For example, encouraging Google Chrome alternatives like Firefox using ublock, discouraging Google in general, etc. Thanks!
One class for one hour is not much time at all. To get the most out of it, I would actually try to keep the scope as narrow as possible. I would really dig into these two things:
Password management (make good passwords, use a pw-manager to avoid reusing a pw, change passwords regularly)
Spotting social engineering (I would spend at least 2/3 of the class on this topic) this is by far the most common vector through which people get hurt by poor tech literacy. If you want to do the most good for the most people I would recommend focusing on drilling this skill.
Ignore the people saying 1 hour won’t cut it. You have to keep it to an hour or you lose your audience.
I did a security talk at my last job and realized all I was creating was a bunch of scary slides. Went back to focus on actionable responses; What can the user do to defend themselves?
The most common misconceptions in my experience:
“Why do I care? I’ve got nothing to hide and they have all our data anyway.”
“Isn’t open source less safe if everyone can see how it’s made?”
“Email is safe because only I have the password.”
I’d debunk those and give examples and tips. I’d also briefly tell them about the concept of social engineering and what to look out for. And if there’s time mentioning password managers couldn’t hurt.
I think the majority of the time ought to be showing real-world examples of why these things matter.
Stores use your phone’s bluetooth to track your shopping
Smart doorbells will gladly send your footage to police without your permission
Target knew a teenager was pregnant based on shopping habits
Mozilla has a solid breakdown of how your car is spying on you
The goal being to give them something lasting. So next time they interact with this tech they remember what you told them, and maybe start a privacy journey of their own.
teaching them how to recognize online scams, even people with degrees will for the oldest scams out there.
It really depends how basic and how “general public” we’re talking. At work I’ve had multiple people email me their credit card details in plaintext. That might fall into the “beyond help” category.
A few points I think are important:
-
Use an adblocker
-
Use a password manager
-
Don’t connect things to the internet that don’t need to be connected to the internet
-
If it needs to be connected to the internet, keep it up-to-date
I think that covers the basics without impacting convenience too much. While I personally think that your TV is something that doesn’t need to be connected to the internet, I imagine most laypeople wouldn’t agree with me and do it anyway.
-
Maybe take some audience participation. Whip out true people search dot com or another data broker, and use their name or phone number. Show them how much of their info is out there and how a stalker or malicious player could obtain a ton of info about them. Problem is then if people go “but I have nothing to hide” and that’s a deeper conversation.
I have to try this one! I just have to find some data brokers with matches in the EU
Here are six topics you can probably do in about ten minutes each.
- Password manager
- Avoid password reuse
- Basic phishing prevention
- Adblocking (be sure to mention private DNS on phones to block ads in apps)
- Reasons to prefer websites to apps
- Scam recognition (if there’s time - the concepts are similar to phishing)
I’d mention Firefox in the adblocking section, but getting them to use anything will be a big win.
How to wipe devices before disposing of them.
I’d spend much of it selling them on Linux (mint is really not bad to use/install these days), libreoffice, lemmy (for the upvotes), Signal, Matrix, Jellyfin, and some of the amazing free phone games.
Let people know there are alternatives. So they migrate comfortably the next time a garbage product comes out, and are willing to look+donate when a new thing comes out that could/should be free as in freedom.
Security is mostly theatre, and the average person probably isn’t under much threat even doing everything wrong. But slightly more informed as a consumer and user could really make a positive impact on their lives + those around them.
Critical thinking. The best security is useless if the user clicks the first crypto-locker posing as a harmless security update. That said, you can’t fix stupid. Some people are just destined to be fleeced by people with more acumen and less scruples than them.
Very true. If we teach people, however, we can at least say we tried?
Semi-related anecdote: I recently learned in our company’s third-party tech literacy/compliance/assessment portal, it actually ranks every employee (anonymously). Seeing how low some of the scores are really scared me…
- Your phone is the least private device you own. Every app you add makes it worse.
- Don’t use that bank plastic any more than you have to. Cash has built-in privacy. And -never- let it out of your hands.
- Unless it’s legally required, -never- write or ‘give’ ‘your’ SS number.
- None of these numbers we just have to remember are ‘ours’. Do cows own ‘their’ ear-tags? They just oil the machinery.
- Before you get rid of that hard drive, open it up and rip out the internal wiring. Then drive a couple of nails through the platters.
Regarding #5, don’t bother with the wiring. No data stored there. It’s all in the magnetic coating of the platters.
Yeah, drilling a hole in there should stop anyone this side of a dedicated lab from reading your data.
Even a dedicated lab might not be able to read your data once you’ve hammered nails through the platters.
Usually what they do is they take out the platters in a clean-room environment and place them in an otherwise identical drive, then read from that. But a deformed platter with a hole in it will cause extreme oscillations once you start rotating it at thousands of RPM. Which will crash the head(s) pretty much instantly.
So realistically, outside of an MI6-style lab with Q and his team using custom-built equipment dedicated to reading data from purposely destroyed drives, I don’t see how anyone could do it. Would love to hear from someone who works in data recovery or is in contact with people who do, though.
One thing we haven’t talked about, by the way, is how to prevent SSDs from having their data recovered. That should be straightforward though, just schwack the NAND chips with a hammer until they’re all broken. As with the HDD, be sure to wear appropriate PPE to protect against eye injury and dust inhalation.
https://biggaybunny.tumblr.com/post/166787080920/tech-enthusiasts-everything-in-my-house-is-wired
Also: don’t download the app, use the web site https://idiallo.com/blog/dont-download-apps
I get so annoyed with apps. There are coupon deals at a grocery store that you can only get by “scanning with the app”. I haven’t figured out a way to get these deals purely through their website - but I’m sure that’s by design.
its probably there to just datamine you.
deleted by creator
I don’t think the general public will walk away caring much no matter what you say. I’m not trying to dismiss your question. Though I can say from personal experience, that an hour isn’t enough time to convince most non-techie people to change their online habits at all.
Most people I’ve talked to about any of those topics essentially already has a vague idea that it’s an issue, but they just kinda shrug since nothing’s happed to them yet and they think its probably too late anyway.
Someone who voluntarily sits through an hour-long presentation clearly cares enough to take some kind of action.
Probably show them “have i been pwned” to get their attention first
