Difference between revisions of "Digital security training for women activists from the Balkans, Macedonia"

From Gender and Tech Resources

Line 197: Line 197:
 
}}
 
}}
 
{{Learning outcomes
 
{{Learning outcomes
|Feelings=Testimony “My first Digital Security Training as co-facilitator”, Berlin, February 2015 - lagartata
+
|Feelings=Read Storytelling https://gendersec.tacticaltech.org/wiki/index.php/Women_activists_from_the_Balkans,_Macedonia
 
+
March 2014 was my first encounter with Digital Security (DS). I was participant on a security training, implemented by Tactical Tech and Front line defenders, organized by Kaos GL in Ankara Turkey. For the first time I realized that encryption is actually something that we can all get and use. We had wonderful facilitators that amazed me with their knowledge and self-education. I got very motivated to learn more about securing my digital data, but also curious to locate and map all my insecure habits.
+
 
+
My next stop was the Gender and Technology Institute (GTI). One of the best institutes that I have ever been, where my brain was loaded with so much information that it was getting crazy. I took all those valuable connections, info and knowledge that I made, I embraced my motivation and enthusiasm about the issue and again I started from the beginning. I changed my mental scope and entered more deeply into the world of technologies. I started learning more about the devices that I am using and in the same time I was implementing more tools to secure my communication and data. My plan was to train myself until the point where I will feel competent enough to approach some of the wonderful people that I met on the GTI and offer my services to help spreading the word. Then unexpectedly I got an encrypted mail (:P) proposing me to join a facilitators team and do my first training as a co-facilitator.
+
 
+
First I got scared and wasn't sure if I knew enough, as I was still learning and it is a great responsibility talking about security. My brain started working like on the GTI, as an overdosed CPU, so in the same time I was assessing my knowledge and the lack of knowledge that I have, comparing it with the opportunity to share what I know and learn what I don't know from the ones that are more experienced than me.
+
 
+
I had the opportunity to share my modest knowledge but also be part of a DST team, so I realized that it is a great challenge that I can't miss. So I accepted the offer. I realized that the panic that was rushing through my veins was actually positive and was making me invest more time and force in my preparation. So I had few weeks full of reading and finding ways for transferring what I have learned into visual and practical materials for the training. Luckily I didn't have to “invent the wheel” again and I was using the resources that other DS trainers have already put online to help people like me. In the same time my creativity was also challenged so it was a very interesting process.
+
 
+
Meanwhile we were preparing the training on meet.jitsi and mail, with the two other great co-facilitators from Tactical Tech. The agenda was evolving from week to week. The sources that we used were the opinion and experience of the facilitators and the questionnaires filled by the participants before the training, regarding their knowledge and use of devices and OS. The deal was, every one of us will lead some of the sessions, others will be done together, but most importantly every facilitator will give their support and focus on the participants while the other was presenting. It all sounded great and while I was still struggling with my fear I was challenged even more to be better and to learn more. So enough about my prep time and let me get to the point. My first DST as a co-facilitator.
+
 
+
Location: Berlin
+
Dates: 21-23 February 2015
+
Participants: 18 Facilitators: 3
+
Organizers: Kvinna till kvinna
+
 
+
The background of the participants was different, they were coming from different countries from the Balkans and the Caucasus region, dealing with different issues but what they all had in common, was that they are WHRD, they all used facebook, managed sensitive data and 17 of them were using Windows. One was only using MAC after switching from Linux. The group had already built wonderful dynamic in their work as before the DST they have spent some days on workshop about integrated security. They already knew each other, some even from before.
+
 
+
The questionnaires showed us that their knowledge regarding DS was different but we realized that even more on the training. However it was mostly basic knowledge or “never heard of” knowledge. It was very challenging to think in terms for all of them getting equal challenges and information, therefore we had to start from the beginning and try to challenge everybody. At first it was scary as they all had their computers and we had the impression that almost everybody was chatting on facebook, but after few moments following the demand that computers are used just for the hands-on sessions, it all got better and their interest was focused on the training. The participants were not only interested but were engaging lots of examples and experiences, which gave an awesome ground for making the risk assessment before we started more concretely about concepts and tools concerning the DS.
+
 
+
We had 3 days training that was constituted by three different parts. The first day was mostly concentrated on the risk assessment, introduction of some notions of security, elevating the issue that security requires changes of habits. The tools introduced were around protection of malware, secure passwords, securing sensitive data on the computers. (Keepass/KeepassX, Avast, TrueCrypt) The second day was mostly about introducing how the internet works and how to engage more secure internet connection, have more secure browser and mail settings, then we focused on the notions of anonymity and circumvention. The tools were around, Firefox, NoScript, Adblock, HTTPS Everywhere, Tor, VPN, TAILS. The third day was concentrating around secure online communication, encryption and verification, introducing secure encrypted chat, Voip and mail encryption. As the mail encryption took more time, we separated the group on two parts, the ones who needed and wanted to stay with Thunderbird, Enigmail and PGP and the ones who wanted to continue to mobile security. The training ended with the discussion about feminist perspectives on the digital security which cleaned the path to wrap up the whole training. The full agenda can be found here.
+
 
+
Almost every session was using the same approach, example or activity that was followed by discussion and input with more examples and theory, then introducing tools, hands-on or just demonstration, ending with general impressions and questions for the summary.
+
 
+
My general impression was that the training went very good and that every one had the chance to take something new with them. That everyone got to hear new perspectives and deeper knowledge about DS and now have the chance to apply some of the tools that were introduced. The only challenge was the feeling of overload that not everybody accepted as positive. I guess it is a normal first reaction, but having in mind the time on disposal, I think we did the most of it without crossing the line of scaring people. :P
+
 
+
So what can I say more, I was very happy to be there and have my first experience with wonderful co-facilitators and group of women that taught me new things as well, so I can't complain. I am now waiting for confirmation of the place for my second experience and I will try not to stop there. So I can only be grateful that I am some kind of a result of the GTI, on which I somehow ended up participating, because luckily one year ago I got the chance to participate in a security training like the one I had the chance to facilitate this year. So it is all one wonderful circle. :D
+
 
+
I promise to write less for my next experiences, but this time all the excitement and fears just needed to land on piece of paper in LibreOffice. :P:P
+
 
+
My best to all…
+
 
|Feedbacks=Feed back from participants was extremely positive as you can read below:
 
|Feedbacks=Feed back from participants was extremely positive as you can read below:
  
Line 303: Line 272:
 
p. the training was very useful and interesting. Facilitators are great
 
p. the training was very useful and interesting. Facilitators are great
 
and helpful.
 
and helpful.
|START=What will you start doing ?
+
|START=Asking participants to disconnect their devices and have a relaxed talk about their relation with technologies
|STOP=What will you stop doing ?
+
|STOP=Packing so much content in three days
|KEEP=What will you keep doing ?
+
|KEEP=Having talks about gender and feminist approaches to technologies
 
}}
 
}}

Revision as of 17:51, 15 July 2015

Title 3-day training for women activists in the Balkans
Category Digital Security Gender and Tech
Start 2015/02/01
End 2015/02/03
Hours
Scale Macedonia
Geolocalization 41° 42' 2", 21° 42' 32"
Loading map...
Organisation TTC for kvinnatillkvinna
Website
Target audience women activists from the Balkans
Number of participants 18
Context and motivations Women Human Rights Defenders and LGTBQ activists from the balkans (albania, armenia, bosnia, croatia, serbia, georgia, macedonia) with low levels of knowledge regarding privacy and digital security. Almost all of them used Windows, had a smartphone and used facebook for work and activism. Most of them managed sensitive data involving third parties information.

The background of the participants was different, they were coming from different countries from the Balkans and the Caucasus region, dealing with different issues but what they all had in common, was that they are WHRD, they all used facebook, managed sensitive data and 17 of them were using Windows. One was only using MAC after switching from Linux. The group had already built wonderful dynamic in their work as before the DST they have spent some days on workshop about integrated security. They already knew each other, some even from before.

Topics DST, Balkans, WHRD, LGBTQ, Caucasus
Links https://gtiwiki.ttc.io/doku.php?id=dst_for_whrd_from_balkans
Media Balkans training.jpg
Agenda [[Detailed schedule and contents::**Agenda day 1**
    • 09:30 – 10:00: Welcome and introduction**

Program and objectives

Training methodology

Shared agreements Shared agreement.pdf

    • 10.00-11:30: Digital security risk Assessment**

Participants will learn basic methods for assessing common digital and physical risks to data in the work environment. The group exercise begin with all participants filling a document (information map) about the data they produce/manage and they assess: How sensitive are those data (from a work/activist/privacy perspective? Do they imply personal data about third parties?) + Have you lost sensitive information? How did that happen?

Information map document Informationmap.pdf

Then the group split into two and each group had to discussed around the following dimensions:

2) As a human rights activist, identify potential risks to your equipment and data in the office/area/place you work in? Vs What kinds of risks are present in public spaces? (Do you see similar issues in public Internet cafes, libraries, airports for instance?) + What kinds of precautions they could take to protect their physical and digital safety or the safety of your work and your network?

3) How do you build trust in your work/activist environment? What are the processes or tools you use to check out integrity, verification, authenticity of data you manage and people you work with?

Group share answers and then reflect with the entire group about discussions and ideas that emerged into their groups.

    • 11:30-11:45: BREAK**
    • 11:45-12:45: How to protect your computer from malware and intruders?**

Participants will learn about common methods of attack and anti-virus applications. The practical use would be by preventing infections on a PC and detecting fake emails.

Activity: Demonstrating how easy it is to impersonate with an email and phishing.

Resources:

[cyberthreats map]

[syrians activists]

Presentation: Malware final.odp

    • 13:00-14:00 : LUNCH**
    • 14:00 – 15:00: Secure passwords**

How to create and maintain a secure password and Demonstration of Keepass/KeepassX

Activity: Brief - Participants are separated in 2 groups given different materials that represent symbols, which they can use to create visual un/secure password in the space. One group has the right to use one person that represents the combination of all materials. Demonstration which password has more strength and why.

Resources:

[popular 2014 passwords]

[strength of passwords]

[about passwords]

Presentation: Secure pass final.odp

    • 15:00 – 15:15: BREAK**
    • 15:15-17:00: How to protect sensitive data on your computer: Encryption, Back up**

Document about back up strategies: Backupstrategy.pdf

[back up strategy]

[manual Security in a Box]

    • 17:00-17:15: Evaluation**


    • Agenda day 2**
    • 09:30-11:30: How to keep your Internet communication private (Part1): Mail, Browser, Internet connection**

Participants engage into two exercises (Small group activity):

1) How Internet works and understanding the chain of agents that can control/access aka compromise our privacy and security in Internet?

A. Secure vs. insecure Internet connections (SSL/public wifis/http vs https)

2) Our digital shadow / Trackography:

Exploration of participants digital shadows

[digital shadow profiler]

[and my shadow: How to learn more?]

[privacy addons in your firefox]

[secure mail and why support alternatives]

B. Creation alternative mail (riseup, alternatives, trade offs)

C. Hands on HTTPS EVERYWHERE, NOSCRIPT, AdBlock, Ghostery, Privacy badger, alternative search engines

    • 11:30 –11:45: Break**
    • 11:45 – 13:00: How to keep your Internet communication private (Part1): Mail, Browser, Internet connection**

D. Google double step verification

E. Privacy settings in social media accounts

[yourself and your data when using social networking platforms]

    • 13:00-14:00: LUNCH**
    • 14:00-15:00: How to keep your Internet communication private (Part2): Anonymity and circumvention**

Participants engage into two exercises (Small group activity):

1) How a piece of data travels? (no encrypted, encrypted, through a proxy and then through TOR)

Explaining Tor and Tor browser bundle / VPN / Introduction to Tails

[Browser bundle]]

[[1]]

    • 15:00 – 15:15: Break**
    • 15.15 – 17:00: How to keep your Internet communication private (Part2): Anonymity and circumvention**

A. Install Tor browser bundle B. What is my IP? C. Boot from tails

    • 17:00 – 17:15: Evaluation**


    • Agenda day 3:**
    • 09:30-10:45: How to keep your Internet communication private (Part 3): Encryption and verification**

General introduction about encrypted communication.

Activity: Demonstration of the keys and mail sending through objects and letter.

[about encryption and colours]

Secure video/audio/chatting (End to End Encryption) and How secure is skype and google hangouts?

Alternatives: [and OTR] and [[2]]

Demonstration of encrypted chat and Voip.

    • 10:45 – 11:00: Break**
    • 11:00 – 13:00: How to keep your Internet communication private (Part 3): Encryption and verification**

[of trust]

[encryption Thunderbird /Enigmail]: This include practical exercises on installing Thunderbird and enigmail. As well as Generating key pairs, revocation, exchanging keys, authenticating them, uploading a key.

    • 13:00-14:00: LUNCH**
    • 14:00-16:00: Mobile phone safety**

[to sue smartphones as securely as possible?]

Participants will learn about the risks and the safety precautions to use when using mobile phones. Installation of Antivirus, Orbot, Orweb and ChatSecure, Redphone, Textsecure, enabling encryption and strong passwords on Android phones.

    • 16:00 – 17:00: Collective discussion about feminist perspectives on digital security and wrap up**

[and Technology Institute: what happened? Follow up activities]

[Interviews with women hackers]

    • 17:00 - 17:15 Evaluation**]]
Methodologies
Resources
Gendersec
Feelings Read Storytelling https://gendersec.tacticaltech.org/wiki/index.php/Women_activists_from_the_Balkans,_Macedonia
Feedbacks Feed back from participants was extremely positive as you can read below:

1.What did you think about the training, facilitation and organization of the workshop?:

a. the training was one of the most important ones. The facilitators were very kind and friendly. The time tough, was a bit short, would be perfect having one additional day.

b. I find it very useful. The facilitators were very patient:) They did their best, in order us to understand something. I am very thankful for being -consistently- and following our suggestions from the everyday evaluations. Every day evaluations are very good.

c. I loved the training, especially how the three of you interacted + run it smoothly. It was a bit challenging we come as different users so I would have loved more practical work for some who already read on theory. On the other hand - your explanations were great - really interesting + engaging us all.

d. The training was very interesting. It created a lot of possibilities to me to know what are the options for secure online communication. Facilitators were very attentive and great.

e. It was one of the best trainings i have ever attended!!! Facilitation was perfect. I liked that there were three facilitators and topics were shared.

f. Though I got tired and was difficult to process all the information. I loved the whole thing. It was interesting, with lots of information that can be useful. Facilitation was great. The three of you. Trying to keep it simple and still go through so many things. Like the way you work together. Maybe we needed longer breaks and a slower race at least I did.

g. I think that you are great!

h. I think it is of a great importance. Although it was a lot of information in a short time, I was interested and it kept my attention. Trainers were great!

i. The content of the training was a bit packed. Maybe it would be better to concentrate on few tools or programs than general overview of more tools. It was hard for me to switch of new framework after integrated security and be concentrated as previous days, the focus was another issue.

j. The workshop open to me a new view of thinking about DS. The topics were great but you could little more felt a group. To many information, too many for my perspective

k. It was extremely informative, very useful. Sometimes too overloaded with info I and it was difficult to follow but still received a valuable info.

l. It was conducted really well having in mind the abstract content but it was explained in so basic and visual manner that it is very clear for me and rememberable, at least the basic things. Facilitation was wonderful, except for the presence of all three facilitators, it wasn't quite equal at some moments dominated by one. But I liked they were three and all different, it gave me a more balanced feeling.

m. Facilitation was really good. Trying to make complicated things as simple as possible. The group was eclectic so not all participants were strong in technologies but all of them are taking at least something from the training.

n. very interesting for me useful for my job and my life. Facilitators were great. Professionals and with high quality knowledge. Thanks

o. Perfect

p. the training was very useful and interesting. Facilitators are great and helpful.

Start Asking participants to disconnect their devices and have a relaxed talk about their relation with technologies
Stop Packing so much content in three days
Keep Having talks about gender and feminist approaches to technologies