Digital Security Training Cycle For Civil Society Advocates: Protect your Identity Online  

22 Octobre, 2016
Internet Policy Analysts authors, engineers, bloggers and journalists from the Internet Governance in the Middle East and North African Region (iGmena) program held a training and discussion on October 15, 2016. The meeting was held in the previous ATI headquarter (404 Labs) in Tunis. The Tunisian Internet Agency (ATI) is the exclusive state Internet Service Provider (ISP) and Internet exchange point (IXP) in the country. The session started with an introduction to the concept of censorship, its motivations, and its different forms, drawing on many examples with a focus on the MENA region.   

In fact, censorship is defined as the institution, system, or practice of reading communications and deleting material considered sensitive or harmful. Censorship is motivated by the most powerful weapon: fear. It can be categorized into three types: first, fear due to moral reasons, which depends on the ethics and religion of the society (for example, pornographic content being banned in Islamic and Christian countries). Second, fear due to political reasons; this is the most common reason found in the MENA region (in the Tunisian and Algerian cases, for instance).
The third type is fear due to commercial reasons; the great example of this is China, which has the most powerful censorship system in the world (Google, Facebook, Twitter, YouTube, and other services are banned). In the MENA region, one prominent example is Morocco, which censors VOIP applications in order to favor paid apps launched by Moroccan ISPs.

Censorship can be manifested by many forms, from mass surveillance and filtering to banning web content (URLs, search engines), and from cutting off social media (Twitter, Instagram, Facebook) to blocking access to certain technologies (such as P2P or VOIP).  

Slowly, from the concept of censorship, we moved on to a crucial conclusion: every person has the right to protect his personal data and his privacy. How? By remaining anonymous. And so our second main concept was introduced. We started with a brief presentation of the Virtual Private Network (VPN) concept, which combines the security of content by encrypting it using a tunnel over the Internet and protection of the identity of the end user. From VPN we moved to preserving anonymity by using a network of proxy and VPN, which is the Tor Network.  

After the audience got to know the concepts better, we moved on to a hands-on session learning to use two tools: Psiphon, for creating a VPN to protect communications and identity, and Tor to remain anonymous. We closed the workshop with a presentation of the Deep Web, also often called the Dark Web, to make the audience more aware of this world – which is mostly unknown but which represents 96% of the Internet’s content!  

As a conclusion, censorship harms three main human and digital rights: the right to access to information, the right to freedom of expression, and the right to privacy and protection of personal data. We strongly condemn any act of censorship and recommend bypassing it using simple and free tools. Besides, the more you know, the more aware and secure you will be, and what is secure today will not necessarily be tomorrow, so it’s important to keep yourself updated and continually re-evaluate your security practices. Finally, keep in mind that security is never a one-off act: it’s a mindset and a process.

The event was very interactive and a great occasion to explain more concepts (censorship, anonymity, Deep Web) for participants, as well as have an open discussion for better understanding of the Internet and technology. This discussion had the objective of raising awareness about issues that are IGMENA’s main focus and provide to the Internet Policy Activist the right tools to protect themselves and hide their digital footprint online.

Policy recommendations guide for end users in the MENA region : What you can do ?
  • Follow your gut on social media If an attachment or link looks suspicious, take a few minutes to think about who the sender is, what the email says and other contextual clues.
  • Try to deploy in your Mobile apps  end-to-end encryption and allow users to verify one another using fingerprints include  Signal, WhatsApp, and Wire, all of which also have a desktop and encrypted voice CALLING OPTIONS .
  • Add end-to-end encryption to many messaging tools, including Facebook, by using desktop apps Adium or Pidgin along with off-the-record (OTR) messaging.
  • Change constantly your device security setting and understand  how mobile phones can be insecure can help the unaware end user to be better informed about decisions about how you use them in your advocacy.
  • Back-up your website regularly is important and can ensure that even if a DDoS attack takes it offline, your content remains intact.
  • Mirroring your site is another good option for ensuring that your content remains online during an attack.
  • Use as well security in a Box contains a guide to protecting your device from malware and hackers.
For further advice, read the Surveillance Self-Defense guide to protecting yourself against malware
Written by Mr. Houssem Kaabi, NetworkTelecoms Engineer & Digital Security trainer  
Edited by Mr. Hamza Ben Mehrez, Policy Analyst lead (iGmena)