Digital security training for women activists from the Balkans, Turkey

From Gender and Tech Resources

Title 3-day training for women activists in the Balkans
Category Digital Security Gender and Tech
Start 2015/04/27
End 2015/04/30
Hours
Scale Turkey
Geolocalization 39° 39' 48", 34° 58' 49"
Loading map...
Organisation TTC for kvinnatillkvinna
Website
Target audience women activists from the Balkans
Number of participants 12
Context and motivations HRD from different parts of the Balkans, working on different issues. They had low level of knowledge about Digital Security, all used Facebook for their activism and sharing sensitive data. They all used Windows, most of them non licensed. They all worked and managed sensitive data on regular level.
Topics activists, Feminism, Balkans, DST
Links Articles, videos, photos on-line, ...
Media [[File:]]
Agenda **AGENDA DAY 1**

15:00-17:00: Welcome, Housekeeping and Objectives**

Introduction Program and objectives Training methodology Expectations Shared agreements (Discussion and agreement) Security guidelines __________________________________________________________________________________________

    • AGENDA DAY 2**

09:30-11:15: Digital Security risk Assessment**

Participants will learn basic methods for assessing common digital and physical risks to data in the work environment. The group exercise begin with all participants filling a document (information map) about the data they produce/manage and they assess:

1)How sensitive are those data (from a work/activist/privacy perspective? Do they imply personal data about third parties?) + Have you lost sensitive information? How did that happen?

Discussion:

2) As a human rights activist, identify potential risks to your equipment and data in the office/area/place you work in? Vs What kinds of risks are present in public spaces? (Do you see similar issues in public Internet cafes, libraries, airports for instance?) + What kinds of precautions they could take to protect their physical and digital safety or the safety of your work and your network?

3) How do you build trust in your work/activist environment? What are the processes or tools you use to check out integrity, verification, authenticity of data you manage and people you work with?

11:15-11:30: BREAK**


11:30-13:00: How to protect your computer from malware and intruders; PART 1**


Participants will get better understanding of what malware is, how the devices become exposed with malware. How our online behavior can influence our security regarding malware. Common methods of attacks with Malware. Demonstration through activity a phishing example.


13:00-14:30: LUNCH**


14:30-15:30: How to protect your computer from malware and intruders; PART 2**


Demonstration on how to detect fake mails as wall as removing malware from the computer. Tips on prevention infections on the computer. Installation and demonstration on Avast. Mention on Spybot and alternatives.


15:30-15:45: BREAK**


15:45-17:00: How to create and maintain secure passwords**


Participants will learn how passwords are commonly compromised. Which are the common myths and misconceptions about passwords and the features of stronger passwords. Demonstration of the need for using password manager. Hands on Keepass/KeepassX


17:00-17:30: Summary and Evaluation** __________________________________________________________________________________________

    • AGENDA DAY 3**

09:00-09:30: Review of Day 2 by the participants**

09:30-10:30: Practice Keepass/KeepassX**

10:30-10:45: BREAK**

10:45-13:00: How to protect sensitive data on your computer; PART 1**


Participants will discuss if they have lost already sensitive data, how did that happen and what kind of impact did it have on their lives and work. The objective is to identify the sensitive information the human rights activists have.

Demonstration, installation and hands-on how to protect sensitive and important information with Truecrypt 7.1a.


13:00-14:30: LUNCH**


14:30-15:30: How to protect sensitive data on your computer; PART 2**


Participants will learn how to back up sensitive and important information with Duplicati. Hands on session.


15:30-15:45: BREAK**

15:45-17:00: How to keep your Internet communication private; PART1**


Participants will learn how the internet works, through an activity showing the chain of agents that can control/access aka compromise our privacy and security. They will learn the difference between secure and insecure internet connection and have hands-on : HTTPS EVERYWHERE, NOSCRIPT and ADDBLOCK


17:00-17:30: Summary and Evaluation** __________________________________________________________________________________________

    • AGENDA DAY 4**

09:00-09:30: Review of Day 3**

09:30-10:30: How to keep your Internet communication private; PART 1**


Introduction and demonstration of VPN, proxy and Tor. Mentioning of TAILS.


10:30-10:45: BREAK**

10:45-13:00: How to keep your Internet communication private; PART 1**


Participants will learn about the double step verification on Google, about alternative cloud services and alternative email secure services. Opening accounts on riseup.net


13:00-14:30: LUNCH**


14:30-17:30: How to keep your internet communication private; PART 2**


How encryption works. Demonstration of the keys and mail sending through objects and letter. Demonstration Pidgin and Meet.jitsi. Hands-on email encryption. Includes installation of Thunderbird, enigmail and PGP. Generating key pairs, revocation, exchanging keys authenticating them, uploading keys. Web of trust


17:30-18:00: Wrap-up and Final Evaluation**

Methodologies ADIDS
Resources
Gendersec
Feelings How was it ?
Feedbacks Feedback of the participants:

What did you think about the training, facilitation and organization of the workshop?

a) I think it was really good. They were well organized, training is real source of useful information and facilitators gave a lot of effort to simplify everything, so we could understand.

b) It was well organized, I felt good about it. Trainers were very good and I am thankful to them for this training

c) Everything was very good. Especially the trainers. It was something new for me, the topic and a challenge.

d) Encryption was great, the trainers were very professional and friendly and I believe they made us all interested in topics we usually don't find very interesting.

e) Training was very useful, especially because I didn't have chance until now to attend this kind of workshop.

f) Excellent!! Very important training, very useful. Trainers were amazing!! Great approach, very political! Good balance between theory and practice.

g) The importance of this training cannot be compared to other things. Digital security is more important that it seems and very serious. The facilitation was very good and practical. The organization was good.

h) The training was organized excellent and the trainers were very professional and helpful. Also I consider that this workshop should have a follow-up :)

i)I think everything was perfect.

j) It was very good. Trainers are top quality and very good in explaining. The atmosphere was very pleasant.

k) Very good organization and facilitation

l) Almost everything was good. I mean almost because we didn't get to know mobile security. But I will try to figure out at security in a box

m) Very well organized

Start Insisting for participants to close computers when not needed
Stop Covering so much content in so little time
Keep Including feminist perspectives in all the discussions