Difference between revisions of "Community Updates"

From IFF Wiki
Jump to: navigation, search
(85 intermediate revisions by the same user not shown)
Line 1: Line 1:
The following are community updates from the weekly Glitter Meetup. If you need to connect to anyone mentioned below, please reach out. We do practice "consensual introductions," meaning we have to check with the person before doing so. No names are associated with the summary notes. Please contact us if you have any questions related to these notes.  team@internetfreedomfestival.org
+
{|class="wikitable" style="float:right; margin-left: 10px; width: 30%; background-color:#A9D743;"  
  
== March 19 2020 ==
+
| '''Glitter Meetups'''
 +
* [[Glitter Meetup|What are Glitter Meetups]]
 +
* [[Community Notes|More Community Updates & Knowledge]]
 +
* [[Calendar of Events|Virtual Events Calendar]]
 +
* [[IFF Mattermost|Join the IFF Mattermost]]
  
* IFF launched a A virtual calendar of  events: https://internetfreedomfestival.org/wiki/index.php/Calendar_of_Events
+
|}
and have daily checkins, kinda like virtual coffee, everyday at 10am EST / UTC-4 here AND  a virtual workshop series called Community Knowledge Share, which are  capped at 25 people,  and we are looking for folks  that  want to  be presenters!
+
  
* Venezuela blocking a coronavirus information portal: https://vesinfiltro.com/noticias/bloqueado_portal_coronavirus_AN
+
The following are community updates from the weekly Glitter Meetup. If you need to connect to anyone mentioned below, please reach out. We do practice "consensual introductions," meaning we have to check with the person before doing so. No names are associated with the summary notes. Please contact us if you have any questions related to these notes: team@digitalrights.community
  
* Brazil  currently has a  current diplomatic  crisis with China because the President's son is spreading hate speech.
 
  
* openIDEO is collecting designs that can change people's bahaviour and stay safe
+
'''[[June_3_2021_GM|June 3, 2021 Glitter Meetup]]'''
https://www.openideo.com/challenge-briefs/covid19-communication-challenge
+
  
'''FEATURED GUEST:'''
+
'''Featured guest''' Yonah Welker
  
* Several members of the Taiwanese community  and  Citizen Lab joined this week's glitter meetup to talk about Misinformation, COVID and China.
+
'''Topic''' Algorithmic Diversity: Zero Exclusion, AI & Ethics (AI & Human Rights)
  
* China  has been using misinformaiton of COVID19 against taiwanese citizens.
 
  
* Citizen  lab  published a report on how Chinese social platforms are controlling COVID-19 information. They state that  censorship started at early stage of the outbreak and is broad in scope.
 
https://citizenlab.ca/2020/03/censored-contagion-how-information-on-the-coronavirus-is-managed-on-chinese-social-media/
 
  
Citizen  Lab looked at two applications YY (a popular live streaming app) and WeChat for YY. They have been tracking keyword lists it uses to censor content since2015. Anytime the lists change CL gets a copy.  They found that YY added 45 keywords related to the then unknown virus on dec 31 the same day that Wuhan Health Commission made the first public announcement on the outbreak WeChat broadly censored coronavirus-related content (including critical and neutral information) and expanded the scope of censorship in February 2020. Censored content included criticism of government, rumours and speculative information on the epidemic, references to Dr. Li Wenliang, and neutral references to Chinese government efforts on handling the outbreak that had been reported on state media. They continue  to monitor both platforms and will have updates coming soon.
+
'''[[May_13_2021_GM|May 13, 2021 Glitter Meetup]]'''
  
* YY got directives at early stage of  COVID19 to censor information. This is so the Chinese government  could control the narrative. For the broad scope of censorship on Wechat it's not clear if this is a product of direct government guidance or indirect pressure leading WeChat to over censor. CL has seen WeChat broadly censor during other critical events like the National Communist Party Congress and the Death of Liu Xiaobo. On WeChat for example you can't say 美国疾控中心” (US Centers for Disease Control) and “冠状病毒” (coronavirus) in the same message. Very general content that could potential impair citizens ability to access and share basic health info.
+
'''Featured guest''' Gus Andrews
  
* China is changing the channels it uses to spread misinformation. They are experimenting as time goes on.  At 2018 the main disinformation attacks can be found on
+
'''Topic''' Feedback on Thunderbird
Facebook fan page posting content from content farm but due to the change of Facebook guideline they are now spreading through the personal page and comment of celebrty's facebook fanpage. The key concept of China's censorship is to keep everything stable and under control. They are afraid that not controlling the information will let people question their capacity and authority. In fact, in the epidemic there was a period of time that the first sentence of China's national anthem was banned on WeChat after the first whistle blower died because of covid-19. The lyrics is Arise, ye who refuse to be slaves
+
  
* Researchers have also found Youtubers collaborating on a certain  political issue to create misinformation, and then spreading it  through close group chatting like Like app.
 
  
* Chinese government has tried to shift concerns their citizens have of COVID19 or shape public opinions. For example, in one series of attacks, they are trying to reassure that COVID-19 is less serious than  "USA flu" which is a real term they used
+
'''[[May_6_2021_GM|May 6, 2021 Glitter Meetup]]'''
  
* Worst yet, the misinformation had been translated into Japanese and Korean on Twitter after the outbreak in this 2 countries.
+
'''Community Updates'''
  
*  China now is shifting the narrative that China is doing better than all Western democratic countries. A narrative that Chinese government successfully protected their people while U.S. and Europe governments do nothing affective and the world is learning from China's model against COVID-19
 
  
 +
'''[[April_29_2021_GM|April 29, 2021 Glitter Meetup]]'''
  
* Taiwan is performing well in containing COVID-19 while using many technologies and policies without clear authorization from laws. There is concern there will be violations of privacy and emergency action that will be permanent.  e.g. tracking cellphone signals to investigate where confirmed and suspected cases go and in contacts, linking immigration data to national health ID card, banning teachers, students, doctors and nurses go abroad, will publicize the names of those who violates the travel bans.  So far, they have taken thee following steps to combat Covid-19:
+
'''Featured guest''' Tenzin Dolker, Association for Women’s Rights in Development
  
1) link citizen's travel records database to health insurance database (over 90% medical institution are under health insurance system, and let medical institute search their patients' travel records.
+
'''Topic''' Feminist funder space and autonomous resourcing
  
2) link all quarantine person's data to police surveillance system to let police can check people on the street.
 
  
3) request quarantine people's phone location and phone records to control where they are and who they contact with, or even tracking their phone location in real time.
+
'''[[April_22_2021_GM|April 22, 2021 Glitter Meetup]]'''
  
4) force people to use real-name to buy masks
+
'''Community Updates'''
  
* Chinese groups are being discriminated worldwide.
 
  
* Some  steps recommended to help racism:
+
'''[[April_15_2021_GM|April 15, 2021 Glitter Meetup]]'''
  
1) Speak up at all and any hate speech you see. We can't even for a minute allow people to think its okay to say racist shit in public spaces
+
'''Community Updates'''
  
2) Find ways to support folks online that may be targeted.
 
  
3) Correct anyone that calls it Chinese Flu etc.
+
'''[[April_8_2021_GM|April 8, 2021 Glitter Meetup]]'''
  
 +
'''Featured guest''' Gus Narea
  
 +
'''Topic''' Relaynet
  
  
== March 12, 2020 ==
+
'''[[April_1_2021_GM|April 1, 2021 Glitter Meetup]]'''
  
|'''Community Updates'''
+
'''Community Updates'''
  
*  This week featured guest was Giovanni from Globaleaks, the lead developer. They can be found on Mattermost @evilaliv3. Interview is below.
 
  
* Karen Reily is going to start working on a comparison of virtual tools. She mentioned that accessibility tools like transcription are better with Windows. If you would like to help, contact here: @akareilly_she-her
+
'''[[March_25_2021_GM|March 25, 2021 Glitter Meetup]]'''
  
* Coffee & Circumvention Argentina is questioning whether they should put the monthly meetups on hold because of COVID19
+
'''Community Updates'''
  
* Amnesty Tech just published an investigation on digital attacks against Uzbek activists : https://www.amnesty.org/en/latest/research/2020/03/targeted-surveillance-attacks-in-uzbekistan-an-old-threat-with-new-techniques/ (short blog post with Uzbek and Russian translation https://www.amnesty.org/en/latest/news/2020/03/uzbekistan-new-campaign-of-phishing-and-spyware-attacks-targeting-human-rights-defenders/ - This campaign is part of a pattern of digital attacks on activists and journalists working on Uzbekistan (Amnesty reported similar attacks in 2017) This group as many other is using a phishing toolkit that bypass SMS and authenticator code as Two Factor authentication, Amnesty encourages everyone to move to hardware keys (like solokeys or yubikeys) as much as possible If you know any activists from Uzbekistan, please share the info, Amnesty is trying to raise awareness on such attacks in this community. If you have question, please contact @tek directly on  the Mattermost.
 
  
* Localization Lab is looking for more translators to help with the [https://wiki.localizationlab.org/index.php/Briar Briar User Manual], [https://wiki.localizationlab.org/index.php/OONI_Probe OONI Probe] and [https://wiki.localizationlab.org/index.php/Psiphon Psiphon]
+
'''[[March_18_2021_GM|March 18, 2021 Glitter Meetup]]'''
  
'''GlobaLeaks Interview:'''  
+
'''Featured guest''' Jac sm Kee & Esra'a Al Shafei
  
*  During this meetup, we  interviewed Giovanni Pellerano (evilaliv3), current lead developer for the GlobaLeaks project! Globaleaks is an open source software developed for making it possible for journalistic sources to contact journalist in a safe manner preserving their anonimity and confidentiality of the communication. It is currently available in 30 languages. It has been developed singe 2011 by a worldwide group of users with differnt experiences and the development is actively lead by the Hermes Center for Transparency and Digital Human Rights, an italian NGO.
+
'''Topic''' Numun Fund
  
* Globaleaks is about to release their 4.0 version, which will feature:
 
- Implements encryption by default. This means that Globaleaks now generates and uses automatic keys to protect information shared. Users just need to access with their secure passphrases and the system automatically encrypt and decrypt data for them. They do not have to manage their PGP keys  etc. 
 
- The encyption protocol they are using  is one they researched for 5 years with the Open Technology Fund, and is similar  to the one implemented by Minilock. The set of algorithms used are safe for use and are currently top selection: Elliptic curve criptograpgy, Argon2. The advantage of this is that now the software encrypts every communication including the metadata.
 
  
*Globaleaks has been developed since 2011 by a worldwide group of users with different experiences. The development is actively lead by the Hermes Center for Transparency and Digital Human Rights, an italian NGO. GL development is lead directly since always by the interest of its users. Since the project start journalist, whistleblowers, developers, translators has formed strong sinergy collecting every possible feedback and dring those into a flexible software roadmap.
+
'''[[March_11_2021_GM|March 11, 2021 Glitter Meetup]]'''
  
* We briefly discussed the difference between GlobaLeaks and other tools like SecureDrop. Giovanni explained that SecureDrop and GlobaLeaks are great collaborators, and both started from the same worldwide community of  experts dealing with this topic. In fact, during the same year the projects were started, Giovanni was strongly collaborating  with Aaorn  Swartz on a side project called Tor2web, and both came to the same solution: it was a good idea to interconnect something like a form to Tor to provide anonymity to journalistic source. Then the two project diverged serving different users with different threat models. Giovanni states that as a matter of history, they started at the same time, and had the same ideas, and the projects were similar in e each component in the start. Then the two project diverged serving different users with different threat models
+
'''Featured guest''' Karen Reilly
  
* Securedrop is considered the top secure software to be used for national security level threats but for this reason it is static, inflexible, unconfigurable and requires more resources in terms of know how, hardware and money (e.g. the hardware costs is around 4000$) Essentially, its much harder to setup. GlobaLeaks is built to cover a wide range of threat models and for this reason it is highly configurable. You can somehow put it on similar architectures, configure it with the best secure configurations and it becomes somehow as secure as SecureDrop. It also enable to be configured to work over HTTPS (without Tor) to serve other less risky scenarios. For these reasons, GlobaLeaks can be used by very small organizations with low tech saviness and 0 resources (it works on a VPN with a cost of 34$ an year). It also can  be configured to work over HTTPS (without Tor) to serve other less risky scenarios. Essentially, It is widely used in scenarios where, without it, people would be using a simple Wordpress instance without HTTPS.
+
'''Topic''' Accessibility Knowledge
  
* Giovanni shares: "I make always this example to make people understand the difference. Think as Securedrop as a software that put a barrier high, in terms of security. Considering the barrier immodificable, you will be able to defend only the most serious problems, but users not able to deal with the technology wont use it and would result not protected. GlobaLeaks instead put the barrier in between, enable to raise it or to lower it in a controlled manner. This way depending on the configuration can protect any scenario,"
 
  
* SecureDrop is currently run by large news media organizations that have a high budget, and can hire a  full-time CTO. GlobaLeaks is instead run by a diverse user base, and in many cases by journalists themselves. Also,  in Globaleaks, has encryption by default, where in SecureDrop, PGP keys are managed directly by users.
 
  
* SecureDrop and Globaleaks collaborate a lot together, and  have  deep respect for each other. They constantly share  improvements and knowledge with each other.
+
'''[[March_4_2021_GM|March 4, 2021 Glitter Meetup]]'''
  
 +
'''Community Updates'''
  
'''GlobaLeaks Resources:'''
 
  
* Slack Channel: https://slack.globaleaks.org/
+
'''[[February_25_2021_GM|February 25, 2021 Glitter Meetup]]'''
  
* Forum: https://forum.globaleaks.org/
+
'''Community Updates'''
  
== March 5, 2020 ==
 
  
After making the hard decision of cancelling the 2020 edition of the Internet Freedom Festival because of the increasing spreading of the COVID-19, we gather with the community to answer questions and shape future editions and other ways to work together during the year.
+
'''[[February_11_2021_GM|February 11, 2021 Glitter Meetup]]'''
  
Our decision was easy, once we knew that we had to protect our community.
+
'''Topic''' Community Health
* information sharing and coordination was key in our decision making process. Early in February, when the outbreak started reaching other countries, i began reaching out to other risk managers / safety friends who were working other global gatherings. mainly, i wanted to learn / know how other groups were managing the risk assessments. i started to track many of the conference cancellations and by mid-february, i knew that we had some hard decisions to make.
+
* the overriding principle for us to ensure that our participants were safe at the IFF, safe during transit, and safe going home.
+
* when the cases in valencia increased, we knew that it was impossible for the virus to be contained and it would’ve severely impact our community, many of whom are freelancers or coming from organizations without institutional support.
+
  
'''Brainstorming about the IFF community work through the year:'''
 
* Use an online conference website that allows for self-organize style...so i was thinking we can test out having a 2 hour self organize style online where people can do breakouts, and then report out back to the community. But it would be capped at x people.
 
* A monthly community report, where folks can share changes/developments in their regions, but also thought they have about direction of community.
 
* Try to better empower local hubs, and potentially do something fun between cities. Like for example, maybe two cities can meet at same time, and we create stations in each, where people can just go pu to the computer, and talk to folks in the other city.
 
  
'''Resources and Ideas:'''
+
'''[[February_4_2021_GM|February 4, 2021 Glitter Meetup]]'''
  
* We discussed different possibilities for presenters and participants and the challenges that people with high security level faces during webinars.
+
'''Community Updates'''
  
* Virtual Conference: https://unhangout.media.mit.edu/
 
  
* Tips on how to organize a virtual event: https://www.ictworks.org/coronavirus-cancel-conference/#.XmEM4pNKjBI
+
'''[[January_28_2021_GM|January 28, 2021 Glitter Meetup]]'''
  
== February 27, 2020 ==
+
'''Featured guest''' Gus Andrews
  
'''What is GlobaLeaks'''
+
'''Topic''' Security Training and Security in a Box
  
* GlobaLeaks is a software based on Tor intended to enable journalistic sources to report anonymously to journalists.  It is as well used in the anticorruption field and to protect sources in general.
 
  
'''What about the installation?'''
 
  
* As any opensource software it is build and designed to be installed as a personal tool on a personal infrastructure. In addition to this the software nowadays make it possible a hosting organization to safely provision a platform as a service to other organizations. This is working well empowering anticorruption NGOs to provision the software to their partner organizations.
+
'''[[January_14_2021_GM|January 14, 2021 Glitter Meetup]]'''
  
* In this sense small organizations can rely on the knowledge and the infrastructure of more structured organizations.
+
'''Community Updates'''
  
'''GlobaLeaks is used all over the world'''
 
  
*  Transparency International italy using this model is supporting 1000 public agencies building anticorruption mailboxes
+
'''[[December_3_2020_GM|December 3, 2020 Glitter Meetup]]'''
  
* Thanks to the localization lab community the software is translated in more than 30 languages so far
+
'''Featured guest''' Phyu Phyu Kyaw
  
* For the new release coming very soon (GlobaLeaks 4) they are calling translators to translate the news strings
+
'''Topic''' The rise of online censorship and surveillance in Myanmar
  
* GlobaLeaks-based platform are accessible via the Tor browser using an onion link guaranteeing digital anonymity: https://www.opentech.fund/news/taking-anonymous-online-whistleblowing-global/
 
  
'''How or why was Globaleaks started. Meaning, what pushed forward the development?'''
+
'''[[November_12_2020_GM|November 12, 2020 Glitter Meetup]]'''
  
* In 2011, the team identified the need for a tool empowering defending people willing to report malpractices of society.
+
'''Community Updates'''
  
* It was the time of DataLeaking; working on this we discovered that some organizations like Transparency International and Privacy Concern At Work were already supporting this "heroes" with analogic and improper tools.
 
  
* As technologist they worked on trying to renew this tools providing digital secure tools to fight the same causes.
+
'''[[October_29_2020_GM|October 29, 2020 Glitter Meetup]]'''
  
'''Paterns on whistlebowers'''
+
'''Community Updates'''
  
* Many of this revelations take time to be processed because legal procedures takes places and last longer
 
  
* They are aware of important cases of reporting and currently not aware of any retailiation due to the use of their technology
+
'''[[October_22_2020_GM|October 22, 2020 Glitter Meetup]]'''
  
* EU for example is going to be well regulated and offers more legal protections in this sense
+
'''Featured guest''' Hapee
  
== February 20, 2020 ==
 
  
* Myanmar Digital Rights Forum: https://www.digitalrightsmm.info/
+
'''[[October_15_2020_GM|October 15, 2020 Glitter Meetup]]'''
  
 +
'''Topic''' Improving our work/network on Digital Rights
  
== February 13, 2020 ==
 
  
* Today Russian court fined Twitter and Facebook for not moving their servers to Russia: https://www.themoscowtimes.com/2020/02/13/russia-fines-twitter-and-facebook-63000-each-over-data-law-a69280
+
'''[[October_8_2020_GM|October 8, 2020 Glitter Meetup]]'''
  
* PBS Frontline just published a documentary about Hong Kong Protests: https://www.pbs.org/wgbh/frontline/film/battle-for-hong-kong/ (but might only allows in Northen America region)
+
'''Topic''' Q&A with TunnelBear
  
* Malaysian gov recently actively arresting and charging/fining people who post/spread false information about coronavirus. Last update was 2 days ago, someone in east Malaysia got fined about MYR5000 and one reporter was arrested and on bail now.
+
'''Featured guest''' Rodrigue Hajjar, TunnelBear’s Director of VPN.
  
* Check this article, written by one of our fellows, about guidelines to create digisec policy and best practices for small scale organization: https://www.opentech.fund/news/guidelines-creating-digital-security-policy/
 
  
== February 6, 2020 ==
+
'''[[October_1_2020_GM|October 1, 2020 Glitter Meetup]]'''
  
* VPN users being tortured in Kashmir: https://www.vpncompare.co.uk/vpn-torture-kashmir/
+
'''Community Updates'''
  
* For the Tor users on Fedora/CentOS/RHEL, we now have official packages from the Tor Project https://support.torproject.org/rpm/
 
  
* People run Tor relays on different Linux based operating systems, but, mostly Debian/Ubuntu could directly install Tor package from the Tor project itself, now, people using Fedora or CentOS or RHEL can also get the latest and greatest version of the Tor directly from Tor itself.
+
'''[[September_24_2020_GM|September 24, 2020 Glitter Meetup]]'''
  
 +
'''Community Updates'''
  
== January 16, 2020 ==
 
  
Our feature guest is Tek, a security researcher working for Amnesty Tech on digital surveillance against Human Right Defenders. He is also a research fellow at the Citizen Lab.  Today we are going to talk to him about his article: '''Targeted Attacks Against Civil Society''' (https://www.randhome.io/blog/2019/12/02/targeted-attacks-against-civil-society-what-is-new-in-2019/)
+
'''[[September_17_2020_GM|September 17, 2020 Glitter Meetup]]'''
  
'''What are targeted attacks?'''
+
'''Topic''' VPN Glitter Meetup
* We call targeted attacks, malware of phishing attacks targeting people for the sake of gathering information on them, so there is no intention of getting any money (like cyber-criminal attacks such as ransomware would do), but monitor their activities. This type of attack is not new, first reports about such attacks against civil society date back to 2008 and the report on Ghostnet targeted the Dalai Lama office in India.
+
  
* Historically, it started with a lot of emails with malware attached to them, either documents using vulnerabilities to install a malware of just a malware pretending to be a document (and sometime opening it). These attacks are still happening, like in Azerbaijan a few years ago https://www.amnesty.org/en/latest/research/2017/03/False-Friends-Spearphishing-of-Dissidents-in-Azerbaijan/
 
  
* But more and more people started to use documents in the cloud, on Google drive to others. So the attackers started targeting more and more the mailbox with phishing email. These attacks are way more easy because you do not need a malware, just copy a login page on a fake domain and record the password when the user enter it.
+
'''[[September_10_2020_GM|September 10, 2020 Glitter Meetup]]'''
  
* Citizen Lab wrote about this change in tactics in 2016 against Tibetan communities https://citizenlab.ca/2016/03/shifting-tactics/ and it is something we see very regularly now, like in Egypt last year https://www.amnesty.org/en/latest/research/2019/03/phishing-attacks-using-third-party-applications-against-egyptian-civil-society-organizations/
+
'''Topic''' Greatfire's AppMaker
  
* And lately we are investigating more and more more advanced attacks done using malware and exploits sold by companies like NSO group. Citizen Lab wrote about it for the first time in 2016 https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/ and we have investigated attacks using NSO group recently in Morocco https://www.amnesty.org/en/latest/research/2019/10/Morocco-Human-Rights-Defenders-Targeted-with-NSO-Groups-Spyware/
+
'''Featured guest''' Greatfire developers
  
* These attacks are targeting smartphones with very advanced techniques, often using 0-day exploits that costs a lot of money. These attacks are more rare but also very dangerous because they are able to compromise smartphones with little or no user interaction. (There is today a court hearing going on Israel for a petition asking the Israeli MOD to revoke NSO Group export license, see https://www.amnesty.org/en/latest/news/2020/01/israel-court-nso-case-behind-closed-doors/ )
 
  
'''Has 2019 witness more attacks against civil society than in previous years?'''  
+
'''[[September_3_2020_GM|September 3, 2020 Glitter Meetup]]'''
  
* Yes, especially because of the discovery of attacks against Uyghurs and the WhatsApp hack by NSO on which we got a lot of information thanks to WhatsApp / FB. But it is hard to say if it is that we know more or if there are more.
+
'''Topic''' Future Skills for Current Challenges
  
* We have a lot of knowledge on the attacks in some regions (like Tibetan activists, or Mexico) because of work done there, but there are still areas (like South America) where we have very little knowledge.
 
  
'''So what has changed recently?'''
+
'''[[August_27_2020_GM|August 27, 2020 Glitter Meetup]]'''
  
* First, there are a lot of phishing attacks targeting online accounts and they get more complex in two ways: first they regularly use OAuth authentication. OAuth is a protocol that allows an external application to get access to your Google/Facebook/Outlook account for different reasons, it is for instance the protocol that is used when you login into a website with your FB/Google/Twitter/Other account. What is dangerous with that is that it is pretty different from other phishing attacks, and it is easy for people to fall into it. (read more about it here https://guides.securitywithoutborders.org/guide-to-phishing/oauth-phishing.html )
+
'''Community Updates'''
  
'''So we aren't able to know if the attacks have been increasing but we can confirm that the methods are getting more complex'''
 
  
* We don't know what we don't know, so it is hard to factually prove that there are more attacks. We are seeing more advanced attacks by groups like NSO, with 0-day and no-click attacks, but the vast majority of attacks are still not very sophisticated and using techniques that have been there for a while and are cheap (like fake google domains)
+
'''[[August_13_2020_GM|August 13, 2020 Glitter Meetup]]'''
  
'''What are some of the new attacks that you have witnessed during 2019?'''  
+
'''Topic''' What is Hong Kong National Security Law
  
* On phishing, something we have started to see in 2019 is using phishing kits that are bypassing most forms of Two Factor authentication. Two Factor Authentication is having another authentication method beyond your password, it is often a token given by SMS, by a smartphone app (such as FreeOTP, or Google Authenticator) or a hardware key.
+
'''Featured guest''' Lulu and Kaia, Open Culture Foundation
  
* Modern phishing kits are using a technique to relay the request to their fake website to the real platform and this bypass all forms of two factor authentication, except hardware tokens. It is thus important to promote more hardware keys like Yubikey or Solokeys
 
  
* This is pretty new, but there are now open source phishing kits doing that, and most of the phishing attacks we see today are bypassing most forms of second factor.
+
'''[[August_6_2020_GM|August 6, 2020 Glitter Meetup]]'''
  
* And there is like a gap between companies selling very advanced tools (NSO has 500+ employees), and some government paying hackers with average technical skills to send phishing to activists. The first one is more advanced, harder to fight against, but also more rare, and most of the attacks we see are the second case.
+
'''Topic''' Center for Digital Resilience Help Desk Link
  
'''You talk about attacks bypassing 2 factor Authorization, and the need to move towards hardware token for 2fa Where can you purchase this hardware? If folks can’t afford it, are there are places where they may be able to get it for free?'''
+
'''Featured guest''' CDR staff
  
* There are different organizations doing hardware tokens, the most used are Yubikeys, Solokeys and now Google is making their own Titan keys
 
  
* Several organizations are providing some to activists for free, we try to bring some when we are doing a security training. You often get some at events like IFF.
+
'''[[July_30_2020_GM|July 30, 2020 Glitter Meetup]]'''
  
'''Now that we know more about the attacks and their complexity: What entities are leading malware creation/execution?'''
+
'''Topic''' Self-care
  
* It really depends on the context of the country, we see some countries like Russia or China developing skills of targeted attacks in the country, they even have often several groups in charge of different types of attacks (companies or activists).
 
  
* In many other countries, they are not able to do that, and they rely on buying the malware and tools from companies like NSO Group, Hacking Team, FinFisher etc. These companies are mostly based in Europe (often in Italy) or Israel.
+
'''[[July_16_2020_GM|July 16, 2020 Glitter Meetup]]'''
  
* And they are often involved in a broader surveillance ecosystem, with companies like NICE (an american company) reselling and installing tools from other manifacturers
+
'''Topic''' Social Media as recordkeepers of activism
  
'''what are new threats you see coming in the future?'''  
+
'''Featured guest''' Isabella, Meedan
  
The trend is :
 
* More phishing attacks
 
* More attacks on smartphones
 
* Development of very sophisticated attacks used in some countries, but most attacks are still going to use techniques that are not very sophisticated (such as phishing or backdoored android applications)
 
  
'''Have you seen cyber attacks against relatives/partners of those who work in this space?'''
+
'''[[July_9_2020_GM|July 9, 2020 Glitter Meetup]]'''
  
* There is one case in Mexico reported by Citizen Lab where they targeted the son of a prominent journalist https://citizenlab.ca/2017/06/reckless-exploit-mexico-nso/
+
'''Community Updates'''
  
'''Some HRA uses external sites to 'upload' evidence and content to and then delete/remove it from their own devices. Are there certain places that keep content safe from these attacks?'''
 
  
* Uploading sensitive data from a server and removing from the phone can be really useful for instance for crossing borders, or during protests, but if the phone is compromised before, the attackers may be able to monitor the phone activity before it is uploaded and remove from it.
+
'''[[June_25_2020_GM|June 25, 2020 Glitter Meetup]]'''
  
'''How to get psychologists involved? Have you achived any positive results on this way? Any word of advice?'''
+
'''Topic''' Save Internet Freedom: what's going on with OTF
  
* This attacks are mostly not about digital means of protection but psychological ones. ("How can I distinguish that someone's trying to use me? How can I see what vulnerabilites of mine are most likely to be used by bad guys?") We discovered that digital things (such as 2FA) simply didn't work in some situations and we needed some assistance from psychologists to work with people.
 
  
* We have seen many cases where attackers used quite low-level attacks but they were combined with very good knowledge of the political context and good social engineering skills. There is definitely more work to be done to understand how to explain phishing and help people react to social engineering and I have not seen many psychologists involved in it, it would definitely be interesting
+
'''[[June_18_2020_GM|June 18, 2020 Glitter Meetup]]'''
  
* Is some good work being done and developed to improve security trainings and make them more into adult training, so maybe there are psychologists involved in it (https://level-up.cc/ )
+
'''Topic''' The Onion Browser
  
'''As a UX designer, how can we make this information help the design community build safer, informative tools for HRA's? Designers are typically the first line of defense and play a good role in informing/protecting users of stuff like this!'''
+
'''Featured guest''' Fabiola and Benjamin
  
* developing ways to explain these attacks better are definitely needed more. A good example of some work done in that area is the phishing quizz developed by Google https://phishingquiz.withgoogle.com/
 
  
* There are many different directions to fight against these attacks. One of our approach is to make forensic knowledge more easily available to tech people supporting human right defenders. It is very common to have people think their device is compromised and we did not have any good methodology to check if it really was. So with Security Without Borders, we have developed a guide to help with that https://guides.securitywithoutborders.org/guide-to-quick-forensics/
+
'''[[June_11_2020_GM|June 11, 2020 Glitter Meetup]]'''
It is pretty easy on Windows and Mac, but harder on smartphones, so we are trying to find better techniques and tool to do that on smartphone
+
  
'''Regarding to the malware spreading on Telegram during HK Protests. There's anything we can do? Like a bot that can filter those or identify those...?'''
+
'''Community Updates'''
  
* We have seen malware being shared on chat applications a lot, but mostly privately, HK is the only case where malware was shared on a group chat. It would be definitely possible to develop a telegram bot to monitor chat groups, and it could be an interesting way to identify attacks, but you have to monitor the right groups.
 
  
'''Do you see people reusing different malware/exploits in different campaigns in different countries?'''
+
'''[[June_4_2020_GM|June 4, 2020 Glitter Meetup]]'''
  
* Yes often. There are two different cases for malware, it can be either malware from a company like FinFisher or a malware that is open source or sold on the black market.
+
'''Topic''' Tiananmen Protests Anniversary
  
* Sometimes, we see some private tools shared by groups that are related to different country that we cannot explain.
 
  
* Exploits we see are very often public exploits, so they are reused because they are available on Internet
+
'''[[May_28_2020_GM|May 28, 2020 Glitter Meetup]]'''
  
== January 9, 2020==
+
'''Topic''' Trolls and Bullying on the Internet
  
For this Glitter Meetup, we have a feature guest: Tamara, one of the Community Builders of the 2020 IFF. She works on emergency assistance for activists and journalists around the world.
 
  
'''Is harassment online a real problem for women journalists? can you explain a bit about this? Where it happens? Why it happens? And are there any populations or areas of the world this happens more than others, or is it global?'''
+
'''[[May_14_2020_GM|May 14, 2020 Glitter Meetup]]'''
  
* Yes, online harassment is a real problem for journalists, but even more so for female journalists.
+
'''Topic''' WomenOnWeb Blocking in Spain
  
* As a female journalist she has faced online harassment based on gender many times, may it be from comments under her articles, or from online audiences during panels that she was speaking on, etc. Back then, she thought that perhaps she was doing something wrong or that she should simply not pay attention to this and not be too soft.
+
'''Featured guest''' Vasilis and Samba, Magma
  
* Five years ago she started working on emergency assistance, and over 40% of their casework covers journalists. And of course, they face all sorts of threats. Arrest, murder, you name it. But. A lot of times the harassment/ threats/ insults start online. The thing is that journalists often don’t take those seriously. Female journalists in particular often think that this just comes with the job.
 
  
* The harassers don't discriminate, in every region there are plenty of them. There is a difference however with regards to who the harassers are. So, for example, in Eurasia and MENA regions, we have seen more government and troll factory-based harassers of female journalists, in the US it is more from certain conservative groups, etc. But if we look at the specific areas of coverage. Number one, at least according to some of our data at the emergency assistance program is corruption reporting. Then come issues, such as migration, LGBTQI.
+
'''[[May_7_2020_GM|May 7, 2020 Glitter Meetup]]'''
  
* Troll factories are literally offices where people are hired to sit and search online space for content and comment in order to create fuss, or harass someone, etc. In Azerbaijan, for example, troll factories are used to harass female reporters, opposition, but also simply to 'express love for the president and their family'. Being a troll is a paid job sometimes, also in some countries students of state-funded universities or state employees are forced to be trolls for free (or they lose school placement, or their job)
+
'''Topic''' Community Prototype Fund - Open Tech Fund
  
* Also, female journalists, especially if they write opinion pieces, are way more often scrutinized with regards to their expertise (e.g. 'do you really have expertise to write about this?') and therefore are being threatened.
+
'''Featured guest''' Tara Tarakiyee, Program Manager
  
* One participant added that some of their coworkers often express that they are tired of comments and threats to them just because they are women, specially when they do articles or investigations with the conflict that Colombia still living between guerrillas, drug lords, etc.
 
  
*  Report done by IWMF on the topic: https://www.iwmf.org/attacks-and-harassment/
+
'''[[April_30_2020_GM|April 30, 2020 Glitter Meetup]]'''
  
'''Many folks here are digital security trainers, or provide digital security support. what advice can they give to women journalist they may be assisting who may be experiencing this. what can be done'''
+
'''Topic''' OONI - Open Observatory
  
* First and foremost it is important that female journalists don't normalize online harassment and recognize that there is a threat. The problem with online threats that I have seen in the past five years of my work is that they usually escalate. For example, if at first someone is telling a female journalist that she is a liar and she therefore deserves to die, then eventually a physical attack from this person, or from others who were 'inspired' by this harasser follows.
+
'''Featured guest''' Maria Xynou and Arturo Filastò
  
* Now, in terms of what digital security experts can advise. When online harassment happens and even in other instances, female journalists need to first of all take care of their own security. We usually recommend that they talk both to digital and physical security experts.
 
  
'''What tools or sites you recommend to find more info about Online Security for female journalists?'''
+
'''[[April_23_2020_GM|April 23, 2020 Glitter Meetup]]'''
  
* Getting in touch with Frontline Defenders' digital experts, or Access Now, or, smaller digital security and physical security expert groups, such as, for example, people from Tbilisi Shelter in Georgia.
+
'''Topic:''' Journalism during quarantine and Low-end Tech
  
* One participant added that FLD, Access Now, etc. are great advices for the majority of human rights defenders and independent journalists but there should be something more specific when it comes to female journalists and online threats.
 
  
* IWMF, CPJ, Amnesty have some good resources on their sites. But there aren't enough groups that deal with online harassment in general, and especially online harassment against women regionally. For example, in the North Caucasus in Russia where such attacks have happened, and very little to no local support is available.
+
'''[[April_16_2020_GM|April 16, 2020 Glitter Meetup]]'''
  
'''Are there any gender-specific advices on (say) guidelines, recommendations, anything to read? watch online?'''  
+
'''Topic:''' Improvements for IF Funders
  
* With regards to steps: '''1.''' stop your current work and focus on addressing your security situation '''2.''' if you work full time as a reporter, your management is your first call. If you are a freelancer, speak to your immediate support network (your fellow reporter friends, civil society groups inside your country that help journalists and female journalists in particular) and then speak to groups that support journalists (happy to help connect if needed), such as Acos Alliance, Rory Peck Trust, CPJ, RSF, Freedom House, Frontline Defenders, Civil rights defenders, etc. '''3.''' Develop a security plan. Female journalists often have dependents in their care, such as minors or parents. Make sure your security plan includes them. '''4.''' Your security plan has to cover your digital presence (such as, don't checkin on IG and FB, don't post personal info, contact white pages (or whatever address book alternative in your country) and ask them to take down your address, etc. But it also has to include psycho-social and physical security components. Such as, don't take your usual route to work. Checkin more frequently with your children, etc. (this sounds scary and somewhat unnecessary at times, but it is vital) '''5.''' If the harassment includes exposure of any content with regards to you online, develop a plan re how to eliminate that content (contacting social media platform, mobilizing a support network. in some cases, even take legal action). '''6.''' If things escalate, we usually recommend temporary relocation. as disruptive as it sounds to your life, it is sometimes needed to avoid further escalation.
 
  
* One participant added a good advice: "other journalists reported shifting how they cover the news to prevent harassment. For example, an online reporter in Taiwan said she focuses on positive news so she won’t get attacked"
+
'''[[April_9_2020_GM|April 9, 2020 Glitter Meetup]]'''
  
* A Latina newspaper reporter in the U.S. took a different tack. She said she faced extreme harassment online when she started her job five years ago, so now she is extra-vigilant about showing multiple sides of a story to prevent complaints that may escalate into abuse. On the other hand, a TV journalist in the U.S. said she tries to avoid details in her stories that she knows will upset people. “Yes, it affects the way I do my stories,” she said. “I am more careful.”
+
'''Topic:''' Racism in times of COVID-19
  
* It is important to have colleagues to rely on to talk about harassment encountered and to help by, for instance, moderating the comments
 
  
* Uses Facebook’s word-blocker function on professional page to prevent words like “sexy,” “hot,” or “boobs” from being posted by users
+
'''[[April_2_2020_GM|April 2, 2020 Glitter Meetup]]'''
  
*  IAWRT Manual: https://www.iawrt.org/sites/default/files/field/pdf/2017/11/IAWRT%20Safety%20Manual.Download.10112017.pdf
+
'''Topic''' Contact Tracing Apps
  
*  CPJ Canada/USA survey: https://cpj.org/blog/2019/09/canada-usa-female-journalist-safety-online-harassment-survey.php
+
'''Featured guest''' Sean McDonald, FrontlineSMS.  
  
* CPJ manual on how to mitigate sexual violence https://cpj.org/2019/09/physical-safety-mitigating-sexual-violence.php
 
  
* IJNET Guide: https://ijnet.org/en/story/how-newsrooms-can-fight-online-harassment-targeting-female-journalists
 
  
* GIJN Guide: https://gijn.org/gijn-guide-resources-for-women-journalists/
 
  
* OSCE Guide: https://www.osce.org/fom/220411?download=true
+
'''[[Glitter Meetup Notes Before March 26, 2020]]'''
 
+
* OSCE Manual: https://www.osce.org/representative-on-freedom-of-media/safety-female-journalists-online
+
 
+
'''Can you talk a bit about the  psychological impact this has?'''
+
 
+
* The psychological impact is huge indeed. From own experience covering mass protests back at home in 2005-2008, as a young female journalist you would get harassed all the time, so you try to wear least revealing clothes, put all of your hair under a hat, always go with a male colleague on reporting assignments, make sure your phone is charged, etc. 
+
 
+
* From Tamara's experience working with female journalists in the past five years, the most unfortunate psychological effect is that female journalists start self-censoring or that they cease their journalistic activities.
+
 
+
== Community Updates 2019 Part 2==
+
 
+
You will find here all the ideas, discussions and topics that the community created from July to December of 2019 on our weekly Glitter Meetups:
+
 
+
https://internetfreedomfestival.org/wiki/index.php/Community_Updates_2019_Part_2
+
 
+
== Community Updates 2019 Part 1==
+
 
+
You will find here all the ideas, discussions and topics that the community created from January to June of 2019 on our weekly Glitter Meetups:
+
 
+
https://internetfreedomfestival.org/wiki/index.php/Community_Updates_2019_Part_1
+
 
+
== Community Updates 2018==
+
 
+
You will find here all the ideas, discussions and topics that the community created during the 2018 on our weekly Glitter Meetups:
+
 
+
https://internetfreedomfestival.org/wiki/index.php/Community_Updates_2018
+
 
+
 
+
[[Category:GlitterMeetutp]]"
+

Revision as of 17:48, 12 May 2021

Glitter Meetups

The following are community updates from the weekly Glitter Meetup. If you need to connect to anyone mentioned below, please reach out. We do practice "consensual introductions," meaning we have to check with the person before doing so. No names are associated with the summary notes. Please contact us if you have any questions related to these notes: team@digitalrights.community


June 3, 2021 Glitter Meetup

Featured guest Yonah Welker

Topic Algorithmic Diversity: Zero Exclusion, AI & Ethics (AI & Human Rights)


May 13, 2021 Glitter Meetup

Featured guest Gus Andrews

Topic Feedback on Thunderbird


May 6, 2021 Glitter Meetup

Community Updates


April 29, 2021 Glitter Meetup

Featured guest Tenzin Dolker, Association for Women’s Rights in Development

Topic Feminist funder space and autonomous resourcing


April 22, 2021 Glitter Meetup

Community Updates


April 15, 2021 Glitter Meetup

Community Updates


April 8, 2021 Glitter Meetup

Featured guest Gus Narea

Topic Relaynet


April 1, 2021 Glitter Meetup

Community Updates


March 25, 2021 Glitter Meetup

Community Updates


March 18, 2021 Glitter Meetup

Featured guest Jac sm Kee & Esra'a Al Shafei

Topic Numun Fund


March 11, 2021 Glitter Meetup

Featured guest Karen Reilly

Topic Accessibility Knowledge


March 4, 2021 Glitter Meetup

Community Updates


February 25, 2021 Glitter Meetup

Community Updates


February 11, 2021 Glitter Meetup

Topic Community Health


February 4, 2021 Glitter Meetup

Community Updates


January 28, 2021 Glitter Meetup

Featured guest Gus Andrews

Topic Security Training and Security in a Box


January 14, 2021 Glitter Meetup

Community Updates


December 3, 2020 Glitter Meetup

Featured guest Phyu Phyu Kyaw

Topic The rise of online censorship and surveillance in Myanmar


November 12, 2020 Glitter Meetup

Community Updates


October 29, 2020 Glitter Meetup

Community Updates


October 22, 2020 Glitter Meetup

Featured guest Hapee


October 15, 2020 Glitter Meetup

Topic Improving our work/network on Digital Rights


October 8, 2020 Glitter Meetup

Topic Q&A with TunnelBear

Featured guest Rodrigue Hajjar, TunnelBear’s Director of VPN.


October 1, 2020 Glitter Meetup

Community Updates


September 24, 2020 Glitter Meetup

Community Updates


September 17, 2020 Glitter Meetup

Topic VPN Glitter Meetup


September 10, 2020 Glitter Meetup

Topic Greatfire's AppMaker

Featured guest Greatfire developers


September 3, 2020 Glitter Meetup

Topic Future Skills for Current Challenges


August 27, 2020 Glitter Meetup

Community Updates


August 13, 2020 Glitter Meetup

Topic What is Hong Kong National Security Law

Featured guest Lulu and Kaia, Open Culture Foundation


August 6, 2020 Glitter Meetup

Topic Center for Digital Resilience Help Desk Link

Featured guest CDR staff


July 30, 2020 Glitter Meetup

Topic Self-care


July 16, 2020 Glitter Meetup

Topic Social Media as recordkeepers of activism

Featured guest Isabella, Meedan


July 9, 2020 Glitter Meetup

Community Updates


June 25, 2020 Glitter Meetup

Topic Save Internet Freedom: what's going on with OTF


June 18, 2020 Glitter Meetup

Topic The Onion Browser

Featured guest Fabiola and Benjamin


June 11, 2020 Glitter Meetup

Community Updates


June 4, 2020 Glitter Meetup

Topic Tiananmen Protests Anniversary


May 28, 2020 Glitter Meetup

Topic Trolls and Bullying on the Internet


May 14, 2020 Glitter Meetup

Topic WomenOnWeb Blocking in Spain

Featured guest Vasilis and Samba, Magma


May 7, 2020 Glitter Meetup

Topic Community Prototype Fund - Open Tech Fund

Featured guest Tara Tarakiyee, Program Manager


April 30, 2020 Glitter Meetup

Topic OONI - Open Observatory

Featured guest Maria Xynou and Arturo Filastò


April 23, 2020 Glitter Meetup

Topic: Journalism during quarantine and Low-end Tech


April 16, 2020 Glitter Meetup

Topic: Improvements for IF Funders


April 9, 2020 Glitter Meetup

Topic: Racism in times of COVID-19


April 2, 2020 Glitter Meetup

Topic Contact Tracing Apps

Featured guest Sean McDonald, FrontlineSMS.



Glitter Meetup Notes Before March 26, 2020