https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual
General comments
We are interested in the fact that this manual is organizing knowledge is mixing levels.
*"You may notice that the current content isn’t a typical technical or security guide; it is not written with in-depth technical context or hands-on configuration and implementation guidance. It does provide links to more intermediate and advanced technical resources of this kind, but the current focus on awareness, strategy and tactics means it does not classify certain sections as “basic” or “advanced” for readers. It invites a wider diversity of skill levels to dip in and out according to interest and need."
*
The question is then of course, what is it, and does it speak to a practice? community? and organization? an individual? in what context. So it is interesting that the "manual" seems to have grown, been informed by the activities that directly link the technological practices to concrete situations https://gendersec.tacticaltech.org/wiki/index.php/Category:Activities and https://gendersec.tacticaltech.org/wiki/index.php/Category:Storytelling In what way could those experiences become more visible, legible in how they feed, challenge and validate the manual?
You might consider replacing the images by vignettes, images, experiences from those actual experiences.
Mix of perspectives and levels/scales (practice, reflection, observations, advice) is interesting, but also sometimes hard to follow. For example, in this paragraph there is a sudden shift to the larger cotnext of the issues, rather than the topic the chapter promises to address. Without thinking all levels should and could be separated, some elements would be better addressed in the introduction (and maybe referred back to)
*"But with the nature of the work we do as women human rights defenders (WHRDs) or as feminists plus the increased risk of attacks and harassment we can have simply due to our gender or sexual orientation, there are other options to consider and explore. Targeting, harassment, and gender-based violence online represents tremendous and ever-increasing problems that remain almost entirely unaddressed by those who control many of the online spaces we use. Currently, women, trans* and other marginalized individuals struggle to find safe spaces online, as governments, online communities, and both corporate and non-corporate services and websites stumble in their attempts to adequately address what have become hotly contested ‘spaces’ and ‘cultures’ online. In this section, we’ll continue the process of reflecting on what our current online identity or identities are."
There is something that doesn't work with gender in technological spaces that requires rethinking technological spaces and some of the proposed practices are workarounds, temporary solutions which is something else than rethinking technology with a feminist perspective. This text (outside the manual?) has interesting points, when it talks about how technology is made and how it is imagined: https://gendersec.tacticaltech.org/wiki/index.php/Including_gender_in_privacy_and_digital_security We understand that a defensive posture (protection, safe spaces) is necessary; but also does something to the world view that speaks from the document and how can this safe space be thought as part of a bigger, affirmative project?
Would benefit from a statement/understanding also maybe about demanding, developing other kinds of technology.
We first thought that there was nothing about labor, but then peu à peu, we started finding it, which made us very happy! We are thinking as much about affective labor to labor conditions in the global supply chain (starting with the extraction of minerals, to factories, to service production and maintenance). As also mentioned here:
https://gendersec.tacticaltech.org/wiki/index.php/Including_gender_in_privacy_and_digital_security
Technology does not start in the western world, although that is currently where a lot of the "knowledge centers" are. The production, constitution, and availability are continuously a part of a global supply chain in which there is diversity, but no justice or equality. So, while this sectino "Including gender" does make the argument that this global chain is part of the issue, by the end of the section, the focus is on women's experience as users of technology and not of producers. See for example this concluding sentence:
"When wanting to improve ones digital security and privacy practices, it is crucial to understand the threats and challenges we face and are exposed to when living online and the ways in which to protect oneself accordingly."
Not for all women that is spoken to in this section, the issues of "safety or security" are related to living online. Maybe you can decide that this is what you want to focus on, and just acknowledge it. This also might help with the selection of images that currently feels a bit arbitrary.
It is excellent that this is a wiki. Do you have some ideas as to how you can be more explicit about your strategies for updating, and inviting collective work around it? The length of the document might make it difficult to maintain. Maybe it is possible to take out elements that can be explained in the glossary; also glossary can be maintained separetely, by different people.
It is really good to sense that this manual is written with and addressed to a collective of "our growing community of women and trans* activists, human rights defenders and technologists" ... but sometimes "we" is a specific team of authors (Tactical tech), EXAMPLE We were wondering why if you speak about specific risks and actions, the mode of address switches to individual users. Could you think of including exercises, examples (maybe from the workshops that have been feeding this manual) of how to take responsibility together, and test out collective modes of doing privacy and security? This could also be an interesting moment to come up with tactics for collective decision making on hairy issues like which technology the community will use and who will install/maintain it!
Also, the wiki could be a good way to speak about the timely-ness of the information, both in the sense of 'time-of-writing' and for when, for how long will this be valid?
Some more editorial comments:
Throughout the manual you use the term "real", in relation to spaces and to names. "real name" = "legal name"? CHECK
The manual is referred to sometimes an "initial manual" .. "The complete manual" .. "Beta-manual" so would be good to be explicit about the status vs the ambition of the proiject
The order/granularity of the chapters is not entirely clear; it might have to do with chapters that are not written yet. It might be that needs explanation, or the addition of 'future chapters'
As we went through the chapters, we made some comments listed below; we are happy to give more explanation if necessary, please take them or leave them as you see fit.
1 Introduction
https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual#Introduction
Goals of the publication:
*
*First, how can we craft appropriate online presences (or a series of them) that strengthen our ability to communicate and work online safely?
*Secondly, how can we collaboratively create safe online and offline spaces that enable our communities to share, collaborate, and communicate safely?
(Later, summarized as: "awareness, strategy and tactics")
What is meant by "appropriate"? How do you see the first goal different or related to the next?
Is it really about developing trust and certainty, and if so, in what? In each other, in technology, in safe spaces? Is the problem that we cannot trust each other and we are not certain with each other?
Here some thoughts of what you might be saying:
*How can we strengthen our ability to communicate and work online?
*How can we develop a greater understanding of the risks we take when using ephemeral technology to create content, interact with others?
*How can we judge better what networks to trust, and how can we work on this together?
*How can we create safe spaces for ourselves and possibly others?
*What can we do ourselves, what do we need to avoid, and what needs to be invented or demanded?
Use of term 'liberating technologies' in this context seems out of place, these seem more like "let's hope it works" technologies ;)
Really nice you are insisting on "this is a process"
What is planned obsolescence? refer to glossary?
2 ‘Digital Traces’ and ‘Digital Shadows’
Why start with traces?
The section starts by speaking about traces but we do not know yet why they are important. If the problem profiling, government surveillance or some potential troll (journalist, or peer) collecting information about you. How can we better motivate this section? --> it then comes up in section titled "Who can collect our ‘digital traces’?"
"All together, these individual digital traces form clearer outlines of who we are, what we do, what we like, and how we act."
This is a very problematic statement. These traces are not outlines of who we are, they are traces of our online activities as framed by companies and governments which can be used to infer things about our past and future behavior and our intentions, but there is always some agency between what the traces tell as a story about us and who we actually are.
Interesting way of placing consent: "without you necessarily realising it, or consenting to it" Consent would possibly not make a difference in addressing the problems. You may have consented to giving data, but it may still be used against you in undeiserable sort of ways. It also feels like consent is a great opportunity to think through feminist practice. What in the world is consent? And, for human rights activists, for trans-/women activists?
Description of meta-data as necessary evil. This is also what makes 'address' possible?
Who can collect our ‘digital traces’? Yes, in the privacy discourse, one looks at how bad traces are. But I feel like we need to be speaking about why certain data is collected and how this serves different purposes, sometimes good ones, but that there is a desire to couple it with identities and profiling, which is partially the problem (surely centralization of our precious communications in the hands of a few parties with no accountability is also a problem) but I don't feel like all digital traces are a problem. Something more complex is going on and for an activist this complexity is relevant.
How to think about these traces being interrelated and interdependent (so not just individual): "How much digital information do you think exists about you" (your identity, your devices)
Surprising division in Content, Metadata, Noise? Content acts as '(meta)data' too?
Noise can also be created by humans. intention does not make content meaningful, when data is meaningful it does not mean that it is not noise. a beautiful conundrum that one could tactically and strategically work with (hence the concept of obfuscation as a form of self-defense). obfuscation can of course also work against one or a collective using it as a strategy and it can be used to make life difficult for people. I would put more effort into identifying the distinctions and their potentials.
Again, harassment is apparently always targeted to "you". What about systemic issues, exclusion, inclusion
separating domains ... hmmm 'work' vs 'personal' vs 'untrusted'
Maybe not assume "Although this is a fairly technical example, that many day-to-day users of technology may feel overwhelmed by"
from 'traces' to 'exploring' to 'social mapping' (as a strategy, not as exploration) to 'regaining control'
is it about losing control in the first place?
1. Self-doxing is empowering (?)
2. You should take control
3. You can take control
4. You don't have to retreat, you just have to reduce
5. Or actually you have to increase the cost
These seem so individual-centric. We wonder how this could be turned into a collective practice cause now the difference between some of this and reputation management/ego-search is just very thin. So, it really amplifies a sense of contradiction: i need my networks, i shouldn't be publicly visible, available. The compartmentalization is a good response, but I think this tension needs to be worked out more.
how about doxing your network or organization? what is known about you collectively? does this matter? how would one do this?
Mixing general advice with specific tech-solutions - better separate?
Mixing terms 'safety', 'anonymity', 'security' and 'privacy'
Seda: The problem with anonymization is partially the risk of reidentification, but also that anonymized data is up for grabs for whoever wants to do whatever they want with it. For example, if this data pertains to a small community, the inferences that can be made from it may be very troubling for the concerned community.
Registering under another name is not reducing metadata?
References:
I liked trackography.
I feel like these could be better organized possibly differentiating between commercial profiling, government surveillance (potentially the combination of the two), workplace surveillance, peer tracking etc.
3 Creating and managing identities online
Mixing of terms: 'real identity' "real" identity real identity legal identity your identity official name true name the name you were born with
mention of "Internet of things" unexplained and unclear why it is to be held responsible for the problem of creating and maintaining multiple identities
"potential online identities"?
risk analysis ... risk assessment ... threat modelling ... what to do ...
*it comes up as if these things are only one practice
*there is no reference to where these techniques come from (probably not a feminist method, but rather transported from military or commercial techniques for creating safe spaces)
*Would it be useful to open this for discussion!?
Anonymity chapter not so clear. "If you don't need to gain other people's trust" ??
on-line and off-line anonymity and how they might be related?
Comparing strategies table:
In table/strategies: Multiple identities missing
4 Creating a new online identity
Relation of/difference to this chapter to chapter 3?
decoys.me offline
5 Managing several identities
What is the part on (commercial) social networking tools doing here. Would be good to generalize, move in front as a checklist for any tool/technology/space
(it seems that since technology keeps changing and the security issues too, this skill of re-evaluating is crucial)
6 A different machine for each identity
Are 4 and 5 and 6 subchapters of 3?
a different 'machine' for each identity (put between brackets, because you are not only addressing physical devices but also virtual machines)
'none of these tools will protect you from every threat' why is this comment only relevant for this chapter?
7 Safe Spaces
Second part on safe spaces: is this a section about safe spaces online/safe spaces offline as two separate but sometimes related things, or is it only that safe spaces are offline and online is where harassment happens?
is there also an assumption that women and trans people are always aligned in a safe space. how about race and political differences?
do we need to also think about safe spaces of difference?
8 Safe spaces in the public sphere (online and offline)
interesting to include counterspeech and 'dealing with trolls' here. How to make better space for it?
Documenting violence - documenting, documentation should be part of the manual but not only related to violence. So, this could be introduced much earlier on (this manual as example of documentation practice) and refer to later/here.
Again mix of issues, method and desired outcome.
9 Safe spaces offline
relations between online and offline safety; General framework/How safe is the space for both on-line and off line spaces, and their overlappings, would be super useful. Interesting how the examples include on-line practices in off line spaces. (ie local network, ...). Not sure this chapter should be here but can inspire the thinking about safe spaces on-line
10 Tools for collaboration
Strangely, tools for collaboration then do not include physical tools.
Liking the counterspeech chapter, also it addresses solidarity/relational responses clearly. The 'storming wikipedia' chapter seems a bit over-detailed and might be better as an example, reference
11 Glossary
Feels rather disconnected, could be much better used. Could help contextualise the 'solutions' better. Where do terms come from, are used in primarily?
12 Establishing a baseline of privacy and security knowledge
13 Funding
14 License