Practical digital security
Wiki ▸ Activities and events ▸ Practical digital security
- Tagline: A computer security workshop for people who don't want to have to care about computer security.
- Description: Learning how to stay safe online is on many people’s minds, but how do you start this process? With so many tools and suggestions from “experts,” how do you know which tool to use, when, and in what situation? This workshop will clear a path for you to continue your own security education. While not required, please bring your mobile phone and laptop if you have them to immediately use what you've learned. This session is intended for beginners but more experienced participants are also welcomed.
- Time required: ~2.5 hours
- Equipment needed: Whiteboard, projector (optional)
- See also: Persona-based training matrix, Offensive and Defensive Doxing
The following outline is a brief guide you can follow to help ensure a successful workshop:
The general motivation behind this specific workshop format is to meet the following challenge: "how do we teach threat modeling, without ever saying the word 'threat model' or using any other jargon, to people who don't want to have to care about digital/computer security, but know that they need to care anyway?"
To that end, here are some things that are not your goal:
- Your goal is not to get participants to install specific tools.
- Your goal is not to get participants to download and follow an already-created guide.
- Your goal is not to help participants find and use "the secure products" rather than "the insecure products."
- Your goal is not to be "the expert" on a particular subject.
So, what are your goals? As a facilitator, your goals are to:
- Engender feelings of confidence in participants that they, too, can explore the "advanced" features of their devices.
- Show, don't tell, participants how to think about security "as a process," rather than a checkbox to hit.
- Offer threat-model-appropriate guidance to individuals seeking resources, do not simply give answers but rather give references/links/citations to other existing resources.
-
Ask the audience to describe, briefly, their reasons for coming to the workshop.
- What are you concerned about?
- How do you feel about that?
As they describe this, start writing down themes/patterns/motifs that emerge from the group on a whiteboard, in the form of "user stories," such as:
- "as a company employee, I get the feeling like I can't be myself at work if I'm chatting to my friends"
- "as an artist, I don't know what my legal rights are to the artwork I post on social media"
- "as a woman, I'm afraid that my psycho ex can find out where I live now"
and so on. Also highlight "attackers" (corporations, psycho ex) and "defenders" (individuals, employees) in these stories; write attackers in a different marker color across the top of the board (these will become columns), while the defenders one atop the other down the left-hand side of the whiteboard (these will become rows).
-
Ask the group to perform a small exercise: navigate the interface of your phone, laptop, or an app's "Settings" or "Preferences" screens looking for a feature/option/setting that they didn't already know existed or don't currently understand what it does. Make sure they either remember this or shout it out and collect these in a new list.
-
Pick a few of these settings, then start talking, in general and brief terms, about what that setting might do. During this short monologue, also write down motifs of these settings as you notice them, such as:
- "personalization" or "recommendation" settings
- auto-connection/convenience features (auto-login, "sign in with Facebook," and so on)
-
Start delineating the rows and columns of the persona matrix you've created and discuss where a given feature might actually be appropriate based on what kind of threats that particular feature defends against, and for whom.
You can edit this flyer (GIMP xcf format) (3.7 MB) if you would like a "shareable" image to promote the event.