Merge pull request #20 from zenmonkeykstop/issue17

Updated formatting issues
OpenNewsLabs · Jan 14, 2018 · ebac153 · ebac153
2 parents 3eac04b + d1c16c2
commit ebac153
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 11 deletions.
diff --git a/docs/Chapter02-01-Mobile-Security-Settings.md b/docs/Chapter02-01-Mobile-Security-Settings.md
@@ -6,8 +6,8 @@ This is the first short training module in a series of three trainings dedicated
 ## About this lesson plan
 
 **Review date:** June 5, 2017  
-**Lesson duration:** 20-30 minutes
-**Level:** Introductory.
+**Lesson duration:** 20-30 minutes  
+**Level:** Introductory.  
 This session is for journalists who may not realize how many permissions they have given to the third-party apps on their phone, and for those who are not regularly doing good security hygiene on their devices.
 
 ### What will participants learn?
@@ -70,15 +70,15 @@ Open settings, go to **Privacy** (a small gray icon with a hand)
 
 **For Android users:**
 
-The process of checking application permission settings differs between Android versions.You can check `Settings > System > About Phone` if you want to know, or just get started.
+The process of checking application permission settings differs between Android versions. To find out which version of Android your phone is running, check `Settings > System > About Phone`.
 
 * Marshmallow (6.0) or later: Open `Settings > Apps`. Click the gear icon and open **App Permissions**. A list of permissions will be displayed including features such as Camera, Location, and Microphone, along with their current settings.
 * Android versions before 6.0:  Open `Settings > Apps` and select an app - you have to review permissions per app, rather than per-sensor.
 
 ![Android App Permissions](img/ch2-1/ch2-1-2.png)
 
 
-## Recommended Reaading
+## Recommended Reading
 
 ### Links in the news
 

diff --git a/docs/Chapter02-02-Mobile-Backups.md b/docs/Chapter02-02-Mobile-Backups.md
@@ -8,8 +8,8 @@ Getting everyone started backing up their phones is a great way to make sure eve
 ## About This Lesson Plan
 
 **Review date:** Dec 5, 2017  
-**Lesson duration:** This should take under an hour.
-**Level:** Introductory
+**Lesson duration:** This should take under an hour.  
+**Level:** Introductory  
 
 **What materials will participants need?**
 
@@ -31,6 +31,7 @@ Read [EFF on Harm Reduction](https://sec.eff.org/articles/harm-reduction) -- it'
 Everyone should take stock of what is actually on their phone that isn't already backed up. Most folks are syncing calendars and contacts with [Nextcloud](https://nextcloud.com/) or Google or iCloud or iTunes already, but if anyone isn't, start there.
 
 Have everyone go through the apps installed on their phones (this is also a fine time to think about deleting apps you don't use). Some things, like email, are easily restored from settings, but if you know you're going to do a hard reset on your phone, take a moment to make sure you have a record of those settings.
+
 + Social Media (eg. Tumblr, Twitter, What's App) is easy to restore if you know your login information.
 + Email often requires you to know a few settings.
 + Two Factor Authentication can really throw you -- if you're using 2FA open your authenticator app and make sure that you have backup codes for every service listed. If you aren't, make that sure that's one of your next sessions. :)
@@ -56,6 +57,7 @@ Everyone's backup strategy is going to be different. Your goal is to find a stra
 
 ### Android Users
 In addition to backing up to a cloud or web-based service, Android users can back up directly to a laptop or desktop via USB.  Just watch out for power-only USB cables that don't support data transfer. You should see a prompt inviting you to allow file transfer when you connect your phone to your laptop via USB -- it might be labeled "MTP" or "FTP". Once you accept that, your phone should mount as a drive on your laptop. If you're going to make a one-off backup like this, especially if you're going to be resetting your phone consider also ...
+
 + Export your contacts to a `.vcf` file (`Import/Export` is one of just four menu options) and back that up.
 + Most podcast apps will let you export an OPML file so you can restore your subscriptions.
 

diff --git a/docs/Chapter02-03-Locking-Down-Mobile.md b/docs/Chapter02-03-Locking-Down-Mobile.md
@@ -8,7 +8,7 @@ secure mobile communications.
 
 **Review date:** June 6 2017  
 **Lesson duration:** 30 mins (estimated),  longer if some Android phones need to be encrypted.  
-**Level:** Intermediate. This session assumes participants are able to make a reliable backup of the key data on their phones and have done so very recently. If they haven't, you *should not* proceed.
+**Level:** Intermediate. This session assumes participants are able to make a reliable backup of the key data on their phones and have done so very recently. If they haven't, you *should not* proceed.  
 
 **Gotcha:** Consider how much time you have available before choosing to do this session. Are all your participants’ devices either brand new or recently [backed up](Chapter02-02-Mobile-Backups.md)? Do you have 30+ minutes and a low participant to trainer ratio? If not, you may want to either do this session in two parts on subsequent days (cover mobile device backups where you cover encrypted backups on one day, then actual encryption on the second day), *or* you share a link on backups and require participants to complete (or verify cloud backups) *before* this session.
 
@@ -41,6 +41,7 @@ Consider setting a calendar appointment for a week after the training, to remind
 
 **Introduction**  
 Survey the room:
+
 -   Who’s lost their phone before? (Bonus points for the best story! If anybody lost theirs and got it back, might be a good time to ask if they were worried about the time it spent out of their control)
 -   Which device types people are using (iOS/Android/other? The "others" may need special attention)
 -   How many already have a passcode or password lock screen set up?
@@ -51,6 +52,7 @@ Spend some time on what makes a good passcode (length and randomness are good, b
 
 **Walkthrough**  
 Split people into groups by device types - instructions will differ for iOS vs Android. Everyone is going to ...
+
 + set a password or passcode,
 + review lockscreen notification settings,
 + check for system updates and apply them (or make a plan to apply them later). Note that system updates can sometimes take 20-30 minutes to download and install. In some cases it is more appropriate to
@@ -72,6 +74,7 @@ When you tackle *lockscreen notifications* keep in mind that some users may opt
 #### For iOS:
 
 **Set a passcode:**
+
 -   To set a passcode, open `Settings > Touch ID & Passcode` (it’s a little red icon with a fingerprint on it)
 -   If you already have a passcode in place, you will be asked to re-enter your existing passcode.
 -   Click "set passcode" to reset your passcode or create a new one. The default is a 6-digit code, but if you click "passcode options" you can also choose Custom Alphanumeric Code, Custom Numeric Code, and 4-Digit Numeric Code.
@@ -128,10 +131,12 @@ If anyone (or everyone) opted to put off applying system updates or encrypting t
 ## Recommended Reading
 
 **Other Great Tutorials and Curriculum**
+
 + [Why You Should Be Encrypting Your Devices and How to Easily Do It](http://fieldguide.gizmodo.com/why-you-should-be-encrypting-your-devices-and-how-to-ea-1798698901)(Gizmodo, Sept 2017)
 + Mobile Phone Settings from [Me and My My Shadow:Tactical Tech' Training Curriculum](https://myshadow.org/train)
 
 **Links in the News**
+
 + [John Kelly's personal cell phone was compromised, White House believe](http://www.politico.com/story/2017/10/05/john-kelly-cell-phone-compromised-243514), Politico, Oct 4, 2017
 
 *Note: it would be great to include a few links to stories about phone search and seizure here. If you want to help the curriculum grow, we'd love your help adding recommended reading links. [Submit an  issue](https://github.com/OpenNewsLabs/newsroom-security-curricula/issues) or a pull request if you have good links to add.
diff --git a/docs/Chapter02-04-Setting-Up-Signal.md b/docs/Chapter02-04-Setting-Up-Signal.md
@@ -11,8 +11,8 @@ This lesson plan is intended to be taught as the third in a series, following [m
 ## About This Lesson Plan
 
 **Review date:** June 6, 2017  
-**Lesson duration:** 15-30 minutes  
-**Level:** Beginner
+**Lesson duration:** 15-30 minutes   
+**Level:** Beginner  
 
 ### Preconditions
 This lesson assumes users have already reviewed their [mobile app security settings](Chapter02-01-Mobile-Security-Settings), and walked through  [locking down mobile devices](Chapter02-03-Locking-Down-Mobile.md).
@@ -28,6 +28,7 @@ Smartphone: iPhone or Android
 ### How can the trainer prepare?
 
 Two excellent resources on how and why journalists are moving to Signal:
+
 + [Martin Shelton on Signal for Beginners](https://medium.com/@mshelton/signal-for-beginners-c6b44f76a1f0) 
 + [Security Tips Every Signal User Should Know (The Intercept)](https://theintercept.com/2016/07/02/security-tips-every-signal-user-should-know/).
 This lesson draws from both.
@@ -53,6 +54,7 @@ The conversation should include some review of what Signal can protect (messages
 Real questions that users might have: who actually has access to your text messages? The answer is a bit complex. While it is relatively trivial for someone else to read messages sent in cleartext over a public wifi network, messages sent from your phone over the cell network are not as easily intercepted. However, your phone company does have access to the contents of all of your cleartext SMS messages, which means they can be subpoenaed or otherwise acquired by local police, the FBI, or the NSA. It is relatively well documented that the NSA has, historically, [swept up phone records in bulk](https://theintercept.com/2015/07/09/spying-internet-orders-magnitude-invasive-phone-metadata/). And that's just inside the US. Around the world, privacy protections can vary widely. And as long as privacy protection is legal, and not technical, individuals are vulnerable to changes in the law or to government overreach.
 
 If you're sure you don't mind the FBI reading all of your text messages there are still good reasons to encrypt them:
+
 + You might change your mind. And by using Signal now, you can ensure that it is there, and working, when you decide you need it.
 + Other people need it. The more people there are who use software, the easier it is to use. That's because the simple act of using a tool like Signal effectively creates community around that tool.
 + Privacy should be normal. If democracy activists and vulnerable journalists are the only ones encrypting their text messages, their communications stand out. But if everyone encrypts the boring stuff -- the 25 message exchange about who is bringing what to a holiday meal, the back and forth about what time to meet or the dressing room photo of a questionable coat -- then we all clear the way for vulnerable users to use encryption without standing out.

diff --git a/docs/Chapter02-07-Two-Factor-Authentication.md b/docs/Chapter02-07-Two-Factor-Authentication.md
@@ -10,8 +10,8 @@ This lesson plan will introduce key concepts about 2FA, and guide you through th
 ## About This Lesson Plan
 
 **Review date:** Dec 2017  
-**Lesson duration:** 30 mins (estimated)
-**Level:** Introductory.
+**Lesson duration:** 30 mins (estimated)  
+**Level:** Introductory.  
 
 **Gotcha:** Make sure participants have a reliable strategy for keeping backup codes, so they don't get wholly locked out of their accounts.