Community Updates

From TCU Wiki
Revision as of 01:48, 22 September 2018 by Iffadmin (talk | contribs)

The following are community updates from the weekly Glitter Meetup. If you need to connect to anyone mentioned below, please reach out. We do practice "consensual introductions," meaning we have to check with the person before doing so. No names are associated with the summary notes. Please contact us if you have any questions related to these notes. team@internetfreedomfestival.org

September 20

  • Burnout and emotional toll on people that are the "listening" ear in activists groups. They need more training from therapists to help create better boundaries. This includes trainers. There is a need for training of folks who are handling alot of the emotional labor by therapists who can help create processes and systems. For example, in some organizations they are dealing with deaths which is very traumatic.
  • In addition, people with mental health issues rarely seek counseling/support - until probably it's too late. Majority of these include women & youth
  • SAFIGI (Safety First for Girls) we did a comprehensive research on safety - with the understanding that safety is internal and external. Internal safety being peace of mind, heart, and emotions. External safety being protection of the body,other person and environment). Of 327 people surveyed in 6 countries, we found only 12% girls had learned about mental health in high school and below. This affects every aspect of their life. https://www.dropbox.com/s/a8u8ladyjcncfrl/Data%20Analysis%20Safety%20Report.pdf?dl=0
  • We can't give people the impression that they can self-care really hard at systemic oppression. More research needed in this area.
  • Participants noted that at the point where people most need therapy, they're either pushed out of organizations after the organization fosters an abusive environment, or have burned out because activism is stressful
  • Also noted that the look how cool I am, everything is broken and the NSA is in my living room right now!" training method can make people more scared than they were before
  • US Latinas has the highest suicide rate than in any group in the US.
  • One in every four Kenyans may suffer from mental illness at one point in their lives. That is 11.5 million people (out of the 48 million people)
  • Some of the communities of color in the US communities seem to a) bring in cultural spirituality So for example, some latino groups they may bring in elements of caribbean spirituality. b) they understand and remind each other they have a strong connection with their ancestors c) they opently talk about the mental stress d) they are focused on having exercises that are meant to strenghthen your moral and understand you are part of a bigger family.
  • the disability subreddits are supportive. The moderators remove any "yoga will cure you!" posts and there are a lot of people who post about being newly diagnosed and the mourning process afterwards

September 13

  • The Intersection of Things is a feminist podcast about the internet and everything it touches. Every other week we take a topic –like health, or pride, or consent–, contextualize with the internet and tech, and try to approach it from an intersectional feminist perspective.
  • The wish or goal to improve a space always has to start with empathy. So a simple first thing to kickstart the improvement of spaces is to listen to communities we want to make these spaces better for –be them our own communities, or communities we are not a part of. Consuming media (podcasts, videos, books, blogs, etc) produced by and for these communities is a fantastic first step.
  • Intersectional Feminist Perspective: We borrow the term “intersectionality” from scholar Kimberlé Crenshaw, who initially coined the term to describe how an individual's experience is not only affected by factors like their race, socioeconomic class, abilty, gender, orientation, etc. But rather it is how all of these elements mix (or "intersect") what informs how someone navigates and experiences the world –and how the world treats THEM. So we take this lens of intersectionality and want to look at the internet through it by asking questions like: how does privacy affect people like me, who are not only queer but queer, and women, and of colour, etc etc etc
  • A key part for any person or organization doing outreach is to know what –ideally– outreach should be. For example, outreach should be a thing that is not just added at the end of a project. Outreach is the act of including people or organizations in the building of the project itself. Outreach is usually done at the end, as a dissemination piece. A key thing that would differentiate tokenism from collaboration is at what point in the project do you bring in people from different perspectives, and how much we listen to these perspectives. It is not enough to have people in the room just to have us all there.
  • The beauty of communities that reflect the rich spectrum of humanity is that one is, or should be, constantly aware of how different each of us might experience the world. For example, something that might be very "progressive" for me, might be something that is in conflict with someone's traditions. So the challenge is, how do we see each other, how do we share space in a way that celebrates and respects each other. So, one of the biggest challenges is listening to one another –and it is hard! But it is very rewarding, and you leave these spaces a different person (in a good way).
  • Related to how to be a good allie: Listening is very important. We are all going to make a mistake at some point —how could we not, the world is messy. What I find fascinating is that a lot of the impact of when things go wrong comes from how we react to our mistakes. Often, there is an element of defensiveness (we "lose face"). But I think practicing slowing down, apologizing, and owning up to the the thing that went wrong is important. Also important: if we ever unintentionally cross the line (for example, an off handed comment in the workplace), we must apologize but not let the other person do the emotional work of making us feel "ok".
  • Many folks commenting on the rate of burnout people are experiencing. In addition, marginalized groups are affected psychologically when they are in an environment that doesn't support them.
  • There is a test people do in some trainings to see how stressed they are.
  • Participants noted that disabilities don't really get talked about alot.
  • There is always alot of emotional labor being done by people of color on team that isn't paid. they become the diversity recruits.
  • RECOMENDATIONS

- Code Switch is a great podcast about race and the world today. - Note to Self is "the tech podcast about being human" is a fantastic listen too. - Third Wave Urbanism and The Black Urbanist podcast is another good one. I love when someone takes an area (like urbanism) and looks at it through a different lens. These pods do this. - Books: "the poverty of privacy rights" by Khiara M. Bridges. Such a fascinating read (example: how much surveillance do you think pregnant women in social assistance are subject to? A classic of code switching and double labour is Frantz Fanon's Black Skin White Masks. Algorithms of Oppression by Zeynep Tufekci, and Weapons of Math Destruction by Cathy O'Neil are both fantastic.

  • UPDATES

In this piece by UNHCR's innovation team for refugees, they analyzed all their public posts, and found that there is a huge imbalance in quoting men versus quoting women. And when they analyzed who wrote the article, they found that shockingly out of all the men who wrote the posts, only one woman was quoted. In any article they wrote, ever. http://www.unhcr.org/innovation/gender-imbalance-innovation/

September 6

  • For IFF, people want to see more sessions that integrate with the Academia as there is a feeling that there is a widening gap between academic researchers done in terms of risk threats etc around HRDs and activists and professional trainers. Academics need to better appreciate the work being done by professionals in the digital physical security spaces.
  • More sessions that focus on intersectional feminism, and past "white feminism" and white/cisgender/straight fragility to get things done without tokenism or exclusion.
  • More sessions geared towards new people and smaller sessions for skill building for folks that have some basis.
  • Remembering how far the community has come in regards to collaboration..when it was super competitive before.
  • Have to have an honest conversation about collaboration. People brought up things like LevelUp and Safetag, that galvanized a responsible community of trainers, brought a lot of new faces in, and built a largely evergreen curricula which people still use today, but hard to sell because of the community-owned model. Also, hard to track numbers because a) website didn't track users so no stats on usage, and b) a community who for lots of really solid reasons doesn't report back about how many trainings and where they took place. he orgs who put out this stuff are constantly strained to both maintain it, but also to keep moving forward with new programs, as they don't get to "own" these things they created. Again, this is a long term responsible thing to do, and benefits the community much more effectively, but it means a lot of hard work above and beyond daily fixing things. Another problem is training...it takes an organization time to learn how to do it properly and create proper structures. Collaboration means being motivated by different things, and valuing other things more highly
  • At the same time, gay sex was just decriminalized in india

https://www.cnn.com/2018/09/06/asia/india-gay-sex-ruling-intl/index.html

  • In Bangladesh, to increase female participation, what was effective was 1:1 participant for male and female. after few training session the participants spread the word about the importance. now a days most of the female participants willingly attend at training or meetups.
  • GAMES FOR TRAINERS:

- https://openinternet.github.io/copilot/

- Yoshi Kohno at the Univ. of Washington has developed some games https://homes.cs.washington.edu/~yoshi/

- netalert.me

- From Kseniia @ CitizenLab, a great game she developed:

The following is from someone from your area of the world. This person is willing to talk to you via email, if you wish: I'm not doing any 'games' but what I often do is drawings. That worked very well on trainings I did for feminist collectives.

We do 2 sets of drawings. 1 drawing in the beginning of the training: I ask them to draw how they send a message to their contact, and if there's something weird going on, please represent it on the drawing as well.

Usually I give 5-10 minutes for that, after first round of "oh my, I am a don't know how to draw" and so on and a round of encouragements Then when everyone is done I collect drawings, and quickly look at them. Usually there are "trends" in the group: there are some common ways in which people tend to represent how they see networking and transfer of data, and also some common ways in depicting the "adversary"/"adversaries" (e.g. the danger being on the server side, or the danger being between client and server, or in the client, or in the "physical world" (physical threat) and so on). So I give myself some 3 minutes to group these drawings according to these representations, and give short comments on these groups, encouraging every time the person for their effort and good intuitions (because very often they do have very good intuitive understanding of both transfer protocols / networking and threats), but also explaining if some things are represented in a technically wrong way.

Then I ask people if I understood them right and ask them to comment on their drawings if they wish. People like to defend their visions, and often the comments are interesting to hear - as a trainer I understand where some of the misunderstandings hide (underestimation or overestimation of risk for example...). But it's also a good point to start the discussion.

After this first debrief is done, I usually use a whiteboard / blackboard to list the different kinds of "adversaries" or failures people have drawn. Then I comment on each of them and ask people if they know how to defend from that. Again, in a feminist perspective I was trying to always let people suggest their own ideas of self-defense, and let others correct / criticize their fellows. Only in case of a very wrong intuition that can be dangerous, would I interrupt that process. However, after listening to all these comments, I would wrap up and write good tips down, and give some more advice as well as - for every kind of threat - some sources to go look into (online guides, videos...) and some tools if they have not been mentioned.

After that, in the end of the training, I would ask people to draw me a second round of drawings - how would you like the Internet to be? Draw me a perfect communication. This second round of drawings is very important for several reasons: first, it helps to cope with the stress of the training (because a lot of these women had hard time talking about threats they had experienced, and in general, security trainings give you a lot of stress to cope with).

Second, it breaks the dystopian technological visions that somehow dominate our space, and sets the imagination free to draw collective visions for better tech but also for better communities (kind of speculative fiction approach). In the end, I collect drawings and look if people dream of similar things. Surprisingly very often we see that somehow people project very similar ideas (for example in case of Russian feminist workshops, there were a lot of visions that looked like p2p distributed networks without any centralized servers or anything that would look like central points of failure). I would ask people to briefly comment on what they wanted to say, and in case when people's "dream technology" had a real correlate, I would give them tips to go check this or that tool or project (for example, Mastodon for or Briar...).

  • Here are two examples of games and activities for digisec training (in Spanish)

1) Amiga cifrada: how to organize an exchange of GPG keys (by @ciberseguras) https://ciberseguras.org/como-organizar-un-intercambio-de/ … 2) A las calles sin miedo: manuals and a board game https://infoactivismo.org/a-las-calles-sin-miedo-herramienta-ludica-para-la/ 3) http://www.sulabatsu.com/blog/sula-batsu/mediacion-descarga-libre-del-juego-huells-mi-rastro-en-internet/



August 30

  • The Police Department of Bangladesh Government opens a tender. The tender notice is to procure IMSI mobile monitoring/tracking systems, including its ultra-portable backpack version. “IMSI” stands for “international mobile subscriber identity” and the devices in question are basically eavesdropping gadgets used for intercepting mobile phone and its data traffic, as well as tracking location data of mobile users. If I’m not wrong, they essentially create a "fake" mobile tower acting between the target mobile phone and the service provider's real towers to intercept communication related data. http://bangla.cptu.gov.bd/advertisement-goods/details-60402.html
  • The SecureDrop project is going to have 0.9.0 release on September 5th. If anyone wants to help in translation, they can help by joining the localization-lab-chat channel.
  • Woman group in Zimbabwe is looking to start their own radio channel. If you have resources or good educational materials, let them know
  • Someone in Lisbon is starting a privacy meetup.

* Notes from talk from Nathaly on Cyber Feminist Radio and networks:

- When conducting an interview, if the person you are interviewing has to be extra careful about their privacy and/or security, someone from the radio crew will talk as them, recreating their voice. (ie, so at no time do they use the person's voice)

- Always use safe channels online and offline to talk to your interviewers

- They do have some channels like a cyberfeminist mail list and one of the rules is to have a secure mail like rise up, and we use PGP all the time to share information.

Tools that can be used to create your own radio:

Software: Audio editing: Audacity or arduor

streaming: Radiolibre.co https://liberaturadio.org/ or https://kefir.red/


Educational Manuals in Spanish: Curso virtual: feminicidio y periodismo https://radioslibres.net/curso-virtual-feminicidio-y-periodismo/

Despatriarcalizar la Comunicación: periodismo inclusivo https://radioslibres.net/despatriarcalizar-comunicacion-periodismo-inclusiv/

Escuela ciberfeminista https://escuelafeminista.red/


Recommended Feminist Radio Channels

In English:

https://soundcloud.com/icalondon/black-feminism-and-post-cyber

In Spanish:

Enchufadas: https://radiocut.fm/audiocut/enchufadas-autodefensa-digital-1/

Encuentro de ciberfeminismo Ecuador https://soundcloud.com/tristanaproducciones/encuentro-ciberfeminismo

El desarmador https://eldesarmador.org/

Cyborg feminista radio https://cyborgfeminista.tedic.org/tag/radio/

Wambra radio: http://ciberfeminismo.elchuro.org/cobertura/

tropica media http://tropicamedia.org/

La Radio q genero http://www.laqradiogenero.com/

August 23

  • Someone is trying to apply SAFETAG for LGBTQ communities in South Asia.
  • Totem project is an online platform helping journalists and activists use digital security & privacy tools and tactics more effectively in their work by Greenhost and FreePressUnlimited. https://totem-project.org/
  • Malaysian Parliament passes bill to repeal Anti-Fake News Act last week
  • IFF Fellowship deadline has been extended to August 27.
  • In Zimbabwe, there was a constitutional court hearing yesterday for the just ended elections where the opposition party is challenging the results that were announced. Judgement will be announced tomorrow at 1400hrs UTC+2
  • Someone is working on a due process (appeals) campaign targeting social media platforms (primarily Facebook) and would love to chat off-list with anyone interested or working on similar things.
  • The Tor meeting will be happening in Mexico end of September.

About Safetag:

  • SAFETAG is an assessment framework to work with organizations and help them build informed decisions about the risks they face. It provides a wide variety of different activities: some very research focused, like understanding the context the organization is working within -- each organization has a totally different set of risks depending on their context; Some are very technical, such as scanning office networks to understand what systems and traffic are on the network; and many are "interpersonal" -- simply talking to staff members, interviewing management, and running exercises to help the organization build a cohesive and shared understanding of their risks and which of them they accept, and which they want to prioritize to mitigate.
  • In the best case, you should have a few people helping out -- one person who has a more digisec training background, and another who's happier sitting in the back room hacking around on things. Often funding and scheduling mean that one person has to do all three, so careful planning and preparation are important -- you do NOT want to be researching how to nmap an organization without crashing their computers in the middle of an assessment. In addition, there is value and more impact if the audit is done by more people with different skills other than a single person.
  • SAFETAG scoping questions are really good to help people understand their risks.
  • Some folks have it customized for working with LGTBQ in West Africa.
  • SAFETAG wants to be community owned, but depends on people taking ownership/participating.
  • Even though someone might be from a different parts of the world, so many common problems come up that are similar. So you may think your approach only applies to some super specific situation, but almost guaranteed someone else is facing the same problem
  • Best tips, for network scanning - (a) be careful and (b) keep it balanced. A lot of the tools, even "simple" nmap, have a lot of super dangerous options, and you really never know if a computer is going to be vulnerable to a 10-year-old bug. Start super lightweight, and super low-impact, even flooding a system that may be a few years out of date can cause it to fail, and then you're suddenly halfway through an audit and have to stop to fix something you broke. Look at software versions, and peek via nmap on weird ports being open before doing anything more intense
  • The other big tip is to not get trapped in any one approach. People with hacking/pentesting backgrounds tend to ignore the interactive parts, and people with training backgrounds tend to shy away from the technical pieces. It takes both, plus a solid base of research, to really understand an organization. Also, and super important, you can also spend a LOT of time digging in to some really obscure tech things, and lose the opportunity to ensure you have a holistic view of the org.
  • The SAFETAG translation in Spanish is out of date. Ping them if you can help identify chunks to prioritize for funding.
  • Re: network scanning, a super fun thing to do (but requires a system with a decent chunk of RAM and a few hours of access to a lot of bandwidth) is to download some vm images. vulnhub is a good repository, and MS has some testing images for old versions of windows (see the safetag reference file here for links: https://github.com/SAFETAG/SAFETAG/blob/master/en/references/network_env.adids.md). Use virtualbox to run them locally and have them all on your local network, and then you can use nmap and such locally (do this at home, you can even have it set up to truly be a "fake" network on your computer only -- do NOT do it on a shared or work network!!) This is a great way to get started exploring and using different scanning options


August 16

  • New org in latin america in the works ( Con-nexo). They will be developing projects on capacity building on security, research, security support to organizations, tool development and community generation around communities at risk and security in general.
  • Lots of love happening for SAFETAG fellowship
  • Zimbabwe still doesnt' have a president even after voting
  • Found out Digital Society of Zimbabwe was born in the IFF :)
  • Folks working on security investigation framework in tails. Prototype coming soon! Github here: https://gitlab.com/scif/whiskers
  • Blog posts coming out taimed at helping new auditors get in the SAFETAG mindset; as it can be very overwhelming to try and tackle the guide as it exists now
  • Someone who did research on digital censorship in post-soviet states and how each country's approach differs (about a third have very free internet and about a third have internet censorship in place), is currently talking to a publisher about turning it into a book on the history of censorship in the region.
  • Someone is cultivating digital security trainers to assist HRDs in Southeast Asia as many trainers are still flown in.
  • Past DIF Folks asking that a community is created so they can further connect.
  • Various games made by people in the community such as BLOOG: how formal and informal groups interact in crisis. we called it ENCAPE http://blog.bl00cyb.org/2017/08/interfaces-between-formal-and-informal-crisis-response/, Malicious Content, the infosec card game like Cards against humanit, and the depressing, Cards against Humanitarians" -- now JadedAid -- http://jadedaid.com/).
  • First alpha version Tor Browser coming out soon!
  • Maybe a hackathon with artist, process oriented.
Retrieved from "https://wiki.digitalrights.community/index.php?title=Community_Updates&oldid=40030"