Let's say you are teaching a basic, 1-hour-long class to the general public about privacy and general tech hygiene. What kinds of topics would you include?

fryd@sh.itjust.works

I don’t think the general public will walk away caring much no matter what you say. I’m not trying to dismiss your question. Though I can say from personal experience, that an hour isn’t enough time to convince most non-techie people to change their online habits at all.

Most people I’ve talked to about any of those topics essentially already has a vague idea that it’s an issue, but they just kinda shrug since nothing’s happed to them yet and they think its probably too late anyway.

toiletobserver@lemmy.world

That's right, plug it into a computer from work instead!

toes@ani.social

I was at a conference on this type of topic. It was geared towards IT students and the presenter made everyone sign a waiver coming in and told everyone not to use their computer in that room. (Smartphones weren't super popular yet)

Anyone who jacked into the ethernet ports had their Facebook and Skype "hacked" and the presenter changed their picture to himself.

It was a wonderful experience seeing all the chaos that ensued. That kind of automated mitm attack won't work like that these days but maybe something to that tune.

Edit: plus it's a good lesson to read and comprehend what you're signing.

tiger@sh.itjust.works

Password managers, MFA, social engineering awareness, updating software, data and software mimization. Use your computer and internet for a day and note everything you purposefully do and don’t do and why and it’ll help you retrace the basics.

zak@lemmy.world

I've seen a similar demo before HTTPS was ubiquitous that just showed everyone's passwords on a projector.

zak@lemmy.world

Here are six topics you can probably do in about ten minutes each.

• Password manager
• Avoid password reuse
• Basic phishing prevention
• Adblocking (be sure to mention private DNS on phones to block ads in apps)
• Reasons to prefer websites to apps
• Scam recognition (if there's time - the concepts are similar to phishing)

I'd mention Firefox in the adblocking section, but getting them to use anything will be a big win.

swordinferno@lemmy.world

I think the majority of the time ought to be showing real-world examples of why these things matter.

Stores use your phone's bluetooth to track your shopping

Smart doorbells will gladly send your footage to police without your permission

Target knew a teenager was pregnant based on shopping habits

Mozilla has a solid breakdown of how your car is spying on you

The goal being to give them something lasting. So next time they interact with this tech they remember what you told them, and maybe start a privacy journey of their own.

rivalarrival@lemmy.today

Roko's Basilisk.

thatguy46475@lemmy.world

that you should change your password

artisian@lemmy.world

I'd spend much of it selling them on Linux (mint is really not bad to use/install these days), libreoffice, lemmy (for the upvotes), Signal, Matrix, Jellyfin, and some of the amazing free phone games.

Let people know there are alternatives. So they migrate comfortably the next time a garbage product comes out, and are willing to look+donate when a new thing comes out that could/should be free as in freedom.

Security is mostly theatre, and the average person probably isn't under much threat even doing everything wrong. But slightly more informed as a consumer and user could really make a positive impact on their lives + those around them.

digdoug@lemmy.world

It really depends how basic and how "general public" we're talking. At work I've had multiple people email me their credit card details in plaintext. That might fall into the "beyond help" category.

A few points I think are important:

• Use an adblocker

• Use a password manager

• Don't connect things to the internet that don't need to be connected to the internet

• If it needs to be connected to the internet, keep it up-to-date

I think that covers the basics without impacting convenience too much. While I personally think that your TV is something that doesn't need to be connected to the internet, I imagine most laypeople wouldn't agree with me and do it anyway.

kalkulat@lemmy.world

1. Your phone is the least private device you own. Every app you add makes it worse.
2. Don't use that bank plastic any more than you have to. Cash has built-in privacy. And -never- let it out of your hands.
3. Unless it's legally required, -never- write or 'give' 'your' SS number.
4. None of these numbers we just have to remember are 'ours'. Do cows own 'their' ear-tags? They just oil the machinery.
5. Before you get rid of that hard drive, open it up and rip out the internal wiring. Then drive a couple of nails through the platters.

benleman@lemmy.world

Regarding #5, don't bother with the wiring. No data stored there. It's all in the magnetic coating of the platters.

tollana1234567@lemmy.today

its probably there to just datamine you.

tollana1234567@lemmy.today

teaching them how to recognize online scams, even people with degrees will for the oldest scams out there.

zak@lemmy.world

Someone who voluntarily sits through an hour-long presentation clearly cares enough to take some kind of action.

venus_ziegenfalle@feddit.org

The most common misconceptions in my experience:

"Why do I care? I've got nothing to hide and they have all our data anyway."

"Isn't open source less safe if everyone can see how it's made?"

"Email is safe because only I have the password."

I'd debunk those and give examples and tips. I'd also briefly tell them about the concept of social engineering and what to look out for. And if there's time mentioning password managers couldn't hurt.

lh0ezvt@sh.itjust.works

Yeah, drilling a hole in there should stop anyone this side of a dedicated lab from reading your data.

knight_alva@lemmy.world

One class for one hour is not much time at all. To get the most out of it, I would actually try to keep the scope as narrow as possible. I would really dig into these two things:

Password management (make good passwords, use a pw-manager to avoid reusing a pw, change passwords regularly)

Spotting social engineering (I would spend at least 2/3 of the class on this topic) this is by far the most common vector through which people get hurt by poor tech literacy. If you want to do the most good for the most people I would recommend focusing on drilling this skill.

shalafi@lemmy.world

Ignore the people saying 1 hour won't cut it. You have to keep it to an hour or you lose your audience.

I did a security talk at my last job and realized all I was creating was a bunch of scary slides. Went back to focus on actionable responses; What can the user do to defend themselves?