Workshop outline

Introduction

Introduce myself, and people I’m doing it with
Introduce ATS, in relation to the people there (why anarchist? against state (gov. and social relation), pro-revolutionary. why tech. solidaires? why tech support?)
Outline the workshop:

  1. Discussion of why we think (tech) security is important,
  2. Explanation of some tools and practices for improving tech security
  3. Installation and use of certain tools

This workshop is about tech security, but is needs to be a part of broader security (or counter-surveillance) culture. With that in mind, this workshop is really all just about harm reduction for when we are deciding to use technologies that are based on social relations we oppose. Sometimes it is best to use low tech, or none at all.

Discussion of why we think (tech) security is important

  1. Necessity: story of G20 beginning, people are at risk, our movements are at risk, once repression hits it’s too late to prepare, reflection on post-G20, based in practical needs.
  2. Solidarity: our wide vision, it is more usable for those who need (esp. comms.), it is safer and harder to harass, important for (supposedly) less at-risk groups to do, the usual security process is based on risk assessment, but we can’t just do this as individuals or group, it has to be broader than that.
  3. State surveillance and counterinsurgency: surveillance is just the foundation, how the state relates to us, as movements, and as networks and individuals. The important, personal parts of our lives are used against us. If we’re going to be effective, we need to protect ourselves. The usual pattern is that movements learn from their immediate mistakes (G20). We want to learn in a more long term way to the past (October Crisis, others), and future (getting worse, computers, laws), and want to to have the capacity to take risks and defend ourselves when it matters most. We imagine zones of opacity. Question: examples from the group, or the past, or trends for state surveillance?
  4. Corporate surveillance: In terms of it getting worse, business is booming. A profit-motive for surveillance. Beyond any imaginable state capacity. Most importantly, with the consent and participation of people. Smart phones (the worst!), analogy. Corporations 1) have massive individual and social databases that are accessible to the state (FB, google) 2) constantly create new tools of surveillance that didn’t exist before which can then be used by the state (location services, CIA and FB) 3) encourage a cultural shift of normalizes all forms of surveillance. Government and corporate surveillance are interwoven. Question: How to respond? No easy answer (Arab Spring). Reject!, try to mitigate intentionally, and definitely don’t accept norms.
    Question: examples of especially bad forms of corporate surveillance or culture (it changes fast!).

Explanation of Tools and Practices

Outline for explanation of tools and practices:

  1. Browsing and anonymization
  2. Encrypted communications
  3. System security

All those things we’ve been talking about are pretty bad, but they’re not all powerful. There are ways to counteract them. We’ll tell you about all the tools, and then you can figure out which ones you want to install now. We recommend the communications ones because they can only be used collectively and the workshop is a starting point for that.

  1. Browsing and anonymization, because of all the internet stuff we’ve mentioned: (in order from least comprehensive to most) FF plugins, VPN, Tor (sinking pirate analogy: gear on your own, joining a good ship, riding with the dolphins!). These tools also have risks (browser fingerprint, firewalls, exit nodes). Also, the stow-away option (public wifi, mac-changer).
  2. Encrypted communications, because email is like a postcard: Trusted email (TLS, limited but important), GPG (autonomous, decentralized!), OTR (quick and easy), jitsi (better than skype), all can be anonymized. SMS… (these are important alternatives, because cell phones are surveillance devices that we can also use to communicate).
  3. System and data security (this section is less focused): system encryption, depends on OS. Why trust? Open source, security community. Linux is much better, larger change but not just for geeks (practical, no viruses!), and in the meantime there is TAILS (like the dolphins, but better – your own personal submarine!). Also, running (some of) these tools portably on a USB key (risks! we’re working on it). The only thing better than encrypted data is non-existent data (secure deletion). Also, be aware of metadata forensics (TAILS!).

Even if the code isn’t malicious (backdoors), and the system is pretty secure, there are still lots of ways to get around it. Finding passwords is often the main way (web service dumps, software or hardware key logging, social engineering, brute forcing, the law, etc). Good password practices! Long, don’t tell anyone, don’t repeat important ones, change occasionally, password managers.

System security comes down to human and physical security, which means the point we made at the beginning about security culture really clear: the tech isn’t much good without it. None of this tech stuff is intended to be perfect, and it cannot be against massive targeted resources (bulldozer and blowtorch), which is why no tech is often best. To continue the barrier analogy, it’s like urban barricades during revolutionary moments: no single barricade can stop them, but if they’re everywhere the police and military are stuck.

Installation and setup

What do we want to install?
Priorities:

  1. Riseup, GPG, OTR, address-key-fingerprint exchanges.
  2. Some mix of Tor, VPN, and plugins (depending on interest).
  3. Jitsi (or other specific things) if there’s time.