the owner of the information I published
*What kind of personal informations can I transfer to other people
*Are my contacts ok with the fact that I share informations about them with others ?
*Do I trust all the persons with which I'm in contact ?
Consider that event if you are not inscribed on Facebook, Facebook will build a shadow profile about you (Friends inviting me on facebook ...), be careful when using your Facebook or google account to sign in another web service

[[File:FB-privacy-setting-image2.jpg|center]]

=== Choose between 4 strategies concerning your on-line identity ===
* '''Real name'''
**''Risk'': Using your "real world" identity online means you are easily identifiable by family members, colleagues, and others, and your activities can be linked back to your identity.
**''Reputation'': Others can easily identify you, thus gaining reputation and trust is easier.
**''Effort'': It requires little effort.
*'''Total anonymity '''
**''Risk:'' It can be beneficial at times, but also be very difficult to maintain. Choose this option carefully.
**''Reputation'': There are few opportunities to network with others thus to gain trust and reputation.
**''Effort'': Intensive as it requires considerable caution and knowledge. It will probably require the use of anonymisation tools (for example '''Tor''' or '''TAILS''')
*'''Persistent pseudonymity'''
** *''Risk'': Pseudonyms could be linked to your real world identity.
**''Reputation'': A persistent pseudonym that others can use to identify you across platforms is a good way to gain reputation and trust.
**''Effort'': Maintenance requires some effort, particularly if you are also using your real name elsewhere.
* '''Collective Identity'''
**''Risk'': Possible exposure of your real world identity by other people's actions in the group.
**''Reputation'': While not a way to gain individual reputation, you can still benefit from the reputation of the collective.
**''Effort'': Although secure communications are still important, it requires less effort than total anonymity.

'''More about this question''' : https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual#Creating_and_managing_identities_online

=== 4 strategies to alter our digital shadow ===
[[File:altering-our-digital-shadow.png|center]]

== Mobile / Smart Phone ==
How a mobile phone is working, triangulation, autorisations asked by applications, metadata, alternative operating system, signed applciations, rooting and jailbreaking

=== Encrypt your phone, pass phrase, use FLOSS applications ===
'''Recommended softwares to communicate and exchange''' :
* See the market dedicated to Free Libre Open Source applications http://f-droid.org/
* And the applications developed by par https://guardianproject.info/ (available in f-droid)
=== Mobile applications renowned as safe in june 2016 ===
Always check on https://securityinabox.org/en/mobile-tools to see if an application is still safe
*SMSSecure
*Signal
*Telegraph et Snapchat (not FLOSS but end to end encryption)
*Orbot + Orweb (web browsing threw Tor network)
*keepassDroid
*Android Privacy Guard (emails + GPG)
*Obscuracam to hide people's face
=== Free your phone ===
* '''Free your Android''' : http://fsfe.org/campaigns/android/liberate.fr.html + http://www.gnu.org/philosophy/android-and-users-freedom.html

== Specific questions ==
=== How can I ask Google to forget about me ===
* At least in Europe https://support.google.com/legal/contact/lr_eudpa?product=websearch

=== How can I create a mobile application from a responsive design web site ===
At the end, no straight easy answer (yet), some resources :
* With Cordova https://github.com/MobileChromeApps/mobile-chrome-apps and http://taco.visualstudio.com/en-us/docs/create-a-hosted-app/

== Good practices, a synthesis ==
'''Backup, strong pass phrase, FLOSS Opératiing system and softwares, Autonomous infrastructure (Yunohost, non commercial), holistic security, update of the threat model network of trust, Safe spaces'''

After the workshop, what would you
*Start
*Stop
*Keep
doing ...

== Identifying good resources ==
* Security in a box https://securityinabox.org/ tools revised by a pool of digital security trainers, download the software from there
* Me and my shadow https://myshadow.org/ tips for mobile phone and browser
* Zen manual https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual focused on the gender and tech question : on-line identities, safe spaces, ...
* Holistic security : Physical security, Psycho-social security, digital security https://holistic-security.tacticaltech.org/
* About Dating apps : https://www.eff.org/deeplinks/2012/02/comparing-privacy-and-security-online-dating-sites http://www.forbrukerradet.no/appfail-en/ https://grindrmap.neocities.org/overview.html
* A webserie about privacy, big data, surveillance ... "Do not track me" https://donottrack-doc.com/en/episodes/

[[File:Killyourphone.jpg|center]]

Digital security workshop Les Dégommeuses - Paris

2016-06-21T19:53:56Z

B01: /* Preserve your anonymity, circumvent censorship */

== Issues about Security, Privacy, Anonymity ==
* Data and states
* Data and companies
* Data and citizens
* Data and art
[[File:deadrop2.jpg|center]]

== So what ? ==
* '''Holistic security''' : Physical security + Psycho-social security + digital security http://holistic-security.org/
* '''A global recipe''' : Autonomous infrastructures - Free Libre Open Source Softwares - end to end encryption
* '''Make some noise !''' encrypt to increase the cost of surveillance
[[File:content_holisticsecurityvenn.png|center]]

== Mapping activities and risks ==
'''Cloud of ideas and words related to security''' > questions to establish a baseline of privacy and security knowledge

== Draw your tech day ==
'''Draw your interactions with your digital devices''', from the morning to the moment you go to bed, including what kind of data you receive, you produce, you transfert and exchange with other people

== Ask yourself good questions ==
# Read up and '''educate yourself about your country's internet laws and policies'''. Some security technologies such as encryption are illegal in some countries, for example.
# Inform yourself about your '''country's laws and policies in relation to freedom of expression, right to privacy and against online and offline harassment'''. Those laws do not exist in all countries, and when they exist they are not framed and applied in the same way.
# Keep your '''computer and devices clean and healthy''': Updating your software, running a firewall, and protecting yourself from virus infection are fundamental to the security of your data
#'''Map your data''': What kind of data do you produce and/or manage? With whom? Where is this data stored? Which devices or online platforms hold your data? Most importantly, how sensitive is your data and what would happen if this particular data suddenly disappeared or was seen and copied by a third party?
# '''Secure your data''': Especially where our data is stored online, it is crucial to '''choose strong passwords, or better passphrases''', and to use a different one for each of our accounts.
# '''Connect safely to the internet''': When going online, especially if you are transmitting personal data and passwords, it is crucial to always use an encrypted connection which ensures that your data cannot be seen by anyone as it travels from your computer to the website you are visiting or to the service you are using.
# '''Anonymise your connections''': There are sometimes good reasons to hide your physical location and your internet activities. Tor browser anonymises your connections when you're browsing the internet, by hiding the sites you are visiting from your internet service provider, and hiding your location from the sites you visit.
# '''Secure your communications''': you might want to consider tools you can use and ways you can change your behavior to increase your security when using mobile phones as well as options for email and instant messaging
# '''Practice self-care''': Nothing is secure if we only think about technology and we neglect our wellbeing. If you are exhausted, stressed or burnt out, you might make mistakes that impair your security.

'''You should repeat periodically this exercise of permanent risk analysis so as to update the threat model and the answers you could put into practice'''

== Secure your devices and data ==
=== Computer ===
* '''Switch your computer to linux''' ;)
* '''Protect your computer against malware and virus''' https://securityinabox.org/en/guide/malware
* '''Protect your information from physical threats''' https://securityinabox.org/en/guide/physical
* '''Create and maintain secure passwords''' https://securityinabox.org/en/guide/passwords
* '''Destroy sensitive information''' https://securityinabox.org/en/guide/destroy-sensitive-information

=== Mobile phone / tablet ===
*'''Use mobile phones as securely as possible''' https://securityinabox.org/en/guide/mobile-phones
*'''Use smartphones as securely as possible''' https://securityinabox.org/en/guide/smartphones
*'''Encrypt your mobile phone''', basic Android security setup guide https://securityinabox.org/en/guide/basic-setup/android

== What is Internet ? ==
'''A network of networks of computers''' : Your computer > Internet Service Provider > router > gateway > backbone > sever serveur / routeur
* http://maps.level3.com/default/ ou http://www.submarinecablemap.com/#/landing-point/marseille-france
* http://www.teliasoneraicmap.com/
* http://www.vox.com/a/internet-maps 40 maps that explain the internet

[[File:Global-Global-IP.png|center]]

=== What is an IP address ? ===
'''An IP address identify your computer inside a local network''' (it is a private IP, for example 192.168.1.101), then your internet box provide you '''a public IP address''' connected to Internet (for example 82.239.0.211). Each network devices is identfied by a unique physical address called the MAC address (for example f4:6d:04:3a:ef:55)
* visualize your ip address and the geolocalization of your computer http://whatismyipaddress.com/
* demo traceroute : visualize where your traffic is going http://www.yougetsignal.com/tools/visual-tracert/

[[File:1-what-is-ip-address.png|center]]

== How the data are circulating in the network ==
If you tried the previous link, you can see that your request reach a server that can be on the other side if the world. But there are third parties that collect informations and datas on your navigation, most of the time to gather informations about you and to sell it for commercial purposes (we call them data brokers), so in function of the website, one single request can be tracked by up to more than twenty other companies ...
* https://trackography.org/ > Choose a country and a newspaper and see who is collecting data when you go to this website

<embedvideo service="vimeo">https://vimeo.com/163562609</embedvideo>

=== Internet role play ===
'''Each person become an element of the network :'''
* Computer A
* ISP box at home
* Gateway to Internet
* Backbone
* Trans-oceanic cable
* Gmail server
* Autonomous Tchat server
* Public wifi access point
* Computer B
'''Now, let's send a "normal" e-mail from computer A to computer B and let's see who can read what between metadatas and the content of the mail. Repeat the exercise with an encrypted e-mail, with a normal tchat and an encrypted tchat'''

[[File:FacebookHI5OrkutMAP.jpg|center]]

== Reduce your digital shadow ==
=== The web - Browser and plug-ins ===
* '''To remove adds''' : ublock origin https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
* '''To prevent tracking''' : betterprivacy https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/
* '''To reduce our digital shadow''' : Privacy Badger https://www.eff.org/privacybadger
* '''To use as much as possible encrypted communication''' between our computer and the server : HTTP'''S''' everywhere https://www.eff.org/https-everywhere
* '''To avoid viruses from web pages''' and javascript https://noscript.net/
* '''To avoid viruses from Flash content''' : flashblock https://addons.mozilla.org/en-US/firefox/addon/flashblock/

[[File:webplugins.png|center]]

=== Alternative search engines ===
'''To add a new search engine to Firefox''', see https://support.mozilla.org/en-US/kb/add-or-remove-search-engine-firefox
* https://duckduckgo.com/ see also the bangs https://duckduckgo.com/bang : if you add "!w" to your request, it will search directly on wikipedia
* https://www.qwant.com/
* https://startpage.com/
* https://searx.laquadrature.net/ meta hackable search engine

[[File:searx.png|center]]

=== Evaluate the traceability of your system and browser ===
'''The "fingerprinting"''' allow one to identify us in function of our configuration : operating system, browser configuration, plug-ins, size of our screen, ...
* to make a test : Panopticlick http://panopticlick.eff.org/

=== Remove metadata from files ===
'''Metadata are included in pictures, text documents, videos''', and can include geolocalization, the name of the autor and many more informations
* see the tool [http://sourceforge.net/projects/exiftool/ Exiftool] : to remove metadata :
exiftool "-all:all=petit chaton" -overwrite_original *.ogg

<embedvideo service="vimeo">https://vimeo.com/106165094</embedvideo>

== Use emails in a safer way ==
=== Alternative email providers ===
* https://help.riseup.net/
* http://no-log.org/
* http://autistici.org
* https://www.openmailbox.org/
* https://mailinabox.email/

=== Disposable emails ===
* https://www.guerrillamail.com/
* https://www.sharklasers.com/
* http://maildrop.cc/
* http://throwawaymail.com/
* http://yopmail.com/
* http://clipmail.eu
* https://addons.mozilla.org/fr/firefox/addon/bloody-vikings/

=== Encrypt mails with PGP ===
'''With a combination of thunderbird and enigmail plug-in :'''
* PGP avec enigmail et thunderbird https://securityinabox.org/en/guide/thunderbird/windows
* Tutorial from FSF https://emailselfdefense.fsf.org/en/
* 15 reasons not to start using PGP http://secushare.org/PGP
=== Communication and exchange services ===
'''Let's use alternative services without any commercial purposes''' FLOSS (Free/Libre Open Source), to replace skype, dropbox, doodle, google doc, ... :
* Dégoogleise Internet https://degooglisons-internet.org/

[[File:Carte2015-victoires-en.png|center]]

=== Tchat ===
* pidgin with à OTR https://otr.cypherpunks.ca/
* https://crypto.cat/
* https://pond.imperialviolet.org/
* https://ricochet.im/
* https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily

=== Visioconference ===
* chat with visioconference with jit.s https://jitsi.org/Main/Download / installation : https://jitsi.org/Documentation/SetUpJitsiAccount / open an account https://jit.si/
* directly in the browser : https://meet.jit.si/ or https://www.mozilla.org/fr/firefox/hello/
* Tox to replace skype https://tox.im/

== Preserve your anonymity, circumvent censorship ==
'''Use Tor''' (The Onion Router), '''Tails''' (Live Linux amnesic operating system), '''a VPN''' (create a tunnel between you and your vpn provider)
* TOR : https://www.torproject.org/projects/torbrowser.html.en
* TAILS : https://tails.boum.org/install/
* VPN : https://help.riseup.net/fr/vpn
<br />

[[File:Htw3.png|640px|center]]
<br />
<br />

'''Understand the difference between encryption and anonymity'''
* video gpg tactical tech https://tacticaltech.org/projects/decrypting-encryption https://vimeo.com/132517596
<embedvideo service="vimeo">https://vimeo.com/132517596</embedvideo>
* tor browser : https://www.youtube.com/user/TheTorProject
<embedvideo service="youtube">https://www.youtube.com/watch?v=JWII85UlzKw</embedvideo>

== Social network ==
=== Let's ask some good questions ===
'''How is the web service on which I'm willing to sign in is earning money ? What is its economical model ? '''

'''Set up the privacy settings of your account''', strong passwords, use d'https

'''Define which kind of information you are publishing''', did everybody agreed ? :
*who can see the informations I published
*Who is the owner of the information I published
*What kind of personal informations can I transfer to other people
*Are my contacts ok with the fact that I share informations about them with others ?
*Do I trust all the persons with which I'm in contact ?
Consider that event if you are not inscribed on Facebook, Facebook will build a shadow profile about you (Friends inviting me on facebook ...), be careful when using your Facebook or google account to sign in another web service

[[File:FB-privacy-setting-image2.jpg|center]]

=== Choose between 4 strategies concerning your on-line identity ===
* '''Real name'''
**''Risk'': Using your "real world" identity online means you are easily identifiable by family members, colleagues, and others, and your activities can be linked back to your identity.
**''Reputation'': Others can easily identify you, thus gaining reputation and trust is easier.
**''Effort'': It requires little effort.
*'''Total anonymity '''
**''Risk:'' It can be beneficial at times, but also be very difficult to maintain. Choose this option carefully.
**''Reputation'': There are few opportunities to network with others thus to gain trust and reputation.
**''Effort'': Intensive as it requires considerable caution and knowledge. It will probably require the use of anonymisation tools (for example '''Tor''' or '''TAILS''')
*'''Persistent pseudonymity'''
** *''Risk'': Pseudonyms could be linked to your real world identity.
**''Reputation'': A persistent pseudonym that others can use to identify you across platforms is a good way to gain reputation and trust.
**''Effort'': Maintenance requires some effort, particularly if you are also using your real name elsewhere.
* '''Collective Identity'''
**''Risk'': Possible exposure of your real world identity by other people's actions in the group.
**''Reputation'': While not a way to gain individual reputation, you can still benefit from the reputation of the collective.
**''Effort'': Although secure communications are still important, it requires less effort than total anonymity.

'''More about this question''' : https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual#Creating_and_managing_identities_online

=== 4 strategies to alter our digital shadow ===
[[File:altering-our-digital-shadow.png|center]]

== Téléphone mobile / intelligent ==
How a mobile phone is working, triangulation, autorisations asked by applications, metadata, alternative operating system, signed applciations, rooting and jailbreaking

=== Encrypt your phone, pass phrase, use FLOSS applications ===
'''Recommended softwares to communicate and exchange''' :
* See the market dedicated to Free Libre Open Source applications http://f-droid.org/
* And the applications developed by par https://guardianproject.info/ (available in f-droid)
=== Mobile applications renowned as safe in june 2016 ===
Always check on https://securityinabox.org/en/mobile-tools to see if an application is still safe
*SMSSecure
*Signal
*Telegraph et Snapchat (not FLOSS but end to end encryption)
*Orbot + Orweb (web browsing threw Tor network)
*keepassDroid
*Android Privacy Guard (emails + GPG)
*Obscuracam to hide people's face
=== Free your phone ===
* '''Free your Android''' : http://fsfe.org/campaigns/android/liberate.fr.html + http://www.gnu.org/philosophy/android-and-users-freedom.html

== Specific questions ==
=== How can I ask Google to forget about me ===
* At least in Europe https://support.google.com/legal/contact/lr_eudpa?product=websearch

=== How can I create a mobile application from a responsive design web site ===
At the end, no straight easy answer (yet), some resources :
* With Cordova https://github.com/MobileChromeApps/mobile-chrome-apps and http://taco.visualstudio.com/en-us/docs/create-a-hosted-app/

== Good practices, a synthesis ==
'''Backup, strong pass phrase, FLOSS Opératiing system and softwares, Autonomous infrastructure (Yunohost, non commercial), holistic security, update of the threat model network of trust, Safe spaces'''

After the workshop, what would you
*Start
*Stop
*Keep
doing ...

== Identifying good resources ==
* Security in a box https://securityinabox.org/ tools revised by a pool of digital security trainers, download the software from there
* Me and my shadow https://myshadow.org/ tips for mobile phone and browser
* Zen manual https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual focused on the gender and tech question : on-line identities, safe spaces, ...
* Holistic security : Physical security, Psycho-social security, digital security https://holistic-security.tacticaltech.org/
* About Dating apps : https://www.eff.org/deeplinks/2012/02/comparing-privacy-and-security-online-dating-sites http://www.forbrukerradet.no/appfail-en/ https://grindrmap.neocities.org/overview.html
* A webserie about privacy, big data, surveillance ... "Do not track me" https://donottrack-doc.com/en/episodes/

[[File:Killyourphone.jpg|center]]

Digital security workshop Les Dégommeuses - Paris

2016-06-21T19:52:48Z

B01: /* Preserve your anonymity, circumvent censorship */

== Issues about Security, Privacy, Anonymity ==
* Data and states
* Data and companies
* Data and citizens
* Data and art
[[File:deadrop2.jpg|center]]

== So what ? ==
* '''Holistic security''' : Physical security + Psycho-social security + digital security http://holistic-security.org/
* '''A global recipe''' : Autonomous infrastructures - Free Libre Open Source Softwares - end to end encryption
* '''Make some noise !''' encrypt to increase the cost of surveillance
[[File:content_holisticsecurityvenn.png|center]]

== Mapping activities and risks ==
'''Cloud of ideas and words related to security''' > questions to establish a baseline of privacy and security knowledge

== Draw your tech day ==
'''Draw your interactions with your digital devices''', from the morning to the moment you go to bed, including what kind of data you receive, you produce, you transfert and exchange with other people

== Ask yourself good questions ==
# Read up and '''educate yourself about your country's internet laws and policies'''. Some security technologies such as encryption are illegal in some countries, for example.
# Inform yourself about your '''country's laws and policies in relation to freedom of expression, right to privacy and against online and offline harassment'''. Those laws do not exist in all countries, and when they exist they are not framed and applied in the same way.
# Keep your '''computer and devices clean and healthy''': Updating your software, running a firewall, and protecting yourself from virus infection are fundamental to the security of your data
#'''Map your data''': What kind of data do you produce and/or manage? With whom? Where is this data stored? Which devices or online platforms hold your data? Most importantly, how sensitive is your data and what would happen if this particular data suddenly disappeared or was seen and copied by a third party?
# '''Secure your data''': Especially where our data is stored online, it is crucial to '''choose strong passwords, or better passphrases''', and to use a different one for each of our accounts.
# '''Connect safely to the internet''': When going online, especially if you are transmitting personal data and passwords, it is crucial to always use an encrypted connection which ensures that your data cannot be seen by anyone as it travels from your computer to the website you are visiting or to the service you are using.
# '''Anonymise your connections''': There are sometimes good reasons to hide your physical location and your internet activities. Tor browser anonymises your connections when you're browsing the internet, by hiding the sites you are visiting from your internet service provider, and hiding your location from the sites you visit.
# '''Secure your communications''': you might want to consider tools you can use and ways you can change your behavior to increase your security when using mobile phones as well as options for email and instant messaging
# '''Practice self-care''': Nothing is secure if we only think about technology and we neglect our wellbeing. If you are exhausted, stressed or burnt out, you might make mistakes that impair your security.

'''You should repeat periodically this exercise of permanent risk analysis so as to update the threat model and the answers you could put into practice'''

== Secure your devices and data ==
=== Computer ===
* '''Switch your computer to linux''' ;)
* '''Protect your computer against malware and virus''' https://securityinabox.org/en/guide/malware
* '''Protect your information from physical threats''' https://securityinabox.org/en/guide/physical
* '''Create and maintain secure passwords''' https://securityinabox.org/en/guide/passwords
* '''Destroy sensitive information''' https://securityinabox.org/en/guide/destroy-sensitive-information

=== Mobile phone / tablet ===
*'''Use mobile phones as securely as possible''' https://securityinabox.org/en/guide/mobile-phones
*'''Use smartphones as securely as possible''' https://securityinabox.org/en/guide/smartphones
*'''Encrypt your mobile phone''', basic Android security setup guide https://securityinabox.org/en/guide/basic-setup/android

== What is Internet ? ==
'''A network of networks of computers''' : Your computer > Internet Service Provider > router > gateway > backbone > sever serveur / routeur
* http://maps.level3.com/default/ ou http://www.submarinecablemap.com/#/landing-point/marseille-france
* http://www.teliasoneraicmap.com/
* http://www.vox.com/a/internet-maps 40 maps that explain the internet

[[File:Global-Global-IP.png|center]]

=== What is an IP address ? ===
'''An IP address identify your computer inside a local network''' (it is a private IP, for example 192.168.1.101), then your internet box provide you '''a public IP address''' connected to Internet (for example 82.239.0.211). Each network devices is identfied by a unique physical address called the MAC address (for example f4:6d:04:3a:ef:55)
* visualize your ip address and the geolocalization of your computer http://whatismyipaddress.com/
* demo traceroute : visualize where your traffic is going http://www.yougetsignal.com/tools/visual-tracert/

[[File:1-what-is-ip-address.png|center]]

== How the data are circulating in the network ==
If you tried the previous link, you can see that your request reach a server that can be on the other side if the world. But there are third parties that collect informations and datas on your navigation, most of the time to gather informations about you and to sell it for commercial purposes (we call them data brokers), so in function of the website, one single request can be tracked by up to more than twenty other companies ...
* https://trackography.org/ > Choose a country and a newspaper and see who is collecting data when you go to this website

<embedvideo service="vimeo">https://vimeo.com/163562609</embedvideo>

=== Internet role play ===
'''Each person become an element of the network :'''
* Computer A
* ISP box at home
* Gateway to Internet
* Backbone
* Trans-oceanic cable
* Gmail server
* Autonomous Tchat server
* Public wifi access point
* Computer B
'''Now, let's send a "normal" e-mail from computer A to computer B and let's see who can read what between metadatas and the content of the mail. Repeat the exercise with an encrypted e-mail, with a normal tchat and an encrypted tchat'''

[[File:FacebookHI5OrkutMAP.jpg|center]]

== Reduce your digital shadow ==
=== The web - Browser and plug-ins ===
* '''To remove adds''' : ublock origin https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
* '''To prevent tracking''' : betterprivacy https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/
* '''To reduce our digital shadow''' : Privacy Badger https://www.eff.org/privacybadger
* '''To use as much as possible encrypted communication''' between our computer and the server : HTTP'''S''' everywhere https://www.eff.org/https-everywhere
* '''To avoid viruses from web pages''' and javascript https://noscript.net/
* '''To avoid viruses from Flash content''' : flashblock https://addons.mozilla.org/en-US/firefox/addon/flashblock/

[[File:webplugins.png|center]]

=== Alternative search engines ===
'''To add a new search engine to Firefox''', see https://support.mozilla.org/en-US/kb/add-or-remove-search-engine-firefox
* https://duckduckgo.com/ see also the bangs https://duckduckgo.com/bang : if you add "!w" to your request, it will search directly on wikipedia
* https://www.qwant.com/
* https://startpage.com/
* https://searx.laquadrature.net/ meta hackable search engine

[[File:searx.png|center]]

=== Evaluate the traceability of your system and browser ===
'''The "fingerprinting"''' allow one to identify us in function of our configuration : operating system, browser configuration, plug-ins, size of our screen, ...
* to make a test : Panopticlick http://panopticlick.eff.org/

=== Remove metadata from files ===
'''Metadata are included in pictures, text documents, videos''', and can include geolocalization, the name of the autor and many more informations
* see the tool [http://sourceforge.net/projects/exiftool/ Exiftool] : to remove metadata :
exiftool "-all:all=petit chaton" -overwrite_original *.ogg

<embedvideo service="vimeo">https://vimeo.com/106165094</embedvideo>

== Use emails in a safer way ==
=== Alternative email providers ===
* https://help.riseup.net/
* http://no-log.org/
* http://autistici.org
* https://www.openmailbox.org/
* https://mailinabox.email/

=== Disposable emails ===
* https://www.guerrillamail.com/
* https://www.sharklasers.com/
* http://maildrop.cc/
* http://throwawaymail.com/
* http://yopmail.com/
* http://clipmail.eu
* https://addons.mozilla.org/fr/firefox/addon/bloody-vikings/

=== Encrypt mails with PGP ===
'''With a combination of thunderbird and enigmail plug-in :'''
* PGP avec enigmail et thunderbird https://securityinabox.org/en/guide/thunderbird/windows
* Tutorial from FSF https://emailselfdefense.fsf.org/en/
* 15 reasons not to start using PGP http://secushare.org/PGP
=== Communication and exchange services ===
'''Let's use alternative services without any commercial purposes''' FLOSS (Free/Libre Open Source), to replace skype, dropbox, doodle, google doc, ... :
* Dégoogleise Internet https://degooglisons-internet.org/

[[File:Carte2015-victoires-en.png|center]]

=== Tchat ===
* pidgin with à OTR https://otr.cypherpunks.ca/
* https://crypto.cat/
* https://pond.imperialviolet.org/
* https://ricochet.im/
* https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily

=== Visioconference ===
* chat with visioconference with jit.s https://jitsi.org/Main/Download / installation : https://jitsi.org/Documentation/SetUpJitsiAccount / open an account https://jit.si/
* directly in the browser : https://meet.jit.si/ or https://www.mozilla.org/fr/firefox/hello/
* Tox to replace skype https://tox.im/

== Preserve your anonymity, circumvent censorship ==
'''Use Tor''' (The Onion Router), '''Tails''' (Live Linux amnesic operating system), '''a VPN''' (create a tunnel between you and your vpn provider)
* TOR : https://www.torproject.org/projects/torbrowser.html.en
* TAILS : https://tails.boum.org/install/index.fr.html
* VPN : https://help.riseup.net/fr/vpn

[[File:Htw3.png|640px|center]]

'''Understand the difference between encryption and anonymity'''
* video gpg tactical tech https://tacticaltech.org/projects/decrypting-encryption https://vimeo.com/132517596
<embedvideo service="vimeo">https://vimeo.com/132517596</embedvideo>
* tor browser : https://www.youtube.com/user/TheTorProject
<embedvideo service="youtube">https://www.youtube.com/watch?v=JWII85UlzKw</embedvideo>

== Social network ==
=== Let's ask some good questions ===
'''How is the web service on which I'm willing to sign in is earning money ? What is its economical model ? '''

'''Set up the privacy settings of your account''', strong passwords, use d'https

'''Define which kind of information you are publishing''', did everybody agreed ? :
*who can see the informations I published
*Who is the owner of the information I published
*What kind of personal informations can I transfer to other people
*Are my contacts ok with the fact that I share informations about them with others ?
*Do I trust all the persons with which I'm in contact ?
Consider that event if you are not inscribed on Facebook, Facebook will build a shadow profile about you (Friends inviting me on facebook ...), be careful when using your Facebook or google account to sign in another web service

[[File:FB-privacy-setting-image2.jpg|center]]

=== Choose between 4 strategies concerning your on-line identity ===
* '''Real name'''
**''Risk'': Using your "real world" identity online means you are easily identifiable by family members, colleagues, and others, and your activities can be linked back to your identity.
**''Reputation'': Others can easily identify you, thus gaining reputation and trust is easier.
**''Effort'': It requires little effort.
*'''Total anonymity '''
**''Risk:'' It can be beneficial at times, but also be very difficult to maintain. Choose this option carefully.
**''Reputation'': There are few opportunities to network with others thus to gain trust and reputation.
**''Effort'': Intensive as it requires considerable caution and knowledge. It will probably require the use of anonymisation tools (for example '''Tor''' or '''TAILS''')
*'''Persistent pseudonymity'''
** *''Risk'': Pseudonyms could be linked to your real world identity.
**''Reputation'': A persistent pseudonym that others can use to identify you across platforms is a good way to gain reputation and trust.
**''Effort'': Maintenance requires some effort, particularly if you are also using your real name elsewhere.
* '''Collective Identity'''
**''Risk'': Possible exposure of your real world identity by other people's actions in the group.
**''Reputation'': While not a way to gain individual reputation, you can still benefit from the reputation of the collective.
**''Effort'': Although secure communications are still important, it requires less effort than total anonymity.

'''More about this question''' : https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual#Creating_and_managing_identities_online

=== 4 strategies to alter our digital shadow ===
[[File:altering-our-digital-shadow.png|center]]

== Téléphone mobile / intelligent ==
How a mobile phone is working, triangulation, autorisations asked by applications, metadata, alternative operating system, signed applciations, rooting and jailbreaking

=== Encrypt your phone, pass phrase, use FLOSS applications ===
'''Recommended softwares to communicate and exchange''' :
* See the market dedicated to Free Libre Open Source applications http://f-droid.org/
* And the applications developed by par https://guardianproject.info/ (available in f-droid)
=== Mobile applications renowned as safe in june 2016 ===
Always check on https://securityinabox.org/en/mobile-tools to see if an application is still safe
*SMSSecure
*Signal
*Telegraph et Snapchat (not FLOSS but end to end encryption)
*Orbot + Orweb (web browsing threw Tor network)
*keepassDroid
*Android Privacy Guard (emails + GPG)
*Obscuracam to hide people's face
=== Free your phone ===
* '''Free your Android''' : http://fsfe.org/campaigns/android/liberate.fr.html + http://www.gnu.org/philosophy/android-and-users-freedom.html

== Specific questions ==
=== How can I ask Google to forget about me ===
* At least in Europe https://support.google.com/legal/contact/lr_eudpa?product=websearch

=== How can I create a mobile application from a responsive design web site ===
At the end, no straight easy answer (yet), some resources :
* With Cordova https://github.com/MobileChromeApps/mobile-chrome-apps and http://taco.visualstudio.com/en-us/docs/create-a-hosted-app/

== Good practices, a synthesis ==
'''Backup, strong pass phrase, FLOSS Opératiing system and softwares, Autonomous infrastructure (Yunohost, non commercial), holistic security, update of the threat model network of trust, Safe spaces'''

After the workshop, what would you
*Start
*Stop
*Keep
doing ...

== Identifying good resources ==
* Security in a box https://securityinabox.org/ tools revised by a pool of digital security trainers, download the software from there
* Me and my shadow https://myshadow.org/ tips for mobile phone and browser
* Zen manual https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual focused on the gender and tech question : on-line identities, safe spaces, ...
* Holistic security : Physical security, Psycho-social security, digital security https://holistic-security.tacticaltech.org/
* About Dating apps : https://www.eff.org/deeplinks/2012/02/comparing-privacy-and-security-online-dating-sites http://www.forbrukerradet.no/appfail-en/ https://grindrmap.neocities.org/overview.html
* A webserie about privacy, big data, surveillance ... "Do not track me" https://donottrack-doc.com/en/episodes/

[[File:Killyourphone.jpg|center]]

Digital security workshop Les Dégommeuses - Paris

2016-06-21T19:51:00Z

B01: /* How the data are circulating in the network */

== Issues about Security, Privacy, Anonymity ==
* Data and states
* Data and companies
* Data and citizens
* Data and art
[[File:deadrop2.jpg|center]]

== So what ? ==
* '''Holistic security''' : Physical security + Psycho-social security + digital security http://holistic-security.org/
* '''A global recipe''' : Autonomous infrastructures - Free Libre Open Source Softwares - end to end encryption
* '''Make some noise !''' encrypt to increase the cost of surveillance
[[File:content_holisticsecurityvenn.png|center]]

== Mapping activities and risks ==
'''Cloud of ideas and words related to security''' > questions to establish a baseline of privacy and security knowledge

== Draw your tech day ==
'''Draw your interactions with your digital devices''', from the morning to the moment you go to bed, including what kind of data you receive, you produce, you transfert and exchange with other people

== Ask yourself good questions ==
# Read up and '''educate yourself about your country's internet laws and policies'''. Some security technologies such as encryption are illegal in some countries, for example.
# Inform yourself about your '''country's laws and policies in relation to freedom of expression, right to privacy and against online and offline harassment'''. Those laws do not exist in all countries, and when they exist they are not framed and applied in the same way.
# Keep your '''computer and devices clean and healthy''': Updating your software, running a firewall, and protecting yourself from virus infection are fundamental to the security of your data
#'''Map your data''': What kind of data do you produce and/or manage? With whom? Where is this data stored? Which devices or online platforms hold your data? Most importantly, how sensitive is your data and what would happen if this particular data suddenly disappeared or was seen and copied by a third party?
# '''Secure your data''': Especially where our data is stored online, it is crucial to '''choose strong passwords, or better passphrases''', and to use a different one for each of our accounts.
# '''Connect safely to the internet''': When going online, especially if you are transmitting personal data and passwords, it is crucial to always use an encrypted connection which ensures that your data cannot be seen by anyone as it travels from your computer to the website you are visiting or to the service you are using.
# '''Anonymise your connections''': There are sometimes good reasons to hide your physical location and your internet activities. Tor browser anonymises your connections when you're browsing the internet, by hiding the sites you are visiting from your internet service provider, and hiding your location from the sites you visit.
# '''Secure your communications''': you might want to consider tools you can use and ways you can change your behavior to increase your security when using mobile phones as well as options for email and instant messaging
# '''Practice self-care''': Nothing is secure if we only think about technology and we neglect our wellbeing. If you are exhausted, stressed or burnt out, you might make mistakes that impair your security.

'''You should repeat periodically this exercise of permanent risk analysis so as to update the threat model and the answers you could put into practice'''

== Secure your devices and data ==
=== Computer ===
* '''Switch your computer to linux''' ;)
* '''Protect your computer against malware and virus''' https://securityinabox.org/en/guide/malware
* '''Protect your information from physical threats''' https://securityinabox.org/en/guide/physical
* '''Create and maintain secure passwords''' https://securityinabox.org/en/guide/passwords
* '''Destroy sensitive information''' https://securityinabox.org/en/guide/destroy-sensitive-information

=== Mobile phone / tablet ===
*'''Use mobile phones as securely as possible''' https://securityinabox.org/en/guide/mobile-phones
*'''Use smartphones as securely as possible''' https://securityinabox.org/en/guide/smartphones
*'''Encrypt your mobile phone''', basic Android security setup guide https://securityinabox.org/en/guide/basic-setup/android

== What is Internet ? ==
'''A network of networks of computers''' : Your computer > Internet Service Provider > router > gateway > backbone > sever serveur / routeur
* http://maps.level3.com/default/ ou http://www.submarinecablemap.com/#/landing-point/marseille-france
* http://www.teliasoneraicmap.com/
* http://www.vox.com/a/internet-maps 40 maps that explain the internet

[[File:Global-Global-IP.png|center]]

=== What is an IP address ? ===
'''An IP address identify your computer inside a local network''' (it is a private IP, for example 192.168.1.101), then your internet box provide you '''a public IP address''' connected to Internet (for example 82.239.0.211). Each network devices is identfied by a unique physical address called the MAC address (for example f4:6d:04:3a:ef:55)
* visualize your ip address and the geolocalization of your computer http://whatismyipaddress.com/
* demo traceroute : visualize where your traffic is going http://www.yougetsignal.com/tools/visual-tracert/

[[File:1-what-is-ip-address.png|center]]

== How the data are circulating in the network ==
If you tried the previous link, you can see that your request reach a server that can be on the other side if the world. But there are third parties that collect informations and datas on your navigation, most of the time to gather informations about you and to sell it for commercial purposes (we call them data brokers), so in function of the website, one single request can be tracked by up to more than twenty other companies ...
* https://trackography.org/ > Choose a country and a newspaper and see who is collecting data when you go to this website

<embedvideo service="vimeo">https://vimeo.com/163562609</embedvideo>

=== Internet role play ===
'''Each person become an element of the network :'''
* Computer A
* ISP box at home
* Gateway to Internet
* Backbone
* Trans-oceanic cable
* Gmail server
* Autonomous Tchat server
* Public wifi access point
* Computer B
'''Now, let's send a "normal" e-mail from computer A to computer B and let's see who can read what between metadatas and the content of the mail. Repeat the exercise with an encrypted e-mail, with a normal tchat and an encrypted tchat'''

[[File:FacebookHI5OrkutMAP.jpg|center]]

== Reduce your digital shadow ==
=== The web - Browser and plug-ins ===
* '''To remove adds''' : ublock origin https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
* '''To prevent tracking''' : betterprivacy https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/
* '''To reduce our digital shadow''' : Privacy Badger https://www.eff.org/privacybadger
* '''To use as much as possible encrypted communication''' between our computer and the server : HTTP'''S''' everywhere https://www.eff.org/https-everywhere
* '''To avoid viruses from web pages''' and javascript https://noscript.net/
* '''To avoid viruses from Flash content''' : flashblock https://addons.mozilla.org/en-US/firefox/addon/flashblock/

[[File:webplugins.png|center]]

=== Alternative search engines ===
'''To add a new search engine to Firefox''', see https://support.mozilla.org/en-US/kb/add-or-remove-search-engine-firefox
* https://duckduckgo.com/ see also the bangs https://duckduckgo.com/bang : if you add "!w" to your request, it will search directly on wikipedia
* https://www.qwant.com/
* https://startpage.com/
* https://searx.laquadrature.net/ meta hackable search engine

[[File:searx.png|center]]

=== Evaluate the traceability of your system and browser ===
'''The "fingerprinting"''' allow one to identify us in function of our configuration : operating system, browser configuration, plug-ins, size of our screen, ...
* to make a test : Panopticlick http://panopticlick.eff.org/

=== Remove metadata from files ===
'''Metadata are included in pictures, text documents, videos''', and can include geolocalization, the name of the autor and many more informations
* see the tool [http://sourceforge.net/projects/exiftool/ Exiftool] : to remove metadata :
exiftool "-all:all=petit chaton" -overwrite_original *.ogg

<embedvideo service="vimeo">https://vimeo.com/106165094</embedvideo>

== Use emails in a safer way ==
=== Alternative email providers ===
* https://help.riseup.net/
* http://no-log.org/
* http://autistici.org
* https://www.openmailbox.org/
* https://mailinabox.email/

=== Disposable emails ===
* https://www.guerrillamail.com/
* https://www.sharklasers.com/
* http://maildrop.cc/
* http://throwawaymail.com/
* http://yopmail.com/
* http://clipmail.eu
* https://addons.mozilla.org/fr/firefox/addon/bloody-vikings/

=== Encrypt mails with PGP ===
'''With a combination of thunderbird and enigmail plug-in :'''
* PGP avec enigmail et thunderbird https://securityinabox.org/en/guide/thunderbird/windows
* Tutorial from FSF https://emailselfdefense.fsf.org/en/
* 15 reasons not to start using PGP http://secushare.org/PGP
=== Communication and exchange services ===
'''Let's use alternative services without any commercial purposes''' FLOSS (Free/Libre Open Source), to replace skype, dropbox, doodle, google doc, ... :
* Dégoogleise Internet https://degooglisons-internet.org/

[[File:Carte2015-victoires-en.png|center]]

=== Tchat ===
* pidgin with à OTR https://otr.cypherpunks.ca/
* https://crypto.cat/
* https://pond.imperialviolet.org/
* https://ricochet.im/
* https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily

=== Visioconference ===
* chat with visioconference with jit.s https://jitsi.org/Main/Download / installation : https://jitsi.org/Documentation/SetUpJitsiAccount / open an account https://jit.si/
* directly in the browser : https://meet.jit.si/ or https://www.mozilla.org/fr/firefox/hello/
* Tox to replace skype https://tox.im/

== Preserve your anonymity, circumvent censorship ==
'''Use Tor''' (The Onion Router), '''Tails''' (Live Linux amnesic operating system), '''a VPN''' (create a tunnel between you and your vpn provider)
* TOR : https://www.torproject.org/projects/torbrowser.html.en
* TAILS : https://tails.boum.org/install/index.fr.html
* VPN : https://help.riseup.net/fr/vpn
'''Understand the difference between encryption and anonymity'''
* video gpg tactical tech https://tacticaltech.org/projects/decrypting-encryption https://vimeo.com/132517596
<embedvideo service="vimeo">https://vimeo.com/132517596</embedvideo>
* tor browser : https://www.youtube.com/user/TheTorProject
<embedvideo service="youtube">https://www.youtube.com/watch?v=JWII85UlzKw</embedvideo>

[[File:Htw3.png|center]]

== Social network ==
=== Let's ask some good questions ===
'''How is the web service on which I'm willing to sign in is earning money ? What is its economical model ? '''

'''Set up the privacy settings of your account''', strong passwords, use d'https

'''Define which kind of information you are publishing''', did everybody agreed ? :
*who can see the informations I published
*Who is the owner of the information I published
*What kind of personal informations can I transfer to other people
*Are my contacts ok with the fact that I share informations about them with others ?
*Do I trust all the persons with which I'm in contact ?
Consider that event if you are not inscribed on Facebook, Facebook will build a shadow profile about you (Friends inviting me on facebook ...), be careful when using your Facebook or google account to sign in another web service

[[File:FB-privacy-setting-image2.jpg|center]]

=== Choose between 4 strategies concerning your on-line identity ===
* '''Real name'''
**''Risk'': Using your "real world" identity online means you are easily identifiable by family members, colleagues, and others, and your activities can be linked back to your identity.
**''Reputation'': Others can easily identify you, thus gaining reputation and trust is easier.
**''Effort'': It requires little effort.
*'''Total anonymity '''
**''Risk:'' It can be beneficial at times, but also be very difficult to maintain. Choose this option carefully.
**''Reputation'': There are few opportunities to network with others thus to gain trust and reputation.
**''Effort'': Intensive as it requires considerable caution and knowledge. It will probably require the use of anonymisation tools (for example '''Tor''' or '''TAILS''')
*'''Persistent pseudonymity'''
** *''Risk'': Pseudonyms could be linked to your real world identity.
**''Reputation'': A persistent pseudonym that others can use to identify you across platforms is a good way to gain reputation and trust.
**''Effort'': Maintenance requires some effort, particularly if you are also using your real name elsewhere.
* '''Collective Identity'''
**''Risk'': Possible exposure of your real world identity by other people's actions in the group.
**''Reputation'': While not a way to gain individual reputation, you can still benefit from the reputation of the collective.
**''Effort'': Although secure communications are still important, it requires less effort than total anonymity.

'''More about this question''' : https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual#Creating_and_managing_identities_online

=== 4 strategies to alter our digital shadow ===
[[File:altering-our-digital-shadow.png|center]]

== Téléphone mobile / intelligent ==
How a mobile phone is working, triangulation, autorisations asked by applications, metadata, alternative operating system, signed applciations, rooting and jailbreaking

=== Encrypt your phone, pass phrase, use FLOSS applications ===
'''Recommended softwares to communicate and exchange''' :
* See the market dedicated to Free Libre Open Source applications http://f-droid.org/
* And the applications developed by par https://guardianproject.info/ (available in f-droid)
=== Mobile applications renowned as safe in june 2016 ===
Always check on https://securityinabox.org/en/mobile-tools to see if an application is still safe
*SMSSecure
*Signal
*Telegraph et Snapchat (not FLOSS but end to end encryption)
*Orbot + Orweb (web browsing threw Tor network)
*keepassDroid
*Android Privacy Guard (emails + GPG)
*Obscuracam to hide people's face
=== Free your phone ===
* '''Free your Android''' : http://fsfe.org/campaigns/android/liberate.fr.html + http://www.gnu.org/philosophy/android-and-users-freedom.html

== Specific questions ==
=== How can I ask Google to forget about me ===
* At least in Europe https://support.google.com/legal/contact/lr_eudpa?product=websearch

=== How can I create a mobile application from a responsive design web site ===
At the end, no straight easy answer (yet), some resources :
* With Cordova https://github.com/MobileChromeApps/mobile-chrome-apps and http://taco.visualstudio.com/en-us/docs/create-a-hosted-app/

== Good practices, a synthesis ==
'''Backup, strong pass phrase, FLOSS Opératiing system and softwares, Autonomous infrastructure (Yunohost, non commercial), holistic security, update of the threat model network of trust, Safe spaces'''

After the workshop, what would you
*Start
*Stop
*Keep
doing ...

== Identifying good resources ==
* Security in a box https://securityinabox.org/ tools revised by a pool of digital security trainers, download the software from there
* Me and my shadow https://myshadow.org/ tips for mobile phone and browser
* Zen manual https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual focused on the gender and tech question : on-line identities, safe spaces, ...
* Holistic security : Physical security, Psycho-social security, digital security https://holistic-security.tacticaltech.org/
* About Dating apps : https://www.eff.org/deeplinks/2012/02/comparing-privacy-and-security-online-dating-sites http://www.forbrukerradet.no/appfail-en/ https://grindrmap.neocities.org/overview.html
* A webserie about privacy, big data, surveillance ... "Do not track me" https://donottrack-doc.com/en/episodes/

[[File:Killyourphone.jpg|center]]

Digital security workshop Les Dégommeuses - Paris

2016-06-21T19:49:25Z

B01: /* Remove metadata from files */

== Issues about Security, Privacy, Anonymity ==
* Data and states
* Data and companies
* Data and citizens
* Data and art
[[File:deadrop2.jpg|center]]

== So what ? ==
* '''Holistic security''' : Physical security + Psycho-social security + digital security http://holistic-security.org/
* '''A global recipe''' : Autonomous infrastructures - Free Libre Open Source Softwares - end to end encryption
* '''Make some noise !''' encrypt to increase the cost of surveillance
[[File:content_holisticsecurityvenn.png|center]]

== Mapping activities and risks ==
'''Cloud of ideas and words related to security''' > questions to establish a baseline of privacy and security knowledge

== Draw your tech day ==
'''Draw your interactions with your digital devices''', from the morning to the moment you go to bed, including what kind of data you receive, you produce, you transfert and exchange with other people

== Ask yourself good questions ==
# Read up and '''educate yourself about your country's internet laws and policies'''. Some security technologies such as encryption are illegal in some countries, for example.
# Inform yourself about your '''country's laws and policies in relation to freedom of expression, right to privacy and against online and offline harassment'''. Those laws do not exist in all countries, and when they exist they are not framed and applied in the same way.
# Keep your '''computer and devices clean and healthy''': Updating your software, running a firewall, and protecting yourself from virus infection are fundamental to the security of your data
#'''Map your data''': What kind of data do you produce and/or manage? With whom? Where is this data stored? Which devices or online platforms hold your data? Most importantly, how sensitive is your data and what would happen if this particular data suddenly disappeared or was seen and copied by a third party?
# '''Secure your data''': Especially where our data is stored online, it is crucial to '''choose strong passwords, or better passphrases''', and to use a different one for each of our accounts.
# '''Connect safely to the internet''': When going online, especially if you are transmitting personal data and passwords, it is crucial to always use an encrypted connection which ensures that your data cannot be seen by anyone as it travels from your computer to the website you are visiting or to the service you are using.
# '''Anonymise your connections''': There are sometimes good reasons to hide your physical location and your internet activities. Tor browser anonymises your connections when you're browsing the internet, by hiding the sites you are visiting from your internet service provider, and hiding your location from the sites you visit.
# '''Secure your communications''': you might want to consider tools you can use and ways you can change your behavior to increase your security when using mobile phones as well as options for email and instant messaging
# '''Practice self-care''': Nothing is secure if we only think about technology and we neglect our wellbeing. If you are exhausted, stressed or burnt out, you might make mistakes that impair your security.

'''You should repeat periodically this exercise of permanent risk analysis so as to update the threat model and the answers you could put into practice'''

== Secure your devices and data ==
=== Computer ===
* '''Switch your computer to linux''' ;)
* '''Protect your computer against malware and virus''' https://securityinabox.org/en/guide/malware
* '''Protect your information from physical threats''' https://securityinabox.org/en/guide/physical
* '''Create and maintain secure passwords''' https://securityinabox.org/en/guide/passwords
* '''Destroy sensitive information''' https://securityinabox.org/en/guide/destroy-sensitive-information

=== Mobile phone / tablet ===
*'''Use mobile phones as securely as possible''' https://securityinabox.org/en/guide/mobile-phones
*'''Use smartphones as securely as possible''' https://securityinabox.org/en/guide/smartphones
*'''Encrypt your mobile phone''', basic Android security setup guide https://securityinabox.org/en/guide/basic-setup/android

== What is Internet ? ==
'''A network of networks of computers''' : Your computer > Internet Service Provider > router > gateway > backbone > sever serveur / routeur
* http://maps.level3.com/default/ ou http://www.submarinecablemap.com/#/landing-point/marseille-france
* http://www.teliasoneraicmap.com/
* http://www.vox.com/a/internet-maps 40 maps that explain the internet

[[File:Global-Global-IP.png|center]]

=== What is an IP address ? ===
'''An IP address identify your computer inside a local network''' (it is a private IP, for example 192.168.1.101), then your internet box provide you '''a public IP address''' connected to Internet (for example 82.239.0.211). Each network devices is identfied by a unique physical address called the MAC address (for example f4:6d:04:3a:ef:55)
* visualize your ip address and the geolocalization of your computer http://whatismyipaddress.com/
* demo traceroute : visualize where your traffic is going http://www.yougetsignal.com/tools/visual-tracert/

[[File:1-what-is-ip-address.png|center]]

== How the data are circulating in the network ==
If you tried the previous link, you can see that your request reach a server that can be on the other side if the world. But there are third parties that collect informations and datas on your navigation, most of the time to gather informations about you and to sell it for commercial purposes (we call them data brokers), so in function of the website, one single request can be tracked by up to more than twenty other companies ...
* https://trackography.org/ > Choose a country and a newspaper and see who is collecting data when you go to this website

=== Internet role play ===
'''Each person become an element of the network :'''
* Computer A
* ISP box at home
* Gateway to Internet
* Backbone
* Trans-oceanic cable
* Gmail server
* Autonomous Tchat server
* Public wifi access point
* Computer B
'''Now, let's send a "normal" e-mail from computer A to computer B and let's see who can read what between metadatas and the content of the mail. Repeat the exercise with an encrypted e-mail, with a normal tchat and an encrypted tchat'''

[[File:FacebookHI5OrkutMAP.jpg|center]]

== Reduce your digital shadow ==
=== The web - Browser and plug-ins ===
* '''To remove adds''' : ublock origin https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
* '''To prevent tracking''' : betterprivacy https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/
* '''To reduce our digital shadow''' : Privacy Badger https://www.eff.org/privacybadger
* '''To use as much as possible encrypted communication''' between our computer and the server : HTTP'''S''' everywhere https://www.eff.org/https-everywhere
* '''To avoid viruses from web pages''' and javascript https://noscript.net/
* '''To avoid viruses from Flash content''' : flashblock https://addons.mozilla.org/en-US/firefox/addon/flashblock/

[[File:webplugins.png|center]]

=== Alternative search engines ===
'''To add a new search engine to Firefox''', see https://support.mozilla.org/en-US/kb/add-or-remove-search-engine-firefox
* https://duckduckgo.com/ see also the bangs https://duckduckgo.com/bang : if you add "!w" to your request, it will search directly on wikipedia
* https://www.qwant.com/
* https://startpage.com/
* https://searx.laquadrature.net/ meta hackable search engine

[[File:searx.png|center]]

=== Evaluate the traceability of your system and browser ===
'''The "fingerprinting"''' allow one to identify us in function of our configuration : operating system, browser configuration, plug-ins, size of our screen, ...
* to make a test : Panopticlick http://panopticlick.eff.org/

=== Remove metadata from files ===
'''Metadata are included in pictures, text documents, videos''', and can include geolocalization, the name of the autor and many more informations
* see the tool [http://sourceforge.net/projects/exiftool/ Exiftool] : to remove metadata :
exiftool "-all:all=petit chaton" -overwrite_original *.ogg

<embedvideo service="vimeo">https://vimeo.com/106165094</embedvideo>

== Use emails in a safer way ==
=== Alternative email providers ===
* https://help.riseup.net/
* http://no-log.org/
* http://autistici.org
* https://www.openmailbox.org/
* https://mailinabox.email/

=== Disposable emails ===
* https://www.guerrillamail.com/
* https://www.sharklasers.com/
* http://maildrop.cc/
* http://throwawaymail.com/
* http://yopmail.com/
* http://clipmail.eu
* https://addons.mozilla.org/fr/firefox/addon/bloody-vikings/

=== Encrypt mails with PGP ===
'''With a combination of thunderbird and enigmail plug-in :'''
* PGP avec enigmail et thunderbird https://securityinabox.org/en/guide/thunderbird/windows
* Tutorial from FSF https://emailselfdefense.fsf.org/en/
* 15 reasons not to start using PGP http://secushare.org/PGP
=== Communication and exchange services ===
'''Let's use alternative services without any commercial purposes''' FLOSS (Free/Libre Open Source), to replace skype, dropbox, doodle, google doc, ... :
* Dégoogleise Internet https://degooglisons-internet.org/

[[File:Carte2015-victoires-en.png|center]]

=== Tchat ===
* pidgin with à OTR https://otr.cypherpunks.ca/
* https://crypto.cat/
* https://pond.imperialviolet.org/
* https://ricochet.im/
* https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily

=== Visioconference ===
* chat with visioconference with jit.s https://jitsi.org/Main/Download / installation : https://jitsi.org/Documentation/SetUpJitsiAccount / open an account https://jit.si/
* directly in the browser : https://meet.jit.si/ or https://www.mozilla.org/fr/firefox/hello/
* Tox to replace skype https://tox.im/

== Preserve your anonymity, circumvent censorship ==
'''Use Tor''' (The Onion Router), '''Tails''' (Live Linux amnesic operating system), '''a VPN''' (create a tunnel between you and your vpn provider)
* TOR : https://www.torproject.org/projects/torbrowser.html.en
* TAILS : https://tails.boum.org/install/index.fr.html
* VPN : https://help.riseup.net/fr/vpn
'''Understand the difference between encryption and anonymity'''
* video gpg tactical tech https://tacticaltech.org/projects/decrypting-encryption https://vimeo.com/132517596
<embedvideo service="vimeo">https://vimeo.com/132517596</embedvideo>
* tor browser : https://www.youtube.com/user/TheTorProject
<embedvideo service="youtube">https://www.youtube.com/watch?v=JWII85UlzKw</embedvideo>

[[File:Htw3.png|center]]

== Social network ==
=== Let's ask some good questions ===
'''How is the web service on which I'm willing to sign in is earning money ? What is its economical model ? '''

'''Set up the privacy settings of your account''', strong passwords, use d'https

'''Define which kind of information you are publishing''', did everybody agreed ? :
*who can see the informations I published
*Who is the owner of the information I published
*What kind of personal informations can I transfer to other people
*Are my contacts ok with the fact that I share informations about them with others ?
*Do I trust all the persons with which I'm in contact ?
Consider that event if you are not inscribed on Facebook, Facebook will build a shadow profile about you (Friends inviting me on facebook ...), be careful when using your Facebook or google account to sign in another web service

[[File:FB-privacy-setting-image2.jpg|center]]

=== Choose between 4 strategies concerning your on-line identity ===
* '''Real name'''
**''Risk'': Using your "real world" identity online means you are easily identifiable by family members, colleagues, and others, and your activities can be linked back to your identity.
**''Reputation'': Others can easily identify you, thus gaining reputation and trust is easier.
**''Effort'': It requires little effort.
*'''Total anonymity '''
**''Risk:'' It can be beneficial at times, but also be very difficult to maintain. Choose this option carefully.
**''Reputation'': There are few opportunities to network with others thus to gain trust and reputation.
**''Effort'': Intensive as it requires considerable caution and knowledge. It will probably require the use of anonymisation tools (for example '''Tor''' or '''TAILS''')
*'''Persistent pseudonymity'''
** *''Risk'': Pseudonyms could be linked to your real world identity.
**''Reputation'': A persistent pseudonym that others can use to identify you across platforms is a good way to gain reputation and trust.
**''Effort'': Maintenance requires some effort, particularly if you are also using your real name elsewhere.
* '''Collective Identity'''
**''Risk'': Possible exposure of your real world identity by other people's actions in the group.
**''Reputation'': While not a way to gain individual reputation, you can still benefit from the reputation of the collective.
**''Effort'': Although secure communications are still important, it requires less effort than total anonymity.

'''More about this question''' : https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual#Creating_and_managing_identities_online

=== 4 strategies to alter our digital shadow ===
[[File:altering-our-digital-shadow.png|center]]

== Téléphone mobile / intelligent ==
How a mobile phone is working, triangulation, autorisations asked by applications, metadata, alternative operating system, signed applciations, rooting and jailbreaking

=== Encrypt your phone, pass phrase, use FLOSS applications ===
'''Recommended softwares to communicate and exchange''' :
* See the market dedicated to Free Libre Open Source applications http://f-droid.org/
* And the applications developed by par https://guardianproject.info/ (available in f-droid)
=== Mobile applications renowned as safe in june 2016 ===
Always check on https://securityinabox.org/en/mobile-tools to see if an application is still safe
*SMSSecure
*Signal
*Telegraph et Snapchat (not FLOSS but end to end encryption)
*Orbot + Orweb (web browsing threw Tor network)
*keepassDroid
*Android Privacy Guard (emails + GPG)
*Obscuracam to hide people's face
=== Free your phone ===
* '''Free your Android''' : http://fsfe.org/campaigns/android/liberate.fr.html + http://www.gnu.org/philosophy/android-and-users-freedom.html

== Specific questions ==
=== How can I ask Google to forget about me ===
* At least in Europe https://support.google.com/legal/contact/lr_eudpa?product=websearch

=== How can I create a mobile application from a responsive design web site ===
At the end, no straight easy answer (yet), some resources :
* With Cordova https://github.com/MobileChromeApps/mobile-chrome-apps and http://taco.visualstudio.com/en-us/docs/create-a-hosted-app/

== Good practices, a synthesis ==
'''Backup, strong pass phrase, FLOSS Opératiing system and softwares, Autonomous infrastructure (Yunohost, non commercial), holistic security, update of the threat model network of trust, Safe spaces'''

After the workshop, what would you
*Start
*Stop
*Keep
doing ...

== Identifying good resources ==
* Security in a box https://securityinabox.org/ tools revised by a pool of digital security trainers, download the software from there
* Me and my shadow https://myshadow.org/ tips for mobile phone and browser
* Zen manual https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual focused on the gender and tech question : on-line identities, safe spaces, ...
* Holistic security : Physical security, Psycho-social security, digital security https://holistic-security.tacticaltech.org/
* About Dating apps : https://www.eff.org/deeplinks/2012/02/comparing-privacy-and-security-online-dating-sites http://www.forbrukerradet.no/appfail-en/ https://grindrmap.neocities.org/overview.html
* A webserie about privacy, big data, surveillance ... "Do not track me" https://donottrack-doc.com/en/episodes/

[[File:Killyourphone.jpg|center]]

Digital security workshop Les Dégommeuses - Paris

2016-06-21T19:46:09Z

B01: /* Preserve your anonymity, circumvent censorship */

== Issues about Security, Privacy, Anonymity ==
* Data and states
* Data and companies
* Data and citizens
* Data and art
[[File:deadrop2.jpg|center]]

== So what ? ==
* '''Holistic security''' : Physical security + Psycho-social security + digital security http://holistic-security.org/
* '''A global recipe''' : Autonomous infrastructures - Free Libre Open Source Softwares - end to end encryption
* '''Make some noise !''' encrypt to increase the cost of surveillance
[[File:content_holisticsecurityvenn.png|center]]

== Mapping activities and risks ==
'''Cloud of ideas and words related to security''' > questions to establish a baseline of privacy and security knowledge

== Draw your tech day ==
'''Draw your interactions with your digital devices''', from the morning to the moment you go to bed, including what kind of data you receive, you produce, you transfert and exchange with other people

== Ask yourself good questions ==
# Read up and '''educate yourself about your country's internet laws and policies'''. Some security technologies such as encryption are illegal in some countries, for example.
# Inform yourself about your '''country's laws and policies in relation to freedom of expression, right to privacy and against online and offline harassment'''. Those laws do not exist in all countries, and when they exist they are not framed and applied in the same way.
# Keep your '''computer and devices clean and healthy''': Updating your software, running a firewall, and protecting yourself from virus infection are fundamental to the security of your data
#'''Map your data''': What kind of data do you produce and/or manage? With whom? Where is this data stored? Which devices or online platforms hold your data? Most importantly, how sensitive is your data and what would happen if this particular data suddenly disappeared or was seen and copied by a third party?
# '''Secure your data''': Especially where our data is stored online, it is crucial to '''choose strong passwords, or better passphrases''', and to use a different one for each of our accounts.
# '''Connect safely to the internet''': When going online, especially if you are transmitting personal data and passwords, it is crucial to always use an encrypted connection which ensures that your data cannot be seen by anyone as it travels from your computer to the website you are visiting or to the service you are using.
# '''Anonymise your connections''': There are sometimes good reasons to hide your physical location and your internet activities. Tor browser anonymises your connections when you're browsing the internet, by hiding the sites you are visiting from your internet service provider, and hiding your location from the sites you visit.
# '''Secure your communications''': you might want to consider tools you can use and ways you can change your behavior to increase your security when using mobile phones as well as options for email and instant messaging
# '''Practice self-care''': Nothing is secure if we only think about technology and we neglect our wellbeing. If you are exhausted, stressed or burnt out, you might make mistakes that impair your security.

'''You should repeat periodically this exercise of permanent risk analysis so as to update the threat model and the answers you could put into practice'''

== Secure your devices and data ==
=== Computer ===
* '''Switch your computer to linux''' ;)
* '''Protect your computer against malware and virus''' https://securityinabox.org/en/guide/malware
* '''Protect your information from physical threats''' https://securityinabox.org/en/guide/physical
* '''Create and maintain secure passwords''' https://securityinabox.org/en/guide/passwords
* '''Destroy sensitive information''' https://securityinabox.org/en/guide/destroy-sensitive-information

=== Mobile phone / tablet ===
*'''Use mobile phones as securely as possible''' https://securityinabox.org/en/guide/mobile-phones
*'''Use smartphones as securely as possible''' https://securityinabox.org/en/guide/smartphones
*'''Encrypt your mobile phone''', basic Android security setup guide https://securityinabox.org/en/guide/basic-setup/android

== What is Internet ? ==
'''A network of networks of computers''' : Your computer > Internet Service Provider > router > gateway > backbone > sever serveur / routeur
* http://maps.level3.com/default/ ou http://www.submarinecablemap.com/#/landing-point/marseille-france
* http://www.teliasoneraicmap.com/
* http://www.vox.com/a/internet-maps 40 maps that explain the internet

[[File:Global-Global-IP.png|center]]

=== What is an IP address ? ===
'''An IP address identify your computer inside a local network''' (it is a private IP, for example 192.168.1.101), then your internet box provide you '''a public IP address''' connected to Internet (for example 82.239.0.211). Each network devices is identfied by a unique physical address called the MAC address (for example f4:6d:04:3a:ef:55)
* visualize your ip address and the geolocalization of your computer http://whatismyipaddress.com/
* demo traceroute : visualize where your traffic is going http://www.yougetsignal.com/tools/visual-tracert/

[[File:1-what-is-ip-address.png|center]]

== How the data are circulating in the network ==
If you tried the previous link, you can see that your request reach a server that can be on the other side if the world. But there are third parties that collect informations and datas on your navigation, most of the time to gather informations about you and to sell it for commercial purposes (we call them data brokers), so in function of the website, one single request can be tracked by up to more than twenty other companies ...
* https://trackography.org/ > Choose a country and a newspaper and see who is collecting data when you go to this website

=== Internet role play ===
'''Each person become an element of the network :'''
* Computer A
* ISP box at home
* Gateway to Internet
* Backbone
* Trans-oceanic cable
* Gmail server
* Autonomous Tchat server
* Public wifi access point
* Computer B
'''Now, let's send a "normal" e-mail from computer A to computer B and let's see who can read what between metadatas and the content of the mail. Repeat the exercise with an encrypted e-mail, with a normal tchat and an encrypted tchat'''

[[File:FacebookHI5OrkutMAP.jpg|center]]

== Reduce your digital shadow ==
=== The web - Browser and plug-ins ===
* '''To remove adds''' : ublock origin https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
* '''To prevent tracking''' : betterprivacy https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/
* '''To reduce our digital shadow''' : Privacy Badger https://www.eff.org/privacybadger
* '''To use as much as possible encrypted communication''' between our computer and the server : HTTP'''S''' everywhere https://www.eff.org/https-everywhere
* '''To avoid viruses from web pages''' and javascript https://noscript.net/
* '''To avoid viruses from Flash content''' : flashblock https://addons.mozilla.org/en-US/firefox/addon/flashblock/

[[File:webplugins.png|center]]

=== Alternative search engines ===
'''To add a new search engine to Firefox''', see https://support.mozilla.org/en-US/kb/add-or-remove-search-engine-firefox
* https://duckduckgo.com/ see also the bangs https://duckduckgo.com/bang : if you add "!w" to your request, it will search directly on wikipedia
* https://www.qwant.com/
* https://startpage.com/
* https://searx.laquadrature.net/ meta hackable search engine

[[File:searx.png|center]]

=== Evaluate the traceability of your system and browser ===
'''The "fingerprinting"''' allow one to identify us in function of our configuration : operating system, browser configuration, plug-ins, size of our screen, ...
* to make a test : Panopticlick http://panopticlick.eff.org/

=== Remove metadata from files ===
'''Metadata are included in pictures, text documents, videos''', and can include geolocalization, the name of the autor and many more informations
* see the tool [http://sourceforge.net/projects/exiftool/ Exiftool] : to remove metadata :
exiftool "-all:all=petit chaton" -overwrite_original *.ogg

== Use emails in a safer way ==
=== Alternative email providers ===
* https://help.riseup.net/
* http://no-log.org/
* http://autistici.org
* https://www.openmailbox.org/
* https://mailinabox.email/

=== Disposable emails ===
* https://www.guerrillamail.com/
* https://www.sharklasers.com/
* http://maildrop.cc/
* http://throwawaymail.com/
* http://yopmail.com/
* http://clipmail.eu
* https://addons.mozilla.org/fr/firefox/addon/bloody-vikings/

=== Encrypt mails with PGP ===
'''With a combination of thunderbird and enigmail plug-in :'''
* PGP avec enigmail et thunderbird https://securityinabox.org/en/guide/thunderbird/windows
* Tutorial from FSF https://emailselfdefense.fsf.org/en/
* 15 reasons not to start using PGP http://secushare.org/PGP
=== Communication and exchange services ===
'''Let's use alternative services without any commercial purposes''' FLOSS (Free/Libre Open Source), to replace skype, dropbox, doodle, google doc, ... :
* Dégoogleise Internet https://degooglisons-internet.org/

[[File:Carte2015-victoires-en.png|center]]

=== Tchat ===
* pidgin with à OTR https://otr.cypherpunks.ca/
* https://crypto.cat/
* https://pond.imperialviolet.org/
* https://ricochet.im/
* https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily

=== Visioconference ===
* chat with visioconference with jit.s https://jitsi.org/Main/Download / installation : https://jitsi.org/Documentation/SetUpJitsiAccount / open an account https://jit.si/
* directly in the browser : https://meet.jit.si/ or https://www.mozilla.org/fr/firefox/hello/
* Tox to replace skype https://tox.im/

== Preserve your anonymity, circumvent censorship ==
'''Use Tor''' (The Onion Router), '''Tails''' (Live Linux amnesic operating system), '''a VPN''' (create a tunnel between you and your vpn provider)
* TOR : https://www.torproject.org/projects/torbrowser.html.en
* TAILS : https://tails.boum.org/install/index.fr.html
* VPN : https://help.riseup.net/fr/vpn
'''Understand the difference between encryption and anonymity'''
* video gpg tactical tech https://tacticaltech.org/projects/decrypting-encryption https://vimeo.com/132517596
<embedvideo service="vimeo">https://vimeo.com/132517596</embedvideo>
* tor browser : https://www.youtube.com/user/TheTorProject
<embedvideo service="youtube">https://www.youtube.com/watch?v=JWII85UlzKw</embedvideo>

[[File:Htw3.png|center]]

== Social network ==
=== Let's ask some good questions ===
'''How is the web service on which I'm willing to sign in is earning money ? What is its economical model ? '''

'''Set up the privacy settings of your account''', strong passwords, use d'https

'''Define which kind of information you are publishing''', did everybody agreed ? :
*who can see the informations I published
*Who is the owner of the information I published
*What kind of personal informations can I transfer to other people
*Are my contacts ok with the fact that I share informations about them with others ?
*Do I trust all the persons with which I'm in contact ?
Consider that event if you are not inscribed on Facebook, Facebook will build a shadow profile about you (Friends inviting me on facebook ...), be careful when using your Facebook or google account to sign in another web service

[[File:FB-privacy-setting-image2.jpg|center]]

=== Choose between 4 strategies concerning your on-line identity ===
* '''Real name'''
**''Risk'': Using your "real world" identity online means you are easily identifiable by family members, colleagues, and others, and your activities can be linked back to your identity.
**''Reputation'': Others can easily identify you, thus gaining reputation and trust is easier.
**''Effort'': It requires little effort.
*'''Total anonymity '''
**''Risk:'' It can be beneficial at times, but also be very difficult to maintain. Choose this option carefully.
**''Reputation'': There are few opportunities to network with others thus to gain trust and reputation.
**''Effort'': Intensive as it requires considerable caution and knowledge. It will probably require the use of anonymisation tools (for example '''Tor''' or '''TAILS''')
*'''Persistent pseudonymity'''
** *''Risk'': Pseudonyms could be linked to your real world identity.
**''Reputation'': A persistent pseudonym that others can use to identify you across platforms is a good way to gain reputation and trust.
**''Effort'': Maintenance requires some effort, particularly if you are also using your real name elsewhere.
* '''Collective Identity'''
**''Risk'': Possible exposure of your real world identity by other people's actions in the group.
**''Reputation'': While not a way to gain individual reputation, you can still benefit from the reputation of the collective.
**''Effort'': Although secure communications are still important, it requires less effort than total anonymity.

'''More about this question''' : https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual#Creating_and_managing_identities_online

=== 4 strategies to alter our digital shadow ===
[[File:altering-our-digital-shadow.png|center]]

== Téléphone mobile / intelligent ==
How a mobile phone is working, triangulation, autorisations asked by applications, metadata, alternative operating system, signed applciations, rooting and jailbreaking

=== Encrypt your phone, pass phrase, use FLOSS applications ===
'''Recommended softwares to communicate and exchange''' :
* See the market dedicated to Free Libre Open Source applications http://f-droid.org/
* And the applications developed by par https://guardianproject.info/ (available in f-droid)
=== Mobile applications renowned as safe in june 2016 ===
Always check on https://securityinabox.org/en/mobile-tools to see if an application is still safe
*SMSSecure
*Signal
*Telegraph et Snapchat (not FLOSS but end to end encryption)
*Orbot + Orweb (web browsing threw Tor network)
*keepassDroid
*Android Privacy Guard (emails + GPG)
*Obscuracam to hide people's face
=== Free your phone ===
* '''Free your Android''' : http://fsfe.org/campaigns/android/liberate.fr.html + http://www.gnu.org/philosophy/android-and-users-freedom.html

== Specific questions ==
=== How can I ask Google to forget about me ===
* At least in Europe https://support.google.com/legal/contact/lr_eudpa?product=websearch

=== How can I create a mobile application from a responsive design web site ===
At the end, no straight easy answer (yet), some resources :
* With Cordova https://github.com/MobileChromeApps/mobile-chrome-apps and http://taco.visualstudio.com/en-us/docs/create-a-hosted-app/

== Good practices, a synthesis ==
'''Backup, strong pass phrase, FLOSS Opératiing system and softwares, Autonomous infrastructure (Yunohost, non commercial), holistic security, update of the threat model network of trust, Safe spaces'''

After the workshop, what would you
*Start
*Stop
*Keep
doing ...

== Identifying good resources ==
* Security in a box https://securityinabox.org/ tools revised by a pool of digital security trainers, download the software from there
* Me and my shadow https://myshadow.org/ tips for mobile phone and browser
* Zen manual https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual focused on the gender and tech question : on-line identities, safe spaces, ...
* Holistic security : Physical security, Psycho-social security, digital security https://holistic-security.tacticaltech.org/
* About Dating apps : https://www.eff.org/deeplinks/2012/02/comparing-privacy-and-security-online-dating-sites http://www.forbrukerradet.no/appfail-en/ https://grindrmap.neocities.org/overview.html
* A webserie about privacy, big data, surveillance ... "Do not track me" https://donottrack-doc.com/en/episodes/

[[File:Killyourphone.jpg|center]]

Digital security workshop Les Dégommeuses - Paris

2016-06-21T16:48:58Z

B01: /* How can I create a mobile application from a responsive design web site */

== Issues about Security, Privacy, Anonymity ==
* Data and states
* Data and companies
* Data and citizens
* Data and art
[[File:deadrop2.jpg|center]]

== So what ? ==
* '''Holistic security''' : Physical security + Psycho-social security + digital security http://holistic-security.org/
* '''A global recipe''' : Autonomous infrastructures - Free Libre Open Source Softwares - end to end encryption
* '''Make some noise !''' encrypt to increase the cost of surveillance
[[File:content_holisticsecurityvenn.png|center]]

== Mapping activities and risks ==
'''Cloud of ideas and words related to security''' > questions to establish a baseline of privacy and security knowledge

== Draw your tech day ==
'''Draw your interactions with your digital devices''', from the morning to the moment you go to bed, including what kind of data you receive, you produce, you transfert and exchange with other people

== Ask yourself good questions ==
# Read up and '''educate yourself about your country's internet laws and policies'''. Some security technologies such as encryption are illegal in some countries, for example.
# Inform yourself about your '''country's laws and policies in relation to freedom of expression, right to privacy and against online and offline harassment'''. Those laws do not exist in all countries, and when they exist they are not framed and applied in the same way.
# Keep your '''computer and devices clean and healthy''': Updating your software, running a firewall, and protecting yourself from virus infection are fundamental to the security of your data
#'''Map your data''': What kind of data do you produce and/or manage? With whom? Where is this data stored? Which devices or online platforms hold your data? Most importantly, how sensitive is your data and what would happen if this particular data suddenly disappeared or was seen and copied by a third party?
# '''Secure your data''': Especially where our data is stored online, it is crucial to '''choose strong passwords, or better passphrases''', and to use a different one for each of our accounts.
# '''Connect safely to the internet''': When going online, especially if you are transmitting personal data and passwords, it is crucial to always use an encrypted connection which ensures that your data cannot be seen by anyone as it travels from your computer to the website you are visiting or to the service you are using.
# '''Anonymise your connections''': There are sometimes good reasons to hide your physical location and your internet activities. Tor browser anonymises your connections when you're browsing the internet, by hiding the sites you are visiting from your internet service provider, and hiding your location from the sites you visit.
# '''Secure your communications''': you might want to consider tools you can use and ways you can change your behavior to increase your security when using mobile phones as well as options for email and instant messaging
# '''Practice self-care''': Nothing is secure if we only think about technology and we neglect our wellbeing. If you are exhausted, stressed or burnt out, you might make mistakes that impair your security.

'''You should repeat periodically this exercise of permanent risk analysis so as to update the threat model and the answers you could put into practice'''

== Secure your devices and data ==
=== Computer ===
* '''Switch your computer to linux''' ;)
* '''Protect your computer against malware and virus''' https://securityinabox.org/en/guide/malware
* '''Protect your information from physical threats''' https://securityinabox.org/en/guide/physical
* '''Create and maintain secure passwords''' https://securityinabox.org/en/guide/passwords
* '''Destroy sensitive information''' https://securityinabox.org/en/guide/destroy-sensitive-information

=== Mobile phone / tablet ===
*'''Use mobile phones as securely as possible''' https://securityinabox.org/en/guide/mobile-phones
*'''Use smartphones as securely as possible''' https://securityinabox.org/en/guide/smartphones
*'''Encrypt your mobile phone''', basic Android security setup guide https://securityinabox.org/en/guide/basic-setup/android

== What is Internet ? ==
'''A network of networks of computers''' : Your computer > Internet Service Provider > router > gateway > backbone > sever serveur / routeur
* http://maps.level3.com/default/ ou http://www.submarinecablemap.com/#/landing-point/marseille-france
* http://www.teliasoneraicmap.com/
* http://www.vox.com/a/internet-maps 40 maps that explain the internet

[[File:Global-Global-IP.png|center]]

=== What is an IP address ? ===
'''An IP address identify your computer inside a local network''' (it is a private IP, for example 192.168.1.101), then your internet box provide you '''a public IP address''' connected to Internet (for example 82.239.0.211). Each network devices is identfied by a unique physical address called the MAC address (for example f4:6d:04:3a:ef:55)
* visualize your ip address and the geolocalization of your computer http://whatismyipaddress.com/
* demo traceroute : visualize where your traffic is going http://www.yougetsignal.com/tools/visual-tracert/

[[File:1-what-is-ip-address.png|center]]

== How the data are circulating in the network ==
If you tried the previous link, you can see that your request reach a server that can be on the other side if the world. But there are third parties that collect informations and datas on your navigation, most of the time to gather informations about you and to sell it for commercial purposes (we call them data brokers), so in function of the website, one single request can be tracked by up to more than twenty other companies ...
* https://trackography.org/ > Choose a country and a newspaper and see who is collecting data when you go to this website

=== Internet role play ===
'''Each person become an element of the network :'''
* Computer A
* ISP box at home
* Gateway to Internet
* Backbone
* Trans-oceanic cable
* Gmail server
* Autonomous Tchat server
* Public wifi access point
* Computer B
'''Now, let's send a "normal" e-mail from computer A to computer B and let's see who can read what between metadatas and the content of the mail. Repeat the exercise with an encrypted e-mail, with a normal tchat and an encrypted tchat'''

[[File:FacebookHI5OrkutMAP.jpg|center]]

== Reduce your digital shadow ==
=== The web - Browser and plug-ins ===
* '''To remove adds''' : ublock origin https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
* '''To prevent tracking''' : betterprivacy https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/
* '''To reduce our digital shadow''' : Privacy Badger https://www.eff.org/privacybadger
* '''To use as much as possible encrypted communication''' between our computer and the server : HTTP'''S''' everywhere https://www.eff.org/https-everywhere
* '''To avoid viruses from web pages''' and javascript https://noscript.net/
* '''To avoid viruses from Flash content''' : flashblock https://addons.mozilla.org/en-US/firefox/addon/flashblock/

[[File:webplugins.png|center]]

=== Alternative search engines ===
'''To add a new search engine to Firefox''', see https://support.mozilla.org/en-US/kb/add-or-remove-search-engine-firefox
* https://duckduckgo.com/ see also the bangs https://duckduckgo.com/bang : if you add "!w" to your request, it will search directly on wikipedia
* https://www.qwant.com/
* https://startpage.com/
* https://searx.laquadrature.net/ meta hackable search engine

[[File:searx.png|center]]

=== Evaluate the traceability of your system and browser ===
'''The "fingerprinting"''' allow one to identify us in function of our configuration : operating system, browser configuration, plug-ins, size of our screen, ...
* to make a test : Panopticlick http://panopticlick.eff.org/

=== Remove metadata from files ===
'''Metadata are included in pictures, text documents, videos''', and can include geolocalization, the name of the autor and many more informations
* see the tool [http://sourceforge.net/projects/exiftool/ Exiftool] : to remove metadata :
exiftool "-all:all=petit chaton" -overwrite_original *.ogg

== Use emails in a safer way ==
=== Alternative email providers ===
* https://help.riseup.net/
* http://no-log.org/
* http://autistici.org
* https://www.openmailbox.org/
* https://mailinabox.email/

=== Disposable emails ===
* https://www.guerrillamail.com/
* https://www.sharklasers.com/
* http://maildrop.cc/
* http://throwawaymail.com/
* http://yopmail.com/
* http://clipmail.eu
* https://addons.mozilla.org/fr/firefox/addon/bloody-vikings/

=== Encrypt mails with PGP ===
'''With a combination of thunderbird and enigmail plug-in :'''
* PGP avec enigmail et thunderbird https://securityinabox.org/en/guide/thunderbird/windows
* Tutorial from FSF https://emailselfdefense.fsf.org/en/
* 15 reasons not to start using PGP http://secushare.org/PGP
=== Communication and exchange services ===
'''Let's use alternative services without any commercial purposes''' FLOSS (Free/Libre Open Source), to replace skype, dropbox, doodle, google doc, ... :
* Dégoogleise Internet https://degooglisons-internet.org/

[[File:Carte2015-victoires-en.png|center]]

=== Tchat ===
* pidgin with à OTR https://otr.cypherpunks.ca/
* https://crypto.cat/
* https://pond.imperialviolet.org/
* https://ricochet.im/
* https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily

=== Visioconference ===
* chat with visioconference with jit.s https://jitsi.org/Main/Download / installation : https://jitsi.org/Documentation/SetUpJitsiAccount / open an account https://jit.si/
* directly in the browser : https://meet.jit.si/ or https://www.mozilla.org/fr/firefox/hello/
* Tox to replace skype https://tox.im/

== Preserve your anonymity, circumvent censorship ==
'''Use Tor''' (The Onion Router), '''Tails''' (Live Linux amnesic operating system), '''a VPN''' (create a tunnel between you and your vpn provider)
* TOR : https://www.torproject.org/projects/torbrowser.html.en
* TAILS : https://tails.boum.org/install/index.fr.html
* VPN : https://help.riseup.net/fr/vpn
'''Understand the difference between encryption and anonymity'''
* video gpg tactical tech https://tacticaltech.org/projects/decrypting-encryption https://vimeo.com/132517596
* tor browser : https://www.youtube.com/user/TheTorProject

[[File:Htw3.png|center]]

== Social network ==
=== Let's ask some good questions ===
'''How is the web service on which I'm willing to sign in is earning money ? What is its economical model ? '''

'''Set up the privacy settings of your account''', strong passwords, use d'https

'''Define which kind of information you are publishing''', did everybody agreed ? :
*who can see the informations I published
*Who is the owner of the information I published
*What kind of personal informations can I transfer to other people
*Are my contacts ok with the fact that I share informations about them with others ?
*Do I trust all the persons with which I'm in contact ?
Consider that event if you are not inscribed on Facebook, Facebook will build a shadow profile about you (Friends inviting me on facebook ...), be careful when using your Facebook or google account to sign in another web service

[[File:FB-privacy-setting-image2.jpg|center]]

=== Choose between 4 strategies concerning your on-line identity ===
* '''Real name'''
**''Risk'': Using your "real world" identity online means you are easily identifiable by family members, colleagues, and others, and your activities can be linked back to your identity.
**''Reputation'': Others can easily identify you, thus gaining reputation and trust is easier.
**''Effort'': It requires little effort.
*'''Total anonymity '''
**''Risk:'' It can be beneficial at times, but also be very difficult to maintain. Choose this option carefully.
**''Reputation'': There are few opportunities to network with others thus to gain trust and reputation.
**''Effort'': Intensive as it requires considerable caution and knowledge. It will probably require the use of anonymisation tools (for example '''Tor''' or '''TAILS''')
*'''Persistent pseudonymity'''
** *''Risk'': Pseudonyms could be linked to your real world identity.
**''Reputation'': A persistent pseudonym that others can use to identify you across platforms is a good way to gain reputation and trust.
**''Effort'': Maintenance requires some effort, particularly if you are also using your real name elsewhere.
* '''Collective Identity'''
**''Risk'': Possible exposure of your real world identity by other people's actions in the group.
**''Reputation'': While not a way to gain individual reputation, you can still benefit from the reputation of the collective.
**''Effort'': Although secure communications are still important, it requires less effort than total anonymity.

'''More about this question''' : https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual#Creating_and_managing_identities_online

=== 4 strategies to alter our digital shadow ===
[[File:altering-our-digital-shadow.png|center]]

== Téléphone mobile / intelligent ==
How a mobile phone is working, triangulation, autorisations asked by applications, metadata, alternative operating system, signed applciations, rooting and jailbreaking

=== Encrypt your phone, pass phrase, use FLOSS applications ===
'''Recommended softwares to communicate and exchange''' :
* See the market dedicated to Free Libre Open Source applications http://f-droid.org/
* And the applications developed by par https://guardianproject.info/ (available in f-droid)
=== Mobile applications renowned as safe in june 2016 ===
Always check on https://securityinabox.org/en/mobile-tools to see if an application is still safe
*SMSSecure
*Signal
*Telegraph et Snapchat (not FLOSS but end to end encryption)
*Orbot + Orweb (web browsing threw Tor network)
*keepassDroid
*Android Privacy Guard (emails + GPG)
*Obscuracam to hide people's face
=== Free your phone ===
* '''Free your Android''' : http://fsfe.org/campaigns/android/liberate.fr.html + http://www.gnu.org/philosophy/android-and-users-freedom.html

== Specific questions ==
=== How can I ask Google to forget about me ===
* At least in Europe https://support.google.com/legal/contact/lr_eudpa?product=websearch

=== How can I create a mobile application from a responsive design web site ===
At the end, no straight easy answer (yet), some resources :
* With Cordova https://github.com/MobileChromeApps/mobile-chrome-apps and http://taco.visualstudio.com/en-us/docs/create-a-hosted-app/

== Good practices, a synthesis ==
'''Backup, strong pass phrase, FLOSS Opératiing system and softwares, Autonomous infrastructure (Yunohost, non commercial), holistic security, update of the threat model network of trust, Safe spaces'''

After the workshop, what would you
*Start
*Stop
*Keep
doing ...

== Identifying good resources ==
* Security in a box https://securityinabox.org/ tools revised by a pool of digital security trainers, download the software from there
* Me and my shadow https://myshadow.org/ tips for mobile phone and browser
* Zen manual https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual focused on the gender and tech question : on-line identities, safe spaces, ...
* Holistic security : Physical security, Psycho-social security, digital security https://holistic-security.tacticaltech.org/
* About Dating apps : https://www.eff.org/deeplinks/2012/02/comparing-privacy-and-security-online-dating-sites http://www.forbrukerradet.no/appfail-en/ https://grindrmap.neocities.org/overview.html
* A webserie about privacy, big data, surveillance ... "Do not track me" https://donottrack-doc.com/en/episodes/

[[File:Killyourphone.jpg|center]]

Digital security workshop Les Dégommeuses - Paris

2016-06-21T16:48:32Z

B01: /* Good practices, a synthesis */

== Issues about Security, Privacy, Anonymity ==
* Data and states
* Data and companies
* Data and citizens
* Data and art
[[File:deadrop2.jpg|center]]

== So what ? ==
* '''Holistic security''' : Physical security + Psycho-social security + digital security http://holistic-security.org/
* '''A global recipe''' : Autonomous infrastructures - Free Libre Open Source Softwares - end to end encryption
* '''Make some noise !''' encrypt to increase the cost of surveillance
[[File:content_holisticsecurityvenn.png|center]]

== Mapping activities and risks ==
'''Cloud of ideas and words related to security''' > questions to establish a baseline of privacy and security knowledge

== Draw your tech day ==
'''Draw your interactions with your digital devices''', from the morning to the moment you go to bed, including what kind of data you receive, you produce, you transfert and exchange with other people

== Ask yourself good questions ==
# Read up and '''educate yourself about your country's internet laws and policies'''. Some security technologies such as encryption are illegal in some countries, for example.
# Inform yourself about your '''country's laws and policies in relation to freedom of expression, right to privacy and against online and offline harassment'''. Those laws do not exist in all countries, and when they exist they are not framed and applied in the same way.
# Keep your '''computer and devices clean and healthy''': Updating your software, running a firewall, and protecting yourself from virus infection are fundamental to the security of your data
#'''Map your data''': What kind of data do you produce and/or manage? With whom? Where is this data stored? Which devices or online platforms hold your data? Most importantly, how sensitive is your data and what would happen if this particular data suddenly disappeared or was seen and copied by a third party?
# '''Secure your data''': Especially where our data is stored online, it is crucial to '''choose strong passwords, or better passphrases''', and to use a different one for each of our accounts.
# '''Connect safely to the internet''': When going online, especially if you are transmitting personal data and passwords, it is crucial to always use an encrypted connection which ensures that your data cannot be seen by anyone as it travels from your computer to the website you are visiting or to the service you are using.
# '''Anonymise your connections''': There are sometimes good reasons to hide your physical location and your internet activities. Tor browser anonymises your connections when you're browsing the internet, by hiding the sites you are visiting from your internet service provider, and hiding your location from the sites you visit.
# '''Secure your communications''': you might want to consider tools you can use and ways you can change your behavior to increase your security when using mobile phones as well as options for email and instant messaging
# '''Practice self-care''': Nothing is secure if we only think about technology and we neglect our wellbeing. If you are exhausted, stressed or burnt out, you might make mistakes that impair your security.

'''You should repeat periodically this exercise of permanent risk analysis so as to update the threat model and the answers you could put into practice'''

== Secure your devices and data ==
=== Computer ===
* '''Switch your computer to linux''' ;)
* '''Protect your computer against malware and virus''' https://securityinabox.org/en/guide/malware
* '''Protect your information from physical threats''' https://securityinabox.org/en/guide/physical
* '''Create and maintain secure passwords''' https://securityinabox.org/en/guide/passwords
* '''Destroy sensitive information''' https://securityinabox.org/en/guide/destroy-sensitive-information

=== Mobile phone / tablet ===
*'''Use mobile phones as securely as possible''' https://securityinabox.org/en/guide/mobile-phones
*'''Use smartphones as securely as possible''' https://securityinabox.org/en/guide/smartphones
*'''Encrypt your mobile phone''', basic Android security setup guide https://securityinabox.org/en/guide/basic-setup/android

== What is Internet ? ==
'''A network of networks of computers''' : Your computer > Internet Service Provider > router > gateway > backbone > sever serveur / routeur
* http://maps.level3.com/default/ ou http://www.submarinecablemap.com/#/landing-point/marseille-france
* http://www.teliasoneraicmap.com/
* http://www.vox.com/a/internet-maps 40 maps that explain the internet

[[File:Global-Global-IP.png|center]]

=== What is an IP address ? ===
'''An IP address identify your computer inside a local network''' (it is a private IP, for example 192.168.1.101), then your internet box provide you '''a public IP address''' connected to Internet (for example 82.239.0.211). Each network devices is identfied by a unique physical address called the MAC address (for example f4:6d:04:3a:ef:55)
* visualize your ip address and the geolocalization of your computer http://whatismyipaddress.com/
* demo traceroute : visualize where your traffic is going http://www.yougetsignal.com/tools/visual-tracert/

[[File:1-what-is-ip-address.png|center]]

== How the data are circulating in the network ==
If you tried the previous link, you can see that your request reach a server that can be on the other side if the world. But there are third parties that collect informations and datas on your navigation, most of the time to gather informations about you and to sell it for commercial purposes (we call them data brokers), so in function of the website, one single request can be tracked by up to more than twenty other companies ...
* https://trackography.org/ > Choose a country and a newspaper and see who is collecting data when you go to this website

=== Internet role play ===
'''Each person become an element of the network :'''
* Computer A
* ISP box at home
* Gateway to Internet
* Backbone
* Trans-oceanic cable
* Gmail server
* Autonomous Tchat server
* Public wifi access point
* Computer B
'''Now, let's send a "normal" e-mail from computer A to computer B and let's see who can read what between metadatas and the content of the mail. Repeat the exercise with an encrypted e-mail, with a normal tchat and an encrypted tchat'''

[[File:FacebookHI5OrkutMAP.jpg|center]]

== Reduce your digital shadow ==
=== The web - Browser and plug-ins ===
* '''To remove adds''' : ublock origin https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
* '''To prevent tracking''' : betterprivacy https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/
* '''To reduce our digital shadow''' : Privacy Badger https://www.eff.org/privacybadger
* '''To use as much as possible encrypted communication''' between our computer and the server : HTTP'''S''' everywhere https://www.eff.org/https-everywhere
* '''To avoid viruses from web pages''' and javascript https://noscript.net/
* '''To avoid viruses from Flash content''' : flashblock https://addons.mozilla.org/en-US/firefox/addon/flashblock/

[[File:webplugins.png|center]]

=== Alternative search engines ===
'''To add a new search engine to Firefox''', see https://support.mozilla.org/en-US/kb/add-or-remove-search-engine-firefox
* https://duckduckgo.com/ see also the bangs https://duckduckgo.com/bang : if you add "!w" to your request, it will search directly on wikipedia
* https://www.qwant.com/
* https://startpage.com/
* https://searx.laquadrature.net/ meta hackable search engine

[[File:searx.png|center]]

=== Evaluate the traceability of your system and browser ===
'''The "fingerprinting"''' allow one to identify us in function of our configuration : operating system, browser configuration, plug-ins, size of our screen, ...
* to make a test : Panopticlick http://panopticlick.eff.org/

=== Remove metadata from files ===
'''Metadata are included in pictures, text documents, videos''', and can include geolocalization, the name of the autor and many more informations
* see the tool [http://sourceforge.net/projects/exiftool/ Exiftool] : to remove metadata :
exiftool "-all:all=petit chaton" -overwrite_original *.ogg

== Use emails in a safer way ==
=== Alternative email providers ===
* https://help.riseup.net/
* http://no-log.org/
* http://autistici.org
* https://www.openmailbox.org/
* https://mailinabox.email/

=== Disposable emails ===
* https://www.guerrillamail.com/
* https://www.sharklasers.com/
* http://maildrop.cc/
* http://throwawaymail.com/
* http://yopmail.com/
* http://clipmail.eu
* https://addons.mozilla.org/fr/firefox/addon/bloody-vikings/

=== Encrypt mails with PGP ===
'''With a combination of thunderbird and enigmail plug-in :'''
* PGP avec enigmail et thunderbird https://securityinabox.org/en/guide/thunderbird/windows
* Tutorial from FSF https://emailselfdefense.fsf.org/en/
* 15 reasons not to start using PGP http://secushare.org/PGP
=== Communication and exchange services ===
'''Let's use alternative services without any commercial purposes''' FLOSS (Free/Libre Open Source), to replace skype, dropbox, doodle, google doc, ... :
* Dégoogleise Internet https://degooglisons-internet.org/

[[File:Carte2015-victoires-en.png|center]]

=== Tchat ===
* pidgin with à OTR https://otr.cypherpunks.ca/
* https://crypto.cat/
* https://pond.imperialviolet.org/
* https://ricochet.im/
* https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily

=== Visioconference ===
* chat with visioconference with jit.s https://jitsi.org/Main/Download / installation : https://jitsi.org/Documentation/SetUpJitsiAccount / open an account https://jit.si/
* directly in the browser : https://meet.jit.si/ or https://www.mozilla.org/fr/firefox/hello/
* Tox to replace skype https://tox.im/

== Preserve your anonymity, circumvent censorship ==
'''Use Tor''' (The Onion Router), '''Tails''' (Live Linux amnesic operating system), '''a VPN''' (create a tunnel between you and your vpn provider)
* TOR : https://www.torproject.org/projects/torbrowser.html.en
* TAILS : https://tails.boum.org/install/index.fr.html
* VPN : https://help.riseup.net/fr/vpn
'''Understand the difference between encryption and anonymity'''
* video gpg tactical tech https://tacticaltech.org/projects/decrypting-encryption https://vimeo.com/132517596
* tor browser : https://www.youtube.com/user/TheTorProject

[[File:Htw3.png|center]]

== Social network ==
=== Let's ask some good questions ===
'''How is the web service on which I'm willing to sign in is earning money ? What is its economical model ? '''

'''Set up the privacy settings of your account''', strong passwords, use d'https

'''Define which kind of information you are publishing''', did everybody agreed ? :
*who can see the informations I published
*Who is the owner of the information I published
*What kind of personal informations can I transfer to other people
*Are my contacts ok with the fact that I share informations about them with others ?
*Do I trust all the persons with which I'm in contact ?
Consider that event if you are not inscribed on Facebook, Facebook will build a shadow profile about you (Friends inviting me on facebook ...), be careful when using your Facebook or google account to sign in another web service

[[File:FB-privacy-setting-image2.jpg|center]]

=== Choose between 4 strategies concerning your on-line identity ===
* '''Real name'''
**''Risk'': Using your "real world" identity online means you are easily identifiable by family members, colleagues, and others, and your activities can be linked back to your identity.
**''Reputation'': Others can easily identify you, thus gaining reputation and trust is easier.
**''Effort'': It requires little effort.
*'''Total anonymity '''
**''Risk:'' It can be beneficial at times, but also be very difficult to maintain. Choose this option carefully.
**''Reputation'': There are few opportunities to network with others thus to gain trust and reputation.
**''Effort'': Intensive as it requires considerable caution and knowledge. It will probably require the use of anonymisation tools (for example '''Tor''' or '''TAILS''')
*'''Persistent pseudonymity'''
** *''Risk'': Pseudonyms could be linked to your real world identity.
**''Reputation'': A persistent pseudonym that others can use to identify you across platforms is a good way to gain reputation and trust.
**''Effort'': Maintenance requires some effort, particularly if you are also using your real name elsewhere.
* '''Collective Identity'''
**''Risk'': Possible exposure of your real world identity by other people's actions in the group.
**''Reputation'': While not a way to gain individual reputation, you can still benefit from the reputation of the collective.
**''Effort'': Although secure communications are still important, it requires less effort than total anonymity.

'''More about this question''' : https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual#Creating_and_managing_identities_online

=== 4 strategies to alter our digital shadow ===
[[File:altering-our-digital-shadow.png|center]]

== Téléphone mobile / intelligent ==
How a mobile phone is working, triangulation, autorisations asked by applications, metadata, alternative operating system, signed applciations, rooting and jailbreaking

=== Encrypt your phone, pass phrase, use FLOSS applications ===
'''Recommended softwares to communicate and exchange''' :
* See the market dedicated to Free Libre Open Source applications http://f-droid.org/
* And the applications developed by par https://guardianproject.info/ (available in f-droid)
=== Mobile applications renowned as safe in june 2016 ===
Always check on https://securityinabox.org/en/mobile-tools to see if an application is still safe
*SMSSecure
*Signal
*Telegraph et Snapchat (not FLOSS but end to end encryption)
*Orbot + Orweb (web browsing threw Tor network)
*keepassDroid
*Android Privacy Guard (emails + GPG)
*Obscuracam to hide people's face
=== Free your phone ===
* '''Free your Android''' : http://fsfe.org/campaigns/android/liberate.fr.html + http://www.gnu.org/philosophy/android-and-users-freedom.html

== Specific questions ==
=== How can I ask Google to forget about me ===
* At least in Europe https://support.google.com/legal/contact/lr_eudpa?product=websearch

=== How can I create a mobile application from a responsive design web site ===
At the end, no straight easy answer, some resources :
* With Cordova https://github.com/MobileChromeApps/mobile-chrome-apps and http://taco.visualstudio.com/en-us/docs/create-a-hosted-app/

== Good practices, a synthesis ==
'''Backup, strong pass phrase, FLOSS Opératiing system and softwares, Autonomous infrastructure (Yunohost, non commercial), holistic security, update of the threat model network of trust, Safe spaces'''

After the workshop, what would you
*Start
*Stop
*Keep
doing ...

== Identifying good resources ==
* Security in a box https://securityinabox.org/ tools revised by a pool of digital security trainers, download the software from there
* Me and my shadow https://myshadow.org/ tips for mobile phone and browser
* Zen manual https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual focused on the gender and tech question : on-line identities, safe spaces, ...
* Holistic security : Physical security, Psycho-social security, digital security https://holistic-security.tacticaltech.org/
* About Dating apps : https://www.eff.org/deeplinks/2012/02/comparing-privacy-and-security-online-dating-sites http://www.forbrukerradet.no/appfail-en/ https://grindrmap.neocities.org/overview.html
* A webserie about privacy, big data, surveillance ... "Do not track me" https://donottrack-doc.com/en/episodes/

[[File:Killyourphone.jpg|center]]

Digital security workshop Les Dégommeuses - Paris

2016-06-21T16:39:11Z

B01: /* So what ? */

== Issues about Security, Privacy, Anonymity ==
* Data and states
* Data and companies
* Data and citizens
* Data and art
[[File:deadrop2.jpg|center]]

== So what ? ==
* '''Holistic security''' : Physical security + Psycho-social security + digital security http://holistic-security.org/
* '''A global recipe''' : Autonomous infrastructures - Free Libre Open Source Softwares - end to end encryption
* '''Make some noise !''' encrypt to increase the cost of surveillance
[[File:content_holisticsecurityvenn.png|center]]

== Mapping activities and risks ==
'''Cloud of ideas and words related to security''' > questions to establish a baseline of privacy and security knowledge

== Draw your tech day ==
'''Draw your interactions with your digital devices''', from the morning to the moment you go to bed, including what kind of data you receive, you produce, you transfert and exchange with other people

== Ask yourself good questions ==
# Read up and '''educate yourself about your country's internet laws and policies'''. Some security technologies such as encryption are illegal in some countries, for example.
# Inform yourself about your '''country's laws and policies in relation to freedom of expression, right to privacy and against online and offline harassment'''. Those laws do not exist in all countries, and when they exist they are not framed and applied in the same way.
# Keep your '''computer and devices clean and healthy''': Updating your software, running a firewall, and protecting yourself from virus infection are fundamental to the security of your data
#'''Map your data''': What kind of data do you produce and/or manage? With whom? Where is this data stored? Which devices or online platforms hold your data? Most importantly, how sensitive is your data and what would happen if this particular data suddenly disappeared or was seen and copied by a third party?
# '''Secure your data''': Especially where our data is stored online, it is crucial to '''choose strong passwords, or better passphrases''', and to use a different one for each of our accounts.
# '''Connect safely to the internet''': When going online, especially if you are transmitting personal data and passwords, it is crucial to always use an encrypted connection which ensures that your data cannot be seen by anyone as it travels from your computer to the website you are visiting or to the service you are using.
# '''Anonymise your connections''': There are sometimes good reasons to hide your physical location and your internet activities. Tor browser anonymises your connections when you're browsing the internet, by hiding the sites you are visiting from your internet service provider, and hiding your location from the sites you visit.
# '''Secure your communications''': you might want to consider tools you can use and ways you can change your behavior to increase your security when using mobile phones as well as options for email and instant messaging
# '''Practice self-care''': Nothing is secure if we only think about technology and we neglect our wellbeing. If you are exhausted, stressed or burnt out, you might make mistakes that impair your security.

'''You should repeat periodically this exercise of permanent risk analysis so as to update the threat model and the answers you could put into practice'''

== Secure your devices and data ==
=== Computer ===
* '''Switch your computer to linux''' ;)
* '''Protect your computer against malware and virus''' https://securityinabox.org/en/guide/malware
* '''Protect your information from physical threats''' https://securityinabox.org/en/guide/physical
* '''Create and maintain secure passwords''' https://securityinabox.org/en/guide/passwords
* '''Destroy sensitive information''' https://securityinabox.org/en/guide/destroy-sensitive-information

=== Mobile phone / tablet ===
*'''Use mobile phones as securely as possible''' https://securityinabox.org/en/guide/mobile-phones
*'''Use smartphones as securely as possible''' https://securityinabox.org/en/guide/smartphones
*'''Encrypt your mobile phone''', basic Android security setup guide https://securityinabox.org/en/guide/basic-setup/android

== What is Internet ? ==
'''A network of networks of computers''' : Your computer > Internet Service Provider > router > gateway > backbone > sever serveur / routeur
* http://maps.level3.com/default/ ou http://www.submarinecablemap.com/#/landing-point/marseille-france
* http://www.teliasoneraicmap.com/
* http://www.vox.com/a/internet-maps 40 maps that explain the internet

[[File:Global-Global-IP.png|center]]

=== What is an IP address ? ===
'''An IP address identify your computer inside a local network''' (it is a private IP, for example 192.168.1.101), then your internet box provide you '''a public IP address''' connected to Internet (for example 82.239.0.211). Each network devices is identfied by a unique physical address called the MAC address (for example f4:6d:04:3a:ef:55)
* visualize your ip address and the geolocalization of your computer http://whatismyipaddress.com/
* demo traceroute : visualize where your traffic is going http://www.yougetsignal.com/tools/visual-tracert/

[[File:1-what-is-ip-address.png|center]]

== How the data are circulating in the network ==
If you tried the previous link, you can see that your request reach a server that can be on the other side if the world. But there are third parties that collect informations and datas on your navigation, most of the time to gather informations about you and to sell it for commercial purposes (we call them data brokers), so in function of the website, one single request can be tracked by up to more than twenty other companies ...
* https://trackography.org/ > Choose a country and a newspaper and see who is collecting data when you go to this website

=== Internet role play ===
'''Each person become an element of the network :'''
* Computer A
* ISP box at home
* Gateway to Internet
* Backbone
* Trans-oceanic cable
* Gmail server
* Autonomous Tchat server
* Public wifi access point
* Computer B
'''Now, let's send a "normal" e-mail from computer A to computer B and let's see who can read what between metadatas and the content of the mail. Repeat the exercise with an encrypted e-mail, with a normal tchat and an encrypted tchat'''

[[File:FacebookHI5OrkutMAP.jpg|center]]

== Reduce your digital shadow ==
=== The web - Browser and plug-ins ===
* '''To remove adds''' : ublock origin https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
* '''To prevent tracking''' : betterprivacy https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/
* '''To reduce our digital shadow''' : Privacy Badger https://www.eff.org/privacybadger
* '''To use as much as possible encrypted communication''' between our computer and the server : HTTP'''S''' everywhere https://www.eff.org/https-everywhere
* '''To avoid viruses from web pages''' and javascript https://noscript.net/
* '''To avoid viruses from Flash content''' : flashblock https://addons.mozilla.org/en-US/firefox/addon/flashblock/

[[File:webplugins.png|center]]

=== Alternative search engines ===
'''To add a new search engine to Firefox''', see https://support.mozilla.org/en-US/kb/add-or-remove-search-engine-firefox
* https://duckduckgo.com/ see also the bangs https://duckduckgo.com/bang : if you add "!w" to your request, it will search directly on wikipedia
* https://www.qwant.com/
* https://startpage.com/
* https://searx.laquadrature.net/ meta hackable search engine

[[File:searx.png|center]]

=== Evaluate the traceability of your system and browser ===
'''The "fingerprinting"''' allow one to identify us in function of our configuration : operating system, browser configuration, plug-ins, size of our screen, ...
* to make a test : Panopticlick http://panopticlick.eff.org/

=== Remove metadata from files ===
'''Metadata are included in pictures, text documents, videos''', and can include geolocalization, the name of the autor and many more informations
* see the tool [http://sourceforge.net/projects/exiftool/ Exiftool] : to remove metadata :
exiftool "-all:all=petit chaton" -overwrite_original *.ogg

== Use emails in a safer way ==
=== Alternative email providers ===
* https://help.riseup.net/
* http://no-log.org/
* http://autistici.org
* https://www.openmailbox.org/
* https://mailinabox.email/

=== Disposable emails ===
* https://www.guerrillamail.com/
* https://www.sharklasers.com/
* http://maildrop.cc/
* http://throwawaymail.com/
* http://yopmail.com/
* http://clipmail.eu
* https://addons.mozilla.org/fr/firefox/addon/bloody-vikings/

=== Encrypt mails with PGP ===
'''With a combination of thunderbird and enigmail plug-in :'''
* PGP avec enigmail et thunderbird https://securityinabox.org/en/guide/thunderbird/windows
* Tutorial from FSF https://emailselfdefense.fsf.org/en/
* 15 reasons not to start using PGP http://secushare.org/PGP
=== Communication and exchange services ===
'''Let's use alternative services without any commercial purposes''' FLOSS (Free/Libre Open Source), to replace skype, dropbox, doodle, google doc, ... :
* Dégoogleise Internet https://degooglisons-internet.org/

[[File:Carte2015-victoires-en.png|center]]

=== Tchat ===
* pidgin with à OTR https://otr.cypherpunks.ca/
* https://crypto.cat/
* https://pond.imperialviolet.org/
* https://ricochet.im/
* https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily

=== Visioconference ===
* chat with visioconference with jit.s https://jitsi.org/Main/Download / installation : https://jitsi.org/Documentation/SetUpJitsiAccount / open an account https://jit.si/
* directly in the browser : https://meet.jit.si/ or https://www.mozilla.org/fr/firefox/hello/
* Tox to replace skype https://tox.im/

== Preserve your anonymity, circumvent censorship ==
'''Use Tor''' (The Onion Router), '''Tails''' (Live Linux amnesic operating system), '''a VPN''' (create a tunnel between you and your vpn provider)
* TOR : https://www.torproject.org/projects/torbrowser.html.en
* TAILS : https://tails.boum.org/install/index.fr.html
* VPN : https://help.riseup.net/fr/vpn
'''Understand the difference between encryption and anonymity'''
* video gpg tactical tech https://tacticaltech.org/projects/decrypting-encryption https://vimeo.com/132517596
* tor browser : https://www.youtube.com/user/TheTorProject

[[File:Htw3.png|center]]

== Social network ==
=== Let's ask some good questions ===
'''How is the web service on which I'm willing to sign in is earning money ? What is its economical model ? '''

'''Set up the privacy settings of your account''', strong passwords, use d'https

'''Define which kind of information you are publishing''', did everybody agreed ? :
*who can see the informations I published
*Who is the owner of the information I published
*What kind of personal informations can I transfer to other people
*Are my contacts ok with the fact that I share informations about them with others ?
*Do I trust all the persons with which I'm in contact ?
Consider that event if you are not inscribed on Facebook, Facebook will build a shadow profile about you (Friends inviting me on facebook ...), be careful when using your Facebook or google account to sign in another web service

[[File:FB-privacy-setting-image2.jpg|center]]

=== Choose between 4 strategies concerning your on-line identity ===
* '''Real name'''
**''Risk'': Using your "real world" identity online means you are easily identifiable by family members, colleagues, and others, and your activities can be linked back to your identity.
**''Reputation'': Others can easily identify you, thus gaining reputation and trust is easier.
**''Effort'': It requires little effort.
*'''Total anonymity '''
**''Risk:'' It can be beneficial at times, but also be very difficult to maintain. Choose this option carefully.
**''Reputation'': There are few opportunities to network with others thus to gain trust and reputation.
**''Effort'': Intensive as it requires considerable caution and knowledge. It will probably require the use of anonymisation tools (for example '''Tor''' or '''TAILS''')
*'''Persistent pseudonymity'''
** *''Risk'': Pseudonyms could be linked to your real world identity.
**''Reputation'': A persistent pseudonym that others can use to identify you across platforms is a good way to gain reputation and trust.
**''Effort'': Maintenance requires some effort, particularly if you are also using your real name elsewhere.
* '''Collective Identity'''
**''Risk'': Possible exposure of your real world identity by other people's actions in the group.
**''Reputation'': While not a way to gain individual reputation, you can still benefit from the reputation of the collective.
**''Effort'': Although secure communications are still important, it requires less effort than total anonymity.

'''More about this question''' : https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual#Creating_and_managing_identities_online

=== 4 strategies to alter our digital shadow ===
[[File:altering-our-digital-shadow.png|center]]

== Téléphone mobile / intelligent ==
How a mobile phone is working, triangulation, autorisations asked by applications, metadata, alternative operating system, signed applciations, rooting and jailbreaking

=== Encrypt your phone, pass phrase, use FLOSS applications ===
'''Recommended softwares to communicate and exchange''' :
* See the market dedicated to Free Libre Open Source applications http://f-droid.org/
* And the applications developed by par https://guardianproject.info/ (available in f-droid)
=== Mobile applications renowned as safe in june 2016 ===
Always check on https://securityinabox.org/en/mobile-tools to see if an application is still safe
*SMSSecure
*Signal
*Telegraph et Snapchat (not FLOSS but end to end encryption)
*Orbot + Orweb (web browsing threw Tor network)
*keepassDroid
*Android Privacy Guard (emails + GPG)
*Obscuracam to hide people's face
=== Free your phone ===
* '''Free your Android''' : http://fsfe.org/campaigns/android/liberate.fr.html + http://www.gnu.org/philosophy/android-and-users-freedom.html

== Good practices, a synthesis ==
'''Backup, strong pass phrase, FLOSS Opératiing system and softwares, Autonomous infrastructure (Yunohost, non commercial), holistic security, update of the threat model network of trust, Safe spaces'''

After the workshop, what would you
*Start
*Stop
*Keep
doing ...

== Identifying good resources ==
* Security in a box https://securityinabox.org/ tools revised by a pool of digital security trainers, download the software from there
* Me and my shadow https://myshadow.org/ tips for mobile phone and browser
* Zen manual https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual focused on the gender and tech question : on-line identities, safe spaces, ...
* Holistic security : Physical security, Psycho-social security, digital security https://holistic-security.tacticaltech.org/
* About Dating apps : https://www.eff.org/deeplinks/2012/02/comparing-privacy-and-security-online-dating-sites http://www.forbrukerradet.no/appfail-en/ https://grindrmap.neocities.org/overview.html
* A webserie about privacy, big data, surveillance ... "Do not track me" https://donottrack-doc.com/en/episodes/

[[File:Killyourphone.jpg|center]]

Digital security workshop Les Dégommeuses - Paris

2016-06-21T16:38:15Z

B01: /* Identifying good resources */

== Issues about Security, Privacy, Anonymity ==
* Data and states
* Data and companies
* Data and citizens
* Data and art
[[File:deadrop2.jpg|center]]

== So what ? ==
* '''Holistic security''' : Physical security + Psycho-social security + digital security
* '''A global recipe''' : Autonomous infrastructures - Free Libre Open Source Softwares - end to end encryption
* '''Make some noise !''' encrypt to increase the cost of surveillance
[[File:content_holisticsecurityvenn.png|center]]

== Mapping activities and risks ==
'''Cloud of ideas and words related to security''' > questions to establish a baseline of privacy and security knowledge

== Draw your tech day ==
'''Draw your interactions with your digital devices''', from the morning to the moment you go to bed, including what kind of data you receive, you produce, you transfert and exchange with other people

== Ask yourself good questions ==
# Read up and '''educate yourself about your country's internet laws and policies'''. Some security technologies such as encryption are illegal in some countries, for example.
# Inform yourself about your '''country's laws and policies in relation to freedom of expression, right to privacy and against online and offline harassment'''. Those laws do not exist in all countries, and when they exist they are not framed and applied in the same way.
# Keep your '''computer and devices clean and healthy''': Updating your software, running a firewall, and protecting yourself from virus infection are fundamental to the security of your data
#'''Map your data''': What kind of data do you produce and/or manage? With whom? Where is this data stored? Which devices or online platforms hold your data? Most importantly, how sensitive is your data and what would happen if this particular data suddenly disappeared or was seen and copied by a third party?
# '''Secure your data''': Especially where our data is stored online, it is crucial to '''choose strong passwords, or better passphrases''', and to use a different one for each of our accounts.
# '''Connect safely to the internet''': When going online, especially if you are transmitting personal data and passwords, it is crucial to always use an encrypted connection which ensures that your data cannot be seen by anyone as it travels from your computer to the website you are visiting or to the service you are using.
# '''Anonymise your connections''': There are sometimes good reasons to hide your physical location and your internet activities. Tor browser anonymises your connections when you're browsing the internet, by hiding the sites you are visiting from your internet service provider, and hiding your location from the sites you visit.
# '''Secure your communications''': you might want to consider tools you can use and ways you can change your behavior to increase your security when using mobile phones as well as options for email and instant messaging
# '''Practice self-care''': Nothing is secure if we only think about technology and we neglect our wellbeing. If you are exhausted, stressed or burnt out, you might make mistakes that impair your security.

'''You should repeat periodically this exercise of permanent risk analysis so as to update the threat model and the answers you could put into practice'''

== Secure your devices and data ==
=== Computer ===
* '''Switch your computer to linux''' ;)
* '''Protect your computer against malware and virus''' https://securityinabox.org/en/guide/malware
* '''Protect your information from physical threats''' https://securityinabox.org/en/guide/physical
* '''Create and maintain secure passwords''' https://securityinabox.org/en/guide/passwords
* '''Destroy sensitive information''' https://securityinabox.org/en/guide/destroy-sensitive-information

=== Mobile phone / tablet ===
*'''Use mobile phones as securely as possible''' https://securityinabox.org/en/guide/mobile-phones
*'''Use smartphones as securely as possible''' https://securityinabox.org/en/guide/smartphones
*'''Encrypt your mobile phone''', basic Android security setup guide https://securityinabox.org/en/guide/basic-setup/android

== What is Internet ? ==
'''A network of networks of computers''' : Your computer > Internet Service Provider > router > gateway > backbone > sever serveur / routeur
* http://maps.level3.com/default/ ou http://www.submarinecablemap.com/#/landing-point/marseille-france
* http://www.teliasoneraicmap.com/
* http://www.vox.com/a/internet-maps 40 maps that explain the internet

[[File:Global-Global-IP.png|center]]

=== What is an IP address ? ===
'''An IP address identify your computer inside a local network''' (it is a private IP, for example 192.168.1.101), then your internet box provide you '''a public IP address''' connected to Internet (for example 82.239.0.211). Each network devices is identfied by a unique physical address called the MAC address (for example f4:6d:04:3a:ef:55)
* visualize your ip address and the geolocalization of your computer http://whatismyipaddress.com/
* demo traceroute : visualize where your traffic is going http://www.yougetsignal.com/tools/visual-tracert/

[[File:1-what-is-ip-address.png|center]]

== How the data are circulating in the network ==
If you tried the previous link, you can see that your request reach a server that can be on the other side if the world. But there are third parties that collect informations and datas on your navigation, most of the time to gather informations about you and to sell it for commercial purposes (we call them data brokers), so in function of the website, one single request can be tracked by up to more than twenty other companies ...
* https://trackography.org/ > Choose a country and a newspaper and see who is collecting data when you go to this website

=== Internet role play ===
'''Each person become an element of the network :'''
* Computer A
* ISP box at home
* Gateway to Internet
* Backbone
* Trans-oceanic cable
* Gmail server
* Autonomous Tchat server
* Public wifi access point
* Computer B
'''Now, let's send a "normal" e-mail from computer A to computer B and let's see who can read what between metadatas and the content of the mail. Repeat the exercise with an encrypted e-mail, with a normal tchat and an encrypted tchat'''

[[File:FacebookHI5OrkutMAP.jpg|center]]

== Reduce your digital shadow ==
=== The web - Browser and plug-ins ===
* '''To remove adds''' : ublock origin https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
* '''To prevent tracking''' : betterprivacy https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/
* '''To reduce our digital shadow''' : Privacy Badger https://www.eff.org/privacybadger
* '''To use as much as possible encrypted communication''' between our computer and the server : HTTP'''S''' everywhere https://www.eff.org/https-everywhere
* '''To avoid viruses from web pages''' and javascript https://noscript.net/
* '''To avoid viruses from Flash content''' : flashblock https://addons.mozilla.org/en-US/firefox/addon/flashblock/

[[File:webplugins.png|center]]

=== Alternative search engines ===
'''To add a new search engine to Firefox''', see https://support.mozilla.org/en-US/kb/add-or-remove-search-engine-firefox
* https://duckduckgo.com/ see also the bangs https://duckduckgo.com/bang : if you add "!w" to your request, it will search directly on wikipedia
* https://www.qwant.com/
* https://startpage.com/
* https://searx.laquadrature.net/ meta hackable search engine

[[File:searx.png|center]]

=== Evaluate the traceability of your system and browser ===
'''The "fingerprinting"''' allow one to identify us in function of our configuration : operating system, browser configuration, plug-ins, size of our screen, ...
* to make a test : Panopticlick http://panopticlick.eff.org/

=== Remove metadata from files ===
'''Metadata are included in pictures, text documents, videos''', and can include geolocalization, the name of the autor and many more informations
* see the tool [http://sourceforge.net/projects/exiftool/ Exiftool] : to remove metadata :
exiftool "-all:all=petit chaton" -overwrite_original *.ogg

== Use emails in a safer way ==
=== Alternative email providers ===
* https://help.riseup.net/
* http://no-log.org/
* http://autistici.org
* https://www.openmailbox.org/
* https://mailinabox.email/

=== Disposable emails ===
* https://www.guerrillamail.com/
* https://www.sharklasers.com/
* http://maildrop.cc/
* http://throwawaymail.com/
* http://yopmail.com/
* http://clipmail.eu
* https://addons.mozilla.org/fr/firefox/addon/bloody-vikings/

=== Encrypt mails with PGP ===
'''With a combination of thunderbird and enigmail plug-in :'''
* PGP avec enigmail et thunderbird https://securityinabox.org/en/guide/thunderbird/windows
* Tutorial from FSF https://emailselfdefense.fsf.org/en/
* 15 reasons not to start using PGP http://secushare.org/PGP
=== Communication and exchange services ===
'''Let's use alternative services without any commercial purposes''' FLOSS (Free/Libre Open Source), to replace skype, dropbox, doodle, google doc, ... :
* Dégoogleise Internet https://degooglisons-internet.org/

[[File:Carte2015-victoires-en.png|center]]

=== Tchat ===
* pidgin with à OTR https://otr.cypherpunks.ca/
* https://crypto.cat/
* https://pond.imperialviolet.org/
* https://ricochet.im/
* https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily

=== Visioconference ===
* chat with visioconference with jit.s https://jitsi.org/Main/Download / installation : https://jitsi.org/Documentation/SetUpJitsiAccount / open an account https://jit.si/
* directly in the browser : https://meet.jit.si/ or https://www.mozilla.org/fr/firefox/hello/
* Tox to replace skype https://tox.im/

== Preserve your anonymity, circumvent censorship ==
'''Use Tor''' (The Onion Router), '''Tails''' (Live Linux amnesic operating system), '''a VPN''' (create a tunnel between you and your vpn provider)
* TOR : https://www.torproject.org/projects/torbrowser.html.en
* TAILS : https://tails.boum.org/install/index.fr.html
* VPN : https://help.riseup.net/fr/vpn
'''Understand the difference between encryption and anonymity'''
* video gpg tactical tech https://tacticaltech.org/projects/decrypting-encryption https://vimeo.com/132517596
* tor browser : https://www.youtube.com/user/TheTorProject

[[File:Htw3.png|center]]

== Social network ==
=== Let's ask some good questions ===
'''How is the web service on which I'm willing to sign in is earning money ? What is its economical model ? '''

'''Set up the privacy settings of your account''', strong passwords, use d'https

'''Define which kind of information you are publishing''', did everybody agreed ? :
*who can see the informations I published
*Who is the owner of the information I published
*What kind of personal informations can I transfer to other people
*Are my contacts ok with the fact that I share informations about them with others ?
*Do I trust all the persons with which I'm in contact ?
Consider that event if you are not inscribed on Facebook, Facebook will build a shadow profile about you (Friends inviting me on facebook ...), be careful when using your Facebook or google account to sign in another web service

[[File:FB-privacy-setting-image2.jpg|center]]

=== Choose between 4 strategies concerning your on-line identity ===
* '''Real name'''
**''Risk'': Using your "real world" identity online means you are easily identifiable by family members, colleagues, and others, and your activities can be linked back to your identity.
**''Reputation'': Others can easily identify you, thus gaining reputation and trust is easier.
**''Effort'': It requires little effort.
*'''Total anonymity '''
**''Risk:'' It can be beneficial at times, but also be very difficult to maintain. Choose this option carefully.
**''Reputation'': There are few opportunities to network with others thus to gain trust and reputation.
**''Effort'': Intensive as it requires considerable caution and knowledge. It will probably require the use of anonymisation tools (for example '''Tor''' or '''TAILS''')
*'''Persistent pseudonymity'''
** *''Risk'': Pseudonyms could be linked to your real world identity.
**''Reputation'': A persistent pseudonym that others can use to identify you across platforms is a good way to gain reputation and trust.
**''Effort'': Maintenance requires some effort, particularly if you are also using your real name elsewhere.
* '''Collective Identity'''
**''Risk'': Possible exposure of your real world identity by other people's actions in the group.
**''Reputation'': While not a way to gain individual reputation, you can still benefit from the reputation of the collective.
**''Effort'': Although secure communications are still important, it requires less effort than total anonymity.

'''More about this question''' : https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual#Creating_and_managing_identities_online

=== 4 strategies to alter our digital shadow ===
[[File:altering-our-digital-shadow.png|center]]

== Téléphone mobile / intelligent ==
How a mobile phone is working, triangulation, autorisations asked by applications, metadata, alternative operating system, signed applciations, rooting and jailbreaking

=== Encrypt your phone, pass phrase, use FLOSS applications ===
'''Recommended softwares to communicate and exchange''' :
* See the market dedicated to Free Libre Open Source applications http://f-droid.org/
* And the applications developed by par https://guardianproject.info/ (available in f-droid)
=== Mobile applications renowned as safe in june 2016 ===
Always check on https://securityinabox.org/en/mobile-tools to see if an application is still safe
*SMSSecure
*Signal
*Telegraph et Snapchat (not FLOSS but end to end encryption)
*Orbot + Orweb (web browsing threw Tor network)
*keepassDroid
*Android Privacy Guard (emails + GPG)
*Obscuracam to hide people's face
=== Free your phone ===
* '''Free your Android''' : http://fsfe.org/campaigns/android/liberate.fr.html + http://www.gnu.org/philosophy/android-and-users-freedom.html

== Good practices, a synthesis ==
'''Backup, strong pass phrase, FLOSS Opératiing system and softwares, Autonomous infrastructure (Yunohost, non commercial), holistic security, update of the threat model network of trust, Safe spaces'''

After the workshop, what would you
*Start
*Stop
*Keep
doing ...

== Identifying good resources ==
* Security in a box https://securityinabox.org/ tools revised by a pool of digital security trainers, download the software from there
* Me and my shadow https://myshadow.org/ tips for mobile phone and browser
* Zen manual https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual focused on the gender and tech question : on-line identities, safe spaces, ...
* Holistic security : Physical security, Psycho-social security, digital security https://holistic-security.tacticaltech.org/
* About Dating apps : https://www.eff.org/deeplinks/2012/02/comparing-privacy-and-security-online-dating-sites http://www.forbrukerradet.no/appfail-en/ https://grindrmap.neocities.org/overview.html
* A webserie about privacy, big data, surveillance ... "Do not track me" https://donottrack-doc.com/en/episodes/

[[File:Killyourphone.jpg|center]]

File:Killyourphone.jpg

2016-06-21T16:37:54Z

B01: B01 uploaded a new version of File:Killyourphone.jpg

MsUpload

File:Killyourphone.jpg

2016-06-21T16:37:45Z

B01: MsUpload

MsUpload

Digital security workshop Les Dégommeuses - Paris

2016-06-21T16:37:00Z

B01: /* Let's ask some good questions */

== Issues about Security, Privacy, Anonymity ==
* Data and states
* Data and companies
* Data and citizens
* Data and art
[[File:deadrop2.jpg|center]]

== So what ? ==
* '''Holistic security''' : Physical security + Psycho-social security + digital security
* '''A global recipe''' : Autonomous infrastructures - Free Libre Open Source Softwares - end to end encryption
* '''Make some noise !''' encrypt to increase the cost of surveillance
[[File:content_holisticsecurityvenn.png|center]]

== Mapping activities and risks ==
'''Cloud of ideas and words related to security''' > questions to establish a baseline of privacy and security knowledge

== Draw your tech day ==
'''Draw your interactions with your digital devices''', from the morning to the moment you go to bed, including what kind of data you receive, you produce, you transfert and exchange with other people

== Ask yourself good questions ==
# Read up and '''educate yourself about your country's internet laws and policies'''. Some security technologies such as encryption are illegal in some countries, for example.
# Inform yourself about your '''country's laws and policies in relation to freedom of expression, right to privacy and against online and offline harassment'''. Those laws do not exist in all countries, and when they exist they are not framed and applied in the same way.
# Keep your '''computer and devices clean and healthy''': Updating your software, running a firewall, and protecting yourself from virus infection are fundamental to the security of your data
#'''Map your data''': What kind of data do you produce and/or manage? With whom? Where is this data stored? Which devices or online platforms hold your data? Most importantly, how sensitive is your data and what would happen if this particular data suddenly disappeared or was seen and copied by a third party?
# '''Secure your data''': Especially where our data is stored online, it is crucial to '''choose strong passwords, or better passphrases''', and to use a different one for each of our accounts.
# '''Connect safely to the internet''': When going online, especially if you are transmitting personal data and passwords, it is crucial to always use an encrypted connection which ensures that your data cannot be seen by anyone as it travels from your computer to the website you are visiting or to the service you are using.
# '''Anonymise your connections''': There are sometimes good reasons to hide your physical location and your internet activities. Tor browser anonymises your connections when you're browsing the internet, by hiding the sites you are visiting from your internet service provider, and hiding your location from the sites you visit.
# '''Secure your communications''': you might want to consider tools you can use and ways you can change your behavior to increase your security when using mobile phones as well as options for email and instant messaging
# '''Practice self-care''': Nothing is secure if we only think about technology and we neglect our wellbeing. If you are exhausted, stressed or burnt out, you might make mistakes that impair your security.

'''You should repeat periodically this exercise of permanent risk analysis so as to update the threat model and the answers you could put into practice'''

== Secure your devices and data ==
=== Computer ===
* '''Switch your computer to linux''' ;)
* '''Protect your computer against malware and virus''' https://securityinabox.org/en/guide/malware
* '''Protect your information from physical threats''' https://securityinabox.org/en/guide/physical
* '''Create and maintain secure passwords''' https://securityinabox.org/en/guide/passwords
* '''Destroy sensitive information''' https://securityinabox.org/en/guide/destroy-sensitive-information

=== Mobile phone / tablet ===
*'''Use mobile phones as securely as possible''' https://securityinabox.org/en/guide/mobile-phones
*'''Use smartphones as securely as possible''' https://securityinabox.org/en/guide/smartphones
*'''Encrypt your mobile phone''', basic Android security setup guide https://securityinabox.org/en/guide/basic-setup/android

== What is Internet ? ==
'''A network of networks of computers''' : Your computer > Internet Service Provider > router > gateway > backbone > sever serveur / routeur
* http://maps.level3.com/default/ ou http://www.submarinecablemap.com/#/landing-point/marseille-france
* http://www.teliasoneraicmap.com/
* http://www.vox.com/a/internet-maps 40 maps that explain the internet

[[File:Global-Global-IP.png|center]]

=== What is an IP address ? ===
'''An IP address identify your computer inside a local network''' (it is a private IP, for example 192.168.1.101), then your internet box provide you '''a public IP address''' connected to Internet (for example 82.239.0.211). Each network devices is identfied by a unique physical address called the MAC address (for example f4:6d:04:3a:ef:55)
* visualize your ip address and the geolocalization of your computer http://whatismyipaddress.com/
* demo traceroute : visualize where your traffic is going http://www.yougetsignal.com/tools/visual-tracert/

[[File:1-what-is-ip-address.png|center]]

== How the data are circulating in the network ==
If you tried the previous link, you can see that your request reach a server that can be on the other side if the world. But there are third parties that collect informations and datas on your navigation, most of the time to gather informations about you and to sell it for commercial purposes (we call them data brokers), so in function of the website, one single request can be tracked by up to more than twenty other companies ...
* https://trackography.org/ > Choose a country and a newspaper and see who is collecting data when you go to this website

=== Internet role play ===
'''Each person become an element of the network :'''
* Computer A
* ISP box at home
* Gateway to Internet
* Backbone
* Trans-oceanic cable
* Gmail server
* Autonomous Tchat server
* Public wifi access point
* Computer B
'''Now, let's send a "normal" e-mail from computer A to computer B and let's see who can read what between metadatas and the content of the mail. Repeat the exercise with an encrypted e-mail, with a normal tchat and an encrypted tchat'''

[[File:FacebookHI5OrkutMAP.jpg|center]]

== Reduce your digital shadow ==
=== The web - Browser and plug-ins ===
* '''To remove adds''' : ublock origin https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
* '''To prevent tracking''' : betterprivacy https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/
* '''To reduce our digital shadow''' : Privacy Badger https://www.eff.org/privacybadger
* '''To use as much as possible encrypted communication''' between our computer and the server : HTTP'''S''' everywhere https://www.eff.org/https-everywhere
* '''To avoid viruses from web pages''' and javascript https://noscript.net/
* '''To avoid viruses from Flash content''' : flashblock https://addons.mozilla.org/en-US/firefox/addon/flashblock/

[[File:webplugins.png|center]]

=== Alternative search engines ===
'''To add a new search engine to Firefox''', see https://support.mozilla.org/en-US/kb/add-or-remove-search-engine-firefox
* https://duckduckgo.com/ see also the bangs https://duckduckgo.com/bang : if you add "!w" to your request, it will search directly on wikipedia
* https://www.qwant.com/
* https://startpage.com/
* https://searx.laquadrature.net/ meta hackable search engine

[[File:searx.png|center]]

=== Evaluate the traceability of your system and browser ===
'''The "fingerprinting"''' allow one to identify us in function of our configuration : operating system, browser configuration, plug-ins, size of our screen, ...
* to make a test : Panopticlick http://panopticlick.eff.org/

=== Remove metadata from files ===
'''Metadata are included in pictures, text documents, videos''', and can include geolocalization, the name of the autor and many more informations
* see the tool [http://sourceforge.net/projects/exiftool/ Exiftool] : to remove metadata :
exiftool "-all:all=petit chaton" -overwrite_original *.ogg

== Use emails in a safer way ==
=== Alternative email providers ===
* https://help.riseup.net/
* http://no-log.org/
* http://autistici.org
* https://www.openmailbox.org/
* https://mailinabox.email/

=== Disposable emails ===
* https://www.guerrillamail.com/
* https://www.sharklasers.com/
* http://maildrop.cc/
* http://throwawaymail.com/
* http://yopmail.com/
* http://clipmail.eu
* https://addons.mozilla.org/fr/firefox/addon/bloody-vikings/

=== Encrypt mails with PGP ===
'''With a combination of thunderbird and enigmail plug-in :'''
* PGP avec enigmail et thunderbird https://securityinabox.org/en/guide/thunderbird/windows
* Tutorial from FSF https://emailselfdefense.fsf.org/en/
* 15 reasons not to start using PGP http://secushare.org/PGP
=== Communication and exchange services ===
'''Let's use alternative services without any commercial purposes''' FLOSS (Free/Libre Open Source), to replace skype, dropbox, doodle, google doc, ... :
* Dégoogleise Internet https://degooglisons-internet.org/

[[File:Carte2015-victoires-en.png|center]]

=== Tchat ===
* pidgin with à OTR https://otr.cypherpunks.ca/
* https://crypto.cat/
* https://pond.imperialviolet.org/
* https://ricochet.im/
* https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily

=== Visioconference ===
* chat with visioconference with jit.s https://jitsi.org/Main/Download / installation : https://jitsi.org/Documentation/SetUpJitsiAccount / open an account https://jit.si/
* directly in the browser : https://meet.jit.si/ or https://www.mozilla.org/fr/firefox/hello/
* Tox to replace skype https://tox.im/

== Preserve your anonymity, circumvent censorship ==
'''Use Tor''' (The Onion Router), '''Tails''' (Live Linux amnesic operating system), '''a VPN''' (create a tunnel between you and your vpn provider)
* TOR : https://www.torproject.org/projects/torbrowser.html.en
* TAILS : https://tails.boum.org/install/index.fr.html
* VPN : https://help.riseup.net/fr/vpn
'''Understand the difference between encryption and anonymity'''
* video gpg tactical tech https://tacticaltech.org/projects/decrypting-encryption https://vimeo.com/132517596
* tor browser : https://www.youtube.com/user/TheTorProject

[[File:Htw3.png|center]]

== Social network ==
=== Let's ask some good questions ===
'''How is the web service on which I'm willing to sign in is earning money ? What is its economical model ? '''

'''Set up the privacy settings of your account''', strong passwords, use d'https

'''Define which kind of information you are publishing''', did everybody agreed ? :
*who can see the informations I published
*Who is the owner of the information I published
*What kind of personal informations can I transfer to other people
*Are my contacts ok with the fact that I share informations about them with others ?
*Do I trust all the persons with which I'm in contact ?
Consider that event if you are not inscribed on Facebook, Facebook will build a shadow profile about you (Friends inviting me on facebook ...), be careful when using your Facebook or google account to sign in another web service

[[File:FB-privacy-setting-image2.jpg|center]]

=== Choose between 4 strategies concerning your on-line identity ===
* '''Real name'''
**''Risk'': Using your "real world" identity online means you are easily identifiable by family members, colleagues, and others, and your activities can be linked back to your identity.
**''Reputation'': Others can easily identify you, thus gaining reputation and trust is easier.
**''Effort'': It requires little effort.
*'''Total anonymity '''
**''Risk:'' It can be beneficial at times, but also be very difficult to maintain. Choose this option carefully.
**''Reputation'': There are few opportunities to network with others thus to gain trust and reputation.
**''Effort'': Intensive as it requires considerable caution and knowledge. It will probably require the use of anonymisation tools (for example '''Tor''' or '''TAILS''')
*'''Persistent pseudonymity'''
** *''Risk'': Pseudonyms could be linked to your real world identity.
**''Reputation'': A persistent pseudonym that others can use to identify you across platforms is a good way to gain reputation and trust.
**''Effort'': Maintenance requires some effort, particularly if you are also using your real name elsewhere.
* '''Collective Identity'''
**''Risk'': Possible exposure of your real world identity by other people's actions in the group.
**''Reputation'': While not a way to gain individual reputation, you can still benefit from the reputation of the collective.
**''Effort'': Although secure communications are still important, it requires less effort than total anonymity.

'''More about this question''' : https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual#Creating_and_managing_identities_online

=== 4 strategies to alter our digital shadow ===
[[File:altering-our-digital-shadow.png|center]]

== Téléphone mobile / intelligent ==
How a mobile phone is working, triangulation, autorisations asked by applications, metadata, alternative operating system, signed applciations, rooting and jailbreaking

=== Encrypt your phone, pass phrase, use FLOSS applications ===
'''Recommended softwares to communicate and exchange''' :
* See the market dedicated to Free Libre Open Source applications http://f-droid.org/
* And the applications developed by par https://guardianproject.info/ (available in f-droid)
=== Mobile applications renowned as safe in june 2016 ===
Always check on https://securityinabox.org/en/mobile-tools to see if an application is still safe
*SMSSecure
*Signal
*Telegraph et Snapchat (not FLOSS but end to end encryption)
*Orbot + Orweb (web browsing threw Tor network)
*keepassDroid
*Android Privacy Guard (emails + GPG)
*Obscuracam to hide people's face
=== Free your phone ===
* '''Free your Android''' : http://fsfe.org/campaigns/android/liberate.fr.html + http://www.gnu.org/philosophy/android-and-users-freedom.html

== Good practices, a synthesis ==
'''Backup, strong pass phrase, FLOSS Opératiing system and softwares, Autonomous infrastructure (Yunohost, non commercial), holistic security, update of the threat model network of trust, Safe spaces'''

After the workshop, what would you
*Start
*Stop
*Keep
doing ...

== Identifying good resources ==
* Security in a box https://securityinabox.org/ tools revised by a pool of digital security trainers, download the software from there
* Me and my shadow https://myshadow.org/ tips for mobile phone and browser
* Zen manual https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual focused on the gender and tech question : on-line identities, safe spaces, ...
* Holistic security : Physical security, Psycho-social security, digital security https://holistic-security.tacticaltech.org/
* About Dating apps : https://www.eff.org/deeplinks/2012/02/comparing-privacy-and-security-online-dating-sites http://www.forbrukerradet.no/appfail-en/ https://grindrmap.neocities.org/overview.html
* A webserie about privacy, big data, surveillance ... "Do not track me" https://donottrack-doc.com/en/episodes/

File:FB-privacy-setting-image2.jpg

2016-06-21T16:36:31Z

B01:

Digital security workshop Les Dégommeuses - Paris

2016-06-21T16:35:14Z

B01: /* Preserve your anonymity, circumvent censorship */

== Issues about Security, Privacy, Anonymity ==
* Data and states
* Data and companies
* Data and citizens
* Data and art
[[File:deadrop2.jpg|center]]

== So what ? ==
* '''Holistic security''' : Physical security + Psycho-social security + digital security
* '''A global recipe''' : Autonomous infrastructures - Free Libre Open Source Softwares - end to end encryption
* '''Make some noise !''' encrypt to increase the cost of surveillance
[[File:content_holisticsecurityvenn.png|center]]

== Mapping activities and risks ==
'''Cloud of ideas and words related to security''' > questions to establish a baseline of privacy and security knowledge

== Draw your tech day ==
'''Draw your interactions with your digital devices''', from the morning to the moment you go to bed, including what kind of data you receive, you produce, you transfert and exchange with other people

== Ask yourself good questions ==
# Read up and '''educate yourself about your country's internet laws and policies'''. Some security technologies such as encryption are illegal in some countries, for example.
# Inform yourself about your '''country's laws and policies in relation to freedom of expression, right to privacy and against online and offline harassment'''. Those laws do not exist in all countries, and when they exist they are not framed and applied in the same way.
# Keep your '''computer and devices clean and healthy''': Updating your software, running a firewall, and protecting yourself from virus infection are fundamental to the security of your data
#'''Map your data''': What kind of data do you produce and/or manage? With whom? Where is this data stored? Which devices or online platforms hold your data? Most importantly, how sensitive is your data and what would happen if this particular data suddenly disappeared or was seen and copied by a third party?
# '''Secure your data''': Especially where our data is stored online, it is crucial to '''choose strong passwords, or better passphrases''', and to use a different one for each of our accounts.
# '''Connect safely to the internet''': When going online, especially if you are transmitting personal data and passwords, it is crucial to always use an encrypted connection which ensures that your data cannot be seen by anyone as it travels from your computer to the website you are visiting or to the service you are using.
# '''Anonymise your connections''': There are sometimes good reasons to hide your physical location and your internet activities. Tor browser anonymises your connections when you're browsing the internet, by hiding the sites you are visiting from your internet service provider, and hiding your location from the sites you visit.
# '''Secure your communications''': you might want to consider tools you can use and ways you can change your behavior to increase your security when using mobile phones as well as options for email and instant messaging
# '''Practice self-care''': Nothing is secure if we only think about technology and we neglect our wellbeing. If you are exhausted, stressed or burnt out, you might make mistakes that impair your security.

'''You should repeat periodically this exercise of permanent risk analysis so as to update the threat model and the answers you could put into practice'''

== Secure your devices and data ==
=== Computer ===
* '''Switch your computer to linux''' ;)
* '''Protect your computer against malware and virus''' https://securityinabox.org/en/guide/malware
* '''Protect your information from physical threats''' https://securityinabox.org/en/guide/physical
* '''Create and maintain secure passwords''' https://securityinabox.org/en/guide/passwords
* '''Destroy sensitive information''' https://securityinabox.org/en/guide/destroy-sensitive-information

=== Mobile phone / tablet ===
*'''Use mobile phones as securely as possible''' https://securityinabox.org/en/guide/mobile-phones
*'''Use smartphones as securely as possible''' https://securityinabox.org/en/guide/smartphones
*'''Encrypt your mobile phone''', basic Android security setup guide https://securityinabox.org/en/guide/basic-setup/android

== What is Internet ? ==
'''A network of networks of computers''' : Your computer > Internet Service Provider > router > gateway > backbone > sever serveur / routeur
* http://maps.level3.com/default/ ou http://www.submarinecablemap.com/#/landing-point/marseille-france
* http://www.teliasoneraicmap.com/
* http://www.vox.com/a/internet-maps 40 maps that explain the internet

[[File:Global-Global-IP.png|center]]

=== What is an IP address ? ===
'''An IP address identify your computer inside a local network''' (it is a private IP, for example 192.168.1.101), then your internet box provide you '''a public IP address''' connected to Internet (for example 82.239.0.211). Each network devices is identfied by a unique physical address called the MAC address (for example f4:6d:04:3a:ef:55)
* visualize your ip address and the geolocalization of your computer http://whatismyipaddress.com/
* demo traceroute : visualize where your traffic is going http://www.yougetsignal.com/tools/visual-tracert/

[[File:1-what-is-ip-address.png|center]]

== How the data are circulating in the network ==
If you tried the previous link, you can see that your request reach a server that can be on the other side if the world. But there are third parties that collect informations and datas on your navigation, most of the time to gather informations about you and to sell it for commercial purposes (we call them data brokers), so in function of the website, one single request can be tracked by up to more than twenty other companies ...
* https://trackography.org/ > Choose a country and a newspaper and see who is collecting data when you go to this website

=== Internet role play ===
'''Each person become an element of the network :'''
* Computer A
* ISP box at home
* Gateway to Internet
* Backbone
* Trans-oceanic cable
* Gmail server
* Autonomous Tchat server
* Public wifi access point
* Computer B
'''Now, let's send a "normal" e-mail from computer A to computer B and let's see who can read what between metadatas and the content of the mail. Repeat the exercise with an encrypted e-mail, with a normal tchat and an encrypted tchat'''

[[File:FacebookHI5OrkutMAP.jpg|center]]

== Reduce your digital shadow ==
=== The web - Browser and plug-ins ===
* '''To remove adds''' : ublock origin https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
* '''To prevent tracking''' : betterprivacy https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/
* '''To reduce our digital shadow''' : Privacy Badger https://www.eff.org/privacybadger
* '''To use as much as possible encrypted communication''' between our computer and the server : HTTP'''S''' everywhere https://www.eff.org/https-everywhere
* '''To avoid viruses from web pages''' and javascript https://noscript.net/
* '''To avoid viruses from Flash content''' : flashblock https://addons.mozilla.org/en-US/firefox/addon/flashblock/

[[File:webplugins.png|center]]

=== Alternative search engines ===
'''To add a new search engine to Firefox''', see https://support.mozilla.org/en-US/kb/add-or-remove-search-engine-firefox
* https://duckduckgo.com/ see also the bangs https://duckduckgo.com/bang : if you add "!w" to your request, it will search directly on wikipedia
* https://www.qwant.com/
* https://startpage.com/
* https://searx.laquadrature.net/ meta hackable search engine

[[File:searx.png|center]]

=== Evaluate the traceability of your system and browser ===
'''The "fingerprinting"''' allow one to identify us in function of our configuration : operating system, browser configuration, plug-ins, size of our screen, ...
* to make a test : Panopticlick http://panopticlick.eff.org/

=== Remove metadata from files ===
'''Metadata are included in pictures, text documents, videos''', and can include geolocalization, the name of the autor and many more informations
* see the tool [http://sourceforge.net/projects/exiftool/ Exiftool] : to remove metadata :
exiftool "-all:all=petit chaton" -overwrite_original *.ogg

== Use emails in a safer way ==
=== Alternative email providers ===
* https://help.riseup.net/
* http://no-log.org/
* http://autistici.org
* https://www.openmailbox.org/
* https://mailinabox.email/

=== Disposable emails ===
* https://www.guerrillamail.com/
* https://www.sharklasers.com/
* http://maildrop.cc/
* http://throwawaymail.com/
* http://yopmail.com/
* http://clipmail.eu
* https://addons.mozilla.org/fr/firefox/addon/bloody-vikings/

=== Encrypt mails with PGP ===
'''With a combination of thunderbird and enigmail plug-in :'''
* PGP avec enigmail et thunderbird https://securityinabox.org/en/guide/thunderbird/windows
* Tutorial from FSF https://emailselfdefense.fsf.org/en/
* 15 reasons not to start using PGP http://secushare.org/PGP
=== Communication and exchange services ===
'''Let's use alternative services without any commercial purposes''' FLOSS (Free/Libre Open Source), to replace skype, dropbox, doodle, google doc, ... :
* Dégoogleise Internet https://degooglisons-internet.org/

[[File:Carte2015-victoires-en.png|center]]

=== Tchat ===
* pidgin with à OTR https://otr.cypherpunks.ca/
* https://crypto.cat/
* https://pond.imperialviolet.org/
* https://ricochet.im/
* https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily

=== Visioconference ===
* chat with visioconference with jit.s https://jitsi.org/Main/Download / installation : https://jitsi.org/Documentation/SetUpJitsiAccount / open an account https://jit.si/
* directly in the browser : https://meet.jit.si/ or https://www.mozilla.org/fr/firefox/hello/
* Tox to replace skype https://tox.im/

== Preserve your anonymity, circumvent censorship ==
'''Use Tor''' (The Onion Router), '''Tails''' (Live Linux amnesic operating system), '''a VPN''' (create a tunnel between you and your vpn provider)
* TOR : https://www.torproject.org/projects/torbrowser.html.en
* TAILS : https://tails.boum.org/install/index.fr.html
* VPN : https://help.riseup.net/fr/vpn
'''Understand the difference between encryption and anonymity'''
* video gpg tactical tech https://tacticaltech.org/projects/decrypting-encryption https://vimeo.com/132517596
* tor browser : https://www.youtube.com/user/TheTorProject

[[File:Htw3.png|center]]

== Social network ==
=== Let's ask some good questions ===
'''How is the web service on which I'm willing to sign in is earning money ? What is its economical model ? '''

'''Set up the privacy settings of your account''', strong passwords, use d'https

'''Define which kind of information you are publishing''', did everybody agreed ? :
*who can see the informations I published
*Who is the owner of the information I published
*What kind of personal informations can I transfer to other people
*Are my contacts ok with the fact that I share informations about them with others ?
*Do I trust all the persons with which I'm in contact ?
Consider that event if you are not inscribed on Facebook, Facebook will build a shadow profile about you (Friends inviting me on facebook ...), be careful when using your Facebook or google account to sign in another web service

=== Choose between 4 strategies concerning your on-line identity ===
* '''Real name'''
**''Risk'': Using your "real world" identity online means you are easily identifiable by family members, colleagues, and others, and your activities can be linked back to your identity.
**''Reputation'': Others can easily identify you, thus gaining reputation and trust is easier.
**''Effort'': It requires little effort.
*'''Total anonymity '''
**''Risk:'' It can be beneficial at times, but also be very difficult to maintain. Choose this option carefully.
**''Reputation'': There are few opportunities to network with others thus to gain trust and reputation.
**''Effort'': Intensive as it requires considerable caution and knowledge. It will probably require the use of anonymisation tools (for example '''Tor''' or '''TAILS''')
*'''Persistent pseudonymity'''
** *''Risk'': Pseudonyms could be linked to your real world identity.
**''Reputation'': A persistent pseudonym that others can use to identify you across platforms is a good way to gain reputation and trust.
**''Effort'': Maintenance requires some effort, particularly if you are also using your real name elsewhere.
* '''Collective Identity'''
**''Risk'': Possible exposure of your real world identity by other people's actions in the group.
**''Reputation'': While not a way to gain individual reputation, you can still benefit from the reputation of the collective.
**''Effort'': Although secure communications are still important, it requires less effort than total anonymity.

'''More about this question''' : https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual#Creating_and_managing_identities_online

=== 4 strategies to alter our digital shadow ===
[[File:altering-our-digital-shadow.png|center]]

== Téléphone mobile / intelligent ==
How a mobile phone is working, triangulation, autorisations asked by applications, metadata, alternative operating system, signed applciations, rooting and jailbreaking

=== Encrypt your phone, pass phrase, use FLOSS applications ===
'''Recommended softwares to communicate and exchange''' :
* See the market dedicated to Free Libre Open Source applications http://f-droid.org/
* And the applications developed by par https://guardianproject.info/ (available in f-droid)
=== Mobile applications renowned as safe in june 2016 ===
Always check on https://securityinabox.org/en/mobile-tools to see if an application is still safe
*SMSSecure
*Signal
*Telegraph et Snapchat (not FLOSS but end to end encryption)
*Orbot + Orweb (web browsing threw Tor network)
*keepassDroid
*Android Privacy Guard (emails + GPG)
*Obscuracam to hide people's face
=== Free your phone ===
* '''Free your Android''' : http://fsfe.org/campaigns/android/liberate.fr.html + http://www.gnu.org/philosophy/android-and-users-freedom.html

== Good practices, a synthesis ==
'''Backup, strong pass phrase, FLOSS Opératiing system and softwares, Autonomous infrastructure (Yunohost, non commercial), holistic security, update of the threat model network of trust, Safe spaces'''

After the workshop, what would you
*Start
*Stop
*Keep
doing ...

== Identifying good resources ==
* Security in a box https://securityinabox.org/ tools revised by a pool of digital security trainers, download the software from there
* Me and my shadow https://myshadow.org/ tips for mobile phone and browser
* Zen manual https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual focused on the gender and tech question : on-line identities, safe spaces, ...
* Holistic security : Physical security, Psycho-social security, digital security https://holistic-security.tacticaltech.org/
* About Dating apps : https://www.eff.org/deeplinks/2012/02/comparing-privacy-and-security-online-dating-sites http://www.forbrukerradet.no/appfail-en/ https://grindrmap.neocities.org/overview.html
* A webserie about privacy, big data, surveillance ... "Do not track me" https://donottrack-doc.com/en/episodes/

File:Htw3.png

2016-06-21T16:35:04Z

B01: MsUpload

MsUpload

Digital security workshop Les Dégommeuses - Paris

2016-06-21T16:34:29Z

B01: /* Tchat */

== Issues about Security, Privacy, Anonymity ==
* Data and states
* Data and companies
* Data and citizens
* Data and art
[[File:deadrop2.jpg|center]]

== So what ? ==
* '''Holistic security''' : Physical security + Psycho-social security + digital security
* '''A global recipe''' : Autonomous infrastructures - Free Libre Open Source Softwares - end to end encryption
* '''Make some noise !''' encrypt to increase the cost of surveillance
[[File:content_holisticsecurityvenn.png|center]]

== Mapping activities and risks ==
'''Cloud of ideas and words related to security''' > questions to establish a baseline of privacy and security knowledge

== Draw your tech day ==
'''Draw your interactions with your digital devices''', from the morning to the moment you go to bed, including what kind of data you receive, you produce, you transfert and exchange with other people

== Ask yourself good questions ==
# Read up and '''educate yourself about your country's internet laws and policies'''. Some security technologies such as encryption are illegal in some countries, for example.
# Inform yourself about your '''country's laws and policies in relation to freedom of expression, right to privacy and against online and offline harassment'''. Those laws do not exist in all countries, and when they exist they are not framed and applied in the same way.
# Keep your '''computer and devices clean and healthy''': Updating your software, running a firewall, and protecting yourself from virus infection are fundamental to the security of your data
#'''Map your data''': What kind of data do you produce and/or manage? With whom? Where is this data stored? Which devices or online platforms hold your data? Most importantly, how sensitive is your data and what would happen if this particular data suddenly disappeared or was seen and copied by a third party?
# '''Secure your data''': Especially where our data is stored online, it is crucial to '''choose strong passwords, or better passphrases''', and to use a different one for each of our accounts.
# '''Connect safely to the internet''': When going online, especially if you are transmitting personal data and passwords, it is crucial to always use an encrypted connection which ensures that your data cannot be seen by anyone as it travels from your computer to the website you are visiting or to the service you are using.
# '''Anonymise your connections''': There are sometimes good reasons to hide your physical location and your internet activities. Tor browser anonymises your connections when you're browsing the internet, by hiding the sites you are visiting from your internet service provider, and hiding your location from the sites you visit.
# '''Secure your communications''': you might want to consider tools you can use and ways you can change your behavior to increase your security when using mobile phones as well as options for email and instant messaging
# '''Practice self-care''': Nothing is secure if we only think about technology and we neglect our wellbeing. If you are exhausted, stressed or burnt out, you might make mistakes that impair your security.

'''You should repeat periodically this exercise of permanent risk analysis so as to update the threat model and the answers you could put into practice'''

== Secure your devices and data ==
=== Computer ===
* '''Switch your computer to linux''' ;)
* '''Protect your computer against malware and virus''' https://securityinabox.org/en/guide/malware
* '''Protect your information from physical threats''' https://securityinabox.org/en/guide/physical
* '''Create and maintain secure passwords''' https://securityinabox.org/en/guide/passwords
* '''Destroy sensitive information''' https://securityinabox.org/en/guide/destroy-sensitive-information

=== Mobile phone / tablet ===
*'''Use mobile phones as securely as possible''' https://securityinabox.org/en/guide/mobile-phones
*'''Use smartphones as securely as possible''' https://securityinabox.org/en/guide/smartphones
*'''Encrypt your mobile phone''', basic Android security setup guide https://securityinabox.org/en/guide/basic-setup/android

== What is Internet ? ==
'''A network of networks of computers''' : Your computer > Internet Service Provider > router > gateway > backbone > sever serveur / routeur
* http://maps.level3.com/default/ ou http://www.submarinecablemap.com/#/landing-point/marseille-france
* http://www.teliasoneraicmap.com/
* http://www.vox.com/a/internet-maps 40 maps that explain the internet

[[File:Global-Global-IP.png|center]]

=== What is an IP address ? ===
'''An IP address identify your computer inside a local network''' (it is a private IP, for example 192.168.1.101), then your internet box provide you '''a public IP address''' connected to Internet (for example 82.239.0.211). Each network devices is identfied by a unique physical address called the MAC address (for example f4:6d:04:3a:ef:55)
* visualize your ip address and the geolocalization of your computer http://whatismyipaddress.com/
* demo traceroute : visualize where your traffic is going http://www.yougetsignal.com/tools/visual-tracert/

[[File:1-what-is-ip-address.png|center]]

== How the data are circulating in the network ==
If you tried the previous link, you can see that your request reach a server that can be on the other side if the world. But there are third parties that collect informations and datas on your navigation, most of the time to gather informations about you and to sell it for commercial purposes (we call them data brokers), so in function of the website, one single request can be tracked by up to more than twenty other companies ...
* https://trackography.org/ > Choose a country and a newspaper and see who is collecting data when you go to this website

=== Internet role play ===
'''Each person become an element of the network :'''
* Computer A
* ISP box at home
* Gateway to Internet
* Backbone
* Trans-oceanic cable
* Gmail server
* Autonomous Tchat server
* Public wifi access point
* Computer B
'''Now, let's send a "normal" e-mail from computer A to computer B and let's see who can read what between metadatas and the content of the mail. Repeat the exercise with an encrypted e-mail, with a normal tchat and an encrypted tchat'''

[[File:FacebookHI5OrkutMAP.jpg|center]]

== Reduce your digital shadow ==
=== The web - Browser and plug-ins ===
* '''To remove adds''' : ublock origin https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
* '''To prevent tracking''' : betterprivacy https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/
* '''To reduce our digital shadow''' : Privacy Badger https://www.eff.org/privacybadger
* '''To use as much as possible encrypted communication''' between our computer and the server : HTTP'''S''' everywhere https://www.eff.org/https-everywhere
* '''To avoid viruses from web pages''' and javascript https://noscript.net/
* '''To avoid viruses from Flash content''' : flashblock https://addons.mozilla.org/en-US/firefox/addon/flashblock/

[[File:webplugins.png|center]]

=== Alternative search engines ===
'''To add a new search engine to Firefox''', see https://support.mozilla.org/en-US/kb/add-or-remove-search-engine-firefox
* https://duckduckgo.com/ see also the bangs https://duckduckgo.com/bang : if you add "!w" to your request, it will search directly on wikipedia
* https://www.qwant.com/
* https://startpage.com/
* https://searx.laquadrature.net/ meta hackable search engine

[[File:searx.png|center]]

=== Evaluate the traceability of your system and browser ===
'''The "fingerprinting"''' allow one to identify us in function of our configuration : operating system, browser configuration, plug-ins, size of our screen, ...
* to make a test : Panopticlick http://panopticlick.eff.org/

=== Remove metadata from files ===
'''Metadata are included in pictures, text documents, videos''', and can include geolocalization, the name of the autor and many more informations
* see the tool [http://sourceforge.net/projects/exiftool/ Exiftool] : to remove metadata :
exiftool "-all:all=petit chaton" -overwrite_original *.ogg

== Use emails in a safer way ==
=== Alternative email providers ===
* https://help.riseup.net/
* http://no-log.org/
* http://autistici.org
* https://www.openmailbox.org/
* https://mailinabox.email/

=== Disposable emails ===
* https://www.guerrillamail.com/
* https://www.sharklasers.com/
* http://maildrop.cc/
* http://throwawaymail.com/
* http://yopmail.com/
* http://clipmail.eu
* https://addons.mozilla.org/fr/firefox/addon/bloody-vikings/

=== Encrypt mails with PGP ===
'''With a combination of thunderbird and enigmail plug-in :'''
* PGP avec enigmail et thunderbird https://securityinabox.org/en/guide/thunderbird/windows
* Tutorial from FSF https://emailselfdefense.fsf.org/en/
* 15 reasons not to start using PGP http://secushare.org/PGP
=== Communication and exchange services ===
'''Let's use alternative services without any commercial purposes''' FLOSS (Free/Libre Open Source), to replace skype, dropbox, doodle, google doc, ... :
* Dégoogleise Internet https://degooglisons-internet.org/

[[File:Carte2015-victoires-en.png|center]]

=== Tchat ===
* pidgin with à OTR https://otr.cypherpunks.ca/
* https://crypto.cat/
* https://pond.imperialviolet.org/
* https://ricochet.im/
* https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily

=== Visioconference ===
* chat with visioconference with jit.s https://jitsi.org/Main/Download / installation : https://jitsi.org/Documentation/SetUpJitsiAccount / open an account https://jit.si/
* directly in the browser : https://meet.jit.si/ or https://www.mozilla.org/fr/firefox/hello/
* Tox to replace skype https://tox.im/

== Preserve your anonymity, circumvent censorship ==
'''Use Tor''' (The Onion Router), '''Tails''' (Live Linux amnesic operating system), '''a VPN''' (create a tunnel between you and your vpn provider)
* TOR : https://www.torproject.org/projects/torbrowser.html.en
* TAILS : https://tails.boum.org/install/index.fr.html
* VPN : https://help.riseup.net/fr/vpn
'''Understand the difference between encryption and anonymity'''
* video gpg tactical tech https://tacticaltech.org/projects/decrypting-encryption https://vimeo.com/132517596
* tor browser : https://www.youtube.com/user/TheTorProject

== Social network ==
=== Let's ask some good questions ===
'''How is the web service on which I'm willing to sign in is earning money ? What is its economical model ? '''

'''Set up the privacy settings of your account''', strong passwords, use d'https

'''Define which kind of information you are publishing''', did everybody agreed ? :
*who can see the informations I published
*Who is the owner of the information I published
*What kind of personal informations can I transfer to other people
*Are my contacts ok with the fact that I share informations about them with others ?
*Do I trust all the persons with which I'm in contact ?
Consider that event if you are not inscribed on Facebook, Facebook will build a shadow profile about you (Friends inviting me on facebook ...), be careful when using your Facebook or google account to sign in another web service

=== Choose between 4 strategies concerning your on-line identity ===
* '''Real name'''
**''Risk'': Using your "real world" identity online means you are easily identifiable by family members, colleagues, and others, and your activities can be linked back to your identity.
**''Reputation'': Others can easily identify you, thus gaining reputation and trust is easier.
**''Effort'': It requires little effort.
*'''Total anonymity '''
**''Risk:'' It can be beneficial at times, but also be very difficult to maintain. Choose this option carefully.
**''Reputation'': There are few opportunities to network with others thus to gain trust and reputation.
**''Effort'': Intensive as it requires considerable caution and knowledge. It will probably require the use of anonymisation tools (for example '''Tor''' or '''TAILS''')
*'''Persistent pseudonymity'''
** *''Risk'': Pseudonyms could be linked to your real world identity.
**''Reputation'': A persistent pseudonym that others can use to identify you across platforms is a good way to gain reputation and trust.
**''Effort'': Maintenance requires some effort, particularly if you are also using your real name elsewhere.
* '''Collective Identity'''
**''Risk'': Possible exposure of your real world identity by other people's actions in the group.
**''Reputation'': While not a way to gain individual reputation, you can still benefit from the reputation of the collective.
**''Effort'': Although secure communications are still important, it requires less effort than total anonymity.

'''More about this question''' : https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual#Creating_and_managing_identities_online

=== 4 strategies to alter our digital shadow ===
[[File:altering-our-digital-shadow.png|center]]

== Téléphone mobile / intelligent ==
How a mobile phone is working, triangulation, autorisations asked by applications, metadata, alternative operating system, signed applciations, rooting and jailbreaking

=== Encrypt your phone, pass phrase, use FLOSS applications ===
'''Recommended softwares to communicate and exchange''' :
* See the market dedicated to Free Libre Open Source applications http://f-droid.org/
* And the applications developed by par https://guardianproject.info/ (available in f-droid)
=== Mobile applications renowned as safe in june 2016 ===
Always check on https://securityinabox.org/en/mobile-tools to see if an application is still safe
*SMSSecure
*Signal
*Telegraph et Snapchat (not FLOSS but end to end encryption)
*Orbot + Orweb (web browsing threw Tor network)
*keepassDroid
*Android Privacy Guard (emails + GPG)
*Obscuracam to hide people's face
=== Free your phone ===
* '''Free your Android''' : http://fsfe.org/campaigns/android/liberate.fr.html + http://www.gnu.org/philosophy/android-and-users-freedom.html

== Good practices, a synthesis ==
'''Backup, strong pass phrase, FLOSS Opératiing system and softwares, Autonomous infrastructure (Yunohost, non commercial), holistic security, update of the threat model network of trust, Safe spaces'''

After the workshop, what would you
*Start
*Stop
*Keep
doing ...

== Identifying good resources ==
* Security in a box https://securityinabox.org/ tools revised by a pool of digital security trainers, download the software from there
* Me and my shadow https://myshadow.org/ tips for mobile phone and browser
* Zen manual https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual focused on the gender and tech question : on-line identities, safe spaces, ...
* Holistic security : Physical security, Psycho-social security, digital security https://holistic-security.tacticaltech.org/
* About Dating apps : https://www.eff.org/deeplinks/2012/02/comparing-privacy-and-security-online-dating-sites http://www.forbrukerradet.no/appfail-en/ https://grindrmap.neocities.org/overview.html
* A webserie about privacy, big data, surveillance ... "Do not track me" https://donottrack-doc.com/en/episodes/

Digital security workshop Les Dégommeuses - Paris

2016-06-21T16:32:06Z

B01: /* Communication and exchange services */

== Issues about Security, Privacy, Anonymity ==
* Data and states
* Data and companies
* Data and citizens
* Data and art
[[File:deadrop2.jpg|center]]

== So what ? ==
* '''Holistic security''' : Physical security + Psycho-social security + digital security
* '''A global recipe''' : Autonomous infrastructures - Free Libre Open Source Softwares - end to end encryption
* '''Make some noise !''' encrypt to increase the cost of surveillance
[[File:content_holisticsecurityvenn.png|center]]

== Mapping activities and risks ==
'''Cloud of ideas and words related to security''' > questions to establish a baseline of privacy and security knowledge

== Draw your tech day ==
'''Draw your interactions with your digital devices''', from the morning to the moment you go to bed, including what kind of data you receive, you produce, you transfert and exchange with other people

== Ask yourself good questions ==
# Read up and '''educate yourself about your country's internet laws and policies'''. Some security technologies such as encryption are illegal in some countries, for example.
# Inform yourself about your '''country's laws and policies in relation to freedom of expression, right to privacy and against online and offline harassment'''. Those laws do not exist in all countries, and when they exist they are not framed and applied in the same way.
# Keep your '''computer and devices clean and healthy''': Updating your software, running a firewall, and protecting yourself from virus infection are fundamental to the security of your data
#'''Map your data''': What kind of data do you produce and/or manage? With whom? Where is this data stored? Which devices or online platforms hold your data? Most importantly, how sensitive is your data and what would happen if this particular data suddenly disappeared or was seen and copied by a third party?
# '''Secure your data''': Especially where our data is stored online, it is crucial to '''choose strong passwords, or better passphrases''', and to use a different one for each of our accounts.
# '''Connect safely to the internet''': When going online, especially if you are transmitting personal data and passwords, it is crucial to always use an encrypted connection which ensures that your data cannot be seen by anyone as it travels from your computer to the website you are visiting or to the service you are using.
# '''Anonymise your connections''': There are sometimes good reasons to hide your physical location and your internet activities. Tor browser anonymises your connections when you're browsing the internet, by hiding the sites you are visiting from your internet service provider, and hiding your location from the sites you visit.
# '''Secure your communications''': you might want to consider tools you can use and ways you can change your behavior to increase your security when using mobile phones as well as options for email and instant messaging
# '''Practice self-care''': Nothing is secure if we only think about technology and we neglect our wellbeing. If you are exhausted, stressed or burnt out, you might make mistakes that impair your security.

'''You should repeat periodically this exercise of permanent risk analysis so as to update the threat model and the answers you could put into practice'''

== Secure your devices and data ==
=== Computer ===
* '''Switch your computer to linux''' ;)
* '''Protect your computer against malware and virus''' https://securityinabox.org/en/guide/malware
* '''Protect your information from physical threats''' https://securityinabox.org/en/guide/physical
* '''Create and maintain secure passwords''' https://securityinabox.org/en/guide/passwords
* '''Destroy sensitive information''' https://securityinabox.org/en/guide/destroy-sensitive-information

=== Mobile phone / tablet ===
*'''Use mobile phones as securely as possible''' https://securityinabox.org/en/guide/mobile-phones
*'''Use smartphones as securely as possible''' https://securityinabox.org/en/guide/smartphones
*'''Encrypt your mobile phone''', basic Android security setup guide https://securityinabox.org/en/guide/basic-setup/android

== What is Internet ? ==
'''A network of networks of computers''' : Your computer > Internet Service Provider > router > gateway > backbone > sever serveur / routeur
* http://maps.level3.com/default/ ou http://www.submarinecablemap.com/#/landing-point/marseille-france
* http://www.teliasoneraicmap.com/
* http://www.vox.com/a/internet-maps 40 maps that explain the internet

[[File:Global-Global-IP.png|center]]

=== What is an IP address ? ===
'''An IP address identify your computer inside a local network''' (it is a private IP, for example 192.168.1.101), then your internet box provide you '''a public IP address''' connected to Internet (for example 82.239.0.211). Each network devices is identfied by a unique physical address called the MAC address (for example f4:6d:04:3a:ef:55)
* visualize your ip address and the geolocalization of your computer http://whatismyipaddress.com/
* demo traceroute : visualize where your traffic is going http://www.yougetsignal.com/tools/visual-tracert/

[[File:1-what-is-ip-address.png|center]]

== How the data are circulating in the network ==
If you tried the previous link, you can see that your request reach a server that can be on the other side if the world. But there are third parties that collect informations and datas on your navigation, most of the time to gather informations about you and to sell it for commercial purposes (we call them data brokers), so in function of the website, one single request can be tracked by up to more than twenty other companies ...
* https://trackography.org/ > Choose a country and a newspaper and see who is collecting data when you go to this website

=== Internet role play ===
'''Each person become an element of the network :'''
* Computer A
* ISP box at home
* Gateway to Internet
* Backbone
* Trans-oceanic cable
* Gmail server
* Autonomous Tchat server
* Public wifi access point
* Computer B
'''Now, let's send a "normal" e-mail from computer A to computer B and let's see who can read what between metadatas and the content of the mail. Repeat the exercise with an encrypted e-mail, with a normal tchat and an encrypted tchat'''

[[File:FacebookHI5OrkutMAP.jpg|center]]

== Reduce your digital shadow ==
=== The web - Browser and plug-ins ===
* '''To remove adds''' : ublock origin https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
* '''To prevent tracking''' : betterprivacy https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/
* '''To reduce our digital shadow''' : Privacy Badger https://www.eff.org/privacybadger
* '''To use as much as possible encrypted communication''' between our computer and the server : HTTP'''S''' everywhere https://www.eff.org/https-everywhere
* '''To avoid viruses from web pages''' and javascript https://noscript.net/
* '''To avoid viruses from Flash content''' : flashblock https://addons.mozilla.org/en-US/firefox/addon/flashblock/

[[File:webplugins.png|center]]

=== Alternative search engines ===
'''To add a new search engine to Firefox''', see https://support.mozilla.org/en-US/kb/add-or-remove-search-engine-firefox
* https://duckduckgo.com/ see also the bangs https://duckduckgo.com/bang : if you add "!w" to your request, it will search directly on wikipedia
* https://www.qwant.com/
* https://startpage.com/
* https://searx.laquadrature.net/ meta hackable search engine

[[File:searx.png|center]]

=== Evaluate the traceability of your system and browser ===
'''The "fingerprinting"''' allow one to identify us in function of our configuration : operating system, browser configuration, plug-ins, size of our screen, ...
* to make a test : Panopticlick http://panopticlick.eff.org/

=== Remove metadata from files ===
'''Metadata are included in pictures, text documents, videos''', and can include geolocalization, the name of the autor and many more informations
* see the tool [http://sourceforge.net/projects/exiftool/ Exiftool] : to remove metadata :
exiftool "-all:all=petit chaton" -overwrite_original *.ogg

== Use emails in a safer way ==
=== Alternative email providers ===
* https://help.riseup.net/
* http://no-log.org/
* http://autistici.org
* https://www.openmailbox.org/
* https://mailinabox.email/

=== Disposable emails ===
* https://www.guerrillamail.com/
* https://www.sharklasers.com/
* http://maildrop.cc/
* http://throwawaymail.com/
* http://yopmail.com/
* http://clipmail.eu
* https://addons.mozilla.org/fr/firefox/addon/bloody-vikings/

=== Encrypt mails with PGP ===
'''With a combination of thunderbird and enigmail plug-in :'''
* PGP avec enigmail et thunderbird https://securityinabox.org/en/guide/thunderbird/windows
* Tutorial from FSF https://emailselfdefense.fsf.org/en/
* 15 reasons not to start using PGP http://secushare.org/PGP
=== Communication and exchange services ===
'''Let's use alternative services without any commercial purposes''' FLOSS (Free/Libre Open Source), to replace skype, dropbox, doodle, google doc, ... :
* Dégoogleise Internet https://degooglisons-internet.org/

[[File:Carte2015-victoires-en.png|center]]

=== Tchat ===
* pidgin with à OTR https://otr.cypherpunks.ca/
* https://crypto.cat/
* https://pond.imperialviolet.org/
* https://ricochet.im/
* https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily
[[File:cryptocat.png|500px|centré]]

=== Visioconference ===
* chat with visioconference with jit.s https://jitsi.org/Main/Download / installation : https://jitsi.org/Documentation/SetUpJitsiAccount / open an account https://jit.si/
* directly in the browser : https://meet.jit.si/ or https://www.mozilla.org/fr/firefox/hello/
* Tox to replace skype https://tox.im/

== Preserve your anonymity, circumvent censorship ==
'''Use Tor''' (The Onion Router), '''Tails''' (Live Linux amnesic operating system), '''a VPN''' (create a tunnel between you and your vpn provider)
* TOR : https://www.torproject.org/projects/torbrowser.html.en
* TAILS : https://tails.boum.org/install/index.fr.html
* VPN : https://help.riseup.net/fr/vpn
'''Understand the difference between encryption and anonymity'''
* video gpg tactical tech https://tacticaltech.org/projects/decrypting-encryption https://vimeo.com/132517596
* tor browser : https://www.youtube.com/user/TheTorProject

== Social network ==
=== Let's ask some good questions ===
'''How is the web service on which I'm willing to sign in is earning money ? What is its economical model ? '''

'''Set up the privacy settings of your account''', strong passwords, use d'https

'''Define which kind of information you are publishing''', did everybody agreed ? :
*who can see the informations I published
*Who is the owner of the information I published
*What kind of personal informations can I transfer to other people
*Are my contacts ok with the fact that I share informations about them with others ?
*Do I trust all the persons with which I'm in contact ?
Consider that event if you are not inscribed on Facebook, Facebook will build a shadow profile about you (Friends inviting me on facebook ...), be careful when using your Facebook or google account to sign in another web service

=== Choose between 4 strategies concerning your on-line identity ===
* '''Real name'''
**''Risk'': Using your "real world" identity online means you are easily identifiable by family members, colleagues, and others, and your activities can be linked back to your identity.
**''Reputation'': Others can easily identify you, thus gaining reputation and trust is easier.
**''Effort'': It requires little effort.
*'''Total anonymity '''
**''Risk:'' It can be beneficial at times, but also be very difficult to maintain. Choose this option carefully.
**''Reputation'': There are few opportunities to network with others thus to gain trust and reputation.
**''Effort'': Intensive as it requires considerable caution and knowledge. It will probably require the use of anonymisation tools (for example '''Tor''' or '''TAILS''')
*'''Persistent pseudonymity'''
** *''Risk'': Pseudonyms could be linked to your real world identity.
**''Reputation'': A persistent pseudonym that others can use to identify you across platforms is a good way to gain reputation and trust.
**''Effort'': Maintenance requires some effort, particularly if you are also using your real name elsewhere.
* '''Collective Identity'''
**''Risk'': Possible exposure of your real world identity by other people's actions in the group.
**''Reputation'': While not a way to gain individual reputation, you can still benefit from the reputation of the collective.
**''Effort'': Although secure communications are still important, it requires less effort than total anonymity.

'''More about this question''' : https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual#Creating_and_managing_identities_online

=== 4 strategies to alter our digital shadow ===
[[File:altering-our-digital-shadow.png|center]]

== Téléphone mobile / intelligent ==
How a mobile phone is working, triangulation, autorisations asked by applications, metadata, alternative operating system, signed applciations, rooting and jailbreaking

=== Encrypt your phone, pass phrase, use FLOSS applications ===
'''Recommended softwares to communicate and exchange''' :
* See the market dedicated to Free Libre Open Source applications http://f-droid.org/
* And the applications developed by par https://guardianproject.info/ (available in f-droid)
=== Mobile applications renowned as safe in june 2016 ===
Always check on https://securityinabox.org/en/mobile-tools to see if an application is still safe
*SMSSecure
*Signal
*Telegraph et Snapchat (not FLOSS but end to end encryption)
*Orbot + Orweb (web browsing threw Tor network)
*keepassDroid
*Android Privacy Guard (emails + GPG)
*Obscuracam to hide people's face
=== Free your phone ===
* '''Free your Android''' : http://fsfe.org/campaigns/android/liberate.fr.html + http://www.gnu.org/philosophy/android-and-users-freedom.html

== Good practices, a synthesis ==
'''Backup, strong pass phrase, FLOSS Opératiing system and softwares, Autonomous infrastructure (Yunohost, non commercial), holistic security, update of the threat model network of trust, Safe spaces'''

After the workshop, what would you
*Start
*Stop
*Keep
doing ...

== Identifying good resources ==
* Security in a box https://securityinabox.org/ tools revised by a pool of digital security trainers, download the software from there
* Me and my shadow https://myshadow.org/ tips for mobile phone and browser
* Zen manual https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual focused on the gender and tech question : on-line identities, safe spaces, ...
* Holistic security : Physical security, Psycho-social security, digital security https://holistic-security.tacticaltech.org/
* About Dating apps : https://www.eff.org/deeplinks/2012/02/comparing-privacy-and-security-online-dating-sites http://www.forbrukerradet.no/appfail-en/ https://grindrmap.neocities.org/overview.html
* A webserie about privacy, big data, surveillance ... "Do not track me" https://donottrack-doc.com/en/episodes/

File:Carte2015-victoires-en.png

2016-06-21T16:31:41Z

B01: MsUpload

MsUpload

Digital security workshop Les Dégommeuses - Paris

2016-06-21T16:29:38Z

B01: /* Alternative search engines */

== Issues about Security, Privacy, Anonymity ==
* Data and states
* Data and companies
* Data and citizens
* Data and art
[[File:deadrop2.jpg|center]]

== So what ? ==
* '''Holistic security''' : Physical security + Psycho-social security + digital security
* '''A global recipe''' : Autonomous infrastructures - Free Libre Open Source Softwares - end to end encryption
* '''Make some noise !''' encrypt to increase the cost of surveillance
[[File:content_holisticsecurityvenn.png|center]]

== Mapping activities and risks ==
'''Cloud of ideas and words related to security''' > questions to establish a baseline of privacy and security knowledge

== Draw your tech day ==
'''Draw your interactions with your digital devices''', from the morning to the moment you go to bed, including what kind of data you receive, you produce, you transfert and exchange with other people

== Ask yourself good questions ==
# Read up and '''educate yourself about your country's internet laws and policies'''. Some security technologies such as encryption are illegal in some countries, for example.
# Inform yourself about your '''country's laws and policies in relation to freedom of expression, right to privacy and against online and offline harassment'''. Those laws do not exist in all countries, and when they exist they are not framed and applied in the same way.
# Keep your '''computer and devices clean and healthy''': Updating your software, running a firewall, and protecting yourself from virus infection are fundamental to the security of your data
#'''Map your data''': What kind of data do you produce and/or manage? With whom? Where is this data stored? Which devices or online platforms hold your data? Most importantly, how sensitive is your data and what would happen if this particular data suddenly disappeared or was seen and copied by a third party?
# '''Secure your data''': Especially where our data is stored online, it is crucial to '''choose strong passwords, or better passphrases''', and to use a different one for each of our accounts.
# '''Connect safely to the internet''': When going online, especially if you are transmitting personal data and passwords, it is crucial to always use an encrypted connection which ensures that your data cannot be seen by anyone as it travels from your computer to the website you are visiting or to the service you are using.
# '''Anonymise your connections''': There are sometimes good reasons to hide your physical location and your internet activities. Tor browser anonymises your connections when you're browsing the internet, by hiding the sites you are visiting from your internet service provider, and hiding your location from the sites you visit.
# '''Secure your communications''': you might want to consider tools you can use and ways you can change your behavior to increase your security when using mobile phones as well as options for email and instant messaging
# '''Practice self-care''': Nothing is secure if we only think about technology and we neglect our wellbeing. If you are exhausted, stressed or burnt out, you might make mistakes that impair your security.

'''You should repeat periodically this exercise of permanent risk analysis so as to update the threat model and the answers you could put into practice'''

== Secure your devices and data ==
=== Computer ===
* '''Switch your computer to linux''' ;)
* '''Protect your computer against malware and virus''' https://securityinabox.org/en/guide/malware
* '''Protect your information from physical threats''' https://securityinabox.org/en/guide/physical
* '''Create and maintain secure passwords''' https://securityinabox.org/en/guide/passwords
* '''Destroy sensitive information''' https://securityinabox.org/en/guide/destroy-sensitive-information

=== Mobile phone / tablet ===
*'''Use mobile phones as securely as possible''' https://securityinabox.org/en/guide/mobile-phones
*'''Use smartphones as securely as possible''' https://securityinabox.org/en/guide/smartphones
*'''Encrypt your mobile phone''', basic Android security setup guide https://securityinabox.org/en/guide/basic-setup/android

== What is Internet ? ==
'''A network of networks of computers''' : Your computer > Internet Service Provider > router > gateway > backbone > sever serveur / routeur
* http://maps.level3.com/default/ ou http://www.submarinecablemap.com/#/landing-point/marseille-france
* http://www.teliasoneraicmap.com/
* http://www.vox.com/a/internet-maps 40 maps that explain the internet

[[File:Global-Global-IP.png|center]]

=== What is an IP address ? ===
'''An IP address identify your computer inside a local network''' (it is a private IP, for example 192.168.1.101), then your internet box provide you '''a public IP address''' connected to Internet (for example 82.239.0.211). Each network devices is identfied by a unique physical address called the MAC address (for example f4:6d:04:3a:ef:55)
* visualize your ip address and the geolocalization of your computer http://whatismyipaddress.com/
* demo traceroute : visualize where your traffic is going http://www.yougetsignal.com/tools/visual-tracert/

[[File:1-what-is-ip-address.png|center]]

== How the data are circulating in the network ==
If you tried the previous link, you can see that your request reach a server that can be on the other side if the world. But there are third parties that collect informations and datas on your navigation, most of the time to gather informations about you and to sell it for commercial purposes (we call them data brokers), so in function of the website, one single request can be tracked by up to more than twenty other companies ...
* https://trackography.org/ > Choose a country and a newspaper and see who is collecting data when you go to this website

=== Internet role play ===
'''Each person become an element of the network :'''
* Computer A
* ISP box at home
* Gateway to Internet
* Backbone
* Trans-oceanic cable
* Gmail server
* Autonomous Tchat server
* Public wifi access point
* Computer B
'''Now, let's send a "normal" e-mail from computer A to computer B and let's see who can read what between metadatas and the content of the mail. Repeat the exercise with an encrypted e-mail, with a normal tchat and an encrypted tchat'''

[[File:FacebookHI5OrkutMAP.jpg|center]]

== Reduce your digital shadow ==
=== The web - Browser and plug-ins ===
* '''To remove adds''' : ublock origin https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
* '''To prevent tracking''' : betterprivacy https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/
* '''To reduce our digital shadow''' : Privacy Badger https://www.eff.org/privacybadger
* '''To use as much as possible encrypted communication''' between our computer and the server : HTTP'''S''' everywhere https://www.eff.org/https-everywhere
* '''To avoid viruses from web pages''' and javascript https://noscript.net/
* '''To avoid viruses from Flash content''' : flashblock https://addons.mozilla.org/en-US/firefox/addon/flashblock/

[[File:webplugins.png|center]]

=== Alternative search engines ===
'''To add a new search engine to Firefox''', see https://support.mozilla.org/en-US/kb/add-or-remove-search-engine-firefox
* https://duckduckgo.com/ see also the bangs https://duckduckgo.com/bang : if you add "!w" to your request, it will search directly on wikipedia
* https://www.qwant.com/
* https://startpage.com/
* https://searx.laquadrature.net/ meta hackable search engine

[[File:searx.png|center]]

=== Evaluate the traceability of your system and browser ===
'''The "fingerprinting"''' allow one to identify us in function of our configuration : operating system, browser configuration, plug-ins, size of our screen, ...
* to make a test : Panopticlick http://panopticlick.eff.org/

=== Remove metadata from files ===
'''Metadata are included in pictures, text documents, videos''', and can include geolocalization, the name of the autor and many more informations
* see the tool [http://sourceforge.net/projects/exiftool/ Exiftool] : to remove metadata :
exiftool "-all:all=petit chaton" -overwrite_original *.ogg

== Use emails in a safer way ==
=== Alternative email providers ===
* https://help.riseup.net/
* http://no-log.org/
* http://autistici.org
* https://www.openmailbox.org/
* https://mailinabox.email/

=== Disposable emails ===
* https://www.guerrillamail.com/
* https://www.sharklasers.com/
* http://maildrop.cc/
* http://throwawaymail.com/
* http://yopmail.com/
* http://clipmail.eu
* https://addons.mozilla.org/fr/firefox/addon/bloody-vikings/

=== Encrypt mails with PGP ===
'''With a combination of thunderbird and enigmail plug-in :'''
* PGP avec enigmail et thunderbird https://securityinabox.org/en/guide/thunderbird/windows
* Tutorial from FSF https://emailselfdefense.fsf.org/en/
* 15 reasons not to start using PGP http://secushare.org/PGP
=== Communication and exchange services ===
'''Let's use alternative services without any commercial purposes''' FLOSS (Free/Libre Open Source), to replace skype, dropbox, doodle, google doc, ... :
* Dégoogleise Internet https://degooglisons-internet.org/
[[Fichier:Carte-full.jpg|500px|centré]]

=== Tchat ===
* pidgin with à OTR https://otr.cypherpunks.ca/
* https://crypto.cat/
* https://pond.imperialviolet.org/
* https://ricochet.im/
* https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily
[[File:cryptocat.png|500px|centré]]

=== Visioconference ===
* chat with visioconference with jit.s https://jitsi.org/Main/Download / installation : https://jitsi.org/Documentation/SetUpJitsiAccount / open an account https://jit.si/
* directly in the browser : https://meet.jit.si/ or https://www.mozilla.org/fr/firefox/hello/
* Tox to replace skype https://tox.im/

== Preserve your anonymity, circumvent censorship ==
'''Use Tor''' (The Onion Router), '''Tails''' (Live Linux amnesic operating system), '''a VPN''' (create a tunnel between you and your vpn provider)
* TOR : https://www.torproject.org/projects/torbrowser.html.en
* TAILS : https://tails.boum.org/install/index.fr.html
* VPN : https://help.riseup.net/fr/vpn
'''Understand the difference between encryption and anonymity'''
* video gpg tactical tech https://tacticaltech.org/projects/decrypting-encryption https://vimeo.com/132517596
* tor browser : https://www.youtube.com/user/TheTorProject

== Social network ==
=== Let's ask some good questions ===
'''How is the web service on which I'm willing to sign in is earning money ? What is its economical model ? '''

'''Set up the privacy settings of your account''', strong passwords, use d'https

'''Define which kind of information you are publishing''', did everybody agreed ? :
*who can see the informations I published
*Who is the owner of the information I published
*What kind of personal informations can I transfer to other people
*Are my contacts ok with the fact that I share informations about them with others ?
*Do I trust all the persons with which I'm in contact ?
Consider that event if you are not inscribed on Facebook, Facebook will build a shadow profile about you (Friends inviting me on facebook ...), be careful when using your Facebook or google account to sign in another web service

=== Choose between 4 strategies concerning your on-line identity ===
* '''Real name'''
**''Risk'': Using your "real world" identity online means you are easily identifiable by family members, colleagues, and others, and your activities can be linked back to your identity.
**''Reputation'': Others can easily identify you, thus gaining reputation and trust is easier.
**''Effort'': It requires little effort.
*'''Total anonymity '''
**''Risk:'' It can be beneficial at times, but also be very difficult to maintain. Choose this option carefully.
**''Reputation'': There are few opportunities to network with others thus to gain trust and reputation.
**''Effort'': Intensive as it requires considerable caution and knowledge. It will probably require the use of anonymisation tools (for example '''Tor''' or '''TAILS''')
*'''Persistent pseudonymity'''
** *''Risk'': Pseudonyms could be linked to your real world identity.
**''Reputation'': A persistent pseudonym that others can use to identify you across platforms is a good way to gain reputation and trust.
**''Effort'': Maintenance requires some effort, particularly if you are also using your real name elsewhere.
* '''Collective Identity'''
**''Risk'': Possible exposure of your real world identity by other people's actions in the group.
**''Reputation'': While not a way to gain individual reputation, you can still benefit from the reputation of the collective.
**''Effort'': Although secure communications are still important, it requires less effort than total anonymity.

'''More about this question''' : https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual#Creating_and_managing_identities_online

=== 4 strategies to alter our digital shadow ===
[[File:altering-our-digital-shadow.png|center]]

== Téléphone mobile / intelligent ==
How a mobile phone is working, triangulation, autorisations asked by applications, metadata, alternative operating system, signed applciations, rooting and jailbreaking

=== Encrypt your phone, pass phrase, use FLOSS applications ===
'''Recommended softwares to communicate and exchange''' :
* See the market dedicated to Free Libre Open Source applications http://f-droid.org/
* And the applications developed by par https://guardianproject.info/ (available in f-droid)
=== Mobile applications renowned as safe in june 2016 ===
Always check on https://securityinabox.org/en/mobile-tools to see if an application is still safe
*SMSSecure
*Signal
*Telegraph et Snapchat (not FLOSS but end to end encryption)
*Orbot + Orweb (web browsing threw Tor network)
*keepassDroid
*Android Privacy Guard (emails + GPG)
*Obscuracam to hide people's face
=== Free your phone ===
* '''Free your Android''' : http://fsfe.org/campaigns/android/liberate.fr.html + http://www.gnu.org/philosophy/android-and-users-freedom.html

== Good practices, a synthesis ==
'''Backup, strong pass phrase, FLOSS Opératiing system and softwares, Autonomous infrastructure (Yunohost, non commercial), holistic security, update of the threat model network of trust, Safe spaces'''

After the workshop, what would you
*Start
*Stop
*Keep
doing ...

== Identifying good resources ==
* Security in a box https://securityinabox.org/ tools revised by a pool of digital security trainers, download the software from there
* Me and my shadow https://myshadow.org/ tips for mobile phone and browser
* Zen manual https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual focused on the gender and tech question : on-line identities, safe spaces, ...
* Holistic security : Physical security, Psycho-social security, digital security https://holistic-security.tacticaltech.org/
* About Dating apps : https://www.eff.org/deeplinks/2012/02/comparing-privacy-and-security-online-dating-sites http://www.forbrukerradet.no/appfail-en/ https://grindrmap.neocities.org/overview.html
* A webserie about privacy, big data, surveillance ... "Do not track me" https://donottrack-doc.com/en/episodes/

File:Searx.png

2016-06-21T16:29:28Z

B01: MsUpload

MsUpload

Digital security workshop Les Dégommeuses - Paris

2016-06-21T16:27:22Z

B01: /* The web - Browser and plug-ins */

== Issues about Security, Privacy, Anonymity ==
* Data and states
* Data and companies
* Data and citizens
* Data and art
[[File:deadrop2.jpg|center]]

== So what ? ==
* '''Holistic security''' : Physical security + Psycho-social security + digital security
* '''A global recipe''' : Autonomous infrastructures - Free Libre Open Source Softwares - end to end encryption
* '''Make some noise !''' encrypt to increase the cost of surveillance
[[File:content_holisticsecurityvenn.png|center]]

== Mapping activities and risks ==
'''Cloud of ideas and words related to security''' > questions to establish a baseline of privacy and security knowledge

== Draw your tech day ==
'''Draw your interactions with your digital devices''', from the morning to the moment you go to bed, including what kind of data you receive, you produce, you transfert and exchange with other people

== Ask yourself good questions ==
# Read up and '''educate yourself about your country's internet laws and policies'''. Some security technologies such as encryption are illegal in some countries, for example.
# Inform yourself about your '''country's laws and policies in relation to freedom of expression, right to privacy and against online and offline harassment'''. Those laws do not exist in all countries, and when they exist they are not framed and applied in the same way.
# Keep your '''computer and devices clean and healthy''': Updating your software, running a firewall, and protecting yourself from virus infection are fundamental to the security of your data
#'''Map your data''': What kind of data do you produce and/or manage? With whom? Where is this data stored? Which devices or online platforms hold your data? Most importantly, how sensitive is your data and what would happen if this particular data suddenly disappeared or was seen and copied by a third party?
# '''Secure your data''': Especially where our data is stored online, it is crucial to '''choose strong passwords, or better passphrases''', and to use a different one for each of our accounts.
# '''Connect safely to the internet''': When going online, especially if you are transmitting personal data and passwords, it is crucial to always use an encrypted connection which ensures that your data cannot be seen by anyone as it travels from your computer to the website you are visiting or to the service you are using.
# '''Anonymise your connections''': There are sometimes good reasons to hide your physical location and your internet activities. Tor browser anonymises your connections when you're browsing the internet, by hiding the sites you are visiting from your internet service provider, and hiding your location from the sites you visit.
# '''Secure your communications''': you might want to consider tools you can use and ways you can change your behavior to increase your security when using mobile phones as well as options for email and instant messaging
# '''Practice self-care''': Nothing is secure if we only think about technology and we neglect our wellbeing. If you are exhausted, stressed or burnt out, you might make mistakes that impair your security.

'''You should repeat periodically this exercise of permanent risk analysis so as to update the threat model and the answers you could put into practice'''

== Secure your devices and data ==
=== Computer ===
* '''Switch your computer to linux''' ;)
* '''Protect your computer against malware and virus''' https://securityinabox.org/en/guide/malware
* '''Protect your information from physical threats''' https://securityinabox.org/en/guide/physical
* '''Create and maintain secure passwords''' https://securityinabox.org/en/guide/passwords
* '''Destroy sensitive information''' https://securityinabox.org/en/guide/destroy-sensitive-information

=== Mobile phone / tablet ===
*'''Use mobile phones as securely as possible''' https://securityinabox.org/en/guide/mobile-phones
*'''Use smartphones as securely as possible''' https://securityinabox.org/en/guide/smartphones
*'''Encrypt your mobile phone''', basic Android security setup guide https://securityinabox.org/en/guide/basic-setup/android

== What is Internet ? ==
'''A network of networks of computers''' : Your computer > Internet Service Provider > router > gateway > backbone > sever serveur / routeur
* http://maps.level3.com/default/ ou http://www.submarinecablemap.com/#/landing-point/marseille-france
* http://www.teliasoneraicmap.com/
* http://www.vox.com/a/internet-maps 40 maps that explain the internet

[[File:Global-Global-IP.png|center]]

=== What is an IP address ? ===
'''An IP address identify your computer inside a local network''' (it is a private IP, for example 192.168.1.101), then your internet box provide you '''a public IP address''' connected to Internet (for example 82.239.0.211). Each network devices is identfied by a unique physical address called the MAC address (for example f4:6d:04:3a:ef:55)
* visualize your ip address and the geolocalization of your computer http://whatismyipaddress.com/
* demo traceroute : visualize where your traffic is going http://www.yougetsignal.com/tools/visual-tracert/

[[File:1-what-is-ip-address.png|center]]

== How the data are circulating in the network ==
If you tried the previous link, you can see that your request reach a server that can be on the other side if the world. But there are third parties that collect informations and datas on your navigation, most of the time to gather informations about you and to sell it for commercial purposes (we call them data brokers), so in function of the website, one single request can be tracked by up to more than twenty other companies ...
* https://trackography.org/ > Choose a country and a newspaper and see who is collecting data when you go to this website

=== Internet role play ===
'''Each person become an element of the network :'''
* Computer A
* ISP box at home
* Gateway to Internet
* Backbone
* Trans-oceanic cable
* Gmail server
* Autonomous Tchat server
* Public wifi access point
* Computer B
'''Now, let's send a "normal" e-mail from computer A to computer B and let's see who can read what between metadatas and the content of the mail. Repeat the exercise with an encrypted e-mail, with a normal tchat and an encrypted tchat'''

[[File:FacebookHI5OrkutMAP.jpg|center]]

== Reduce your digital shadow ==
=== The web - Browser and plug-ins ===
* '''To remove adds''' : ublock origin https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
* '''To prevent tracking''' : betterprivacy https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/
* '''To reduce our digital shadow''' : Privacy Badger https://www.eff.org/privacybadger
* '''To use as much as possible encrypted communication''' between our computer and the server : HTTP'''S''' everywhere https://www.eff.org/https-everywhere
* '''To avoid viruses from web pages''' and javascript https://noscript.net/
* '''To avoid viruses from Flash content''' : flashblock https://addons.mozilla.org/en-US/firefox/addon/flashblock/

[[File:webplugins.png|center]]

=== Alternative search engines ===
'''To add a new search engine to Firefox''', see https://support.mozilla.org/en-US/kb/add-or-remove-search-engine-firefox
* https://duckduckgo.com/ see also the bangs https://duckduckgo.com/bang : if you add "!w" to your request, it will search directly on wikipedia
* https://www.qwant.com/
* https://startpage.com/
* https://searx.laquadrature.net/ meta hackable search engine
[[File:framabee.png|900px|centré]]

=== Evaluate the traceability of your system and browser ===
'''The "fingerprinting"''' allow one to identify us in function of our configuration : operating system, browser configuration, plug-ins, size of our screen, ...
* to make a test : Panopticlick http://panopticlick.eff.org/

=== Remove metadata from files ===
'''Metadata are included in pictures, text documents, videos''', and can include geolocalization, the name of the autor and many more informations
* see the tool [http://sourceforge.net/projects/exiftool/ Exiftool] : to remove metadata :
exiftool "-all:all=petit chaton" -overwrite_original *.ogg

== Use emails in a safer way ==
=== Alternative email providers ===
* https://help.riseup.net/
* http://no-log.org/
* http://autistici.org
* https://www.openmailbox.org/
* https://mailinabox.email/

=== Disposable emails ===
* https://www.guerrillamail.com/
* https://www.sharklasers.com/
* http://maildrop.cc/
* http://throwawaymail.com/
* http://yopmail.com/
* http://clipmail.eu
* https://addons.mozilla.org/fr/firefox/addon/bloody-vikings/

=== Encrypt mails with PGP ===
'''With a combination of thunderbird and enigmail plug-in :'''
* PGP avec enigmail et thunderbird https://securityinabox.org/en/guide/thunderbird/windows
* Tutorial from FSF https://emailselfdefense.fsf.org/en/
* 15 reasons not to start using PGP http://secushare.org/PGP
=== Communication and exchange services ===
'''Let's use alternative services without any commercial purposes''' FLOSS (Free/Libre Open Source), to replace skype, dropbox, doodle, google doc, ... :
* Dégoogleise Internet https://degooglisons-internet.org/
[[Fichier:Carte-full.jpg|500px|centré]]

=== Tchat ===
* pidgin with à OTR https://otr.cypherpunks.ca/
* https://crypto.cat/
* https://pond.imperialviolet.org/
* https://ricochet.im/
* https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily
[[File:cryptocat.png|500px|centré]]

=== Visioconference ===
* chat with visioconference with jit.s https://jitsi.org/Main/Download / installation : https://jitsi.org/Documentation/SetUpJitsiAccount / open an account https://jit.si/
* directly in the browser : https://meet.jit.si/ or https://www.mozilla.org/fr/firefox/hello/
* Tox to replace skype https://tox.im/

== Preserve your anonymity, circumvent censorship ==
'''Use Tor''' (The Onion Router), '''Tails''' (Live Linux amnesic operating system), '''a VPN''' (create a tunnel between you and your vpn provider)
* TOR : https://www.torproject.org/projects/torbrowser.html.en
* TAILS : https://tails.boum.org/install/index.fr.html
* VPN : https://help.riseup.net/fr/vpn
'''Understand the difference between encryption and anonymity'''
* video gpg tactical tech https://tacticaltech.org/projects/decrypting-encryption https://vimeo.com/132517596
* tor browser : https://www.youtube.com/user/TheTorProject

== Social network ==
=== Let's ask some good questions ===
'''How is the web service on which I'm willing to sign in is earning money ? What is its economical model ? '''

'''Set up the privacy settings of your account''', strong passwords, use d'https

'''Define which kind of information you are publishing''', did everybody agreed ? :
*who can see the informations I published
*Who is the owner of the information I published
*What kind of personal informations can I transfer to other people
*Are my contacts ok with the fact that I share informations about them with others ?
*Do I trust all the persons with which I'm in contact ?
Consider that event if you are not inscribed on Facebook, Facebook will build a shadow profile about you (Friends inviting me on facebook ...), be careful when using your Facebook or google account to sign in another web service

=== Choose between 4 strategies concerning your on-line identity ===
* '''Real name'''
**''Risk'': Using your "real world" identity online means you are easily identifiable by family members, colleagues, and others, and your activities can be linked back to your identity.
**''Reputation'': Others can easily identify you, thus gaining reputation and trust is easier.
**''Effort'': It requires little effort.
*'''Total anonymity '''
**''Risk:'' It can be beneficial at times, but also be very difficult to maintain. Choose this option carefully.
**''Reputation'': There are few opportunities to network with others thus to gain trust and reputation.
**''Effort'': Intensive as it requires considerable caution and knowledge. It will probably require the use of anonymisation tools (for example '''Tor''' or '''TAILS''')
*'''Persistent pseudonymity'''
** *''Risk'': Pseudonyms could be linked to your real world identity.
**''Reputation'': A persistent pseudonym that others can use to identify you across platforms is a good way to gain reputation and trust.
**''Effort'': Maintenance requires some effort, particularly if you are also using your real name elsewhere.
* '''Collective Identity'''
**''Risk'': Possible exposure of your real world identity by other people's actions in the group.
**''Reputation'': While not a way to gain individual reputation, you can still benefit from the reputation of the collective.
**''Effort'': Although secure communications are still important, it requires less effort than total anonymity.

'''More about this question''' : https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual#Creating_and_managing_identities_online

=== 4 strategies to alter our digital shadow ===
[[File:altering-our-digital-shadow.png|center]]

== Téléphone mobile / intelligent ==
How a mobile phone is working, triangulation, autorisations asked by applications, metadata, alternative operating system, signed applciations, rooting and jailbreaking

=== Encrypt your phone, pass phrase, use FLOSS applications ===
'''Recommended softwares to communicate and exchange''' :
* See the market dedicated to Free Libre Open Source applications http://f-droid.org/
* And the applications developed by par https://guardianproject.info/ (available in f-droid)
=== Mobile applications renowned as safe in june 2016 ===
Always check on https://securityinabox.org/en/mobile-tools to see if an application is still safe
*SMSSecure
*Signal
*Telegraph et Snapchat (not FLOSS but end to end encryption)
*Orbot + Orweb (web browsing threw Tor network)
*keepassDroid
*Android Privacy Guard (emails + GPG)
*Obscuracam to hide people's face
=== Free your phone ===
* '''Free your Android''' : http://fsfe.org/campaigns/android/liberate.fr.html + http://www.gnu.org/philosophy/android-and-users-freedom.html

== Good practices, a synthesis ==
'''Backup, strong pass phrase, FLOSS Opératiing system and softwares, Autonomous infrastructure (Yunohost, non commercial), holistic security, update of the threat model network of trust, Safe spaces'''

After the workshop, what would you
*Start
*Stop
*Keep
doing ...

== Identifying good resources ==
* Security in a box https://securityinabox.org/ tools revised by a pool of digital security trainers, download the software from there
* Me and my shadow https://myshadow.org/ tips for mobile phone and browser
* Zen manual https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual focused on the gender and tech question : on-line identities, safe spaces, ...
* Holistic security : Physical security, Psycho-social security, digital security https://holistic-security.tacticaltech.org/
* About Dating apps : https://www.eff.org/deeplinks/2012/02/comparing-privacy-and-security-online-dating-sites http://www.forbrukerradet.no/appfail-en/ https://grindrmap.neocities.org/overview.html
* A webserie about privacy, big data, surveillance ... "Do not track me" https://donottrack-doc.com/en/episodes/

File:Webplugins.png

2016-06-21T16:27:05Z

B01: MsUpload

MsUpload

Digital security workshop Les Dégommeuses - Paris

2016-06-21T16:25:58Z

B01: /* Internet role play */

== Issues about Security, Privacy, Anonymity ==
* Data and states
* Data and companies
* Data and citizens
* Data and art
[[File:deadrop2.jpg|center]]

== So what ? ==
* '''Holistic security''' : Physical security + Psycho-social security + digital security
* '''A global recipe''' : Autonomous infrastructures - Free Libre Open Source Softwares - end to end encryption
* '''Make some noise !''' encrypt to increase the cost of surveillance
[[File:content_holisticsecurityvenn.png|center]]

== Mapping activities and risks ==
'''Cloud of ideas and words related to security''' > questions to establish a baseline of privacy and security knowledge

== Draw your tech day ==
'''Draw your interactions with your digital devices''', from the morning to the moment you go to bed, including what kind of data you receive, you produce, you transfert and exchange with other people

== Ask yourself good questions ==
# Read up and '''educate yourself about your country's internet laws and policies'''. Some security technologies such as encryption are illegal in some countries, for example.
# Inform yourself about your '''country's laws and policies in relation to freedom of expression, right to privacy and against online and offline harassment'''. Those laws do not exist in all countries, and when they exist they are not framed and applied in the same way.
# Keep your '''computer and devices clean and healthy''': Updating your software, running a firewall, and protecting yourself from virus infection are fundamental to the security of your data
#'''Map your data''': What kind of data do you produce and/or manage? With whom? Where is this data stored? Which devices or online platforms hold your data? Most importantly, how sensitive is your data and what would happen if this particular data suddenly disappeared or was seen and copied by a third party?
# '''Secure your data''': Especially where our data is stored online, it is crucial to '''choose strong passwords, or better passphrases''', and to use a different one for each of our accounts.
# '''Connect safely to the internet''': When going online, especially if you are transmitting personal data and passwords, it is crucial to always use an encrypted connection which ensures that your data cannot be seen by anyone as it travels from your computer to the website you are visiting or to the service you are using.
# '''Anonymise your connections''': There are sometimes good reasons to hide your physical location and your internet activities. Tor browser anonymises your connections when you're browsing the internet, by hiding the sites you are visiting from your internet service provider, and hiding your location from the sites you visit.
# '''Secure your communications''': you might want to consider tools you can use and ways you can change your behavior to increase your security when using mobile phones as well as options for email and instant messaging
# '''Practice self-care''': Nothing is secure if we only think about technology and we neglect our wellbeing. If you are exhausted, stressed or burnt out, you might make mistakes that impair your security.

'''You should repeat periodically this exercise of permanent risk analysis so as to update the threat model and the answers you could put into practice'''

== Secure your devices and data ==
=== Computer ===
* '''Switch your computer to linux''' ;)
* '''Protect your computer against malware and virus''' https://securityinabox.org/en/guide/malware
* '''Protect your information from physical threats''' https://securityinabox.org/en/guide/physical
* '''Create and maintain secure passwords''' https://securityinabox.org/en/guide/passwords
* '''Destroy sensitive information''' https://securityinabox.org/en/guide/destroy-sensitive-information

=== Mobile phone / tablet ===
*'''Use mobile phones as securely as possible''' https://securityinabox.org/en/guide/mobile-phones
*'''Use smartphones as securely as possible''' https://securityinabox.org/en/guide/smartphones
*'''Encrypt your mobile phone''', basic Android security setup guide https://securityinabox.org/en/guide/basic-setup/android

== What is Internet ? ==
'''A network of networks of computers''' : Your computer > Internet Service Provider > router > gateway > backbone > sever serveur / routeur
* http://maps.level3.com/default/ ou http://www.submarinecablemap.com/#/landing-point/marseille-france
* http://www.teliasoneraicmap.com/
* http://www.vox.com/a/internet-maps 40 maps that explain the internet

[[File:Global-Global-IP.png|center]]

=== What is an IP address ? ===
'''An IP address identify your computer inside a local network''' (it is a private IP, for example 192.168.1.101), then your internet box provide you '''a public IP address''' connected to Internet (for example 82.239.0.211). Each network devices is identfied by a unique physical address called the MAC address (for example f4:6d:04:3a:ef:55)
* visualize your ip address and the geolocalization of your computer http://whatismyipaddress.com/
* demo traceroute : visualize where your traffic is going http://www.yougetsignal.com/tools/visual-tracert/

[[File:1-what-is-ip-address.png|center]]

== How the data are circulating in the network ==
If you tried the previous link, you can see that your request reach a server that can be on the other side if the world. But there are third parties that collect informations and datas on your navigation, most of the time to gather informations about you and to sell it for commercial purposes (we call them data brokers), so in function of the website, one single request can be tracked by up to more than twenty other companies ...
* https://trackography.org/ > Choose a country and a newspaper and see who is collecting data when you go to this website

=== Internet role play ===
'''Each person become an element of the network :'''
* Computer A
* ISP box at home
* Gateway to Internet
* Backbone
* Trans-oceanic cable
* Gmail server
* Autonomous Tchat server
* Public wifi access point
* Computer B
'''Now, let's send a "normal" e-mail from computer A to computer B and let's see who can read what between metadatas and the content of the mail. Repeat the exercise with an encrypted e-mail, with a normal tchat and an encrypted tchat'''

[[File:FacebookHI5OrkutMAP.jpg|center]]

== Reduce your digital shadow ==
=== The web - Browser and plug-ins ===
* '''To remove adds''' : ublock origin https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
* '''To prevent tracking''' : betterprivacy https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/
* '''To reduce our digital shadow''' : Privacy Badger https://www.eff.org/privacybadger
* '''To use as much as possible encrypted communication''' between our computer and the server : HTTP'''S''' everywhere https://www.eff.org/https-everywhere
* '''To avoid viruses from web pages''' and javascript https://noscript.net/
* '''To avoid viruses from Flash content''' : flashblock https://addons.mozilla.org/en-US/firefox/addon/flashblock/

=== Alternative search engines ===
'''To add a new search engine to Firefox''', see https://support.mozilla.org/en-US/kb/add-or-remove-search-engine-firefox
* https://duckduckgo.com/ see also the bangs https://duckduckgo.com/bang : if you add "!w" to your request, it will search directly on wikipedia
* https://www.qwant.com/
* https://startpage.com/
* https://searx.laquadrature.net/ meta hackable search engine
[[File:framabee.png|900px|centré]]

=== Evaluate the traceability of your system and browser ===
'''The "fingerprinting"''' allow one to identify us in function of our configuration : operating system, browser configuration, plug-ins, size of our screen, ...
* to make a test : Panopticlick http://panopticlick.eff.org/

=== Remove metadata from files ===
'''Metadata are included in pictures, text documents, videos''', and can include geolocalization, the name of the autor and many more informations
* see the tool [http://sourceforge.net/projects/exiftool/ Exiftool] : to remove metadata :
exiftool "-all:all=petit chaton" -overwrite_original *.ogg

== Use emails in a safer way ==
=== Alternative email providers ===
* https://help.riseup.net/
* http://no-log.org/
* http://autistici.org
* https://www.openmailbox.org/
* https://mailinabox.email/

=== Disposable emails ===
* https://www.guerrillamail.com/
* https://www.sharklasers.com/
* http://maildrop.cc/
* http://throwawaymail.com/
* http://yopmail.com/
* http://clipmail.eu
* https://addons.mozilla.org/fr/firefox/addon/bloody-vikings/

=== Encrypt mails with PGP ===
'''With a combination of thunderbird and enigmail plug-in :'''
* PGP avec enigmail et thunderbird https://securityinabox.org/en/guide/thunderbird/windows
* Tutorial from FSF https://emailselfdefense.fsf.org/en/
* 15 reasons not to start using PGP http://secushare.org/PGP
=== Communication and exchange services ===
'''Let's use alternative services without any commercial purposes''' FLOSS (Free/Libre Open Source), to replace skype, dropbox, doodle, google doc, ... :
* Dégoogleise Internet https://degooglisons-internet.org/
[[Fichier:Carte-full.jpg|500px|centré]]

=== Tchat ===
* pidgin with à OTR https://otr.cypherpunks.ca/
* https://crypto.cat/
* https://pond.imperialviolet.org/
* https://ricochet.im/
* https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily
[[File:cryptocat.png|500px|centré]]

=== Visioconference ===
* chat with visioconference with jit.s https://jitsi.org/Main/Download / installation : https://jitsi.org/Documentation/SetUpJitsiAccount / open an account https://jit.si/
* directly in the browser : https://meet.jit.si/ or https://www.mozilla.org/fr/firefox/hello/
* Tox to replace skype https://tox.im/

== Preserve your anonymity, circumvent censorship ==
'''Use Tor''' (The Onion Router), '''Tails''' (Live Linux amnesic operating system), '''a VPN''' (create a tunnel between you and your vpn provider)
* TOR : https://www.torproject.org/projects/torbrowser.html.en
* TAILS : https://tails.boum.org/install/index.fr.html
* VPN : https://help.riseup.net/fr/vpn
'''Understand the difference between encryption and anonymity'''
* video gpg tactical tech https://tacticaltech.org/projects/decrypting-encryption https://vimeo.com/132517596
* tor browser : https://www.youtube.com/user/TheTorProject

== Social network ==
=== Let's ask some good questions ===
'''How is the web service on which I'm willing to sign in is earning money ? What is its economical model ? '''

'''Set up the privacy settings of your account''', strong passwords, use d'https

'''Define which kind of information you are publishing''', did everybody agreed ? :
*who can see the informations I published
*Who is the owner of the information I published
*What kind of personal informations can I transfer to other people
*Are my contacts ok with the fact that I share informations about them with others ?
*Do I trust all the persons with which I'm in contact ?
Consider that event if you are not inscribed on Facebook, Facebook will build a shadow profile about you (Friends inviting me on facebook ...), be careful when using your Facebook or google account to sign in another web service

=== Choose between 4 strategies concerning your on-line identity ===
* '''Real name'''
**''Risk'': Using your "real world" identity online means you are easily identifiable by family members, colleagues, and others, and your activities can be linked back to your identity.
**''Reputation'': Others can easily identify you, thus gaining reputation and trust is easier.
**''Effort'': It requires little effort.
*'''Total anonymity '''
**''Risk:'' It can be beneficial at times, but also be very difficult to maintain. Choose this option carefully.
**''Reputation'': There are few opportunities to network with others thus to gain trust and reputation.
**''Effort'': Intensive as it requires considerable caution and knowledge. It will probably require the use of anonymisation tools (for example '''Tor''' or '''TAILS''')
*'''Persistent pseudonymity'''
** *''Risk'': Pseudonyms could be linked to your real world identity.
**''Reputation'': A persistent pseudonym that others can use to identify you across platforms is a good way to gain reputation and trust.
**''Effort'': Maintenance requires some effort, particularly if you are also using your real name elsewhere.
* '''Collective Identity'''
**''Risk'': Possible exposure of your real world identity by other people's actions in the group.
**''Reputation'': While not a way to gain individual reputation, you can still benefit from the reputation of the collective.
**''Effort'': Although secure communications are still important, it requires less effort than total anonymity.

'''More about this question''' : https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual#Creating_and_managing_identities_online

=== 4 strategies to alter our digital shadow ===
[[File:altering-our-digital-shadow.png|center]]

== Téléphone mobile / intelligent ==
How a mobile phone is working, triangulation, autorisations asked by applications, metadata, alternative operating system, signed applciations, rooting and jailbreaking

=== Encrypt your phone, pass phrase, use FLOSS applications ===
'''Recommended softwares to communicate and exchange''' :
* See the market dedicated to Free Libre Open Source applications http://f-droid.org/
* And the applications developed by par https://guardianproject.info/ (available in f-droid)
=== Mobile applications renowned as safe in june 2016 ===
Always check on https://securityinabox.org/en/mobile-tools to see if an application is still safe
*SMSSecure
*Signal
*Telegraph et Snapchat (not FLOSS but end to end encryption)
*Orbot + Orweb (web browsing threw Tor network)
*keepassDroid
*Android Privacy Guard (emails + GPG)
*Obscuracam to hide people's face
=== Free your phone ===
* '''Free your Android''' : http://fsfe.org/campaigns/android/liberate.fr.html + http://www.gnu.org/philosophy/android-and-users-freedom.html

== Good practices, a synthesis ==
'''Backup, strong pass phrase, FLOSS Opératiing system and softwares, Autonomous infrastructure (Yunohost, non commercial), holistic security, update of the threat model network of trust, Safe spaces'''

After the workshop, what would you
*Start
*Stop
*Keep
doing ...

== Identifying good resources ==
* Security in a box https://securityinabox.org/ tools revised by a pool of digital security trainers, download the software from there
* Me and my shadow https://myshadow.org/ tips for mobile phone and browser
* Zen manual https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual focused on the gender and tech question : on-line identities, safe spaces, ...
* Holistic security : Physical security, Psycho-social security, digital security https://holistic-security.tacticaltech.org/
* About Dating apps : https://www.eff.org/deeplinks/2012/02/comparing-privacy-and-security-online-dating-sites http://www.forbrukerradet.no/appfail-en/ https://grindrmap.neocities.org/overview.html
* A webserie about privacy, big data, surveillance ... "Do not track me" https://donottrack-doc.com/en/episodes/

File:FacebookHI5OrkutMAP.jpg

2016-06-21T16:25:40Z

B01: MsUpload

MsUpload

Digital security workshop Les Dégommeuses - Paris

2016-06-21T16:24:31Z

B01: /* What is Internet ? */

== Issues about Security, Privacy, Anonymity ==
* Data and states
* Data and companies
* Data and citizens
* Data and art
[[File:deadrop2.jpg|center]]

== So what ? ==
* '''Holistic security''' : Physical security + Psycho-social security + digital security
* '''A global recipe''' : Autonomous infrastructures - Free Libre Open Source Softwares - end to end encryption
* '''Make some noise !''' encrypt to increase the cost of surveillance
[[File:content_holisticsecurityvenn.png|center]]

== Mapping activities and risks ==
'''Cloud of ideas and words related to security''' > questions to establish a baseline of privacy and security knowledge

== Draw your tech day ==
'''Draw your interactions with your digital devices''', from the morning to the moment you go to bed, including what kind of data you receive, you produce, you transfert and exchange with other people

== Ask yourself good questions ==
# Read up and '''educate yourself about your country's internet laws and policies'''. Some security technologies such as encryption are illegal in some countries, for example.
# Inform yourself about your '''country's laws and policies in relation to freedom of expression, right to privacy and against online and offline harassment'''. Those laws do not exist in all countries, and when they exist they are not framed and applied in the same way.
# Keep your '''computer and devices clean and healthy''': Updating your software, running a firewall, and protecting yourself from virus infection are fundamental to the security of your data
#'''Map your data''': What kind of data do you produce and/or manage? With whom? Where is this data stored? Which devices or online platforms hold your data? Most importantly, how sensitive is your data and what would happen if this particular data suddenly disappeared or was seen and copied by a third party?
# '''Secure your data''': Especially where our data is stored online, it is crucial to '''choose strong passwords, or better passphrases''', and to use a different one for each of our accounts.
# '''Connect safely to the internet''': When going online, especially if you are transmitting personal data and passwords, it is crucial to always use an encrypted connection which ensures that your data cannot be seen by anyone as it travels from your computer to the website you are visiting or to the service you are using.
# '''Anonymise your connections''': There are sometimes good reasons to hide your physical location and your internet activities. Tor browser anonymises your connections when you're browsing the internet, by hiding the sites you are visiting from your internet service provider, and hiding your location from the sites you visit.
# '''Secure your communications''': you might want to consider tools you can use and ways you can change your behavior to increase your security when using mobile phones as well as options for email and instant messaging
# '''Practice self-care''': Nothing is secure if we only think about technology and we neglect our wellbeing. If you are exhausted, stressed or burnt out, you might make mistakes that impair your security.

'''You should repeat periodically this exercise of permanent risk analysis so as to update the threat model and the answers you could put into practice'''

== Secure your devices and data ==
=== Computer ===
* '''Switch your computer to linux''' ;)
* '''Protect your computer against malware and virus''' https://securityinabox.org/en/guide/malware
* '''Protect your information from physical threats''' https://securityinabox.org/en/guide/physical
* '''Create and maintain secure passwords''' https://securityinabox.org/en/guide/passwords
* '''Destroy sensitive information''' https://securityinabox.org/en/guide/destroy-sensitive-information

=== Mobile phone / tablet ===
*'''Use mobile phones as securely as possible''' https://securityinabox.org/en/guide/mobile-phones
*'''Use smartphones as securely as possible''' https://securityinabox.org/en/guide/smartphones
*'''Encrypt your mobile phone''', basic Android security setup guide https://securityinabox.org/en/guide/basic-setup/android

== What is Internet ? ==
'''A network of networks of computers''' : Your computer > Internet Service Provider > router > gateway > backbone > sever serveur / routeur
* http://maps.level3.com/default/ ou http://www.submarinecablemap.com/#/landing-point/marseille-france
* http://www.teliasoneraicmap.com/
* http://www.vox.com/a/internet-maps 40 maps that explain the internet

[[File:Global-Global-IP.png|center]]

=== What is an IP address ? ===
'''An IP address identify your computer inside a local network''' (it is a private IP, for example 192.168.1.101), then your internet box provide you '''a public IP address''' connected to Internet (for example 82.239.0.211). Each network devices is identfied by a unique physical address called the MAC address (for example f4:6d:04:3a:ef:55)
* visualize your ip address and the geolocalization of your computer http://whatismyipaddress.com/
* demo traceroute : visualize where your traffic is going http://www.yougetsignal.com/tools/visual-tracert/

[[File:1-what-is-ip-address.png|center]]

== How the data are circulating in the network ==
If you tried the previous link, you can see that your request reach a server that can be on the other side if the world. But there are third parties that collect informations and datas on your navigation, most of the time to gather informations about you and to sell it for commercial purposes (we call them data brokers), so in function of the website, one single request can be tracked by up to more than twenty other companies ...
* https://trackography.org/ > Choose a country and a newspaper and see who is collecting data when you go to this website

=== Internet role play ===
'''Each person become an element of the network :'''
* Computer A
* ISP box at home
* Gateway to Internet
* Backbone
* Trans-oceanic cable
* Gmail server
* Autonomous Tchat server
* Public wifi access point
* Computer B
'''Now, let's send a "normal" e-mail from computer A to computer B and let's see who can read what between metadatas and the content of the mail. Repeat the exercise with an encrypted e-mail, with a normal tchat and an encrypted tchat'''

== Reduce your digital shadow ==
=== The web - Browser and plug-ins ===
* '''To remove adds''' : ublock origin https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
* '''To prevent tracking''' : betterprivacy https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/
* '''To reduce our digital shadow''' : Privacy Badger https://www.eff.org/privacybadger
* '''To use as much as possible encrypted communication''' between our computer and the server : HTTP'''S''' everywhere https://www.eff.org/https-everywhere
* '''To avoid viruses from web pages''' and javascript https://noscript.net/
* '''To avoid viruses from Flash content''' : flashblock https://addons.mozilla.org/en-US/firefox/addon/flashblock/

=== Alternative search engines ===
'''To add a new search engine to Firefox''', see https://support.mozilla.org/en-US/kb/add-or-remove-search-engine-firefox
* https://duckduckgo.com/ see also the bangs https://duckduckgo.com/bang : if you add "!w" to your request, it will search directly on wikipedia
* https://www.qwant.com/
* https://startpage.com/
* https://searx.laquadrature.net/ meta hackable search engine
[[File:framabee.png|900px|centré]]

=== Evaluate the traceability of your system and browser ===
'''The "fingerprinting"''' allow one to identify us in function of our configuration : operating system, browser configuration, plug-ins, size of our screen, ...
* to make a test : Panopticlick http://panopticlick.eff.org/

=== Remove metadata from files ===
'''Metadata are included in pictures, text documents, videos''', and can include geolocalization, the name of the autor and many more informations
* see the tool [http://sourceforge.net/projects/exiftool/ Exiftool] : to remove metadata :
exiftool "-all:all=petit chaton" -overwrite_original *.ogg

== Use emails in a safer way ==
=== Alternative email providers ===
* https://help.riseup.net/
* http://no-log.org/
* http://autistici.org
* https://www.openmailbox.org/
* https://mailinabox.email/

=== Disposable emails ===
* https://www.guerrillamail.com/
* https://www.sharklasers.com/
* http://maildrop.cc/
* http://throwawaymail.com/
* http://yopmail.com/
* http://clipmail.eu
* https://addons.mozilla.org/fr/firefox/addon/bloody-vikings/

=== Encrypt mails with PGP ===
'''With a combination of thunderbird and enigmail plug-in :'''
* PGP avec enigmail et thunderbird https://securityinabox.org/en/guide/thunderbird/windows
* Tutorial from FSF https://emailselfdefense.fsf.org/en/
* 15 reasons not to start using PGP http://secushare.org/PGP
=== Communication and exchange services ===
'''Let's use alternative services without any commercial purposes''' FLOSS (Free/Libre Open Source), to replace skype, dropbox, doodle, google doc, ... :
* Dégoogleise Internet https://degooglisons-internet.org/
[[Fichier:Carte-full.jpg|500px|centré]]

=== Tchat ===
* pidgin with à OTR https://otr.cypherpunks.ca/
* https://crypto.cat/
* https://pond.imperialviolet.org/
* https://ricochet.im/
* https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily
[[File:cryptocat.png|500px|centré]]

=== Visioconference ===
* chat with visioconference with jit.s https://jitsi.org/Main/Download / installation : https://jitsi.org/Documentation/SetUpJitsiAccount / open an account https://jit.si/
* directly in the browser : https://meet.jit.si/ or https://www.mozilla.org/fr/firefox/hello/
* Tox to replace skype https://tox.im/

== Preserve your anonymity, circumvent censorship ==
'''Use Tor''' (The Onion Router), '''Tails''' (Live Linux amnesic operating system), '''a VPN''' (create a tunnel between you and your vpn provider)
* TOR : https://www.torproject.org/projects/torbrowser.html.en
* TAILS : https://tails.boum.org/install/index.fr.html
* VPN : https://help.riseup.net/fr/vpn
'''Understand the difference between encryption and anonymity'''
* video gpg tactical tech https://tacticaltech.org/projects/decrypting-encryption https://vimeo.com/132517596
* tor browser : https://www.youtube.com/user/TheTorProject

== Social network ==
=== Let's ask some good questions ===
'''How is the web service on which I'm willing to sign in is earning money ? What is its economical model ? '''

'''Set up the privacy settings of your account''', strong passwords, use d'https

'''Define which kind of information you are publishing''', did everybody agreed ? :
*who can see the informations I published
*Who is the owner of the information I published
*What kind of personal informations can I transfer to other people
*Are my contacts ok with the fact that I share informations about them with others ?
*Do I trust all the persons with which I'm in contact ?
Consider that event if you are not inscribed on Facebook, Facebook will build a shadow profile about you (Friends inviting me on facebook ...), be careful when using your Facebook or google account to sign in another web service

=== Choose between 4 strategies concerning your on-line identity ===
* '''Real name'''
**''Risk'': Using your "real world" identity online means you are easily identifiable by family members, colleagues, and others, and your activities can be linked back to your identity.
**''Reputation'': Others can easily identify you, thus gaining reputation and trust is easier.
**''Effort'': It requires little effort.
*'''Total anonymity '''
**''Risk:'' It can be beneficial at times, but also be very difficult to maintain. Choose this option carefully.
**''Reputation'': There are few opportunities to network with others thus to gain trust and reputation.
**''Effort'': Intensive as it requires considerable caution and knowledge. It will probably require the use of anonymisation tools (for example '''Tor''' or '''TAILS''')
*'''Persistent pseudonymity'''
** *''Risk'': Pseudonyms could be linked to your real world identity.
**''Reputation'': A persistent pseudonym that others can use to identify you across platforms is a good way to gain reputation and trust.
**''Effort'': Maintenance requires some effort, particularly if you are also using your real name elsewhere.
* '''Collective Identity'''
**''Risk'': Possible exposure of your real world identity by other people's actions in the group.
**''Reputation'': While not a way to gain individual reputation, you can still benefit from the reputation of the collective.
**''Effort'': Although secure communications are still important, it requires less effort than total anonymity.

'''More about this question''' : https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual#Creating_and_managing_identities_online

=== 4 strategies to alter our digital shadow ===
[[File:altering-our-digital-shadow.png|center]]

== Téléphone mobile / intelligent ==
How a mobile phone is working, triangulation, autorisations asked by applications, metadata, alternative operating system, signed applciations, rooting and jailbreaking

=== Encrypt your phone, pass phrase, use FLOSS applications ===
'''Recommended softwares to communicate and exchange''' :
* See the market dedicated to Free Libre Open Source applications http://f-droid.org/
* And the applications developed by par https://guardianproject.info/ (available in f-droid)
=== Mobile applications renowned as safe in june 2016 ===
Always check on https://securityinabox.org/en/mobile-tools to see if an application is still safe
*SMSSecure
*Signal
*Telegraph et Snapchat (not FLOSS but end to end encryption)
*Orbot + Orweb (web browsing threw Tor network)
*keepassDroid
*Android Privacy Guard (emails + GPG)
*Obscuracam to hide people's face
=== Free your phone ===
* '''Free your Android''' : http://fsfe.org/campaigns/android/liberate.fr.html + http://www.gnu.org/philosophy/android-and-users-freedom.html

== Good practices, a synthesis ==
'''Backup, strong pass phrase, FLOSS Opératiing system and softwares, Autonomous infrastructure (Yunohost, non commercial), holistic security, update of the threat model network of trust, Safe spaces'''

After the workshop, what would you
*Start
*Stop
*Keep
doing ...

== Identifying good resources ==
* Security in a box https://securityinabox.org/ tools revised by a pool of digital security trainers, download the software from there
* Me and my shadow https://myshadow.org/ tips for mobile phone and browser
* Zen manual https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual focused on the gender and tech question : on-line identities, safe spaces, ...
* Holistic security : Physical security, Psycho-social security, digital security https://holistic-security.tacticaltech.org/
* About Dating apps : https://www.eff.org/deeplinks/2012/02/comparing-privacy-and-security-online-dating-sites http://www.forbrukerradet.no/appfail-en/ https://grindrmap.neocities.org/overview.html
* A webserie about privacy, big data, surveillance ... "Do not track me" https://donottrack-doc.com/en/episodes/

File:1-what-is-ip-address.png

2016-06-21T16:24:16Z

B01:

File:Global-Global-IP.png

2016-06-21T16:22:24Z

B01: