This session was developed jointly by Mariel García (SocialTIC) and Spyros Monastiriotis (Tactical Technology Collective)
This part of the workshop will begin as a game. Participants will be given pieces of paper representing one part of the chain of the flow of information online (modem, computer, ISP building, etc) and will be asked to arrange themselves in the order they consider is correct to represent the way an email travels through the Internet to reach another computer.
Once the group is arranged, the facilitators will correct any mistakes, and will do a run-through explaining the process to everyone. Then a volunteer will be asked to repeat that explanation. It is recommended that the complete explanation is made at least three times; but, to give variety to this exercise, the facilitator can change the email illustrations that are used, and the extreme where the demonstration begins. The trainer must also give some time to clarify doubts related to this process.
You can also use a video like this one https://www.youtube.com/watch?v=7_LPdttKXPc to help participants identify any mistakes that they have in the way they arranged themselves.
Optional: To adapt this for larger groups - rather than giving out one piece per person, assign one piece to a pair; for smaller groups, they can place the pieces on the floor, debating their order.
When the previous process has been completed, participants will be asked to paste each piece on a long paper (from a roll) that will be left on the floor. At this point, the facilitators will go through the chain again, this time to point out and explain the vulnerabilities at each stage (and hint at good practices to keep participants calm and confident).
Some of the vulnerabilities are mentioned next. You can also add any other practice or threat that is applicable in your own context or that is relevant to mention to the participants. You can also share a few examples of practices that other collectives you work with have to help participants think of what might be some of their own good or bad practices.
Device 1 (computer/phone): Physical insecurity; loss of information
Modem 1: Wifi sniffing; lack of encryption
Telephone pole/optic fiber underground: N/A
Internet Service Provider: Data and metadata requests from local/national governments
Google Servers: International surveillance; password insecurity and phishing, requests from national governments
Telephone pole/optic fiber underground 2: N/A
Modem 2: Security problems using other people’s connections (like at Internet cafes)
Device 2: Malicious software; insecure deletion
After focusing on vulnerabilities, it will be time to break the group into smaller ones that can “adopt” one of the vulnerabilities discussed in the previous exercise and propose creative solutions for it. To make it less overwhelming for less experienced participants, each group will be given a piece of paper including one solution proposal that can ignite conversation.
At the end, the groups will be given 30 seconds to a minute to present their ideas to the rest of the group (while one of the facilitators takes notes and makes additions to what is reported back by the groups). Facilitators will float around the groups giving brief explanations and answering questions, and mostly promoting discussion among all the participants.
It’s important that, as this activity progresses, facilitators explain the basics of each solution. Also, depending on the level of interaction and speed of the workshop, it may not be possible to cover all the proposals.