 Hello everybody and welcome to the webcast. I'm Anne from standout earth and you're in the right place for where digital and physical security meets what activists need to do about surveillance, doxing, tracking and more. Thank you so much for being here and special thanks to all of our presenters for their time getting ready today and sharing their knowledge with us today. We're so happy to have you all here. I'm going to just run through a couple of structure things for everybody. And then I will introduce Praveen Sinha one of our speakers and he will introduce all of his co-panelists and then we will begin with the presentations. And I would like to introduce Praveen Sinha who is one of our panelists today. And Praveen is the director of technology at Equality Labs. He has a background in software engineering, STEM education in marginalized communities, community organizing and activism and issues surrounding state violence. And Praveen was recommended to me to do some training for us on digital security by a member of our activist network. And we're so happy for that recommendation and to have him here and also to have all of these panelists who he brought together for us today. And so extra thanks to Praveen. And with that, I'm going to let him take it away. Thanks, and yeah, this panel folks that we're going to go into is this pretty illustrious. Everyone has been working at the forefront of digital security of law of just working with marginalized communities. And I'm really excited to have everyone. And with that I'm actually just going to do another introduction for just our first set of speakers here. So I'm just going to intro Idleen Bobe who's been working at techactivist.org. Idleen Bobe is a political educator and technologist. And she's worked at Global Social Justice Lead at ThoughtWorks and is a founding partner and former community manager of Black Girls Clothes. So that's really awesome. And with her is going to be Alexa Hancock. Alexis is a security advocate at techactivist.org. And she's a passionate digital humanist and black feminist, and she often searches for solutions to her first love, which is technology, or their first love. I'm so sorry if I got the pronouns wrong, I apologize. And then Alexis has a background in web development, community organizing, racial economic disparity research and education media. Hey, everyone. You can hear me thumbs up. Cool. Awesome. So thank you for being for introducing me. Thank you all for having me. My name again is Idleen. I work with an organization called techactivist.org. It's a grassroots organization that really started around 2014 out in Ferguson. When I was doing some community work with different organizations out in Ferguson, trying to help them to really just use web as a way to put what was happening on the ground up so everyone could see it. Never did I imagine that two weeks while I was on the ground, 200 FBI agents would then be sent to Ferguson to further work with Surrell and do a lot of interesting things to the people on the ground. So that's kind of where techactivist.org got its roots from was like, whoa, well, we have unarmed communities being Surrell and then 200 FBI agents coming to the scene. What are we up against and how can we use tech to secure or to better secure what we're doing and to advance the work that we're doing. And that's kind of again, like I said, how we got started. Another reason why techactivist.org got started was because we're learning a world where people don't believe we can bring change in the world. We believe that we can die for movement, but do we really believe that we will see the change that we want to see. Not so much people are more kind of like feeling helpless and hopeless. And that's because for so long, the people who have the knowledge and tools to do something about the issues in the world being exploitation, racism, sexism, and all these other issues, they didn't do anything. They just continue to create extreme poverty and desperate times. So techactivist.org is something that we wanted to to be a light while we're in this movement. It was actually inspired by the Black Panther Party. And interesting fact is 45 years ago, the Black Panther Party included the right to learn, access and control technology as a right in their 10 point program. And it's called community control of modern technology, which is our hashtag. Kiwi said knowing how to struggle is the essence of winning, recognizing ills is fundamental, recognizing how to overcome ills is mandatory. And that is why we believe it's critical for our people to understand the role technology plays in our society and in the economy. If we want to win, we need to know what we're up against. You're not going to go into a fight and prepare a fight and think you're going to be fighting against a teddy bear. Then you're fighting against a grizzly bear. You know, you'll come to the fight very differently if you know what you're up against. And that's kind of what techactivist.org is hoping that we do, that we're hoping that we can prepare our community to win, because we're fighting for our liberation, we're fighting for our lives. And it's really interesting because a lot, you know, you see tech and you think tech is our friend. We trust app so much that Google knows us more than our mama knows us, you know, like knows what time we got to get up and notify us, we got to leave the house to make it to our next meeting on time. When we're typing in the search engine, what we want to look up, it finishes our sentences. And we think tech is this cute little thing that keeps all of our data in the cloud without really knowing that it's tracking our daily movements, it's tracking our daily lives and it's not in a cute little cloud. It's in a cold basement and it's being surrounded. And there's so much more information that we need to know in order to prepare ourselves to know that Silicon Valley is not a friend to ours, even though it has a lot of PR reps, making media, you know, messages to stand in solidarity sometimes with us. It is not our friend. The CIA and the NSA were awarded in 2015 52.6 billion dollars in funding for non military intelligence. A lot of people don't know that a lot of tech and our communication devices really did get started by the government such as the internet the internet was only created when during one of the war wars. The US got really scared like oh well if we get bombed how are we going to communicate. So they created the internet. And many of our apps have seed funding coming from the government and that's why they're able to easily surveil us to turn on our microphones or video cameras, even when we didn't give them permission to. So tech activists likes to just kind of provoke really thoughtful conversations by bringing in elders such as sister Elaine Brown, former chairperson of the Black Panther Party, and having her talk about what is state violence, because surveillance is because of the state violence and what is the roots to state violence and having that amazing black political thought radical thought to bring in so much history, really helps us to prepare and to create a strong strategy for today. And then as we're talking about strategy, we get to check activists that or explores different apps or tools tech tools that we're using today that people mean people as an activist may not know about. So we bring on amazing people like Alexis Hancock who is the security at tech activists or to talk about signal to talk about thunderbird and different tools, such as she will explain more when she goes on. We only have a couple of minutes to kind of talk today, but definitely hit us up anytime. And there's a little chat box. For you, if you see in the bottom of your screen that you can send us messages on any question as we're talking. So at the end we can answer that. So I'm going to just move forward and have Alexis kind of talk more about encryption and different things. Thank you. Thank you, Edeline. Can everyone hear me well. Yes, you sound great Alexis. Okay, great. Hello everyone. So, as Edeline said that I would talk more on encryption and more on, I guess, having more hold of your data and tools to use while you have all this data within mostly in the smartphone realm but it can also crossover with your devices such as laptops and personal home computers, desktops at home, but mainly I'll be speaking to smartphones themselves. So, Edeline brought up a good point about Google and all these other companies that we sort of use every day and feed data into. So one of the first things we want to talk about is encryption. So encryption can be a vague world. And usually when people talk about encryption, they're talking about, you know, concealing. So I want to talk about that main point where encryption it doesn't necessarily stop interference of your data moving or stop interfering of someone trying to access your data but what it does does do is conceal your data from being human readable. And that's the whole point of encryption no matter, you know what you study within it with algorithms you know don't know. That's the main point of encryption. So encryption can come in many ways in many forms and also access to your data can come in many ways and forms. So, it only brought up Google and how kind of you know it knows so much about us, because we sort of came into this point of time with technology where everything's being streamlined together, especially within our smart phones with, you know, our credit card data payment data, our social media is being integrated with other platforms. Our data has become streamlined these days and the danger with that is now only a few hold the main process of our data. So then they hold the main infrastructure and data in the database like a centralized form of what does, you know, for instance me Alexis have used many credit cards she has as many Gmail accounts. There's so many things that are not split up anymore in your streamline so in terms of encryption and using on your phones and texting. Eileen mentioned signal signals a very good tool. There are other encryption tools out there in terms of texting encrypting your text messages on a one to one basis. And I say one to one basis because without having encrypted messaging, what normally happens is traffic on cell towers can be read and viewed police officers and other law enforcement have used other devices to kind of sniff traffic on cell phone phones like in Ferguson or any other protest around anti establishment protests, where they use something called stingrays. And they say back and forth whether or not they use them or not, they have been proven to be in use so having encrypted traffic, going out to your phone and going to someone else is very important. Signal is an application I believe is available on Android and iOS. Also, aside from traffic and what data you put out there into the world, it's also good to know about things called like two factor integration when it because we talk about a lot of we're really excited about availability of data right and that was the whole point of Google that was the whole point of Facebook that was a whole point of all these integrations was there are two other facets of security called confidence and integrity. So confidence and integrity has been heavily eroded over the years and we can see that now with the news with Facebook, and but Facebook is just surface. A lot of companies have been using each other's data to streamline profiles and to buy data from each other data is currency. It's no longer about whether or not, you know, how much money they can make how much exploitation they can make, and how much, you know, exploitation can profit. So, other phones and like Android Google has a lot of permission loose permissions Android a lot of loose permissions. So we can do on your personal phone is encrypt your phone. So if you go into your security settings and your Android particular I'm focusing on Android because it's more open source and less proprietary than Apple but I'll get to Apple in a second. Android they have an encryption feature on your phone so that's another thing with actual smartphones themselves. We've now come into a process in time where, you know, people are now leasing $600 $2,000 phones where you used to just be able to buy a phone or receive a phone for free. Some something of that nature where you able to actually afford a phone and own it. Now manufacturers like Apple and phone service providers are coming together to almost take away that ownership of these phones and now what happens to that data now. It hasn't gotten to that point where they say okay you don't own this phone you don't own this data, but it's creeping there so over over that point in time where you have a leased phone. A lot of people are tossing out phones each year now. A lot of e-waste because sorry because of it so when you have something like that. Going on with these phones you need to know how to dispose properly so encrypting your phone and then being able to reset the factory data before you give your phone back. It's something you're able to do now but now that people are leasing phones what who's to say that these manufacturers and phone companies won't say oh we'll take care of that for you don't worry about it that can get into a dangerous slippery slope. But I'll refocus on what you can do for now and encrypting your hardware on your phone or encrypting the data on your phone is very important. Having two factor authentication like different services provided Google provides it Facebook provides it. And other services as well normally provide two factor authentication where you need more than just a password to log in. That's what I mean by 2FA. Also, I'll post the link here in the chat of different tools that I won't be able to necessarily cover. I'll post it here. TacticalTek.org has many toolkits and many links and resources overall that you can use to be able to navigate what type of phone you have so they go over iOS to go over Android and other devices you may have. Tor browser is a good browser that they have out there where I see a cute question here. But overall being able to encrypt things being able to use different tools they list that there if you have more analog phones because a lot of I know a lot of activists may not necessarily invest in the latest smartphone or may have a phone on the side that they necessarily use just for their Activis use what normally happens when you have more analog base phones that are not typically smartphones. Overall, you can have, you know, I guess a more your cell if your cell phone is not smartphone base. It's less associated with your profile so you can take investment and you can take solace in that where you know this number itself you can keep protected but not a lot of people have smartphones and being able to use it out every year and throw it away every year. Overall, what you need to do is just kind of take into an inventory of what you have and what you don't have and who you're contacting who you're not contacting and where this is very important. I think overall with owning a smartphone. Capitalism. I don't want to get into much of a so box about it but capitalism itself is a security vulnerability I've been saying that for a long time. We've seen now with a lot of companies using greed as a factor to use our data and being able to make profiles based on as to make money off of us. But overall, capitalism. It creates a constant change of hands of manufacturers being able to fix your phone is becoming an issue so we saw like with net neutrality how ISP can necessarily sniff your traffic and your data over the Internet, but a lesser covered, I guess, issue is being able to fix your phones yourself. The right to repair is becoming a big issue modular phones do exist where you can take phones and be able to use out parts and will be more environmentally friendly it's called fair phones out in Europe I'll post that link as well as well. But fear phone is not available in the US unfortunately, but Google and Apple are ignoring this technology and saying that this technology is not possible if so then how come that it already exists. So, being able to say like oh you can't have anything else but a whole new smartphone is not. Is not true straight and simple. So, overall being able to take inventory what you have. I'll post another link here. A good factor for choosing a new phone. Especially in terms of being able to handle it yourself would be going to place like I fix it calm in terms of and a good question I would say a metric for getting a new phone is how am I able to replace the battery how easy it is to replace the battery the very good question. Because it starts to go into the rabbit hole of what kind of manufacturer you have in your phone. Well the company lets you replace the battery easily. Do they charge an insane fee or a very wild fee in order to actually place this it becomes a good question to kind of the branch out and talk about your data and talk about who owns it and who owns your phone and talk about overall. How capitalism plays a huge part in this so encryption to factor authentication tools like signal browsers like tour. Keybase is another I guess pseudo social media type app that's also using encryption, mostly these tools can are based off something called pretty good security PGP. So having PGP keys a little harder to explain off brief but overall I'll post those links as well to talk more about PGP and pretty good security keys where encrypted traffic is based mostly on that tool set. So overall those are the things where you can do a turn about encryption if you go for Android someone asked about Android. If you go into your security settings on it go into settings you'll see something about security and it normally takes about an hour to actually encrypt your phone to make sure it's charged or on the charger. While you encrypt your phone because normally it takes a little while to process all that data and truly encrypted so when you go through that encryption process make sure you have time and sit down with the phone and be able to actually let the phone do its thing. So overall, having other alternative tools while you browse. I use DuckDuckGo for search. I've gotten away from the looks of kind of using saying Google it. I don't say Google it anymore. I say search it because there's other search engines out there like DuckDuckGo who don't store your search data for more profit and more availability to what you're searching for the most part right now. So I say go to tacticaltech.org because they list all those tools. There's so many I could list but those are the main ones that I know I use also use VPN for my traffic going outwards for data at in transit. It's another facet of security so using a VPN over public Wi-Fi. I suggest don't use public Wi-Fi at all just because I don't trust it at all. But overall, I could talk about this all day but I'll go and I'll hand it over very soon. But overall, having a VPN or virtual private network for your Wi-Fi is very important and in places where you can't or in other things you can do that are very simple is if your device is not in use and you're going to sleep, turn data off, turn Wi-Fi off. It turns all the network connection off to your phone. I turned off my Wi-Fi to close my laptop. I take out the ethernet cord. I do whatever I need to do. If I don't need access to the device, I cut off access to device overall on the network. So there's very little things you can do. Just turning your phone off is a very brute force way. But if you don't need your phone at the moment and you know you're not going to need it for hours, turn it off. Of course we're very connected and we need to be in our networks at very vital times. But for times where I don't need my device and I know that I can just go ghost or go dark for a little while, I just turn everything off. Because not only does it help your battery life, but it also takes away that factor of if someone is doing attack, everything just got cut off. Overall, I would just hand it over to people who have Q&A questions like that. But that's overall my approach to security and my approach to encryption and being able to actually take inventory and storage of what you have and tracking smartphones and tracking of what exactly manufacturers and companies are doing with these smartphones and with our data overall. Great. Alexis and Edeline, thank you. And let's, we've got a couple of questions. Alexis, thank you for catching one that came in through the Q&A. There's also one in the chat. If I have a flip phone that's not a smartphone, can I still encrypt my texts? I went over this very briefly with more analog phones. So for phones that aren't smart or not considered smartphones, what you can do with your texts if you can't get an application like Signal is go into your settings and being able to track whether or not like, you know, like what phone service provider is very important here. So Sprint, Verizon, you can't necessarily block on a regular, I guess, flip phone to encrypt that traffic. But what you can do is if your phones are being in use for some sort of activist work, you can take that phone number and just kind of completely share it with your very trusted network. If it's more of a personal phone, it's harder to encrypt if you don't have applications you can put on a phone. There is. I'll search for it as we go over this presentation and look for it. But overall, I do know that there is encryption capabilities for flip phones because they normally put Wi-Fi from it, correct me if I'm wrong, but there are Wi-Fi and Bluetooth capabilities on flip phones. It's just not robust application markets to put on the phone. So you can do is encrypt your Wi-Fi traffic, encrypt your Bluetooth or turn off your Bluetooth, turn off any sensors you don't need on these flip phones. Wi-Fi, if you don't plan to use Wi-Fi, I would say turn it off on your flip phone. But as far as encrypting the texts themselves is a little tougher to do on flip phones. So I don't know an actual direct, I guess, a solution for that in particular, but I do know that if you can, just kind of take that number and only share it with a very trusted network is my best answer for that one. Great. We have a couple other questions. What is the promise that blockchain decentralized apps offer in this arena? That's a good question. So blockchain is very much so still being discussed in a security realm. Blockchain is slower than most encryption device tools out there right now, but with blockchain. I don't want to say as decentralized in particular, but what we can do is have potential solutions where people communicate over blockchain one way messages or one way needed networks. So the way for people who are not necessarily familiar with blockchain, just think of it as a actual chain of little blocks here and there. Just think of it that way where you kind of send out a message and to a very specific block has an address and you send that message to that address and your address isn't necessarily human readable. But it got there and you get confirmation it got there. If you send it to the wrong address, it's forever gone and but it still got labeled in this block of, you know, data in this database. So there's still a message in there, but it didn't get sent to the right place, but if it got sent to the right place the person with that address will receive it and then there will be a ledger saying, okay, this was received this was sent. We don't know who got it. We don't know who sent it in particular. That's the best case scenario with the blockchain so obviously that can provide some sort of solution, possibly to messaging. Right now, pretty good security or a pretty good privacy keys can are definitely kind of solving that problem already. So I think with blockchain. It would have to answer a question or answer a solution that PGP can provide, like being faster. Blockchain is definitely not faster than PGP right now, but it becomes faster. I think people will consider using blockchain oriented apps and it's also going to have to I guess, separate itself from the cryptocurrency narrative because right now cryptocurrency is all the rage and a lot of blockchain networks can get clogged with these cryptocurrency transactions. So being able to have a blockchain also that is separate from a blockchain database separate from cryptocurrency database because right now either room you can create either room apps off the blockchain but either room is also support either in cryptocurrency. But we also had an incident where somebody made a random app called crypto kiddies and a blocked up the ether and blockchain network so if they can separate those two things and separate those two technologies that's when blockchain can come in and possibly be a better solution and PGP PGP keys. Hey, so I know there's more questions and I don't want to run too much into pervins time. Right. We just real fast so the true value of incognito. I mean if you're working in Google Chrome. It doesn't really work it works like if you want to look at your own history you won't see your history. But if you don't want your history to come up or for you to be tracked go to go or go use tour. Those are the best things. And then for safety numbers when it comes to signal. The safety numbers are really just aligned to your specific contact is just making sure. Just like if you have a unique number is saying this unique person this number is assigned to to your contact. So that's why it's really important for you to get that number that safety number verified. And every time you update your phone or your software is really important to once again to to verify that safety number because there's other gadgets that can basically mimic that safety number if you didn't verify it and they could have a conversation. So real fast we're passing on to Praveen we're going to be here talking and learning with you all so definitely thank you and stay keep keep tuned in. Thank you. Thank you. Hey thanks y'all. Actually, you know, well okay I'll go ahead and just do it for myself so I work at an organization called equality labs technology director. And we work on basically security issues for marginalized communities throughout the world. We work with immigrant communities, Muslim South Asian communities. And just generally like, yeah, just anybody that needs help. So we, we've, we try to like make our curriculum, you know, really centered towards, towards people's needs. And I'm going to be just going to touch on, I think. Evelyn and Alexis did a great job on talking about sort of government surveillance. What I'm going to be kind of talking about more is surveillance by, I guess, like more private actors like trolls, and other unsavory characters on the internet that may be causing and stuff. I do actually want to, if it's okay, just address one of the questions in from the audience because I think it is a good question that's important, which is the explaining the safety numbers and reset security set session on signal. So, what that is briefly is that when you're communicating a signal, the line is encrypted, but it's, it can be vulnerable to what's called a man in the middle attack and what that means is that somebody may be hacking the connection in the middle and pretending to be somebody else. And that's a common problem in sort of these encrypted networks is you need to be able to authenticate and prove that who you're talking to is really who you're talking to. So what the safety number is, is that when you're using signal, you can go ahead and basically confirm that the safety number is the same for both parties and both sides. And what that means is that if they are the same, then you know that you've established authenticated line basically between the person that you're talking to. And you know that that person is the person you're talking to and that there's nobody in the middle listening basically. So, most people don't use the safety numbers, but if you are in a very high security situation like I highly recommend that you verify the safety numbers before continuing conversation. So, so with that, I'm just going to talk a little bit about kind of trolling and doxing and harassment. She's there pervasive right now in the world. And I'm going to actually do a little screen share here so trolling and doxing has been happening. You know, since like I think it really started taking off during what's called Gamergate basically and Gamergate is sort of a was in a series of events in the online gaming community world. Where people like women were kind of stocked and systematically harassed and the techniques that were used during this time period in the video game culture sort of set the set the groundwork for basically how doxing and harassment sort of works by mobs globally right now and so the in sort of the video game circles they established basically groups that would communicate over chat. They would have shared sort of documents and pads that they would work with and then they would like do mob doxing so basically would have teams of people that would go out and like tried to identify what would be, you know, personal information about people in order to, you know, harass them. So, so folks that aren't familiar with doxing by the way so doxing is is the active basically going out on the internet and grabbing all your personal data and with that data could look like your address your phone number your families addresses, you know, families own numbers, grabbing everything from social media, getting that all until like one big compiled document and from their harassment strategies start and so some of the harassment can look like, and it could be as something like a piece of your house, calling bombs right to your house. And, you know, people get really creative with it. So, so I'm going to kind of show you a little bit of how sort of the doxing tools work and some of the ecosystems around it. So, you know, and actually I'm going to just go ahead and I'm going to ask for brave audience volunteers, and actually folks in the panel to want to want to volunteer as well. Basically, what I'm going to be doing is I'm going to share my screen and do some searches on people to see what sort of information is out there on the internet. So, is there anybody that. Oh my gosh so many hands are growing up. Okay, I'm going, I'm going just with the first three that popped up. I apologize just, I'm going to go with Judith. I'm going to your unmuted I'm going to see if I can bring you up on webcam to. Lauren, I'm going to see if I can bring you up. And, going to try to bring up Edward to can we hear you all anyone want to jump in just with your voice first. Lauren let's see can we hear you. Let's see. Let's see should be letting you all. Oh, here we go I need to do it second thing okay Judith and Lauren okay Lauren I'm going to unmute you. Sorry about that. Lauren we should be able to hear both of you and then I'm going to see if I can go get one more person for being while you start this is very exciting. Can you all see my shared screen here. Okay, so I'm going to a website called Spokio and what Spokio is is it's a data broker, and this is one of hundreds out there. And these data brokers, they monitor you and they look at your utility bills they look at your addresses they capture they actually buy information from from a variety of sources. And this isn't even like Facebook this is just your data show that you leave behind in the physical world, and they collect those years on you basically and sell that. So Lauren, I'm going to ask you is just, would you give me your full name, and how you saw it. la u r e n r e g a n. e g a n like that. And can you tell me which state you're in. Oregon, great. Scroll down. And we'll look at Oregon. Okay, sorry for me to learn do you want us to bring up your webcam or would you rather just do voice. Okay. And Lauren so which city do you live in. Eugene Eugene okay so. Okay, so is this you here the. Yeah, yeah. Okay, so let's take a look here. So, so just basically through a public search, we have like a photo. It looks like is this your landline here. And your house address. Yes. Oh, it's your office okay. Old office I should say. Okay, so a lot of date, I guess right. Okay, so that's good. That's great. But these are these relatives. Yeah. Yeah, so. So when folks are in a, here's your LinkedIn profile. So this can get pretty. Oh, great. And you're kind of organizational history. Okay. So, so yeah, Lauren so. So we can see here that, you know, just through a casual web search, we can actually find out a considerable bit amount on you. And so. So the video that I'm using is actually a $20 paid account. So, so some of the stuff you won't see on the free version, but the free version does be your family members in your address. And I know we have another volunteer to maybe we could get the next person. And I'll do another, just search sample search. You bet proving we have Judith, Mara and Maya, and I'm going to bring you up in that order. Yeah. So I'm going to, I've been muting people in between just to cut down on background noise. So Judith, let's see if we can hear you now. Judith. Can you hear us? Okay, maybe we'll come back to Judith. Let's try. Let's try Mara. Am I unmuted. Yes. Oh, cool. Okay. I'm in the Chicago area. I also have a question at the, at the end about doxing and some of the things that might be done. I'm a national organizer and I'm just curious about a couple weird things that happen. Sure. So, Mara, can you give me your full name and I'm going to run you through another one of these. Good. It's Mara, Mara Cohen Co HEN. Okay. So, let's see here. So, let's see here in Chicago. It's actually Skokie. SKOKIE. That might that get more heads. SKOKIE like that. Mm hmm. Okay. I can't see very well, but I believe it's the second one down. Okay, you know what, let me go back to the coin. I just messed up the screen. Maybe. Here we go. So, that's a double picture. It's me. Yeah. Okay. Yeah. So, so we can see here again that this is a free public search. You're a regional organizer at move on. I was a long time. Not anymore. Okay. Good. Good. But this is, and then it looks like you. Maybe have some family members. Yes. Yeah. So, I make sure they have pretty old information on me. I think I'm interested to see this. Yeah. Yeah. So there are a number of strategies. There's a number of strategies to try to mitigate some of the stuff. But oftentimes folks that we work with, maybe like getting into media or there, you know, for some reason there's getting a lot of attention drawn to them. So we, there's also methods to scrub and opt out of these sites as well. Oh, okay. So Mara, did you say you had a question though? Yes. Is one of the things that can happen, I don't know if boxing is applicable to government. Annoying and harassing people too, or if that's just a word for corporate and trolling and all that kind of thing, but is one of the things that can happen just random weird stuff with your computer and phone that tech support can't explain or help you? Possibly. Yes. Yes. Possibly. And this is a segment I'll go into just shortly. So let's see. Okay. So, so actually I will still need one more volunteer, but not just in just a minute. That's okay. Okay. That'll be Maya. Sit tight, Maya. Great. Great. So when we're talking about Dobson, you know, I wanted to usually when I work with people, I showed them the site called researcher.org. But of course it was just my luck today that the site is actually down for maintenance. But what the site is is a, it is, you know, actually let me switch my screen share here and let's see if we can see it. One second. So, let's see here. Okay. So researcher is a website and what it is, it's a bounty website. And the bounties are for left leaning activists basically to identify them. So the site is currently in her maintenance. So I'm just going to actually just show you a screenshot of what normally looks like. I don't know if you can see this, but basically there's real dollar bounties. Let's see here. So we have, you know, left activists, you know, like this person was in the D.C. protest. They had a $5,000 bounty for his information and doxing. This person is also a D.C. $1,500 bounty. And basically this site is a systematic, systematically goes through and puts up bounties for people that they don't like. And they try to identify them in an attempt to get prosecutions or God knows what else. So this is kind of like one of the sites I kind of showed to kind of scare people. The other site that I, you know, kind of also show is that there's a site called key wiki. And what key wiki is, is it is a systematic wiki database that is being maintained by the right wing. And they are, you know, made systematically going after activists throughout the United States. So there's lots of people in this wiki. You can even go and if you're curious about you or your friends, you can go and just search to see if they have an entry. But this is a privately maintained website and they're trying to like track connections for all sorts of people. And I won't actually put any names of the people that I know right now just to protect them. But if you are curious, I do recommend that you go to the site and do some searching. And for all these sites, I think Alexis talked about using a VPN and I highly encourage that to because, you know, they're tracking your IP addresses. And if you have a VPN, it's, it's good to use. I'm going to do, okay, so I'm sorry, we had one more volunteer, right? That's right. Let me see if we can bring in Maya. Hello. So my, what I'm going to do is I'm actually going to ask you for your email address and I'm going to check to see if your password has been floating out there somewhere. Oh, great. My email address is. So the site is called have I been phoned and what it is is it's actually a pretty good service that is tracking to see who where your password has been breached. So it looks like your breach, you do actually have a breach from 2017. Basically, this data, it's not going to show you this data for this particular breach, but there was this river city media breach, which has leaked email addresses IP addresses names and physical addresses. I'm just actually going to go ahead and just search for myself just to kind of show you. There is for all these breaches, there's actually a very active community that trades passwords. And these passwords are index and these files called paste basically. And I'm just going to show you, you know, for my own breaches here. Just do the site that I don't know if I can find a good breach here. I'm going to show you that, you know, every time you see something in the media that this sets been breached that sets been breached. There's a very active commercial ecosystem that, you know, both trolls and hackers and also governments will actually buy so there's, you know, people will buy a list of like 10,000 passwords for like, $400. So I'm just trying to find one of these pages is open. Okay, so I'll just search for my personal email address in here. It's still loading. Okay, but so for example so you can see all these email addresses this is one of my old passwords I've changed it but this is a good practice to always keep your passwords separate and keep them rotated because you can see here that, you know, this is my email and password and, you know, you're probably on a list like this somewhere. So it's good to use a password manager if you can, and to actively rotate out your passwords, you know, every few months. And so let's see I think I'm running up on my time. Let me just go ahead and I guess like stop there and I just see if there's any any questions. Okay. Let's see here. Okay, so what I'm seeing is for somebody to my chat is picking up. Okay, so, okay, lots of questions here. Okay, so password managers. Yeah, so in terms of password managers. I think the one that I personally like the best is one password as far as a commercial manager goes. And one of the good things about them is that they're also signed up to these password breaches services so it will actually alert you which accounts are getting breached. And so that's a really useful service and it costs about I think around $10 a month. But if you're doing high security work for an organization that's a pretty good cost absorb. Some people like, you know, justifiably so don't like giving their passwords out to anyone. And so there's a system called key pass, which is all passwords all stored on your hard drive and encrypted under hard drive. That's a good solution for techie folks. But the thing you got to keep in mind is is that if you, you know, something happens to your hard drive or if you lose your master password, then you're really locked out of all your accounts. So you got to have a disaster recovery plan in place for that. And, you know, in other conversations I've had some people don't use password managers they just have some sort of algorithm in your head to create and generate passwords and I think that's actually a pretty valid approach as well. If that's something that you can maintain and, you know, you can make sure that you can rotate out and keep the password brush that's also an approach to use as well. And let's see another question here is, okay VPN, so I mentioned VPNs while visiting key wiki. So are there other precautions take while visiting these sites or these sites otherwise it's unsafe to visit. So, yeah, in general, so I showed you researcher and key wiki there's other sites like 4chan and 8chan. And those sites, you can think of as like pretty much like active hate sites where they plan what they call raids. So if you go to 4chan and slash slash POL is the political board where there's a very active community that's looking at news and trying to dox people. Going to those sites. I definitely recommend using either VPN or tour browser. And I think Alexis talks about tour browser tour browser is slower than VPN but in some ways it's also more secure and hiding your identity. So in terms of other precautions. I think I think just for visiting this site. That's fine tour or tour VPN should should protect you. And let me just check on time I think I'm going to have to pass it again right. Yeah, I think that's the best thing right now but we'll see if we can circle back. I have questions coming in and I appreciate all of the speakers who have been offering answers in the chat and in the questions and trying to get to everybody. But yeah if you want to introduce Ken, I think that'd be great and then we'll try to get everybody back in Q&A at the end after some questions for Ken. Okay, great. So, you know, actually let me just one second so yeah so Ken I'm really happy to introduce he's he's a good friend. He's a member of the LAPD Stop Spine Coalition and the Vice President of National Lawyers Guild. He's been a nonprofit technologist for over 17 years. And he's currently the IT director at the Asian Americans Advancing Justice Los Angeles and a board member of the National Technology Network and the Immigrant Defenders Law Center so Ken really happy to introduce you. Thanks Praveen and thanks all. I think it's really nice to kind of follow up here because yeah I think there's a building action when having these conversations about security. I think a lot of times it's very easy to get wrapped up in the tools and I'm actually going to ask us to kind of go back to centering some other items when we're having these conversations about technology. So for me, I'm going to start off with a bucket of slides. So security notes, Praveen covered who I am, but a big part of this conversation about security is really about safety and safety includes our mental health. So oftentimes when we're talking about security solutions, we have people create this like culture where people freak out where it's like oh you need to like blockchain will do this or like oh like X, Y and Z that we need to do is like build the best root Goldberg machine and that'll keep you safe. And the reality is that I'm a big candidate if we kind of center this on people, then we can identify solutions that will actually stick. And if a solution will stick, then we have a greater likelihood of actually creating security culture and and it's a slow process but I'm really glad that there are a lot of organizers on the call on the webinar today. I think it's also important to lift the context. So at the Stop LAPD Spying Coalition, one of the big things that we always that keeps us grounded is realizing that when we're talking about police surveillance or even private party surveillance. This is nothing but a continuation of history. It's not this unique moment, we have to realize that for marginalized communities, particularly like non cis non white communities not this male non white communities. Surveillance has been just run in the middle it's something that they're accustomed to, and it's something that needs to be disrupted. And I think particularly with the audience we have today we a lot of we have a lot of folks from the environmental protection movement. We have to think back to the days when surveillance was used aggressively in the 1990s and early 2000s to really disrupt some of the more radical, meaningful environmental protection work. So it's stuff that you all know. So I think that just because we're talking about the technology aspect of it. It's very dangerous to pretend that they're two distinct things. And I think that when we have these conversations, we're facing these really huge challenges. One of them is that our digital footprint is huge. So if we take a moment and we like look at our phones, and we look at all the pictures that are on that phone. And we're like, wow, if this was a photo album, each one of us would need like a personal archivist, we would need like tons of storage space like physical storage space photo albums, etc. And yet in the digital world, that's really invisible eyes. So how do we kind of remind ourselves of the digital artifacts that we're leaving. I think there's also a challenge that technology is largely designed by non activist white people who are trying to figure out how to get like venture capitalist money and all that other hot mess that makes the world horrible. So there's very little technology designed for mission driven or social transformation groups organizations whatever iteration or formation you want to call it. And that's that's a huge challenge because the way that we look at the world generally within this side of the house is we're not hoping to like monetize the 50 users who sign up for something. We're hoping to build relationships with them, etc. And to hopefully move the needle in a positive direction or in a more like just liberation oriented direction, hopefully. So another factor that we're facing in movement driven work is that there aren't a lot of technologists in this world, like more often than not, the technologists are parachuting into your world telling you here like some five solutions. So let's go ahead and do X, Y and Z without actually breaking bread with you and building with you and how do we kind of disrupt that as well. I think one of the challenges is that funders will sometimes be very hot and heavy about like, oh, we want to do a digital security training without realizing that a lot of this is about virtual shift. So if like me and five of my homies decide to use X technology, we can create a community of practice and we can get better at it and that technology becomes normalized and it becomes part of how we do our work. It's very, very important to me to see how some of the good practices we have in movement building can be translated or carried over into our use of technology. The final I think big challenge at a metal level is that this technology was really fast and it's so fast that it requires a lot of of a learning curve. It requires us being reflective and saying like you know what that technology that we spent two years rolling out is garbage and it's not doing X, Y or Z. It's not keeping our people safe, etc. So at some point we have to realize look technology will never be the answer. The answer is always people power the power of relationships really at the end of the day. So the key concepts that I'm really going to dash through in the interest of time is a concept of practical security. So practical security in a nutshell, it's stuff that we can expect people to do or practice. So like let's say in my work, I'm lucky to work with with the diversity of communities. But let's say if I'm talking to day laborers, particularly Spanish monolingual day laborers, I realize that whatever I'm asking them to do or suggesting or whatever we figure out is going to be like the next step the actionable actionable part. Within that I have to ask them to do something that they can do. I'm not going to ask them to do key based encryption because I'm setting myself up for failure. And I'm also setting them up for frustration and that's not movement building. I think the second piece is data stewardship. So in our transactions with communities and with supporters and members. It often looks like data, like once upon a time it was like this amorphous sign-in sheet that people make transcribe and put in a box and put away or butcher paper. Gradually all those organizing and movement building relationships have a digital manifestation. So the question is how do we become good stewards of the data that people entrusted us with. And we need to be responsible with that data because that's relationships are really what a lot of this is about. The concept that we developed at the stop LAPD spine coalition was how do we have these conversations with a framework of power not paranoia. We're here to build power. We're not here to scare people. So we want to center the fight for justice we want to recognize that even if you tell an organizer hey you signal and that organizers committed to using signal. All the people they organize with are using feature phones, like not smartphones so feature phones, or they're using like, hey, I'm not going to install signal because my phone is full and it's like five Android versions back etc. We have to realize okay then what is the next tool that people will use. And so that's part of that as well. There's also the concept that yes, there is mass surveillance. And if surveillance is a mean of social control, it's a form of state violence, which it is, then doing mission driven work in spite of the surveillance. It kind of is makes surveillance irrelevant because I think that if you show the state and private actors who want to undermine your work that you're going to do it regardless. It's actually a victory I'm very cautious of folks who are like well the technology isn't going to keep us safe. So we have to stop doing that work. I would caution that just the same way that I would caution anyone at a meeting who's like oh the FBI has a file on me. I'm like wow that's not a badge of honor that's potentially like carelessness to a certain degree of like being proud of the fact that you know you close the risk to folks. Let's go back to point one. So in network so I'm a by training a system administrator so like computer networks that type of exciting stuff. And so in a network diagram and this extends to human networks as well. We're only safe as our weakest node. So like let's say when you're playing like or when you're keeping secrets with your friends. A lot of us have friends who were like oh I can't tell them because as soon as I tell them that's getting out. Similarly in our security work we realize oh this person has bad technology practices and we have to figure out how do we incorporate them into our work or exclude them from our work for the sake of security and safety. I think that's very important and it's very difficult because if we are going to incorporate them it means that we have to invest time in training people. It's really quite simple. Either we bring them along or we leave them behind and I'm a bigger fan of bringing people along rather than bringing leaving people behind. And so these small steps could be you know I'm going to help my homies set up to factor authentication. They don't need to understand the math or the cryptography behind it. Well math is cryptography but but yeah all they need to know is like oh this really is like a safety net in case your password is compromised. The second thing is white supremacy is super real in tech. So if you look at the people making money off of technology the people who say that technology is the answer. A lot of them are hella white and a lot of them are really invested in oppressive power structures. So it is somewhat delusional to believe that our salvation will be in technology or salvation assuming there is such a thing is really within each other. And so within that I think that there is an invitation here to start to consider the tools that we use that whenever there's the possibility of using an open source tool. We should try to use an open source tool because not only is it developed with a community perspective and input. And even if that community is more largely white etc. It's substantially better than private tools. The other thing that I would also invite folks to do especially with the penetration of Office 365 and G Suite Google Suite for nonprofits is to consider that those products actually have better privacy protections than free Gmail. So free Gmail and other free services. You're really the product with G Suite and with Office 365 if you're using like the donated versions for nonprofits. There's a greater degree of protection and there's actually centralized administration which I think are really good. And the movement needs to figure that out. I think another thing is figuring out at what point we invite people or collaborate with people who are using tools which we may not feel affinity for like let's say Facebook's WhatsApp with a lot of marginalized communities especially like folks who live like in the Indian subcontinent Latin America etc. You can't take WhatsApp away from them because that's the only way they connect with their families but you can tell them hey don't turn on the backup feature because then it's just sharing all of your data and creating a potential data hole. So once again we're in it together. One of the things that really challenges nonprofits is how we don't generally and this is really for senior managers at nonprofits. We need to create the culture shift where we invest in staff training and continuous training is part of that framework as well because having people attend a one off security presentation isn't going to change culture. We can actually raise more questions and create more harm than good. It's also an opportunity to build relationships with folks so successful trainings usually entail a accessibility but also giving an opportunity for people to build a community of practice. And the person in that photo is Bonaventura Darudi and Darudi said I believe as I always have in freedom the freedom which rests on the sense of responsibility. I consider discipline indispensable but it must be interdisciplinary motivated by a common purpose and a strong feeling of camaraderie shift. And so within that I think if we translate that political statement to like technology operations. Then we start to realize well this is not just a technology decision. This is actually a decision of collective security. I'd also like to challenge that security. It's a huge process. It's a never ending process. It's a big cycle. It's not just used toward a signal high five. You're done. It's yeah those are really good tools but also are they tools that kind of address the material reality of the folks that you're working with. And are they accessible tools is a very big part of it. Do they meet all the functional requirements so all like the operational needs you need to get your work done. And I think that it's also important within this framework to realize that there is no like oh I'm secure I'm done. That's really really a big myth. I think a lot of folks go through workshops implement five steps read an article on the intercept and say like high five I'm secure. But if we're securing with people if we're communicating with boats who practice very weak technical security or operational security, then we are putting people at risk so I think in terms of trends within particularly within the nonprofit sector. It's like the sexy ones are denial of service and harassment like doxing etc. But more often not a lot of vulnerabilities are because people don't do software patches, or because people leave a password taped to a display or something along the lines. So it's like how when we're doing security, do we kind of address the low hanging fruit and not get distracted by encrypt everything etc. Because I think most most data exposures, more than 60% of data exposures are caused by staff action. So how do we train staff not to click on every link in every email that they get. That's probably a bigger return on investment than teaching people how to do private key encryption. The other thing is that the engine room just put out a report a couple weeks ago, where I really appreciate how they in a nutshell created this continuum of where organizations and groups live in terms of digital security that they're the folks who are unaware. So they have like, you know what we're really busy we're not doing anything about it, highly exposed learning like oh wow I guess I got to do something, and then mastering. I would offer that these are also cyclical phases, because if we are like let's say, I work at a civil rights organization, if we were to start to collect related data, then that would completely change the game, where we would be closer to an unaware environment, rather than a learning or a mastering environment. So all these things change all these things are fluid. So here's a really quick breakdown of some process points, have honest discussions with your comrades or colleagues, whatever you want to call them we're friends, and identify. What are the current practices we all engage in. What are the risks that those practices entail. So some people call it a risk assessment, some people call it a threat assessment. Call it whatever you will, but have some honest conversations about the role of technology and the place that data holds in your organization. Create a plan with reviewers. So I think more often than not, these are seen as one shot exercises that's very dangerous, this has to be highly iterative process. And, and to realize that the material inequities of the world are very real, So like let's say a civil rights organization with a larger budget will have a easier time implementing technology solutions, then like let's say a small worker center network that you know doesn't even have up to date computers. And so for them maybe the goal is, let's have up to date computers. Let's not make shoot this like long goal of having security awareness training for everyone once a year. Go slow. Understand what you're doing. Or don't do it. I think like with with technology, technology is one of those things that is not very forgiving. It's not very forgiving in the sense that the user experience has to be a good experience. So make sure that when you're rolling out technology, especially related to security to your users, that it's something that they are going to be able to process that they're at a time to process to not roll it out like let's say, if you all are going to kick off a campaign. Maybe the time to roll out new technologies three months before that campaign. So that's super important. This is who I am. You've got some of that in the intro. I don't know what else to tell you. And that's what I have for you. I'm going to start my screen share month. Alright, thank you, Ken. Wow, wonderful. Thank you. All the speakers for your presentations and and I, I was going to try to do a little bit of a ask some questions and get around table going. There's one just one question that I want to ask and then I want to let the speakers go to any, any questions that they saw pop up that they'd like to speak to more. I just want to ask about Alexis. This was something in your presentation you talked about sniffing and I'm just wondering if you can save people are sniffing data. Can you tell us a little bit more about what that is. Sure. So I said sniffing as a more general sense. So, I guess, a good point to bring up about sniffing would be like the latest news about Facebook and Cambridge and Leica. So with Google phones and Android 4 into particular and the scandal behind Facebook, I've noticed over time that people are starting to finally sort of realize that, you know, data can be exposed with a lot of private companies and they're kind of using it in their own way. So someone had asked something earlier about, you know, incognito, for instance, and being able to navigate with the data on your phone versus the traffic that's out there. Normally, someone had mentioned, I can't remember for being I think that mentioned man in the middle of tax is a very common attack of what I mean by like sniffing out traffic and data or intercepting the data and impersonating the user or the service being fooled by who's coming in. So, in terms of traffic and being able to look at the traffic coming in and out of something so traffic that could mean pretty much anything not even just digital. So, someone looking over your shoulder at your, you know, computer shoulder surfing, it could be someone impersonating you it could be somebody who's able to access your data in a way that you do not know about what is what I mean by sniffing in more digital sense. A lot of actors can come in at permissions, for example, is very important here in terms of what as it relates to with Facebook and Cambridge Analytica where a lot of Android phones are leaking data that with these companies and Facebook is sniffing a lot of data and so a lot of people have come, you know, I tried not to garner paranoia so much as more so more awareness of what's going on with the data and traffic on your phones and applications. Some people willingly sniff or give out sniffing permissions and not really know. So, I think one of those main things would be logging into other accounts with other forms of social media so a lot of services out there like login with Facebook login with Google login with, you know, LinkedIn or something like that. That's like willing at permission right there, being able to sniff through your data on this other platform because instead of just logging in with your email and whatever information you put on the platform. Now you can. Now that login that's interface with Facebook or Google can see your entire profile with Google and your entire profile with Facebook. And now they have that extra set of data along with your email along with your username along with your password. Sniffing can come in many ways. So I think about just mostly with trafficking and like what's going out of your phone, what's going out of your accounts and kind of being cognizant of app permissions there and being cognizant of how traffic is coming out of your devices. And that's what I mean, mainly by sniffing sniffing traffic. It can get more granular with security talk, especially with IP addresses and being able to see like particular requests are coming from different services port scanning stuff like that but that's more, I didn't want to get too much into that piece. But that's more so people trying to actually specifically attack, I think, and be a particular agent in that way. And more of a broad in general sense I mean just like the traffic that's going out of your accounts and out of your phone and are your laptop and between different services. Great. Thank you. I want to give everybody a chance to to talk a little bit about kind of pick up where what Ken was speaking to last about kind of creating the culture in your organization you have all worked in different organizations and I'm interested to hear any pieces of advice you have to the audience about about that piece about getting people adopting things about creating protocols and just a quick note so I don't forget. Yes, I will assemble all of the awesome suggestions for different sites and tools. And when we send the link to the recording will send those also. And I just wanted the people are brave volunteers to know that I will not include on the screen during the recording. Any of your personal information I'll just bring up the welcome slide or something else during that so they'll hear that that Praveen was seeing things like your address and phone number but that won't show up. Okay, just a couple quick notes in case anybody was worried and then yet a little more conversation about creating the culture within your movements and organizations I think would be terrific. Sure. So, I mean, in terms of security or culture and adoption. It's, it's something that is really organizationally specific. There's not really like one way to go about it you know if you're working with. If you're working if your organization is a lot of work with like undocumented immigrants. If you have folks that are crossing borders like you're facing a whole set of different security challenges, then if you know your organization maybe just, I don't know, just doing community outreach. Or, you know, like if you're if you're if you have somebody that again is very of your organization of folks are very visible in the public sphere, then that presents a completely different set of security challenges. And so a lot of this is like overlapping. And then a lot of it is like I think the conversation has to really be like a back and forth because, you know, a new like people that are like very new in security. Oftentimes they're like oh we have to take everything off of Google Drive we have to, you know, get to adopt all these tools and, you know, these this tool adoption can get like really expensive and it kind of kills you know the organizational flow so it's really about like having a conversation assessing people's own realities and picking the right right tools that I think will keep your workflow going and really I know what other folks think. Yeah, I'll I'll buy. So, I've been working inside of nonprofits for over 20 years, and I think that's that's a, and usually as a lead technologist in nonprofits, and I also do contract work outside. I think for me it's really, really important to figure out where management fits into this. So I think management, even in alleged horizontal organizations. If management identifies security, be it physical or digital as a priority, then that's where it all begins. I think that more often than not, it's organizers or line staff or whatever we want to call these roles are usually charged with like hey be more secure. But if it's really hey, this is another piece of work that you need to handle. But without there being a good policy framework, then it's a recipe for disaster. I think a good example is some people will like roll out password managers because they heard password managers is the way to go. But if you're not use like and that's one of the reasons why I recommended last pass last pass actually has very good enterprise integration. So if we want to roll out last pass to someone on our communications team, we can do that and we know that all those credentials are still part of our organization, as opposed to people having their own little buckets and silos that are super secure, but not really useful for organizational purposes. I would say that security, if we look at security in usability continuum, it's kind of like a doorway, you can have a doorway without a door, super easy to go in and out, but then you can hang your curtain there, kind of creates a barrier. Then you put like a door that just was open. Then you have locked to the door and before you know it you have like one of those New York City doors that has like eight locks knowing those which one is actually the one that's locking. And sometimes it's just unlocked and it's just for theater. So I think figuring those things out organizationally are super important and the business process like for being said, I think figuring out how do we implement security that doesn't disrupt the organizational workflow especially because it's an organization driven work, because at the Stop LAPB Spine Coalition. It took us in spite of being embedded in this work, it took us three years before we have our first digital security training, because we were committed to do this as an organizing piece of work, not as a look at us were kind of secure because once again there's the illusion of what does that even mean. I'll add a little bit there, I like Ken's point of like utilizing humans within the organization and because a lot of security talk is the weakest link is the human factor or the human error. And I think for organizing we all learned that you know humans are our greatest asset in terms of being able to properly organize. To add here with organizing and especially with people if you have constituents is access, especially with marginalized communities. Technology just sort of happens to us, depending on who exactly has access to create these technologies like now we're hearing are these buzzwords blockchain machine learning AI. These models and AI is just decision making, by the way, don't let these boats buzzwords scare you. AI is just decision making at a high level. Machine learning is a massive amount of models and data sets. A lot of these things sort of happen to us because the people who created have these large biases. So I think it's not so much as solace but a key point here is that the people who create these things aren't they don't make perfect technology to perfectly attack us, and they don't make perfect technology to perfectly hand we can always point them out at techactives.org italy likes to, you know, talk about counter surveillance in a way and it's kind of like, keep tabs on the people keeping tabs on you. And having this human factor of being able to be cognizant of what's going on with you your organization, and all the. I think Ken mentioned earlier about threat modeling or risk assessment or something like that of being cognizant. Just, even if you personally write down and okay, these are all the things that, you know, with that I have with accounts these are all the things that I personally have my credit cards. These are my bank accounts and kind of write it down like okay these are all the things that I have that are personal incentive to me. And then you kind of talk about it at a, in a way in a larger scale in the organization. Okay, these are the things that we have. And these are things that are important to us. So kind of going towards those points of being able to assess and evaluate what you have at your organization. And then you consider sensitive at your organization and kind of focusing around that first. Taking everybody off one tool and putting them on another can only do but so much if people aren't really cognizant of what's going on what's happening so having that proactive conversation and not a reactive conversation and not being so much being scared of the buzzwords that come around with being learning, because the people who are creating this have very, very limited imagination. And I think in organizers have the biggest imagination for what society can look like. And what this technology can do for us and how we can let make it use it for us and ourselves. So I think when we do that, and kind of have that human assessment first and then kind of go over that well the people who are deploying these have very one set mind tracks on when they deploy them. And when we catch that and be able to create a conversation for ourselves and see how we can kind of counter surveil or keep tabs on people who are keeping tabs on us. Then I think that's when we can feel more empowered and empowerment is very important and security because it's easy to freak people out easy for people to get very paranoid, because things have happened for a long time we saw it all the way back to Co until pro and before. And I think seeing those, and they kind of use the same tactics, like laser the same tactics the same sort of things where and deployments of tactics and types of people and the same access points of vulnerabilities. And I think if we just cognizant of that conversation we have an organization where we have tools and you have constituents that use tools, I think it's very important conversation keep having proactively, rather than having a reactive sense about it. I think that makes sense there so. Hey, and I mean, Alexis and you already said, most of everything that should be stated. One thing I just wanted to add is learning tech is super intimidating. One culture should just be about being able to learn and to ask questions. And that is really, really healthy. A lot of times, we leave it up to assumption. I assume that people shouldn't know if I tell you we need to be secure that you are going to know all these things. And a lot of communities that we work with get really intimidated, they make mistakes, and then they don't want to have an open conversation about them because of how we're talking down to them because we have this new information. So there's sometimes hierarchy there about information that we have and they don't have. And that in itself can feel very oppressive. So being able to have a good learning environment is I think is super critical for the culture of bringing security and talking about surveillance in your community. Great. Thank you all. I just want to give any, any of our speakers a chance if there's a question that they saw on chat or the Q&A or anything else they wanted to speak to or a closing comment. And just thank you all so much for everything you're sharing today and thank you to our audience for being here too. Yeah, the only thing that I would add is so in terms of like low tech solutions. I'm a very big fan of whenever possible. Oh yeah, whenever possible, going with like a low tech solution. So like something like a Faraday bag, like better than turning off your phone, put your phone in a Faraday bag. A lot easier to just like put it in a bag than like power it off or batteries or any of that hot mess. Just please, please, please. Let's try to identify like practical things. Faraday bag is like 10 bucks. I would also add that it'd be really good to build on one of the points that Alexis made is if folks were able to like just learn something basic like tethering your phone into your laptop, because that will help you stay off public wifi in as much as possible avoid public wifi. And also one thing that we didn't talk about too directly but for me and I think did a nice kind of point of insertion on that was the value of identity. So how do we make sure that when we're communicating with someone that it's actually the real person that we're communicating with I think that's one of the values or video in these things is that well at least we're able to see who we're talking to. And yeah, I think that those are things that and those are very old school because video is kind of like a new let's meet face to face. So in terms of tool recommendation. I think it's great that that new folks as a host are using zoom, zoom has a nice end to end encryption option that people need should turn off on if they're using zoom, but there's also jitzy which is open source. So there are a lot of like kind of like low lift tools. Evaline Praveen, they're like super, super big resources and comrades in this. And yeah, let's let's do this together. That's all I got. Anyone else want to jump in with the closing comments. A closing comments that I have is, don't be afraid about tech. And I read this comment talking about when techies try to explain shit like yo, ask the tech person mad questions that they don't know how to answer is because they don't know what the fuck they doing. Like we all in this liberation fight together. And when I learned how to read and write that didn't mean I was going to be an author. It was so I can move and be able to be functional in society and today we need to learn about tech and we need to know about digital security. And if you didn't go to school for that you didn't go to school for that and that's totally fine if you don't know it you don't know it. Don't be afraid of it. Don't be afraid to ask questions don't be afraid to hold us accountable as technologists were on the movement together we need each other we need to love and support and communicate. So final questions. That's my last feedback. Thank you all. Anyone else want to jump in. It's a pretty good note to end on. Well, yeah, I do want to echo Italy and what you know what you learn said is is that. Yeah, just did you don't have to be a tech person to understand this stuff like it's not about, you know, people in the tech industry often like there's not necessarily have like a fancy background. It's really just about going in there and yeah, like echo asking questions. And, you know, you are the best expert for yourself. And I guess to add to that piece for a closing comment. Get to know your devices and your tools. You don't necessarily need to be, you know, taking your laptop apart and digging through everything. The components that come with all your devices over time can help a lot in terms of what needs to be fixed on a very practical level. Not just, you know, fixing your crack screens but also like okay was a processor was a hard drive very little things you can just take in once in a time you have to do it all at once. This is an ongoing process there's still parts of machines and stuff I don't know with laptops and you know cars and stuff like that started integrating more technology. Overall, being able to get to know your tool and devices, you know, Android is a operating system, not a phone, stuff like that, where you can start to get those little details and sync them in. And just like one a day or if you're more interested in learning, there's definitely open source courses like Coursera.com or edX.org, or Udacity, which is more, I guess, above development oriented, but overall, if you are interested in learning, there are a lot of free resources out there. Let's not let capitalism make it seem like all this technology and all this knowledge is just for them and people who can afford it. There is now free tools out there. I share free information all the time, especially on my Twitter. I also share resources for local organization and meetup groups that talk about, you know, building your own ISPs and stuff like that. And then at service providers, making the mesh network, and you don't need to know everything when you come into a room. That's another point of this, is knowing everything, because we all don't know everything, but we can learn from each other. So that's what I'd like to close with. Great. Hi everyone. Thank you so much. Thank you to all the panelists and I look forward to getting this information to the audience members. And yeah, let's take good care of ourselves and each other. And thank you all for giving us a lot of good advice for how to do that. Thank you. Thank you, everybody.