Resources for the global digital safety training community.

  1. Home
  2. Trainers' Curriculum
  3. Safer Browsing
  4. HTTPS and SSL
  5. We Are the Internet

Activity & Discussion: We Are the Internet

Credits DJ, Lindsay Beck Last Updated 2015-03

The purpose of this interactive activity session is to illustrate how information is requested and delivered online, demonstrating basic concepts of how the Internet works as a whole. It also helps participants understand much we expose about ourselves online.

ADIDS Element

Activity and Discussion

Parent Topic(s)

HTTPS and SSL

Duration

30-45 minutes

Materials to Prepare

  • Markers
  • Pens
  • Notepads
  • Index cards or large post-its
  • Envelopes
  • Tape, any kind
  • Cheap plastic sunglasses (Optional)
  • Antennae (Optional)
  • Cell phone(s) or stand-in props (Optional)

Prior to the session trainer(s) will need to write the following words in big letters, on index cards or large post-it notes - each index card or post-it represents a “role” that a participant will play in this activity, so make sure that you create enough so that there is one for each person.

The Access Points will be the next step in the chain from the Researchers - they might be Access Points in a home, a library, or a workplace. You’ll need at least two - one to be a WiFi router, and the other a mobile phone.

Choose the number of researchers and queried webservers according to the number of participants you have; trainer(s), or any support staff, can help fill in if you fall short a bit:

  • Researcher(s)
  • Access Point
  • Mobile Network Provider (just one)
  • Local ISP for Country 1
  • National ISP for Country 1
  • National ISP for Country 2
  • Local ISP for Country 2
  • Website for each site visited (Wikipedia, Yahoo!, Google, etc.)
Trainer’s Note

This Activity has two scenarios - one required scenario for a standard connection, and a second optional scenario for connections using HTTPS and SSL. If using this Activity and Discussion for the Safer Browsing - HTTPS and SSL module, the second scenario is required.

Running the Activity

Step 1: Assigning Researchers and Websites

Ask for 2-3 volunteers from the group to represent Researchers, and have them stand together on one side of the room. These volunteers will carry pens and notepads to represent they are researchers, and will use the notepads to write down requests of websites. Then, ask for 2-3 volunteers to represent popular Websites (e.g. Google, Yahoo!, Wikipedia, etc.) and directs them to stand together at the opposite side of the room.

Optional

If they are popular websites, they could wear cool sunglasses (up to the trainer).

Step 2: Assigning Access Points

Make an announcement to the group…

Help the remaining participants form a line between the Researchers and the Websites - for each of the researchers, request at least two volunteers to be Access Points. Announce that these peoeple are now Access Points, like a Wi-Fi router in their office or home.

Hand one of the Access Points an index card or post-it for that role; for the remaining participant, give them a post-it or index card that says Mobile Phone.

Optional

Trainer can use whatever they like to identify those acting as Access Points, such as asking the person to wear antennae. The more humorous the activity, the better it will be!

Step 3: Assigning Remaining Roles

The remaining participants will play the other links in the “chain” of an Internet connection, with each person wearing or holding a card that identifies them as…

  • Mobile Network Provider (just one)
  • Local ISP for Country 1
  • National ISP for Country 1
  • National ISP for Country 2
  • Local ISP for Country 2

Trainers can decide how many cards to issue. The purpose is not for the participants to learn the terms, but for them to understand that no one connects directly to a website; there are many links in the chain. Participants should also gain a sense of having to circumvent at a national level.

Step 4: Scenario for a Standard Connection

Now, explain that we have all now formed a simulation of the Internet right in this very room - you’ll then guide participants through the following scenario:

Ask the Researchers to each think of a question that they would like to ask the Websites - maybe these are questions for a paper or a talk they are working on, for example. Ask them to write their question on a piece of paper.

  • So that everyone knows where each index card goes, they should start their questions with Dear Google, Dear Yahoo!, Dear Wikipedia, etc.

Have participants pass their cards to the Access Point, the first link in the chain that is the Internet. The Access Point person will now have all the index cards with questions in their hand. Now ask the group…

Okay Access Point, how do you know where to send each card?
  • Hopefully the participant sees “Dear (website name)” at the top of each card - they should confirm that they will need to send each index card to its designated website.

Now you can respond…

“Great! How will you know where each card came from?”
  • Here, the trainer can suggest that the Access Point write the location of each person who handed him or her a card - for example, “right”, “left” and “center” researchers. Encourages the Access Point to hand the cards, one at a time, to Local ISP 1 person, saying…
Please give this to Google” (or Wikipedia, etc.)

…and so on, down the line. At this point, stop the traffic and ask Local ISP 1…

“Great! How will you know where each card came from?”
  • The trainer can suggests that ISP writes the word “Access Point X” on each card. To save time, other participants in this activity do not have to write where the cards came from - the goal is just to illustrate that a network doesn’t function unless users (and devices) have unique addresses.

Ask Local ISP 1 to hand each card, one at a time, to the next person, National ISP 1 who calls out…

I got a card for Google” (or Wikipedia, etc.)!
  • National ISP 1 then hands each card, as they call them out, to National ISP 2, who will then do the same before handing each card off to Local ISP 2, who will then also do the same before finally handing each Website their card. This is usually a humorous moment as more than one person may be calling out at the same time.

When people representing various Websites eventually receive their index cards, they should send a reply that begins…

Dear (Researcher on the left, right or center), here is your answer…

…and then send them back. When Access Point successfully delivers each index card with its answer to each participant, they should congratulate themselves with applause! With participants still standing, the trainer can ask the participants…

  • What did the websites know about the index cards they received - what information was exposed?
  • What did Access Point know? What did the ISPs and other links in the chain know?
  • Could the Websites have received the index cards that were intended for them if the cards didn’t say “Dear (website)”?
  • Could the Researchers have received a reply from the Websites, if the Websites didn’t know where they were?
  • Did everyone in the chain see where the index cards were going and where they came from?

Explain before moving onto the Discussion session, this is a very simplified version of what happens on the Internet and the kinds of information we include every time we click on a link. Instead of index cards, we send out “packets” that contain lots of data/code that can identify us.

Step 5: Scenario for HTTPS and SSL Connection (Optional)

Illustrating an SSL (Secure Socket Layer) Connection

This optional portion of the Activity illustrates the security that is provided by an SSL – also called HTTPS – connection. With the participants remaining in their original spots, the trainer will need an envelope that is large enough to contain one of the index cards. The envelope should have the labels “To” and “From” written on it.

Explain that, with the addition of the envelope, some information is still known – for instance that the Researcher is still writing to the website (e.g. Google or Yahoo!), but the content of what is being sent is not visible before it reaches its destination.

Ask the Researcher to repeat the steps of the original activity. As the envelope is passed from person to person, the trainer can ask each participant what they know about the envelope…

Where did it come from? Where is it going? What is being asked?

Explain that the most common secure connection is Secure Sockets Layer – or SSL for short, and this is now available from several popular email and social networking sites. It does not hide all information, but it does hide some.

Hand the envelope to one of the Researchers and ask him or her to place their index card inside. The trainer then asks the participant to fill in the “To” and “From” fields on the outside of the envelope before sealing it.

Explain that the Activity so far has helped illustrate what is exposed over an insecure or unprotected connection. We see most websites over this type of connection, though some websites offer is a more secure connection.

Leading the Discussion

With the activity completed, trainers may wish to have participants sit in a circle or a semi-circle, so they can address one another. The following questions may help start the discussion. Trainers are welcome to add to this list or improvise as they see fit.

  • Did the activity you just participated in show you anything you didn’t know about the Internet?
  • In your work, what kinds/categories of information should be kept private when you use the Internet to visit websites?
  • Would we ever care about someone knowing what search terms we type into a search engine, what websites we visit, what we post in a blog or social network?
  • Do you know of examples here, in this country, where it was clear that the Internet was not private? (Trainers need to engage participants in a discussion about surveillance)
  • Have you heard of surveillance in other countries. Have you followed these stories and what lessons have you drawn from them?
  • Have you ever changed your online habits because of what you heard about online monitoring and surveillance?
Should we expect privacy when we surf the Web or should we assume that nothing is private, ever? If participants think it is a mix, engage them in a discussion about what things they think should be private and what things are ok to be public?