View the zine
Download the zine
Download printable zine
- Paper & Pens/Pencils
- Devices capable of performing a variety of practical privacy/security actions, whether that is setting up a password manager, installing browser plugins, opening up TOR, etc.
- Optional: conductive fabric for faraday pouches, lockpicking kit, other physical obfuscation tools
The data REcollection workshop, ultimately, is both active practice in threat modeling and behavior change and a re-conceptualization challenge meant to encourage questions while also empowering action. This has been the most amorphous of my workshops, with the structure depending entirely on the participants. In general, we work through three basic activities, with additional activities and conversation evolving depending on the needs and interests of the group.
First, participants are asked to start by outlining a basic threat model and also to list the things they are most unsure of, annoyed by, certain of and afraid of with regards to both privacy and security. In the process, participants are asked to consider their current practices and find points where they are working contrary to the their threat model, and come up with the smallest possible change they could make to get closer to their goal. Second, they are invited to turn that small change into a behavior plan and to come up with an accountability and rewards system for themselves. We discuss operant conditioning and behavior and habit change models in general and their own experience with behavior change in specific. Third, we engage with a specific tool as decided upon by the group – whether that is password management, anti-tracking plugins, VPNs, or TOR.
On top of these activities you may also help participants to get a more concrete understanding of the data that has been collected on them through Google Takeout, teach basic lock picking techniques to illustrate the contingent nature of security, help participants to sew faraday pouches for their phones. These secondary activities are all guided by the interest of the group, and have not always been part of every workshop, but are useful exercises to explore and are examples of the ways that the workshop can be expanded and individualized. Some workshops have included no extended activities or have instead turned into question-and-answer and collaborative research sessions, which are equally expansive and useful. The key, when facilitating, is to approach the subject with honesty and with a tone that is neither didactic and scare-mongering nor condescending. This is a subject where it’s useful to admit that there are limits and unknowns, but not useful to claim that absolutely nothing can be done. Ultimately, the goal is not only to give constructive steps for privacy/security and behavior, but also to illustrate the need for better protections and for more active participation by the users of various tools and platforms.
The hands-on practical engagements are meant to be encouraging and demystifying, and to cover things that can be useful day-to-day. They are also meant to give a dose of perspective, and help with the process of making educated choices about the benefits versus the risks of various activities. In the process of doing this hands on engagement, we also discuss the groups that are doing the research, building the tools, and working to get policies changed, and compile a list of references for future individual research. At the end, participants are encouraged to trade contact information for future support, and I offer a follow-up mailing list for encouragement.