Proxy: Using Board Games to Educate Young People About Privacy and Security Measures

[mozfest-bot]

[ UUID ] 1ca28605-93bd-439e-8bf0-ba9e5da450b9

[ Session Name ] Proxy: Using Board Games to Educate Young People About Privacy and Security Measures [ Primary Space ] Youth Zone [ Secondary Space ] Privacy and Security

[ Submitter's Name ] Azza El Masri [ Submitter's Affiliated Organisation ] SMEX

[ Other Facilitator 1's Name ] Grant Baker

What will happen in your session?

Participants will play Proxy, the board game that we have developed to teach Lebanese youth about privacy and security. The game, which will have been played by various groups of young people in Lebanon prior to Mozfest, is a competition between the “hacker” and a team of three activists, each with a unique identity and skillset. We would like to run a ninety minute session, where a few groups play the game for the first sixty minutes (fifteen minutes to explain, forty five minutes of playing time) and then not only propose changes to our specific game, but also think about the core issues board games like this should address.

What is the goal or outcome of your session?

We want people in the community to think about how board games like the one we've developed, or other offline tools, can teach young people about privacy and security. We also aim to refine Proxy to more accurately teach Lebanese youth about the measures they should be adopting as the government continues to crack down on free speech. Some of the questions will be more technical (i.e is it smart to promote two-factor authentication as a solution) and some will be more existential (i.e can activists really ever win against the threat of a hacker). Having experts in the field answer these questions after it has already been tested will allow the game to be both playable and informative.

Time needed

90 mins

[gbaman]

Azza/Grant, do you have details of this game (especially pictures) online anywhere?

Also, if you only got a 60 min session, what would you change?

[GrantBaker22]

Hi Andrew,

Sincere apologies for the delayed response, we just saw this. Azza didn't get a GitHub notification and my account was not connected to the proposal. We hope you are still considering applications. We intended to put rules in the initial answers, but due to the word limit constraints, we couldn't. We have been workshopping this game in earnest for two months now and we are on the third (and likely final) draft of the game (picture of the rough board attached, we will have a final version of the board by the Mozfest). There is no information online because the game is still not public, but we intend to put it online when it is..

As for the rules: The game is a competition between the hacker and three activists. The game starts with Activist 1's turn. Each activist starts with four action cards and at the start of the turn, Activist 1 rolls the die twice and receives one of five statistics: speed, intelligence, privacy, knowledge, security, which correspond to number on the die. Then, Activist 1 plays an action card, which can add points to one of their five statistics, redistribute statistics, encourage teamwork and awareness, or in some way harms the hacker. A typical action card would be something along the lines of "the activist begins using 2FA" or "the activist sets up a Signal account unattached to a phone number", and then the activist might gain a set number of privacy and or security points. An activist may gain knowledge points if they "attend a training" or something along those lines. Activist 2 and Activist 3 would then follow the same steps as Activist 1. All the activists must pay two of each statistic to go up one safety level. For the third, and final safety level, the activists need to play two of each statistic along with three security stats. The activists win if they reach three safety levels.

The hacker's turn begins when they roll the die, which decreases the corresponding activists statistic. Then the hacker plays a hacker card, which would read something like "the hacker uses SSID to locate one of the activists" and this might allow them to place a "target counter" on one of the activists. Activists also receive a target counter when they do not have any counters on a single statistic. When an activist has three target counters, the hacker gains a piece of information (GPS location, email passphrase, or mobile pin) about each activist and when the hacker has three pieces of information about each activist, the activist is eliminated. The hacker wins when all activists are eliminated. After the activists and the hackers have their respective turns, an event card is drawn, which denotes a random happening that either threatens the activists, threatens the hacker, or has a neutral effect. For example, "X email server improves their security," which would have a positive effect on the activists.

Bear with me, the cards are a bit more dynamic then I am making them seem, but this is the general spirit. We have spent most of the two months making the game playable and working on the numbers in order to ensure that the game moves quickly. One of the chief benefits of Mozfest would be that it would allow us to make the descriptors of each cards as descriptive and relevant as possible in a potential second draft of the game or at least a second draft of the cards.

With regards to sixty minutes, that would work for us. We almost certainly would not finish the game as gameplay usually takes 70 minutes, but by the first 20 minutes, every player who we have tested this with has gotten the gist and that is without incredibly compelling descriptions of each card. Therefore, a 60 minute session would give us 15 minutes to introduce the game and let people arrive, 30 minutes of actual gameplay, and 15 minutes for feedback. Additionally, we would develop a form for each participant so we could get extended suggestions on ways we could improve the game. Thanks for your comment and I hope we're not too late. Please let us know if you have any questions.

(First picture: hacker angle, second picture: full board view, third picture: activist angle) ![Uploading IMG_8874-1.jpeg…]()

[chadsansing]

@GrantBaker22, would you please let us know if you would be able to attend MozFest without a stipend?

[GrantBaker22]

Hi Chad,

I think the answer is likely no if we would have to cover airfare, hotel, and per diems, but we will check with our executive director before we give a final answer. Also, just to clarify, are you asking if either facilitator would be able to attend without a stipend, or just me? Thanks.

[chadsansing]

In cases where we offer stipend, it is generally for 1 facilitator per session. Thank you for checking on this, @GrantBaker22!

[GrantBaker22]

Ok good to know, thanks for the heads up. If you need any other materials, please don't hesitate to let us know. And we will continue to provide updates on the game in this thread until a decision is made.

[chadsansing]

Any updates from your ED, @GrantBaker22?