Welcome to Information Security for Activists 101. This is an introductory level course for anyone who wants to better protects themselves and their friends online. You do not need any prior knowledge to complete the course.
This course covers the basic security concepts of risk management, two-factor auth, URLs, and phishing.
For security nerds or the otherwise curious, here’s some background on why I made the choices I did in this course:
- Why focus on 2FA and phishing?
- By all accounts that I can find, phishing is the most likely kind of hack a user will be affected by. It follows that we should teach 2FA and how to identify a URL first. 2FA is incredibly good at stopping attacks and is very little effort to set up. Learning how a URL is constructed is not only a good way to help users spot prevent attacks, but it’s prerequisite knowledge for other types of attacks.
- Why didn’t you cover X?
- 101 is supposed to be as short as possible and a bare-minimum base. Future courses will cover more content and go more in-depth. Right now I have a 102 course in my drafts that goes into more detail on security planned with a module on Google Drive/Groups and how to secure that in a left org.
- Why are you not including the state in your threat model?
- Defending against state-level attacks – particularly if you are being specifically targeted – is extremely difficult for even infosec professionals and outside the scope of this guide. “Do not type in information into a computer system you don’t want the feds to see” is simple and much more likely to work than any technical information. “Don’t even talk about it near a computer” is the extra credit advice.