Part 3 – Hands-On Practice and Recommendations – Digital Security Training Curriculum

Step 7: Explain to participants that they are welcome to choose any of the three options presented for the next part of the exercise (the steps below though will use the example of creating an entirely new identity).
Step 8: Give each participant 1-2 sheets of flip-chart paper and some markers, and ask them to start drafting characteristics of their new identity – some specific considerations for them to think about include:

•What is the name they would use? (Be aware that some social media platforms, notably Facebook and Google, can identify and take down accounts with fake names, so participants should think creatively);
•What would their interests and hobbies be?
•Where are they from and where do they live?
•What avatar or profile photo would they use?
•Could any of these details be traced back to their real identities?

Step 9: Once participants have drafted the details of their new profiles and identities, share with them some digital security recommendations that will help them avoid exposing their real identities:

•Using different machines or devices for each identity similar to the above, this further compartmentalizes their different identities and separating activities, helping users avoid mistakes that could compromise a new identity. Participants could do this by using separate physical computers or phones, setting up a separate virtual machine on their laptops, or by using an alternative operating system like Tails (see the Deepening session “Let’s Reset!” for more information);

•When setting up a new profile, and ideally when logging into the associated accounts in the future, participants should consider using a separate browser in incognito mode different from the one they primarily use for their current profiles – this will help them to avoid linking the accounts, or accidentally logging into one over the other and sharing information that could compromise the separation of their identities. Consider though that even when using different browsers, the same IP address will be recorded by an ISP.

•Review general safe browsing habits with participants – you could build on this by talking about the concept of browser ‘fingerprints’, and the impact that could have on the separation of their identities (https://panopticlick.eff.org/static/browser-uniqueness.pdf); furthermore, you could also review how to obscure IP addresses that could potentially reveal location details;

•Participants should not follow anybody friends, family or their organization using their new identities – this could very quickly allow anyone looking closely enough to draw a connection between that identity and its real counterpart;

•Remind participants to be aware of metadata and how it could potentially reveal information about themselves. Review how metadata is created, and how they can erase it from their files before posting images or videos, or before sending files from their new identity accounts.
Now participants can begin creating the profiles and accounts for their new Online identities!

•https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual#Creating_and_managing_identities_online
•https://mat.boum.org/
•https://guardianproject.info/apps/obscuracam/
•https://securityinabox.org/en/lgbti-mena/metanull/windows/
•https://panopticlick.eff.org/static/browser-uniqueness.pdf
Refer to Using HTTPS Everywhere
Refer to Using Tor browser bundle

Related