Edited (version 39)
During the Rethink Journalism hackathon in Basel, we brainstormed how to help participants of similar future events to get some help with Information Security, and receive recommendations of materials - as well as more targeted advice about computing safety.
Photo credits: Kitty in the city
💸 Donate to digitale-gesellschaft.ch who presented a position paper and related news at #dinacon22
See also:
Background
At #rejoha22 we discussed concerns about journalists being targets of cyber-infiltration. We started an open pad, in which we suggest developing a toolkit: so that, even with minimal preparation, the infosec resilience of your community can be slightly improved - one hackathon at a time. The idea was further developed at the DINAcon HACKnight and other community meetings.
We originally called the project "Ask Jack", but out of respect for Jack Schofield, the Guardian’s former computer editor and long-running author of the Ask Jack advice column, we have renamed it ASK TI JEAN. Why? Ti Jean (little Jean) was a childhood nickname of Jack Kerouak - a great American novelist of French-Canadian ancestry, who was born 100 years ago and had aspirations to be a journalist. One of his most famous works is On the Road, which happens to share acronyms with Off the Record (OTR), a cryptographic protocol worth knowing.
Man in the Middle
Is not Worried
He knows his Karma
Is not buried
But his Karma,
Unknown to him,
May end —
-- Mexico City Blues by Jack Kerouak
Ask Ti Jean
Data safety on the Road
(A humble manifesto for better hackathons)
Journalists, freelancers, designers, everyday citizens - Demand more security in our digital life! Doubly so for people who are involved in critical investigation: all those, whose digital rights and identities may for various reasons be threatened.
Opportunities to quickly or inexpensively receive a security checkup from a professional may still be rare: look for an organization in your area that has a strong policy and support options. Ask them to host a community meeting, workshop or hackathon.
Diving into the world of cybersecurity for the first time can be overwhelming or intimidating if you do not get clear, direct, actionable advice from a trusted source. A network lets you get help from people for a reasonable price - or for other clearly stipulated motivations, like a volunteering certificate. But how does one find, and connect, to such a network?
~ THEREFORE ~
We propose ASK TI JEAN, is an Information Security (infosec) check-up and knowledge exchange that every community event should have as part of its deployment kit.
Specifically, we suggest:
- An informative poster designed to convey a practical and attractive Way to Infosec-up;
- Hand out pamphlets or booklets from reliable and current sources of user support;
- Link to online tutorials and Q&A forums where further help is available;
- Involve cyber-stretching in your routine, with simple exercises like changing passwords and checking firewall logs;
- Provision an ad-hoc network security tool for a background vulnerability assessment, explaining to your audience how it works.
Since having a dedicated on-site expert can be difficult or expensive to organize, at least have someone take some time to obtain and read up on material and prepare some tools. In the following sections, we are gathering some starting points.
Please 🙏 contribute to this hackpad using the open access comments, or edit after logging in.
Literature
What do we need to read and understand to develop this idea further?
- Ratgeber von Digiges/WOZ/CCCCH
- Wikipedia - Cyber Self-Defence
- GIJN Cybersecurity Assessment (Info)
- Hacking book by Dominik Landwehr (2014)
- OKFN - eGovernment und Sicherheit: eine schwierige Beziehung (2016)
- AWK - Cyber-Resilienz im öffentlichen Verwaltung (2020)
- Heise - Bund will im IT niemandem mehr vertrauen (2022)
Learning & Sharing
Good starting points, tools and services to offer and build on. Examples of projects that recommend security-related tools and practices.
- Kali Linux
- ProtonVPN
- Key signing parties
- Journalist Toolbox
- SpyPi - Students for data security
- Ransomware Prevention Kit
- E-Sec 3D learning courses
- Infosec AG - eLearning Courses
Communities
Where could you reach out to find people to contribute to such a toolkit
- Starship Factory (Basel)
- CoSin (Biel/Bienne)
- Eastermundigen (Bern)
- Bitwäscherei (Zürich)
- Moar Hackerspaces ..!
- CH Open / Open Education Days
- Chaos Computer Club Schweiz
- Linux User Group Schweiz
- SwissDevJobs
- FreelancerMap
Random
- Construction site safety poster vs. School of Data toolbox and poster
- Infosec posters (DuckDuckGo)
- Cybersecurity illustrations (heartbeat.ua on Dribble)
Contribute
This text was created by lo & lo
during Rethink Journalism hackathon in Basel on November 26, 2022. We started an open pad, in which we suggest developing a toolkit: so that, even with minimal preparation, the infosec resilience of your community can be slightly improved - one hackathon at a time. The idea was further developed at the DINAcon HACKnight and other community meetings.
We originally called the project "Ask Jack", but out of respect for Jack Schofield, the Guardian’s former computer editor and long-running author of the Ask Jack advice column, we have renamed it ASK TI JEAN. Why? Ti Jean (little Jean) was a childhood nickname of Jack Kerouak - a great American novelist of French-Canadian ancestry, who was born 100 years ago and had aspirations to be a journalist. One of his most famous works is On the Road, which happens to share acronyms with Off the Record (OTR), a cryptographic protocol worth knowing.
🖇️ Was Jack Kerouac really a hack? (2012)
Jack Kerouac with a cat, 1965 - Photography by Jerry Bauer
License
Licensed Creative Commons CC0 - Public Domain