Digital security training for women activists from the Balkans, Macedonia
From Gender and Tech Resources
|Title||3-day training for women activists in the Balkans|
|Category||Digital Security Gender and Tech|
|Geolocalization||41° 42' 2", 21° 42' 32"|
|Organisation||TTC for kvinnatillkvinna|
|Target audience||women activists from the Balkans|
|Number of participants||18|
|Context and motivations|| Women Human Rights Defenders and LGTBQ activists from the balkans (albania, armenia, bosnia, croatia, serbia, georgia, macedonia) with low levels of knowledge regarding privacy and digital security. Almost all of them used Windows, had a smartphone and used facebook for work and activism. Most of them managed sensitive data involving third parties information.
The background of the participants was different, they were coming from different countries from the Balkans and the Caucasus region, dealing with different issues but what they all had in common, was that they are WHRD, they all used facebook, managed sensitive data and 17 of them were using Windows. One was only using MAC after switching from Linux. The group had already built wonderful dynamic in their work as before the DST they have spent some days on workshop about integrated security. They already knew each other, some even from before.
|Topics||DST, Balkans, WHRD, LGBTQ, Caucasus|
|Agenda|| [[Detailed schedule and contents::**Agenda day 1**
Program and objectives
Participants will learn basic methods for assessing common digital and physical risks to data in the work environment. The group exercise begin with all participants filling a document (information map) about the data they produce/manage and they assess: How sensitive are those data (from a work/activist/privacy perspective? Do they imply personal data about third parties?) + Have you lost sensitive information? How did that happen?
Information map document File:Informationmap.pdf
Then the group split into two and each group had to discussed around the following dimensions:
2) As a human rights activist, identify potential risks to your equipment and data in the office/area/place you work in? Vs What kinds of risks are present in public spaces? (Do you see similar issues in public Internet cafes, libraries, airports for instance?) + What kinds of precautions they could take to protect their physical and digital safety or the safety of your work and your network?
3) How do you build trust in your work/activist environment? What are the processes or tools you use to check out integrity, verification, authenticity of data you manage and people you work with?
Group share answers and then reflect with the entire group about discussions and ideas that emerged into their groups.
Participants will learn about common methods of attack and anti-virus applications. The practical use would be by preventing infections on a PC and detecting fake emails.
Activity: Demonstrating how easy it is to impersonate with an email and phishing.
How to create and maintain a secure password and Demonstration of Keepass/KeepassX
Activity: Brief - Participants are separated in 2 groups given different materials that represent symbols, which they can use to create visual un/secure password in the space. One group has the right to use one person that represents the combination of all materials. Demonstration which password has more strength and why.
Presentation: File:Secure pass final.odp
Document about back up strategies: File:Backupstrategy.pdf
Participants engage into two exercises (Small group activity):
1) How Internet works and understanding the chain of agents that can control/access aka compromise our privacy and security in Internet?
A. Secure vs. insecure Internet connections (SSL/public wifis/http vs https)
2) Our digital shadow / Trackography:
Exploration of participants digital shadows
B. Creation alternative mail (riseup, alternatives, trade offs)
C. Hands on HTTPS EVERYWHERE, NOSCRIPT, AdBlock, Ghostery, Privacy badger, alternative search engines
D. Google double step verification
E. Privacy settings in social media accounts
Participants engage into two exercises (Small group activity):
1) How a piece of data travels? (no encrypted, encrypted, through a proxy and then through TOR)
Explaining Tor and Tor browser bundle / VPN / Introduction to Tails
A. Install Tor browser bundle B. What is my IP? C. Boot from tails
General introduction about encrypted communication.
Activity: Demonstration of the keys and mail sending through objects and letter.
Secure video/audio/chatting (End to End Encryption) and How secure is skype and google hangouts?
Demonstration of encrypted chat and Voip.
[encryption Thunderbird /Enigmail]: This include practical exercises on installing Thunderbird and enigmail. As well as Generating key pairs, revocation, exchanging keys, authenticating them, uploading a key.
Participants will learn about the risks and the safety precautions to use when using mobile phones. Installation of Antivirus, Orbot, Orweb and ChatSecure, Redphone, Textsecure, enabling encryption and strong passwords on Android phones.
|Feelings||Read Storytelling https://gendersec.tacticaltech.org/wiki/index.php/Women_activists_from_the_Balkans,_Macedonia|
|Feedbacks|| Feed back from participants was extremely positive as you can read below:
1.What did you think about the training, facilitation and organization of the workshop?:
a. the training was one of the most important ones. The facilitators were very kind and friendly. The time tough, was a bit short, would be perfect having one additional day.
b. I find it very useful. The facilitators were very patient:) They did their best, in order us to understand something. I am very thankful for being -consistently- and following our suggestions from the everyday evaluations. Every day evaluations are very good.
c. I loved the training, especially how the three of you interacted + run it smoothly. It was a bit challenging we come as different users so I would have loved more practical work for some who already read on theory. On the other hand - your explanations were great - really interesting + engaging us all.
d. The training was very interesting. It created a lot of possibilities to me to know what are the options for secure online communication. Facilitators were very attentive and great.
e. It was one of the best trainings i have ever attended!!! Facilitation was perfect. I liked that there were three facilitators and topics were shared.
f. Though I got tired and was difficult to process all the information. I loved the whole thing. It was interesting, with lots of information that can be useful. Facilitation was great. The three of you. Trying to keep it simple and still go through so many things. Like the way you work together. Maybe we needed longer breaks and a slower race at least I did.
g. I think that you are great!
h. I think it is of a great importance. Although it was a lot of information in a short time, I was interested and it kept my attention. Trainers were great!
i. The content of the training was a bit packed. Maybe it would be better to concentrate on few tools or programs than general overview of more tools. It was hard for me to switch of new framework after integrated security and be concentrated as previous days, the focus was another issue.
j. The workshop open to me a new view of thinking about DS. The topics were great but you could little more felt a group. To many information, too many for my perspective
k. It was extremely informative, very useful. Sometimes too overloaded with info I and it was difficult to follow but still received a valuable info.
l. It was conducted really well having in mind the abstract content but it was explained in so basic and visual manner that it is very clear for me and rememberable, at least the basic things. Facilitation was wonderful, except for the presence of all three facilitators, it wasn't quite equal at some moments dominated by one. But I liked they were three and all different, it gave me a more balanced feeling.
m. Facilitation was really good. Trying to make complicated things as simple as possible. The group was eclectic so not all participants were strong in technologies but all of them are taking at least something from the training.
n. very interesting for me useful for my job and my life. Facilitators were great. Professionals and with high quality knowledge. Thanks
p. the training was very useful and interesting. Facilitators are great and helpful.
|Start||Asking participants to disconnect their devices and have a relaxed talk about their relation with technologies|
|Stop||Packing so much content in three days|
|Keep||Having talks about gender and feminist approaches to technologies|