Digital security trainings: Barriers, opportunities and decolonial perspectives

Experiences from the Global Gathering 2024

The Global Gathering held in Portugal in September 2024 brought together digital rights networks, activists, practitioners, researchers and technologists from around the world for three days of knowledge sharing, networking, collaboration and brainstorming through workshops, booths, project showcases and meetups.

Point of View participated in the Global Gathering with the support of the Association for Progressive Communications (APC) Member Engagement and Travel Fund.

This blog post highlights some of our learnings, especially around digital security trainings.

What challenges are digital security trainers facing?

The Digital Security Trainers’ Meetup brought together around 60 trainers to share our experiences conducting digital security trainings. With the pandemic and subsequent lockdowns, many communities with low internet access – especially in the global South – who weren’t using digital spaces extensively earlier, had to transition to online platforms for work, financial access, community support, and for accessing critical information. With this shift, communities are increasingly feeling the need to be equipped with the skills and knowledge required to navigate rapidly evolving digital spaces safely.

This changing landscape brought about a shift in terms of how digital security trainings are conducted, and newer challenges for trainers, including those who work with grassroots communities in the global South. Online trainings still remain largely inaccessible for communities with low access, which means we need to be careful in choosing platforms for tech trainings. Often, the most secure platforms aren’t the most accessible or user-friendly. And so, a lot of digital security trainings happen on platforms like Zoom and Google Meet, which are popular among grassroots communities.

Given this background, we talked about how we can introduce secure alternatives – asking whether the push for secure tools reflects the needs of communities with low access in the global South.

Trainers also talked about an environment of shame that often surrounds digital security trainings. A more holistic approach is to “start where people are at.” It’s important to work with the tools and tech that communities are currently using, talk about privacy concerns surrounding these technologies with concrete examples, and think about how they matter locally – and then gradually introduce tech options that are more secure while being cognisant of their limitations, especially in terms of accessibility. “There's a push and pull between giving advice that is less technically safe but more practical for where people are,” as one participant in the meetup stated.

A “balance of skills and pragmatism” is the way forward. However, platform security standards and user interfaces keep changing, making it difficult for trainers to follow up and bring participants up to speed. Staying updated was a big challenge for trainers even before COVID – there have always been new tools, new security risks, new attacks, new strategies – but we have “great trainers who are using outdated materials.” Updating training content regularly and building sustainable trainings are often difficult due to lack of time and resources, which is why most trainings become “parachute interventions” with no long-term capacity building plan.

There are several challenges around funding digital security interventions. Often, funding focuses on a crisis at a particular point in time, but “the crisis passes before the funds arrive.” We talked about the need for funding “before an issue becomes a crisis.” Grants alone often aren’t enough for solving digital security problems that communities face. For example, there have been instances where non-profit organisations adopted secure servers based on digital security interventions, but the servers only lasted as long as the grants, after which they had to switch back to regular servers.

There have also been instances where trainers are asked to follow training models developed by funders, which often means having trainers from global North countries (where the funding comes from) conduct trainings with communities in the global South. This not only sidelines local trainers, but also leads to low participation in these workshops, which seem unrelatable to participants.

We talked about how we can make digital security trainings more engaging: while virtual trainings need fewer resources, there’s often a higher dropout rate and less interest when trainings are online. Trainings are more meaningful when learning materials are in diverse formats and local languages – not just text-first, but also audiovisual. In-person trainings are more engaging when they allow for movement, exploration of the space, use of physical devices and materials in group work, space for participants to share lived experiences that help to contextualise privacy/security conversations, or even games!

What opportunities are we seeing in recent times?

With new tools available, trainers have the opportunity to be creative with learning materials and explore different forms: short video tutorials, infographics, comics, memes, and other short-form content that allows for fun and play.

It would be useful to have guides tailored to the needs of specific regions, developed with communities who are already doing digital security work and have creative solutions to different security risks and threats. Forums and gatherings like this are spaces to find organisations/individuals with shared goals for potential cross-country, cross-regional, cross-movement collaborations.

Making trainings accessible needs a lot more than just language translations. This is also an opportunity to explore localised tools, threat models and digital security strategies where communities see their own lived experiences and social contexts reflected.

With platforms like WhatsApp becoming very popular even in communities with low access, it has become easier to share tools and resources widely. We can be creative with WhatsApp forwards, design them in local languages, and include calls to action for wider dissemination.

Young people are increasingly getting online, especially on social media. Their digital explorations come with newer experiences of privacy, security, violence, and also pleasure, play and joy. This is a challenge as well as an opportunity for trainers: conducting digital security and capacity building trainings across different age groups.

With our online and offline lives becoming more and more intertwined, there’s a need to expand our articulations of digital security to include digital care, and connect trainings and workshops to self and collective care that shape our "phygital" experiences of mental and emotional well-being.

As digital security needs are becoming more and more evident, especially for structurally excluded communities, it’s becoming more common for funders to include digital security in their funding goals. “This is a positive change as compared to 10 years ago, when funders wouldn't fund purchasing computers. Now it's more acceptable to request funding for IT infrastructure,” one participant noted. However, this isn’t true in many global South contexts, where secure digital infrastructures are still considered luxury.

Finally, this isn’t an "opportunity" but a reminder to recognise contexts of war, conflict, displacement and genocide as we think about digital security: how digital operations are used as weapons that put the lives of civilians and their personal data at risk. Digital security trainings need to address hate speech, misinformation, disinformation and tech-facilitated violence as political and structural problems as well.

Do we want to "gamify" digital security?

Games make trainings more effective, by fostering engagement, creativity and information retention. But games can also be abstract and hard to understand. In a circle discussion about "gamification", we talked about digital security games we’ve played and how they made us feel, and discussed principles that can inform the creation and facilitation of digital security games:

Context-aware: Reflecting local realities, with local landscapes, scenarios, characters. While a game doesn’t have to be realistic and can be imaginative/aspirational, it needs to have value in the context of the person playing.
Clear learning objectives: What shifts do we want to achieve after the game – in knowledge, skills, perspectives, or anything else?
Experiential learning: Games that don’t just teach, but also urge you to reflect on an issue or experience.
Easy to play: Games that don’t need too many materials to play, and can be played even outside of the training, are more accessible.
Flexible: Sometimes, the outcome might not match the design of the game; there needs to be room for unexpectedness. An outcome can even be building something together!
Physical-digital combinations: Hacking traditional games in digital security scenarios, using movement, space, nostalgic value – for example, “passing secret notes in class” to explain http:// and https://, knowing how strong your password is through physical formations based on prompts, learning strong password practices using dice, choosing page number+word combinations from a dictionary, or local movie/song references.
An element of surprise: Twists and turns – games sometimes work better when people don’t know their purpose at the beginning and are surprised at the outcome!

What makes digital security and tech trainings feminist?

A circle discussion on feminist methodologies for tech trainings hosted by APC brought together practitioners working in the intersections of gender, technology, digital security and digital rights.

We exchanged feminist principles for digital security and technology trainings, such as:

Moving away from an individualistic approach towards digital security and thinking about collaboration and collective practices.
Being intentional in designing trainings so that they contribute to feminist movement building.
Centering dignity of risk in digital security conversations: Recognising that people have the right to make decisions even if those decisions involve risk – as part of one’s holistic digital exploration.
Moving away from a protectionist lens: Trainings shouldn’t induce fear but recognise people’s agency and autonomy in making decisions for themselves.
Making the patriarchy in tech visible: Enabling critical reflections on design, infrastructures, and politics and practices of technology.
Actively acknowledging power and privilege between participants, facilitators, trainers and so on.
Being creative with curricula, pedagogies, materials: Exploring different forms of content.
Recognising community expertise and knowledge.
Having accessibility on the drawing board: Thinking how the online or physical training environment can be meaningful for persons with disabilities; thinking about language diversity and accessibility of technologies and tools used.
Respecting different kinds of participation: Allowing for speaking, writing, drawing and other forms of expression.
Having space for rest and withdrawal, to take care of oneself as needed, especially as digital security conversations often include experiences of violence and harm.
Being intentional in creating a "safe space" while recognising different powers and privileges (and the lack thereof) that we all hold.
Being aware of different intersectional contexts and identities in the room.