In the past several weeks I’ve had several one-on-one conversations with friends and colleagues about digital privacy rights. Some were concerned about the latest news that WAP2 protocol has a huge glaring security vulnerability. Others were curious about what information Facebook collects about them and how that information might have been used in the 2016 U.S. election.
What became clear to me is that there is a real lack of literacy when it comes to talking about online privacy. People are concerned but often they’re too embarrassed or ashamed to admit that they don’t understand what they should be concerned about – usually people just ignore the problem unless they’re directly attacked.
There’s a community of organizers who host CryptoParties – free, community-based workshops that teach the basics of cybersecurity to a lay audience. You don’t need to know anything about PGP or Tor in order to attend and participate. I want to organize a small home-based cryptoparty first with my friends and then later more broadly.
The goals of my workshop:
- Educate internet users about their digital privacy rights
- Help consumers think critically about the online platforms and tools they use
- Empower individuals to assess their own situation through ‘threat modeling’
- Foster a safe, judgement-free space in which people can express their specific concerns and fears about their privacy
- Teach the group about specific tools they can download and behaviors they should model to mitigate risks:
- Passwords (and password managers e.g. LastPass)
- Trackers and cookies (Privacy Badger, ad blockers, disabling cookies)
- The big social platforms: Facebook and Google
- HTTPS, TLS, and asymmetric encryption (HTTPS Everywhere)
- End-to-end encryption (Signal, WhatsApp, iMessage)
- Encrypting email (PGP)
- VPN (Private Internet Access vs. your own server)
- Tor Browser
I will be developing the curriculum via a GitHub repository located here.