Summarize good internet security and privacy practices... GO!
February 24, 2017 8:40 AM Subscribe
I'm fixing to teach a course on extremely basic digital organizing for self-described very non-tech-savvy people. The one thing I'm a bit shaky on is how to briefly and effectively summarize internet privacy issues and internet security best practices for people who may only have a tenuous hold on what the internet even is.
What I'd like to address primarily are terms of use/if it's free the product is you and what does that mean; and the basics of how to protect your own data and the data of others (considering I'll be talking to them about mailing list building using services like MailChimp).
When the security bods here start talking amongst themselves, I have no idea what any of them are saying (and I am good at computers--like, professionally!), and I'd like to avoid a similar experience for my attendees.
What are the best resources for explaining security and privacy for people who may not really understand how the internet works?
What I'd like to address primarily are terms of use/if it's free the product is you and what does that mean; and the basics of how to protect your own data and the data of others (considering I'll be talking to them about mailing list building using services like MailChimp).
When the security bods here start talking amongst themselves, I have no idea what any of them are saying (and I am good at computers--like, professionally!), and I'd like to avoid a similar experience for my attendees.
What are the best resources for explaining security and privacy for people who may not really understand how the internet works?
Best answer: When I give this sort of talk to librarians, I often include analogs into their world and try to express relative risks (i.e. "a stronger password is better than a weak one") and absolute risks ("you are safer buying something on Amazon than in your local Target because of blablabla data breach") and consequences ("Identity theft is a real thing but often manageable, here are things you can do to stay safe. Here is what your legal liabilities are").
I try not to minimize people's fears but put them in perspective and determine what they are really afraid of. I teach them how to do things like check their credit reports for free (and not get upsold on nonsense) and how to lock things down better. I talk about the risks of public wifi but I don't say "Don't use public wifi". I tell them about cookies. I explain how ad blockers and FB Purity work and how they can help people not be tracked, not just not see ads. I talk about consent and Bcc and etiquette around sharing other people's information. And I try to, in a friendly way, talk about norms of behavior.
A lot of more-offline people get bad/random information from friends or colleagues and it may not represent the larger world of internet norms, as differentiated from best practices. Or they look at a tech person and think "That person is smart, if they tell me I need a 36 character password THEY must be right and I must be wrong." Explaining why the solutions that "really smart" people often go for are entirely impractical (and thus less secure) can help people feel better about their role in the world of privacy and security.
posted by jessamyn at 9:40 AM on February 24, 2017 [3 favorites]
I try not to minimize people's fears but put them in perspective and determine what they are really afraid of. I teach them how to do things like check their credit reports for free (and not get upsold on nonsense) and how to lock things down better. I talk about the risks of public wifi but I don't say "Don't use public wifi". I tell them about cookies. I explain how ad blockers and FB Purity work and how they can help people not be tracked, not just not see ads. I talk about consent and Bcc and etiquette around sharing other people's information. And I try to, in a friendly way, talk about norms of behavior.
A lot of more-offline people get bad/random information from friends or colleagues and it may not represent the larger world of internet norms, as differentiated from best practices. Or they look at a tech person and think "That person is smart, if they tell me I need a 36 character password THEY must be right and I must be wrong." Explaining why the solutions that "really smart" people often go for are entirely impractical (and thus less secure) can help people feel better about their role in the world of privacy and security.
posted by jessamyn at 9:40 AM on February 24, 2017 [3 favorites]
Sorry, an absolute risk is more like "This many people have their identity stolen. This is what that means. This is how you deal with this."
posted by jessamyn at 9:47 AM on February 24, 2017
posted by jessamyn at 9:47 AM on February 24, 2017
Best answer: My wife actually worked on a basic privacy curriculum with the San Jose Public Library and the International Computer Science Institute. (It was originally going to be a video game, but it looks like they've just put up the text, which is... better. Trust me.) It hits the high points and has some more in-depth resources linked.
posted by restless_nomad at 10:47 AM on February 24, 2017 [3 favorites]
posted by restless_nomad at 10:47 AM on February 24, 2017 [3 favorites]
The Surveillance Self-Defense site by the Electronic Frontier Foundation is particularly useful, as is this set of tips from Simply Secure.
posted by brainwane at 12:40 PM on February 24, 2017 [1 favorite]
posted by brainwane at 12:40 PM on February 24, 2017 [1 favorite]
I got InfoSec training annually at my old corporate job. But the best newbie-friendly, in a nutshell thing I have ever seen was from a parenting list I was on years ago that had a lot of not real internet savvy full time parents and the like on it.
That was: "Don't say anything online that you wouldn't want published to the front page of your local newspaper."
They would talk about how you don't know who is reading this stuff, it could be your mother-in-law, the spouse you are divorcing or staff from the school you are fighting with. These types of incidents actually happened. They had a case where someone would come on list and bitch about the school their kid was in where they were fighting for accommodation and one of the staff was also subscribed and would print out all their ugly emails and use them against them.
Given how few people read their local paper these days, you could try using the metaphor of a town crier. But the point is to make it clear that this can have real world consequences for them personally and people they know. This can be hard for some people to grasp. The internet seems so big and anonymous and so forth. It can feel like you are howling into a void and no one is listening at all. The above is the best thing I have ever seen for getting not internet savvy people to think before they type.
posted by Michele in California at 2:22 PM on February 24, 2017
That was: "Don't say anything online that you wouldn't want published to the front page of your local newspaper."
They would talk about how you don't know who is reading this stuff, it could be your mother-in-law, the spouse you are divorcing or staff from the school you are fighting with. These types of incidents actually happened. They had a case where someone would come on list and bitch about the school their kid was in where they were fighting for accommodation and one of the staff was also subscribed and would print out all their ugly emails and use them against them.
Given how few people read their local paper these days, you could try using the metaphor of a town crier. But the point is to make it clear that this can have real world consequences for them personally and people they know. This can be hard for some people to grasp. The internet seems so big and anonymous and so forth. It can feel like you are howling into a void and no one is listening at all. The above is the best thing I have ever seen for getting not internet savvy people to think before they type.
posted by Michele in California at 2:22 PM on February 24, 2017
The thing people haven't talked about yet in the great tips is the friends-of-friends thing: posting something you think is just going to one set of people, but is actually going to a lot more.
Talking about both the technical side of it (think about your settings) but also the fact that sometimes people can and will pass on stuff from controlled spaces online to people you didn't want to see that, and to think about that a bit in advance. (Relationship drama, estrangements between family members, stalkers, etc. are experience lots of people are familiar with.) They could do that without the technology, too, but the same stuff that helps face to face is a good rule of thumb with the tech.
Having a regular conversation about how to talk to friends and family about what info they share about you (and your family, especially any kids) is also a good habit to be in. Do you not want to be tagged in things? Not have the names of kids used in online spaces? That kind of thing.
posted by modernhypatia at 8:21 AM on February 27, 2017 [1 favorite]
Talking about both the technical side of it (think about your settings) but also the fact that sometimes people can and will pass on stuff from controlled spaces online to people you didn't want to see that, and to think about that a bit in advance. (Relationship drama, estrangements between family members, stalkers, etc. are experience lots of people are familiar with.) They could do that without the technology, too, but the same stuff that helps face to face is a good rule of thumb with the tech.
Having a regular conversation about how to talk to friends and family about what info they share about you (and your family, especially any kids) is also a good habit to be in. Do you not want to be tagged in things? Not have the names of kids used in online spaces? That kind of thing.
posted by modernhypatia at 8:21 AM on February 27, 2017 [1 favorite]
the two things old people i know always fall for are, email phishing, and clicking on flashing buttons that go "Alert! Your computer has a virus! Click here to fix it!" The stuff that we think is too stupid and obvious to even think of as a risk. They just trust everything like children
posted by maiamaia at 2:31 PM on March 11, 2017
posted by maiamaia at 2:31 PM on March 11, 2017
« Older Repairing a kitchen dish soap dispenser pump | Help Me Find a Phone Game to Play while Feeding my... Newer »
This thread is closed to new comments.
Loss of Online Privacy: What's the Harm?
posted by beyond_pink at 9:13 AM on February 24, 2017