I think the majority of the time ought to be showing real-world examples of why these things matter.

Stores use your phone’s bluetooth to track your shopping

Smart doorbells will gladly send your footage to police without your permission

Target knew a teenager was pregnant based on shopping habits

Mozilla has a solid breakdown of how your car is spying on you

The goal being to give them something lasting. So next time they interact with this tech they remember what you told them, and maybe start a privacy journey of their own.

Maybe take some audience participation. Whip out true people search dot com or another data broker, and use their name or phone number. Show them how much of their info is out there and how a stalker or malicious player could obtain a ton of info about them. Problem is then if people go “but I have nothing to hide” and that’s a deeper conversation.

Here are six topics you can probably do in about ten minutes each.

• Password manager
• Avoid password reuse
• Basic phishing prevention
• Adblocking (be sure to mention private DNS on phones to block ads in apps)
• Reasons to prefer websites to apps
• Scam recognition (if there’s time - the concepts are similar to phishing)

I’d mention Firefox in the adblocking section, but getting them to use anything will be a big win.

How to wipe devices before disposing of them.

Critical thinking. The best security is useless if the user clicks the first crypto-locker posing as a harmless security update. That said, you can’t fix stupid. Some people are just destined to be fleeced by people with more acumen and less scruples than them.

It really depends how basic and how “general public” we’re talking. At work I’ve had multiple people email me their credit card details in plaintext. That might fall into the “beyond help” category.

A few points I think are important:

• Use an adblocker

• Use a password manager

• Don’t connect things to the internet that don’t need to be connected to the internet

• If it needs to be connected to the internet, keep it up-to-date

I think that covers the basics without impacting convenience too much. While I personally think that your TV is something that doesn’t need to be connected to the internet, I imagine most laypeople wouldn’t agree with me and do it anyway.

One class for one hour is not much time at all. To get the most out of it, I would actually try to keep the scope as narrow as possible. I would really dig into these two things:

Password management (make good passwords, use a pw-manager to avoid reusing a pw, change passwords regularly)

Spotting social engineering (I would spend at least 2/3 of the class on this topic) this is by far the most common vector through which people get hurt by poor tech literacy. If you want to do the most good for the most people I would recommend focusing on drilling this skill.

The most common misconceptions in my experience:

“Why do I care? I’ve got nothing to hide and they have all our data anyway.”

“Isn’t open source less safe if everyone can see how it’s made?”

“Email is safe because only I have the password.”

I’d debunk those and give examples and tips. I’d also briefly tell them about the concept of social engineering and what to look out for. And if there’s time mentioning password managers couldn’t hurt.

teaching them how to recognize online scams, even people with degrees will for the oldest scams out there.

I’d spend much of it selling them on Linux (mint is really not bad to use/install these days), libreoffice, lemmy (for the upvotes), Signal, Matrix, Jellyfin, and some of the amazing free phone games.

Let people know there are alternatives. So they migrate comfortably the next time a garbage product comes out, and are willing to look+donate when a new thing comes out that could/should be free as in freedom.

Security is mostly theatre, and the average person probably isn’t under much threat even doing everything wrong. But slightly more informed as a consumer and user could really make a positive impact on their lives + those around them.

https://biggaybunny.tumblr.com/post/166787080920/tech-enthusiasts-everything-in-my-house-is-wired

Also: don’t download the app, use the web site https://idiallo.com/blog/dont-download-apps

Ignore the people saying 1 hour won’t cut it. You have to keep it to an hour or you lose your audience.

I did a security talk at my last job and realized all I was creating was a bunch of scary slides. Went back to focus on actionable responses; What can the user do to defend themselves?

https://mullvad.net/en/why-privacy-matters

Probably show them “have i been pwned” to get their attention first

I don’t think the general public will walk away caring much no matter what you say. I’m not trying to dismiss your question. Though I can say from personal experience, that an hour isn’t enough time to convince most non-techie people to change their online habits at all.

Most people I’ve talked to about any of those topics essentially already has a vague idea that it’s an issue, but they just kinda shrug since nothing’s happed to them yet and they think its probably too late anyway.