From: Thérèse Godefroy Date: Sun, 12 May 2019 17:01:22 +0000 (+0200) Subject: en: add missing ingredient in the kitchen. X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=1cf7e9ecff8bbf38b08c6c36e875e229fccd4003;p=enc.git en: add missing ingredient in the kitchen. --- diff --git a/en/kitchen/workshops.t.html b/en/kitchen/workshops.t.html new file mode 100644 index 00000000..f672916f --- /dev/null +++ b/en/kitchen/workshops.t.html @@ -0,0 +1,291 @@ + + + + + + +
+
+ + +
+ +

+ +

#1 Get your friends or community interested

+ +

If you hear friends grumbling about their lack of privacy, ask them if +they're interested in attending a workshop on Email Self-Defense. If your +friends don't grumble about privacy, they may need some convincing. You might +even hear the classic "if you've got nothing to hide, you've got nothing to +fear" argument against using encryption.

+ +

Here are some talking points you can use to help explain why it's worth +it to learn GnuPG. Mix and match whichever you think will make sense to +your community:

+ +
+
+ +
+ +

Strength in numbers

+ +

Each person who chooses to resist mass surveillance with encryption makes +it easier for others to resist as well. People normalizing the use of strong +encryption has multiple powerful effects: it means those who need privacy +the most, like potential whistle-blowers and activists, are more likely to +learn about encryption. More people using encryption for more things also +makes it harder for surveillance systems to single out those that can't +afford to be found, and shows solidarity with those people.

+ +
+
+ +

People you respect may already be using encryption

+ +

Many journalists, whistleblowers, activists, and researchers use GnuPG, +so your friends might unknowingly have heard of a few people who use it +already. You can search for "BEGIN PUBLIC KEY BLOCK" + keyword to help make +a list of people and organizations who use GnuPG whom your community will +likely recognize.

+ +
+
+ +

Respect your friends' privacy

+ +

There's no objective way to judge what constitutes privacy-sensitive +correspondence. As such, it's better not to presume that just because you +find an email you sent to a friend innocuous, your friend (or a surveillance +agent, for that matter!) feels the same way. Show your friends respect by +encrypting your correspondence with them.

+ +
+
+ +

Privacy technology is normal in the physical world

+ +

In the physical realm, we take window blinds, envelopes, and closed doors +for granted as ways of protecting our privacy. Why should the digital realm +be any different?

+ +
+
+ +

We shouldn't have to trust our email providers with our privacy

+ +

Some email providers are very trustworthy, but many have incentives not +to protect your privacy and security. To be empowered digital citizens, +we need to build our own security from the bottom up.

+ +
+
+
+ + +
+ + +
+ +

#2 Plan The Workshop

+ +

Once you've got at least one interested friend, pick a date and start +planning out the workshop. Tell participants to bring their computer and +ID (for signing each other's keys). If you'd like to make it easy for the +participants to use Diceware for choosing passwords, get a pack of dice +beforehand. Make sure the location you select has an easily accessible +Internet connection, and make backup plans in case the connection stops +working on the day of the workshop. Libraries, coffee shops, and community +centers make great locations. Try to get all the participants to set up +an Enigmail-compatible email client before the event. Direct them to their +email provider's IT department or help page if they run into errors.

+ +

Estimate that the workshop will take at least forty minutes plus ten minutes +for each participant. Plan extra time for questions and technical glitches.

+ +

The success of the workshop requires understanding and catering to +the unique backgrounds and needs of each group of participants. Workshops +should stay small, so that each participant receives more individualized +instruction. If more than a handful of people want to participate, keep the +facilitator to participant ratio high by recruiting more facilitators, or by +facilitating multiple workshops. Small workshops among friends work great!

+ +
+
+ + +
+ + +
+ +

#3 Follow the guide as a group

+ +

Work through the Email Self-Defense guide a step at a time as a group. Talk +about the steps in detail, but make sure not to overload the participants +with minutia. Pitch the bulk of your instructions to the least tech-savvy +participants. Make sure all the participants complete each step before the +group moves on to the next one. Consider facilitating secondary workshops +afterwards for people that had trouble grasping the concepts, or those that +grasped them quickly and want to learn more.

+ +

In Section 2 of the guide, make +sure the participants upload their keys to the same keyserver so that +they can immediately download each other's keys later (sometimes +there is a delay in synchronization between keyservers). During Section 3, give the participants the option to +send test messages to each other instead of or as well as Edward. Similarly, +in Section 4, encourage the participants +to sign each other's keys. At the end, make sure to remind people to safely +back up their revocation certificates.

+ +
+
+ + +
+ + +
+ +

#4 Explain the pitfalls

+ +

Remind participants that encryption works only when it's explicitly used; +they won't be able to send an encrypted email to someone who hasn't already +set up encryption. Also remind participants to double-check the encryption icon +before hitting send, and that subjects and timestamps are never encrypted.

+ +

Explain the dangers +of running a proprietary system and +advocate for free software, because without it, we can't meaningfully +resist invasions of our digital privacy and autonomy.

+ +
+
+ + +
+ + +
+ +

#5 Share additional resources

+ +

GnuPG's advanced options are far too complex to teach in a single +workshop. If participants want to know more, point out the advanced subsections +in the guide and consider organizing another workshop. You can also share +GnuPG's and +Enigmail's +official documentation and mailing lists. Many GNU/Linux distribution's Web +sites also contain a page explaining some of GnuPG's advanced features.

+ +
+
+ + +
+ + +
+ +

#6 Follow up

+ +

Make sure everyone has shared email addresses and public key fingerprints +before they leave. Encourage the participants to continue to gain GnuPG +experience by emailing each other. Send them each an encrypted email one +week after the event, reminding them to try adding their public key ID to +places where they publicly list their email address.

+ +

If you have any suggestions for improving this workshop guide, please +let us know at campaigns@fsf.org.

+ +
+
+ +