Teaching Guide: My Digital Identity

Illustration of a girl using her phone under two giant phones with the digital identity category logo on the big screen.

Objective(s):

In this session, you will review with participants how the Internet collects information about them and what they can do to minimize their digital footprint.

Teaching points:

  • Understanding how the Internet collects user data (active and passive);
  • Understanding how to restrict the sharing of personal information;
  • Understanding what it means to connect to others responsibly.

Practical skills taught:

  • Increasing privacy settings;
  • Scrubbing one’s digital shadow by using anti-tracking tools;
  • Identifying privacy-enhancing technologies and their uses;
  • Sharing/posting on social media responsibly;
  • Deleting unnecessary apps;
  • Being careful about who you connect with.

Session length:

75 min

Skill level:

Basic for most of the content

Required knowledge:

Basic computer and email/social media literacy

Resources needed:

Projector, slides, paper, laptop connected to the internet, handouts.

Deck:

My Digital Identity

Handouts:

Handout: Browsing Incognito, Handout: Set Instagram to Private, Quiz: My Digital Identity

Advanced preparation required:

N/A

A. Setting the scene (10 minutes)

  1. Start the session by describing what it is about, situating the session among the other points of the CyberSTAR, and outlining what the participants will learn by the end of the session.

  2. Set the scene by discussing the notion of digital identity. Put simply, a digital identity is a combination of all information about an individual or organization that exists online.

    Ask participants the following questions to start the discussion:

    • How much information do you leave on the Internet by using it for your day-to-day activities and work?

    • What can happen if you lose privacy? Could it put you in danger? Cause you to lose a job? Ruin your reputation? Be used to tell lies about you? Expose the privacy of people you care about? Make it easy for people to steal your identity?

    Make sure that the following points are addressed:

    • What you do online reveals a lot about you – what you think, what you care about, where you get your information. These details can be used to target you with persuasive information, conduct social engineering attacks, or to build a profile to use against you.

    • Revealing too much information online can potentially have dire consequences for your personal safety, pose risks to organizations you work for or your social networks, partners and beneficiaries.

B. User data collection (10 minutes)

  1. Give participants a high-level overview of how user information is collected on the web. Explain the difference between active and passive user data collection.

    Passive user data collection involves the use of special tools that collect our data automatically, often without us even knowing that this is happening. This is normally accomplished through the use of cookies, web beacons or other types of tools. For example, a web browser on your computer sends the following details back to servers, without you even knowing: language settings, installed fonts, browser type, display resolution, plugins.

  2. Active user data collection involves asking users explicitly for their data (information, preferences and opinions).

    Make sure the following points are addressed:

    • Everything you do online leaves a trace;
    • Web browsers, social networks, mobile phones, search tools – everything tracks you, often without you even knowing that this happening;
    • By using the Internet, you are leaving around vast amounts of data (demographic details, contacts, location, habits, what you post online, etc.).

C. Activity: How big is your digital shadow? (10 min)

  1. Ask participants to open the Trace My Shadow site on their devices. Those who do not have a device connected to the Internet can be paired up with those who do have such devices. If more than a third of participants do not have connected devices available, complete the next step on a device that is connected to a projector for everyone to follow the exercise.

    Trace My Shadow is a web-based tool that allows you to get a glimpse into the digital traces you are leaving – how many, what kinds, and from what devices. In addition to showing how many traces you leave, the tool also helps you learn what you can do to take control of your traces. Besides English, the tool is available in Arabic, Russian, French, German and Spanish.

  2. Give participants five minutes to explore the tool and encourage them to bookmark the site. Leave a couple of minutes at the end of the exercise to ask participants to share something new they learned by exploring the tool.

D. Don’t cast a long digital shadow: social media (10 minutes)

  1. Share with the participants that protecting their digital identity starts with using social media responsibly.

    What you share and with whom can expose you and the people you post about. This can put beneficiaries at risk, make you more vulnerable to social engineering attacks and cost you your job.

  2. Explain that users may give away a lot of information about themselves by using social media:

    • Default privacy settings: expose your networks and more.

    • Geo-location: gives up your location – not just on posts but all the time.

    • Meta-data: exposes a lot more information beyond the content of a social media post.

    Metadata (or “data about data”) contains details about information (such as author, creation date, location and device used) that makes finding and working with data easier.

  3. Share the following basic tips with participants:

    • Think before you post or share

    • Take responsibility for what you post or share

    • Separate your personal and public personas

    • Know and respect platform-specific community guidelines.

  4. Discuss why it often makes sense to exercise caution when connecting to (adding as friends) people on social media. Make sure that the following points are addressed:

    • People you connect to often see much more information, including personal details and photographs, than people outside your social media networks.

    • It might not be a good idea to connect to strangers. It is definitely a bad idea to connect to people with clearly made-up names and without profile photos.

E. Adjusting your privacy settings on social media (5 min)

  1. Tell participants that they can control how much information they reveal about themselves and their work by adjusting privacy settings on various social media sites they use.

    While experts often recommend tightening all settings and ensuring the maximum levels of privacy, it is important to choose settings that are appropriate to your personal and professional needs.

  2. Ask participants what social media sites they use and distribute relevant handouts that provide step-by-step instructions for adjusting privacy settings on frequently used platforms.

    Pay special attention to the issue of 3rd Party Apps on Facebook and other social media platforms. 3rd party apps (such as games, surveys, etc) are often the primary avenue of privacy compromise.

F. Privacy settings on computers and mobile devices (10 min)

  1. Explain that computers and mobile devices also often reveal personal information which can be used in ways that could cause significant personal, reputational and financial harm to their owners.

  2. Share the following basic tips on adjusting privacy settings for computers and mobile devices:

    • Tighten your geolocation settings: check and adjust geolocation settings on your devices. Geolocation information can identify where you are, even when your device is powered off. For most apps, you can adjust the settings so that location is accessible only while the app is running.

    • Tighten app permissions: some apps may request access to your camera, microphone, location, contacts, photos and calendar. Review permissions for each app on your device and decide whether you really want to allow your apps to access these resources. Consider turning off these options if they are not really needed to use the app. Also, close your apps (even those running in the background) when you are not using them to restrict information sharing.

    • Restrict access to accounts: some apps may request access to important accounts such as Google, Facebook or Twitter. When reviewing permissions for each app on your device, unlink apps that you are no longer using from your accounts. It is also a good idea to delete apps that you are no longer using.

    • Restrict tracking of web browsing history: when possible, always choose private or incognito browsing options. Also, adjust your browser settings to block third-party cookies.

    • Lock your device with a password or passcode (or “touch ID”/“face ID”): this will help prevent other people from using it or being able to access personal information on your device.

  3. Encourage participants not to think of their privacy settings as something they do once and forget about it. Many apps often modify their privacy settings options. So, they should be reviewed frequently.

  4. Tell participants that they will learn more about securing their devices during My Devices session.

G. Activity: Scrub your digital shadow (10 min)

  1. Set the stage by explaining that although it is very difficult to scrub all personal information from the Internet, it is possible to remove some of this information. How to do so varies depending on which websites and services have the information you want to remove but participants can start by doing two basic things:

    • Google your name in quotation marks and note down all websites on which your name appears. Pay particular attention to social media accounts that you created a long time ago and are not using any longer.

    • When possible, contact website owners and ask them to delete your personal information that you do not want to be on their websites.

    • Delete all abandoned and inactive social media and email accounts. You will have to sign into each account and then find the option to delete or close it.

  2. Ask participants to open the Firefox Monitor or Have I Been Pwned site on their devices. Those who do not have a device connected to the Internet can be paired up with those who do have such devices. If more than a third of participants do not have connected devices available, complete the next step on a device that is connected to a projector for everyone to follow the exercise.

    The Have I Been Pwned is a service that allows users to discover if any account information belonging to them has been compromised or included in a data breach.

  3. Give participants five minutes to run different email accounts connected to them through the website. Leave a couple of minutes at the end of the exercise for participants to share whether the exercise has revealed that any of their accounts were compromised. If so, encourage them to change their passwords as quickly as possible.

H. Privacy-enhancing technologies (5 min)

  1. Set the stage by explaining that privacy-enhancing technologies continuously evolve, and that participants should identify which tools best suit their needs based on their risk analysis, needs, technical skills, reliability of specific tools, etc.

  2. Mention the following tools, providing recommendations for more specific needs when required:

    • End-to-end encrypted apps: these enable you to make secure voice calls and exchange messages. Signal and Telegram are clear favorites. Participants will learn more about end-to-end encryption during My Conversations session.

    • Password managers: these allow you to generate and maintain strong and up-to-date passwords that are not reused across different services. These also help battle phishing, which is covered in a later unit. We recommend LastPass.

    • Privacy Badger: this free open-source browser add-on prevents third-party trackers, such as advertisers, from secretly tracking which web pages you visit.

    • uBlockOrigin: this free open-source browser add-on prevents third-party trackers AND advertisements. It may break some web pages however.

    • Tor Browser: this free and open-source browser is slow, but it is the best free option to ensure your total privacy online. Tor blocks your identity by way of many layers of routing.

    • DuckDuckGo: this search engine does not track your IP address or your history.

    • Mozilla Firefox: Unlike other web-browsers, Mozilla has started to block some of the “bad cookies” that compromise your digital identity.

I. Wrap-up (5 minutes)

  1. Provide a brief summary of practical skills that the participants should have learnt during the session.

  2. Ask participants if they have any questions, answering the questions when possible or pointing them to online resources when the questions are not relevant to the rest of the group.

  3. Distribute handouts with step-by-step practical guides on the most common technical issues the participants are known to encounter.