Difference between revisions of "Step 0"

From Gender and Tech Resources

(Anonymising your connections)
(moved and cut part on secure mail)
Line 49: Line 49:
  
  
=== Securing your connections ===
+
=== Securing your connections and communication ===
  
 
Once we've mapped our data, the next step is making sure it's secure. Especially where your data is stored online, good passwords are crucial.  
 
Once we've mapped our data, the next step is making sure it's secure. Especially where your data is stored online, good passwords are crucial.  
Line 72: Line 72:
  
 
Likewise, when we create an account with an online service (e.g. our mailbox or a chat network) that we will access through a specific client or app, we should check the features of the service to make sure that it offers a secure connection and configure our clients accordingly by activating the '''TLS/SSL''' option.
 
Likewise, when we create an account with an online service (e.g. our mailbox or a chat network) that we will access through a specific client or app, we should check the features of the service to make sure that it offers a secure connection and configure our clients accordingly by activating the '''TLS/SSL''' option.
 +
 +
==== Using a secure mail server ====
 +
 +
Also the choice of the mail server we use for our contact mail address is important. While there are several secure servers that offer a good service – e.g. the Swiss commercial service [https://kolabnow.com Kolab Now] and the autonomous servers [http://riseup.net Riseup] (a site used by activists with a clear set of political principles) and [https://www.autistici.org Autistici/Inventati] – the main point is to find a service that offers a secure connection (HTTPS instead of HTTP) and that is compatible with our needs.
  
 
=== Anonymising your connections ===
 
=== Anonymising your connections ===
Line 112: Line 116:
 
For more information on Tor and instructions for Windows users, see Security in a box's [https://securityinabox.org/en/guide/anonymity-and-circumvention howto].  
 
For more information on Tor and instructions for Windows users, see Security in a box's [https://securityinabox.org/en/guide/anonymity-and-circumvention howto].  
 
For instructions for Mac OSX users, visit this [https://ssd.eff.org/en/module/how-use-tor-mac-os-x howto] by the EFF.  
 
For instructions for Mac OSX users, visit this [https://ssd.eff.org/en/module/how-use-tor-mac-os-x howto] by the EFF.  
 
[SECTION ON EMAIL HOSTING - NOT SURE HOW THIS FITS IN HERE]
 
Also the choice of the mail server we use for our contact mail address is important. While there are several secure servers that offer a good service – e.g. the Swiss commercial service [https://kolabnow.com Kolab Now] and the autonomous servers [http://riseup.net Riseup] (a site used by activists with a clear set of political principles) and [https://www.autistici.org Autistici/Inventati] – the main point is to find a service that offers a secure connection (HTTPS instead of HTTP) and that is compatible with our virtual persona. If, for instance, we are creating a fake identity that doesn’t know much about digital security, it may be better to use a more widespread service like Gmail, and the possibility of two-factor authentication is always a plus. If the mail address we are creating is connected to our work and hosted by our firm’s mail server with its own domain, it is a good idea not to include our surname in the address and to keep just the name followed by the domain (e.g. jane@businessname.com). Of course, if a mail address is required when registering a new mail account, we shouldn’t give our usual address and it is much better to use a disposable account for this purpose.
 
  
 
=== Devices and Well being ===
 
=== Devices and Well being ===

Revision as of 17:37, 27 May 2015

recommendations for the printed version: http://etherpad.calafou/p/securitydisclaimer

Before you start: mapping your data and devices; securing your data; anonymising your connections

This section provides you with notions, methodologies and tools to take care of your data and devices and have those taking care of you. Data and devices management requires to reflect on their hosting and leaving qualities and in how we can configure those to not mess around with our well-being. This section It also explains how to engage into more secure communication practices when you get connected. All the following tips and tricks are pre-requisites to better understand how to manage identity on-line and creating safe spaces. EDIT

This section will cover the starting points: what data do you produce and store? Where? How do you make sure your data is secure? And when you're connecting to the internet, how do you anonymise your connections?

It's also important to think about you relationship with your technology - how can we base this relationship in self care?

Mapping your data

Before becoming a zen user and developer of technologies, and adopting better privacy and digital security practices, it's important to first know what you want to protect. One way of doing this is to map (using a table, map, drawing, etc) your production and management of data.

  • What kind of data do you produce and or manage? With whom?

To begin mapping your data, first make a list of the data you create yourself. This can include personal and work-related documents, emails, images, videos, designs, tweets, blog posts, and so on. Then make a list of the data you manage or store, which is produced by others. This can encompass information given to you by your colleagues, friends, relatives to files you download from websites, repositories, p2p networks, etc. Finally, identify which type of data you share with others, for instance if you share a social media profile or email account with a family member, partner, or colleagues.

Where is this data stored?

  • Which devices hold your data?

-This can include your computer, external drives, and phone.

  • Which online platforms host your data?

- This can include emails, social media accounts, etc. Also bear in mind that some applications enable syncing of data between your different devices, or between your devices and online platforms, and it's important to know where and when this is happening.

  • How do you organise your data?

- Do you keep your personal/professional/activist data separate?

  • How sensitive is your data?

- For each type of data you have listed in your data map, what would happen if this particular data suddenly disappeared? For instance, if your email account is closed down, if your computer or external hard drive is stolen or breaks down, if you accidentally erase a folder, etc?. - What would happen if this data were seen and copied by a third party?

Do the same mapping exercise for the data you hold on others.

Once you've answered thesE questions, you'll be better able to make decisions about which data you want to regularly back up, and where these backups will be stored. You will also be better able to decide what to do with your data when traveling - What type of data do you need with you? What is too sensitive? What can you easily access online?

How do you build trust in relation to your data and how you store it? ???

When doing so, ask yourself who has access to this device or media platform (your family, colleagues, friends, or servers administrators and you do not know ????

  • Syncing (online/offline – apps permissions)

????


Securing your connections and communication

Once we've mapped our data, the next step is making sure it's secure. Especially where your data is stored online, good passwords are crucial.

Creating and using strong passwords

Managing passwords is also a crucial part of maintaining our information online. Using the same password over and over again is risky, as are passwords that connect us to our identit(ies). Since a password is only as secure as the least secure service where it has been used, it is good practice to maintain separate passwords for each of our accounts. For more information on the importance of strong passwords and how to store them, read Security in a Box's chapter on passwords.

  • Using a password manager

To keep multiple secure passwords, you can use a password manager. *KeePassX* is a cross-platform free and open-source password manager that is easy to use and creates files with passwords that can also be exported and used in other devices. It can generate random passwords and store them securely. To learn how to use KeePassX, read this how-to. To learn how to use KeePassDroid, the correspondent tool for Android, read this how-to.

  • Creating strong passphrases using the diceware technique *

Some passwords — like the one we use to decrypt our KeePassX file or lock our devices —need to be easy to remember and strong at the same time. A good solution is to create passphrases that are formed by a random group of words that don’t make any sense together, separated by spaces. One way to do this is to use the Diceware techique (this requires six-sided dice and the Diceware word list [PDF].

By rolling the dice five times, we will come up with a five-digit number that corresponds to a word on the Diceware word list; this word is the first word of our passphrase. If we repeat this at least six times, we can create a strong passphrase formed by six words that together make a strong, random passphrase. It can be memorized just as we did when we had to learn poems by heart at school and will be so long that it would take an average of 3500 years to crack it with brute force at a speed of one trillion guesses per second. To learn more about the Diceware technique, read this article published by Micah Lee in The Intercept. To learn more about two-factor authentication and security questions, read EFF's "Creating Strong Passwords".

Using a secure connection

Another very important measure we should take when going online, especially if we are transmitting personal data and passwords, is to always use a secure SSL connection, which ensures that our data cannot be seen by anyone as they travel from our computer to the website we are visiting or to the service we are using. To do so, when we access a website we should type HTTPS instead of HTTP befor the url of the website we want to visitin. If we receive an error or the HTTPS is replaced by HTTP again, this means that the website is not offering a secure connection. To make sure that we always connect securely to websites when this option is offered, we can install HTTPS Everywhere, a Firefox, Chrome, and Opera extension developed by the Electronic Frontier Foundation that encrypts our communications with many major websites.

Likewise, when we create an account with an online service (e.g. our mailbox or a chat network) that we will access through a specific client or app, we should check the features of the service to make sure that it offers a secure connection and configure our clients accordingly by activating the TLS/SSL option.

Using a secure mail server

Also the choice of the mail server we use for our contact mail address is important. While there are several secure servers that offer a good service – e.g. the Swiss commercial service Kolab Now and the autonomous servers Riseup (a site used by activists with a clear set of political principles) and Autistici/Inventati – the main point is to find a service that offers a secure connection (HTTPS instead of HTTP) and that is compatible with our needs.

Anonymising your connections

When browsing the internet through a normal internet connection, there are several ways in which we give away data about ourselves - our IP address (the number that identifies our connection), for example, or which websites we are visiting. There are also several ways to intercept our communications, especially if we are connecting via a free Wi-Fi spot.

Virtual Private Networks (VPN: accessing the web through an encrypted tunnel To add a layer of protection, we can access the internet through a virtual private network (VPN) - an encrypted tunnel that hides all services, protocols, and contents. Using a VPN is not difficult: it basically requires downloading a compressed file, extracting it and changing our computer’s connection settings, but it is important to choose a secure one – better if located abroad – because a compromised VPN server could be accessed by an intermediary who could then analyse all our activities. Autonomous servers Riseup and Autistici/Inventati both offer a reliable VPN.

But we should consider that from a technical standpoint VPNs have some limitations: An insecure connection is still insecure: Although a VPN will anonymise our location and protect us from surveillance from our ISP, once our data is securely routed through the VPN server, it will go out on the internet as it normally would. This means we should still use TLS/SSL when available (ie. (HTTPS to browse websites, pop-ssl/imaps/smtp-tls for mail exchange, and so on).

VPNs are not a panacea: although they accomplish a lot, they can’t fix everything. For example, they cannot increase our security if our computer is already compromised with viruses or spyware. If we give personal information to a website, there is little that a VPN can do to maintain our anonymity with that website or its partners. For more information, see Riseup’s webpage on VPN anonymity.

The connection might get slower: the VPN routes all our traffic through an encrypted connection to the server before it goes out onto the normal internet. This extra step can slow things down. For more information on VPNs, visit this page.


Hiding your IP address using the Tor network A key step to being anonymous online is to hide your IP address. On way to do this is to use a tool called Tor, an anonymity network that conceals both the location of our connection and what we do on the internet. By consistently using Tor, no one can link our IP (and therefore our alternative identity) to us, not even the mail server we use. For further information on how to use Tor, see the project's website.

The Tor Browser is a software tool designed to increase the privacy and security of our Internet activities and habits. It masks our identity and our online browsing from many forms of internet surveillance.

From the Tor Project: "The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked."

The Tor Browser Bundle consists of the Tor software and a modified version of the Firefox web browser, which is designed to provide extra protection while using it. To stop scripts from running without us knowing and to force secure SSL connections whenever available, the browser bundle also includes NoScript and HTTPS-Everywhere add-ons.

Tor protects our anonymity by routing communications through a distributed network of servers run by volunteers all over the world. Using Tor hides the sites we visit from potential onlookers, and hides our location/identity from those sites. The software is designed also to make sure servers in the Tor network don't know both our location and the sites we are visiting.

Tor also takes steps to encrypt the communication to and through its network, but this measure cannot extend all the way to a website which is sending or receiving content over non-encrypted channels (i.e. not providing HTTPS access). Nevertheless, the advantage of using Tor when accessing such sites is that Tor can secure our communication up to the step between the last of the Tor servers and the non-secure site. This confines the chance to intercept the content to that last step.

As with VPNs, there is a trade-off between anonymity and speed. Because Tor facilitates anonymous browsing by bouncing our traffic through volunteers’ computers and servers in various parts of the world, it will definitely be slower than using other web browsers on our computer.

What we should remember when using the Tor Browser is that it makes us anonymous, but not private. Although our web requests are anonymous, if we are posting on Facebook or sending an email through Gmail, that activity is still identifiable as “us”.

  • NOT SURE WHAT TO DO ABOUT THIS SECTION - DOESN'T FIT HERE*

If we want to browse the web anonymously with more than one identity, we can do so by creating each time a new identity for our browser, so that a new set of random Tor proxy servers is selected and we appear to come from a new location to the web servers. To do this, we just need to click the onion icon in the upper left of our browser and to select “New identity” from the menu. The Tor Browser will briefly close, clearing our browsing history and cookies and then restart. After that, we can safely browse the internet with a different identity.

For more information on Tor and instructions for Windows users, see Security in a box's howto. For instructions for Mac OSX users, visit this howto by the EFF.

Devices and Well being

A LOT OF THIS CAN BE CONDENSED AND DELETED. REFERENCE THE LEVEL-UP RESOURCES!

While working on computer, smart phones and other devices, we tend to forget our body. Our body freezes. Fingers, eyes and ears follow the rhythm of our clicks, scrolls and swipes. In almost motionless, staring at the screen, the user forgets the possibilities of movement, pause or improving posture and even is imposing on the body pains and discomforts. While some senses get paralyzed, our brain becomes intertwined with the machine: processing a lot of data and information, multi-tasking and executing creative, administrative challenges while managing our engagements and multiple identities... our neurological activity increases. There is a risk in becoming inseparable of our hardware technologies. Actually we can do almost everything with a machine: communicate, getting ourselves organized, informed, be entertained, play, have sex, ... To have a healthy relationship with our machines is hence a key for our well being. “Around 2000, I made a video installation “Does Technology ever end or does it restart automatically?” it was the moment when there was fear that the machines' clock would crash on the number 2000 <Y2K problem, the Millennium bug>: display of dates and the automated ordering of dated records or real-time events would get twisted. The media media hysteria around the potential failure of our electronic and digital devices which were surrounding us, made me reset (reboot in another distro). In the ecstasy of integrating tech in my daily life, exploring avatars and audiovisual creation, design to communicate political struggles, my hand was hurting, and I couldn't click the mouse anymore. I had to change my daily routine, care about my body and cure myself. I couldn't hold my keys nor masturbate :), .. what was I going to do with my right hand.” SHOW THE PAIN open mouth and lips as wide as possible simultaneously raising your eyebrows as high as possible, hold while counting to 5 repeat a few times (A/ A,separation/séparation) (1) strategies of prevention SCHEDULE: Work out a regular pattern for your day, and stick to it. Your brain will relax a bit if it knows “what comes next”. Plan non-digital activities. PROCESS: If you get an idea or think of something you need to do, write it down. Your brain is actually a bad early implementation of Calendar reminders, Email Notifications and Associative Tagging. Brain reminders aren’t timed, so they will pop up at the most inconvenient moments. By writing it down you literally tell your brain that it’s ok to let go of the thought. WORKFLOW: Interrupt Driven Work is a hassle. You do some work from your todo, but mainly you keep getting interrupted by new email, IRC and instant messages and phonecalls. Ideally, turn off the immediate notification and just check your email/social media/IRC / … once or twice a day. PROCESS: If you get an idea or think of something you need to do, write it down. Your brain is actually a bad early implementation of Calendar reminders, Email Notifications and Associative Tagging. Brain reminders aren’t timed, so they will pop up at the most inconvenient moments. By writing it down you literally tell your brain that it’s ok to let go of the thought. CHARGING: Charge your devices in a place which is not easy reachable. Do some stretching while reaching them.Go a Bit Off the Grid and use alternative energies to charge your devices so we reinforce the relation between technology and nature. DAYLIGHT: You need about to get some decent daylight (20-40 minutes daily) to reset your body clock. Sitting in front of the window and sunlight can be limiting your screen view. Going outside can increase your healthy look... you will look better on the screen after! The quality of light also influences your sleeping/dreaming. SLEEPING: Let's not take our daemons and shells scripts into our state of dreaming. Not having your devices next to your bed works wonders for your sleep well and good morning rituals. FOOD & DRINK: Water can safe plants! And if you drank to much, don't forget to go to the toilet once in a while. (2) Exercises to disconnect Create performative events for a human understanding of technology. Probably besides of becoming an icon or a symbol of a visual interface, I guess you have to be minimum 2 people: 0 en 1 to make the process into a social momentum. # Let's go analogue – physical.  ?? _ make props for all the hardware components in the computer

 (from cardboard, scrap, .. take your time to make them) 

_ distribute props over the #actors, _ create a script to enact the process (scenario) exemple scripts: Screensavers, sleep mode, hibernate, standby or off. In this performative event the switching on and shutting down of a computer is (re)enacted through a collective body. What is happening with our hardware and software when we go to sleep or other modi of existence. Link: Home Is a Server In this performative event we install a webserver and understand about Wiki's and it's recepies on a virtual machine SSH? Doors to open, commands to learn to activate our space into a home while baking pancakes. Link: Crypto Dance ! In this performative event security is at stake in a dance which introduces basic crypto like in bob and eve do a lambada. (need still to be developed by Hacking with care) Strategies of care Chair Strike installation at the Academy of fine Arts Vienna, PC-Lab, in the framework of Strike, she said, by GirlsOnHorses (Auer, Egermann, Straganz, Wieger). By paying more attention to the body and ICT work experiences, 'WORKINGSTILLWORKING” developed a variety of micro-movements and creative habits, tactics, gestures and practices, consciously or unconsciously to break free from motionless postures, painful or stultifying. Together with HACKING WITH CARE, they published a zine: http://workingstill-stillworking.net/wp-content/uploads/2013/06/AttentionSomaticTheZine1.3.pdf, Attent!on som(t)a(c)tics: With the micro movements of our bodies when using our devices, we improvise and explore forms of embodied emancipation within a digital context. describe your (intimate, pleasant, difficult or binding…) relationships with computers and propose ways of subjugating those routines. http://hackingwithcare.in/wiki/doku.php/projects : Online Resources for psychological and physical well-being, health, self-care, caregiving, in general and in the specific contexts of activism and hacking. Material to explore and raise awareness on related political issues, among caregivers, hackers-who-care, and friends of a good fair world, with the purpose of inspiring alliances. Caring for one self can be a collective emancipatory process to produce a collective platform of liberating instructions, gestures, movement or poetry. SOMATIC EXPLORATIONS AND LIBERATING EXCERSISES RE-EMBODYING RELATIONS TO OUR DAILY TECHNOLGIES: TRICKS OF SELF AWARENESS(3)(4)(5) ???strategies of curing ??? We know adjustable chairs, but what about adjustable software to different cognitive capabilities. disable auto-login check cognitive capacity Using short cuts Organize a Hands massage workshop Switch between commandline and graphical Interface … lalala, do do, reeeeeeee: Technology accelerates to find solutions of interfacing to the human body Technology can be used to persuade people into a behaviour change. We can change our behaviour in relation with technology. State of inertia & Red Light Reflex Long hours hunched over your hardware can cause the muscles of the front of the body to contract while the body pulls inward. The Red Light reflex is a protective reflex found in all vertebrate animals and is a response to fear, anxiety, prolonged distress or negativity. Rounded shoulders, depressed chest and the head jutting forward can lead to chronic neck pain, jaw pain, hip pain, mid-back pain and shallow breathing. The inability to breathe deeply deprives your brain, blood and muscles of the oxygen they need to function properly. This in turn can cause fatigue, depression, anxiety, sleep problems and exacerbate allergies. Repetitive Strain Injury (RSI) http://www.workrave.org/ Workrave is a program that assists in the recovery and prevention of Repetitive Strain Injury (RSI). The program frequently alerts you to take micro-pauses, rest breaks and restricts you to your daily limit. (1) Annie Abrahams,separation/séparation http://collection.eliterature.org/2/works/abrahams_separation/separation/index.htm# (2) http://bluehackers.org/howto (3) http://workingstill-stillworking.net (4) Anne Goldenberg, Hacking with Care : Attention, bien-être et politique de l’ordinaire dans le milieu hacktiviste: http://dpi.studioxx.org/en/hacking-care-attention-bien-%C3%AAtre-et-politique-de-l%E2%80%99ordinaire-dans-le-milieu-hacktiviste (5) L'ERSE POSTURE https://www.youtube.com/watch?v=Va0ZLaZHQlU (6) http://networkcultures.org/blog/2007/04/23/linux-for-theatre-makers-embodiment-and-nix-modus-operandi/