projects / enc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
commit
[enc.git] / en / workshops.html
1 <!DOCTYPE html>
2 <html>
3 <head>
4 <meta http-equiv="content-type" content="text/html; charset=utf-8" />
5
6 <title>Email Self-Defense - Teach your friends!</title>
7 <meta name="keywords" content="GnuPG, GPG, openpgp, surveillance, privacy, email, Enigmail" />
8 <meta name="description" content="Email surveillance violates our fundamental rights and makes free speech risky. This guide will teach you email self-defense in 30 minutes with GnuPG." />
9
10 <meta name="viewport" content="width=device-width, initial-scale=1" />
11 <link rel="stylesheet" href="//static.fsf.org/nosvn/enc-dev0/css/main.css" />
12 <link rel="shortcut icon" href="//static.fsf.org/nosvn/enc-dev0/img/favicon.ico" />
13
14 </head>
15 <body>
16
17 <!-- ~~~~~~~~~ GnuPG Header and introduction text ~~~~~~~~~ -->
18
19 <header class="row" id="header">
20 <div>
21 <h1>Email Self-Defense</h1>
22
23 <!-- Language list for browsers that do not have JS enabled -->
24 <ul id="languages" class="os">
25 <li><a class="current" href="/en">english</a></li>
26 <li><a href="/es">español</a></li>
27 <li><a href="/fr">français</a></li>
28 <li><a href="/de">deutsch</a></li>
29 <li><a href="/it">italiano</a></li>
30 <li><a href="/pt-br">português do Brasil</a></li>
31 <li><a href="/tr">türkçe</a></li>
32 <li><a href="/ro">română</a></li>
33 <li><a href="/ru">русский</a></li>
34 <!--<li><a href="/ml">മലയാളം</a></li>-->
35 <!--<li><a href="/ko">한국어</a></li>-->
36 <li><a href="/ja">日本語</a></li>
37 <li><a href="/el">ελληνικά</a></li>
38 <!--<li><a href="/ar">العربية</a></li>-->
39 </ul>
40
41 <ul id="menu" class="os">
42 <li class="spacer">
43 <a href="index.html">GNU/Linux</a>
44 </li>
45 <li>
46 <a href="mac.html">Mac OS</a>
47 </li>
48 <li>
49 <a href="windows.html">Windows</a>
50 </li>
51 <li class="spacer"><a href="workshops.html" class="current">Lead a Workshop</a></li>
52 <li class="spacer">
53 <a href="https://fsf.org/share?u=https://u.fsf.org/zb&amp;t=Email encryption for everyone via %40fsf">
54 Share&nbsp;
55 <img src="//static.fsf.org/nosvn/enc-dev0/img/gnu-social.png"
56 class="share-logo" alt="[GNU Social]">&nbsp;
57 <img src="//static.fsf.org/nosvn/enc-dev0/img/pump.io.png"
58 class="share-logo" alt="[Pump.io]">&nbsp;
59 <img src="//static.fsf.org/nosvn/enc-dev0/img/reddit-alien.png"
60 class="share-logo" alt="[Reddit]">&nbsp;
61 <img src="//static.fsf.org/nosvn/enc-dev0/img/hacker-news.png"
62 class="share-logo" alt="[Hacker News]">
63 </a>
64 </li>
65 <li class="spacer">V4.0</li>
66 </ul>
67 <!-- ~~~~~~~~~ FSF Introduction ~~~~~~~~~ -->
68 <div id="fsf-intro">
69 <h3>
70 <a href="http://u.fsf.org/ys">
71 <img alt="Free Software Foundation" src="Email%20Self-Defense%20-%20a%20guide%20to%20fighting%20surveillance%20with%20GnuPG%20encryption_files/fsf-logo.png">
72 </a>
73 </h3>
74 <div class="fsf-emphasis">
75 <p>
76 We fight for computer users'
77 rights, and promote the development of free (as in freedom) software.
78 Resisting bulk surveillance is very important to us.
79 </p>
80 <p>
81 <strong>
82 We want to translate this guide
83 into more languages, and make a version for encryption on mobile
84 devices. Please donate, and help people around the world take the first
85 step towards protecting their privacy with free software.
86 </strong>
87 </p>
88 </div>
89
90 <p><a href="https://crm.fsf.org/civicrm/contribute/transact?reset=1&amp;id=14&amp;pk_campaign=email_self_defense&amp;pk_kwd=guide_donate"><img alt="Donate" src="Email%20Self-Defense%20-%20a%20guide%20to%20fighting%20surveillance%20with%20GnuPG%20encryption_files/donate.png"></a> </p>
91
92 </div><!-- End #fsf-intro -->
93
94 <!-- ~~~~~~~~~ Guide Introduction ~~~~~~~~~ -->
95 <div class="intro">
96 <p>
97 <a id="infographic" href="https://emailselfdefense.fsf.org/en/infographic.html"><img src="//static.fsf.org/nosvn/enc-dev0/img/en/infographic-button.png" alt="View &amp; share our infographic →"></a>
98 <p>Understanding and setting up email encryption sounds like a daunting task to many people. That's why helping your friends with GnuPG plays such an important role in helping spread encryption. Even if only one person shows up, that's still one more person using encryption who wasn't before. You have the power to help your friends keep their digital love letters private, and teach them about the importance of free software. If you use GnuPG to send and receive encrypted email, you're a perfect candidate for leading a workshop!</p>
99
100 </div><!-- End .intro -->
101
102 </div>
103 </header><!-- End #header -->
104
105 <!-- ~~~~~~~~~ Section 1: Get your friends or community interested> ~~~~~~~~~ -->
106 <section class="row" id="section1">
107 <div>
108 <!-- ~~~~~~~~~ section introduction: interspersed text ~~~~~~~~~ -->
109 <div class="section-intro">
110 <h2><em>#1</em> Get your friends or community interested </h2>
111 <p>If you hear friends grumbling about their lack of privacy, ask them if they're interested in attending a workshop on Email Self-Defense. If your friends don't grumble about privacy, they may need some convincing. You might even hear the classic "If you've got nothing to hide, you've got nothing to fear" argument against using encryption.</p>
112 <p>Here are some arguments you can use to help explain why it's worth it to learn GnuPG. Feel free to mix and match whichever you think will make sense to your community:</p>
113
114 </div><!-- End .section-intro -->
115
116 <div id="step-aa" class="step">
117 <div class="main">
118 <h3><em>Step 1.a</em> Strength in numbers</h3>
119 <p>Make sure all the participants have a conceptual understanding of the relationship between public and private keys in a keypair. It's normal for people to not understand public-key cryptography on the first try. Use analogies to help explain the concept.</p>
120
121 </div><!-- End .main -->
122 </div><!-- End #step-2a .step -->
123
124 </div>
125 </section><!-- End #section1 -->
126
127 <!-- ~~~~~~~~~ Section 1: Plan The Workshop ~~~~~~~~~ -->
128 <section class="row" id="section2">
129 <div>
130 <!-- ~~~~~~~~~ section introduction: interspersed text ~~~~~~~~~ -->
131 <div class="section-intro">
132 <h2><em>#1</em> Plan The Workshop</h2>
133 <p>When you hear friends bemoaning their lack of digital privacy, ask them if they're interested in attending a workshop to on email self-defense. Once you've got a handful of people interested, pick a date and start planning out the event. Tell participants to bring their computer, their ID (for signing each other's key) and a flash drive.</p>
134
135 <p>The success of each workshop requires understanding and catering to the unique background and needs of each group of participants. Workshops should stay small, so that participants receive more individualized instruction. If more than a handful of people want to participate, keep the participant:facilitator ratio low by recruiting more facilitators, or by facilitating multiple workshops. Ideally, facilitators should be known and trusted members of the participants' community. Small workshops among friends work great!</p>
136
137 <p>Many activists, journalists, whistleblowers, businessfolk, academics, and dissidents use the OpenPGP standard, so participants might unknowingly know of a few people who use it already. If possible, make a list of people and organizations that use OpenPGP which participants will likely recognize by searching for <a href="https://duckduckgo.com/?q=%22BEGIN+PGP+PUBLIC+KEY+BLOCK%22+%2B+%22free+software%22">"BEGIN PGP PUBLIC KEY BLOCK" + keyword</a>.</p>
138 </div><!-- End .section-intro -->
139
140 <!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
141 <div id="step-1a" class="step">
142 <div class="sidebar">
143 <p><img src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/step1a-install-wizard.png" alt="Step 2.A: Make a Keypair"></p>
144 </div><!-- /.sidebar -->
145 <div class="main">
146 <h3><em>Step 1.a</em> Space and Preparation</h3>
147 <p>Make sure the location you select has an easily accessible internet connection, and make backup plans in case the connection stops working on the day of the workshop. Try and get all the participants to set up an Enigmail-compatible email client before the event. Direct them to their organizations IT department or help page if they run into errors. Estimate that the workshop to take at a minimum 30 minutes plus about five to 10 minutes for each participant. Plan extra time for glitches and questions.</p>
148
149 </div><!-- End .main -->
150 </div><!-- End #terminology.step-->
151
152
153 </div>
154 </section><!-- End #section2 -->
155
156 <!-- ~~~~~~~~~ Section 2: Follow The Guide ~~~~~~~~~ -->
157 <section class="row" id="section3">
158 <div>
159 <!-- ~~~~~~~~~ section introduction: interspersed text ~~~~~~~~~ -->
160 <div class="section-intro">
161 <h2><em>#2</em> Follow The Guide</h2>
162 <p>Have the participants work through the Email Self-Defense guide a step at a time on their own computers. Make sure all participants complete each step before the group moves on to the next step. Talk about each step, but be sure not to overload the participants with minutia. Pitch the bulk of your instruction to the least tech-savvy participants. Consider holding a secondary workshop afterwards for the outliers in either direction.</p>
163
164 </div><!-- End .section-intro -->
165
166 <!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
167 <div id="step-2a" class="step">
168 <div class="sidebar">
169 <p><img src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/step2a-01-make-keypair.png" alt="Try it out."></p>
170 </div><!-- /.sidebar -->
171 <div class="main">
172 <h3><em>Step 2.a</em> Public and Private Keys key</h3>
173 <p>Make sure all the participants have a conceptual understanding of the relationship between public and private keys in a keypair. It's normal for people to not understand public-key cryptography on the first try. Use analogies to help explain the concept.</p>
174
175 </div><!-- End .main -->
176 </div><!-- End #step-2a .step -->
177
178 <!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
179 <div id="step-2b" class="step">
180 <div class="sidebar">
181 <p><img src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/section5-02-use-it-well.png" alt="Section 5: Use it Well" /></p>
182 </div><!-- /.sidebar -->
183 <div class="main">
184 <h3><em>Step 2.b</em> Diceware and Passphrases</h3>
185 <p>Sufficiently strong passphrases <a href="https://firstlook.org/theintercept/2015/03/26/passphrases-can-memorize-attackers-cant-guess/"> can't easily be brute forced</a>, and thus protect the private key even if it falls into the wrong hands. Recommend participants use the <a href="http://world.std.com/~reinhold/diceware.html"> diceware method </a>, and have dice and the wordlist available for them to use. Participants who choose to use diceware should keep their passphrase with them at all at all times until they memorize it. Stress the importance of creating and backing up revocation certificates, especially to participants who write down their diceware passphrases.</p>
186 <!-- ~~~~~~~~~ Troubleshooting ~~~~~~~~~ -->
187 <div class="troubleshooting">
188 <h4>Disclaimer</h4>
189 <dl>
190 <dt>Diceware and Licensing</dt>
191 <dd>Something here about diceware's relationship with free software, or something.</dd>
192 </dl>
193 </div><!-- /.troubleshooting -->
194
195 </div><!-- End .main -->
196 </div><!-- End #step-3b .step -->
197
198
199 </div>
200 </section><!-- End #section3 -->
201
202
203 <!-- ~~~~~~~~~ Section 3: Sign Keys ~~~~~~~~~ -->
204 <section class="row" id="section4">
205 <div>
206 <!-- ~~~~~~~~~ section introduction: interspersed text ~~~~~~~~~ -->
207 <div class="section-intro">
208 <h2><em>#3</em> Sign Keys</h2>
209 <p>Emphasize the distinction between trusting a person subjectively, and seeing whose keys they've signed objectively. Without a proper understanding of trust, the beautiful transative trust properties of the web of trust are lost. Since trust is an internal and subjective thing, it's unnecessary for participants to share how much they trust another participant with anyone else.</p>
210
211 <p>Have the participants download each other's keys, read out their own fingerprints, and present their IDs to each other. Help participants navigate the interface to sign each other's keys, and encourage participants to assign each other trust levels if they already know each other.</p>
212
213
214
215 </div><!-- End .section-intro -->
216
217 <!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
218 <div id="step-4a" class="step">
219 <div class="sidebar">
220 <p><img src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/section4-web-of-trust.png" alt="Section 4: Web of Trust"></p>
221 </div><!-- /.sidebar -->
222 <div class="main">
223 <h3><em>Step 4.a</em> Sign a key</h3>
224 <p>In your email program's menu, go to Enigmail → Key Management.</p>
225 <p>Right click on Edward's public key and select Sign Key from the context menu.</p>
226 <p>In the window that pops up, select "I will not answer" and click ok.</p>
227 <p>Now you should be back at the Key Management menu. Select Keyserver → Upload Public Keys and hit ok.</p>
228 <p class="notes">You've just effectively said "I trust that
229 Edward's public key actually belongs to Edward." This doesn't mean much
230 because Edward isn't a real person, but it's good practice.</p>
231
232
233 <!--<div id="pgp-pathfinder">
234 <form enctype="application/x-www-form-urlencoded" action="/mk_path.cgi" method="get">
235 <p><strong>From:</strong> <input type="text" placeholder="xD41A008" name="FROM"></p>
236 <p><strong>To:</strong> <input type="text" placeholder="50BD01x4" name="TO"></p>
237 <p class="buttons"><input type="submit" value="trust paths" name="PATHS"> <input type="reset" value="reset" name=".reset"></p>
238 </form>
239 </div><!-- End #pgp-pathfinder -->
240
241 </div><!-- End .main -->
242 </div><!-- End #step-4a .step -->
243
244 <!-- ~~~~~~~~~ a div for each step ~~~~~~~~~ -->
245 <div id="step-sign_real_keys" class="step">
246 <div class="main">
247 <h3><em>Important:</em> check people's identification before signing their keys</h3>
248 <p>Before signing a real person's key, always make sure it
249 actually belongs to them, and that they are who they say they are. Ask
250 them to show you their ID (unless you trust them very highly) and their
251 public key fingerprint -- not just the shorter public key ID, which
252 could refer to another key as well. In Enigmail, answer honestly in the
253 window that pops up and asks "How carefully have you verified that the
254 key you are about to sign actually belongs to the person(s) named
255 above?".</p>
256 </div><!-- End .main -->
257 </div><!-- End #step-sign_real_keys .step-->
258
259
260
261 </div>
262 </section><!-- End #section4 -->
263
264 <!-- ~~~~~~~~~ Section 4: Explain The Pitfalls ~~~~~~~~~ -->
265 <section id="section5" class="row">
266 <div>
267 <!-- ~~~~~~~~~ section introduction: interspersed text ~~~~~~~~~ -->
268 <div class="section-intro">
269 <h2><em>#4</em> Explain the pitfalls</h2>
270 <p>Remind participants that encryption works only where it's explicitly used; they won't be able to send an encrypted email to someone who hasn't set up encrption already. Also remind them to make sure encryption is selected before hitting send. Explain metadata to the participants, and advise them to use bland-sounding subject lines.</p>
271
272 <p>Advocate for free software, for without it, we can't meaningfully resist invasions of our digital privacy and autonomy. Explain the <a href="http://www.gnu.org/philosophy/proprietary-surveillance.html">dangers</a> of running a proprietary system, and why GnuPG can't begin to mitigate them.</p>
273 </div><!-- End .section-intro -->
274
275
276 </div>
277 </section><!-- End #section5 -->
278
279
280
281 <!-- ~~~~~~~~~ Section 6: Next steps ~~~~~~~~~ -->
282 <section class="row" id="section6">
283 <div id="step-click_here" class="step">
284 <div class="main">
285 <h2><a href="https://emailselfdefense.fsf.org/en/next_steps.html">Great job! Check out the next steps.</a></h2>
286
287 </div><!-- End .main -->
288 </div><!-- End #step-click_here .step-->
289
290 </section><!-- End #section6 -->
291
292 <!-- ~~~~~~~~~ FAQ ~~~~~~~~~ -->
293 <!-- When un-commenting this section go to main.css and search
294 for /* Guide Sections Background */ then add #faq to the desired color
295
296 <section class="row" id="faq">
297 <div>
298 <div class="sidebar">
299 <h2>FAQ</h2>
300 </div>
301
302 <div class="main">
303 <dl>
304 <dt>My key expired</dt>
305 <dd>Answer coming soon.</dd>
306
307 <dt>Who can read encrypted messages? Who can read signed ones?</dt>
308 <dd>Answer coming soon.</dd>
309
310 <dt>My email program is opening at times I don't want it to open/is now my default program and I don't want it to be.</dt>
311 <dd>Answer coming soon.</dd>
312 </dl>
313 </div>
314 </div>
315 </section> --><!-- End #faq -->
316
317 <!-- ~~~~~~~~~ Footer ~~~~~~~~~ -->
318 <footer class="row" id="footer">
319 <div>
320 <div id="copyright">
321 <h4><a href="https://u.fsf.org/ys"><img alt="Free Software Foundation" src="//static.fsf.org/nosvn/enc-dev0/img/fsf-logo.png" /></a></h4>
322 <p>Copyright &copy; 2014-2015 <a href="https://u.fsf.org/ys">Free Software Foundation</a>, Inc. <a href="https://my.fsf.org/donate/privacypolicy.html">Privacy Policy</a>. <a href="https://u.fsf.org/yr">Join.</a></p>
323 <p><em><a href="http://agpl.fsf.org/emailselfdefense.fsf.org/edward/CURRENT/edward.tar.gz">Source code of Edward reply bot by Josh Drake &lt;zamnedix@gnu.org&gt; available under the GNU General Public License.</a></em></p>
324 <p>The images on this page are under a <a href="https://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution 4.0 license (or later version)</a>, and the rest of it is under a <a href="https://creativecommons.org/licenses/by-sa/4.0">Creative Commons Attribution-ShareAlike 4.0 license (or later version)</a>. &mdash; <a href="http://www.gnu.org/licenses/license-list.html#OtherLicenses">Why these licenses?</a></p>
325 <p>Download the source package for <a href="emailselfdefense_source.zip">this guide</a>. Fonts used in the guide &amp; infographic: <a href="https://www.google.com/fonts/specimen/Dosis">Dosis</a> by Pablo Impallari, <a href="http://www.google.com/fonts/specimen/Signika">Signika</a> by Anna Giedry&#347;, <a href="http://www.google.com/fonts/specimen/Archivo+Narrow">Archivo Narrow</a> by Omnibus-Type, <a href="http://www.thegopherarchive.com/gopher-files-hacks-pxl2000-119351.htm">PXL-2000</a> by Florian Cramer.</p>
326 <p>
327 <a href="//weblabels.fsf.org/emailselfdefense.fsf.org/"
328 rel="jslicense">
329 JavaScript license information
330 </a>
331 </p>
332 </div><!-- /#copyright -->
333 <p class="credits">
334 Infographic and guide design by <a rel="external" href="http://jplusplus.org"><strong>Journalism++</strong> <img src="//static.fsf.org/nosvn/enc-dev0/img/jplusplus.png" alt="Journalism++" /></a>
335 </p><!-- /.credits -->
336 </div>
337 </footer><!-- End #footer -->
338
339 <script src="//static.fsf.org/nosvn/enc-dev0/js/jquery-1.11.0.min.js"></script>
340 <script src="//static.fsf.org/nosvn/enc-dev0/js/scripts.js"></script>
341
342 <!-- Piwik -->
343 <script type="text/javascript">
344 /*
345 @licstart The following is the entire license notice for the
346 JavaScript code in this page.
347
348 Copyright 2014 Matthieu Aubry
349
350 This program is free software: you can redistribute it and/or modify
351 it under the terms of the GNU General Public License as published by
352 the Free Software Foundation, either version 3 of the License, or
353 (at your option) any later version.
354
355 This program is distributed in the hope that it will be useful,
356 but WITHOUT ANY WARRANTY; without even the implied warranty of
357 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
358 GNU General Public License for more details.
359
360 You should have received a copy of the GNU General Public License
361 along with this program. If not, see http://www.gnu.org/licenses/.
362
363 @licend The above is the entire license notice
364 for the JavaScript code in this page.
365 */
366 var _paq = _paq || [];
367 _paq.push(["setDocumentTitle", document.domain + "/" + document.title]);
368 _paq.push(["setCookieDomain", "*.www.fsf.org"]);
369 _paq.push(["setDomains", ["*.www.fsf.org","*.www.fsf.org"]]);
370 _paq.push(["trackPageView"]);
371 _paq.push(["enableLinkTracking"]);
372
373 (function() {
374 var u=(("https:" == document.location.protocol) ? "https" : "http") + "://piwik.fsf.org/";
375 _paq.push(["setTrackerUrl", u+"piwik.php"]);
376 _paq.push(["setSiteId", "5"]);
377 var d=document, g=d.createElement("script"), s=d.getElementsByTagName("script")[0]; g.type="text/javascript";
378 g.defer=true; g.async=true; g.src=u+"piwik.js"; s.parentNode.insertBefore(g,s);
379 })();
380 </script>
381 <!-- End Piwik Code -->
382 </body>
383 </html>
Unnamed repository; edit this file 'description' to name the repository.