45

Privacy and Security Awareness Training with Raspberry Pi

KATE LOMAX / COFOUNDER, ARTEFACTO

Type of Library Best Suited for: Any

Cost Estimate: $250–$500

Makerspace Necessary? No

PROJECT DESCRIPTION

Raspberry Pi is a small, stand-alone computer that makes a great learning environment for demonstrating and experimenting with different tools. This includes privacy and awareness tools that can’t always be accessed or installed on school, university, or other library computers.

By providing a separate, customizable learning environment, both the risk and the fear of “getting things wrong” are alleviated. You also remove users from their familiar web environment, which helps make people more aware of their usage and behavior. Raspberry Pi provides a kind of low-powered neutral territory.

In this workshop, we use the Raspberry Pi to show users how to protect their information online and to show some best practices for safeguarding their online privacy.

OVERVIEW

Protecting your privacy and security online doesn’t have to be a massive inconvenience, but there are some things that you can do and steps you can take to keep yourself safe. This workshop demonstrates some practical ways that people can protect their data and privacy online. It is designed as a gentle introduction to online privacy and security and to demonstrate some of the key concepts and best practices. It’s aimed at beginners.

This can be run as a series of workshops or can be modified to suit a particular theme or age group of learners. It also works as part of a general digital literacy series curriculum or as part of a series of Raspberry Pi workshops.

MATERIALS LIST

Online Privacy Checklist Bookmark1

NECESSARY EQUIPMENT

• ◦ Raspberry Pi with monitor, keyboard, and mouse (one per user + instructor)
• ◦ SD card with New Out Of the Box Software (NOOBS) and KeePass2 or KeePassX password management software installed (one per user + instructor)
• ◦ Projector with HDMI port

STEP-BY-STEP INSTRUCTIONS

1. Introduction

If this is the first session using the Raspberry Pi, you can introduce the Raspberry Pi and the Raspbian operating system.

A good way to start the workshop is by opening up a discussion about online privacy and security.

• ◦ Do workshop attendees currently use any privacy tools online?
• ◦ What messaging applications do people use?
• ◦ What about different search engines?

You can then get everyone logged into their Raspberry Pi and with the default browser open. This is Chromium at the time of writing, the open-source web browser that provides the source code for Google Chrome.

2. The How and Why of Online Tracking

In this part of the workshop, you can introduce the topic of online tracking—how it’s used by different sites (e.g., online stores, social networks, and search engines) and how this impacts our web browsing. For example, online tracking is responsible for the way advertisements on websites will start looking eerily familiar based on your recent browsing history.

The best tool for demonstrating online tracking is Lightbeam, but it is only available for Firefox (or IceWeasal, depending on what you have installed). Lightbeam visualizes the trackers and provides a connections graph. If you have a projector, then you can use this to demonstrate Lightbeam’s visualization of tracking, but otherwise participants can use a Chromium-compatible plug-in like Privacy Badger or Adblock Plus (installed by default on Chromium) that shows a list of online trackers without the connections visualization.

Demonstrate how to view and install browser plug-ins via the “Settings” menu and using the Chrome web store. Then give everyone a chance to visit a few different sites and see what tracking is in place on different pages. Some good websites to try are online newspapers and other advertising-heavy sites.

You can also explain the role of cookies, the bits of information that websites you visit store in your browser (or on your computer), and show users how they can view or clear their cookies.

It’s also worth noting here the difference between blocking trackers with browser add-ons and the limited provisions of “private” or “incognito” browsing modes.

FIGURE 45.1

Chromium with Privacy Badger installed

3. Search Engines and Privacy

Search engines use your browsing history (and other stored data) to “personalize” results. This means that your search results will be different from those of other people based on your previous browsing and search results that you’ve clicked on.

Give students a chance to try out a privacy-aware search engine such as DuckDuckGo to compare search results from different tools and devices.

4. Strong Passwords

What makes a strong and secure password? Explain some of the best practices for strong passwords (including passphrases and avoiding using place names or people’s names that can be easily linked to you).

A lot of online sites and services (including Google and Facebook) now offer two-factor authentication, which means that you’re not just relying on your user name and password to access these sites. This makes it harder for anyone to hack into your account.

Show students how a Password Manager can help by storing passwords in an encrypted form and helping generate secure random passwords. Demonstrate using KeePass and setting a master password and creating a database. Then give everyone a chance to try it out (with the caveat that all data will be cleared at the end of the session).

5. HTTPS and Encryption Online

Another way you can keep yourself a bit safer online is by using HTTPS wherever possible. In a (very small) nutshell, the Web works by sending data between a client and a server each time you make a request to the server by typing in a web address or clicking on a link. The protocol that is used to send this to the server is called HTTP. HTTPS is an encrypted (S is for “secure”) version of this protocol. If you’re interested in finding out more, the Electronic Frontier Foundation (EFF) has a guide to HTTPS for librarians.2

Demonstrate how to see whether a website is using HTTPS by finding the little lock icon next to the left of the address bar (though there’s some variation here between browsers)—shopping and banking sites are good examples here.

You can also introduce the HTTPS Everywhere plug-in. HTTPS Everywhere is another tool from the EFF—it’s a browser extension available for Firefox, Chrome, and Opera and it encrypts your communications with many major websites, which makes your browsing more secure.

SUMMARY

Online privacy and security awareness is a constantly evolving space, but the main thing is to help people be more aware of what and how they share information online and how this is used by third parties. Give everyone a copy of the Privacy Checklist Bookmark to take home with them as a guide.

Don’t forget to reformat the SD cards at the end of the session to clear everyone’s data from the previous session.

LEARNING OUTCOMES

• ◦ How to install and use some of the main privacy browser plug-ins.
• ◦ Understand what Hyper Text Transfer Protocol Secure (HTTPS) is and how to identify secure connections.
• ◦ Understand how online tracking impacts web browsing and how it works.
• ◦ Best practices for protecting your privacy online.

RECOMMENDED NEXT PROJECTS

This introductory workshop is a little light on encryption, so for a future session, you can introduce additional encryption tools such as Signal or CryptoCat and some more advanced tools for protecting personal data tools online.

Other possible future extensions are Onion Pi Tor Proxy3 or hosting a cryptoparty in the library.4

Notes

1. “Privacy Checklist Bookmark,” http://​librarymakers.net/​resource-privacy-checklist-bookmark; https://www.lockdownyourlogin.com/.

2. “What Every Librarian Needs to Know about HTTPS,” Electronic Frontier Foundation, https://​www.eff.org/​deeplinks/​2015/​05/​what-every-librarian-needs-know-about-https.

3. “Onion Pi—Make a Raspberry Pi into an Anonymizing Tor Proxy!” Adafruit, https://​learn.adafruit.com/​onion-pi?view=all.

4. CryptoParty, www.cryptoparty.in/.