Merge branch 'master' of github.com:OpenNewsLabs/field-guide-security…

…-training-newsroom

docs/Chapter01-04-TrainingGames.md

@@ -98,4 +98,4 @@ Ask what the problem is now, but also what this system is accomplishing (in shor
 These are great road tested games for teaching networking principles. If you're looking for more ideas for games trainers play, check out:
 
 + [Games Trainers Play](http://www.worldcat.org/oclc/6016638)(<http://www.worldcat.org/oclc/6016638>) and [Even More Games Trainers Play](http://www.worldcat.org/oclc/30318772)(<http://www.worldcat.org/oclc/30318772>) for some great ideas.
-+ Or take a look at the curricula and guides we've aggregated in our [Resource Guide](/docs/Chapter03-02-Resources).
++ Or take a look at the curricula and guides we've aggregated in our [Resource Guide](Chapter03-01-Resources.html).

docs/Chapter01-05-PathwaysChoosingLessons.md

@@ -8,16 +8,16 @@ Some users will want to lead a formal series of in-depth workshops, while others
 
 ### Just mobile
 
-1. [Mobile Security Settings](Chapter02-01-Mobile-Security-Settings.md)
-2. [Locking Down Mobile Devices](Chapter02-02-Locking-Down-Mobile.md)
-3. [Setting up Signal](Chapter02-03-Setting-Up-Signal.md)
-4. [Backing up Mobile Devices](Chapter02-04-Mobile-Backups.md)
-5. [Physical Security](Chapter02-09-Physical-Security.md) -- iPhones are already encrypted but Android users should set up disk encryption.
+1. [Mobile Security Settings](Chapter02-01-Mobile-Security-Settings.html)
+2. [Locking Down Mobile Devices](Chapter02-02-Locking-Down-Mobile.html)
+3. [Setting up Signal](Chapter02-03-Setting-Up-Signal.html)
+4. [Backing up Mobile Devices](Chapter02-04-Mobile-Backups.html)
+5. [Physical Security](Chapter02-09-Physical-Security.html) -- iPhones are already encrypted but Android users should set up disk encryption.
 
 ## Secure email use
 
-2. [Passwords](Chapter02-06-Passwords.md)
-3. [Two-factor Authentication](Chapter02-07-Two-Factor-Authentication.md)
-4. [Phishing](Chapter02-08-Phishing.md)
+2. [Passwords](Chapter02-06-Passwords.html)
+3. [Two-factor Authentication](Chapter02-07-Two-Factor-Authentication.html)
+4. [Phishing](Chapter02-08-Phishing.html)
 
 Savvy readers will note that this guide doesn't currently include a guide to encrypting email with GPG or PGP. Why? It's hard to use and history has shown that most folks don't use it properly. As Martin Shelton has pointed out, [newsrooms have better options](https://source.opennews.org/articles/how-lose-friends-and-anger-journalists-pgp/).

docs/Chapter02-00-Overview.md

@@ -6,40 +6,40 @@ Every lesson plan includes an overview of the lesson, prerequisites and material
 
 ## What Is Included
 
-**[Mobile Security Settings](Chapter02-01-Mobile-Security-Settings.md)**  
+**[Mobile Security Settings](Chapter02-01-Mobile-Security-Settings.html)**  <br />
 This is the first short module in a series of three trainings dedicated to securing your mobile device. In this module, iPhone and Android users will learn how to review the security settings on their mobile devices. In later trainings, they will learn how to encrypt their device, set a secure locking mechanism, and install an encrypted messaging system (Signal). These three modules are meant to be short and simple. Each can serve as a quick win in a larger session about something else, or can stand alone as a short session. Or the three mobile sessions can combine nicely into a 60- to 75-minute block of training around securing a mobile device.
 
-**[Locking Down Mobile](Chapter02-02-Locking-Down-Mobile.md)**  
+**[Locking Down Mobile](Chapter02-02-Locking-Down-Mobile.html)**  <br />
 This lesson plan helps participants secure their mobile devices by setting up lockscreens and securing lockscreen notifications, applying system updates, and encrypting device storage. This module is meant to act as the second in a series of three, building up a 60-75 minute training block on secure mobile communications.
 
-**[Setting Up Signal](Chapter02-03-Setting-Up-Signal.md)**  
-Signal is a secure messaging platform that utilizes end-to-end encryption. Before starting this lesson, participants should have already been through a [mobile application settings review](Chapter02-01-Mobile-Security-Settings.md) and added secure lockscreens to ensure that their device is ready to use with a program like Signal. Some benefits of Signal: they do not store messages on their servers, participants can set their conversations to "self-destruct," and users can customize what information (contact name, message preview) is available on their phone's lockscreen. This lesson plan is intended to be taught as the third in a series, following [mobile app security settings](Chapter02-01-Mobile-Security-Settings) and [locking down mobile devices](Chapter02-03-Locking-Down-Mobile.md).
+**[Setting Up Signal](Chapter02-03-Setting-Up-Signal.html)** <br /> 
+Signal is a secure messaging platform that utilizes end-to-end encryption. Before starting this lesson, participants should have already been through a [mobile application settings review](Chapter02-01-Mobile-Security-Settings.html) and added secure lockscreens to ensure that their device is ready to use with a program like Signal. Some benefits of Signal: they do not store messages on their servers, participants can set their conversations to "self-destruct," and users can customize what information (contact name, message preview) is available on their phone's lockscreen. This lesson plan is intended to be taught as the third in a series, following [mobile app security settings](Chapter02-01-Mobile-Security-Settings.html) and [locking down mobile devices](Chapter02-02-Locking-Down-Mobile.html).
 
-**[Mobile Backups](Chapter02-04-Mobile-Backups.md)**  
+**[Mobile Backups](Chapter02-04-Mobile-Backups.html)** <br /> 
 Creating regular, secure backups of data on mobile devices is important, whether users want to protect against loss, theft, or catastrophic error (e.g. accidentally wiping a device while encrypting it). This session covers the creation of encrypted backups for iOS and Android users, and make recommendations on a backup schedule.
 
-**[Good Hygiene for Apps](Chapter02-05-Good-Hygiene-For-Apps.md)**  
+**[Good Hygiene for Apps](Chapter02-05-Good-Hygiene-For-Apps.html)**  <br />
 Overview: Don't let orphaned apps degenerate into an unlocked back door to your account.
 
-**[Passwords and Password Management](Chapter02-06-Passwords.md)**  
-Passwords are the bedrock of account security, but they're hard to get right. This lesson explains how to take a harm-reduction approach to password management. Participants should have a clear understanding of [phishing](Chapter02-08-Phishing.md) and [two-factor authentication](Chapter02-07-Two-Factor-Authentication.md), or you should cover those topics as part of this lesson.
+**[Passwords and Password Management](Chapter02-06-Passwords.html)**  <br />
+Passwords are the bedrock of account security, but they're hard to get right. This lesson explains how to take a harm-reduction approach to password management. Participants should have a clear understanding of [phishing](Chapter02-08-Phishing.html) and [two-factor authentication](Chapter02-07-Two-Factor-Authentication.html), or you should cover those topics as part of this lesson.
 
-**[Two-Factor Authentication](Chapter02-07-Two-Factor-Authentication.md)**  
+**[Two-Factor Authentication](Chapter02-07-Two-Factor-Authentication.html)**  <br />
 Enabling two-factor authentication (2FA) is one of the easiest steps people can take to protect their online accounts. Even if someone gets ahold of a user's password, 2FA will ensure that they can't get very far. 2FA adds extra protection by requiring additional information for login, which is provided by text message, a code from an authenticator app, or the use of a hardware security key. This lesson plan introduces key concepts about 2FA, and guides participants through the process of setting up app-based 2FA for their primary email accounts.
 
-**[Phishing](Chapter02-08-Phishing.md)**  
+**[Phishing](Chapter02-08-Phishing.html)** <br /> 
 Phishing is an email-based social engineering tactic that uses misplaced trust to extract information and access. Like other forms of social engineering, its purpose is to trick you (the target) into divulging information that can be used to gain access to private data, networks or resources. Participants will learn about phishing in the context of trust decisions, and develop awareness and techniques to make these decisions when interacting on the web.
 
-**[Physical Security](Chapter02-09-Physical-Security.md)**  
+**[Physical Security](Chapter02-09-Physical-Security.html)**  <br />
 What happens to a person's data if their device is seized or stolen? How should people prepare to cross international borders safely? This session discusses ways to approach border crossings, and walks through the process of enabling full-disk encryption, which can help ensure that someone who has a physical device doesn't necessarily have access to all its data. This module makes a few assumptions about participants' threat models, and is written with American journalists in mind. If participants' work puts them in conflict with hostile state actors, they should seek out more specialized training.
 
-**[Scrubbing Metadata](Chapter02-10-ScrubbingMetadata.md)**  
+**[Scrubbing Metadata](Chapter02-10-ScrubbingMetadata.html)** <br /> 
 Files such as Word documents and JPEG images usually contain information about the systems used to create them. This information, commonly referred to as metadata, could inadvertently reveal personally identifiable details about sources to anyone given access to the files. This lesson plan teaches participants how to find metadata in Word documents and JPEG files, and ways to share or publish content from these files without exposing metadata.
 
-**[Secure Drop](Chapter02-11-SecureDrop.md)**  
+**[Secure Drop](Chapter02-11-SecureDrop.html)** <br /> 
 SecureDrop is an anonymous whistleblowing tool designed to provide users with a high degree of protection from detection through Internet-based surveillance. This lesson plan covers the keys to using SecureDrop effectively: establishing a culture of security, setting up SecureDrop securely, and making sure sources know how to use it safely.
 
 
 ## What Is Not Included
 
-This guide doesn't currently include a guide to encrypting email with GPG or PGP. Why? It's hard to use, and history has shown that most folks don't use it properly. As Martin Shelton has pointed out, [newsrooms have better options](https://source.opennews.org/articles/how-lose-friends-and-anger-journalists-pgp/). However, there are use cases when GPG is the best option. If you want to [help build this resource](contributing.md), we welcome a lesson plan that introduces email encryption. There are a few good resources out there on the subject: This one, from [Riseup](https://riseup.net/en/security/message-security/openpgp/best-practices), is a good start.
+This guide doesn't currently include a guide to encrypting email with GPG or PGP. Why? It's hard to use, and history has shown that most folks don't use it properly. As Martin Shelton has pointed out, [newsrooms have better options](https://source.opennews.org/articles/how-lose-friends-and-anger-journalists-pgp/). However, there are use cases when GPG is the best option. If you want to [help build this resource](contributing.html), we welcome a lesson plan that introduces email encryption. There are a few good resources out there on the subject: This one, from [Riseup](https://riseup.net/en/security/message-security/openpgp/best-practices), is a good start.

docs/Chapter02-01-Mobile-Security-Settings.md

@@ -28,7 +28,7 @@ A white board, chalkboard or big sticky pads will help, but you can certainly ma
 
 ### How should the instructor prepare?
 
-Rview the materials, and review the [resources on how to be a better trainer](Chapter01-01-BeingABetterTrainer.md).
+Rview the materials, and review the [resources on how to be a better trainer](Chapter01-01-BeingABetterTrainer.html).
 
 ## Lesson Plan
 

docs/Chapter02-02-Locking-Down-Mobile.md

@@ -10,19 +10,19 @@ secure mobile communications.
 **Lesson duration:** 30 mins (estimated),  longer if some Android phones need to be encrypted.<br />
 **Level:** Intermediate. This session assumes participants are able to make a reliable backup of the key data on their phones and have done so very recently. If they haven't, you *should not* proceed.<br />
 
-**Gotcha:** Consider how much time you have available before choosing to do this session. Are all your participants’ devices either brand new or recently [backed up](Chapter02-04-Mobile-Backups.md)? Do you have 30+ minutes and a low participant to trainer ratio? If not, you may want to either do this session in two parts on subsequent days (cover mobile device backups where you cover encrypted backups on one day, then actual encryption on the second day), *or* you share a link on backups and require participants to complete (or verify cloud backups) *before* this session.
+**Gotcha:** Consider how much time you have available before choosing to do this session. Are all your participants’ devices either brand new or recently [backed up](Chapter02-04-Mobile-Backups.html)? Do you have 30+ minutes and a low participant to trainer ratio? If not, you may want to either do this session in two parts on subsequent days (cover mobile device backups where you cover encrypted backups on one day, then actual encryption on the second day), *or* you share a link on backups and require participants to complete (or verify cloud backups) *before* this session.
 
 **What will participants learn?**
 
-Participants will learn how to set up a secure lockscreen and encrypt their mobile device storage. In conjunction with the previous lesson on [mobile application permissions hygiene](Chapter02-01-Mobile-Security-Settings.md), this prepares the device for the installation and use of a secure messaging system.
+Participants will learn how to set up a secure lockscreen and encrypt their mobile device storage. In conjunction with the previous lesson on [mobile application permissions hygiene](Chapter02-01-Mobile-Security-Settings.html), this prepares the device for the installation and use of a secure messaging system.
 
 **What materials will participants need?**
 
 They’ll need their mobile devices (iPhone or Android) and device chargers.
 
 **How should participants prepare?**
 
-Everyone should back up their mobile devices before the workshop. If folks haven't done that or aren't confident that they're backing up everything they need, start with a session on [mobile backups](Chapter02-04-Mobile-Backups.md).
+Everyone should back up their mobile devices before the workshop. If folks haven't done that or aren't confident that they're backing up everything they need, start with a session on [mobile backups](Chapter02-04-Mobile-Backups.html).
 
 **What materials will the instructor need?**
 
@@ -48,7 +48,7 @@ Survey the room:
 -   How many have encryption set up?
 -   How many apply updates regularly?
 
-Spend some time on what makes a good passcode (length and randomness are good, birthdays and sequential numbers are bad). The [password](Chapter02-06-Passwords.md) lesson has more great resources on this question.
+Spend some time on what makes a good passcode (length and randomness are good, birthdays and sequential numbers are bad). The [password](Chapter02-06-Passwords.html) lesson has more great resources on this question.
 
 **Walkthrough**<br />
 Split people into groups by device types - instructions will differ for iOS vs Android. Everyone is going to ...
@@ -119,7 +119,7 @@ Have everyone open the Settings app and check  `About Phone > System Updates`. I
 -  Follow the on-screen instructions to apply any available updates.
 
 **Encrypt your device:**
-The process of encrypting a phone can take an hour or more. You should make sure that participants know their phone will be unavailable while it is being encrypted. Do not encourage anyone to encrypt their phone unless it is a new phone or they're 100% confident that everything on the [device is backed up](Chapter02-04-Mobile-Backups.md). If someone loses their authenticator app and doesn't have backup codes, they may have a very (very) difficult time restoring access. So just to reiterate: don't encourage anyone to encrypt their phone unless you're 100% confident that all the data and settings they need to restore their phone are backed up.
+The process of encrypting a phone can take an hour or more. You should make sure that participants know their phone will be unavailable while it is being encrypted. Do not encourage anyone to encrypt their phone unless it is a new phone or they're 100% confident that everything on the [device is backed up](Chapter02-04-Mobile-Backups..html). If someone loses their authenticator app and doesn't have backup codes, they may have a very (very) difficult time restoring access. So just to reiterate: don't encourage anyone to encrypt their phone unless you're 100% confident that all the data and settings they need to restore their phone are backed up.
 
 -  Make sure your device is fully charged and connected to its charger - encryption can take a while (an hour or more) and can not be interrupted once it starts.
 -   Open the Settings app and select `Security > Encrypt phone`.

docs/Chapter02-03-Setting-Up-Signal.md

@@ -1,12 +1,12 @@
 # Setting Up Signal
 
 ## Overview
-Signal is a secure messaging platform that utilizes end-to-end encryption. Participants should have already been through a [mobile application settings review](Chapter02-01-Mobile-Security-Settings.md) and added secure lock screens, to ensure that their device is now ready to use with a program like Signal.
+Signal is a secure messaging platform that utilizes end-to-end encryption. Participants should have already been through a [mobile application settings review](Chapter02-01-Mobile-Security-Settings.html) and added secure lock screens, to ensure that their device is now ready to use with a program like Signal.
 
 Benefits of Signal include the fact that they do not store your messages on their servers, participants can set their conversations to "self-destruct" and users can customize what information (contact name,
 message preview) is available on their phones lock screen.
 
-This lesson plan is intended to be taught as the third in a series, following [mobile app security settings](Chapter02-01-Mobile-Security-Settings) and [locking down mobile devices](Chapter02-02-Locking-Down-Mobile.md).
+This lesson plan is intended to be taught as the third in a series, following [mobile app security settings](Chapter02-01-Mobile-Security-Settings.html) and [locking down mobile devices](Chapter02-02-Locking-Down-Mobile.html).
 
 ## About This Lesson Plan
 
@@ -16,7 +16,7 @@ This lesson plan is intended to be taught as the third in a series, following [m
 
 ### Preconditions
 
-This lesson assumes users have already reviewed their [mobile app security settings](Chapter02-01-Mobile-Security-Settings), and walked through  [locking down mobile devices](Chapter02-02-Locking-Down-Mobile.md).
+This lesson assumes users have already reviewed their [mobile app security settings](Chapter02-01-Mobile-Security-Settings.html), and walked through  [locking down mobile devices](Chapter02-02-Locking-Down-Mobile.html).
 
 ### What will participants learn?
 
@@ -36,7 +36,7 @@ This lesson draws from both.
 
 Review the Verification process for [Android](https://ssd.eff.org/en/module/how-use-signal-android)  and [iOS](https://ssd.eff.org/en/module/how-use-signal-iOS).
 
-Review the [Glossary](docs/Chapter03-01-Glossary.md) to think about how you want to explain encryption to the group.
+Review the [Glossary](Chapter03-02-Glossary.html) to think about how you want to explain encryption to the group.
 
 Read [Signals, Intelligence](https://medium.com/@thegrugq/signal-intelligence-free-for-all-5993c2f72f90) for a good critique of some of the things Signal doesn't protect users against.
 

docs/Chapter02-04-Mobile-Backups.md

@@ -63,4 +63,4 @@ In addition to backing up to a cloud or web-based service, Android users can bac
 
 ### iOS Users
 
-*You can help us make this lesson stronger by [contributing](contributing.md) insights on backup strategies for iOS users.*
+*You can help us make this lesson stronger by [contributing](contributing.html) insights on backup strategies for iOS users.*