As some of you might have noticed on my twitter or identi.ca, I occupied myself with teaching kids about privacy today. Being a member of the local FoeBuD group I participated in our Privacy Workshop.
Privacy Workshops aim at teaching children responsible behaviour towards their privacy. Today, we had an event with eleven 10th grade students from a local school where one of our members is a teacher. This proved to be quite an advantage since it made attracting participants much easier.
Today we had four main topics on our schedule: How to set up the privacy setting of social networks correctly, what is a good password, an introduction to TrueCrypt and a little game called “Google Simon”.
Since I have previously occupied myself with the obstacles to privacy in social networks I presented named first part together with another participant. It was divided in a general introduction and a hands-on part where we explained how to change the privacy settings of three German social networks, schülerVZ, Schüler.cc and wer-kennt-wen.
In the introduction I emphasized the point that you can’t afford to believe in privacy on the net: What’s online is public. Still it is important to make it more difficult for some people to find out about you on the net - especially when you’re still at high school. Nearly everyone of those kids has something to hide from their teachers, parents, future employers or just begrudging classmates.
I. e. recruiters have begun looking up job applicants in social networks. According to a study, one out of ten use this tool to gather information on a candidate. In 50 percent of the cases, this leads to the applicant not getting the job. Reasons are mostly wrong information on education or work experience, but also drug or alcohol abuse - which must not be illegal.
I explained how the kids can change settings in a way that they make it less easy to find them (i. e. by using a fake name and a one-time email address). Then we put the hands on their profiles in three popular German social networks.
During feedback time some of the students told us that they had already known about the importance of these settings. Still I encounter so many kids with their profiles openly presenting more than harmful contents that I think this wasn’t useless.
The next session dealt with safe passwords. This is a topic where it is really important to attract attention by the children since passwords may seem a bit boring at first glance. But when they were told how banks (which are currently under criticism in Germany because of data leaks) make a serious failure with four digit passwords and how they, 10th grade students, could do better, they were certainly interested in how to do so.
I think it was also important that our member explained to them how there are three types of “keys”: Things you have with yourself (like a key or a bank card), things you know (passwords) and biometric data.
Finally the kids got the task to create a safe password after we explained to them that using sentences (or the first letters of their words) is a great way to find safe, easy-to-remember passwords.
These keys the kids created could be brought to use in the next session. It dealt with open source encryption software TrueCrypt which another member explained to the kids. Here we had a real hands-on approach where the kids could create their own encrypted container on their own usb sticks. That way we tried to make sure the kids would use this software again.
This part of the workshop got overwhelming feedback afterwards. It seems as if a hands-on approach works quite fine with kids of this age, especially for a quite technical topic like encryption. It is important to show them what they can do for their privacy themselves.
As a finish we had made up that great game, “Google Simon!”. Essentially that meant that we told the kids to find out as much information about me as possible within 20 minutes. This one kind of ship- wrecked, though. It is true that we didn’t give them much information on me (only my first name and the fact that I was participating in the Privacy Workshop). Still they had no difficulty in finding this blog. Problematically, they didn’t go further from that: The question where I had spent my holidays this year seemed unanswerable to them when Google didn’t give them the information after being asked “Simon Columbus Holidays”. None of them thought of looking it up at my photo sharing site (which is linked to from this blog), clearly showing that these students really lack any knowledge of research techniques. Maybe something we shouldn’t repeat the same way.
To summ it up I think that when working with students on theoretical topics like privacy it needs a strong hands-on approach to attract their attention, but also to enable them to start doing something for their privacy themselves. From there on they have a point at which they can start going on.
For more information see the Privacy Workshop wiki. We will be presenting the project at the 25C3 in Berlin later this month. The talk will be in English and a video stream will be available online.
Simon Jonas Hadlich
simoncolumbus.de, Siegen, 14. Dezember 2008