Difference between revisions of "Step 0"

From Gender and Tech Resources

(Data and information production)
Line 2: Line 2:
  
 
== Handling data and devices ==
 
== Handling data and devices ==
 +
 +
_TOC_
 +
 +
This section provides you with notions, methodologies and tools to take care of your data and devices. It also explains how to engage into more secure communication practices when you get connected. The following tips and tricks are pre-requisites to better understand how to manage identity on-line and how to create safe spaces.
 +
 +
''What is the type of data we produce and manage? Does my data leave online - offline? How backed up it is? How can I define the level of sensibility of my data? How can I engage with others online using safer communication channels? Why does it mean to use privacy and anonymity tools?''
  
 
=== Data and information production ===
 
=== Data and information production ===
''What is the type of data we produce and manage? Does my data leave  online - offline? How backed up it is? How can I define the level of sensibility of my data''
 
  
Before becoming a zen user and developer of technologies, and adopting better privacy and digital security practices, you should first reflect and understand what do you want to protect (data, devices, other). To do so, you first need to map, assess and analyse your production of data and how this data relates to your documents and personal folders, your social media accounts and on-line identities and/or the physical devices you have at hand. One way of doing that is to map and visualise in the form that better suits you (a table, map, drawing) your production and management of data. You can guide your reflections by trying to answer the following questions:
+
Before becoming a zen user and developer of technologies, and adopting better privacy and digital security practices, you should first reflect and understand what do you want to protect (data, devices, other). To do so, you first need to map, assess and analyse your production of data and how this data relates to your documents and personal folders, your social media accounts and/or the physical devices you have at hand. One way of doing that is to map and visualise in the form that better suits you (a table, map, drawing) your production and management of data. You can guide your reflections by trying to answer the following questions:
  
 
* What kind of data do you produce and or manage? With whom?
 
* What kind of data do you produce and or manage? With whom?
  
Some of you data is created by yourself (documents, emails, images, videos, design etc) and other data you manage and interact with is created by others. Your relation with both type of data is different. For the data you create yourself, you can decide under which conditions they can be released, shared, made available for new uses by third actor parties. For the data you manage and that has been given or send to you by others, or downloaded from somewhere, you also need to understand under which conditions they can be shared and made available.  
+
Some of your data is created by yourself (documents, emails, images, videos, designs etc) and other data you manage and interact with is created by others. Your relation with both type of data is different. For the data you create yourself, you can decide under which conditions it can be released, shared, made available for new uses by third actor parties. For the data you manage and that has been given to you by others, or downloaded from somewhere, you also need to understand under which conditions they can be shared and made available.  
  
Draft a first list of the data you produce yourself. This can include the documents your produce for your work, activism, personal pleasure moments. It can also include the data you produce when writing emails, publishing tweets, drafting posts in your blog etc. Then you can draft a list of data you are managing but is produced by others, this can encompass from information given to you by your colleagues, friends, relatives etc. And finally, you can also list the type of data you are sharing with others, for instance if you share specific devices such as your mobile, external hard drive or computer with other persons, or if you are sharing social media profile or email accounts with other persons such as your family, partner, colleagues.  
+
You can draft a first list of the data you produce yourself including work, activism, personal and entertainment documents. Your data also includes your emails, tweets, posts, design, audiovisual productions etc. Then you can draft a list of data you are managing but that is produced by others, this can encompass from information given to you by your colleagues, friends, relatives to files you download from websites, repositories, p2p networks, etc. Finally, you can also identify which type of data you are sharing with others, for instance if you are sharing social media profile or email accounts with other persons such as your family, partner, colleagues.  
  
* Where is this data?  
+
* Where this data leaves?  
  
This question is about understating where do your host your data and by data we are talking about the data that is produced by you and also the one that is produced by others but under your management. First of all, when answering this question you should clarify where is hosted the data, is it inside your computer, an external drive, your phone? Is it hosted in somebody else server (for instance if you do not download all your mails, then those are leaving in a server owned by a company) or somewhere in the cloud (a dropbox or a social media account for instance)?
+
This question is about understanding where do your host and organise your data. When answering this question you should try to clarify which are the type of devices (computer, external drive, phone) and media platforms (mails, social media account) that are hosting your data ?  
When answering those questions in relation to all your data, you should then ask yourself how do you keep your data? For instance do you keep your personal/professional/activist data together? And in complement, is this data hosted offline or online? This last dimension is very important as sometimes because of new applications that enable to sync data between your different devices or between your devices and applications hosted online, you might not realise that the data you thought was only leaving offline is indeed present also somewhere online. We will come back later on the sync dimension and which step you should take into account in order to always know where is your data really leaving.   
+
 
 +
Where is your data is also about asking yourself how do you organise and keep it? Do you keep your personal/professional/activist data together? Is this data hosted offline or online? This last dimension is very important as sometimes because of new applications that enable to sync data between your different devices or between your devices and applications hosted online, you might not realise that the data you thought was only leaving offline is indeed present also somewhere online. We will come back later on the sync dimension and which step you should take into account in order to always know where is your data really leaving.   
  
 
* How sensitive is this data?  
 
* How sensitive is this data?  
Line 27: Line 33:
 
* How do you build trust in relation to your data and how you store it?
 
* How do you build trust in relation to your data and how you store it?
  
To be developped
+
When doing so, ask yourself who has access to this device or media platform (your family, colleagues, friends, or servers administrators and you do not know
 +
 
  
 
* Syncing (online/offline – apps permissions)
 
* Syncing (online/offline – apps permissions)

Revision as of 16:04, 25 May 2015

Handling data and devices

_TOC_

This section provides you with notions, methodologies and tools to take care of your data and devices. It also explains how to engage into more secure communication practices when you get connected. The following tips and tricks are pre-requisites to better understand how to manage identity on-line and how to create safe spaces.

What is the type of data we produce and manage? Does my data leave online - offline? How backed up it is? How can I define the level of sensibility of my data? How can I engage with others online using safer communication channels? Why does it mean to use privacy and anonymity tools?

Data and information production

Before becoming a zen user and developer of technologies, and adopting better privacy and digital security practices, you should first reflect and understand what do you want to protect (data, devices, other). To do so, you first need to map, assess and analyse your production of data and how this data relates to your documents and personal folders, your social media accounts and/or the physical devices you have at hand. One way of doing that is to map and visualise in the form that better suits you (a table, map, drawing) your production and management of data. You can guide your reflections by trying to answer the following questions:

  • What kind of data do you produce and or manage? With whom?

Some of your data is created by yourself (documents, emails, images, videos, designs etc) and other data you manage and interact with is created by others. Your relation with both type of data is different. For the data you create yourself, you can decide under which conditions it can be released, shared, made available for new uses by third actor parties. For the data you manage and that has been given to you by others, or downloaded from somewhere, you also need to understand under which conditions they can be shared and made available.

You can draft a first list of the data you produce yourself including work, activism, personal and entertainment documents. Your data also includes your emails, tweets, posts, design, audiovisual productions etc. Then you can draft a list of data you are managing but that is produced by others, this can encompass from information given to you by your colleagues, friends, relatives to files you download from websites, repositories, p2p networks, etc. Finally, you can also identify which type of data you are sharing with others, for instance if you are sharing social media profile or email accounts with other persons such as your family, partner, colleagues.

  • Where this data leaves?

This question is about understanding where do your host and organise your data. When answering this question you should try to clarify which are the type of devices (computer, external drive, phone) and media platforms (mails, social media account) that are hosting your data ?

Where is your data is also about asking yourself how do you organise and keep it? Do you keep your personal/professional/activist data together? Is this data hosted offline or online? This last dimension is very important as sometimes because of new applications that enable to sync data between your different devices or between your devices and applications hosted online, you might not realise that the data you thought was only leaving offline is indeed present also somewhere online. We will come back later on the sync dimension and which step you should take into account in order to always know where is your data really leaving.

  • How sensitive is this data?

You can answer to this question by asking yourself for each type of data you have listed in your map of data, what would happen if this particular data would suddenly disappear? For instance, if your email account is closed down, if your computer or external hard drive is stolen or break up, if you erase by mistake a folder, etc?. The other side of this question, is what happens if this data is seen and copy by third actor parties you did not intend to share information with? In that sense, the question is to evaluate how much personal data about you and others rest in the different type of data you manage? Imagine that you handle sensitive data of others persons you are working with, name health records, personal emails, love letters etc.

When assessing those different questions, you will ask yourself about the back up you have for the sensible data you really do not want to lose or see in the hands of non intended third actor parties. This should enable you to take decisions about which type of data you want to regularly back up and to decide also where those back up will leave. Besides, it will also enable you to deal with the question of what to do with your data when traveling? What type of data you need with you, which one is too sensible for carrying it with you, which one you can easily access online, etc?

  • How do you build trust in relation to your data and how you store it?
When doing so, ask yourself who has access to this device or media platform (your family, colleagues, friends, or servers administrators and you do not know


  • Syncing (online/offline – apps permissions)

Devices and Well being

While working on computer, smart phones and other devices, we tend to forget our body. Our body freezes. Fingers, eyes and ears follow the rhythm of our clicks, scrolls and swipes. In almost motionless, staring at the screen, the user forgets the possibilities of movement, pause or improving posture and even is imposing on the body pains and discomforts. While some senses get paralyzed, our brain becomes intertwined with the machine: processing a lot of data and information, multi-tasking and executing creative, administrative challenges while managing our engagements and multiple identities... our neurological activity increases. There is a risk in becoming inseparable of our hardware technologies. Actually we can do almost everything with a machine: communicate, getting ourselves organized, informed, be entertained, play, have sex, ... To have a healthy relationship with our machines is hence a key for our well being.

“Around 2000, I made a video installation “Does Technology ever end or does it restart automatically?” it was the moment when there was fear that the machines' clock would crash on the number 2000 <Y2K problem, the Millennium bug>: display of dates and the automated ordering of dated records or real-time events would get twisted. The media media hysteria around the potential failure of our electronic and digital devices which were surrounding us, made me reset (reboot in another distro). In the ecstasy of integrating tech in my daily life, exploring avatars and audiovisual creation, design to communicate political struggles, my hand was hurting, and I couldn't click the mouse anymore. I had to change my daily routine, care about my body and cure myself. I couldn't hold my keys nor masturbate :), .. what was I going to do with my right hand.”

SHOW THE PAIN open mouth and lips as wide as possible simultaneously raising your eyebrows as high as possible, hold while counting to 5 repeat a few times

(A/ A,separation/séparation) (1) strategies of prevention SCHEDULE: Work out a regular pattern for your day, and stick to it. Your brain will relax a bit if it knows “what comes next”. Plan non-digital activities.

PROCESS: If you get an idea or think of something you need to do, write it down. Your brain is actually a bad early implementation of Calendar reminders, Email Notifications and Associative Tagging. Brain reminders aren’t timed, so they will pop up at the most inconvenient moments. By writing it down you literally tell your brain that it’s ok to let go of the thought.

WORKFLOW: Interrupt Driven Work is a hassle. You do some work from your todo, but mainly you keep getting interrupted by new email, IRC and instant messages and phonecalls. Ideally, turn off the immediate notification and just check your email/social media/IRC / … once or twice a day.

PROCESS: If you get an idea or think of something you need to do, write it down. Your brain is actually a bad early implementation of Calendar reminders, Email Notifications and Associative Tagging. Brain reminders aren’t timed, so they will pop up at the most inconvenient moments. By writing it down you literally tell your brain that it’s ok to let go of the thought.

CHARGING: Charge your devices in a place which is not easy reachable. Do some stretching while reaching them.Go a Bit Off the Grid and use alternative energies to charge your devices so we reinforce the relation between technology and nature.

DAYLIGHT: You need about to get some decent daylight (20-40 minutes daily) to reset your body clock. Sitting in front of the window and sunlight can be limiting your screen view. Going outside can increase your healthy look... you will look better on the screen after! The quality of light also influences your sleeping/dreaming.

SLEEPING: Let's not take our daemons and shells scripts into our state of dreaming. Not having your devices next to your bed works wonders for your sleep well and good morning rituals.

FOOD & DRINK: Water can safe plants! And if you drank to much, don't forget to go to the toilet once in a while.

(2) Exercises to disconnect

Create performative events for a human understanding of technology. Probably besides of becoming an icon or a symbol of a visual interface, I guess you have to be minimum 2 people: 0 en 1 to make the process into a social momentum. # Let's go analogue – physical.

_ make props for all the hardware components in the computer

  (from cardboard, scrap, .. take your time to make them) 

_ distribute props over the #actors, _ create a script to enact the process (scenario)

exemple scripts: Screensavers, sleep mode, hibernate, standby or off. In this performative event the switching on and shutting down of a computer is (re)enacted through a collective body. What is happening with our hardware and software when we go to sleep or other modi of existence. Link:

Home Is a Server In this performative event we install a webserver and understand about Wiki's and it's recepies on a virtual machine SSH? Doors to open, commands to learn to activate our space into a home while baking pancakes. Link:

Crypto Dance ! In this performative event security is at stake in a dance which introduces basic crypto like in bob and eve do a lambada. (need still to be developed by Hacking with care)

Strategies of care

Chair Strike installation at the Academy of fine Arts Vienna, PC-Lab, in the framework of Strike, she said, by GirlsOnHorses (Auer, Egermann, Straganz, Wieger).

By paying more attention to the body and ICT work experiences, 'WORKINGSTILLWORKING” developed a variety of micro-movements and creative habits, tactics, gestures and practices, consciously or unconsciously to break free from motionless postures, painful or stultifying. Together with HACKING WITH CARE, they published a zine: http://workingstill-stillworking.net/wp-content/uploads/2013/06/AttentionSomaticTheZine1.3.pdf, Attent!on som(t)a(c)tics: With the micro movements of our bodies when using our devices, we improvise and explore forms of embodied emancipation within a digital context.

describe your (intimate, pleasant, difficult or binding…) relationships with computers and propose ways of subjugating those routines.

http://hackingwithcare.in/wiki/doku.php/projects : Online Resources for psychological and physical well-being, health, self-care, caregiving, in general and in the specific contexts of activism and hacking. Material to explore and raise awareness on related political issues, among caregivers, hackers-who-care, and friends of a good fair world, with the purpose of inspiring alliances. Caring for one self can be a collective emancipatory process to produce a collective platform of liberating instructions, gestures, movement or poetry.

SOMATIC EXPLORATIONS AND LIBERATING EXCERSISES RE-EMBODYING RELATIONS TO OUR DAILY TECHNOLGIES: TRICKS OF SELF AWARENESS(3)(4)(5) ???strategies of curing ???

We know adjustable chairs, but what about adjustable software to different cognitive capabilities.

disable auto-login check cognitive capacity Using short cuts Organize a Hands massage workshop Switch between commandline and graphical Interface … lalala, do do, reeeeeeee: Technology accelerates to find solutions of interfacing to the human body Technology can be used to persuade people into a behaviour change. We can change our behaviour in relation with technology.

State of inertia & Red Light Reflex Long hours hunched over your hardware can cause the muscles of the front of the body to contract while the body pulls inward. The Red Light reflex is a protective reflex found in all vertebrate animals and is a response to fear, anxiety, prolonged distress or negativity. Rounded shoulders, depressed chest and the head jutting forward can lead to chronic neck pain, jaw pain, hip pain, mid-back pain and shallow breathing. The inability to breathe deeply deprives your brain, blood and muscles of the oxygen they need to function properly. This in turn can cause fatigue, depression, anxiety, sleep problems and exacerbate allergies.

Repetitive Strain Injury (RSI) http://www.workrave.org/ Workrave is a program that assists in the recovery and prevention of Repetitive Strain Injury (RSI). The program frequently alerts you to take micro-pauses, rest breaks and restricts you to your daily limit.

(1) Annie Abrahams,separation/séparation http://collection.eliterature.org/2/works/abrahams_separation/separation/index.htm# (2) http://bluehackers.org/howto (3) http://workingstill-stillworking.net (4) Anne Goldenberg, Hacking with Care : Attention, bien-être et politique de l’ordinaire dans le milieu hacktiviste: http://dpi.studioxx.org/en/hacking-care-attention-bien-%C3%AAtre-et-politique-de-l%E2%80%99ordinaire-dans-le-milieu-hacktiviste (5) L'ERSE POSTURE https://www.youtube.com/watch?v=Va0ZLaZHQlU (6) http://networkcultures.org/blog/2007/04/23/linux-for-theatre-makers-embodiment-and-nix-modus-operandi/

Securing and anonymizing connections

Securing and anonymizing our connections

Securing our identities

Whether we decide to use different identities or just one, whether we stick to our "true" name or choose a pseudonymous persona, it is always important to think of our online identity as a portrait we and others paint of ourselves, and if we want to keep this under control, taking some basic security measures is one of the first steps.

Besides, if we decide to use different identities, we should consider that separating our digital life into multiple identities is not enough: what we need to do is to keep them technically separated, that is to avoid that our identities scatter identical traces that can be linked together.

To do this, some precautions on the security side are definitely necessary, and to start, a good idea is to always hide our IP, the number that identifies our connections, through Tor, an anonymity network that conceals both the location of our connection and what we do in the internet. By consistently using Tor, no one can link our IP (and therefore our alternative identity) to us, not even the mail server we use. For further information on how to use Tor, see 3.3 Anonymization tools.

Also the choice of the mail server we use for our contact mail address is important. While there are several secure servers that offer a good service – e.g. the Swiss commercial service Kolab Now (https://kolabnow.com) and the autonomous servers Riseup (a site used by activists with a clear set of political principles: http://riseup.net) and Autistici/Inventati (https://www.autistici.org) – the main point is to find a service that offers a secure connection (HTTPS instead of HTTP) and that is compatible with our virtual persona. If, for instance, we are creating a fake identity that doesn’t know much about digital security, it may be better to use a more widespread service like Gmail, and the possibility of two-factor authentication is always a plus. If the mail address we are creating is connected to our work and hosted by our firm’s mail server with its own domain, it is a good idea not to include our surname in the address and to keep just the name followed by the domain (e.g. jane@businessname.com). Of course, if a mail address is required when registering a new mail account, we shouldn’t give our usual address and it is much better to use a disposable account for this purpose.

Creating and using strong passwords

Managing passwords is also a crucial part of maintaining our identities and our security online. Using the same password over and over again is risky, as are passwords that connect us to our identit(ies). If we are using different identities, the number of our passwords will increase accordingly. There is no way to remember so many secure passwords unless we have some mental magic powers that allow us to memorize dozens of long random strings of letters, numbers and symbols. Since a password is only as secure as the least secure service where it has been used, it is good practice to maintain separate passwords for each of our accounts. For more information on the importance of strong passwords and how to store them, read Security in a Box's chapter on passwords. https://securityinabox.org/en/guide/passwords

To keep multiple secure passwords, you can use a password safe. KeePassX is a cross-platform free and open-source password manager that is very easy to use and creates files with passwords that can also be exported and used in other devices. It can generate random passwords and store them securely.

But some passwords—like the one we use to decrypt our KeePassX file or lock our device—need to be easy to remember and strong at the same time. A good solution is to create passphrases that are formed by a random group of words that don’t make any sense together, separated by spaces. One way to do this is to use the Diceware techique (this requires six-sided dice and the Diceware word list: http://world.std.com/~reinhold/dicewarewordlist.pdf [PDF]. By rolling the dice five times, we will come up with a five-digit number that corresponds to a word on the Diceware word list; this word is the first word of our passphrase. If we repeat this at least six times, we can create a strong passphrase formed by six words that together make a strong, random passphrase. It can be memorized just as we did when we had to learn poems by heart at school and will be so long that it would take an average of 3500 years to crack it with brute force at a speed of one trillion guesses per second.

Anonymizing tools

As mentioned before, when browsing the internet through a normal connection, there are several traces that can give away our real identity even if we are using an alternate persona (most importantly our IP address) and there are several ways to intercept our communications, for example by sniffing our connection when we go online through a free Wi-Fi spot, by accessing our ISP’s data or by monitoring the website we are visiting.

VPN: accessing the web through an encrypted tunnel

To add a further level of protection, we can decide to access the internet through a VPN, an encrypted tunnel that hides all services, protocols, and contents. Using a VPN is not difficult: it basically requires downloading a compressed file, extracting it and changing our computer’s connection settings, but it is important to choose a secure one – better if located abroad – because a compromised VPN server could be accessed by an intermediary who could then analyse all our activities. Autonomous servers Riseuphttps://help.riseup.net/en/vpn – and Autistici/Inventatihttps://vpn.autistici.org – both offer a reliable VPN.

But we should consider that from a technical standpoint VPNs have some limitations:

  • An insecure connection is still insecure: Although a VPN will anonymize our location and protect us from surveillance from our ISP, once our data is securely routed through the VPN server, it will go out on the internet as it normally would. This means we should still use TLS when available (ie. (HTTPS to browse websites, pop-ssl/imaps/smtp-tls for mail exchange, and so on).
  • VPNs are not a panacea: although they accomplish a lot, they can’t fix everything. For example, they cannot increase our security if our computer is already compromised with viruses or spyware. If we give personal information to a website, there is little that a VPN can do to maintain our anonymity with that website or its partners. For more information, see Riseup’s webpage on VPN anonymity: https://help.riseup.net/en/vpn/security-issues.
  • The connection might get slower: the VPN routes all our traffic through an encrypted connection to the server before it goes out onto the normal internet. This extra step can slow things down.

For more information on VPNs, visit: https://securityinabox.org/en/guide/anonymity-and-circumvention

Torbrowser: anonymous web browsing

If what we need to do with our alternative identity only needs a browser, we might consider to use the Tor Browser rather than our usual browser. The Tor Browser (https://www.torproject.org/projects/torbrowser.html.en) is a software tool designed to increase the privacy and security of our Internet activities and habits. It masks our identity and our online browsing from many forms of internet surveillance. From the Tor Project:

"The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked."

The Tor Browser Bundle consists of the Tor software and a modified version of the Firefox web browser, which is designed to provide extra protection while using it. To stop scripts from running without us knowing and to force secure SSL connections whenever available, the browser bundle also includes NoScript and HTTPS-Everywhere add-ons.

Tor protects our anonymity by routing communications through a distributed network of servers run by volunteers all over the world. Using Tor hides the sites we visit from potential onlookers, and hides our location/identity from those sites. The software is designed also to make sure servers in the Tor network don't know both our location and the sites we are visiting.

Tor also takes steps to encrypt the communication to and through its network, but this measure cannot extend all the way to a website which is sending or receiving content over non-encrypted channels (i.e. not providing HTTPS access). Nevertheless, the advantage of using Tor when accessing such sites is that Tor can secure our communication up to the step between the last of the Tor servers and the non-secure site. This confines the chance to intercept the content to that last step.

As with VPNs, there is a trade-off between anonymity and speed. Because Tor facilitates anonymous browsing by bouncing our traffic through volunteers’ computers and servers in various parts of the world, it will definitely be slower than using other web browsers on our computer.

What we should remember when using the Tor Browser is that it makes us anonymous, but not private. Although our web requests are anonymous, if we are posting on Facebook or sending an email through Gmail, that activity is still identifiable as “us”. While this is acceptable if we are using the Tor Browser with our virtual persona, we should be careful not to use the same instance of the Tor Browser with more than one identity. If we want to browse the web anonymously with more than one identity, we can do so by creating each time a new identity for our browser, so that a new set of random Tor proxy servers is selected and we appear to come from a new location to the web servers. To do this, we just need to click the onion icon in the upper left of our browser and to select “New identity” from the menu. The Tor Browser will briefly close, clearing our browsing history and cookies and then restart. After that, we can safely browse the internet with a different identity.

For more information on Tor and instructions for Windows users, visit: https://securityinabox.org/en/guide/anonymity-and-circumvention

For instructions for Mac OSX users, visit: https://ssd.eff.org/en/module/how-use-tor-mac-os-x