Begin by explaining the goal of this session: to re-affirm the power that humans have over technology, dispelling the notion that digital devices have “superpowers” over their users. If you did the session Personal Perceptions of Security with participants, you can remind them of the following from the closing affirmations:
Tools and technology don’t have magic superpowers over us! We are the ones who decide what we give them access to - and if something happens, we can always reset them!
Repeat to the group the affirmation from the previous step, highlighting the final phrase “we can always reset them” – what does this mean? Explain by presenting the following scenario:
Perhaps at some point along your digital security journey, you’ve felt as though you’d been doing everything wrong.
You look at your computer – it’s full of pirated software, torrented movies and TV shows, and cluttered with other files you don’t even remember downloading.
You’ve used USB sticks indiscriminately - on your laptop, on computers and printers at cybercafes, and maybe you don’t even always eject when you’re finished using them.
Perhaps you’ve just ended a relationship with someone who you know for sure was looking on your computer when you weren’t around – they probably guessed your password, or maybe you even told them what it was.
Now, you feel like you’re out of control – who knows what kind of viruses are living inside your hard drive, or who might have access to your information?
But guess what – it’s okay! It’s not too late to get a fresh start. Want to start over? This session is for you!
Now, having read through the above scenario for context, you can explain what is meant by resetting in this context: it means starting from scratch, by resetting your device or your computer to its default condition and configuration, and thus giving yourself a “blank slate” for your digital security process.
Be sure to remind participants that this session will explain how to perform a reset - they will not actually need to perform the reset during the session, or even during the training.
Resetting can go seriously wrong if participants are not prepared, or haven’t done a backup of their data in recent days – they also likely still need to use their laptops as they currently are to maintain access to their data until they can better prepare.
However, during this session participants will have the opportunity to practice using alternative operating systems on their laptops, which will be an important point of preparation if they do decide that they would like to perform a reset at some point.
Ideally, you will have already covered the session Storage & Encryption with participants as it addresses important points regarding data backup. Either way, before you begin the hands-on practice portion of this session, do a quick check-in with the group about backing up their data.
Optional: As a quick refresh from Storage & Encryption, ask participants - How often do they backup their files? Share examples of best practices related to data backup, such as keeping the backup in a safe place that is separate from their computer, backing up their information on a frequent, regular basis and - depending on the information that is being backed up - to consider also encrypting the hard drive or storage media where data will be stored.
Before you begin the hands-on practice portion of this session, another important point to address is the relationship between rebooting and resetting, two terms which may have been used interchangeably during this session:
They refer to very similar processes in a general sense, but remind participants that “reset” is being used to illustrate the concept of “starting over” in the context of this session.
A reboot is a technical operation that will be performed by their computers during their reset; it is also an important process to understand for the hands-on practice with alternative operating systems that will occur in the next part of the session.
To further clarify the above point, while also providing some valuable technical insight to participants which will be helpful for the next part of the session, introduce Tails and Ubuntu. Explain how Tails and Ubuntu are alternatives to operating systems like Mac OS and Windows – for this session, the hands-on practice portion will focus on running these operating systems from a USB drive.
A live system is an operating system which can be run directly from an external media storage device such as a USB stick or SD card. Tails - which stands for The Amnesic Incognito Live System - is one such example; Ubuntu, which is another “flavor” of the Linux-based operating system that Tails uses, can also be configured as a live system.
Linux is an operating system similar to Windows or Mac, the major difference being that it is distributed as free and open-source software. Because of this, there are many different adapted distributions of Linux available - Debian, one of the more popular distributions, forms the foundation for Tails.
A Boot (or Bootable) Device is a device or drive from which a computer loads files in order to actually start. For example, on many computers the hard drive is the boot device from which an operating system (such as Windows) is loaded when you turn a computer on. Aside from hard drives, media like CDs, DVDs, SD Cards, and USB flash drives are also boot(able) devices.
BIOS (Basic Input/Output System) is the first software many computers run when they are switched on, used to run self-tests on systems and hardware to ensure they are working properly, and to initiate the load sequence for software (like an operating system) located on available bootable devices. BIOS has an interface, but users cannot access it unless they take specific action during startup to access it directly.
The boot sequence, which can be accessed through BIOS (or UEFI) during startup on a computer, is a list of the bootable devices on a computer - it is used to determine the order in which a computer attempts to load information from these devices. Normally, a computer’s hard drive is the first device in the boot sequence, from which the operating system is loaded. However, the boot sequence can be changed to first load information from external, removeable devices like DVDs or USBs.
To begin the hands-on practice component of the session, divide the participants into at least 2 groups. Provide each group with a computer for them to try running Ubuntu or Tails from a pre-configured live USB; alternatively, if you have enough pre-configured USBs for all participants, they can each practice on their own (in this case, you will want to have everyone practice using either Tails or Ubuntu)
On your own laptop or computer, using a projector, walk participants through the process of rebooting their computers and launching Tails/Ubuntu during the BIOS boot sequence. As you do this, be sure to explain the differences between Tails and Ubuntu so that the group more clearly understands how they can be used to do their own “reset”.
Close the session by discussing how resetting using Tails or Ubuntu can be an option for starting a “blank slate” on participants’ computers in the event of a malware attack or other loss of control, but also be sure to mention other types of attacks where this solution does not apply as readily, such as online violence.