Member of The Internet Defense League

Wednesday, 12 February 2014

Privacy and Security - A practical perspective

Following the interest shown in by the attendees at the Privacy and Security Session at 
CMCS college Nasik, Mozilla Nasik Community decided to cumulate all the interest and 
serve it with a more detailed workshop.


The approach:
   The community members met over a coffee and decided to be more specific on the type of 
audience for the workshop. A set of audience who would be interested in maintaining their 
privacy and security over the internet and would like the hands-on of all the methods one 
should follow to do so.

Result:
   A registration form was published and responses were analysed. Interestingly the 
form worked well. With questions like,
Will breach of your online privacy matter to you?
What methods do you use to secure your online presence?
What if all you read write and all your online activity is being watched, will it bother you?
gave some interesting responses with a mixed YES* and No*.
We ended up calling each participant who had registered, but the questionnaire did give us 
an insight on what the audience is thinking before attending the workshop.

Agenda:
The coffee did serve one more purpose, that of deciding on the agenda. I wanted the Nasik 
community members to take the reins in their hands and drive the workshop. Hence we listed out our workshop bullets(topics to cover) and delegated responsibility of each.



Bullets:
  • Hack the web using Webmking tool X-ray goggles.
  • Follow The Privacy and Security Teaching Kit.
  • about:permissions
  • about:privatebrowsing
  • about:config - overview
  • http vs https
  • Understanding Cookies
  • Lightbeam addon Handons.


The Workshop:
   We started with a brief introduction to Mozilla, the mozilla mission and how it merges 
with importance of privacy and security of the online users.



* Hack the web using Webmking tool X-ray goggles:
   X-ray goggles serve the basic purpose of understanding the web's basic building blocks. 
Even a non-technical person feels at home and understands the web if he/she tries to remix 
a website using x-ray goggles (X-ray being the most popular tool for remixing, we decided 
to go with them).

"If we understand and know, what something is made of, we have a better control over it.
 was the basic principal we followed at the start of the workshop. Making the audience 
aware of the Html, Css and JS used to build that something on the web using X-ray 
remixing.

Consider an example: Your friend throws two planes at you, one made of paper and other of 
steel. Which one would you trust (considering you have option of dodging only one).


Its the paper plane you will trust, because you know it will not hurt you 
compared to the unknown steel plane which may have anything disastrous inside its 
structure. The same thing applies to the web. Understanding it, not being afraid of it and using it 
for the betterment and openness of the web is the thing we wanted to teach though this 
exercise.

Useful links:
https://support.mozilla.org/en-US/kb/x-ray-goggles
https://support.mozilla.org/en-US/products/webmaker/x-ray-goggles

Exercise facilitated by Mayur Patil.

* about:permissions
   It is very important for all the users of the web to understand the basics behind the 
"about:permissions" facility provided in Mozilla Firefox.
This is the Permissions Manager, using which you can give certain websites the ability to 
store passwords, set cookies and more.
To view, change the preferences regarding permissions in the Firefox browser, type 
'about:permissions' into the Location Bar (address bar) and press Enter.

Understand the about:permissions.



 Useful links:
https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-passwords
https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
https://support.mozilla.org/en-US/kb/pop-blocker-settings-exceptions-troubleshooting

Exercise facilitated by Khushal Kariya.

* about:privatebrowsing :
   Private Browsing - Browse the web without saving information about the sites you visit.
Many a times you need the browser not to store the information(history) of sites you visit 
or the text entered, password and other choices made on the web.
Private Browsing allows you to browse the Internet without saving any information about 
which sites and pages you’ve visited.
To start private browsing mode in the Firefox browser, type 'about:privatebrowsing' into the 
Location Bar (address bar) and press Enter.



Useful links:
https://support.mozilla.org/en-US/kb/private-browsing-browse-web-without-saving-info? redirectlocale=en-US&redirectslug=Private+Browsing
http://www.wikihow.com/Do-Private-Browsing-in-Mozilla-Firefox

Exercise facilitated by Vishal Chavan.

about:config - overview :
   To control the browser you use while using the web is the most basic right one deserves 
over the open web. "about:config" gives user the complete freedom and opportunity to 
control his/her's presence over the internet. Mozilla Firefox is highly customizable, and 
there are a number of ways to change its appearance and behaviour.
To modify a preference in the Firefox browser, type 'about:config' into the Location Bar 
(address bar) and press Enter.

Useful Links:
http://kb.mozillazine.org/About:config
http://kb.mozillazine.org/Firefox_:_FAQs_:_About:config_Entries
http://mozilla.gunnars.net/mozilla_howto_aboutconfig.html

Exercise facilitated by Ankit Gadgil.

http vs https :
   "You wouldn't write your username and passwords on a postcard and mail it for the world to 
see, so why are you doing it online? Every time you log in to any service that uses a 
plain HTTP connection that's essentially what you're doing.
" says Scott Gilbertson in his blog HTTPS is more secure, so why isn’t the Web using it?

There is a better way, the secure version of HTTP—HTTPS. That extra "S" in the URL means 
your connection is secure and it's much harder for anyone else to see what you're doing.
Hyper Text Transfer Protocol Secure (HTTPS) is a secure version of the Hyper Text Transfer 
Protocol (http). HTTPS allows secure eCommerce transactions, such as online banking. 

Why do we need this extra 'S'?
   The Web presents a unique set of trust issues, which businesses must address at the outset 
to minimize risk. Consumers submit information and purchase goods or services via the Internet only when they are confident that their personal information, such as credit card numbers and financial data, is secure. The solution for businesses reliant upon e-commerce is to implement a complete e-commerce trust infrastructure based on encryption technology.

Useful links:
http://arstechnica.com/business/2011/03/https-is-more-secure-so-why-isnt-the-web-using-it
http://www.instantssl.com/ssl-certificate-products/https.html
http://www.wisegeek.org/what-is-the-difference-between-http-and-https.htm

Understanding Cookies :
    "Cookie" is a type of message that is given to a Web browser by a Web server. 
The main purpose of a cookie is to identify users and possibly prepare customized Web pages or to save site login information for you. 

Can Cookies be malicious?
   Yes, Cookies normally do not compromise security, but there is a growing trend of malicious cookies. These types of cookies can be used to store and track your activity online.
Cookies that watch your online activity are called malicious or tracking cookies.
These are the bad cookies to watch for, because they track you and your surfing habits, over time, to build a profile of your interests. Once that profile contains enough information there is a good chance that your information can be sold to an advertising company who then uses this profile information to target you with interest specific adverts.
more..

Useful links:
https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
https://blog.mozilla.org/theden/2012/05/02/what-are-internet-cookies
http://www.cookiecentral.com/faq.htm

Lightbeam Addon:
   It is important that everyone should have the tools to make their own decisions about 
their online privacy and who collects data on them.
With the Lightbeam add-on and database server, Mozilla is providing a valuable (and open) 
community research platform that aims to – Raise awareness – Promote analysis – Affect 
policy change in the areas of tracking and privacy.
Lightbeam is one step in a larger, concerted effort by Mozilla and its partners to provide 
Web users with greater control and transparency of their personal data. - from about Lightbeam.


"One of the most invisible things about the Internet is that there are hordes of robots constantly scrutinizing your aggregate online behavior and determining whether you fit a certain profile." says Atul Verma in his argument about Does Privacy Matter?

He further adds: "These robots don’t have to be working for the government, either. They could be working  for, say, your health insurance company, looking for prior conditions that you might be hiding from them. The robots might even ostensibly work for “the people” in the name of transparency and openness."





Lightbeam download: http://www.mozilla.org/en-US/lightbeam
Exercises facilitated by Ankit Gadgil

Conclusion:
   This event format is contemporary, essential and practical. Discussing Privacy & Security with peers, students, teachers and netizens is the need of the day. Shielding our online lives from undesired surveillance is what the world is fighting for now. Understanding and getting to know about this is the 1st step towards securing the HEALTH of the web.
   
Event Photo stream: http://www.flickr.com/photos/ankitgadgil/sets/72157640763860995
Event Reps page: https://reps.mozilla.org/e/privacy-and-secuirty-workshop-cmcs
Prequel Blog: http://ankitgadgil.blogspot.in/2014/01/security-and-privacy-being-important.html

Useful Slides:
http://www.slideshare.net/ankitgadgil/privacy-and-security-mozilla-firefox-30239914
http://www.slideshare.net/umeshagarwal92102/lightbeam-30635161?from_search=1

Mozillians at the event:
 
FSAs:
Mayur Patil
Vishal Chavan
Khushal Kariya
Dhanashree Chaudhary
Ronit Jadhav


Reps:
Ankit Gadgil

References:
http://www.toolness.com/wp/2014/01/does-privacy-matter/
https://laura.makes.org/thimble/protect-your-privacy
https://laura.makes.org/thimble/privacy-introductions-and-setup

Tuesday, 21 January 2014

Understand the Privacy and Secuirty of your online lives.

Security and Privacy being an important part of our online lives, all the netizens should know how to handle it and keep the web healthy.


With the help of active and enthusiastic Mozilla Nasik community members, we decided to host the session on Privacy and security  over a coffee on 18th Jan.
The meetup was attended by 11 girls in total organized by the new Womoz volunteer from Nasik, Dhanashree Chaudhary.

We had a talk about Open web and privacy issue faced by a normal user over the web.
With a small dialogue with the girls it was clear that many of them did not do much to protect their privacy and security over the internet.
We showed them Firefox addon Lightbeam and how to use it, the tracking preferences they can set over Firefox and also the use of cookies.


The girls were delighted to know how they can make their content private and which has to be kept public. At the end of the meet some girls were inquisitive to talk with us about a potential session for all their classmates on the topic of Privacy and security.
As always ready the community members instantly decided to conduct a session and had a meeting with the college management for the arrangement of the session.

Event Page: https://reps.mozilla.org/e/understand-the-privacy-and-secuirty-of-your-web-cmcs/
Blog post: http://yomanpatil.tumblr.com/post/73827088110/fsa-pop-up-for-technology-loving-girls

The management was helpful in providing a seminar hall with required resources for the session.
The College principal was very happy to learn about the volunteer work by the community members.

The event was scheduled for 21st Jan 2014. We couldn't make a swag request as the time gap between the event date and its discussion was very less.
We all looked around our repositories for remaining swags and found some Webmaker sticker to give away.

Done with all the slides, content and attendee preparations the session was initiated by me with a basic introduction to Privacy and Security over the internet.


Mayur Patil took the stage with session on deeper understanding of Open source, its importance for students and developers alike. With introduction to Mozilla, Firefox Browser, Webmaker and Firefox Student Ambassadors (FSA) program, he was successful in keeping the audience glued to their seats wanting to know more.

I then started with a talk on Understanding Privacy and Security and Taking control of your online lives.




Part 1: Questions asked to the audience.
  • Only adults are concerned with online safety?
  • Activity online is mostly negative to my future?
  • Parental controls remove most risk for youth online?
  • Kids shouldn't have access to social media until they are at least 16 years of age and are aware of risks?
  • Kids should be allowed to access the web at school?
  • I protect myself/my family online by?

A mix of positive and negative answers from the audience triggered the interactive session.

Part 2: Discussion on some to-do practices over the web to secure your Privacy.
  • Don't leave passwords in open spaces.
  • Protect your personal information.
  • Don't leave your computer unlocked.
  • Secure ALL devices with unique and secure passwords.
  • Don't click on emails, or links from people you don't know, or that solicit personal information.
About Cybersafety Discussions triggered on the topics of:
  • Don't share any photo publicly, you wouldn't share with your grandma.
  • Never disclose your whereabouts publicly, or disclose you are alone.
  • Respect the privacy of others, don't post or tag photos of people without their permission.
  • Do not meet, or give out your full name, address, or phone number to anyone online that you don't trust or know in person.

Part 3: Is internet a scary place to be?
It was an obvious question which troubled many minds.

Answer: Not at all, the internet is a fun place to be at. A lot of sharing, building and making is what makes the internet the happening place. Opportunity for all is the key.
Be positive, enjoy sharing and making things made possible by the web - is the Mantra.



Part 4: We then talked about the procedures we can use to secure our privacy on the web.
  •  Cookies
    • Understanding Cookies.
    • What they do?
    • What makes them useful/harmful?
    • Enabling and disabling them.
  • Mozilla Firefox
    • Privacy Settings
    • Tracking preferences
    • about:permissions
    • about:privatebrowsing
  • Lightbeam (Addon) -  
Lightbeam addon gives the user a complete insight into the third party websites who collect the user's browsing activity with or without the user's consent.

Displaying this information in an interactive visualization - Graph, Clock and List. The visualization grows with every site one visits and every request made from the browser. The Lightbeam demo turned many interested heads to think about their privacy online.

  • X-ray goggles -
    • Introduction to x-ray goggles.
    • Demo by basic remixing a news site.


The aim of this exercise was to make the audience understand what the web is made of, how easy it is to understand it and how can we maintain our privacy and security while playing with it.

Whats Next?
Mozilla Nasik community is planning a more practical oriented handson event at CMCS college Nasik for the interested who like to build the web.
The registrations soon will be out on the Mozilla Nasik Blog and Mozilla Nasik Community Facebook group.
How to make optimum usage of Firefox, understanding about:config, about:permissions and about:privatebrowsing.
Create a FSA group at the college for further Mozilla activities.

Community members who attended the event:

Photostream:
http://www.flickr.com/photos/ankitgadgil/sets/72157640003409033/

Slides:
http://www.slideshare.net/ankitgadgil/privacy-and-security-mozilla-firefox-30239914

References:
https://patrickwade.makes.org/thimble/privacy-and-remix-workshop-teaching-kit
https://tiptoes.makes.org/thimble/safety-privacy-on-the-web
https://laura.makes.org/thimble/privacy-and-security-teaching-kit
https://ben.makes.org/thimble/learning-about-cookies-and-thirdparty-tracking-with-lightbeam

Sunday, 8 December 2013

Maker Party - Mozfest - What we learned


The end of the year 2013 nears and does the Maker Party 2013. The Maker Party being the most successful Webmaker collaborative event till date, saw a lot of teaching, learning and making. The shear idea of making what you want - the way you want strikes untouched chords of interest in many across the globe. 


The web is open and free. We should care about it by understanding it and building our own version of the it, drives the amazing phenomenon of the maker fair.

This year in 2013 it all started with the announcement of theMaker Party 2013 (formally known as the summer code party). 


Webmaker : The idea of Mozilla, teach the web to the world with the core motivation of web literacy using connected learning is the birth concept of Webmaker. The whole idea behind the “view page source” where we can view, copy, paste and tweak the code to make it our own made the internet the revolutionary tool it is today. Webmaker follows the same idea. Webmaker enables people to make, remix and build upon the works of others by exploring the endless possibilities the internet offers. The easy to use Webmaker tools viz: Thimble, Popcorn maker and X-ray goggles offer learning and understanding of the technologies the web is built in while creating great content.






Get involved - its an easy 4 step process :)
  1. Visit webmaker.org.
  2. Claim your user name.
  3. Create an original, remix something fun or start from a template.
  4. Help us test and improve the site.

Webmaker mentors: With webmaker the mission is dedicated to keeping the web open, accessible and free. To accomplish this, there is a need of more than technology: there is a need people who are empowered to build and take control of their own online lives. The synergic working of a global community of teachers and learners makes webmaker a big collaborative effort. The teachers here become mentors and these mentors are the people who are interested and motivated to teach the web to others in an interest based peer-to-peer learning method.



Mark Surman -Executive director @ Mozilla. says  When we talk about a global community of mentors, we’re talking about a global community of people who want to teach the web. We’re talking about formal educators, we’re talking about people outside the school system, we’re talking about techies, and we’re talking about parents.

I feel lucky being a part of the mentor structure. By teaching the web and evangelising the open web & open standards I can feel the positive contribution I am making to the betterment of the internet, the society and ultimately the coming generation.

The Maker Parties: Mozilla kicked off the Maker Party 2013 with a bang on June 15 2013. Webmaker task force India decide to kickstart the maker party in India on the same day with Maker party Pune event. For the next three months, people around the world gathered at great events, making cool stuff and sharing it all online. The goal was to host a worldwide party celebrating all the amazing things we can make and learn thanks to the web. 



Being a part of this amazing collaborative effort called the Maker Party 2013, I had an amazing learning experience. Many event hosts were not formal educators, hosting successful maker parties they proved that teaching the web was easy, fun and very productive. By connecting with other web enthusiasts eager to share skills, Maker Parties were a great way to gain experience and form networks.  Near to 1700 Maker Parties were held in 330 cities across the globe. India was called the epicenter of the webmaker activities by one of the Webmaker’s community engagement personnel. 





Maker parties I attended, facilitated, organized or mentored this season: 
Getting involved was easy:
Maker Party ran from June 15 to September 15. Visit webmaker.org/party to:

The Mozilla Festival: We visited, We made and We hacked together at the Mozilla festival. The world’s biggest maker party was all-n-all fun for the attendees.




1,300 hackers, media-makers and educators gather in London to invent the web’s future – said the headline of the blog by Matt Thompson about the MozFest

The Mozfest was a three day festival in London of making and learning. I was fortunate enough for being able to be a part of this amazing gathering of webmakers from around the globe. A big thanks to Michelle Thorne and Laura Hilliger for inviting me to the mozfest in the #teactheweb track. The venue Ravensbourne in East London was full of hacking and inventing together, building prototypes and curriculum for teaching everything from basic coding, to protecting online privacy, to integrating the open web into fields like journalism and science.

From talking about why I teach the web, Hacking some Tshirts, Playing with the LEDs on a biker jacket, earning open badges, mentoring at the webmaker tools pod to having the awesome #mozfest coffee the complete experience was overwhelming. 

 

 

Specifically talking about one such experience: It was day 1 at mozfest and at the teach the web track we had a webmaker learning booth. With a screen showing the live makes by the attendees it was one of the busiest booths. I was at the Student Ambassador’s booth, Jacob Caggiano (one of the most active contibutors to webmaker) came running in towards me and said “Ankit, checkout this amazing feature in popcorn its called hacking together ” (it was popcorn maker fussed with together.js to give it a new dimension of collaborative making. This was already implemented in Thimble and worked wonders.) I went with him to the now empty webmaker booth, we started hacking a popcorn make together and soon many eger and interested people started storming in. Many said “Wow this is such a cool tool, how can we do it?” and me and Jacob started teaching them the same. The mozfest attendees kept on hacking with the webmaker tools and sharing with an awe! I did feel the amazingness of the tools at that moment, with webmaker the maker gets the superpower of altering and remixing the web he/she wants.

 

With 10 key tracks mozfest did induce a sense of belonging and care towards the open web.

  • Teach the Web. New approaches for teaching digital skills, coding and webmaking.
  • Connect Your City. Building local digital learning networks around the world.
  • Skills and Badges. New ways to recognize skills and learning that happen anywhere.
  • Look Who’s Watching. Privacy, surveillance and tracking. How do we protect transparency and user sovereignty online?
  • Open Games. The web as an open gaming console for the world. Play and create next-generation web-based games.
  • Source Code for Journalism. Creating the tools news organizations needs to thrive on the open web.
  • Science and the Web. Redefining how we experiment, analyze and share scientific knowledge.
  • Open Data for the Open Web. Uncovering and building with data from the web and everyday world.
  • Making the Web Physical. Hacking on physcial devices and gizmos connected to the web in exciting new ways.
  • Webmaking for Mobile. Making apps and tinkering with your own phone. The web as platform.

 

 I as all other participants at the mozfest earned Open Badges, as part of Mozilla’s open source project to reimagine credentialing on the web. Many also issued their own Open Badges on-site using community-created tools like Makebadg.es and Achievery.com. A lot of badges, stickers and the awesome customized mozfest swag were the takeaways. 

 The after event parties are always filled with fun and creativity. Singing the Lungi Dance I had a lot of fun making every body dance at the Alphabet in the O2 arena.

 

 

 

Visiting the creativity & make filled mozfest and the awesome monuments & heritage filled London was indeed a dream come true.


What we learned: 
 # Reflection:
·         What's worked for Webmaking in 2013?
o   The new webmker.org website.
o   The featured makes (gave a lot of confidence to makers to do more and make more).
o   Mentorship structure.
o   The webmaker swag (ordering it was accessible to all)
o   Anybody can host a makerparty anywhere.
·         What have we enjoyed?
o   Inclusion of Javascript and together.js in Webmaking.
o   Hive and Webmaker party fusion.
o   Themed maker parties.
o   Facilitating and speaking about why we should care about open web.
o   Mentoring on webmaker.

·         What made the most impact?
o   The mentorship structure has installed a sense of belonging  towards webmaker and making, the maker party attendees also felt motivated with mentors around.
o   Themed maker parties made a huge impact, especially in India maker parties with theme produced more makes than non-themed parties. Eg: Independence Day Maker party.
o   Webmaker Swag.


Whats next?
 #Vision:
·         What we are excited about for 2014?
o   Offline webmaker tools.
o   JS teaching kits using webmaker.
o   Openbadges in webmaker
o   Maker Party 2014
·         Where are the biggest opportunities for Webmaking?
o   Science + Webmaking
o   Openbadges + Webmaker
o   A defined common Structure for maker parties (this can be hacked to be practically possible in your region).
o   Focus on children and school students, teaching them to become mentors.
o   As online courses/demos for learning HTML-CSS-JS    
·         What can be done better or differently to get there?
o   Science + Webmaking – learning templates for easy understanding. Eg: Converting programing concept documents to thimble/popcorn templates. 
o   Prioritise after event follow up.
o   Inclusion of open badges using step wise badge awarding process. Eg: Beginner, expert, theme maker, Yay your first maker! badge and more.
o   Easy event and mentorship guides for newbies.
o   Creation of slides and information templates for speakers and organizers (this will help them answer questions during maker parties). 





Pictures from the maker parties: http://is.gd/V4EEZf
Pictures from Mozfest 2013: http://is.gd/ufAWwJ
Webmaker + together.js: http://is.gd/Q8QpJK