|
|
(18 intermediate revisions by 2 users not shown) |
Line 1: |
Line 1: |
− | == Aims of the manual ==
| + | This manual came out of the Gender and Technology Institute, organised by Tactical Technology Collective and the Association for Progressive Communications (APC) at the end of 2014. The event brought together almost 80 participants and facilitators, mostly from the Global South, to focus on some of the issues faced daily by women and trans* persons on the internet and to share strategies and tools for better protecting our privacy and security online. |
| | | |
− | This manual is the result of conversations among many different actors (be it GTI participants and facilitators, the multiple authors and reviewers of this manual, from the global south and global north among which are women, queer, trans* and men) about what it means to include a gender perspective into privacy and digital security. It is informed by the numerous documented stories and creative practices of grassroots activists who have been using and developing appropriated and liberating technologies while ensuring gender justice, privacy and security. The strengh of this manual comes from the diversity and heterogeneity of grassroots experiences which derive from daily practices with technologies (be those digital or social ones). From dreaming about technologies to developing them, from using them to contributing to their governance. Imagining liberating technologies where everybody is truly welcomed and respected is not a women's and trans* persons' only task, it is a duty for anybody involved in creating an inclusive, accessible, decentralised and neutral internet.
| + | Since then, the network has expanded, with the result that this manual has involved the input and review of a wide range of people, and is informed by the stories and creative practices of grassroots activists working all over the world. Many of whom have been using and developing alternative technologies for some time in order to tackle gender based violence and advance gender social justice around the world. |
| | | |
− | This manual aims at addressing how to better manage our online identity and how to build and promote safe spaces on the internet and in the physical world. Since we understand that including those fast evolving privacy and digital security practices into our already very busy lives as human rights defenders and activists is not an easy task, we believe in the importance of crafting collective mechanisms of support to keep advancing together, empower each other while keeping it zen in order to have our tech work for us.
| + | The internet is not a safe space for women and trans* people, and it is all too common to see the work of feminists and activists being deleted, (self)censored, and actively prevented from being seen, heard or read. In such a hostile environment, how then can we then as women and trans* persons develop trust when creating content and interacting with others online, and grow our trusted networks, to create safe space among us? This manual seeks to present some of the strategies and tools to help develop that trust so that women and trans* people can continue to safely enjoy the freedoms and empowerment that the internet offers. |
| | | |
− | When attempting to include privacy and digital security practices in our lives, it is fundamental to look at its relationship with gender. But first, what are gender roles? Gender roles are a set of societal norms dictating what types of behaviors are generally considered acceptable for a person in relation to their actual or perceived biological sex. These are usually centered around binary conceptions of femininity and masculinity, although there are myriad variations and gray scales in between. The first step for including gender consists in acknowledging the gender roles that society attributes to us at birth and during the rest of our lives and that generate stereotypes that can become prejudices. The latter can result into specific threats and violence against women, queer or non binary persons along the technological cycle i.e. from the moment a technology is assembled to the disposal of such a technology (such as e-waste). Gender gaps, discrimination and specific Violence Against Women (VAW) are happening along this process in a structural way that influences our experience of and with Information and Communication Technologies (ICTs).
| + | The first part of the manual looks at the information traces you leave behind on the internet, and offers various strategies and tools available for taking control of these traces. It presents what metadata and digital shadows are, and why these matter; how you can minimise, create and manage new online identities; and what are the risks and potentials involved in using different types of identities such as anonymity, pseudonyms, collective names and real names. |
| + | |
| + | The second part focuses on safe spaces. It starts with the online world and discusses how safe spaces can be created for community-building, organising and support. Then, it looks at some creative tactics for addressing exclusion and harassment of women and trans* people online. Finally it discusses different methods for creating safe space in the physical world where women and trans* persons can learn about privacy, digital security and technologies in order to be empowered and further contribute to those fields. |
| | | |
− | Including gender into privacy and security also requires an intersectional approach that engages with the diversity of cultures, social status, gender identification, sexual orientations, race, ethnicities and other power structures that create various forms and levels of inequality for individuals and communities into their access to security tools and practices. When we speak about including gender along the realms of privacy and digital security:
| + | While you're reading this manual (and putting some of what's in it into practice), it's important to keep some things in mind. |
| | | |
− | - we need to take into account the technological cycles from production to assemblage to disposal, as within this cycle a set of structural violences against women is embedded.
| + | Including gender into privacy and security requires us to take an intersectional approach - one that engages with a diversity of culture, social status, gender identification, sexual orientation, race, ethnicity and other power structures that create inequality for individuals and communities with regard to their access to security tools and practices. Besides, this is also based on the recognition that specific forms of violence against women, trans*, and queer persons happen in a structural way along the entirety of the technological cycle - from the moment a specific form of technology is assembled, to its usage, right through to its disposal. If this particular manual is, of course not able to address the entire scope of this; it is nonetheless useful to keep the big picture in mind. This includes: |
| | | |
− | - we need to understand how different women in different conditions find ways of accessing technologies, even if they are not supposed to or supported in doing so, and how they can protect themselves and others in the process. | + | * Acknowledging that gender gaps, discrimination and gender-based violence are structural, and influence the conditions of women and trans* persons in relation to their experience of and with ICTs. |
| + | * Understanding how different women and trans* persons in different conditions find ways of accessing technologies, and how they can protect themselves and others in the process. |
| + | * Sharing skills and knowledge on the ground so that women and trans* persons can strengthen their freedom of opinion and expression. |
| + | * Remembering it is important to make women and trans* experiences in the management and development of technologies visible (not just the digital ones, but also appropriated ones like health and self-care technologies for instance). |
| + | * Working to enable a greater participation of women and trans* persons in institutions which contribute to the governance of internet, as well as inside companies and organisations delivering services which support our networking and online identity. |
| + | * Imagining liberating technologies where everybody is truly welcomed and respected is not work for women and trans* persons only, it is the responsibility of anybody involved in creating an inclusive,accessible, decentralised and neutral internet. |
| | | |
− | - we need to tackle specific gender-based online violence and build capacity on the ground so that women, trans* and queer can protect and strengthen their freedom of opinion and expression.
| + | With these points in mind, we should ask ourselves when choosing to use a specific technology, if it is a liberating or alienating one for other groups and individuals. Liberating technologies can be defined as those that do not harm and are fairly produced and distributed; that are rooted in free and open-source software and free culture principles; and that are designed by default against gender based violence, surveillance, opacity and programmed obsolescence [1]. |
| | | |
− | - we ought to remember that it consists in researching the herstory and making women, trans* and queer experiences in the management and development of technologies visible, be those digital ones, or appropriated technologies such as permaculture or health and self-care technologies for instance.
| + | Because of these, it's important to have a look at the Feminist Principles on the Internet [2] developed by the APC in 2014, when they gathered a group of woman human rights defenders and feminist activists to a Global Meeting on Gender, Sexuality and the Internet, with the mandate to come up with a first list of principles. Those look at the ways in which the internet can be a transformative public and political space for women, trans* and feminists. They place tech-related violence on the continuum of gender-based violence, making clear the structural aspect of violence linking, expanding and/or mirroring online attitudes with offline prejudices. The principles also highlight surveillance and lack of privacy as patriarchal tools, whether they are used by the state, private individuals or corporations to control women's and trans* persons' bodies and thoughts. |
| | | |
− | - We need to understand that it means enabling a greater participation of women, trans* and queer into institutions contributing to the governance of Internet as well as inside companies and organisations delivering services for supporting our networking and online identity.
| + | ''How to use this manual'' |
| | | |
− | - We need to acknowledge that gender gaps, discrimination and VAW are structural and that structures (economic status, gender, sexual orientations, etc.) influence the conditions of women, trans* and queer in relation to their experience of and with ICTs.
| + | This manual is written for anybody that is interested in including gender with an intersectional approach to digital security and privacy practices. It aims to raise questions in your mind and inspire you, not to give you step-by-step configuration advice on X tool (but it gives you links where you can find that!). It is also not a comprehensive security guide, it focuses on a few dimensions speaking to the needs of women and trans* persons. There are however some first-step digital security and privacy measures that you should already have in place before reading this manual (see what's recommended: https://gendersec.tacticaltech.org/wiki/index.php/Security_disclaimer). |
| | | |
− | To foster enthusiasm for privacy and digital security along a gender and intersectional frame requires an integrated approach linking those to our well being (self-care) and physical security as human right defenders and our feminists and queer activism. This includes exposing the many invisible contributions that sustain digital security communities, avoid frustrated expectations, gain self confidence and loose fear through Do-It-With-Others (DIWO) processes, among others. Accordingly, adapted, updated and targeted resources and training methodologies focusing on specific threats and strengths is necessary in order to activate curiosity and a better understanding through contextual references.
| + | The manual is broken into a shorter printed (and online) version and a more extensive wiki. The wiki goes in depth,explaining how to manage identities online and build safe spaces, in addition to giving examples and instructions on how to turn abstract concepts into practice. The wiki will continue to be added to by the community from the Gender and Tech Institute. We intend it to be a repository of critical resources for women's human rights defenders and activists from the global south and the global north. |
| | | |
− | Because of all this, including gender through a holistic and intersectional approach is also about asking ourselves when we choose to use a specific technology if those are liberating or alienating ones for other groups and individuals. Liberating technologies could be defined as appropriated technologies that do not harm and are fairly produced and distributed, are rooted in the free software and free culture principles and are designed by default against gender based violence, surveillance, opacity and programmed obsolescence.
| + | [1] A longer version of the methodological aspects of this introduction can be found hereː https://gendersec.tacticaltech.org/wiki/index.php/Introduction |
| | | |
− | Nowadays, what is closer to feminist and liberating practices on the Internet are the Feminist Principles on the Internet developed by the Association for Progressive Communications (APC) in 2014, when they gathered a group of Woman Human Rights Defenders and feminist activists to a Global Meeting on Gender, Sexuality and the Internet with the mandate to come up with a first list of principles. Those are about the ways in which the Internet can be a transformative public and political space for women, trans* persons, queer and feminists. It situates tech-related violence on the continuum of gender-based violence making clear the structural aspect of violence linking, expanding and/or mirroring online attitudes with offline prejudices. The principles also highlight surveillance and lack of privacy as patriarchal tools, whether they are used by the state, private individuals or corporations, to control women's and trans* persons' bodies and thoughts.
| + | [2] The Feminists principles of the internet can be consulted hereː http://www.genderit.org/articles/feminist-principles-internet |
− | | + | |
− | == What is this manual about? ==
| + | |
− | | + | |
− | The internet is an amazing space to explore, learn, speak up, listen and communicate with people across the world. Unfortunately, it has also become a contentious space. There is a pushback against people who speak against, question or challenge dominant discourses, especially if those deal with gender and sexual orientations. When planning to be active on the internet as a vocal women, a woman human rights defender, a trans* person and/or a feminist, it’s a good idea to start from an assessment of the traces we leave behind us on the Internet, our digital shadow and the social domains that are spread across our online and physical activities. These two aspects can tell very accurate stories about us; who we are, were we live and hang out, what we are interested in and who our friends are. Because those traces and online identity can expose us to several threats, this manual is about presenting you different strategies you can adopt and tools you can use in order to shape or control your digital shadow and social domains in order to obtain a greater privacy and security online. The first part of this manual will enable you to understand the traces you leave behind on the Internet, your digital shadow and metadata, which are the risks and empowering potential of different online identities (real names, pseudonyms, collective names and anonymity), how you can create new online identities and manage alone or with others various on-line identities.
| + | |
− | | + | |
− | Once, you have learnt about the possible impact your online identities can have on your life, work and activism, and how you can develop strategies and use tools to mitigate possible risks and enhance possible strengths, the manual will introduce you to how to build safe spaces for you and your organisation, but also how to develop safe spaces and spaces of resistance in mixed environments. Finally, it will present how to create safe spaces in the physical world where women and trans* persons can learn about privacy, digital security and technologies in general in order to be empowered and further contribute to those fields. Safe spaces have been used by marginalized groups and communities for many decades now. They have been a way to care for oneself and for a collective, to design and craft strategies and tactics of resistance and to create an oasis of peace in what sometimes can be a tiring struggle for change. Safe spaces have taken different meanings and bear different names depending on a variety of factors, be they geographical, temporal, spatial, cultural or social, among others. This chapter will enable you to become a moderator well aware of the fundamentals of netiquette and how to contribute to the creation and enforcement of social rules within online communities. You will learn the fundamentals about how to build safe spaces online and offline, gain knowledge on process and methodologies to reclaim and resist in mixed-environment spaces and become aware of current initiatives and processes that can be replicated in your community, organization or collective in order to turn them into safer spaces.
| + | |
− | | + | |
− | == How to use this manual? ==
| + | |
− | | + | |
− | This manual serves as a reference guide for women, trans* and queer grassroots activists who want to improve their privacy and digital security practices along gender and intersectional lines. This manual has been designed to be used in three different, but inter-related ways. First, there is a shorter printed (and PDF) version which contains the most essential elements of how to include gender in privacy and digital security practices. If you are new to this topic, we recommend you start reading the printed (or PDF) manual. The brevity of the printed manual is a great way to get familiar with the topic. Second, there is an online wiki, which complements the printed/PDF material. The wiki goes more in depth and at more length in explaining concepts on how to manage identities online and build safe spaces, in addition to giving examples and instructions on how to turn abstract concepts into practice. Third, the idea with the manual is its evolving and participatory nature. The wiki consists in an evolving document where people from the Gender and Tech Institute community will be given access to the wiki to add content, examples and more sections over the coming months. This wiki also aims at creating a repository of critical resources for women's human rights defenders and activists from the global south and the global north. Documentation about and storytelling on including gender in digital security and privacy practices are particularly lacking and therefore the need to create a reference that can be regularly updated is of prime importance. Through this wiki and its participatory nature, we also hope to create a dialogue between different practices, frameworks and geographies, as well as to build an international community around these issues.
| + | |
− | | + | |
− | == What you need to know before using this manual ==
| + | |
− | | + | |
− | Before reading this manual and using the recommendend tools and tactics, it is important to remember that every technology has its risks and therefore precautions ought to be taken to minimise these risks.
| + | |
− | | + | |
− | The first step we should take before connecting our devices to the internet, is to reflect on the data we have stored on our devices and elsewhere: What kind of data do we produce and/or manage? With whom do we produce this data? Where is this data stored? Which devices or online platforms hold our data? Most importantly, how sensitive is our data and what would happen if this particular data suddenly disappeared or was seen and copied by a third party? To learn more about mapping our data, read: https://gendersec.tacticaltech.org/wiki/index.php/Step_0#Mapping_your_data
| + | |
− | | + | |
− | Once we've mapped our data, the next step is securing them.
| + | |
− | | + | |
− | When our data is stored online, on the "cloud", it is crucial to choose '''strong passwords''', or better '''passphrases''', and to use a different one for each of your accounts. For more information on the importance of strong passwords and how to store them, read Security in a Box's chapter on [https://securityinabox.org/en/guide/passwords passwords] and the [https://ssd.eff.org/en/module/creating-strong-passwords EFF's howto]. A good tool to generate and store strong passwords is '''[https://securityinabox.org/en/guide/keepass/windows KeePassX]'''. A technique to create strong passphrases that are also easy to remember consists in creating a random group of words that don’t make any sense together by using simple, physical dice. Read more about the [https://firstlook.org/theintercept/2015/03/26/passphrases-can-memorize-attackers-cant-guess. '''Diceware''' techique].
| + | |
− | | + | |
− | Another very important measure we should take when going online, especially if we are transmitting personal data and passwords, is to always use a '''secure SSL connection''', which ensures that our data cannot be seen by anyone as it travels from our computer to the website we are visiting or to the service we are using. To do so, when we access a website we should type HTTPS instead of HTTP before the url of the website we want to visit. If we receive an error or the HTTPS is replaced by HTTP again, this means that the website is not offering a secure connection. To make sure that we always connect securely to websites when this option is offered, we can install '''[https://www.eff.org/https-everywhere HTTPS Everywhere]''', a Firefox, Chrome, and Opera extension developed by the Electronic Frontier Foundation that encrypts our communications with many major websites.
| + | |
− | | + | |
− | Likewise, when we create an account with an online service (e.g. our mailbox or a chat network) that we will access through a specific client or app, we should check the features of the service to make sure that it offers a secure connection and configure our clients accordingly by activating the '''TLS/SSL''' option.
| + | |
− | | + | |
− | Some activities are riskier than others, and in some cases SSL is not enough: we may have good reasons to hide our physical location and our usage of the internet, and to do so we could decide to anonymise our connections through '''[https://www.torproject.org Tor]''', an anonymity network that hides both the location of our connection and what we do on the internet by routing communications through a distributed network of servers run by volunteers all over the world. By consistently using Tor, no one can link our IP address to us, not even the mail server we use. For further information on how to use Tor, see the [https://www.torproject.org TOR project website].
| + | |
− | | + | |
− | An easy tool to anonymise our connections when browsing the internet is '''Torbrowser''', the most recommended and rigorously tested tool for keeping our online activities anonymous. For more information on Torbrowser and instructions for Windows users, visit: https://securityinabox.org/en/guide/anonymity-and-circumvention For instructions for Mac OSX users, visit: https://ssd.eff.org/en/module/how-use-tor-mac-os-x
| + | |
− | | + | |
− | Also the choice of the mail server we use for our contact mail address is important. There are several '''secure servers''' that offer a good service, like the Swiss commercial service Kolab Now (https://kolabnow.com). But the main point is to find a service that offers a secure connection (HTTPS instead of HTTP) and that is compatible with our actual needs. If you think that using a grass-roots service instead of a commercial one is closer to your view of the world, you can open a mail account with an autonomous server such as '''Riseup''' (a site used by activists with a clear set of political principles) or '''Autistici/Inventati''' (A/I). Riseup provides email addresses to activists based on a trust system. You can either get two invite codes from friends who already have Riseup accounts or wait for Riseup to approve your detailed request (which can take a long time). For more info visit: https://user.riseup.net/forms/new_user/first To obtain a mailbox with A/I, you just have to read their policy and manifesto and, if you agree with their principles, fill in a form explaining why you are asking for this service and in which way you share the collective's fundamental principles. To learn more about A/I, visit: http://www.autistici.org/en/about.html
| + | |
− | | + | |
− | Finally, nothing is secure if we only think about technology and we neglect our '''well-being'''. If we are exhausted, stressed or burnt out, we might make mistakes that impair our security. Read more about this in the Tactical Technology Collective's manual on holistic security: https://tacticaltech.org/holistic-security and this essay on The Psychological Underpinnings of Security Training: https://www.level-up.cc/resources-for-trainers/holistic/psychological-underpinnings-security-training.
| + | |
| | | |
| [[Category:Resources]] | | [[Category:Resources]] |
This manual came out of the Gender and Technology Institute, organised by Tactical Technology Collective and the Association for Progressive Communications (APC) at the end of 2014. The event brought together almost 80 participants and facilitators, mostly from the Global South, to focus on some of the issues faced daily by women and trans* persons on the internet and to share strategies and tools for better protecting our privacy and security online.
Since then, the network has expanded, with the result that this manual has involved the input and review of a wide range of people, and is informed by the stories and creative practices of grassroots activists working all over the world. Many of whom have been using and developing alternative technologies for some time in order to tackle gender based violence and advance gender social justice around the world.
The internet is not a safe space for women and trans* people, and it is all too common to see the work of feminists and activists being deleted, (self)censored, and actively prevented from being seen, heard or read. In such a hostile environment, how then can we then as women and trans* persons develop trust when creating content and interacting with others online, and grow our trusted networks, to create safe space among us? This manual seeks to present some of the strategies and tools to help develop that trust so that women and trans* people can continue to safely enjoy the freedoms and empowerment that the internet offers.
The first part of the manual looks at the information traces you leave behind on the internet, and offers various strategies and tools available for taking control of these traces. It presents what metadata and digital shadows are, and why these matter; how you can minimise, create and manage new online identities; and what are the risks and potentials involved in using different types of identities such as anonymity, pseudonyms, collective names and real names.
The second part focuses on safe spaces. It starts with the online world and discusses how safe spaces can be created for community-building, organising and support. Then, it looks at some creative tactics for addressing exclusion and harassment of women and trans* people online. Finally it discusses different methods for creating safe space in the physical world where women and trans* persons can learn about privacy, digital security and technologies in order to be empowered and further contribute to those fields.
While you're reading this manual (and putting some of what's in it into practice), it's important to keep some things in mind.
Including gender into privacy and security requires us to take an intersectional approach - one that engages with a diversity of culture, social status, gender identification, sexual orientation, race, ethnicity and other power structures that create inequality for individuals and communities with regard to their access to security tools and practices. Besides, this is also based on the recognition that specific forms of violence against women, trans*, and queer persons happen in a structural way along the entirety of the technological cycle - from the moment a specific form of technology is assembled, to its usage, right through to its disposal. If this particular manual is, of course not able to address the entire scope of this; it is nonetheless useful to keep the big picture in mind. This includes:
With these points in mind, we should ask ourselves when choosing to use a specific technology, if it is a liberating or alienating one for other groups and individuals. Liberating technologies can be defined as those that do not harm and are fairly produced and distributed; that are rooted in free and open-source software and free culture principles; and that are designed by default against gender based violence, surveillance, opacity and programmed obsolescence [1].
Because of these, it's important to have a look at the Feminist Principles on the Internet [2] developed by the APC in 2014, when they gathered a group of woman human rights defenders and feminist activists to a Global Meeting on Gender, Sexuality and the Internet, with the mandate to come up with a first list of principles. Those look at the ways in which the internet can be a transformative public and political space for women, trans* and feminists. They place tech-related violence on the continuum of gender-based violence, making clear the structural aspect of violence linking, expanding and/or mirroring online attitudes with offline prejudices. The principles also highlight surveillance and lack of privacy as patriarchal tools, whether they are used by the state, private individuals or corporations to control women's and trans* persons' bodies and thoughts.
This manual is written for anybody that is interested in including gender with an intersectional approach to digital security and privacy practices. It aims to raise questions in your mind and inspire you, not to give you step-by-step configuration advice on X tool (but it gives you links where you can find that!). It is also not a comprehensive security guide, it focuses on a few dimensions speaking to the needs of women and trans* persons. There are however some first-step digital security and privacy measures that you should already have in place before reading this manual (see what's recommended: https://gendersec.tacticaltech.org/wiki/index.php/Security_disclaimer).
The manual is broken into a shorter printed (and online) version and a more extensive wiki. The wiki goes in depth,explaining how to manage identities online and build safe spaces, in addition to giving examples and instructions on how to turn abstract concepts into practice. The wiki will continue to be added to by the community from the Gender and Tech Institute. We intend it to be a repository of critical resources for women's human rights defenders and activists from the global south and the global north.