From 1c4bff08b1e9a3a8e92f3442cc7f9db54ee2dd95 Mon Sep 17 00:00:00 2001 From: Zak Rogoff Date: Tue, 25 Aug 2015 13:01:13 -0400 Subject: [PATCH] Tweaking layout of workshops image. --- en/workshops.html | 508 +++++++++++++++++++++++----------------------- 1 file changed, 252 insertions(+), 256 deletions(-) diff --git a/en/workshops.html b/en/workshops.html index b0e96ae7..e3a9c142 100644 --- a/en/workshops.html +++ b/en/workshops.html @@ -1,303 +1,299 @@ - - - - - - Email Self-Defense - Teach your friends! - - - - - - - - - - - - - -
+ +
+
+ +
+

+

#1 Get your friends or community interested

If you hear friends grumbling about their lack of privacy, ask them if they're interested in attending a workshop on Email Self-Defense. If your friends don't grumble about privacy, they may need some convincing. You might even hear the classic "if you've got nothing to hide, you've got nothing to fear" argument against using encryption.

+

Here are some arguments you can use to help explain why it's worth it to learn GnuPG. Mix and match whichever you think will make sense to your community:

- -
-

Strength in numbers

-

Each person who chooses to resist mass surveillance with encryption makes it easier for others to resist as well. People normalizing the use of strong encryption has multiple powerful effects: it means those that truly need privacy, like potential whistle-blowers and activists, are more likely to learn about encryption. More people using encryption for more things also makes it harder for surveillance systems to single out those that can't afford to be found, and shows solidarity with those people.

-
+
-
-

People you respect may already be using encryption

-

Many journalists, whistleblowers, activists, and researchers use GnuPG, so your friends might unknowingly have heard of a few people who use it already. You can search for "BEGIN PUBLIC KEY BLOCK" + keyword to help make a list of people and organizations who use GnuPG which your community will likely recognize.

-
+
-
-

Respect your friends' privacy

-

There's no objective way to judge what constitutes a privacy-sensitive correspondence. As such, it's better not to presume that just because you find an email you sent to a friend innocuous, your friend (or a surveillance agent, for that matter!) feels the same way. Show your friends respect by encrypting your correspondences with them.

-
+ -
-

Privacy technology is normal in the physical world

-

In the physical realm, we take window blinds, envelopes, and closed doors for granted as ways of protecting our privacy. Why should the digital realm be any different?

-
+
+

Strength in numbers

+

Each person who chooses to resist mass surveillance with encryption makes it easier for others to resist as well. People normalizing the use of strong encryption has multiple powerful effects: it means those that truly need privacy, like potential whistle-blowers and activists, are more likely to learn about encryption. More people using encryption for more things also makes it harder for surveillance systems to single out those that can't afford to be found, and shows solidarity with those people.

+
+
+

People you respect may already be using encryption

+

Many journalists, whistleblowers, activists, and researchers use GnuPG, so your friends might unknowingly have heard of a few people who use it already. You can search for "BEGIN PUBLIC KEY BLOCK" + keyword to help make a list of people and organizations who use GnuPG which your community will likely recognize.

+
-
+
+

Respect your friends' privacy

+

There's no objective way to judge what constitutes a privacy-sensitive correspondence. As such, it's better not to presume that just because you find an email you sent to a friend innocuous, your friend (or a surveillance agent, for that matter!) feels the same way. Show your friends respect by encrypting your correspondences with them.

+
-
-
- -
-
- -
-

#2 Plan The Workshop

-

Once you've got at least one interested friend, pick a date and start planning out the workshop. Tell participants to bring their computer and ID (for signing each other's keys). Also tell the participants to bring dice (for making passwords), but also bring as many as you can, in case they don't. Make sure the location you select has an easily accessible Internet connection, and make backup plans in case the connection stops working on the day of the workshop. Libraries, coffee shops, and community centers make great locations. Try to get all the participants to set up an Enigmail-compatible email client before the event. Direct them to their email provider's IT department or help page if they run into errors.

-

Estimate that the workshop will take forty minutes plus ten minutes for each participant, at a minimum. Plan extra time for questions and technical glitches.

-

The success of the workshop requires understanding and catering to the unique backgrounds and needs of each group of participants. Workshops should stay small, so that each participant receives more individualized instruction. If more than a handful of people want to participate, keep the facilitator to participant ratio low by recruiting more facilitators, or by facilitating multiple workshops. Small workshops among friends work great!

+
+

Privacy technology is normal in the physical world

+

In the physical realm, we take window blinds, envelopes, and closed doors for granted as ways of protecting our privacy. Why should the digital realm be any different?

+
-
+
-
- + + - -
-
- -
-

#3 Follow the guide as a group

-

Work through the Email Self-Defense guide a step at time as a group. Talk about the steps in detail, but make sure not to overload the participants with minutia. Pitch the bulk of your instructions to the least tech-savvy participants. Make sure all the participants complete each step before the group moves on to the next one. Consider facilitating secondary workshops afterwards for people that had trouble grasping the concepts, or those that grasped them quickly and want to learn more.

-

Even powerful surveillance systems can't break private keys when they're protected by lengthy Diceware passphrases. Make sure participants use the Diceware method, if dice are available. Stress the importance of eventually destroying the piece of paper the Diceware password is written on, and make sure all the participants back up their revocation certificates.

-

In Section 2 of the guide, make sure the participants upload their keys to the same keyserver so that they can immediately download each other's keys later (sometimes there is a delay in synchronization between keyservers). During Section 3, give the participants the option to send encrypted messages to each other instead of or as well as Edward. Similarly, in Section 4, encourage the participants to sign each other's keys.

+ +
+
+ +
+

#2 Plan The Workshop

+

Once you've got at least one interested friend, pick a date and start planning out the workshop. Tell participants to bring their computer and ID (for signing each other's keys). Also tell the participants to bring dice (for making passwords), but also bring as many as you can, in case they don't. Make sure the location you select has an easily accessible Internet connection, and make backup plans in case the connection stops working on the day of the workshop. Libraries, coffee shops, and community centers make great locations. Try to get all the participants to set up an Enigmail-compatible email client before the event. Direct them to their email provider's IT department or help page if they run into errors.

+

Estimate that the workshop will take forty minutes plus ten minutes for each participant, at a minimum. Plan extra time for questions and technical glitches.

+

The success of the workshop requires understanding and catering to the unique backgrounds and needs of each group of participants. Workshops should stay small, so that each participant receives more individualized instruction. If more than a handful of people want to participate, keep the facilitator to participant ratio low by recruiting more facilitators, or by facilitating multiple workshops. Small workshops among friends work great!

-
-
-
+
- -
-
- -
-

#4 Explain the pitfalls

-

Remind participants that encryption works only when it's explicitly used; they won't be able to send an encrypted email to someone who hasn't already set up encryption. Also remind participants to double-check the encryption icon before hitting send, and that subjects and timestamps are never encrypted. See the guide's Security Tips subsection for more information.

-

Advocate for free software, because without it, we can't meaningfully resist invasions of our digital privacy and autonomy. Explain the dangers of running a proprietary system, and why GnuPG can't begin to mitigate them.

+
+
+ +
+
+ +
+

#3 Follow the guide as a group

+

Work through the Email Self-Defense guide a step at time as a group. Talk about the steps in detail, but make sure not to overload the participants with minutia. Pitch the bulk of your instructions to the least tech-savvy participants. Make sure all the participants complete each step before the group moves on to the next one. Consider facilitating secondary workshops afterwards for people that had trouble grasping the concepts, or those that grasped them quickly and want to learn more.

+

Even powerful surveillance systems can't break private keys when they're protected by lengthy Diceware passphrases. Make sure participants use the Diceware method, if dice are available. Stress the importance of eventually destroying the piece of paper the Diceware password is written on, and make sure all the participants back up their revocation certificates.

+

In Section 2 of the guide, make sure the participants upload their keys to the same keyserver so that they can immediately download each other's keys later (sometimes there is a delay in synchronization between keyservers). During Section 3, give the participants the option to send encrypted messages to each other instead of or as well as Edward. Similarly, in Section 4, encourage the participants to sign each other's keys.

+
+
+
-
- -
+ +
+
+ +
+

#4 Explain the pitfalls

+

Remind participants that encryption works only when it's explicitly used; they won't be able to send an encrypted email to someone who hasn't already set up encryption. Also remind participants to double-check the encryption icon before hitting send, and that subjects and timestamps are never encrypted. See the guide's Security Tips subsection for more information.

+

Advocate for free software, because without it, we can't meaningfully resist invasions of our digital privacy and autonomy. Explain the dangers of running a proprietary system, and why GnuPG can't begin to mitigate them.

- -
-
- -
-

#5 Share additional resources

-

GnuPG's advanced options are far too complex to teach in a single workshop. If participants want to know more, point out the advanced subsections in the guide and consider organizing another workshop. You can also share GnuPG's and Enigmail's official documentation and mailing lists. Many GNU/Linux distribution's Web sites also contain a page explaining some of GnuPG's advanced features.

-
+
-
-
+ + + +
+
+ +
+

#5 Share additional resources

+

GnuPG's advanced options are far too complex to teach in a single workshop. If participants want to know more, point out the advanced subsections in the guide and consider organizing another workshop. You can also share GnuPG's and Enigmail's official documentation and mailing lists. Many GNU/Linux distribution's Web sites also contain a page explaining some of GnuPG's advanced features.

+
- -
-
- -
-

#6 Follow up

-

Encourage the participants to continue to gain GnuPG experience by emailing each other, and considering offering to correspond with them in encrypted form. If you don't hear from them for a couple of weeks after the event, reach out and see if they would like additional assistance.

-

If you have any suggestions for improving this workshop guide, please let us know at campaigns@fsf.org.

-
+
+
-
-
- - +
+
+ +
+

#6 Follow up

+

Encourage the participants to continue to gain GnuPG experience by emailing each other, and considering offering to correspond with them in encrypted form. If you don't hear from them for a couple of weeks after the event, reach out and see if they would like additional assistance.

+

If you have any suggestions for improving this workshop guide, please let us know at campaigns@fsf.org.

-
-
- +
-
-
-
My key expired
-
Answer coming soon.
-
Who can read encrypted messages? Who can read signed ones?
-
Answer coming soon.
+
+
-
My email program is opening at times I don't want it to open/is now my default program and I don't want it to be.
-
Answer coming soon.
- -
-
-
--> + + - - - + + + - - - - - + + + + + + -- 2.25.1