Manual introduction

From Gender and Tech Resources

Revision as of 10:31, 27 May 2015 by Floriana (Talk | contribs) (How to use this manual?)

_TOC_

Aims of the manual

This manual is the result of conversations among many different actors (be it GTI participants and facilitators, the multiple authors and reviewers of this manual, from the global south and global north among which are women, queer, trans* and men) about what it means to include a gender perspective into privacy and digital security. It is informed by the numerous documented stories and creative practices of grassroots activists who have been using and developing appropriated and liberating technologies while ensuring gender justice, privacy and security. The strengh of this manual comes from the diversity and heterogeneity of grassroots experiences which derive from daily practices with technologies (be those digital or social ones). From dreaming about technologies to developing them, from using them to contributing to their governance. Imagining liberating technologies where everybody is truly welcomed and respected is not a women's and trans* persons' only task, it is a duty for anybody involved in creating an inclusive, accessible, decentralised and neutral internet.

This manual aims at addressing how to better manage our online identity and how to build and promote safe spaces on the internet and in the physical world. Since we understand that including those fast evolving privacy and digital security practices into our already very busy lives as human rights defenders and activists is not an easy task, we believe in the importance of crafting collective mechanisms of support to keep advancing together, empower each other while keeping it zen in order to have our tech work for us.

When attempting to include privacy and digital security practices in our lives, it is fundamental to look at its relationship with gender. But first, what are gender roles? Gender roles are a set of societal norms dictating what types of behaviors are generally considered acceptable for a person in relation to their actual or perceived biological sex. These are usually centered around binary conceptions of femininity and masculinity, although there are myriad variations and gray scales in between. The first step for including gender consists in acknowledging the gender roles that society attributes to us at birth and during the rest of our lives and that generate stereotypes that can become prejudices. The latter can result into specific threats and violence against women, queer or non binary persons along the technological cycle i.e. from the moment a technology is assembled to the disposal of such a technology (such as e-waste). Gender gaps, discrimination and specific Violence Against Women (VAW) are happening along this process in a structural way that influences our experience of and with Information and Communication Technologies (ICTs).

Including gender into privacy and security also requires an intersectional approach that engages with the diversity of cultures, social status, gender identification, sexual orientations, race, ethnicities and other power structures that create various forms and levels of inequality for individuals and communities into their access to security tools and practices. When we speak about including gender along the realms of privacy and digital security:

- we need to take into account the technological cycles from production to assemblage to disposal, as within this cycle a set of structural violences against women is embedded.

- we need to understand how different women in different conditions find ways of accessing technologies, even if they are not supposed to or supported in doing so, and how they can protect themselves and others in the process.

- we need to tackle specific gender-based online violence and build capacity on the ground so that women, trans* and queer can protect and strengthen their freedom of opinion and expression.

- we ought to remember that it consists in researching the herstory and making women, trans* and queer experiences in the management and development of technologies visible, be those digital ones, or appropriated technologies such as permaculture or health and self-care technologies for instance.

- We need to understand that it means enabling a greater participation of women, trans* and queer into institutions contributing to the governance of Internet as well as inside companies and organisations delivering services for supporting our networking and online identity.

- We need to acknowledge that gender gaps, discrimination and VAW are structural and that structures (economic status, gender, sexual orientations, etc.) influence the conditions of women, trans* and queer in relation to their experience of and with ICTs.

To foster enthusiasm for privacy and digital security along a gender and intersectional frame requires an integrated approach linking those to our well being (self-care) and physical security as human right defenders and our feminists and queer activism. This includes exposing the many invisible contributions that sustain digital security communities, avoid frustrated expectations, gain self confidence and loose fear through Do-It-With-Others (DIWO) processes, among others. Accordingly, adapted, updated and targeted resources and training methodologies focusing on specific threats and strengths is necessary in order to activate curiosity and a better understanding through contextual references.

Because of all this, including gender through a holistic and intersectional approach is also about asking ourselves when we choose to use a specific technology if those are liberating or alienating ones for other groups and individuals. Liberating technologies could be defined as appropriated technologies that do not harm and are fairly produced and distributed, are rooted in the free software and free culture principles and are designed by default against gender based violence, surveillance, opacity and programmed obsolescence.

Nowadays, what is closer to feminist and liberating practices on the Internet are the Feminist Principles on the Internet developed by the Association for Progressive Communications (APC) in 2014, when they gathered a group of Woman Human Rights Defenders and feminist activists to a Global Meeting on Gender, Sexuality and the Internet with the mandate to come up with a first list of principles. Those are about the ways in which the Internet can be a transformative public and political space for women, trans* persons, queer and feminists. It situates tech-related violence on the continuum of gender-based violence making clear the structural aspect of violence linking, expanding and/or mirroring online attitudes with offline prejudices. The principles also highlight surveillance and lack of privacy as patriarchal tools, whether they are used by the state, private individuals or corporations, to control women's and trans* persons' bodies and thoughts.

What is this manual about?

The internet is an amazing space to explore, learn, speak up, listen and communicate with people across the world. Unfortunately, it has also become a contentious space. There is a pushback against people who speak against, question or challenge dominant discourses, especially if those deal with gender and sexual orientations. When planning to be active on the internet as a vocal women, a woman human rights defender, a trans* person and/or a feminist, it’s a good idea to start from an assessment of the traces we leave behind us on the Internet, our digital shadow and the social domains that are spread across our online and physical activities. These two aspects can tell very accurate stories about us; who we are, were we live and hang out, what we are interested in and who our friends are. Because those traces and online identity can expose us to several threats, this manual is about presenting you different strategies you can adopt and tools you can use in order to shape or control your digital shadow and social domains in order to obtain a greater privacy and security online. The first part of this manual will enable you to understand the traces you leave behind on the Internet, your digital shadow and metadata, which are the risks and empowering potential of different online identities (real names, pseudonyms, collective names and anonymity), how you can create new online identities and manage alone or with others various on-line identities.

Once, you have learnt about the possible impact your online identities can have on your life, work and activism, and how you can develop strategies and use tools to mitigate possible risks and enhance possible strengths, the manual will introduce you to how to build safe spaces for you and your organisation, but also how to develop safe spaces and spaces of resistance in mixed environments. Finally, it will present how to create safe spaces in the physical world where women and trans* persons can learn about privacy, digital security and technologies in general in order to be empowered and further contribute to those fields. Safe spaces have been used by marginalized groups and communities for many decades now. They have been a way to care for oneself and for a collective, to design and craft strategies and tactics of resistance and to create an oasis of peace in what sometimes can be a tiring struggle for change. Safe spaces have taken different meanings and bear different names depending on a variety of factors, be they geographical, temporal, spatial, cultural or social, among others. This chapter will enable you to become a moderator well aware of the fundamentals of netiquette and how to contribute to the creation and enforcement of social rules within online communities. You will learn the fundamentals about how to build safe spaces online and offline, gain knowledge on process and methodologies to reclaim and resist in mixed-environment spaces and become aware of current initiatives and processes that can be replicated in your community, organization or collective in order to turn them into safer spaces.

How to use this manual?

This manual serves as a reference guide for women, trans* and queer grassroots activists who want to improve their privacy and digital security practices along gender and intersectional lines. This manual has been designed to be used in three different, but inter-related ways. First, there is a shorter printed (and PDF) version which contains the most essential elements of how to include gender in privacy and digital security practices. If you are new to this topic, we recommend you start reading the printed (or PDF) manual. The brevity of the printed manual is a great way to get familiar with the topic. Second, there is an online wiki, which complements the printed/PDF material. The wiki goes more in depth and at more length in explaining concepts on how to manage identities online and build safe spaces, in addition to giving examples and instructions on how to turn abstract concepts into practice. Third, the idea with the manual is its evolving and participatory nature. The wiki consists in an evolving document where people from the Gender and Tech Institute community will be given access to the wiki to add content, examples and more sections over the coming months. This wiki also aims at creating a repository of critical resources for women's human rights defenders and activists from the global south and the global north. Documentation about and storytelling on including gender in digital security and privacy practices are particularly lacking and therefore the need to create a reference that can be regularly updated is of prime importance. Through this wiki and its participatory nature, we also hope to create a dialogue between different practices, frameworks and geographies, as well as to build an international community around these issues.

What you need to know before using this manual

Before reading this manual and using the recommendend tools and tactics, it is important to remember that every technology has its risks and therefore precautions ought to be taken to minimise the risks.

The first step we should take before connecting our devices to the internet, is to reflect on the data we have stored on our devices and elsewhere: What kind of data do we produce and/or manage? With whom do we produce these data? Where are these data stored? Which devices or online platforms hold our data? Most importantly, how sensitive are our data and what would happen if this particular data suddenly disappeared or was seen and copied by a third party? To learn more about mapping our data, read: https://gendersec.tacticaltech.org/wiki/index.php/Step_0#Mapping_your_data

Once we've mapped our data, the next step is securing them.

When our data is stored online, on the "cloud", it is crucial to choose strong passwords, or better passphrases, and to use a different one for each of your accounts. For more information on the importance of strong passwords and how to store them, read Security in a Box's chapter on passwords and the EFF's howto. A good tool to generate and store strong passwords is KeePassX. A technique to create strong passphrases that are also easy to remember consists in creating a random group of words that don’t make any sense together by using simple, physical dice. Read more about the Diceware techique.

Another very important measure we should take when going online, especially if we are transmitting personal data and passwords, is to always use a secure SSL connection, which ensures that our data cannot be seen by anyone as they travel from our computer to the website we are visiting or to the service we are using. To do so, when we access a website we should type HTTPS instead of HTTP befor the url of the website we want to visit. If we receive an error or the HTTPS is replaced by HTTP again, this means that the website is not offering a secure connection. To make sure that we always connect securely to websites when this option is offered, we can install HTTPS Everywhere, a Firefox, Chrome, and Opera extension developed by the Electronic Frontier Foundation that encrypts our communications with many major websites.

Likewise, when we create an account with an online service (e.g. our mailbox or a chat network) that we will access through a specific client or app, we should check the features of the service to make sure that it offers a secure connection and configure our clients accordingly by activating the TLS/SSL option.

Some activities are riskier than others, and in some cases SSL is not enough: we may have good reasons to hide our physical location and our usage of the internet, and to do so we could decide to anonymise our connections through Tor, an anonymity network that conceals both the location of our connection and what we do on the internet by routing communications through a distributed network of servers run by volunteers all over the world. By consistently using Tor, no one can link our IP address to us, not even the mail server we use. For further information on how to use Tor, see the TOR project website.

An easy tool to anonymise our connections when browsing the internet is Torbrowser, the most recommended and rigorously tested tool for keeping our online activities anonymous. For more information on Torbrowser and instructions for Windows users, visit: https://securityinabox.org/en/guide/anonymity-and-circumvention For instructions for Mac OSX users, visit: https://ssd.eff.org/en/module/how-use-tor-mac-os-x

Also the choice of the mail server we use for our contact mail address is important. There are several secure servers that offer a good service, like the Swiss commercial service Kolab Now (https://kolabnow.com). But the main point is to find a service that offers a secure connection (HTTPS instead of HTTP) and that is compatible with our actual needs. If you think that using a grass-roots service instead of a commercial one is closer to your view of the world, you can open a mail account with an autonomous server such as Riseup (a site used by activists with a clear set of political principles) or Autistici/Inventati (A/I). Riseup provides email addresses to activists based on a trust system. You can either get two invite codes from friends who already have Riseup accounts or wait for Riseup to approve your detailed request (which can take a long time). For more info visit: https://user.riseup.net/forms/new_user/first To obtain a mailbox with A/I, you just have to read their policy and manifesto and, if you agree with their principles, fill in a form explaining why you are asking for this service and in which way you share the collective's fundamental principles. To learn more about A/I, visit: http://www.autistici.org/en/about.html

Finally, nothing is secure if we only think about technology and we neglect our well-being. If we are exhausted, stressed or burnt out, we might make mistakes that impair our security. Read more about this in the Tactical Technology Collective's manual on holistic security: https://tacticaltech.org/holistic-security and this essay on The Psychological Underpinnings of Security Training: https://www.level-up.cc/resources-for-trainers/holistic/psychological-underpinnings-security-training.