Prototyping Qubes trainings for different use-cases and communities
Qubes is a security- and privacy-focused free and open source operating system. Its architecture enables the user to define different environments or “domains” on their computer based on their threat model and manage their interaction with each other and the network. This enables the user to protect information and communications on their computer from malware or compromise through layers of defenses, as well as provide robust identity management through the Tor anonymity network, VPNs, etc. During this session we will prototype two different trainings using Qubes OS to address two separate target groups and scenarios: (1) human rights defenders and journalists who run a high risk of being targeted by surveillance malware, and (2) women and LGBTQI human rights defenders who need to manage multiple identities online to reduce the risk of hate speech, targeting, and harassment. After initially introducing Qubes with Qubes OS live USBs, participants will walk through defining their existing workflows and understanding how it can be adapted to security- and privacy-focused framework provided by Qubes. Then we will walk through a prototypical training focused on protecting the user from malware, through the use of disposable "qubes" (or virtual machines "VMs") to view attachments or suspicious files, offline password and document storage, and protection from malicious USBs. The second training will focus on partitioning one's social domains online in order to attain security and privacy. We will ask the participants to draw their own social graph and reproduce it within Qubes, focusing on Tor and Whonix integration, metadata anonymization tools, and using multiple browsers networked differently (such as Chromium through Tor!). This will be a first prototype of the training we are developing, and the track on Training and Best Practices will be a great chance of getting feedback from a wide range of digital security trainers for optimizing this approach, as well as to offer trainers a sneak-peek on new tools and ways trainers can explore when training communities who risk being targeted by surveillance malware or who need robust identity management online.
|prototyping Qubes trainings for different use-cases and communities|
|Presenter/s||Michael Carbone and Floriana Pagano|
|Organization||Access Now and Qubes OS|
|Bio/s||Floriana Pagano has been a member of a a privacy-oriented tech collective for over a decade. She has collaborated with Tactical Technology Collective both for publishing the content of the Security in-a-box website on Github and as a facilitator, digital security trainer, and manual author and coordinator. She coordinated and helped write the identity management and Qubes portions of the gender security manual Zen and the Art of Making Tech Work for You. At the moment she works with eQualit.ie editing and writing technical documentation for users. Michael Carbone is the Manager of Security Education at the international human rights organization Access Now, where he provides advice to civil society groups and human rights defenders to stay digitally secure. In addition to his work there, Michael supports the development of the security- and privacy-focused operating system Qubes OS.|
Slide on domain partitioning: https://share.riseup.net/#OE8hcIb9TVdWjEAxZDPlsQ
Slides introducing Qubes: https://github.com/mfc/qubes-training-materials/blob/master/qubes-showcase.pdf (download: https://github.com/mfc/qubes-training-materials/raw/master/qubes-showcase.pdf)