Mobile Browsing

From Gender and Tech Resources

Title of the tutorial Browsing on your Mobile
Attributions
Kind of learning session Hands-on Tools
Tutorial category Mobile Phones
Duration (hours) 3h20mins
"h20mins" can not be assigned to a declared number type with value 3.
Learning objectives See what gets shared with others through your browser, and how. Then take concrete steps to make your web browsing more private and secure.


   See how and why your browser might not be as secure as you might think, and where insecurities lie.
   Understand what 'encryption' means, how the internet works (infrastructure), and how and why online   tracking fuels advertising.
   Know what is meant by 'anonymity' online, and understand the basics of Tor.
   Be able to make informed decisions about which browsers to use
   Be able to limit data traces left through the browser
   Android: Learn how to install and customise Firefox, and install and use Orbot and Orfox
   iPhone: Learn how to customise Safari to limit tracking. 
Prerequisites
Methodology Step 1: Introductions (10 min)
   Briefly introduce yourself and the session, then ask participants to introduce themselves and to answer the following questions:
       What browsers do you use on your mobile, and why do you use these specific browsers?
       What do you want to learn in this session?
   Taking expectations into account, give a brief overview of the session, including objectives, what will be covered (and what not), and how much time is available.

Step 2: The browser as two-way street (30 min)

While the browser allows us to access the internet, it also allows others to access lots of information about us.

The following activity gives an overview of how the internet works, showing shows what information third parties can see when you browse the web or send email. It then shows what others can see when you use the internet via https and via Tor. Activity: "Https and Tor" Preparation

   If some participants have computers (one per group), write the URL up for EFF's diagram for HTTPS and Tor: https://www.eff.org/pages/tor-and-https
   Alternatively, print out the diagram in each 'mode' (HTTP, HTTPS, Tor) - one set for each group.

Explore HTTPS and Tor (10 min)

   Break participants into small groups
   Give the groups some time to explore the 'Tor and HTTPS' diagram, and let them discuss their findings.

Feedback and discussion (20 min)

Groups report back on their findings. Discussion should cover:

   Who has access to your data traces?
   What is the difference between HTTP and HTTPS?
   What is Tor?
   How does Tor anonymise your browsing and block online tracking?

Step 3: Tracking in the browser (30 min)

Tracking in the browser is often invisible. The following activity gives participants the chance to see how tracking works. Activity: "Visualising tracking in the browser" Preparation

   Make sure you are familiar with Trackography and Lightbeam. More info can be found in the Reference Document for Browsers.
   Make sure you have enough computers available - one per small group. Lightbeam can't be installed on a mobile phone, and Trackography only works on larger screen.
   On the board, write up the links for Trackography and Lightbeam, or project these onto a screen.
   If there is limited internet, download the Trackography movie and screen-cast Lightbeam.

Explore Trackography & Lightbeam (15 min)

   Divide participants between Trackography and Lightbeam, breaking into smaller groups if necessary.
   Participants should explore the two tools, and discuss their findings.

Feedback and discussion (15 min)

Groups report back on what was discovered. Fill in gaps and offer explanations as needed. The following concepts should be covered:

   What is tracking?
   What type of data is being collected, and by whom?
   What is Profiling?
   How can companies track me across website? What is browser fingerprinting? (Demo EFF's Panopticlick.)
   Trace-routes: how data travels across the internet.
   Go over how the internet works, if needed.

Step 4: Browsing on your mobile: Hands- On Session (60 min)

Run a hands-on session that covers the following: (find detailed information in the Mobiles Reference Document)

   Compare, choose, and customise
       Go through an overview of the different browsers available for the OS you're focusing on, and then:
           Android: Install and customise Firefox (only browser on Android where settings can be adjusted).
           iPhone: Customise Safari (only browser on iPhone where settings can be adjusted).
   Install a VPN or Tor
       Android
           Install Orfox and Orbot
           Discuss alternative app stores and help participants configure their phone settings to accept apps from other sources if they want to use these alternatives.
       iPhone:
           Since Tor (via Orfox and Orbot) can not be used via an iPhone, a VPN is the next best option. Show participants how to install a VPN, and have them set one up if possible.

Tips: "How to run a Hands-On Session" Preparation

   Test out all the tools and settings you'll be installing and/or using in the session.
   Find or create resources to help participants self-learn along the way.

Steps

   Break the group according to size, number of trainers and, if relevant, operating system (e.g. Android or iPhone). Each group should have at least one trainer.
   Walk each group through the steps involved, in an interactive way, with step-by-step instructions or guidance projected on the wall or printed out.

Step 5: Search engines (20 min)

Use the following activity to help participants understand important differences between commercial and 'alternative' tools, with a focus on Search Engines. Activity: "Choosing Tools" Preparation

   Print a "Choosing Tools" grid for each participant - make sure it's blank!
   Download a grid that's been filled in already with specific tools (some can be downloaded from the Materials page at MyShadow.org), or fill in a grid yourself, depending on what tools and services you're focusing on. (eg. search engines or messaging apps). You can either print this out for participants, or project it on the wall.

Brainstorm apps and tools (5 min)

   Briefly introduce the activity, and give each participant a blank "Choosing Tools" grid.
   Focusing on a specific type of service (search engines, messaging apps, etc), put participants into pairs and ask them to fill in the first column with the names of some services/apps they can think of (e.g. for messaging apps: Whatsapp, Snapchat, Signal)

Go through the Evaluation Framework (20 min)

   Using one services/app (eg Whatsapp) as an example, walk the group through each category step by step, explaining concepts and answering questions as they arise.
   Get participants back into pairs and give them time to fill in the rest of the grid.
   Give them a filled-in grid to compare their own against, and answer any questions.

Discuss: How do you decide which tool best suits your own needs? (10 min)

Lead a discussion that covers the following:

   When choosing a tool, it's important to think about what data you want to "protect". It can be useful to think about this within four broad categories: identity, social networks, content, and location.
   A tool might, for example, protect your content with encryption, but might also require access to specific information like your phone number, making it impossible to use pseudonymously or anonymously. If pseudonymity/anonymity is what you need, then a different tool might suit your needs better.

Step 6: Strategies of Resistance (30 min)

Use the following activity to guide participants through key strategies for taking more control of the data they share with commercial companies. Adapt it so that it specifically focuses on Browsing. Activity: "Strategies of Resistance" Preparation

   Prepare to present the four categories of resistance. Have a full list of examples for each one.
   Decide which area you would like the group to focus on (for example browser tracking, location tracking, mobile phones in general, etc).

Four types of resistance (15 min)

   Ask participants for a few ways they have tried to increase their privacy online. Put some of these on the board.
   Use the examples on the board to lay out four broad strategies of resistance:
       Reduction (Reduce)
       Obfuscation (Confuse/Create noise)
       Compartimentalisation (Separate)
       Fortification (Fortify)

Brainstorm strategies (20 min)

   Split participants into four groups, and give each group one of the four strategies: Reduction, Obfuscation, Compartmentalisation, Fortification.
   Set the focus area.
   Each group should brainstorm ways in which they can reduce / obfuscate / compartmentalise /fortify their data in this area.

Feedback: presentations (15 min)

Each group reports back to the entire group in a 2-3 minute presentation. Discussion (10 min)

Lead a brief discussion on the benefits and limitations of each strategy, feeding in where necessary. Step 7: Wrap up (15 min)

   See if anything is unclear, and answer questions
   Direct participants to resources
   Hand out Tactical Tech's Pocket Privacy guide for Mobiles if you have them. 
Number of facilitators involved 1 or 2
"or2" can not be assigned to a declared number type with value 1.
Technical needs Participants' phones
   Choosing tools - blank grid
   Mobiles Reference Document
   Computer
   Projector
   Flip chart
   Markers
   Pens
   Strategies of Resistance framework
   Pocket Privacy Guide - Mobile 
Theoretical and on line resources [[Theoretical and on line resources::"Mobile Tools", Security in-a-box (Tactical Tech / Front Line Defenders)
   Mobile Safety (Level-Up Trainers' Curriculum)
   Umbrella app for Android (Security First)
  Pocket Privacy Guide - Mobile]]