Difference between revisions of "Digital security training for women activists from the Balkans, Macedonia"

From Gender and Tech Resources

Line 12: Line 12:
  
 
The background of the participants was different, they were coming from different countries from the Balkans and the Caucasus region, dealing with different issues but what they all had in common, was that they are WHRD, they all used facebook, managed sensitive data and 17 of them were using Windows. One was only using MAC after switching from Linux. The group had already built wonderful dynamic in their work as before the DST they have spent some days on workshop about integrated security. They already knew each other, some even from before.
 
The background of the participants was different, they were coming from different countries from the Balkans and the Caucasus region, dealing with different issues but what they all had in common, was that they are WHRD, they all used facebook, managed sensitive data and 17 of them were using Windows. One was only using MAC after switching from Linux. The group had already built wonderful dynamic in their work as before the DST they have spent some days on workshop about integrated security. They already knew each other, some even from before.
|Topics addressed=Autocompletion and add your topics
+
|Topics addressed=DST, Balkans, WHRD, LGBTQ, Caucasus
 
|Links about the activity=https://gtiwiki.ttc.io/doku.php?id=dst_for_whrd_from_balkans
 
|Links about the activity=https://gtiwiki.ttc.io/doku.php?id=dst_for_whrd_from_balkans
 
}}
 
}}

Revision as of 15:32, 17 May 2015

Title 3-day training for women activists in the Balkans
Category Digital Security Gender and Tech
Start 2015/02/01
End 2015/02/03
Hours
Scale Macedonia
Geolocalization 41° 42' 2", 21° 42' 32"
Loading map...
Organisation TTC for kvinnatillkvinna
Website
Target audience women activists from the Balkans
Number of participants 18
Context and motivations Women Human Rights Defenders and LGTBQ activists from the balkans (albania, armenia, bosnia, croatia, serbia, georgia, macedonia) with low levels of knowledge regarding privacy and digital security. Almost all of them used Windows, had a smartphone and used facebook for work and activism. Most of them managed sensitive data involving third parties information.

The background of the participants was different, they were coming from different countries from the Balkans and the Caucasus region, dealing with different issues but what they all had in common, was that they are WHRD, they all used facebook, managed sensitive data and 17 of them were using Windows. One was only using MAC after switching from Linux. The group had already built wonderful dynamic in their work as before the DST they have spent some days on workshop about integrated security. They already knew each other, some even from before.

Topics DST, Balkans, WHRD, LGBTQ, Caucasus
Links https://gtiwiki.ttc.io/doku.php?id=dst_for_whrd_from_balkans
Media [[File:]]
Agenda [[Detailed schedule and contents::**Agenda day 1**
    • 09:30 – 10:00: Welcome and introduction**

Program and objectives

Training methodology

Shared agreements Shared agreement.pdf

    • 10.00-11:30: Digital security risk Assessment**

Participants will learn basic methods for assessing common digital and physical risks to data in the work environment. The group exercise begin with all participants filling a document (information map) about the data they produce/manage and they assess: How sensitive are those data (from a work/activist/privacy perspective? Do they imply personal data about third parties?) + Have you lost sensitive information? How did that happen?

Information map document Informationmap.pdf

Then the group split into two and each group had to discussed around the following dimensions:

2) As a human rights activist, identify potential risks to your equipment and data in the office/area/place you work in? Vs What kinds of risks are present in public spaces? (Do you see similar issues in public Internet cafes, libraries, airports for instance?) + What kinds of precautions they could take to protect their physical and digital safety or the safety of your work and your network?

3) How do you build trust in your work/activist environment? What are the processes or tools you use to check out integrity, verification, authenticity of data you manage and people you work with?

Group share answers and then reflect with the entire group about discussions and ideas that emerged into their groups.

    • 11:30-11:45: BREAK**
    • 11:45-12:45: How to protect your computer from malware and intruders?**

Participants will learn about common methods of attack and anti-virus applications. The practical use would be by preventing infections on a PC and detecting fake emails.

Activity: Demonstrating how easy it is to impersonate with an email and phishing.

Resources:

[cyberthreats map]

[syrians activists]

Presentation: Malware final.odp

    • 13:00-14:00 : LUNCH**
    • 14:00 – 15:00: Secure passwords**

How to create and maintain a secure password and Demonstration of Keepass/KeepassX

Activity: Brief - Participants are separated in 2 groups given different materials that represent symbols, which they can use to create visual un/secure password in the space. One group has the right to use one person that represents the combination of all materials. Demonstration which password has more strength and why.

Resources:

[popular 2014 passwords]

[strength of passwords]

[about passwords]

Presentation: Secure pass final.odp

    • 15:00 – 15:15: BREAK**
    • 15:15-17:00: How to protect sensitive data on your computer: Encryption, Back up**

Document about back up strategies: Backupstrategy.pdf

[back up strategy]

[manual Security in a Box]

    • 17:00-17:15: Evaluation**


    • Agenda day 2**
    • 09:30-11:30: How to keep your Internet communication private (Part1): Mail, Browser, Internet connection**

Participants engage into two exercises (Small group activity):

1) How Internet works and understanding the chain of agents that can control/access aka compromise our privacy and security in Internet?

A. Secure vs. insecure Internet connections (SSL/public wifis/http vs https)

2) Our digital shadow / Trackography:

Exploration of participants digital shadows

[digital shadow profiler]

[and my shadow: How to learn more?]

[privacy addons in your firefox]

[secure mail and why support alternatives]

B. Creation alternative mail (riseup, alternatives, trade offs)

C. Hands on HTTPS EVERYWHERE, NOSCRIPT, AdBlock, Ghostery, Privacy badger, alternative search engines

    • 11:30 –11:45: Break**
    • 11:45 – 13:00: How to keep your Internet communication private (Part1): Mail, Browser, Internet connection**

D. Google double step verification

E. Privacy settings in social media accounts

[yourself and your data when using social networking platforms]

    • 13:00-14:00: LUNCH**
    • 14:00-15:00: How to keep your Internet communication private (Part2): Anonymity and circumvention**

Participants engage into two exercises (Small group activity):

1) How a piece of data travels? (no encrypted, encrypted, through a proxy and then through TOR)

Explaining Tor and Tor browser bundle / VPN / Introduction to Tails

[Browser bundle]]

[[1]]

    • 15:00 – 15:15: Break**
    • 15.15 – 17:00: How to keep your Internet communication private (Part2): Anonymity and circumvention**

A. Install Tor browser bundle B. What is my IP? C. Boot from tails

    • 17:00 – 17:15: Evaluation**


    • Agenda day 3:**
    • 09:30-10:45: How to keep your Internet communication private (Part 3): Encryption and verification**

General introduction about encrypted communication.

Activity: Demonstration of the keys and mail sending through objects and letter.

[about encryption and colours]

Secure video/audio/chatting (End to End Encryption) and How secure is skype and google hangouts?

Alternatives: [and OTR] and [[2]]

Demonstration of encrypted chat and Voip.

    • 10:45 – 11:00: Break**
    • 11:00 – 13:00: How to keep your Internet communication private (Part 3): Encryption and verification**

[of trust]

[encryption Thunderbird /Enigmail]: This include practical exercises on installing Thunderbird and enigmail. As well as Generating key pairs, revocation, exchanging keys, authenticating them, uploading a key.

    • 13:00-14:00: LUNCH**
    • 14:00-16:00: Mobile phone safety**

[to sue smartphones as securely as possible?]

Participants will learn about the risks and the safety precautions to use when using mobile phones. Installation of Antivirus, Orbot, Orweb and ChatSecure, Redphone, Textsecure, enabling encryption and strong passwords on Android phones.

    • 16:00 – 17:00: Collective discussion about feminist perspectives on digital security and wrap up**

[and Technology Institute: what happened? Follow up activities]

[Interviews with women hackers]

    • 17:00 - 17:15 Evaluation**]]
Methodologies
Resources
Gendersec
Feelings Testimony “My first Digital Security Training as co-facilitator”, Berlin, February 2015 - lagartata

March 2014 was my first encounter with Digital Security (DS). I was participant on a security training, implemented by Tactical Tech and Front line defenders, organized by Kaos GL in Ankara Turkey. For the first time I realized that encryption is actually something that we can all get and use. We had wonderful facilitators that amazed me with their knowledge and self-education. I got very motivated to learn more about securing my digital data, but also curious to locate and map all my insecure habits.

My next stop was the Gender and Technology Institute (GTI). One of the best institutes that I have ever been, where my brain was loaded with so much information that it was getting crazy. I took all those valuable connections, info and knowledge that I made, I embraced my motivation and enthusiasm about the issue and again I started from the beginning. I changed my mental scope and entered more deeply into the world of technologies. I started learning more about the devices that I am using and in the same time I was implementing more tools to secure my communication and data. My plan was to train myself until the point where I will feel competent enough to approach some of the wonderful people that I met on the GTI and offer my services to help spreading the word. Then unexpectedly I got an encrypted mail (:P) proposing me to join a facilitators team and do my first training as a co-facilitator.

First I got scared and wasn't sure if I knew enough, as I was still learning and it is a great responsibility talking about security. My brain started working like on the GTI, as an overdosed CPU, so in the same time I was assessing my knowledge and the lack of knowledge that I have, comparing it with the opportunity to share what I know and learn what I don't know from the ones that are more experienced than me.

I had the opportunity to share my modest knowledge but also be part of a DST team, so I realized that it is a great challenge that I can't miss. So I accepted the offer. I realized that the panic that was rushing through my veins was actually positive and was making me invest more time and force in my preparation. So I had few weeks full of reading and finding ways for transferring what I have learned into visual and practical materials for the training. Luckily I didn't have to “invent the wheel” again and I was using the resources that other DS trainers have already put online to help people like me. In the same time my creativity was also challenged so it was a very interesting process.

Meanwhile we were preparing the training on meet.jitsi and mail, with the two other great co-facilitators from Tactical Tech. The agenda was evolving from week to week. The sources that we used were the opinion and experience of the facilitators and the questionnaires filled by the participants before the training, regarding their knowledge and use of devices and OS. The deal was, every one of us will lead some of the sessions, others will be done together, but most importantly every facilitator will give their support and focus on the participants while the other was presenting. It all sounded great and while I was still struggling with my fear I was challenged even more to be better and to learn more. So enough about my prep time and let me get to the point. My first DST as a co-facilitator.

Location: Berlin Dates: 21-23 February 2015 Participants: 18 Facilitators: 3 Organizers: Kvinna till kvinna

The background of the participants was different, they were coming from different countries from the Balkans and the Caucasus region, dealing with different issues but what they all had in common, was that they are WHRD, they all used facebook, managed sensitive data and 17 of them were using Windows. One was only using MAC after switching from Linux. The group had already built wonderful dynamic in their work as before the DST they have spent some days on workshop about integrated security. They already knew each other, some even from before.

The questionnaires showed us that their knowledge regarding DS was different but we realized that even more on the training. However it was mostly basic knowledge or “never heard of” knowledge. It was very challenging to think in terms for all of them getting equal challenges and information, therefore we had to start from the beginning and try to challenge everybody. At first it was scary as they all had their computers and we had the impression that almost everybody was chatting on facebook, but after few moments following the demand that computers are used just for the hands-on sessions, it all got better and their interest was focused on the training. The participants were not only interested but were engaging lots of examples and experiences, which gave an awesome ground for making the risk assessment before we started more concretely about concepts and tools concerning the DS.

We had 3 days training that was constituted by three different parts. The first day was mostly concentrated on the risk assessment, introduction of some notions of security, elevating the issue that security requires changes of habits. The tools introduced were around protection of malware, secure passwords, securing sensitive data on the computers. (Keepass/KeepassX, Avast, TrueCrypt) The second day was mostly about introducing how the internet works and how to engage more secure internet connection, have more secure browser and mail settings, then we focused on the notions of anonymity and circumvention. The tools were around, Firefox, NoScript, Adblock, HTTPS Everywhere, Tor, VPN, TAILS. The third day was concentrating around secure online communication, encryption and verification, introducing secure encrypted chat, Voip and mail encryption. As the mail encryption took more time, we separated the group on two parts, the ones who needed and wanted to stay with Thunderbird, Enigmail and PGP and the ones who wanted to continue to mobile security. The training ended with the discussion about feminist perspectives on the digital security which cleaned the path to wrap up the whole training. The full agenda can be found here.

Almost every session was using the same approach, example or activity that was followed by discussion and input with more examples and theory, then introducing tools, hands-on or just demonstration, ending with general impressions and questions for the summary.

My general impression was that the training went very good and that every one had the chance to take something new with them. That everyone got to hear new perspectives and deeper knowledge about DS and now have the chance to apply some of the tools that were introduced. The only challenge was the feeling of overload that not everybody accepted as positive. I guess it is a normal first reaction, but having in mind the time on disposal, I think we did the most of it without crossing the line of scaring people. :P

So what can I say more, I was very happy to be there and have my first experience with wonderful co-facilitators and group of women that taught me new things as well, so I can't complain. I am now waiting for confirmation of the place for my second experience and I will try not to stop there. So I can only be grateful that I am some kind of a result of the GTI, on which I somehow ended up participating, because luckily one year ago I got the chance to participate in a security training like the one I had the chance to facilitate this year. So it is all one wonderful circle. :D

I promise to write less for my next experiences, but this time all the excitement and fears just needed to land on piece of paper in LibreOffice. :P:P

My best to all…

Feedbacks Feed back from participants was extremely positive as you can read below:

1.What did you think about the training, facilitation and organization of the workshop?:

a. the training was one of the most important ones. The facilitators were very kind and friendly. The time tough, was a bit short, would be perfect having one additional day.

b. I find it very useful. The facilitators were very patient:) They did their best, in order us to understand something. I am very thankful for being -consistently- and following our suggestions from the everyday evaluations. Every day evaluations are very good.

c. I loved the training, especially how the three of you interacted + run it smoothly. It was a bit challenging we come as different users so I would have loved more practical work for some who already read on theory. On the other hand - your explanations were great - really interesting + engaging us all.

d. The training was very interesting. It created a lot of possibilities to me to know what are the options for secure online communication. Facilitators were very attentive and great.

e. It was one of the best trainings i have ever attended!!! Facilitation was perfect. I liked that there were three facilitators and topics were shared.

f. Though I got tired and was difficult to process all the information. I loved the whole thing. It was interesting, with lots of information that can be useful. Facilitation was great. The three of you. Trying to keep it simple and still go through so many things. Like the way you work together. Maybe we needed longer breaks and a slower race at least I did.

g. I think that you are great!

h. I think it is of a great importance. Although it was a lot of information in a short time, I was interested and it kept my attention. Trainers were great!

i. The content of the training was a bit packed. Maybe it would be better to concentrate on few tools or programs than general overview of more tools. It was hard for me to switch of new framework after integrated security and be concentrated as previous days, the focus was another issue.

j. The workshop open to me a new view of thinking about DS. The topics were great but you could little more felt a group. To many information, too many for my perspective

k. It was extremely informative, very useful. Sometimes too overloaded with info I and it was difficult to follow but still received a valuable info.

l. It was conducted really well having in mind the abstract content but it was explained in so basic and visual manner that it is very clear for me and rememberable, at least the basic things. Facilitation was wonderful, except for the presence of all three facilitators, it wasn't quite equal at some moments dominated by one. But I liked they were three and all different, it gave me a more balanced feeling.

m. Facilitation was really good. Trying to make complicated things as simple as possible. The group was eclectic so not all participants were strong in technologies but all of them are taking at least something from the training.

n. very interesting for me useful for my job and my life. Facilitators were great. Professionals and with high quality knowledge. Thanks

o. Perfect

p. the training was very useful and interesting. Facilitators are great and helpful.


  • 2. What was the most useful part of this training for you? Why?*

a. The keypass, the TAILS, the cryptocat and the thunderbird. I hope to use all the mentioned tools because they will help me to secure my activism online, and the keypass would help to relax my brain: brilliant tools.

b. I find very useful everything. I am very happy that we got a lot of information. I am sure those who are really interested will go to their countries and start researching new tools and everything.

c. Learning of my operating system as I am used at Linux + Windows and this training made me want to explore Mac OS as well.

d. mobile security, email encryption, hidden services (tor)

e. It is hard to separate any particular topic because any of them were useful and interesting

f. Clarifying ideas about what digital security is and how can be used. Becoming aware that I am vulnerable in so many ways through my devices was the most important. Also learning that there are ways to be safe while using tech. devices and building trust that we can do it.:)

g. The most useful part was about mail encryption and chat encryption. Part about Tor is very useful for me, and the part about the virtual operating system TAILS.

h. All the parts were useful, encryption, alternative mails, browsers, operative systems...everything we learned about dangers and anonymity

i. The most useful part were practical exercises especially truecrypt and keypass which is very useful.

j. The information and the tool with a trick how to protect a more security issue regarding technology.

k. encryption and mob. security. I understood that sensitive information needs to be handled very carefully. Many new technics that hope I will remember and use it.

l. The basic explanations were of the concepts and all the tools presented giving me the perspective of what can I do to protect myself and my privacy. But definitely need more time to go through, practice and use it regularly. Interesting also the part about our digital shadow. I like all the videos that were used to explain different aspects. Very effective.

m. Most useful was the discussion on feminism and technologies, cyberfeminism and the deconstruction of stereotype that women are not supposed to be good at technologies. Also those practical tools shared during the training.

n. all steps were useful a lot of methods to fe

o. Encryption, lot of cases of my patients to hide.

p. Defense methods for online browsing, mailing, chatting and mobile security. riseup.net

  • 3. How has your understanding of digital security and privacy changed?*

a. This was not the first time of getting to know the specifics of DS, but after this intercourse I feel more confident in this world and more confused meanwhile, as I have got to know many new tools and still don't have a complete confidence in using them. I will try them for sure, my approach towards DS become more positive and relaxed.

b. Hereafter, I will use only open source resources. Thank you for that.

c. I was again reminded how important it is to be aware of the intentions and threats related to digital security and it made me fall in love again with safety online.:)

d. it increased, i had very little knowledge

e. It has improved a lot! Although having some knowledge I feel more secure and I know how to be safe

f. It has changed a lot. I am aware now that I didn't have a clue what digital security really was and I didn't know there were this ways to be safe. Now I have clearer ideas how dig. security can be linked to activism.

g. I am more aware of digital security and privacy

h. I was interested in it before but this training made me think more about it. Also it gave me tools to use and share with others locally.

i. It has not changed a lot as I was aware of the issue before.

j. A lot! I did not know anything, now i got a lot of information

k. Understanding of digital security and privacy changed to much deeper extent but i do not know if i will be able to use everything that was explained at the workshop.

l. Yes, even though I have previously attended DS workshop, for me this WS was different and influenced me and my understanding

m. It has changed. I still have to struggle my resistance towards the topic but now I am more close and familiar towards the issue. At least i have this feeling i was going out of my comfort zone but that is where we grow and face challenges so thank you.

n. everything changed.

o. From 2 to 8

p. /

    • 4.If you were to teach a friend from your community one tool or strategy**
    • that you learned here, what would it be? Why?*

a. first of all the keypass for the passwords, the cryptocat because it is easy to get to know, as well as would tell about TAILS to make them jealous

b. Always use Tor if you are an activist in your country and be careful.

c. Definitely TAILS + Tor, besides the basic protection strategy on Mozilla, Facebook and Gmail.

d. phone security, email encryption, creation of hidden folder

e. The first or one thing to teach would be data encryption and email encryption

f. First I'd teach him how to set secure passwords. I'd teach him/her how to be safe on his/her mobile. Then antivirus/malware and encryption of files. Because there I understood better and think I need them more in everyday life.

g. Tor, TAILS, encryption, because it is very useful and fun

h. More protection, encryption and how it works

i. It would be more logical to spread security measure of chat among lgbt community members as it is used for blackmail frequently.

j. Ghostery and other security tools from security in a box for Firefox

k. I will definitely teach to all my colleagues TrueCrypt/redphone/tor browser/ secure chat/ riseup

l. on the way of functioning of internet/mobile and communications, the security and all the possibilities to have not secured communications or more, Strategy, the red phone.

m. Tor and encryption because i think it is needed more also mobile security part.

n. all tools all of them are very important

o. Encryption

p. Mobile security, mailing and chatting.

    • 5. What did you find the most challenging in terms of ideas, approaches**
    • and/or skills?**

a. The thunderbird this is still a kind of mystery in using in terms of its sub tools, i need to research in order not to be frightened by it.

b. The most difficult for me was Thunderbird, but this is only for this experience, then it is very usual.

c. Well - mail encryption in relation to different mail clients. W/ Thunderbird it seems easy but w/ built in Mail app on Mac I see it has a lot of challenges.

d. well overall, it was hard to me to grasp everything. It was too much for a person with no knowledge

e. nothing in particular

f. SO much info for such a short time was challenging. Need to take things slowly and get more used to certain language.

g. I do not know now

h. I has a hard time learning about encryption but I am interested in learning more.

i. "chat" part was most difficult.

j. Mobile security, also i think this would be more interesting to talk about this mobile security than how to use some application which i will not use

k. encryption/ my shadow/ panopticlick/ tails

l. encryption

m. encryption was hard

n. most of the skills.

o. email encryption

p. /


  • 6. Any further comments or suggestions?*

a. I would love to have more time on this, or to shorten the list of tools represented. Because it is too messy listening to the facilitators and trying to practice it for some minutes only.

b. Please let all these women be in touch and mailing list for me is a best best solution for this.

c. I really liked the training and I think there should be more

d. to make it more simple and with less info for beginners

e. would like to attend some of the DST

f. Just make this longer, so that one gets used to all the info and has enough time to try things step by step.

g. it was a lot of information in short time

h. Maybe more time/days for this, to split less info in more days, cause some of us need more time to process, learn

i. In terms of practical usage it will be better to organize such training for specific more homogenous group like cyber feminist or one organization stuff members. I can not teach my stuff members after this training. It would be good to have them too practice tools together.

j. Thank you for all your knowledge, it will be helpful for me. Just make longer pauses

k. More practical exercises and going in depth. need more time to digest everything, individual approach.

m. more exercises to practice one software maybe?

n thank you.

o. none

p. everything was good.*

Start What will you start doing ?
Stop What will you stop doing ?
Keep What will you keep doing ?