Difference between revisions of "Complete manual"

From Gender and Tech Resources

Line 386: Line 386:
 
'''Chapter 2: Safe spaces'''
 
'''Chapter 2: Safe spaces'''
  
===='''What are Safe Spaces?'''====
+
=='''What are Safe Spaces?'''==
Safe spaces can be understood as spaces that are created to share common values, whether explicit, through a community agreement, or implicit through the sharing of values. They enable members of a group to flourish, empower themselves and create community. Safe spaces have provided a safe environment for discussion and awareness raising in the women's liberation movement in the 60s and 70s. Safe spaces are also about pushing boundaries and confronting certain difficult issues among a group of people such as: Who can be part of a women's only group? And who can be defined as a woman? As these are important questions to be addressed, they need reflection, trust and the understanding of where our own assumptions come from.  
+
 
 +
Safe spaces can be understood as spaces that are created though explicit community agreement, or through implicit sharing of values. They enable members of a group to flourish, empower themselves and create community. Safe environment for discussion and awareness raising have played a key role since the women's liberation movement in the 60s. Still nowadays, safe spaces strategies enable different groups at risk such as survivors of sexual abuse, harassment and violence to feel safe and secure, catch up and develop their skills, heal and reclaim their dignity. There are many shared logics underpinning the creation of safe spaces online so that women, trans* and other groups can communicate and exchange in a nurturing and welcoming environment, as there are variations of the safe space logic in the development of events, activities, meetings in the physical world for enabling more women and trans to access and learn about technologies related fields without having to fear sexist language and attitudes or being '''mansplained''' meanwhile learning.
  
 
Safe space strategies have been used in many different contexts in recent times too. In Tahrir Square in Egypt, Operation Anti Sexual Harassment (OpAntiSH) was set up to react to an unsafe environment and as a way to protect women and/or confront harassers and support survivors of sexual abuse and harassment. In Kenya, the women-only Umoja village was created for women survivors of rape and sexual assaults, as a place where they could feel safe and secure, raise their kids, earn a living collectively, heal and reclaim their dignity. During the USA Occupy movements many women, queer and trans* persons did not feel safe to camp in the squares and parks. Some resorted to women-only tents, or women of colour-only affinity groups while others, mostly transwomen, opted for an online presence as putting their bodies on the line was deemed too dangerous.
 
Safe space strategies have been used in many different contexts in recent times too. In Tahrir Square in Egypt, Operation Anti Sexual Harassment (OpAntiSH) was set up to react to an unsafe environment and as a way to protect women and/or confront harassers and support survivors of sexual abuse and harassment. In Kenya, the women-only Umoja village was created for women survivors of rape and sexual assaults, as a place where they could feel safe and secure, raise their kids, earn a living collectively, heal and reclaim their dignity. During the USA Occupy movements many women, queer and trans* persons did not feel safe to camp in the squares and parks. Some resorted to women-only tents, or women of colour-only affinity groups while others, mostly transwomen, opted for an online presence as putting their bodies on the line was deemed too dangerous.

Revision as of 11:12, 28 May 2015

Contents

Chapter 1: Identity online

Understanding digital shadows

The internet is a great space to explore, learn, speak up, listen and communicate with people across the world.

Unfortunately, it has also become a space where people who question or challenge dominant discourses - especially where those deal with gender and sexual orientation - are silenced, harassed and threatened.

If you are active on the internet as women, human rights defenders, trans* or queer persons, and/or feminists, you'll probably want to make sure your privacy and security are protected as much as possible.

A good place to start is by assessing the traces you are leaving behind on the internet, by getting to know your digital shadow and understanding how you organise your social domains and networks across your online and physical activities.

The traces you leave online can tell very accurate stories about you; who you are, were you live and hang out; what you are interested in and who your friends and collaborators are. This information can expose you to several threats, including online harassment - particularly where the traces you leave behind are publicly available.

However, there are also many strategies and tools you can use to take more control over your digital shadows - to increase your privacy, and ultimately to be more secure, both online and offline - without being less vocal or reducing your activity online. Some examples of these strategies and tools include controlling the amount of data you give away by consciously stripping valuable information from content and metadata; trying the art of self-doxing; and thinking about ways to play with and break up your online identity.

Your digital shadow is the story data tells about you. This digital shadow is created by trillions of bits of data, left behind in the digital world when you connect to the internet, your mobile phones and your other online services. These digital shadows ultimately have a life of their own. They can be affected by others and can change in unpredictable ways. They grow continuously, and can be permanent, encompassing both your past and present activities.

How are these trillion bits of data created? The devices and the software you use to browse the Internet, access websites, connect to social networking platforms like Facebook and Twitter, publish blog posts, receive phone calls, send SMS messages or emails, chat, or buy things online, all create specific bits of data. These bits of data can include your name, location, contacts, pictures, messages, tweets and likes, but also the brand of your computer, length of your phone calls and information about which websites you visit. These data traces can be put out there by yourself as well as by other people.

How do we share data? In some cases you actively share data – for example when you share photos on Facebook, book a flight ticket online or contribute to a wiki. Other people can also actively share data about you, by tagging you in pictures, mentioning you in tweets or simply by communicating with you. In other cases, you give away data without necessarily realising it, or consenting to it.

Your browsing habits and IP address are shared when you visit a website by means of "cookies" and other tracking technologies, which are active in the background. These technologies are embedded in the websites you visit, and the information shared is collected for a wide range of purposes, from website analytics to advertising. Your mobile phone apps also collect data on you without your active knowledge or consent – for example, the photos you take usually have location data embedded in them. These tracking technologies enable web services to identify and follow you as you move from one service to another - from your internet browser to the IM (instant messaging) app in our smartphone, from downloading e-books in your readers to publishing pictures from the latest protest you covered.

What is data? Data can be broken into three parts: content, metadata and noise. Content is the content of your messages, blogs, tweets and phone calls; it is your pictures and videos. Metadata is data about data, information that is needed for the technological infrastructure to work. Metadata enables your email to be delivered, files on your computer to be found and mobile communication to work. Metadata can include your email address, phone number, location, time and date when a message was sent or stored. Noise is the data that is created by either the manufacturing process or by the workings of the technological infrastructure. For example, every camera has an SD card to record and store pictures. Every SD card has unique scratches that were created by the machines producing the SD cards. These scratches make small changes to the data that are not visible to the eye but can be recognised by computers.

Who collects data?

You might wonder about the importance of one picture, one message, or one call. You might think there is so much data out there that nobody knows what to do with it, or cares that much about it.

However, there are in reality a number of parties interested in this data - including companies, governments and individuals - and data collection and data analysis is by now very sophisticated. The data traces you leave behind online are constantly being collected, analysed and sorted by various parties to create profiles on you; and every time a new piece of data is collected, it can be identified and added to your profile. These profiles are ever-expanding, and give those who create them or who have access to them an immense insight into who you are.

Data is collected by these companies, governments and individuals for a variety of purposes. Profiles can be bought and sold; data can be used to control, suppress or silence; it can be used to create harassment strategies.

Data can be used to gain insight into who you are, what you do, where you have been and with whom you have been interacting. This information can then be used to make predictions on what you might do or where you might be in future. For example, if someone knows that you are an outspoken blogger on gender issues in country x, they know that you will probably be present at a conference on blogging and women held in that country.

Anyone could potentially have access to your digital shadow – including communications service providers, law enforcement agencies and commercial companies, as well as groups and individuals running their own servers.

You can't know exactly what is happening to our digital shadow, and that itself is a problem. Fortunately, there are many tools and tactics you can use to manage your digital shadows and to limit their ramifications in terms of profiling, control and surveillance. This will be discussed in the rest of this section.

Exploring

To move towards getting some control over your digital shadow, a good place to start is to see what it looks like (as far as is possible)

  • Trace My Shadowhttps://myshadow.org/trace-my-shadow – is a tool launched by Tactical Tech that allows you to see what traces you are leaving online, and it offers a lot of tips on how to protect your privacy.
  • Identifying and materialising social networks across your online and physical activities: John Fass, researcher and designer at the Royal College of Art, offers some activities for visualising your social networks and browser history ' [insert link].'
  • A tool called OpenPaths.cc allows you to see through the eyes of your mobile phone. Read the Terms of Service carefully and explore if you can change the access settings in your phone. On an iPhone you can change the permissions for each app under its privacy setting. LINK??

Controlling

The good news is that you can partly control what content and metadata you give away. When you publish content on the web, it is always a good idea to ask yourself if what you are posting is public or personal and who could have access to it. Even if the information is connected to a public event and not to your personal life, the names you mention or the images you upload may contribute to a picture about who you are, what you are doing, where you are doing it and so on. This could be used by people who wish to target you.

This does not mean that you should silence yourself – by taking some basic measures, you can limit your risks by increasing the level of the effort that would be required to attack you or your contacts.

  • When giving personal information to a web service, it’s best to use HTTPS so that the communication channel is secure (see the section on security measures for more on this).
  • Using Tor will hide specific metadata like your IP address, thereby increasing your anonymity online.
  • Use strong and different passwords for each web service you use - if not, someone that intercepts your password could use it to access your other accounts.
  • When sharing personal details about your life, you can use private profiles that can only be accessed by selected contacts. When using those on commercial social media, you should be aware of the regular changes to the privacy policies of that platform. There have been cases where privacy settings have been changed, exposing pictures, content and conversations of private groups.
  • When writing or posting images about public events on the web, you should ask yourself if the information you spread about single individuals, places and other details could be used to identify and/or attack someone. It is always a good idea to ask for permission to write about individuals and perhaps also to discuss shared agreements about posting information on public events.
  • You can prevent the tracking and collection of metadata through your browser by installing add-ons like Privacy Badger or Adblock Plus, as well as by monitoring your privacy settings and deleting cookies on a regular basis.
  • When registering a device or software such as Microsoft Office, Libre Office, Adobe Acrobat and others, not using your real name can help prevent the metadata created when using this device or software from being connected to you. You can also switch off the GPS tracker in your phone or camera.
  • Some file types contain more metadata than others, so when publishing contents online you can change files from ones that contain a lot of metadata (such as .doc and .jpeg) to ones that don’t (such as .txt and .png), or you can use plain text.
  • For editing or removing metada from PDF files, Windows or MAC OS users can use programs such as Adobe Acrobat XI Pro (for which a trial version is available). GNU/Linux users can use PDF MOD, a free and open source tool. However, it doesn’t remove the creation or modification timestamp, and it also doesn’t remove the information about the type of device used to create the PDF.

Self-Doxing

Doxing describes tracing or gathering information about someone using sources that are freely available on the internet and constitute a type of social engineering technique. This method depends on the ability of the attacker to recognise valuable information about their target, and to use this information for their own ends. Doxing is premised on the idea that the more you know about your target, the easier it will be to find their flaws. "Self-doxing" ourselves can help us to make informed decisions about what we share online, and how. Of course, these same instruments can also be used to learn more about someone we have met online before we give them our full trust.

Methods used for doxing include exploring archives, images, phone directories and other publicly available information; querying common search engines like Google or DuckDuckGo (https://duckduckgo.com); looking for a person's profile in specific services; searching for information in public forums and mailing lists. But it can also simply consist in looking up the public information on the owner of a website, through a simple "whois search" (see the section on "Creating a site of one’s own"). Before we start exploring these web services and looking for our digital self, a good idea is to use anonymisation tools like Torbrowser. Useful tips on self-doxing tools and techniques can be found here:

Mapping our social domains

As security expert Bruce Schneier explains, “Security is a chain, and a single weak link can break the entire system”. Everyone belongs to several social domains - your work or advocacy networks, your family networks, friends, and sports teams. Some networks may feel more secure than others. For example, you may tend to have a more secure communication practices for your work or advocacy activities, but less secure practices for interacting with friends on a social networking platform.

If you use a single identity in all your domains, or if you always use your real name online, it becomes easier to gather information about you and to identify your vulnerabilities. For example, if you reveal in a social networking platform that you like a particular kind of game, an attacker who wants to investigate your work or advocacy activities might trick you into downloading a game which is infected with spyware.

This is only possible, however, if your work identity and your gaming profile can be connected to the same person; and this is why separating your social domains can be useful. More on how to do this will be addressed later on, when we talk about identity management.

To separate your social domains, it's helpful to first map them out and identify which ones could expose you most. You can do this by thinking about your different activities and networks, and reflecting how sensitive each of these is in order to better separate the domains that are sensitive from those that are not.

For instance, Polish computer security researcher Joanna Rutkowska has developed a Linux distribution based on the concept of “security by isolation” called Qubes OS. In this system, each social domain is isolated in a separate virtual machine. The three basic domains Rutkowska identifies for herself are:

  • The work domain, including her work email, work PGP keys, reports, slides, papers, etc. She also has a less-trusted “work-pub” domain for things like accepting LinkedIn invites or downloading pictures for her presentations.
  • The personal domain includes personal email and calendar, holiday photos, videos, etc. She adds to this with a special domain called “very-personal”, which she uses for the encrypted communication with her partner.
  • The red domain includes the totally untrusted areas which don’t require her to provide any sensitive information.

You can find more details about her scheme here: http://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html

Deleting identities

If you decide to separate your social domains by creating multiple identities, you should decide whether to delete or keep the identity or identities that you already have. To do this, you can start by investigating the traces of your existing identity or identities. (For methods and tools for following your own digital traces, see "Exploring your digital shadow" and "Self-Doxing"). If you opt for deleting existing accounts, you can visit the following places:

Separating identities online

Once you have identified your different social domains and the digital activities and contacts that go with them, what you need to do is decide if you want to differentiate your identities accordingly, or if you'd rather stick to your official name and true face for each of them.

You may want to keep your work connected to your legal or "real" identity, or think that your activism should be anonymous, but these are decisions that need to be thought about carefully. For example, a journalist who finds it convenient to use her real identity for her writing may decide to stay in contact with her personal domain through a nickname, so that nobody can connect the two spheres together.

On the other hand, if an activist decides that she wants to use a pseudonym for her online activities, she should consider that she will be showing her face in all her connected activities in the real world, such as speaking at conferences or participating in demonstrations. Her online pseudonym will therefore be linked to her face; but her face could also be linked to her real name on social media, and her online activism identity unmasked.

In assessing which identity to use in a given context, it's helpful to consider for each specific context the following questions:

  • Would my job, livelihood or safety be at risk if my real identity were known?
  • Would my mental health or stability be affected if my participation in X were known?
  • Would my family or other loved ones be harmed in any way if my real identity became known?
  • Am I able and willing to maintain separate identities safely?

Once you have assessed our risk, you can then consider different strategies for separating your identities online. For more on assessing risk visit: https://ssd.eff.org/en/module/introduction-threat-modeling

Strategies for maintaining separate identities can range from full transparency to full anonymity.

"Real" names

Author Kate Harding (http://kateharding.net/2007/04/14/on-being-a-no-name-blogger-using-her-real-name) talks about her decision to start writing under her real name, dismissing the recommendations that are generally given to bloggers to follow practices like “writing under a pseudonym, making that pseudonym male or gender-neutral if you’re one of them lady bloggers... masking one’s personal information, being circumspect about publishing identifying details, and not writing anything that might inflame the crazies”. Instead of putting responsibility on women, Harding says, problems of harassment should be handled by society as a whole, including men. However, she also acknowledges that the decision is a dangerous one.

Anonymity

On anonymity, Vani, a human rights activist, writes: “I am a regular social network user. I voice my opinions on a range of topics. But I remain faceless and nameless”.

Anonymity may be a good choice in settings where you don't need to gain other people's trust, when there are few or no people you can trust, or when you don't want to expose others in your life to risks. When you are researching or participating in message boards about health issues, or when sharing sensitive information for instance, you may wish to set up a one-time account, using a pseudonym, to comment on a blog or news site, or a one-time email account or chat session to discuss sensitive information with others.

But total anonymity can be difficult to maintain and also be dangerous in some countries, where it can signal to the state police that the author thinks they are doing something wrong. This strategy can also be lonely as anonymity can further isolates you, as a blogger underlines: “Can you have a network to protect you and also be anonymous at the same time? Would visibility be a better strategy for you?”

When you adopt anonymity as a strategy you may use pseudonyms, but these should not be used across different networks or social domains, and some may only be used once and then discarded. Because of this, anonymity differs from "persistent pseudonymity". For more information on how to be anonymous online, see the security recommendations at the beginning of this manual and Anonymizing tools in Step0 in the wiki.

Persistent Pseudonymity

Persistent pseudonymity involves a fictitious name consistently over a period of time. In the age of the internet, a pseudonym may also be referred to as a "nickname" or "handle", though the latter can also be tied to a person's legal identity. There are [reasons why individuals may wish to use a name other than the one they were born with]. They may be concerned about threats to their lives or livelihoods, or they may risk political or economic retribution. They may wish to prevent harassment and discrimination or they may use a name that’s easier to pronounce or spell in a given culture.

A pseudonym can be name-shaped (e.g., "Jane Doe") or not. At time of writing, some websites - including Facebook - require that users use their "authentic identity" applying a real name policy which typically means using your legal name or the name by which you are commonly known. This policy has caused many users to lose their Facebook accounts. If we choose to use a pseudonym on social networks, it is important to understand that we can be reported for using a "fake name" and having one's account deleted. A strategy for avoiding that is using a name-shaped pseudonym.

Persistent pseudonymity also offers visibility, which allows to network with others, and by pinning your voice to a particular name you can develop an online reputation. This depends on others to decide whether you are worthy of trust, and is therefore a crucial aspect in trust-based online communities. Reputation can be developed by consistently using a nickname or pseudonym that can either be connected to your legal identity, or not. The choice to connect your online reputation to your "real" name should be taken individually, according to needs and context.

It is also possible to maintain multiple pseudonyms (and reputations) for different purposes. For example, a person involved in the gaming community and LGBTQI rights activism may wish to maintain separate identities for each purpose, and can build trust within each community separately doing so.

Collective Identity

Another way to be anonymous is through collective participation. General Ludd, Captain Swing, the Guerrilla Girls, Luther Blissett, Anonymous - for centuries groups and like-minded people have participated anonymously in historic protest movements, or have created ground-breaking and provoking artworks or pranks under a collective pseudonym. Besides hiding the identities of the individuals involved, these collective personas have shrouded their feats in an aura of myth and almost magical power. Anonymity through collective identity can translate in a number of things, from a private group or mailing list that puts out collective statements, to a shared Twitter account. While the same security concerns apply, working from behind a collective identity means having the power of the crowd behind you, and can be a good option if you don't wish to reveal your identity.

Comparing strategies

Whatever choice you make, what is important is that you keep your domains effectively separated. No matter how many domains you identify in your digital life, and how many corresponding identities you create, on the internet every identity - even the one bearing your real or legal name - becomes a “virtual” persona and should be managed carefully.

The pros and cons of the various identity options:

Risk Reputation Effort
Real Name "+" "+" "-"
Total Anonymity "-" "-" "+"
Consistent Pseudonimity "-" "+" "+"
Collective Identity "-" "+" "+"


Real name

  • Risk: Using your "real world" identity online means you are easily identifiable by family members, colleagues, and others, and your activities can be linked back to your identity.
  • Reputation: Others can easily identify you, thus gaining reputation and trust is easier.
  • Effort: It requires little effort.

Total anonymity

  • Risk: It can be beneficial at times, but also be very difficult to maintain. Choose this option carefully.
  • Reputation: There are few opportunities to network with others thus to gain trust and reputation.
  • Effort: Intensive as it requires contacts caution. It might also require the use of anonymisation tools (for example Tor or TAILS)

Persistent pseudonymity

  • Risk: Pseudonyms could be linked to your real world identity.
  • Reputation: A persistent pseudonym that others can use to identify you across platforms is a good way to gain reputation and trust.
  • Effort: Maintenance requires some effort, particularly if you are also using your real name elsewhere.

Collective Identity

  • Risk: Possible exposure of your real world identity.
  • Reputation: While not a way to gain individual reputation, you can still benefit from the reputation of the collective.
  • Effort: Although secure communications are still important, it requires less effort than total anonymity.

Creating a new online identity

"Once something is on the internet it will stay on the internet, as the internet does not forget". You may think that deleting certain sensitive data from social networks and web services may be enough to protect yourself, but metadata cannot be deleted as easily. And using just one identity through your whole life - in all your work and personal domains - creates a bulk of information that makes it easier to profile you.

One option to avoid this is to leave an old identity behind and create a new one, or several new ones for each of your social domains. You might also choose to use your real identity in some areas, and your new alternative identities in others.

  • When you create a new identity, you should select the contacts for each one carefully, and avoid sharing contacts with other identities you use for different activities. This effectively creates separate social domains, with separate accounts, mail addresses, browser profiles, apps, and possibly even devices.
  • Your various identities should not linked to each other, or to your real identity. Remember that some of these connections can be tenuous as for example when signing up for a new pseudonymous Gmail account using your real phone number.
  • Disposable extra identities can be useful, as they can be discarded easily if compromised.
  • Disposable extra identities can be created for new acquaintances when appropriate as introductory profiles to get to know somebody before you include them in your more trusted network.

To learn more about how to separate different identities into separate profiles, read the section on “Managing multiple online identities”.

What’s in a name ?

On the internet, platforms that have "real name" policies tend to base this judgment on an individual's legal name, rather than allowing them to identify as they choose. This can be problematic, not only for individuals trying to remain anonymous, but also for transgender individuals, individuals with mononyms, and others.

Because of such restrictions, it can be beneficial to select a "name-shaped" name when choosing a pseudonym. If you want to use commercial social networking platforms, it is better to use a credible name and surname rather than more imaginative ones. Many companies will require that you use both a first name and surname, or a name that doesn't contain any slang terms or profanities.

Once you have decided on a name, a surname, and a username for your virtual persona, you should do thorough research - perhaps also using doxing tools and techniques (see the section on Self-Doxing) - to find out if someone else is already using that name. After all, if you wish to develop your own reputation, you don’t want to be confused with someone else, especially if they don’t share your views of the world!

Then you need to create a story for this virtual persona because if it comes with a story it makes it a lot easier to maintain the role. You can invent a new story if you feel particularly inspired or base your story on a “known” person’s story, a superhero, a fictional character from your favourite novel, or adopt a “collective identity” like Anonymous/Anonymiss or the Guerrilla Girls. In any case when you create an identity you should conceive a whole virtual persona, an avatar that needs to be nurtured and developed in order to become credible.

This page offers some helpful tips for inventing a new identity: http://anonymissexpress.tumblr.com/post/117939311235/you-may-have-noticed

Credible persona

A virtual persona or identity can't be just a name with a mail address and a series of web accounts. If you keep all your normal identifying traits - such as your gender, job, attitude or the way you write - it might be possible for someone to connect the dots and connect your pseudonymous personas with your real identity.

  • Work: Your persona should have a job that is different from yours, but not so different that you don’t know anything about that field: for example, they shouldn’t be a surgeon if you don’t know anything about anatomy!
  • Skills and interests: Similar considerations should be made to select your persona's skills and the main topics they focus on and write about.
  • Linguistic fingerprint: This could be identified through a "stylometric analysis" that makes it possible to identify the author of a particular text. To change this, you can start by using a spell-checker in your word processor to check for consistent typos and you could also think about adopting a different writing attitude. You could adopt one simple rule for each persona, making them shout by only using capital letters, or be a low-talker with a lower-case style, or very excitable, with a lot of exclamation marks.
  • Psychological attitude: A good rule of thumb is to give your persona depth by creating some "weak spots" - but choosing them carefully so that, if the weak spot is attacked, you are able to weather the strikes and even have some fun in the process.

In any case, you should always remember that on the internet, each one of your identities - even the one connected to your real name - is a “virtual” identity, and it is always better to decide what character traits you want to expose in each of them. Creating a somewhat fictional character can be a good idea even for your “real” online identity.

More about how to create a rounded character for your identities here: https://lilithlela.cyberguerrilla.org/?page_id=94049

Managing several identities

Once you have created several personas, it's important to keep them separate in both your physical and digital lives. While keeping notes on your identities might help ensure that you remember your story, there are technical measures you can take to make sure that your profiles stay separate.

A good start is to create different browser profiles, mailboxes and social media accounts for each of your identities. A good method is to always use different apps for each account/identity and, if possible, to separate your identities per device or operating system (see 6. A different machine for each identity). To create multiple profiles with Firefox, visit: https://developer.mozilla.org/en-US/docs/Mozilla/Multiple_Firefox_Profiles. For Google Chrome, visit: https://support.google.com/chrome/answer/2364824 When creating a new mailbox, it is always a good idea to connect to the server’s website with Torbrowser and, if a contact email address is required, to think about using a disposable email address instead.

Disposable email addresses

For some activities and social domains you need to manage rounded personas, in order to gain a strong reputation and trust from other members of the community. In some cases, however, all you need is a disposable email address that you only need to use for opening an account in an untrusted platform.

Even if you decide to have just one identity online, using disposable email addresses prevents sites from building up a history of your activities and ensures that if that account gets compromised you can simply delete it and create a new one, keeping your digital life intact.

  • Using existing disposable email addresses: BugMeNot(http://bugmenot.com) allows people to share their email logins and passwords created for platforms with free registration, for anyone to use.
  • Tools to generate personal details: Fakena.me' (https://fakena.me) is a privacy-oriented '"fake name generator" that provides everything for you - from a credible name, birth date and (US-based) address, to a user name and password and a link to the connected guerrillamail mailbox. Another similar service, called Instant Internet Decoy (https://decoys.me) creates convincing but entirely fictional people who have birthdays, locations in several countries, families and even answers to common security questions.

Another option is to create a mail alias - a different email address that is connected to your main mailbox. The advantages of this approach are that this email account will not expire, and if it gets compromised you can just dispose of it and create a new one. But of course if the alias receives a lot of spam, it will fill your main mailbox.

While not every mail service allows users to create mail aliases, this service is offered to every mail user of Riseup (https://we.riseup.net) and Autistici/Inventati (https://www.autistici.org).

Commercial social platforms

Whatever social networking platform you decide to use, you should always read its terms of service to check if they suit your purposes. To get a summary of the terms of service of many social networking platforms (and other web services), go to the website Terms of Service; Didn’t Read (https://tosdr.org).

When creating an account for a new persona on a social networking platform, use the browser profile you have created for that persona. Make sure to check the privacy settings so that you know what you are making public, who can see what you post, who can contact you, who can look you up and what your contacts can do (can they tag you in pictures? can they write on your "wall"?)

Also be very careful about the profile information you provide, as well as the profile picture and cover photo you use, as these are generally publicly available to anyone who looks for you in that social network, regardless of your privacy settings.

Make sure your contacts do not overlap with your other identities, and your different identities don't "follow" one another. It is particularly not a good idea to follow your pseudonymous personas with your real identity. If someone is looking to unmask one of these personas, the first thing they will look for is who the account follows, and who follows the account. For the same reason, we should avoid reposting posts or other content published by one account with another account.

Most social networking platforms will display your location where they can. This function is generally provided when you interact with the platform using a GPS-enabled phone, but the network your computer is connected to may also provide location data. It's always a good idea to double-check your settings - particularly on photo and video sharing sites.

If you access social networking platforms via mobile apps, it is better to use a different app for each separate account, so as not to post something to the wrong account by mistake. There are several apps which can be used to manage your social networking platforms - it is, however, a good idea to use a different one for each identity, to reduce the risk of giving away your real identity.

Another trick to hide your trails is to publish from your various accounts at different times of the day. Some social networking platforms, like Facebook, allow users to schedule the publication time of their posts. To learn how to do this, read:

It can be a good idea to follow, from your pseudonymous profiles, other people who might reasonably be considered the real owners of that profile. To further distance your real identity from your pseudonymous identities, you can also write (and hashtag on Twitter) posts under your pseudonymous profiles about events that you are not attending, especially if they are taking place far away from you. It can also be fun to publish and then delete posts that look like you have exposed your identity, so as to further confuse anyone who may try to unmask you.

Alternative social platforms

Mainstream commercial social networking platforms like Facebook or Twitter can be extremely useful if your aim is to publicise as widely as possible an event you are organizing or a project you are launching.

However, if you're using one of these platforms it is important to be aware that:

  • these platforms have very strict terms of service that could justify their decision to close your accounts if they find that your contents go against their rules (for more, read: http://www.aljazeera.com/indepth/opinion/2013/05/20135175216204375.html).
  • users of these platforms are profiled, and information is sold to advertisers. If you add to this the ever-changing terms of service and the interactions with other apps and features that make it very difficult to understand clearly what actually happens to your data, the best solution is to limit the use of commercial social networking platforms to specific projects you want to publicise to a wide audience.

There are also alternatives available - social networking platforms that give much more freedom to their users and don't profile them.

  • There are alternatives that are community-based, distributed rather than centralized, based on free and open-source software and privacy-friendly. Among these, Diaspora (https://joindiaspora.com), Friendica (https://friendica.com), N-1 (https://n-1.cc/) and Crabgrass (https://we.riseup.net) are especially worth mentioning.
  • Other similar sites may be popular in different regions, so you may wish to explore other options.

Before choosing to use a social networking platform, you should ask:

  • Does it provide connection over SSL (like HTTPS) for all uses of the site, rather than just during login? Are there any problems related to encryption (e.g. related to encryption certificates)?
  • According to the platform's End User Licence Agreement, Privacy Policy and/or Data Use Policy, how is your content and personal data treated? With whom are they shared?
  • What privacy options are provided for users? For example, can you choose to share your videos securely with a small number of individuals, or are they all public by default?
  • Is the geographical location of the servers known? Under which territorial jurisdiction do they fall? Where is the company registered? How does this information relate to the privacy and security of your activity and information?

Creating a blog or website

Creating a blog can be as easy as signing up to a blogging platform and choosing a name and a "theme" or visual template. There are several blogging platforms that are both user-friendly and free, including the open-source Wordpress (Wordpress.com). Based on the same software, but with some tweaks for additional user privacy, are two security-oriented platforms that are managed by autonomous servers: Autistici/Inventati’s (A/I) Noblogs (http://noblogs.org) and Nadir’s BlackBlogs – (http://blackblogs.org). To create a blog on either of these platforms, all that is needed is to have an email account hosted on an autonomous server (see https://www.autistici.org/en/links.html and https://blackblogs.org/policy respectively for a complete list).

If you want a complex graphic layout or need to install particular tools that are not offered by Wordpress and its plugins, you can create your own website. For this you need to get some space in a server through a webhosting service. There are many services out there, but since they generally aren’t free, the options to stay completely anonymous are reduced to creating a website with A/I, which by default does not connect the users of its services with real identities. To learn more about Autistici/Inventati’s webhosting service, visit: https://www.autistici.org/en/services/website.html

If you want to use your own domain name, bypassing payments and identifications may get difficult unless you use Bitcoin or another anonymous payment system. The personal data you will provide will not only be stored in the registrar’s internal archives, but by default will also be recorded in a database that can be easily queried by anybody through a simple command in a search engine (whois) or on several websites such as Gandi.net (https://www.gandi.net/whois). To avoid this, you can register your domain with the data of an association and use a prepaid credit card that is not connected to your own data (if available in your country). Alternatively, you can use a registrar like Gandi.net (https://www.gandi.net) that offers private domain registration for individuals whenever possible.

A different machine for each identity

There are three approaches to digital security: the first one is security by obscurity, which is based on encryption, strong passwords and similar measures and acts as a first line of defence, as a deterrent that will discourage random attacks but is not likely to stop someone who is directly targeting you; then there is security by correctness, whereby software developers try to get rid of bugs that make their code vulnerable. But modern software is very complex, and it is almost impossible to do this job perfectly. Therefore, one of the most realistic approaches is security by isolation, which gives for granted that security measures can be vulnerable and focuses on harm reduction by stopping possible attackers from accessing the whole system that needs to be secured.

If you use the same operating system for your several identities, no matter how carefully you separate your profiles you can still make a human mistake by, for example, connecting to a pseudonymous account through the browser profile you have assigned to your "real" identity, or get infected by a malware that allows your attacker to monitor everything you do online, with all your identities. Both risks can be limited by using a virtual machine for each of your domains, and by reserving yet another virtual machine to opening untrusted attachments in order to avoid a malware infection.

As the name suggests, a virtual machine (VM) is basically a simulated computer with its own operating system, which runs as software on your physical computer. You can think of a VM as a computer within a computer. Installing and running a virtual machine is not very complicated, and there is very good documentation around. For your purposes of anonymisation, the best available option is to install Virtualbox, an open-source, cross-platform virtual machine monitor (https://www.virtualbox.org). Using Virtualbox, you can create a virtual machine, and then run an operating system on it called Whonix.

Whonix

Whonix (https://www.whonix.org) is an operating system that aims at protecting your anonymity, privacy and security by helping you to use your applications anonymously. A web browser, IRC client, word processor and more come pre-configured with security in mind. Whonix is a complete operating system designed to be used in a virtual machine. It is also free software, based on Tor, Debian GNU/Linux and security by isolation. Whonix’s website offers a wide documentation: https://www.whonix.org/wiki/Documentation

Tails

Tails, or The Amnesic Incognito Live System, is a free and open-source Linux distribution that can be started on almost any computer from a DVD, USB stick, or SD card and forces all its outgoing connections to go through Tor, blocking direct, non-anonymous connections. When you launch Tails, you have a complete operating system that comes with several built-in applications pre-configured with security in mind: web browser, instant messaging client, email client, office suite, image and sound editor, etc. With Tails, you can access the internet, communicate, and do all you need anonymously and securely and, after the computer is shut down, the system will leave no traces on the machine unless you ask it to do so.

Qubes OS

Qubes OS (https://www.qubes-os.org) is a free and open-source security-oriented operating system based on Fedora, a GNU/Linux distribution, and Xen, a virtual machine monitor that allows us to separate the various parts of our digital life into securely isolated virtual machines. Qubes keeps the things you do on your computer securely isolated in these different VMs so that if one virtual machine gets compromised, the other won’t be affected. This way, you can do everything on a single physical computer without having to worry that one successful cyberattack harms your whole system, potentially revealing all the connections among your several identities.

What to choose

The three tools we have described – Tails, Whonix and Qubes OS – allow you to use a completely separate operating system for managing your alternate identities, and can be quite useful to make sure that you don’t reveal your true identity while you use the anonymous one(s).

Using Tails is pretty easy, and if what you need to do with your alternate persona needs a focus on anonymisation, then it may be worthwhile to overcome the initial obstacle of installing it in a USB stick and launching it. Tails is a good option also if we have few resources, if we don’t have a computer of our own, or if we often use computers at internet cafes and want to be safer. But if on the other hand we need persistence and we want to keep some files or actions we have created, we need to enable this option when we start the system. Tails is an established, respected project that has been developed for many years and is used by a wide community of people.

If what you need is both anonymity and security by isolation and you have a good machine where you can run Virtualbox (https://www.whonix.org/wiki/System_Requirements), installing Whonix seems a good solution that caters to all your needs and also offers an excellent documentation: https://www.whonix.org/wiki/Documentation. Nevertheless, Whonix, like Qubes Os, is a relatively recent project and the community using it is still rather small.

Qubes OS is a good choice if you want to keep all your activities inside your own computer without having to install anything else and if what you are trying to do is to effectively separate your identities rather than anonymise your activities in the web. It requires a very powerful computer – http://qubes-os.org/trac/wiki/SystemRequirements – and this can be a hindrance, but if you feel that you really need to protect yourself against possible cyberattacks, the investment may be worth its while.

To sum up, none of these tools protect you from every threat, and you shouldn’t look at them as a magic potion that will make you invulnerable. Nevertheless, by using any of them, according to your needs and resources, you will raise the level of effort that an attacker will need to harm you, thus making an attack less likely. For a wider comparison among these and other systems, go to: https://www.whonix.org/wiki/Comparison_with_Others



Chapter 2: Safe spaces

What are Safe Spaces?

Safe spaces can be understood as spaces that are created though explicit community agreement, or through implicit sharing of values. They enable members of a group to flourish, empower themselves and create community. Safe environment for discussion and awareness raising have played a key role since the women's liberation movement in the 60s. Still nowadays, safe spaces strategies enable different groups at risk such as survivors of sexual abuse, harassment and violence to feel safe and secure, catch up and develop their skills, heal and reclaim their dignity. There are many shared logics underpinning the creation of safe spaces online so that women, trans* and other groups can communicate and exchange in a nurturing and welcoming environment, as there are variations of the safe space logic in the development of events, activities, meetings in the physical world for enabling more women and trans to access and learn about technologies related fields without having to fear sexist language and attitudes or being mansplained meanwhile learning.

Safe space strategies have been used in many different contexts in recent times too. In Tahrir Square in Egypt, Operation Anti Sexual Harassment (OpAntiSH) was set up to react to an unsafe environment and as a way to protect women and/or confront harassers and support survivors of sexual abuse and harassment. In Kenya, the women-only Umoja village was created for women survivors of rape and sexual assaults, as a place where they could feel safe and secure, raise their kids, earn a living collectively, heal and reclaim their dignity. During the USA Occupy movements many women, queer and trans* persons did not feel safe to camp in the squares and parks. Some resorted to women-only tents, or women of colour-only affinity groups while others, mostly transwomen, opted for an online presence as putting their bodies on the line was deemed too dangerous.

Safe Space Online?

The internet is experienced by many as a safe space for resisting the gender oppression that they encounter in their everyday life. Fereshteh Nouraie-Simone talks about the internet as Wings of Freedom for Iranian women. Scholar Saskia Sassen argues that the internet allows women and trans* persons to be involved in new forms of contestations, build global community and potentially transform conditions on the ground. However, at the same time many women and trans* people experience severe forms of violence and silencing online. There are countless stories now of women and trans* people facing harassment, threats and smear campaigns by anyone from a misogynist or transphobic reader of their blog to a state-sponsored attacker trying to hinder their advocacy work. See Take Back the Tech for an up-to-date list of reports.

Morever, we might assume that online communities such as the ones we take part in through social media, email discussion lists, phones and Internet Relay Chat (IRC) channels are inherently democratic, horizontal, participatory and relatively safe. This is not true. Online spaces often reproduce hierarchies, privileges and power relations that exist in society. We need to be mindful of this and to think through ways to mitigate and limit these downsides to get the best out of our spaces. Using such strategies is about caring for ourselves and for the communities we are part of. Making these issues explicit and visible is also about agency, social justice and feminism, and it will help better shape the spaces we care about, we organize in and in which we grow.

This step aims to provide concrete suggestions on how to create safe spaces online and offline. It is divided into three core parts. First, a set of tools will be highlighted to move forward with starting to build safe spaces for us and our collectives/organizations through online communication such as mailing lists, pads, Internet Relay Chat (IRC), etc. Second, it will focus on strategies of resistance in public spaces which are not inherently safe, such as Twitter and Wikipedia. Finally it will loop back to the offline and discuss ways to build safe spaces offline such as through women and trans* only spaces to learn and Do-it-Together.

How to set up a Safe Space Mailing list

Mailing lists are one of the oldest forms of social networks. They allow you to discuss, organise, share information, exchange video, audio and pictures. The below section will help you in the steps to setting up a safe space mailing list.

Choosing a mailing list

You have decided that you need a communication channel for your collective and you do not want to use corporate services. There are in fact many alternative services to choose from that are recommended for use by human rights defenders. They are free but they still prioritise security and user privacy. For example: Riseup, Aktivix or Autistici/Inventati (A/I Collective).

Riseup is a tech collective which provides secure communication tools for people working on liberatory social change. They have many feminist and queer oriented lists and therefore are a great collective to host your mailing list. To see some of the existing public mailing lists go to: https://lists.riseup.net/www/ .

Other tech collectives also offer mailing-lists and email addresses. Autistici/Inventati (A/I Collective) and Aktivix are two other great examples, and the former also offers a dedicated newsletter service for groups that want to send regular news to a high number of recipients. To read about their services visit: http://www.autistici.org/en/services/lists.html and/or https://lists.aktivix.org/mailman/listinfo

Open or closed list?

Once you are ready to create your mailing list you need to decide whether it will be an open or closed list. An open list allows anyone to subscribe and participate in the discussion. A closed list is limited to the subscribed email addresses that will have been approved by you or your collective. In deciding what is best, check if choosing to keep a list open to new subscriptions automatically implies that the archives of the list are available to anyone on the web and will eventually end up on search engines (such as Google). In some cases, the archives of a closed list are only accessible to those who have the subscription password while the archives of a closed list can be accessed by everybody. In other cases, as A/I's platform (which is unfortunately much more complex to use) you can choose whether you keep the archives public or not independently of your choice to keep your list open to new subscriptions. If you intend to talk about sensitive issues (talking about feminism is often a sensitive issue!) or if trust within the group is important for creating your safe space, you might want to set up a closed list and to keep your archives closed. If you do choose to leave your archives accessible, it is important to inform everyone subscribed to the list that any delicate topic or personal detail that pops up in your discussions will be potentially visible to anybody.

Publicizing your list or keeping it secret?

A list becomes really public when it is advertised to the world and anyone can request subscription. For example the mailing list run by FemTechNet. But a list mustn't be necessarily publicized and can be run on a need-to-know basis. In other words, you can choose not to advertise your list publicly and to keep it invitation-only. You could have for instance a publicized list which is closed i.e. a list that people know about (literally everyone!), but which requires approval as mentioned above.

Who should I invite?

Once you have your list set up, start inviting people you know to your mailing list. If friends are suggesting to add more people to the list, ask them to explain to the list the reasons why such and such person should be added. If you get a green light from your collective, add this person to your mailing list. Working through the web of trust is a good practice to follow when setting up a mailing list. Also, make sure you have a discussion on who can be part of this list. If you set up a feminist list, who can be part of this list? Do you for instance allow feminist men to be part of the list? If so, will you be setting up a policy for your list on the acceptable behavior? (See below for how to set up a policy) These are important questions that you need to discuss with your group. But don’t be too harsh on yourself and your group and know that you can always revisit these decisions if at some point you and your collective feel you want to change your collective mailing list agreement.

Who will administer the list?

Administering the list involves handling subscriptions and moderating content. One person can be responsible for doing it but if your list suddenly becomes very chatty, this might be too demanding for just one person to do. You can also choose to have more than one administrator of the list. A list can even be collectively managed. As a case in point, the Spoon Collective, a discussion list active in the 90s, adopted a strategy of central collective "ownership". Everyone on the list had administration rights and so the responsibility of managing the list could be shared amongst members. This is a strategy that can be best used when you are part of a close collective. It also requires trust that all members will care enough to manage it collectively.

Before trying to figure out what best suits you, you should think about internet access and expectations from list members. Depending on where you are located, some people on the list might not have regular access to the internet and this needs to be factored in when taking the decision. Some tensions will inevitably arise from the collective administering process and therefore you and your collective need to think carefully about the ways in which you will handle these tensions. Are we ready to wait for a few days to have new members added to the list? If each message needs admin approval, are we ready to accept waiting for the message to be approved for a few days, a week, more? Since administering a list is a great way to learn, is it only those who are tech savvy that might manage it or should we rather allow for learning to happen? If your expectations are clear, the possibility for tensions and conflicts to emerge will be minimized.

Mailing list policies

Agreeing on a mailing list policy from the start will save you a lot of time and difficult conversations. Publishing your policy and the ways in which to report violations of the policy, even if it is a closed list, might be helpful in creating the online safe space you want everyone to enjoy. The policy can provide guidelines for everyone using the list, on how to behave. It can address tensions like the fact that expression of emotion is an important feminist principle, but losing your temper and attacking someone you don't agree with on the list is not ok.

Having a visible and explicit policy will send a strong signal of the value of creating a safe space on a mailing list. The geekfeminism wiki is a great example of a women-only policy for online communities (http://geekfeminism.wikia.com/wiki/Statement_of_purpose/Women-only_communities). They also have a similar policy or agreement for online communities that includes men: http://geekfeminism.wikia.com/wiki/Statement_of_purpose:_communities_including_men Check them out and adapt them to your needs, beliefs and desires.

To make sure that the policy does not get forgotten, you can regularly remind the subscribers. The Ada Initiative (https://adainitiative.org/) mailing list, for example, adds a link to each email sent on the list. Below is what you see:

Policies for behavior on this list: http://geekfeminism.wikia.com/wiki/Statement_of_purpose/Women-only_communities http://sf.adacamp.org/attendee-information/policies/#ahp Contact Adacamp-alumni-owner@lists.adainitiative.org to report violations Please avoid gendered assumptions and language about the list as a whole (eg "XX", "ovaries", "ladies") To unsubscribe, go to: http://lists.adainitiative.org/listinfo.cgi/adacamp-alumni-adainitiative.org

Encrypting mailing lists

If you want a high level of security, there is the possibility of encrypting mailing lists. However, it is important to understand that this requires every participants to the list to already use PGP (Pretty Good Privacy)/GPG. This type of list, based on a software named Schleuder and developed by the German Tech Collective Nadir.org, is designed to serve as a tool for group communication, but this time with a strong emphasis on security. Schleuder list is a GPG-enabled mailing list and the list takes care of all de- and encryption among others. If you and your group feel you are able to install software in a server or can ask help from your community and you are all ready to use an encrypted mailing list, visit: http://schleuder2.nadir.org/

What is an etherpad?

Pads are a great way to collaborate in real-time on documents. They are a good alternative to corporate services like Google Docs and more effective for co-editing text than mailing back and forth. The main thing you need to look for in a pad is that it is hosted with an encrypted connection via SSL. A list of such pads can be found here.

When you create a pad you decide on the name of the URL. Just like with creating passwords, you should make it long and inventive. For example: https://pad.riseup.net/p/feminists is not secure. You want to use a more complicated URL such as https://pad.riseup.net/p/FeministsRockAndTheyWillBeDoingGreatThingsToghether. Once the pad is created you can send the URL to your friends and colleagues to start collaborating on a document. Remember whoever has the URL can access the pad, so don't share it in public spaces.

Pads allow you to choose to be anonymous, use a moniker or use your real name. There is a colour-based system that differentiates the contributions of each participants on the pad, so being anonymous will not bring too much confusion while writing. If are worried about your pad being found by others, you might consider a password protected pad. For this check out: https://www.protectedtext.com/

What is Internet Relay Chat (IRC)?

IRC is a chat service, which can be hosted on different servers, and accessed from through different user clients. It provides the ability to set up channels or chatrooms where many people can discuss and gives you the option to encrypt your communication. You can’t embed video, audio or pictures, but you can link to them.

IRC can be used to facilitate collaboration in addition to decision-making processes. If you are thinking about starting a new project, are launching a campaign or just want to have a space for your group to ask each other questions, you can consider using IRC. IRC allows for real-time collaboration as long as you all have easy access to the Internet and can arrange your schedules to be available at the same time. If your group has individuals working from different timezones or from places where power outages regularly occur or some of you regularly get pulled away to look after kids or parents, a mailing list might be better for reaching decisions collectively.

IRC can take a little time to get used depending on the skills in your group. Regardless of your skills, developing relationships across a purely text-based channel such as IRC can be challenging. Try to be sensitive to how language can be interpreted and different styles of communication that exist between different people. You can always think of ways to overcome this challenge with your group. For example structuring introductions when you first start out, sharing links to articles, chatting about random news in your country or trying to develop a shared language.

Setting up IRC

There are several ways to chat through an IRC network. The easiest way to start out is to use a web browser application such as those provided by Indymedia or Freenode. You can instantly create a nickname and a channel which you can give to your colleagues to connect with you.

Using a web application is however not the most secure option so if you are a more advanced user, or have already tested IRC out and think it will work for you, it is recommended you access your chosen IRC network from a client. There is advice and instructions on how to access an IRC network this way, provided by Freenode, Autistici and Indymedia. The last two also allow us to anonymise our connections through Tor.

There are several clients which you can choose from. For example Xchat for GNULinux and Windows and XChat Aqua/Azure for Mac OS, and many more. For more information on IRC chat clients, look at the Prism-Break web platform, a site that has been developed after the Snowden revelations which supports you to opt out of mass surveillance programs.

Basic rules of engagement

Once you start your meeting it is useful to appoint a facilitator that will keep track of time and topics to be discussed and who might ask participants to re-focus if the discussion goes off track. When you start a conversation take time to say hi and greet people. It is particularly important to talk to newcomers. If a group of you know each other over IRC, you might have a tendency to chat to one another and/or give more importance to what your friends say. In order to create a welcoming environment and a safe space, acknowledging and valuing the voice of everyone will be key on IRC.

While continuing the discussion, let's remind ourselves that writing is not easy for everyone and/or that many might not be using their mother tongue. IRC can also go very fast, particularly if you are many in the discussion, so allowing everyone to slow down and let people read all the inputs can help to facilitate an empowering discussion. You might for instance decide that people should be given turns to speak in order to ensure that everyone has space to express themselves. You can simply assign turns in alphabetical order of nicknames (or any order you want to give) for each of the points addressed. This can help structure the conversation and stop one or a small group of people dominating the conversation. It can also be useful to end your conversation with “over” or “finish” or "done" so everyone knows when you have stopped speaking and because IRC meetings can be tiring, you can set a time limit beforehand. Whichever methods you choose to use, make them visible and explicit beforehand, in the email where you will be inviting people for the IRC meeting for example.

Tools for managing projects and groups: wikis, forums and Crabgrass

Chat services and mailing lists will only take you so far. When it comes to managing collaboration between people living in different places, you will probably find yourself looking for something with more functionality.

One of the oldest tools used for public discussions online is internet forums, where discussions can be hosted over time and are at least temporarily archived. What really distinguishes a forum from a mailing list or IRC chat is that it has a tree-like structure and can contain a number of sub discussions, each with a different topic.

If you are looking for a tool to collaboratively write a text with many sections or even to create the initial structure and content for a website, a wiki can be useful. This is a web application that allows for hierarchical structuring of content and tracks the edits and additions of the users, easily allowing you to revert changes, move around and delete content.

Both forums and wikis need to be installed in a web space, so will require the expertise of a website manager. However you will find these tools, together with many others, in one of the most versatile platforms for managing groups and collective projects, Crabgrass. Crabgrass is hosted by the autonomous server Riseup, we.riseup.net, the tech collective providing tools for activists, already mentioned above.

Crabgrass provides a secure HTTPS connection and encrypted data storage, and users and groups are free to choose which information they reveal about themselves. The offered tools include functionality for personal messaging, public or private forums, wikis, task lists, decision-making tools, and a system for uploading and managing images, audio, and documents. It is also possible to set up a customized public homepage where your group can publish your event calendar, blog posts, and other content. For more about how to use Crabgrass, read this how-to in Tactical Tech's Security in-a-box

Finally you can visit the alternative social networks section in this manual if you want to use social networking platforms other than the dominant ones.

Strategies for creating safe spaces in the public sphere

There are ways to counter the vulnerability and intimidation we might feel online. This can be achieved by caring for our personal and collective safety, through using security and privacy enabling tools and techniques. This can also be achieved by resistance. Organising online collective actions can be a very powerful exercise to resist what can be an unsafe environment. They can also bring attention and visibility to certain issues and in turn help bring about transformation. Using feminist counterspeech, storming Wikipedia collectively and swarming together can all be important acts that have an impact for you and your group at the discursive (written), psychological and material levels. And they are fun too! Mostly because they are creative, bring about individual and collective agency and the feeling that you are not alone.

Feminist Counterspeech

Feminist counterspeech has been used as a response to making sexism visible online, as a response to online attacks and harrassment, among others. Other forms of resistance include organized public shaming, advocacy and lobbying for public policies, etc. Feminist counterspeech can be an effective tactic to trigger a new narrative online, create a sense of belonging and make visible the effectiveness of collective feminist actions online. Feminist counterspeech is a form of discursive resistance that allows you to call out misogyny and sexism online and makes visible both weak and strong feminist networks online. There are many examples of these which you have probably seen and appreciated. For example the #yesallwomen hashtag which was created as a response to the #notallmen hashtag on Twitter and was used to document women's stories of harassment and abuse. Or the rapid and distributed sharing and uploading of the artist Rupi Kuar's photo showing menstrual blood, in response to the image-sharing tool Instagram censoring it.

Wikipedia?

Feminists have criticised the way in which knowledge is produced, made and constructed on Wikipedia. The fact that Wikipedia’s contributors are mostly male (about 10% are women though this can vary between countries) in their twenties and thirties and disproportionately Western are important factors that influence content. Women who have played a significant role in history are often missing from Wikipedia and, at times, feminist, queer and trans content are not always easily accepted on the online encyclopedia. A notable example relates to an entry about Chelsea Manning, the United States Army soldier who was convicted in July 2013 of violations of the USA Espionage Act after releasing the largest set of classified documents to WikiLeaks. When Manning formally announced her gender transition, the English Wikipedia entry under her name was quickly amended to reflect this change. A week after intense discussions regarding this amendment took place, where a majority of Wikipedians disregarded experts on transgendered issues, the article was reverted back to Bradley Manning. The article has since then returned to Chelsea Manning (at least in the English language).

Wikistorming

Storming Wikipedia or organising an Edit-a-thon is a tactic to respond to the lack of women, feminist, queer and trans* content on Wikipedia. These empower participants to learn collectively how to edit Wikipedia and to change content to better reflect their communities and histories. Learning to edit Wikipedia can seem daunting so collectively editing and creating pages about trans*, women and queers is a great way to confront fears, add feminist, queer and trans content on the online encyclopedia and Do-It-With-Others (DIWO) in a safe space.

How to organise a Wikistorming

There are always great reasons to organise a wikistorming on any day! However, if you are looking for broader impact and be connected to others such gatherings often happen on these two days: Ada Lovelace Day in mid-October and March 8 International Women's Day. Once you have decided on a date, gather a group of friends and friends of friends who want to learn or already know how to edit Wikipedia and identify a safe space where to hold the event. It can be held in someone’s home, in a community centre, at an art centre or at a community organisation. Make sure you find a place that is accessible and ideally that already has a feminist base. Wikistorming may last for a day or half a day. Before the wikistorming or as part of it, decide which Wikipedia entries you want create or which existing page you want to edit. Be realistic in your goals and don't put too many edits on your plate! To edit Wikipedia carefully it takes time. If you want to organise a wikistorming visit: http://femtechnet.newschool.edu/wikistorming/

Installing Bots Against Trolls And Swarming Together

If you use Twitter, 4chan or any online forums where comments are allowed, you might have noticed that they tend to not be very safe spaces. Kathy Siera says there is a “koolaid point” for women and queers who start to gather a following and be listened online. At this point, a certain group of people may decide that you have too much influence, and make it their mission to silence you or discredit you. We have seen this in numerous high profile cases but also in constant reports from women and queer writers, activists and organisers.This is called trolling.

What is a troll?

A troll was once just a mountain-dwelling monster in kids stories. Then a troll became the word for early internet users who intentionally sowed discord on IRC and chat forums, often targeting and singling out new users. But now the word is used more broadly to describe people who target and harass others online. This can include anything from constant derogatory and belittling messages to edited images and even threats. Most often the subjects of this kind of abuse are marginalised groups like women, queers and people of colour. In recent years there have been more and more cases of people speaking out about how they are harassed.

How should you deal with trolls?

There are two key ways you can deal with trolls: one is to block them and report them to the platform you are using or to engage with them. This decision depends on what you want to achieve. Blocking them can definitely work and you can continue with your work unimpeded. A project like “Block Together” was developed to help people who are harassed share their blocklists with each other. Historically platforms like Twitter and Facebook have not handled reports of intimidation and violence very well. However this is changing, as they recognise how severe this problem is and how it deters people with important voices from using their services. When blocking doesn't help is when users are really committed to trolling and create numerous different profiles (called “sock puppet accounts”) to continue the harassment. Then your blocking has to keep up with their new account generation and it becomes tedious. You might consider the alternative of engaging trolls. There are a few tactics for engaging trolls. One is to try and enter into rational arguments with them and interrogate their views. Another way is to try to shame them or use humour to deflate them.

Effective engagement with trolls can actually help to generate a debate and public interest around the act of harassment and involve others online in talking about safe spaces, violence, sexism and online behaviour. It can also be a source of empowerment for the subjects of trolling: seeing others laugh at your harasser can be very uplifting.

Swarming

The method of swarming can be used to drown out harassers. This can be done in retro style by creating communities of support with your allies in social media spaces where you are likely to encounter harassment. When someone is being targeted, others can quickly be alerted and bombard the harasser with messages. The content of that message is up to you: it could be scolding, educational, or loving. Another option is: instead of directing messages towards the harasser, the swarm can fill the victim's content stream in order to quickly make the negative, violent content disappear into online history.

Do I have to use my own account?

If you want to engage with trolls, and even if you consider using the “swarming” method, you might prefer to stay anonymous to avoid having your real identity trolled. Setting up a network of second accounts to do your troll-response work can be a good idea for your organisation or your community of friends. It might be easier too, psychologically, to say some of the things you want to trolls, than you would when it is linked to your main identity. And it is more performative: you can create any kind of identity you want and style it with an avatar, a funny name, a character etc. (see "Creating a new online identity" and the following chapters in Step 1).

Automation

While battling the trolls in the old-fashioned human way can be fun and eye-opening, it can also be a time waster. Another option to consider is automation. For this you need someone who can do some coding to start from scratch or work with freely available code someone already uploaded on Github.

What's a bot?

A bot is a software application that runs an automated task over the internet. Bots perfom tasks at a greater velocity than humans can. There are many different breeds of bots: for example the spambot which harvests email addresses and contact information or the attention bot which fakes clicks on Youtube videos to make them look more popular than they actually are. They can post content, gather information and click on things. Twitter is filled with bots which use algorithms to harvest information and tweet. Many of these are humorous and random: like @twoheadlines which randomly grabs news headlines and combines them to create funny combinations. The below steps address Twitter mainly. However some of these ideas can be used across other platforms too.

How can a bot battle a troll?

A bot can be programed to document trolls' activities or talk to them, so that you don't have to. There are a few ways of doing this: the autotweet bot and a silent data-gathering bot in combination with the talking bot(s). The examples below speak specifically about what is possible on Twitter. However the ideas could be applied to other platforms.

1. The data-gathering bot

The data-gathering bot quietly scans Twitter gathering tweets, usernames and any other available information you program it to, and places this in a .csv file for you to analyse or use for further purposes outlined below. This first kind of bot can be useful just for understanding what kind of content is out there and maybe doing a first stage analysis of abuse.

2. The simple tweeting bot

If you follow the #gamergate hashtag on Twitter, you will see a bot called @everyethics which tweets different humorous reasons for the #gamergate trolling, ridiculing of the claim that Gamergate was not about attacking women in gaming but about “ethics in game journalism”. While this bot could be seen as spam, it was actually clearly a strategy to undermine and make fun of the trolls.

3. The retweet bot

The retweet bot is programmed to scan the Twitter API for a list of words, phrases or hashtags defined by you, and to retweet those. This would be a strategy to document and publicise Twitter abuse. Here's an example of such a bot you can download and install.

4. The autotweet bot

The “autotweet” bot is similar except that every time it finds a tweet with one of the words, phrases or hashtags you have programmed it to look for, it will tweet a prewritten tweet to that user. There are a number of examples of this in Twitter history: @stealthmountain which corrects any Twitter user who spells “sneak peek” wrong. These bots get shut down much quicker now as was shown by @fembot which responded to racists and sexist tweets that it spotted and was blocked after making only 75 tweets. Unfortunately Twitter does not make it so easy to do this anymore.

5. The tweeting bot in combination with the data-gathering bot

You can use a data-gathering bot to find the users tweeting violent things, compile them in a spreadsheet for you to read over and check for accuracy and remove any false positives. Alongside the data-gathering bot, you can have a talking bot or a team of talking bots which can tweet whatever you decide is useful information, to those users.

Things to watch out for

1. Language is slippery

If you want to tackle violence against women online, you will have to be very careful about what kind of language you search for. For example, every time someone uses the word “bitch” on Twitter to intimidate or harass a woman, there are probably at least five other people using it to tell their friend how much they love them or talk about the latest celebrity affair. The best way to figure out which language is used to harm women is to crowdsource it from people who have been harassed and then do a number of tests, pulling tweets from the Twitter API and then analysing it yourself.

2. Twitter is smart (and strict)

Twitter is not against bots and if you just want to create a bot that scans information from Twitter for you to analyse, or a bot that just tweets out to no one in particular, you will not encounter any problems. However if you want to tweet @ other Twitter users, you have to take into account Twitter's policy against spam. See Twitter's guide to Automation Rules and Best Practices.

Evading Twitter's spam filters

There are a few things to keep in mind when trying to bypass Twitter's spam filters:

1. Safety in numbers The more bots you have to distribute the work amongst, the more successful you will be. The group Peng! Collective did such an action in 2015 which they called “Zero Trollerance”. They ran a silent data-gathering bot to identify trolls through a long list of keyword combinations, hashtags and phrases. They then ran 160 bots which tweeted at the database of 3000 trolls, sending them new messages daily for an entire week. They were for the most part able to avoid being blocked by Twitter or users because they had so many bots and they rotated the tweeting across the bots.

2. Rate Limit

Twitter monitors each account's activity and has a “rate limit” that limits your number of tweets, to ensure that no one floods the content stream. This is also the way that they figure out which accounts might be spambots. If the frequency of tweeting looks like it doesn't come from a human, Twitter will block the account. If you try to tweet the same tweet, many times right after each other, you will receive a message telling you that your tweet looks like spam and that Twitter is blocking you in order to protect their users. At the time of writing, tests were done with tweeting 15 times with 8 minute intervals and this passed under the radar.

3. Content

If you are tweeting the exact same tweet over and over again, this is also a red flag to Twitter's spam filters. How to avoid this is to pad every tweet with a random word from a readable language that is not the same as the language you are tweeting in. The easiest way to do this is a compile a long list of these words, and program your script to draw from this list randomly for every tweet.

4. Location of the tweets

Use a VPN which gives you a new IP address every time you reconnect to fool Twitter into thinking that the accounts are being managed from different locations. To learn more about what a VPN is, read "Anonymising your connections" in Step 0.

How to set up a Twitter account to be used as a bot

You still need to write the script for you or to configure a script already created by someone else and downloaded from Github, or to find someone else to do this for you. But what is easy to do and what even volunteers might like to do is to help you set up all the Twitter accounts so that they can be easily controlled by the script.

1. Create a new account as you would normally and make sure to give it a photo, follow some people and do some tweeting (recently registered, faceless accounts with 0 followers will get blocked very quickly). 2. In order to function as a bot the account needs to be verified with a valid phone number. To do this you can use your own phone number, volunteers numbers or buy a bulk of cheap sim cards. Don't use the same phone number for numerous accounts – again this will be a quick sign to Twitter that the account is dodgy. 3. Now you need to register an application with the Twitter API which will allow your bot to make “calls” to the API, i.e. retrieve or send data. Go to apps and create a new application. You can provide any dummy content in the fields there and then you can set your permissions to “read and write” and generate the keys you will need.

More on these steps and some simple bots to download and test out at Cyber Guerilla.

Dos and dont's supporting people subject to online violence

When you or your friends are under attack online there are a few steps to follow to support you or them.

Try to be quick in bringing support. But remember that knowing what to do and how to do it in such situation needs a lot of practice to become good at it. But as a general rule, you should tell yourself that gender-based violence and harassment online is unacceptable. This should be your main message if you don't have a lot of practice in dealing with such phenomenon.

If you are close to the person under attack offer immediate assistance. In the event of doxing, where confidential info has been released on the internet about the person, you might want to offer a safe space (a home) if the person does not feel safe to stay where she/they lives.

If you do not know (well) the person, you can speak out. Since collective actions are often more effective than individual actions, make sure you gather a group of friends, and friends of friends, for a Twitter storming for instance. Make visible the issue! This will show to the person under attack that you and others care and that such acts are not OK.

Depending on the nature and context of the attack, you might want to speak out to the media and highlight the gendered nature of online attacks. Using the media to bring light to a situation can be an important way to bring about visibility to such issue. As a best practice, though, we recommend that you consult the persons under attack before speaking to the mainstream media. If you do not know her/them, go through the web of trust. Also, we recommend you to contact a friendly and/or feminist media or journalist. Prior to doing so, we recommend that you form a group of people in opposition to such violence, draft a press release and explain what gender-based violence and harassment online are and why they exist. This will bring visibility to the issue and concentrate less on the person who has been or who is under attack. Thinking about the harm and added stress that the person can go through if she is made visible in the mainstream media is a feminist issue that you should carefully assess.

If you are part of an organisation or network you can write a solidarity statement that explicitly says you condemn online gender-based violence and harassment online. If it's a person from your organisation who has been under attack, make sure she/they read the solidarity statement before it is being released. The person will feel that her team mates care and respect her/their wishes. It will also allow the person to have agency over what is written. What is even better is to have an organisational policy on what to do when someone is under attack. If you have a policy and specific steps to follow when such situation occurs, chances are you will do less harm and be more effective in your strategy.

As an ally, that is someone who wants to support a disadvantaged group but is not part of that group (e.g. men are allies when it comes to women's rights issues), you ought to speak out and say “NO” to online harassment and violence. Speaking out ought to happen in the public spaces. This is very important. Do it all the time that you witness online violence! Otherwise, the culture of impunity to online harassment will continue.

What are some of the current platforms which document online violence?

Documenting instances of online violence and harassment is key to showing the extent of the problem and is very powerful as it makes visible the structural aspect of violence in societies. A few initiatives have started to document this process. We highlight a few examples below.

APC's Take back the Tech has collected more than 500 stories of women who have experienced violence online. These stories were collected using the open source platform called Ushahidi. The data visualisation can be see here: https://www.takebackthetech.net/mapit/ . The overall results of those who have participated in this exercise show that women between 18 and 30 who are using Facebook are most likely to be under online threat. To read about the story visit: http://www.genderit.org/articles/mapping-strategy-disclose-online-violence-against-women

HarassMap was born as a response to the persistent problem of sexual harassment on the streets of Egypt. Since the crowdsourcing platform based on Ushahidi is anonymous, Harassmap allows to document instances of sexual harassment whether you are the victim or a witness (http://harassmap.org/en/). To read about the effectiveness of crowdsourced data visit: http://harassmap.org/en/wp-content/uploads/2013/03/Towards-A-Safer-City_full-report_EN-.pdf [PDF]. Similar to HarrassMap is Hollaback, an initiative that aims at stopping street harassment using technology all over the world (http://www.ihollaback.org/).

HeartMob is a platform that aims at providing real-time support to individuals experiencing online harassment and empowers bystanders to act. This platform is being built and you should stay abreast of its development. It is an initiative of Hollaback. Visit their Kickstarter project to know more about the initiative: https://www.kickstarter.com/projects/4096561/heartmob/description

Building our safe spaces offline

All the ideas about creating and maintaining safe spaces detailed so far can of course also be applied offline when you think about bringing women and trans* persons together to network, learn and collaborate. In the case of security and privacy training, you also need to consider how your participants might learn skills to protect themselves when the topics themselves can very easily be frightening or overwhelming.

Ideas have arisen in women and trans* tech conferences and skills workshops as how best to build safe spaces. Groups such as Flossie.org, Fossbox, Autonomous Tech Fetish (ATF), and Eclectic Tech Carnival (ETC) have each used a different set of principles to build safe spaces and are thus good examples to explore to highlight some of the differences, how to facilitate discussion about them, and how to arrive at a shared idea of an appropriate space for women and trans* persons to engage with tech.

Every group has to work out their own idea of an appropriate space for their participants. Once you have arrived at a shared ideal, it's time to look at the practicalities of implementing these ideas in material, offline, spaces. This will include thinking about how much formality you want, what kind of formalities, how you will accommodate diversity, how you will facilitate participation for all the participants both in terms of your practical arrangements and in the way you formalise the social space.

How do you create a safe space?

The difficulties in defining what a "safe space" should look like are inherent in the fact that you are bringing a diversity of people together, who might be considered to be part of the same community but all have different histories, contexts and needs. What one person might find politically, socially or personally threatening, might mean very little to another. And everyone will of course also come with different experiences and levels of knowledge and skills in technology.

We need to remind ourselves then that whenever we create a space, even a safe space, it will never be experienced in the same way by the people involved. It is important to be aware that, in struggling to perfect a feminist safe space, one always runs the risk of creating, instead, yet another form of social control and pressure to conform to a particular image of what a woman or trans* identified person is.

So, overall, the most important thing to remember is that everyone is different, with their own set of experiences, history, context and needs. There is always risk and vulnerability in opening yourself to new experiences. The more diverse the environment, the more emotional risk we open ourselves to as ideas and ways of being may be fundamentally challenged. So we are not aiming for the avoidance of any kind of conflict or emotional risk but, instead, to provide buffers, understanding, reciprocation, support, love, and care for each other and for our shared endeavour. We must take every possible step to ensure that practical needs are met (protecting anonymity, respecting diversity, dealing with harassment, providing appropriate living space, etc.), and focus on collaboration, facilitation and mediation.

Women and trans* only?

This question can be one of the most divisive as it will often touch on people's strongly held sense of their political, personal, sexual and social identities. It can raise up issues of sexual orientation and gender identity as well as mobilising all kinds of other loyalties. Some will prefer a women and trans* only environment, some will feel that this opens up an opportunity for external attacks on the whole project by adversarial forces, whilst some will feel that cis-men friends and colleagues will be unfairly excluded and resentful. Discussion can sometimes divide along lines of sexual orientation or of feminist conviction - or just between women who regularly work alongside cis-men in the tech industry and women who would like to learn tech but find learning alongside cis-men challenging. These divisions will also never be clearly defined - individuals don't take neat "sides" as they probably have multiple modes of identification.

If you need to have a debate about this, some things to consider are:

  • Think about boundaries for the debate -- agreed framework, rules of engagement? How do we define "woman" and "trans*"? How do we define "safe"?
  • Who do we want to include or influence, specifically women and trans* or also potential sympathisers?
  • What is the balance of positions on feminism present in the group, is there a prevalent "flow" of opinion?
  • How important versus how contentious? Is it worth alienating some people from the group? How can we frame the debate to avoid alienating people who don't agree with the decision?
  • How will the decision affect the actual experience of people within the space?
  • Do we have all the skills we need to deliver this project among our networks or will we need specific additional skills? Where will we get them?
  • How will the space be formalised to promote equal participation, especially if cis-men are included?

Take your time to decide these questions. It's probably a good idea to record them somewhere so they can be referred to in future. If you use chat channels (IRC, pads, etc.) you can probably take a log of the discussion. If not, some form of minutes will be useful. You can then use this record as a basis for any formal codes of conduct or policies you want to draft later and to avoid getting stuck in endless arguments by having something clear to refer back to and for new participants to catch up.

What are you trying to do?

For some groups, discussion and reflection is a key activity which renders the whole group activity meaningful. For others, discussion is a source of vexation and obstruction from practical objectives. Again, this is a somewhat false divide as everyone needs to reflect and everyone needs to be practical. Nevertheless, there may be important differences in emphasis and these may be based on what you are actually trying to do. It's all too easy to become engrossed in politics and to neglect to make sure there's enough discussion on the specific aims of the project itself and on the experience of diverse participants.

Building offline spaces is easiest and most successful when you're clear about what you're trying to do and how you plan to go about it. Being clear about what you're trying to do can also shift debate through less painful channels and provide very clear, practical arguments for specific choices, making the discussion feel less emotive.

The first thing which must be considered is exactly what the event is intended to achieve. Women and trans* and tech events can probably be categorised something like this (again, this abstract division may not reflect the 'messiness' of practical activism):

  • Advocacy: How do we change the culture of tech sectors to be more amenable for women and trans* persons, and/or let the world know that they are great at tech, and/or get more women involved?
  • Skills: How can we learn to do xyz?
  • Support, networking and boundary-crossing: What does it mean to be a woman or trans* person in tech? How can women from different places or sectors come together to spark off new ideas and practices? How can we support each other as women and trans* persons in tech?

We can see right away how these different types of event might develop different gender policies even if the same group of people were organising them. For example, it's difficult advocating change in the male culture of tech sectors if you haven't invited cis-men to hear what you want to say - but you might prefer to discuss *how* to do this in a women and trans*-only environment first. Or are you advocating engagement with technology to women and trans* and mainly want free, frank and mutually supportive discussion or skills-sharing? In this case, a women and trans* environment suggests itself.

With skills workshops, there is research to suggest that women and trans* persons learn tech skills best with each other so these workshops have a very clear and communicable reason for being exclusive. But you may still hear cis-men allies grumbling that they also wanted to learn that skill and it isn't fair. So, in that case, we can either explain the benefits of exclusive learning environments and recommend that a cis-man step forward to run an open workshop, or we might consider compromising with women and trans*-only as facilitators but inviting open participation. Another possibility is to run an event twice, once for women and trans* participants and once for open participation. As a side-effect, this can help others to experience the safe space methodology and change their own practice.

It's also important to remember that building offline spaces is resource- and labour-intensive and often many compromises have to be made. It may be a good idea to try to identify as early as possible which values are shared, important, and relevant to the event so that you can constantly remember to prioritise those and de-prioritise less important or potentially divisive issues.

Choosing a format that fits

Once you have settled the basic questions about what your event is *for* and who you want to invite, it's time to think about the format you will use for your event. There are many different ways of organising different kinds of spaces, the following is just an outline of a few of those most popular with FLOSS communities.

  • Temporary Autonomous Zone: An alternative to traditional models of revolution, the T.A.Z is an uprising that creates free, ephemeral enclaves of autonomy in the here-and-now. [| Beautiful Trouble]
  • Un-Conference: creating a space that helps people make connections, share knowledge, collaborate and create brainchildren. To take part, attendees are encouraged to give a presentation, create a discussion, or even chair a debate [| Lanyrd on running an unconference] and [| Open Space]. Pros: relatively egalitarian (watch out for tyranny of structurelessness) and relatively easy to organise (no messing about with programmes, scheduling and advanced prep). Cons: can be extremely intimidating and therefore exclusionary towards less experienced or skilled participants and stressful if you need to organise tech or other resources for specific activities in advance.
  • Workshop: transferring skills or knowledge in an interactive session - there are thousands upon thousands of workshop methodologies, so selecting a workshop format is very much about being clear about what you want to achieve. Workshops are a good format for building skills or for maker and design activities.
  • Hacklab/Hackerspace/Makerspace: Hacklabs, hackerspaces and [| makerspaces] are community spaces with hardware and/or tools - great for people to "get their hands dirty", you can mess about with anything from taking computers apart to installing Linux to making music with bananas or even building a WWII PoW radio out of razorblades and copper wire! To learn more about hacklabs and hackerspaces, read Maxigas' article "Hacklabs and Hackerspaces: Shared Machine Workshops", in: http://www.coredem.info/IMG/pdf/pass11_an-2.pdf [PDF]
  • Sprint: A sprint is a get-together of people involved in a project to further a focused development of some aspect of the project such as working on sections of code, writing manuals or books, etc. These are effective at getting a lot done quickly for code and manuals (less so for other forms of writing) but very exhausting and emotionally demanding - make sure you keep food and drink coming! To read more about sprints, visit: [| Wikipedia on sprints] and | Flossmanuals Booksprints].
  • Hackathon: with their motto "programming till someone drops from exhaustion", hack events can also mix different groups like NGOs with hackers to come up with new approaches to building tech for that group. To learn more about hackatons, read: [| Global Voices on how to run a hackathon].
  • Seminar: bringing together small groups for recurring meetings focusing on a particular subject, in which everyone present actively participates, or offering information or training on specific topics. Pros: structured activity supports women with less experience or confidence, planning for tech/resource support is easier, people know what to expect. Cons: can be overly structured and lacking spontaneity for more experience participants , more 'carnivalised' or 'top-down', more organisational effort in advance. Read [| the page of Wikipedia on Seminars].

Your choice of format is going to be about:

  • what you're trying to do - ask yourself which format will support this activity best
  • participants' needs, existing skills, experience and preferences
  • practical considerations - what physical spaces are available, what will they allow you to do, what resources do you have, etc.?
  • Your organisational resources - how much can you take on?

Choice of workshop or seminar format is obvious for skills sharing, but it can get more difficult to decide for advocacy and networking events. Advocacy events can be some of the most challenging as it's easy to spend the entire day "re-inventing the wheel" with people who are new to the questions. If you have participants from diverse backgrounds in your advocacy event, it's probably best to go with a more structured format. Unconferencing and hacking works best with activists or experienced practitioners who are used to a high level of self-determination and with a shared understanding of implied rules and structures. Having said that, it can work well to try more open formats anyway, but be prepared for some skilled facilitating to make it safe and fun for less experienced participants as well as the more experienced.

It's perfectly fine to mix and match approaches to suit what you're trying to do and whom you're doing it with - so go ahead and experiment.

Codes of conduct

It's important, especially in mixed environments, to think about what's acceptable behaviour in the space and what isn't. In order for this to have any practical effect, you also have to think about what you'll do if individuals breach this - or when things go wrong generally.

You can find plenty of information and example policies on the [| Geek Feminism Conference anti-harassment/Adoption page]

Make sure your participants understand your policy and how that relates to their behaviour. It can be useful to make time in your schedule at the beginning of the event to share your policy, and reach consensus with the group on how to maintain a safe space over the days of the event.

Your policy should at the base be about preventing aggressive behaviour and not about trying to "police" how people identify, communicate or present themselves as long as this is not creating a serious threat to other participants. It's also worth remembering that people who are struggling in a culturally unfamiliar environment can become confrontational more easily than they usually would. There may be many reasons why a participant might be struggling to communicate positively at any given moment. It's key to remain calm and to provide a non-judgemental space for the expression of emotions like anger or frustration. We are different, let's celebrate it, even when it's difficult to do!

Respecting Privacy

  • Don't take or circulate sound, video or photos without permission - if anyone present faces significant external risk then don't take photos at all unless participants have given express permission and an opportunity to cover their identity.
  • If you wish to record the event, prepare formal consent forms telling people exactly what audio-visual records are being made and how they will be stored and used and ask for clear consent with a signature.
  • Don't share details of anyone's participation, speech or actions on social media without their express permission.
  • Refer to Infrastructure sections to understand how to set up secure networks.

Case Studies

In the following, two women-and-tech spaces will help illustrate what was covered until now in this section of the manual, which pertains to the aims, participants and context which influence format.

Eclectic Tech Carnival (ETC)

ETC was organised on an "unconference" model using a combination of university spaces, art centres and community centres. It is relatively well-funded and so is able to bring participants in from all over the world. It is located in a different city each time and organised by a group from that city in collaboration with the core ETC collective. It provides "full board" space for participants and also partners with additional arts events located in the host city.

ETC made the decision to be for women-only. Participants are culturally diverse but mostly from arts, academic, non-profit and related tech backgrounds. This means that they have a lot of experience in self-organising and thrive in a relatively unstructured environment. The code of conduct tends to be implicit rather than stated.

Eclectic Tech Carnival spawned [| Transhack 2014] and also Flossie.org. ETC and Transhack's relatively coherent culture has fostered the development of a strong focus on reflection and feminist practice. It has been an influential and much-loved space for more than a decade.

Flossie

Flossie runs a conference and also skills workshops and was based on the ETC format. It is intended to combine advocacy, boundary-crossing, support and skills-sharing bringing together women involved in digital arts with coders, artists, and makers. There are various problems with trying to bring the ETC format to the UK, which has an extremely marketised academic/arts/non-profit sector and is outside of the Schengen area, making it very difficult for non-EU participants to attend in person. Eventually, it was decided to do something a little different. There was a small amount of funding from Google which didn't cover "full board" and, in any case, it was impossible to find spaces such as the schools used in ETC in Austria in the marketised UK public sector. Videos were made and the links were available for women outside of EU to contribute. The whole event was not streamed publicly because of bandwidth problems at the university which hosted the event.

In the end the biggest difference came from involving more women from pure tech and engineering sectors. Flossie worked with Ubuntu Women and the Women's and Open Source Groups at the British Computer Society to involve women from purely technological backgrounds as well as digital artists, activists and makers in order to foster wider skills sharing and open up access to high-level computer skills for women. This was very popular but also opened out all kinds of communication difficulties as the groups had quite different cultures and backgrounds.

The first issue raised by this was that many of the students who joined the collective wanted a more structured environment as they didn't feel confident in self-organising and more experienced organisers also felt the unconference structure could be a problem given the diversity of backgrounds and interests. The second was that a reflective approach became more difficult. In the first year, a panel was held to consider how to go about building a positive representation of women in technology. This quickly became very dislocated and adversarial because, as the group began to realise, there were many different models of feminism and of technology between women who were primarily tech/engineering, academics, and women who were primarily activists or artists. It was decided that the group would focus on the basic value that all shared - supporting more women to make better use of open technology and to move from being consumers to being producers. The group had to deprioritise feminist reflection or debates about practice. This proved very effective in holding together these very different groups and building lasting networks with a positive and collaborative atmosphere.

What is a Feminist Hackerspace?

Building a feminist hackerspace is another way of creating a safe space offline for women in tech in addition to reach out to women activists and artists who might not be drawn to traditional hackerspaces.

But first what is a hackerspace? Hackerspaces are often volunteer-run spaces based on the concept of openness, where in theory anyone who is interested in learning about and playing with technology (software, hardware, etc.) can go. However, throughout the world women have remained underrepresented in these spaces despite the attempts to proposed remedial strategies in certain space, such as women-only hack nights and the adoption of codes of conduct. The women-only hack night particularly has been met with controversy in many spaces since it is deemed to go against the principle of openness.

Other reasons have been highlighted to explain the emergence of feminist hackerspaces such as the difficulties in recognizing and acknowledging privileges along the lines of gender, race, ethnicity and class in addition to the patriarchal behaviours that many women recognise as prevalent in hackerspaces. To change the aforementioned state of affair, feminist geeks, makers, artists and hackers have decided to start feminist hackerspaces. This shows that women are interested in technology, want to learn, improve their skills, look for a like-minded community and want to share their skills with others. And it is fun too!

Feminist hackerspaces are not all the same. They vary in form, shape and size. What seems to unite them though is a set of boundaries that they decide collectively (who can be a member, who can be a guest, what are the policies, etc.) and an explicit belief in feminist principles. Feminist hackerspaces provide a place to work on individual and collective projects in a supportive environment.

To know more about feminist hackerspaces you might want to visit the website of: the Mz Baltazar’s Laboratory in Vienna (http://www.mzbaltazarslaboratory.org/), The Mothership Hackermoms in Berkeley (http://mothership.hackermoms.org/), Double Union in San Francisco (https://www.doubleunion.org/) and FemHack in Montreal (http://foufem.wiki.orangeseeds.org/).

Which Criteria Do I Use to Assess Whether a Space is Safe or Not?

As a summary and check-list, you will find below the criteria (or rather questions) by which to assess whether a space is safe or not. These questions will be useful when you are assessing whether a space can be considered a safe space.

- What is the history of the space? Why was it decided to start this space and who started it? How many women are/were involved? Documenting yourself about a space is very important. Asking questions is always relevant.

- Who has left the space since the beginning and for which reasons? Is it mostly women who have left the space?

- Does the space has policies? If so, what kind? Go and read it.

- Are the policies regularly put in practice? Ask members in the space, particularly women.

- How do they welcome new comers? The first time you went to the space did you get a tour? Did people say hello? Were the people in the space friendly?

- Are there regular meetings (assemblies) that you can attend to raise issues of concerns, to suggest collective projects, to suggest the organisation of workshops, to discuss the space (its cleanliness, etc.), to present yourself, etc.?

- Is the language and vocabulary used on the website and in the space explicitly feminist? Read the website carefully, or go and see for yourself how the space looks like.

- Who can go in the space and under which condition? This should be made explicit on the website, otherwise ask.

- Do you know people who you trust in the space or do you know friends of friends? The web of trust can be very useful here.

- Is it an accessible space? In which part of town is it located? Are there bathrooms? What are the opening hours? Who has access to the keys of the space?

- How much does it cost to become a member? Is there a sliding scale policy?

No space is a perfect space, even a safe space is not perfect. But safe spaces should at least provide an environment and a set of boundaries to talk, meet, address and raise difficult issues, among others. If you feel the space has potential and you want to get involved, don't be shy!