Difference between revisions of "Digital security training for women activists from the Balkans, Turkey"

From Gender and Tech Resources

Line 2: Line 2:
 
|Title of the activity=3-day training for women activists in the Balkans
 
|Title of the activity=3-day training for women activists in the Balkans
 
|Category=Digital Security, Gender and Tech
 
|Category=Digital Security, Gender and Tech
|Start when ?=2015/04/01
+
|Start when ?=2015/04/27
|End when ?=2015/04/03
+
|End when ?=2015/04/30
 
|Where is located the activity ?=Turkey
 
|Where is located the activity ?=Turkey
 
|Geo-localization of the activity ?=39.663222695382, 34.98046875
 
|Geo-localization of the activity ?=39.663222695382, 34.98046875
Line 9: Line 9:
 
|For whom is it organized=women activists from the Balkans
 
|For whom is it organized=women activists from the Balkans
 
|How many people trained=12
 
|How many people trained=12
 +
|Motivations for organizing training=HRD from different parts of the Balkans, working on different issues. They had low level of knowledge about Digital Security, all used Facebook for their activism and sharing sensitive data. They all used Windows, most of them non licensed. They all worked and managed sensitive data on regular level.
 
|Topics addressed=activists, Feminism, Balkans, DST
 
|Topics addressed=activists, Feminism, Balkans, DST
 
|Links about the activity=Articles, videos, photos on-line, ...
 
|Links about the activity=Articles, videos, photos on-line, ...
 +
}}
 +
{{Planning and documentation
 +
|Detailed schedule and contents=**AGENDA DAY 1**
 +
 +
15:00-17:00: Welcome, Housekeeping and Objectives**
 +
 +
Introduction
 +
Program and objectives
 +
Training methodology
 +
Expectations
 +
Shared agreements (Discussion and agreement)
 +
Security guidelines
 +
__________________________________________________________________________________________
 +
 +
**AGENDA DAY 2**
 +
 +
09:30-11:15: Digital Security risk Assessment**
 +
 +
Participants will learn basic methods for assessing common digital and physical risks to data in the work environment. The group exercise begin with all participants filling a document (information map) about the data they produce/manage and they assess:
 +
 +
1)How sensitive are those data (from a work/activist/privacy perspective? Do they imply personal data about third parties?) + Have you lost sensitive information? How did that happen?
 +
 +
Discussion:
 +
 +
2) As a human rights activist, identify potential risks to your equipment and data in the office/area/place you work in? Vs What kinds of risks are present in public spaces? (Do you see similar issues in public Internet cafes, libraries, airports for instance?) + What kinds of precautions they could take to protect their physical and digital safety or the safety of your work and your network?
 +
 +
3) How do you build trust in your work/activist environment? What are the processes or tools you use to check out integrity, verification, authenticity of data you manage and people you work with?
 +
 +
11:15-11:30: BREAK**
 +
 +
11:30-13:00: How to protect your computer from malware and intruders; PART 1
 +
 +
Participants will get better understanding of what malware is, how the devices become exposed with malware. How our online behavior can influence our security regarding malware. Common methods of attacks with Malware. Demonstration through activity a phishing example.
 +
 +
13:00-14:30: LUNCH**
 +
 +
14:30-15:30: How to protect your computer from malware and intruders; PART 2
 +
 +
Demonstration on how to detect fake mails as wall as removing malware from the computer. Tips on prevention infections on the computer. Installation and demonstration on Avast. Mention on Spybot and alternatives.
 +
 +
15:30-15:45: BREAK**
 +
 +
15:45-17:00: How to create and maintain secure passwords**
 +
 +
Participants will learn how passwords are commonly compromised. Which are the common myths and misconceptions about passwords and the features of stronger passwords.
 +
Demonstration of the need for using password manager. Hands on Keepass/KeepassX
 +
 +
17:00-17:30: Summary and Evaluation
 +
__________________________________________________________________________________________
 +
 +
**AGENDA DAY 3**
 +
 +
09:00-09:30: Review of Day 2 by the participants**
 +
09:30-10:30: Practice Keepass/KeepassX**
 +
10:30-10:45: BREAK**
 +
10:45-13:00: How to protect sensitive data on your computer; PART 1**
 +
 +
Participants will discuss if they have lost already sensitive data, how did that happen and what kind of impact did it have on their lives and work.
 +
The objective is to identify the sensitive information the human rights activists have.
 +
 +
Demonstration, installation and hands-on how to protect sensitive and important information with Truecrypt 7.1a.
 +
 +
13:00-14:30: LUNCH**
 +
 +
14:30-15:30: How to protect sensitive data on your computer; PART 2**
 +
 +
Participants will learn how to back up sensitive and important information with Duplicati.
 +
Hands on session.
 +
 +
15:30-15:45: BREAK**
 +
15:45-17:00: How to keep your Internet communication private; PART1**
 +
 +
Participants will learn how the internet works, through an activity showing the chain of agents that can control/access aka compromise our privacy and security.
 +
They will learn the difference between secure and insecure internet connection and have hands-on : HTTPS EVERYWHERE, NOSCRIPT and ADDBLOCK
 +
 +
17:00-17:30: Summary and Evaluation**
 +
__________________________________________________________________________________________
 +
 +
** AGENDA DAY 4**
 +
 +
09:00-09:30: Review of Day 3**
 +
09:30-10:30: How to keep your Internet communication private; PART 1**
 +
 +
Introduction and demonstration of VPN, proxy and Tor. Mentioning of TAILS.
 +
 +
10:30-10:45: BREAK**
 +
10:45-13:00: How to keep your Internet communication private; PART 1**
 +
 +
Participants will learn about the double step verification on Google, about alternative cloud services and alternative email secure services.
 +
Opening accounts on riseup.net
 +
 +
13:00-14:30: LUNCH**
 +
 +
14:30-17:30: How to keep your internet communication private; PART 2**
 +
 +
How encryption works. Demonstration of the keys and mail sending through objects and letter.
 +
Demonstration Pidgin and Meet.jitsi.
 +
Hands-on email encryption. Includes installation of Thunderbird, enigmail and PGP. Generating key pairs, revocation, exchanging keys authenticating them, uploading keys.
 +
Web of trust
 +
 +
17:30-18:00: Wrap-up and Final Evaluation
 +
|Methodologies for training=ADIDS
 +
}}
 +
{{Learning outcomes
 +
|Feelings=How was it ?
 +
|Feedbacks=Feedback of the participants:
 +
 +
What did you think about the training, facilitation and organization of the workshop?
 +
 +
a) I think it was really good. They were well organized, training is real source of useful information and facilitators gave a lot of effort to simplify everything, so we could understand.
 +
b) It was well organized, I felt good about it. Trainers were very good and I am thankful to them for this training
 +
c) Everything was very good. Especially the trainers. It was something new for me, the topic and a challenge.
 +
d) Encryption was great, the trainers were very professional and friendly and I believe they made us all interested in topics we usually don't find very interesting.
 +
e) Training was very useful, especially because I didn't have chance until now to attend this kind of workshop.
 +
f) Excellent!! Very important training, very useful. Trainers were amazing!! Great approach, very political! Good balance between theory and practice.
 +
g) The importance of this training cannot be compared to other things. Digital security is more important that it seems and very serious. The facilitation was very good and practical. The organization was good.
 +
h) The training was organized excellent and the trainers were very professional and helpful. Also I consider that this workshop should have a follow-up :)
 +
i)I think everything was perfect.
 +
j) It was very good. Trainers are top quality and very good in explaining. The atmosphere was very pleasant.
 +
k) Very good organization and facilitation
 +
l) Almost everything was good. I mean almost because we didn't get to know mobile security. But I will try to figure out at security in a box
 +
m) Very well organized
 +
|START=Insisting for participants to close computers when not needed
 +
|STOP=Covering so much content in so little time
 +
|KEEP=Including feminist perspectives in all the discussions
 
}}
 
}}

Revision as of 12:16, 21 July 2015

Title 3-day training for women activists in the Balkans
Category Digital Security Gender and Tech
Start 2015/04/27
End 2015/04/30
Hours
Scale Turkey
Geolocalization 39° 39' 48", 34° 58' 49"
Loading map...
Organisation TTC for kvinnatillkvinna
Website
Target audience women activists from the Balkans
Number of participants 12
Context and motivations HRD from different parts of the Balkans, working on different issues. They had low level of knowledge about Digital Security, all used Facebook for their activism and sharing sensitive data. They all used Windows, most of them non licensed. They all worked and managed sensitive data on regular level.
Topics activists, Feminism, Balkans, DST
Links Articles, videos, photos on-line, ...
Media [[File:]]
Agenda **AGENDA DAY 1**

15:00-17:00: Welcome, Housekeeping and Objectives**

Introduction Program and objectives Training methodology Expectations Shared agreements (Discussion and agreement) Security guidelines __________________________________________________________________________________________

    • AGENDA DAY 2**

09:30-11:15: Digital Security risk Assessment**

Participants will learn basic methods for assessing common digital and physical risks to data in the work environment. The group exercise begin with all participants filling a document (information map) about the data they produce/manage and they assess:

1)How sensitive are those data (from a work/activist/privacy perspective? Do they imply personal data about third parties?) + Have you lost sensitive information? How did that happen?

Discussion:

2) As a human rights activist, identify potential risks to your equipment and data in the office/area/place you work in? Vs What kinds of risks are present in public spaces? (Do you see similar issues in public Internet cafes, libraries, airports for instance?) + What kinds of precautions they could take to protect their physical and digital safety or the safety of your work and your network?

3) How do you build trust in your work/activist environment? What are the processes or tools you use to check out integrity, verification, authenticity of data you manage and people you work with?

11:15-11:30: BREAK**

11:30-13:00: How to protect your computer from malware and intruders; PART 1

Participants will get better understanding of what malware is, how the devices become exposed with malware. How our online behavior can influence our security regarding malware. Common methods of attacks with Malware. Demonstration through activity a phishing example.

13:00-14:30: LUNCH**

14:30-15:30: How to protect your computer from malware and intruders; PART 2

Demonstration on how to detect fake mails as wall as removing malware from the computer. Tips on prevention infections on the computer. Installation and demonstration on Avast. Mention on Spybot and alternatives.

15:30-15:45: BREAK**

15:45-17:00: How to create and maintain secure passwords**

Participants will learn how passwords are commonly compromised. Which are the common myths and misconceptions about passwords and the features of stronger passwords. Demonstration of the need for using password manager. Hands on Keepass/KeepassX

17:00-17:30: Summary and Evaluation __________________________________________________________________________________________

    • AGENDA DAY 3**

09:00-09:30: Review of Day 2 by the participants** 09:30-10:30: Practice Keepass/KeepassX** 10:30-10:45: BREAK** 10:45-13:00: How to protect sensitive data on your computer; PART 1**

Participants will discuss if they have lost already sensitive data, how did that happen and what kind of impact did it have on their lives and work. The objective is to identify the sensitive information the human rights activists have.

Demonstration, installation and hands-on how to protect sensitive and important information with Truecrypt 7.1a.

13:00-14:30: LUNCH**

14:30-15:30: How to protect sensitive data on your computer; PART 2**

Participants will learn how to back up sensitive and important information with Duplicati. Hands on session.

15:30-15:45: BREAK** 15:45-17:00: How to keep your Internet communication private; PART1**

Participants will learn how the internet works, through an activity showing the chain of agents that can control/access aka compromise our privacy and security. They will learn the difference between secure and insecure internet connection and have hands-on : HTTPS EVERYWHERE, NOSCRIPT and ADDBLOCK

17:00-17:30: Summary and Evaluation** __________________________________________________________________________________________

    • AGENDA DAY 4**

09:00-09:30: Review of Day 3** 09:30-10:30: How to keep your Internet communication private; PART 1**

Introduction and demonstration of VPN, proxy and Tor. Mentioning of TAILS.

10:30-10:45: BREAK** 10:45-13:00: How to keep your Internet communication private; PART 1**

Participants will learn about the double step verification on Google, about alternative cloud services and alternative email secure services. Opening accounts on riseup.net

13:00-14:30: LUNCH**

14:30-17:30: How to keep your internet communication private; PART 2**

How encryption works. Demonstration of the keys and mail sending through objects and letter. Demonstration Pidgin and Meet.jitsi. Hands-on email encryption. Includes installation of Thunderbird, enigmail and PGP. Generating key pairs, revocation, exchanging keys authenticating them, uploading keys. Web of trust

17:30-18:00: Wrap-up and Final Evaluation

Methodologies ADIDS
Resources
Gendersec
Feelings How was it ?
Feedbacks Feedback of the participants:

What did you think about the training, facilitation and organization of the workshop?

a) I think it was really good. They were well organized, training is real source of useful information and facilitators gave a lot of effort to simplify everything, so we could understand. b) It was well organized, I felt good about it. Trainers were very good and I am thankful to them for this training c) Everything was very good. Especially the trainers. It was something new for me, the topic and a challenge. d) Encryption was great, the trainers were very professional and friendly and I believe they made us all interested in topics we usually don't find very interesting. e) Training was very useful, especially because I didn't have chance until now to attend this kind of workshop. f) Excellent!! Very important training, very useful. Trainers were amazing!! Great approach, very political! Good balance between theory and practice. g) The importance of this training cannot be compared to other things. Digital security is more important that it seems and very serious. The facilitation was very good and practical. The organization was good. h) The training was organized excellent and the trainers were very professional and helpful. Also I consider that this workshop should have a follow-up :) i)I think everything was perfect. j) It was very good. Trainers are top quality and very good in explaining. The atmosphere was very pleasant. k) Very good organization and facilitation l) Almost everything was good. I mean almost because we didn't get to know mobile security. But I will try to figure out at security in a box m) Very well organized

Start Insisting for participants to close computers when not needed
Stop Covering so much content in so little time
Keep Including feminist perspectives in all the discussions