Step 0
From Gender and Tech Resources
Revision as of 17:37, 25 May 2015 by Helen (Talk | contribs) (→Before you start: mapping your data and devices)
Contents
Before you start: mapping your data and devices
This section provides you with notions, methodologies and tools to take care of your data and devices and have those taking care of you. Data and devices management requires to reflect on their hosting and leaving qualities and in how we can configure those to not mess around with our well-being. This section It also explains how to engage into more secure communication practices when you get connected. All the following tips and tricks are pre-requisites to better understand how to manage identity on-line and creating safe spaces.
This section will cover mapping your data (What data do you produce and manage? Where is it data stored? Is it offline or online? Is it backed up? Where? How sensitive is it? ); Securing your data (How to create strong passwords); Anonymizing your connections (Why use privacy and anonymity tools? Which tools do I use and how do I use them? How can I engage with others online using safer communication channels?); and well being (How can I develop a relationship with my technology that is based in self care?)
Mapping your data
Before becoming a zen user and developer of technologies, and adopting better privacy and digital security practices, it's important to first know what you want to protect. One way of doing this is to map (using a table, map, drawing, etc) your production and management of data.
- What kind of data do you produce and or manage? With whom?
To begin mapping your data, first make a list of the data you create yourself. This can include personal and work-related documents, emails, images, videos, designs, tweets, blog posts, and so on. Then make a list of the data you manage or store, which is produced by others. This can encompass information given to you by your colleagues, friends, relatives to files you download from websites, repositories, p2p networks, etc. Finally, identify which type of data you share with others, for instance if you share a social media profile or email account with a family member, partner, or colleagues.
- Where is this data stored?
Which devices hold your data? -This can include your computer, external drives, and phone.
Which online platforms host your data? - This can include emails, social media accounts, etc. Also bear in mind that some applications enable syncing of data between your different devices, or between your devices and online platforms, and it's important to know where and when this is happening.
How do you organise your data? - Do you keep your personal/professional/activist data separate?
How sensitive is your data? - For each type of data you have listed in your data map, what would happen if this particular data suddenly disappeared? For instance, if your email account is closed down, if your computer or external hard drive is stolen or breaks down, if you accidentally erase a folder, etc?. - What would happen if this data were seen and copied by a third party?
Do the same mapping exercise for the data you hold on others.
Once you've answered thes questions, you'll be better able to make decisions about which data you want to regularly back up, and where these backups will be stored. You will also be better able to decide what to do with your data when traveling - What type of data do you need with you? What is too sensitive? What can you easily access online?
- How do you build trust in relation to your data and how you store it?
When doing so, ask yourself who has access to this device or media platform (your family, colleagues, friends, or servers administrators and you do not know ????
- Syncing (online/offline – apps permissions)
????
Securing our connections
Once we've mapped our data, the next step is making sure it's secure. Especially where your data is stored online, good passwords are crucial.
- Creating and using strong passwords *
Managing passwords is also a crucial part of maintaining our information online. Using the same password over and over again is risky, as are passwords that connect us to our identit(ies). If we are using different identities, the number of our passwords will increase accordingly. There is no way to remember so many secure passwords unless we have some mental magic powers that allow us to memorize dozens of long random strings of letters, numbers and symbols. Since a password is only as secure as the least secure service where it has been used, it is good practice to maintain separate passwords for each of our accounts. For more information on the importance of strong passwords and how to store them, read Security in a Box's chapter on passwords. h ttps://securityinabox.org/en/guide/passwords
To keep multiple secure passwords, you can use a password safe. KeePassX is a cross-platform free and open-source password manager that is very easy to use and creates files with passwords that can also be exported and used in other devices. It can generate random passwords and store them securely.
To learn how to use KeePassX, read this how-to: https://securityinabox.org/en/guide/keepass/windows
To learn how to use KeePassDroid, the correspondent tool for Android, read this how-to: https://securityinabox.org/en/guide/keepassdroid/android
But some passwords—like the one we use to decrypt our KeePassX file or lock our device—need to be easy to remember and strong at the same time. A good solution is to create passphrases that are formed by a random group of words that don’t make any sense together, separated by spaces. One way to do this is to use the Diceware techique (this requires six-sided dice and the Diceware word list: http://world.std.com/~reinhold/dicewarewordlist.pdf [PDF].
By rolling the dice five times, we will come up with a five-digit number that corresponds to a word on the Diceware word list; this word is the first word of our passphrase. If we repeat this at least six times, we can create a strong passphrase formed by six words that together make a strong, random passphrase. It can be memorized just as we did when we had to learn poems by heart at school and will be so long that it would take an average of 3500 years to crack it with brute force at a speed of one trillion guesses per second.
To learn more about the Diceware technique, read this article published by Micah Lee in The Intercept: https://firstlook.org/theintercept/2015/03/26/passphrases-can-memorize-attackers-cant-guess. To learn more about two-factor authentication and security questions, read EFF's "Creating Strong Passwords": https://ssd.eff.org/en/module/creating-strong-passwords