CreditsLast Updated 2017-06
This session builds basic understanding of information flows across the Internet, and the different vulnerabilities and related good security practices at each point in the chain.
This session was developed jointly by Mariel García (SocialTIC) and Spyros Monastiriotis (Tactical Technology Collective)
How Does the Internet Work? Placards – these should be iconic representations of the parts of the chain that an email goes through when it is sent from one computer to another:
Make sure to cover all the questions participants might have. It is important they leave the session with answers to their concerns with the vulnerabilities they learned about, and feeling they have the information they need to take action. Avoid creating an environment of fear, stress or anxiety - provide enough information and resources, as well as further training opportunities (if possible).
Step 1 | This part of the workshop will begin as a game. Participants will be given pieces of paper representing one part of the chain of the flow of information online (modem, computer, ISP building, etc) and will be asked to arrange themselves in the order they consider is correct to represent the way an email travels through the Internet to reach another computer.
Step 2 | Once the group is arranged, the facilitators will correct any mistakes, and will do a run-through explaining the process to everyone. Then a volunteer will be asked to repeat that explanation. It is recommended that the complete explanation is made at least three times; but, to give variety to this exercise, the facilitator can change the email illustrations that are used, and the extreme where the demonstration begins. The trainer must also give some time to clarify doubts related to this process.
Step 3 | You can also use a video like this one (https://www.youtube.com/watch?v=7_LPdttKXPc) to help participants identify any mistakes that they have in the way they arranged themselves.
Optional: To adapt this for larger groups - rather than giving out one piece per person, assign one piece to a pair; for smaller groups, they can place the pieces on the floor, debating their order.
Step 4 | When the previous process has been completed, participants will be asked to paste each piece on a long paper (from a roll) that will be left on the floor. At this point, the facilitators will go through the chain again, this time to point out and explain the vulnerabilities at each stage (and hint at good practices to keep participants calm and confident).
Step 5 | Some of the vulnerabilities are mentioned next. You can also add any other practice or threat that is applicable in your own context or that is relevant to mention to the participants. You can also share a few examples of practices that other collectives you work with have to help participants think of what might be some of their own good or bad practices.
Step 6 | After focusing on vulnerabilities, it will be time to break the group into smaller ones that can “adopt” one of the vulnerabilities discussed in the previous exercise and propose creative solutions for it. To make it less overwhelming for less experienced participants, each group will be given a piece of paper including one solution proposal that can ignite conversation.
Step 7 | At the end, the groups will be given 30 seconds to a minute to present their ideas to the rest of the group (while one of the facilitators takes notes and makes additions to what is reported back by the groups). Facilitators will float around the groups giving brief explanations and answering questions, and mostly promoting discussion among all the participants.
Step 8 | It’s important that, as this activity progresses, facilitators explain the basics of each solution. Also, depending on the level of interaction and speed of the workshop, it may not be possible to cover all the proposals.
Some of the ones that are consider most important to share are:
Step 9 | The point of this part of the session is to gather questions that are related to digital security but maybe haven’t come up until now in the workshop, as well as discuss topics relevant to the participants’ specific community. It’s a good time to provide resources for everyone to learn more and stay updated. The facilitator will gather questions of the audience, hint potential answers, and mention references that can be used to answer them.