Digital security training for women activists from the Balkans, Macedonia

From Gender and Tech Resources

Title 3-day training for women activists in the Balkans
Category Digital Security Gender and Tech
Start 2015/02/01
End 2015/02/03
Hours
Scale Macedonia
Geolocalization 41° 42' 2", 21° 42' 32"
Loading map...
Organisation TTC for kvinnatillkvinna
Website
Target audience women activists from the Balkans
Number of participants 18
Context and motivations Women Human Rights Defenders and LGTBQ activists from the balkans (albania, armenia, bosnia, croatia, serbia, georgia, macedonia) with low levels of knowledge regarding privacy and digital security. Almost all of them used Windows, had a smartphone and used facebook for work and activism. Most of them managed sensitive data involving third parties information.

The background of the participants was different, they were coming from different countries from the Balkans and the Caucasus region, dealing with different issues but what they all had in common, was that they are WHRD, they all used facebook, managed sensitive data and 17 of them were using Windows. One was only using MAC after switching from Linux. The group had already built wonderful dynamic in their work as before the DST they have spent some days on workshop about integrated security. They already knew each other, some even from before.

Topics DST, Balkans, WHRD, LGBTQ, Caucasus
Links https://gtiwiki.ttc.io/doku.php?id=dst_for_whrd_from_balkans
Media Balkans training.jpg
Agenda [[Detailed schedule and contents::**Agenda day 1**
    • 09:30 – 10:00: Welcome and introduction**

Program and objectives

Training methodology

Shared agreements

    • 10.00-11:30: Digital security risk Assessment**

Participants will learn basic methods for assessing common digital and physical risks to data in the work environment. The group exercise begin with all participants filling a document (information map) about the data they produce/manage and they assess: How sensitive are those data (from a work/activist/privacy perspective? Do they imply personal data about third parties?) + Have you lost sensitive information? How did that happen?

Information map document File:Informationmap.pdf

Then the group split into two and each group had to discussed around the following dimensions:

2) As a human rights activist, identify potential risks to your equipment and data in the office/area/place you work in? Vs What kinds of risks are present in public spaces? (Do you see similar issues in public Internet cafes, libraries, airports for instance?) + What kinds of precautions they could take to protect their physical and digital safety or the safety of your work and your network?

3) How do you build trust in your work/activist environment? What are the processes or tools you use to check out integrity, verification, authenticity of data you manage and people you work with?

Group share answers and then reflect with the entire group about discussions and ideas that emerged into their groups.

    • 11:30-11:45: BREAK**
    • 11:45-12:45: How to protect your computer from malware and intruders?**

Participants will learn about common methods of attack and anti-virus applications. The practical use would be by preventing infections on a PC and detecting fake emails.

Activity: Demonstrating how easy it is to impersonate with an email and phishing.

Resources:

[cyberthreats map]

[syrians activists]

Presentation: File:Avast guides.odp File:Malware fundamentals presentation.odp

    • 13:00-14:00 : LUNCH**
    • 14:00 – 15:00: Secure passwords**

How to create and maintain a secure password and Demonstration of Keepass/KeepassX

Activity: Brief - Participants are separated in 2 groups given different materials that represent symbols, which they can use to create visual un/secure password in the space. One group has the right to use one person that represents the combination of all materials. Demonstration which password has more strength and why.

Resources:

[popular 2014 passwords]

[strength of passwords]

[about passwords]

Presentation: File:Secure pass final.odp

    • 15:00 – 15:15: BREAK**
    • 15:15-17:00: How to protect sensitive data on your computer: Encryption, Back up**

Document about back up strategies: File:Backupstrategy.pdf

[back up strategy]

[manual Security in a Box]

    • 17:00-17:15: Evaluation**


    • Agenda day 2**
    • 09:30-11:30: How to keep your Internet communication private (Part1): Mail, Browser, Internet connection**

Participants engage into two exercises (Small group activity):

1) How Internet works and understanding the chain of agents that can control/access aka compromise our privacy and security in Internet?

A. Secure vs. insecure Internet connections (SSL/public wifis/http vs https)

2) Our digital shadow / Trackography:

Exploration of participants digital shadows

[digital shadow profiler]

[and my shadow: How to learn more?]

[privacy addons in your firefox]

[secure mail and why support alternatives]

B. Creation alternative mail (riseup, alternatives, trade offs)

C. Hands on HTTPS EVERYWHERE, NOSCRIPT, AdBlock, Ghostery, Privacy badger, alternative search engines

    • 11:30 –11:45: Break**
    • 11:45 – 13:00: How to keep your Internet communication private (Part1): Mail, Browser, Internet connection**

D. Google double step verification

E. Privacy settings in social media accounts

[yourself and your data when using social networking platforms]

    • 13:00-14:00: LUNCH**
    • 14:00-15:00: How to keep your Internet communication private (Part2): Anonymity and circumvention**

Participants engage into two exercises (Small group activity):

1) How a piece of data travels? (no encrypted, encrypted, through a proxy and then through TOR)

Explaining Tor and Tor browser bundle / VPN / Introduction to Tails

[Browser bundle]]

[[1]]

    • 15:00 – 15:15: Break**
    • 15.15 – 17:00: How to keep your Internet communication private (Part2): Anonymity and circumvention**

A. Install Tor browser bundle B. What is my IP? C. Boot from tails

    • 17:00 – 17:15: Evaluation**


    • Agenda day 3:**
    • 09:30-10:45: How to keep your Internet communication private (Part 3): Encryption and verification**

General introduction about encrypted communication.

Activity: Demonstration of the keys and mail sending through objects and letter.

[about encryption and colours]

Secure video/audio/chatting (End to End Encryption) and How secure is skype and google hangouts?

Alternatives: [and OTR] and [[2]]

Demonstration of encrypted chat and Voip.

    • 10:45 – 11:00: Break**
    • 11:00 – 13:00: How to keep your Internet communication private (Part 3): Encryption and verification**

[of trust]

[encryption Thunderbird /Enigmail]: This include practical exercises on installing Thunderbird and enigmail. As well as Generating key pairs, revocation, exchanging keys, authenticating them, uploading a key.

    • 13:00-14:00: LUNCH**
    • 14:00-16:00: Mobile phone safety**

[to sue smartphones as securely as possible?]

Participants will learn about the risks and the safety precautions to use when using mobile phones. Installation of Antivirus, Orbot, Orweb and ChatSecure, Redphone, Textsecure, enabling encryption and strong passwords on Android phones.

    • 16:00 – 17:00: Collective discussion about feminist perspectives on digital security and wrap up**

[and Technology Institute: what happened? Follow up activities]

[Interviews with women hackers]

    • 17:00 - 17:15 Evaluation**]]
Methodologies
Resources
Gendersec
Feelings Read Storytelling https://gendersec.tacticaltech.org/wiki/index.php/Women_activists_from_the_Balkans,_Macedonia
Feedbacks Feed back from participants was extremely positive as you can read below:

1.What did you think about the training, facilitation and organization of the workshop?:

a. the training was one of the most important ones. The facilitators were very kind and friendly. The time tough, was a bit short, would be perfect having one additional day.

b. I find it very useful. The facilitators were very patient:) They did their best, in order us to understand something. I am very thankful for being -consistently- and following our suggestions from the everyday evaluations. Every day evaluations are very good.

c. I loved the training, especially how the three of you interacted + run it smoothly. It was a bit challenging we come as different users so I would have loved more practical work for some who already read on theory. On the other hand - your explanations were great - really interesting + engaging us all.

d. The training was very interesting. It created a lot of possibilities to me to know what are the options for secure online communication. Facilitators were very attentive and great.

e. It was one of the best trainings i have ever attended!!! Facilitation was perfect. I liked that there were three facilitators and topics were shared.

f. Though I got tired and was difficult to process all the information. I loved the whole thing. It was interesting, with lots of information that can be useful. Facilitation was great. The three of you. Trying to keep it simple and still go through so many things. Like the way you work together. Maybe we needed longer breaks and a slower race at least I did.

g. I think that you are great!

h. I think it is of a great importance. Although it was a lot of information in a short time, I was interested and it kept my attention. Trainers were great!

i. The content of the training was a bit packed. Maybe it would be better to concentrate on few tools or programs than general overview of more tools. It was hard for me to switch of new framework after integrated security and be concentrated as previous days, the focus was another issue.

j. The workshop open to me a new view of thinking about DS. The topics were great but you could little more felt a group. To many information, too many for my perspective

k. It was extremely informative, very useful. Sometimes too overloaded with info I and it was difficult to follow but still received a valuable info.

l. It was conducted really well having in mind the abstract content but it was explained in so basic and visual manner that it is very clear for me and rememberable, at least the basic things. Facilitation was wonderful, except for the presence of all three facilitators, it wasn't quite equal at some moments dominated by one. But I liked they were three and all different, it gave me a more balanced feeling.

m. Facilitation was really good. Trying to make complicated things as simple as possible. The group was eclectic so not all participants were strong in technologies but all of them are taking at least something from the training.

n. very interesting for me useful for my job and my life. Facilitators were great. Professionals and with high quality knowledge. Thanks

o. Perfect

p. the training was very useful and interesting. Facilitators are great and helpful.

Start Asking participants to disconnect their devices and have a relaxed talk about their relation with technologies
Stop Packing so much content in three days
Keep Having talks about gender and feminist approaches to technologies