Methodology
From Gender and Tech Resources
This is a property of type Text.
Pages using the property "Methodology"
Showing 21 pages using this property.
(previous 25) (next 25)M | |
|---|---|
| Móvil 1: Funccionamiento + | '''Actividad #1''' ¿Cuáles son las partes de un teléfono móvil? Las participantes hacen una "lluvia de ideas" listando los diferentes componentes físicos de un teléfono móvil: * Pantalla * Antena * Micrófono * Bocinas o parlantes * Cámara * Batería * Tarjeta de memoria micro SD * Tarjeta SIM * Carcasa * Circuito procesador * Banda base (IMEI) * Botón de encendido y apagado * Botón de menú * Botón de volumen * Linterna / Flash * Entrada de mini plug (3.5mm) para audífonos * Entrada micro USB para cargador * Antena GPS * Sensor de posición * Reloj * Bluetooth * Sensor ambiental * NFC Una vez hecha la lista se reflexiona sobre lo familiar que es esta tecnología que a veces parece misteriosa porque no siempre sabemos como funciona. '''Actividad #2''' * ¿Cómo funciona la infraestructura de la telefonía móvil? Explicación construida de forma colectiva con la participación de todas. Las facilitadoras van reflejando las ideas en un dibujo o gráfica que permite visualizar las ideas. Se dibuja una persona con un teléfono móvil en un espacio determinado, luego se dibuja una antena cercana al lugar donde se encuentra la persona. La antena y el teléfono están conectados por una señal inalámbrica (no es visible). Las facilitadoras preguntan: * ¿Qué pasa cuando esa persona se mueve de ese espacio? si la persona esta en una llamada ¿cómo es posible que la llamada no se corte? * ¿Cómo puede el teléfono móvil seguir teniendo señal cuando se aleja de la antena? Se dibujan dos antenas más y se explica como funciona la triangulación de las antenas. Vídeo "Balthazar (video 00:35 - 01:33) Cando el teléfono móvil esta encendido (no en modo avión) están buscando señal de una antena y si no encuentran una señal lo que hacen es subir la potencia de su pequeño transmisor (algunos no tan pequeños de hasta 4 o 5 Watts) para ver si encuentran la señal de una antena. Esta es la razón por la cual cuando un teléfono móvil no encuentra señal su batería se descarga rápido porque al subir su potencia hace un uso mayor de ella. La triangulación de antenas permite identificar de forma aproximada la ubicación de un teléfono móvil (el GPS es más preciso) Basta con que la compañía de telefonía celular apague una antena para que las personas en esa área queden incomunicadas. Es sabida la colaboración que existe entre compañías y gobiernos en algunos países. Las facilitadoras explican: * ¿Qué es el IMEI? Identidad Internacional del equipo Móvil. Es un número que identifica al aparato de forma exclusiva a nivel mundial. Este numero es transmitido por el aparato a la red con la cual se conecta. El IMEI es distinto al número de teléfono que te proporciona el SIM de la compañía con que contratas el servicio. Para conocer el IMEI de tu aparato de teléfono sólo debes marcar *#06# El IMEI esta en lo que se conoce como la banda base del teléfono móvil * ¿Por qué usamos una tarjeta SIM? A diferencia del IMEI el SIM es una tarjeta desmontable que permite identificar a la persona que suscribe el servicio de una red de telefonía. El SIM es la tarjeta que te permite tener un número identificador en la red de telefonía celular. Es tu número de teléfono con el cual recibes llamdas. * ¿Cuáles son las diferentes formas en que el teléfono móvil puede acceder a infraestructura para la transferencia de datos y cómo esto se relaciona con la privacidad y seguridad? # 3G/4G: son protocolos de telefonía móvil que corresponden a diferentes generaciones que van aumentando la velocidad y calidad en la transmisión de datos. El método de triangulación permite identificar el área geográfica donde se encuentra el teléfono móvil. # Wifi: por lo general el servicio de internet lo provee una compañía diferente a la de telefonía móvil. Para acceder a internet el teléfono móvil se conecta con un punto de acceso que provee la compañía de internet. este punto de acceso esta asociado a una línea telefónica o una antena micro ondas, con lo cual es fácil identificar el área geográfica donde se encuentra el teléfono móvil pues un punto de acceso tiene un rango de aproximadamente 20 metros de cobertura en áreas cerradas y un poco más en áreas abiertas. Cada vez que un teléfono móvil conecta con un punto de acceso wifi queda guardado en el historial del teléfono y cuando llega a otra red ese historial es compartido como una base de datos que permite identificar si se trata de una red nueva o una red donde ya ha estado conectado. El problema es que revela todos los puntos de acceso a los que han conectado y eso representa un punto de vulnerabilidad. # Bluetooth: es un componente que permite crear un enlace entre diferentes dispositivos, a través de radiofrecuencia, posibilitando la transmisión de voz y datos. Tiene un rango menor de cobertura que el wifi. Para poder conectar con otro dispositivo electrónico vía Bluetooth es necesario estar a poco metros de distancia, además si mantienes tu teléfono móvil con el Bluetooth activado corres el riesgo de que una persona tenga acceso a tu información (fotos, archivos, contactos, vídeos, etc) sin tu consentimiento. # GPS: Es un sistema de geoposicionamiento global que funciona a través de la triangulación de señales satelitales. La ubicación geográfica de un teléfono móvil es más precisa. Si mantienes el GPS activado es muy fácil que tu ubicación sea localizada por terceras personas sin tu consentimiento. # Datos de Internet: A partir de la 3ra generación de protocolo de telefonía móvil (3G) los dispositivos GSM tienen acceso a la transmisión de datos de internet a través del servicio de telefonía que ofrece la compañía. Para que un teléfono móvil tenga acceso a datos por medio de la compañía telefónica debe tener señal de una antena con lo cual el sistema de triangulación también permite la ubicación geográfica, además del rastreo que se logra através de la navegación en internet. ''Actividad #3'' Jugando con las tarjetas de teléfono móvil. Las facilitadoras piden a las participantes que se dividan en 4 grupos. Cada grupo tiene un juego de tarjetas. Cada tarjeta corresponde a una capa del teléfono móvil. Cada grupo trabaja con una tarjeta diferente y debe contestar un conjunto de preguntas: Preguntas para todos los grupos: * ¿Cuáles son los tres formas en que puede ser rastreada tu localización? * ¿Quién es dueño de tu "baseband? * ¿Cuáles son los datos trazados por la infraestructura de telefonía móvil? * ¿Cuáles son los datos trazados creados por las usuarias? Preguntas específicas por grupo: * Grupo 1: Tarjeta 1 ¿Qué pueden hacer para tener un mayor control de lo que hace nuestro teléfono móvil? * Grupo 2: Tarjeta 2 ¿Qué pueden hacer para tener un mayor control de lo que hace nuestro teléfono móvil? * Grupo 3: Tarjeta 3 ¿Qué pueden hacer para tener un mayor control de lo que hace nuestro teléfono móvil * Grupo 4: Tarjeta 4 ¿Cuáles son los riegos de conectar datos? Plenaria Cada grupo debe presentar la respuesta a la pregunta específica '''Actividad #4''' Evaluación * ¿Qué fue lo qué te sorprendió? * ¿Que fue lo que te gustaría mejorar? Sugerencias * ¿Que fue lo que te gusto? Dejemos el espacio mejor de lo que lo encontramos Gracias! + |
| Móvil 2: Complementos + | '''Actividad #1 Bienvenida''' (10 min) En un post it cada participante escribe: * ¿Qué edad teníamos cuando tuvimos un celular por primera vez en nuestras manos? ¿Qué marca? * ¿Cuanto tiempo hace que tiene el celular que usa actualmente? * Enumera los tres usos principales que le das en la actualidad Compartir en plenaria.- Mural de las respuestas. Análisis de los resultados: ¿Está la navegación entre las respuestas que más se repiten? '''Actividad #2 Visibilización''' (20 minutos) * ¿Qué recorrido o ruta tienen nuestros datos cuando navegamos a través del teléfono móvil? * ¿Por qué es importante la navegación segura desde el teléfono móvil? Herramientas para sondear el rastreo: Trackography http://trackography.org/ Una participante elige uno de los países que aparecen en el mapa en color azul y luego selecciona el medio de comunicación que acostumbra a consultar a través de su teléfono móvil y luego puede identificar el tipo de rastreo que las compañías terciarias hacen de los datos de la participante. Lightbeam https://www.mozilla.org/es-ES/lightbeam/ Es un complemento de Firefox que permite identificar que empresas están rastreando la navegación en el momento real de la navegación. Panopticlick https://panopticlick.eff.org/ Esta herramienta permite analizar que tan bien configurados están los complementos de seguridad del navegador. - Discusión con las participantes: Sí accedemos a la internet a través de nuestros teléfonos móviles, ¿qué información puede ser rastreada? (Lluvia de ideas en el papelografo) - Explicación: Niveles de rastreo * IMEI-SIM-Documentos oficiales (Credencial de identidad) * Servidores donde están hospedados los sitios webs que visitamos * Empresas terciarias * Metadatos de los navegadores - Perfil de usuarias * Fingerprinting (huella digital) '''Actividad #3''' (20 minutos) Revisemos las aplicaciones que tenemos en nuestro teléfono móvil. Identifiquemos en porcentajes (%) en una hoja. Ejercicio personal. (10 minutos) * ¿Cuántas aplicaciones tienes? * ¿Cuantas son redes sociales? * ¿Cuantas son predeterminadas? (vienen por defecto con el teléfono móvil) * ¿Cuantas aplicaciones son de manejo de contenidos multimedia? (foto, vídeo, audio) * ¿Cuantas aplicaciones son de entretenimiento? (juegos) * ¿Sabemos que accesos le otorgamos a las aplicaciones cuando las instalamos voluntariamente? - Discusión con las participantes: ¿Qué características debemos tomar en cuenta al momento de instalar una aplicación en un dispositivo? (10 minutos) * Permisos de acceso * Vinculación con empresas de rastreo de datos * Uso comercial de nuestros datos * Tipo de empresa que desarrolla la aplicación (Comercial o no, historial de incidentes de privacidad) '''Actividad #4''' (45 minutos) Dividir a las personas participantes en grupos según el SO de su teléfono móvil: Android, iPhone ¿Cómo navegar en internet de forma segura desde el teléfono móvil? Instala Orbot y Orfox (Android) ¿Cómo instalar y usar diferentes complementos para la navegación segura desde el teléfono móvil? Instala complementos para el navegador Cambia la configuración del teléfono móvil: ¿Cuáles aplicaciones tienen acceso a tus datos? * Elegir entre Tor (Android) o VPN (Android y iPhone) * Borra las aplicaciones que no usas * Cifra tu teléfono (Android) * Coloca una contraseña de bloqueo a tu teléfono móvil y a las aplicaciones que te lo permiten * Apaga el wifi, bluetooth y GPS cuando no lo necesitas usar * Utiliza una cuenta de correo diferente para configurar tu teléfono '''Actividad #5 Estrategias''' De las actividades realizadas durante el taller, identifica cuales pertenecen a las siguientes estrategias de mitigación: * Reducción * Fortificación * Compartimentación * Camuflaje Actividad #6 ¿Qué criterios debemos considerar al momento de elegir un teléfono móvil o un servicio que asegure la privacidad? Lluvia de ideas en un papelógrafo * Se puede extraer la batería * Se puede acceder como root (o es rooteable) * Se puede cifrar el teléfono * Sistema Operativo que usa ¡EVALUACIÓN! ¿Que te gusto? ¿Qué te sorprendio? ¿Que suguieres cambiar para la próxima vez? + |
P | |
| Privacy Analogue data shadows + | Ideally: take a polaroid picture of each participant, and write some 'metadata' on it – the place the photo was taken, the time, and the kind of camera used to take the photo. If facilitators can't get hold of a polaroid camera, then ask participants to bring in a photo of themselves to the session, that (ideally) they don't mind writing on and using for the session. Once metadata has been put on the photos of participants, give them back to the participants, along with a big sheet of paper and glue, and ask participants to draw the different data shadows and traces that they leave, associated with devices and online services that they use. If possible, provide people with a variety of art materials – glitter, coloured pens, stickers, etc, and encourage them to use anything they like to express and visualise their data shadows. + |
| Privacy From data shadows to data brokers + | Put participants in groups of 5, and ask them to put their 'data shadow' illustrations together on one big piece of paper. Give each participant an envelope, and ask them to stick it on their individual data shadow images – then, distribute the slips of paper so that each participant has at least one digital behaviour, and one digital action that they do to others. Ask them to put these slips of paper into their respective envelopes, so that every data shadow illustration will have a set of papers in their envelopes describing different online activities. Now, ask each group to leave their collective tables to go to another table, and look at another groups' collective data shadow. Each group now takes the role of 'data broker', and is asked to develop a profile of the group based on the contents of the envelope, and their digital behaviours. One of the facilitators should now take the role of an “angel investor”, who is looking to invest in a new initiative around the use of data, and participants, in their groups, are tasked with figuring out a way to sell that data to an “angel investor” – ie. one of the facilitators. Give groups 20 minutes to plan a “pitch” to the angel investor, then bring the group back to plenary. With the “angel investor” at the front, ask the groups to perform their pitches – remind the groups that they are trying to convince the angel investor to give them money to develop their project, and that the data they have is more valuable than other groups. To round the session off, get the angel investor/facilitator to pick the pitch that they liked best – they are the winner! The facilitator could give a quick round up to the group of how – though this exercise was obviously heavily fictionalised – many companies' business model relies heavily upon personal data of their users, and that they “create value” from it in this way. + |
S | |
| Security PGP 101 + | This session is largely explanatory rather than interactive: Explain the following concepts: * what PGP – Pretty Good Privacy – is * Differences/similarities between PGP and GPG * Why PGP is useful to us, and why might we want to understand it or use it? * How it differs from SSL, TLS and HTTPS – and define these terms + |
| Security: Password security + | This session has two parts: first, an activity to get people to understand different levels of password security, and secondly, a hand on part of learning about the password management tools. This tutorial will only cover the activity in detail – please refer to Security in a Box for more details on how to use and install the various tools. Get participants to line up at the back of the room – the aim of this activity is to reach the far wall the fastest, like a race. This, though, is a 'secure password race'. By asking questions about participants use of secure passwords, they will move forward or backwards, depending on the answer. For example: * if you have used the same password for two or more accounts, take 3 steps back * if you already use Keepass or a secure password management tool, take 2 steps forward * if someone else knows the password to your main email account, take 2 steps back Once at least one participant has reached the 'goal line', bring the participants back into a group, and have a discussion around the characteristics of good password management, based on the activity. One of the facilitators could make a list of these characteristics on a flip chart. For the next part of the session, do a hands on introduction to password management tools. + |
| Seguridad digital en campañas feministas + | A partir de la educación popular se planteará una discusión sobre lo que implica pensar desde la defensa personal feminista la seguridad digital y su integración + |
| Self Care, Concentration + | Concentration exercise: We listen to a didactic radio capsule to make our breath conscious '' 'Exercises: 1. Hold the body' '' This exercise is carried out with a partner to bring peace and calm at moments of acute stress, anxiety, fear, despondency and in other situations. By using this technique, a direct connection is made with the energy of the person affected, therefore it is necessary to be very focused, calm and aware that we will share love, peace, harmony and tranquillity with our companion. Before we begin, we have to concentrate, so to start there is a short two-minute meditation with eyes closed. ''Steps:''' 1. Hold the forehead and base of your partner's skull, placing the hands gently without touching the head for for 3 to 5 minutes. (?? - is this possible?) 2. Hold the crown of the head with your fingertips on the forehead for 3 to 5 minutes. 3. Hold the shoulders for 3 to 5 minutes. 4. Hold the point over the sternum (chest) and behind the heart (back) for 3 to 5 minutes. '' 'Exercises: 2. "Switching" (guided imagination)' '' To focus the flow of energy '''Steps:''' Sit comfortably and breathe deeply. Cross your left ankle over your right ankle. Extend your hands to the front then turn your hands with thumbs towards the earth. Cross your right hand over your left hand, interlacing the fingers of your hands to form a fist. With your fist touch the center of your sternum. Close your eyes, breathe deeply and relax the entire body. Imagine that you can go down to a place in the center of your being. (You can imagine a center below the navel in the center of the abdomen.) For the people of China this center is called the Dantien. For people from India this is called la Hara). Relax the tongue inside the mouth and with the tip of the tongue touch behind the upper teeth. Breathe deeply and let go of all thoughts. Rest in peace and deep silence for a few minutes. After two or three minutes, relax your hands and place them on your legs. Take a deep breath and slowly open your eyes. Stretch your hands and arms. '' 'Discussion: Effect of stress and trauma on hacktivists' '' We share the importance of being able to connect with yourself, with your emotions and how powerful meditation is to help this. We share diverse experiences of stress, care, lack of care and impacts on the bodies of activists. '''Closing:''' We close the session with an exercise of collective containment, hugging and "mesándonos" (needs explanation) in circle. + |
| Self care, Body + | '''Exercises 1''' Various stretching and tension exercises on hands / back / arms The explanatory video can be found at the following link: https://archive.org/details/BOOTSEQUENCE '''Exercises: 2''' Rest your eyes Firstly, we close our eyes so we can perform an exercise to concentrate and rest our eyes. Women activists who work with computers for long hours often suffer from sleep disorders, concentration problems and other issues caused by prolonged-exposure to computer screens. This exercise helps to rest and relieve your eyes if you suffer from these problems. In a guided meditation with our eyes closed, we are walking with our eyes around an imaginary clock: 1. First we walk the clock starting with point 12, going to point 3, point 6, point 9 and we return to point 12. We stop one minute for each point. Repeat the exercise twice 2. Now we go through the clock and stop at all the numbers on the clock: we start at 12 and we run: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11 and back to 12. We stop Minute for each point. 3. We remain silent for two minutes with our eyes closed and we gently open our eyes. '' 'Exercises: 3. Release tensions in the neck and back' '' Based on the technique of acupressure, we are going to help the energy accumulated in the back and neck flow freely; we will press lightly with our index finger on acupressure points. Through this technique we make a direct connection with the energy of another person, so it is necessary to be very focused, calm and to be ready to share our energy with our partner. Before we begin, we have to concentrate with a small two-minute meditation with our eyes closed. This is also the time to protect ourselves. Steps 1. Lightly press with your index fingers on the points located on the dimple next to the shoulder blades. 2. Press lightly with your index fingers on the points located at the base of the neck. 3. Press lightly with your index fingers on the points located in the neck just below where the neck begins. 4. After releasing energy, the people who worked together thank each other .. '' 'Discussion: What did I notice? What did I build and need? We shared the different emotions with which we connected the exercises. Several companions were able to release emotions that they could not connect with years ago. We closed by thanking each other for our shared trust and we shared some happy moments together. + |
| Self care, Emotions + | For a few minutes, we danced together to the sound of relaxing drums because, as Emma Goldman, Jane Barry and Jelena Dordevic put it: What good is revolution, if we can not dance? Exercise 1. Embrace Fingers We listen to an audio recording. Summary: When you feel a strong emotion, grasp your fingers on one hand with the other hand and hold for 2-5 minutes until the level of emotion drops. For each finger there is a connection of energy that corresponds to an emotion: Thumb: is for tears, pain and emotional pain. Holding fingers does not prevent tears or pain, but allows the energy to move until the person calms down. Grab your thumb, breathe deeply and exhale the pain and the sorrow you feel. Hold your thumb until you feel a pulse of energy. Index: is for fear - it is important to listen to the fear as one would hear a guide. Fear can tell us many things about our environment, our physical well being and our growth. It is what we do with fear that is important. If you are afraid, instead of feeling paralyzed, grab your index finger to make a good decision at critical moments - run away, stay or react. With traumatic stress a person can feel trapped in a spiral of mental and physical panic. Using the index finger is a good way to learn how to work with fear, rather than be a victim of fear. As you hold your index finger, exhale and let go of fear, and inhale courage and strength. Medium: is for anger and rage. Anger is a natural and normal emotion in many situations. Fury can result in violence toward others or toward ourselves. Suppressed anger or denial of our own depths of fury can result in passive-aggressive behavior or many physical symptoms in the body, including arthritis, ulcers, migraines, and knots in the muscles of various parts of the body. Hold your middle finger, exhale and let go of all the fury and anger, inhale energy and creative passion in your being. Override: is for anxiety and nervousness, such as when people unconsciously play with their ringtones when they are afflicted and annoyed by the constant mental noise around them. Annulment helps to discharge unnecessary distress and anxiety, saving energy for action. Take a deep breath and grab your ring finger. Exhale, and let go of all your worries and anxiety. Inhale with a deep sense of peace and security amid the problems of life, knowing that you are spiritually supported and cared for. Little finger: is for self-esteem when one feels victimized by circumstances. Holding the little finger is a way to control feelings of unworthiness and low self-esteem. To stop feeling like a victim, it is important to first recognize what you get when you feel that way - attention, hurt, the concern of others. Placing yourself in a state of power and self-esteem gives you many rewards and a true sense of appreciation in the eyes of others. Hold your little finger, breathe deeply, exhale and let go of insecurity and low self-esteem. Exercises: 2. Download Anxiety Emotional release techniques are very useful to unlock and heal strong negative emotions; fears, anxiety, emotional pain, anger, traumatic memories, phobias and addictions, as well as to alleviate pain symptoms such as headache or body pain. This technique is based on the theory of the energy field of the body, mind and spirit, together with the meridian theory of oriental medicine. Problems, traumas, anxiety and pain can cause a blockage in the travel of energy in the body. Tapping or acupressure at the points connected to the energy channels or meridians can help unlock the congested energy and promote a fluid or healthy flow of energy through the body and mind. Steps: Sit very comfortably without crossing your feet Think of a problem that can be used to measure your level of anxiety: Choose to work on a problem, a concern, a phobia, an anxiety, a traumatic memory, or some negative thinking. Using a scale of 0 to 10 measure the level of anxiety you feel when you think about it. (0 = no anxiety and 10 = maximum anxiety level). Give 7 or 9 taps to the acupressure points identified below Breathe deeply as you tap the fingers with your index and middle fingers at these points: 1. The points where the eyebrows begin 2. The points where the eyebrows end 3. The points on the cheekbones, under the pupils 4. The point under the nose 5. The point on the chin, under the lips 6. The points about 10cm below the armpits 7. The points below the clavicle (collar bone) by the sternum. Touch the dot next to your hand and repeat 3 times: "Even though I have this problem, I'm fine, and I work it!" Repeat the sequence presented in points 2 and 3: Repeat this sequence until your anxiety level has dropped to 0-2 Give a gentle massage on the "sore spot" that lies on the left side of the chest, about 5cm below the left side of the clavicle (collar bone) and 4 or 5cm along from the sternum. + |
T | |
| Threat analysis - Individual responses to threat + | Methodology == Activity: Lion, Horse, Turtle (20 minutes) == '''Step 1.''' Divide the space into three sectors by placing pieces of paper on the floor, reading 'Lion'; 'Horse'; and 'Turtle'. Theb ask participants: What are the characteristics of a Lion? How do they respond to danger? (Typically by attacking); What are the characteristics of a Turtle? How do they protect themselves? How are they different than a Lion?; What are the characteristics of a Horse? How do they protect themselves? How are they different than the others?. '''Step 2.''' Gather participants in the centre of the space and ask them to call to mind a particular event in which they felt they were in danger. Leave a moment for this and give hints if necessary (it may be during a protest, or a security incident which has happened to them of which you are aware). Then, ask participants to move to the animal with which they associate their behaviour in that moment. == Discussion (10 minutes) == Lead a pop-corn style discussion on this – if needed, use prompt questions such as: Why do you associate yourself with this animal in that situation? How did you act? Was it a conscious or unconscious decision to act the way that you did? Did you always react the same way, or has it changed in different situations? '''Note:''' Although the energy can be light and fun, in this conversation, people may recall particularly difficult moments wherein they experienced violence. Try to avoid value judgements and critiquing how someone behaved in a particular situation, but rather listen respectfully to their rationale for doing so. == Input: Physiological responses to threat. (20 minutes) == Humans, like all animals, have built-in responses to threat which have helped us to survive throughout our evolution. When we perceive acute danger, many of these responses kick in without our ability to control them: they are hard-wired to our bodies and minds. Introduce the reactions on a paper or flipchart one by one and, for each, ask if it resonates or if any participant has any reflections on it. The “'''freeze response'''” is when a person becomes utterly still while remaining highly alert and poised for action. This response relies on escaping notice until the danger has passed. For example, we might cease the work that we are doing, stop communicating through our usual channels, or reduce communication with someone with whom we are in conflict. In each case, we are hoping that the unwelcome attention will pass if we become inactive. The “'''flight response'''” is when a person quickly tries to get as far away from the danger as possible. We might move our operations to a safer location, abandon certain activities or modes of communication, or separate ourselves from people who might cause us harm. The “'''comply response'''” involves doing what an aggressor instructs in the hope that cooperation will result in the attack ending quickly and without injury. We might agree to suspend or abandon certain objectives or activities, or give up passwords to secure information. The “'''tend response'''” happens when people try to protect other, more vulnerable people who are being similarly victimized. Many HRD are motivated to help others because of our own experiences of oppression and exploitation. The “'''befriend response'''” involves trying to build some kind of relationship with the aggressor in the hope that this will limit the harm perpetrated against oneself or others. By telling physical aggressors about our families we might try to humanize ourselves in their eyes, a strategy that is sometimes useful in reducing violence. The “'''posture response'''” is an attempt to drive off the danger by pretending to have greater power than one actually does. As HRD we often threaten to expose threats of violence broadly so as to publicly embarrass our adversaries. The “'''fight response'''” is when a person attacks with the intent of driving off or destroying the aggressor. Of course there are many ways to fight and we all make our own ethical choices about this. == Deepening: Stress Table (30 minutes) == This is a useful tool which can help us to identify the effect that stress has on our bodies and minds individually and engage our own tactics and resources for managing it. '''Step 1.''' Ask participants to take a sheet of A4 paper and divide it into 16 sections. On a flipchart, draw the following matrix: Symptoms Tactics Resources Green Yellow Red '''Step 2''' Input: We can arbitrarily enough identify three (or more) 'levels' of stress. ''Green:'' bearable, motivating stress. This kind of stress might keep us creative, but we may become tired more easily, need more breaks and know that we don't want to feel it for a long period of time. ''Yellow:'' unpleasant stress. With this level of stress we may feel tired and at the same time alert. We may manifest physical signs of stress. We will usually have a strong desire to change the situation which is causing this sensation. ''Red:'' unbearable, profound and lasting stress. This kind of stress affects different spheres of our lives including our relationships at work, with our friends and family, and also our intimate relationships. Our bodies show clear physical reactions, and we may feel close to collapse, and resort to unhealthy measures to stay alert, such as stimulants. '''Step 3.''' Ask participants to consider for each level – however they define it for themselves – what are the symptoms each one causes in them. If you're comfortable, share an example from your own life. Then, ask participants to fill in what tactics they have for easing these symptoms or the cause of the stress, and what resources are necessary for this. == Synthesis (10 minutes) == Security is not just an abstract concept: our bodies have evolved ways of keeping us safe However this system is impacted by stress, tiredness and trauma. We must better manage this in order to better manage our security. + |
| Threat analysis - Information Mapping II + | Methodology == Activity/Discussion: Romeo and Juliet (10 minutes) == '''Step 1.''' Get participants to sit around in a 'U' shape facing the flipchart. Designate a “Romeo” and a “Juliet” at both extremities of the group of participants (can also be “Romeo and Romeo”, “Juliet and Julia”, or any other combination). '''Step 2.''' Explain that we will explore how the internet works, as an example of how data is transferred digitally, the threats to its integrity, and the potential ways of protecting it. Participants will map out a 'political' version of how the internet works, while the facilitator can map out the 'technical' version. '''Step 3.''' Instruct 'Romeo' to write a message to 'Juliet'. Romeo and Juliet will communicate, and since there is no internet, they depend on us to help them. == Input: How the Internet Works (45 minutes) == '''Steps & Input'''. Information, such as an e-mail, passes through at least the following points as it is transferred electronically over the internet. Once Romeo/Juliet have written their first message, have them pass it around the 'U' until it reaches the other. For each, ask them what they can read of the message and give them a sheet indicating their role. 1. '''Computer''' of the sender of the message (i.e. Romeo) 2. The '''router''' in the building or area where Romeo connects to the internet 3. The '''Internet Service Provider''', who owns the router. The ISP is usually a large company which must comply with the laws of the country. 4. The '''National Gateways''': part of the telecommunication infrastructure of the country, where the optic cables enter the territory of the country. It is often controlled by the State, or may be operated by a private company. The data may pass through several countries, ISPs and Gateways as it travels to the servers of the online service. 5. Eventually the email will arrive at the Gateway, and the '''ISP of the email provider''' (e.g. Yahoo!, in the United States) 6. It arrives at the '''servers of Yahoo'''! 7. When Juliet checks her email, the mail will pass through a combination of the above again before arriving at her ISP, her router and her computer. While in real life we send postcards referring to real physical addresses, devices also have addresses to send data around the internet: these are called '''IP addresses'''. IP addresses usually refer to concrete physical addresses too. Demonstrate: http://whatismyipaddress.com ''HTTP Traffic: A Postcard'' The first round of passing messages between Romeo and Juliet, they pass a message with content (a message) and an address, just like a postcard. And, like a postcard, this can be read at every point along the way. This kind of traffic is called HTTP Traffic. ''HTTPS Traffic: An Envelope'' '''Step 1.''' Ask participants – what is the first step that should be taken to protect the postcard? They should respond with the idea of putting it into an envelope – so provide an envelope to the person in the role of Yahoo! '''Step 2 Input.''' The difference with the internet is that the envelope is provided by the online service provider (the website). Romeo or Juliet must **ask for the envelope** and then write another message, inside the envelope, with an address on it. In this case, only Yahoo can read the message, since they provided the envelope. They can also copy and share this content. '''Step 3 Input.'''Everyone else can only read the address and the names of the sender and recipient. That is, the metadata. Metadata is still important and widely used for surveillance. We must not think about the sensitivity of our content in isolation, as metadata is often 'enough' for many State surveillance programs. ''Encrypted Traffic: A lockbox'' '''Step 1.''' Imagine that one day a magical 'gnome' (the facilitator) appears to Juliet and says to her: Juliet! Do you want Romeo to send you a note so that no one along the way can tell what it is? Then you should give him this, your very own open lockbox. This is a magical lockbox. '''Step 2''' Hand 'Juliet' the open box. Your lockbox is magical because: You have as many of the same lockbox as you want. You can give it to whomever you want to have send you confidential messages. Once they put their message in your lockbox and send it to you, another lockbox is magically there for them to use. Once they close and lock your lockbox, only its PRIVATE key can open it. '''Step 3''' Hand 'Juliet' the key. This is your Private key. ONLY YOU have this key. It is yours, and it is private. Keep your private key very safe. DON'T lose or share your private key. It will always open this lockbox and all of its copies. If you lose this private key, you will NOT be able to open the lockboxes associated with it. NEVER. (Optional) The private key will imprint itself on you the first time, with your kiss. Thereafter it will only work after you kiss it to tell it that it is you who are using it and no one else (metaphor for self-authentication via password). From this point on, the key will only work with your kiss. '''Step 4''' Concept checking. Ask participants: What does Romeo need in order to send Juliet a message? (her lockbox) Can Juliet send him a private message back? (Not yet). In order for both sides to be able to communicate privately, they both need a lock box and they both need a key. So, the gnome repeats the process above with Romeo. Repeat the process above with Romeo. '''Step 5''' Romeo and Juliet now have everything they need in order to communicate securely. All they need to do is exchange lockboxes! How can they do this? In person / Through the postal system like before. Have Romeo and Juliet exchange lockboxes and have Juliet send Romeo a message in his lockbox. '''Step 6 Input''' This process is how a kind of email encryption known as GPG works. Each of us has a public 'lockbox' which we share with everyone, and a private key which is password-protected which we maintain for ourselves and share with nobody. In order to communicate securely, we exchange our public lockboxes. After that, we can use them in certain computer programs to encrypt and send messages. However when a 'lockbox' (encrypted message) goes through the postal system, it's clear what it is, at least to Yahoo! Therefore it could be suspicious and draw attention to yourself. ''Circumvention and Anonymity'' We can circumvent the system of IP addresses which facilitates censorship and online tracking through using softwares such as a VPN or TOR. A VPN is less effective at anonymizing, although it is not suspicious. TOR is more effective at anonymizing, but also more suspicious. == Deepening: Written Information Map – Information in Motion (30 minutes) == Summarise the threats to sensitive information in motion, potential tactics and their advantages and pitfalls after the exercise. You may want to create a table such as the below: HTTP / HTTPS / End-to-end Encryption / TOR Content protected from ISP (and whomever No / Yes / Yes / Yes they share it with) Content protected from website/service owners No / No / Yes / No (and whomever they share it with) Metadata protected No / No / No / Yes Introduce the information map for information in motion, explaining each of its parts. Participants fill out the map for information in motion (see handout) for 15 minutes and share reflections. == Synthesis: Return to Actor Map == Participants return to their Actor Maps and add any important new actors according to the map of how the internet works. Suspicious Depends on content / No / Potentially / Potentially + |
| Threat analysis - Introducing context & risk analysis + | Methodology == Format: Interactive Discussion & Input == '''Step 1.''' Ask participants: imagine you are preparing to go to a public protest. What are THREE security measures you take. Allow it to be a popcorn exercise but prompt: what devices do we bring or not bring with us? Write the three suggestions at the bottom-right of a sheet of flip-chart paper or butcher block. At the bottom-right, in a different colour, write: STRATEGIES, TOOLS, TACTICS '''''Input:''''' So we are beginning from the end. Each of us already has strategies, tools and tactics which keep us safer at a protest. What we will now do is explore how and why we came to these conclusions. '''Step 2.''' Going one by one through the suggestions, ask participants for each: Why would you do this: what are you protecting yourself against? Participants will respond with a number of suggestions, e.g. taking a gas-mask in case of a tear-gas attack; not bringing a mobile telephone in case of devices being confiscated during arrest. Write at least one of these threats related to each of the strategies on the left side of the flip-chart. On the right, write: THREAT IDENTIFICATION/ANALYSIS '''''Input:''''' We have taken these decisions because we have identified threats: potentially harmful events during the protest. '''Step 3:''' Ask participants: Why do we feel like these are things that could happen to us during a protest? Participants will respond with answers such as: it's happened before, we've read about it, other people have told us, or you see the police approaching with tear gas projectiles. On the left of the flipchart, write the sources of this information that participants give On the right, write: SECURITY INDICATORS. '''''Input''':'' We've observed our surroundings and examined a number of sources of information – friends, colleges, the media – in order to establish that these are the most likely things to happen to us. That is: we have shared and analyzed security indicators. '''Step 4:''' Ask participants: Who is behind these potential threats? Who would carry them out? Write responses on the left of the sheet. Focus on any of the tactics they have which relate to devices: Why did you take this decision, what are you trying to protect, or what might be at risk here? Participants may respond with information held on their devices. Write this on the left of the sheet as well. On the right (above) write: ACTOR MAPPING and (below) INFORMATION MAPPING. '''''Input:''''' We are aware in most situations that are dangerous such as this, there are some actors who are our OPPONENTS and others who are our ALLIES (ask for examples of this). That is, we've carried out ACTOR MAPPING. Furthermore, among our allies and adversaries, there is always a battle for information, such as through surveillance or access to our digital devices. We have less instinct for this, but it's vital that we carry out some INFORMATION MAPPING to remain in control of this, to the extent possible. '''Step 5:''' Ask participants: So, why are we at a protest in the first place, what's our objective? Answers might include 'justice', 'demanding rights', etc. Write their answers on the left. On the right, write: 'VISION' and 'ACTIONS' '''''Input:''''' As human rights defenders, we have a vision of the positive change we want to see in our society, and we decide on some actions in order to try to achieve that vision. '''Step 6:''' Ask participants: How did we establish that there was a problem to address in the first place? How do we monitor our progress and changes? Write participant answers on the left. On the right, write 'SITUATIONAL ANALYSIS'. '''''Input:''''' We're constantly analyzing our surroundings, beginning with our personal experiences but also through secondary and tertiary sources of information such as friends, colleagues, and the media. This is Situational Analysis and informs our strategies for action in defense of human rights. == Synthesis (5-10 minutes) == '''Step 7:''' Refer to the complete list of steps and answers. These are the basic steps of context analysis – we carry them out all the time. As human rights defenders, it can be useful to simply be more organized and systematic about it given that we often face threats as a result of our work. '''''Input'':''' Each of these steps can be an exercise which we should carry out regularly in order to update our security strategies, plans and tactics according to the changing context in which we're operating. This looks like a scientific, rational process: however, it's not. One of the biggest challenges we face is related to our perception: if we are stressed or very tired, we may find this very difficult to do. We need strategies both for managing this stress and tiredness, as well as checking our perception with trusted colleagues or partners. We may discover we have unfounded fears (paranoia) or unrecognized threats (verifiable threats that we didn't perceive before. Write 'PERCEPTION' vertically alongside the steps of context & risk analysis. '''Step 8.''' Allow space for questions and if you will continue with the next steps, give a summary of what is to follow.''' + |
| Threat analysis - Security planning + | Methodology == Input/Activity: Basic security plan (50 minutes) == '''Step 1 Input.''' Now that we have analysed the threats we face in our work, we will make a simple security plan to correspond to one of our activities (ideally, the one we used as a basis for the threat analysis exercise), and present it to another participant. The objective of our activity and the threats associated with it are the basic starting point for planning. For each threat identified, it's useful to consider two corresponding things: 1. Our existing security practices and capacities: the well-being, attitudes, knowledge, skills and resources to which we have access which help to keep us safer from a particular threat. 2. The gaps in our existing practices, and our vulnerabilities: the well-being, attitudes, knowledge, skills and resources (or lack thereof) which make us more susceptible to a threat. '''Step 2 Input.''' Security plans can be written or unwritten – it depends largely on the culture of the group or organisation. However, it's good to keep in mind that each plan should include as a minimum the following: the objective of the activity; the threats identified; prevention actions and resources; response/Emergency actions and resources; including: WHEN is it an emergency?; Communication and devices; well-being and self-care. Using this as a guide, create a security plan for one activity you carry out in your work. Use the threats you identified as the basis for the tactics and tools you will use It doesn't all have to be new: Include your already existing strategies and capacities. '''Step 3.''' Give participants 20 minutes to draft a plan, and then 15 minutes to present their plan to a fellow participant. Discussion: Pose the following questions to the group: How do you know the tactics you are using are the right ones? Where does the plan fall short? What are the things you can not yet protect yourself against? Are there any new skills, tools, or tactics you will need to learn in order to implement this plan? == Input / Discussion: Security Strategies (20 minutes) == We've practiced making a plan for a single human rights activity. But it's a good idea to have an overall strategy rather than to just plan for single events. If we have a strategy, then we can use it as a basis for drawing up plans as our work demands them, and according to our own rhythm and style of working. Introduce the ideas of acceptance, deterrence and protection strategies as ways of opening the socio-political space for your work: '''acceptance:''' building support for our human rights work among the actors around us, including our 'opponents'. What are examples of ways you already build acceptance of your work? '''deterrence:''' raising the political cost of attacks against us, so that our opponents decide not to carry them out. What are examples of ways you already deter attacks against you? '''and protection or self-defence.''': building our own strengths so that our opponents can't attack us so easily. What are ways you already act to protect yourself? == Deepening: New Skills, Tactics and Resources Required (20 minutes) == Draw a matrix like the one below on a flipchart, whiteboard etc and have participants reproduce it. Threats New Capacities Resources needed Participants consider the threats they have identified, the new capacities they need to build, and in this respect, the resources they need in order to build them (15 minutes). == Synthesis == Making security plans and agreements of some kind helps us to have at least some peace of mind when it comes to preparing for our activities. Our plans should be living documents and correspond to our changing contexts. The tools and tactics we use should correspond to our threats. We constantly need to learn new tools and tactics as our context changes. This demands time and resources and, if possible, should be built into our strategic planning. + |
| Threat analysis - Situational analysis + | Methodology == Activity: PEST Analysis (15 minutes) == Before starting on a large area of wall, ideally with some butcher-block, map out the 12 months of the last year. '''Step 1.''' Give participants pieces of paper and get them to plot the most important events of the last 12 months. Ask participants to consider: political developments, economic developments, social developments, technological developments. Optionally, you may want to include environmental developments and legal developments. '''Step 2.''' If you wish to add a layer of complexity, you may wish to allow participants to distinguish between: International developments, National developments, Regional/local developments. == Discussion (10 minutes) == Considering the map of developments created by participants, pose questions such as: What are the current trends people can observe in the past year in the different categories (political, economic, social, technological, etc)?. What are its implications for your work? Are there any categories about which we know less? Why? What are our sources of information for this? How trustworthy are they? What new sources of information do we need? Are there any events here which could have an impact on our security? == Input (15 minutes) == We often carry out situational analysis in our day to day lives and make decisions for our security or well-being based on this. It helps to be a little more organized about it as HRDs, so that we can stay as aware as possible about the changing situation around us, our allies and adversaries and what this could mean for our security. However, our ability to do this also depends to some extent on the availability of sources of information and their trustworthiness. It may be difficult to find sources of information about certain topics, or we may not have the habit. Therefore it's a good idea to think critically about our sources and actively seek new ones. We may want to consider: - Talking to trusted friends and colleagues; - Meetings with authorities, experts, diplomats and academics; - Online tools such as Google Alerts; - Regularly reading and analyzing the local and international media; == Deepening: Identifying and mapping trends (45 minutes) == '''Step 1'''. Assuming that participants are from the same organization or country, divide them into four groups (Political, Economic, Social, Technological). Each group is given a flipchart and markers. One person from each group should stay, while the others will rotate. '''Step 2.''' Participants are asked to: Identify at least THREE developments in the last year which may have a (positive or negative) impact on their security and explain why. '''Step 3.''' Give participants 15 minutes to get started, and then rotate the groups 3 times, each for 10 minutes. Participants can use the internet to search for information about anything they're not aware of. '''Step 4.''' Make a gallery of the flip-charts. Ask some questions including: Did anyone discover new sources of information while carrying out the exercise? If participants are a mixed group, each participant can do this exercise individually and compare notes afterwards with another participant. == Synthesis == * Regular analysis of our environment will help us to identify opportunities and threats relative to our work and our security and well-being. * Our analysis depends on the trustworthiness of our sources, so it helps to think critically about them. + |
| Threat analysis - Vision and Actor Mapping + | Methodology == Activity & Discussion: Vision mapping (25 minutes) == Within the socio-political context in which we are working, as human rights defenders we have identified issues we see as unjust and want to try to alleviate. It is useful to assert the change we want to see in our society in order to think critically about how we go about achieving this change. ''Process for groups from the same organization:'' '''Step 1.''' On an area of wall space if possible, using butcher block paper, get participants to write the name of the organization on a piece of colored paper or sticky note and place it in the middle of the paper. Draw an arrow from this paper to the right-hand side of the paper and here, ask participants to brainstorm the goals they want to see achieved in their society, write them on stickies and place them at the end of the arrow, representing the organization's objectives. '''Step 2.''' Ask participants what activities they carry out in order to achieve these goals. For each answer, write it underneath the name of the group or organization in the centre. '''Step 3.''' Give the group sticky-notes or papers of one color (e.g. green) and here, possibly in groups according to their role in the organization, brainstorm the other actors in society which are SUPPORTIVE of the work of the organization, or share these goals. Allow them to brainstorm these (10 minutes) and place them on the left-hand side of the sheet. ''Process for groups from different organizations'' '''Step 1:''' Give each participant a sheet of flipchart paper and ask them to write their own name or that of their organization in the centre, with an arrow going to one side representing their objectives. Here, they write the changes they wish to see in their society. '''Step 2:''' Underneath their name or that of their organization in the centre, they note the activities or projects they carry out in order to achieve these goals. On the left-hand side of their flipchart, they identify their allies (as above). == Input (20 minutes) == The next step in the exercise will be to carry out actor mapping, including our allies, our adversaries and the neutral parties ambivalent to our work. From an analytical perspective the mapping helps us: identify our allies and build security networks (we can return to our allies when it comes to building strategies and plans); identify our adversaries, their resources and the ways they may try to stop our work; identify opportunities for building acceptance of our work among neutral elements in society so that they become our allies; The mapping exercise also helps us understand the perceptions each of us may have and to verify our assumptions. Furthermore, through the process of the mapping, we are able to elaborate on the dynamics that connect the various actors, and how the dynamics affects our security (positively or negatively) == Deepening: Mapping Allies, Adversaries and Neutral Parties (30 minutes) == '''Step 1.''' Using two different colors of paper or sticky note, participants brainstorm and add neutral parties (centre) and adversaries (right, between the organization and its goals) to the map. Ask participants to also consider whether adversaries are: intellectual authors of attacks against HRDs or journalists, as opposed to material authors of attacks. Introduce the legend (attached) and give an example for each type of relationship. Give participants 10-15 minutes to map out the relationships between the adversaries, neutral parties and allies identified according to the legend. '''Step 2:''' Questions for discussion with the group: Do they have any activities which provoke a particularly strong reaction from adversaries? Should they consider these activities priorities for making security plans? What are the interests of adversaries? Why are they opposed to our work? Which adversaries do they consider to be the most dangerous? Why? What threats do they pose to HRDs/journalists? How can our allies help to protect us from our adversaries? What resources can they offer us? (can include material resources, but also inspiration, hope, friendship, solidarity). What opportunities are there here to foster acceptance of our work among neutral parties or adversaries? What opportunities are there here to deter attacks against us through our relationship with powerful allies? == Synthesis == * Understanding the actors around us helps us to make strategies which will open a space for us to continue to work, through protecting ourselves and building networks with our allies, or raising the cost of attacks against us for adversaries. * A key element we must now look towards, however, is information: information about ourselves and our work is a valuable asset to our adversaries, and much of it now lives in digital devices, so we must consider how it is stored and moves between us, and which new actors we must add to our map. + |
| Training: Training Skills I + | Ask participants to get into pairs, and brainstorm answers to the following questions: * Why do you want to be a trainer * What are the qualities of a good trainer? * Which of these qualities do you think you have? It might be helpful to give the participants post it notes to write their answers down on – especially the different qualities, and to cluster them at the end of the partner work. After 15-20 minutes in pairs, bring the group back to plenary, and ask them to report back on what they discussed, by going through the three questions again. Think about the following question in the big group, and bring these up for a group discussion: Does it take a certain type of personality to be a good trainer? As a wrap up, try to lead the participants to the understanding that with patience and self awareness, anyone can be a good trainer – people need to be committed to learning and improving their training styles throughout the process, though. + |
| Training: Training design I + | Distribute big sheets of paper to participants. Ask them to draw a typical participant who might attend one of their trainings – if it helps, encourage them to remember past, real participants, and base this upon them. Ask them to label the following areas of the body with the following topics: On the ground: (ie. Getting context) * where are they coming from? * what are the problems weighing them down? * chest area: fears, values, what's important to them? * right hand: what skills are they bringing? * left hand: what skills do they need? * head: (left of head) what do they need to know? (inside the head) what do they want to know? (right of head) what do they know? Once participants have drawn their 'typical participant', get them together in smaller groups of 3-4 people, and talk through the differences in their typical participants and how this might affect the structure and style of their workshop. (note: try to avoid 'content' for now). After 15-20 minutes, bring the group back to plenary, and ask people to think through and discuss how they knew this information about participants, and how easy it is to get this understanding in time to help really design the workshop, when meeting a new group of workshop attendees. Try and come up with a list of points of how to get this information, and how different data points about the attendees would inform various workshop style and strategy decisions. + |
| Training: Training design II + | Put the participants into groups, and give each group a different time frame, ranging from 1 day to 5 days. Give the group the participant profile, and ask each group to design a security and privacy training for this person. In addition to the specific training schedule, ask each group to keep a note of any challenges that they come across. After 30-40 minutes in small groups, bring the participants back to plenary, and ask them to share any major challenges that they faced. Get one person from each small group to talk the rest of the group through the training schedule that they came up with – try and keep these report backs reasonably short. + |
| Training: Training design III + | Split participants into groups, and give each of the groups a topic to work on, such as 'password management', 'holistic security', file management, etc. Then, go through the following steps with them: * Activity * Discussion * Input * Deepening * Synthesis Explain where this structure comes from, and how it differs from traditional pedagogical approaches. Ask each small group to tackle the topic given to them using this approach – give them each a large piece of paper with the ADIDS cycle written on it, and ask them to come up with topic specific activities/sessions along each step of the cycle. Their aim should be thinking about how they would approach the topic in question in the ADIDS training structure. After 30 minutes in small groups, ask them to come back to plenary, and one person from each group should report back to the bigger group on what they came up with. If there are any new activities or ideas on how to tackle the topic in question, it might be useful for the facilitator to make note of them. + |
| Training: Training design IV + | Ask participants to get into the same groups as for the Training Skills II session, with the same situational specifications (day length and participant profile). Explain that this is an exercise on prioritisation – given financial constraints, how would we decide to spend our funds? Give each group the same amount of (limited) funds for them to decide to spend on either: * another international trainer * a translator * boosted internet service * one more day of training * comfort material, like snacks * comfortable accommodation Groups have 15 minutes to decide how they will use their money, then come back into plenary and ask one person from each group to explain their decision. Encourage the group to debate these decisions. + |