I think the majority of the time ought to be showing real-world examples of why these things matter.

Stores use your phone's bluetooth to track your shopping

Smart doorbells will gladly send your footage to police without your permission

Target knew a teenager was pregnant based on shopping habits

Mozilla has a solid breakdown of how your car is spying on you

The goal being to give them something lasting. So next time they interact with this tech they remember what you told them, and maybe start a privacy journey of their own.

It really depends how basic and how "general public" we're talking. At work I've had multiple people email me their credit card details in plaintext. That might fall into the "beyond help" category.

A few points I think are important:

• Use an adblocker

• Use a password manager

• Don't connect things to the internet that don't need to be connected to the internet

• If it needs to be connected to the internet, keep it up-to-date

I think that covers the basics without impacting convenience too much. While I personally think that your TV is something that doesn't need to be connected to the internet, I imagine most laypeople wouldn't agree with me and do it anyway.

One class for one hour is not much time at all. To get the most out of it, I would actually try to keep the scope as narrow as possible. I would really dig into these two things:

Password management (make good passwords, use a pw-manager to avoid reusing a pw, change passwords regularly)

Spotting social engineering (I would spend at least 2/3 of the class on this topic) this is by far the most common vector through which people get hurt by poor tech literacy. If you want to do the most good for the most people I would recommend focusing on drilling this skill.

I'd spend much of it selling them on Linux (mint is really not bad to use/install these days), libreoffice, lemmy (for the upvotes), Signal, Matrix, Jellyfin, and some of the amazing free phone games.

Let people know there are alternatives. So they migrate comfortably the next time a garbage product comes out, and are willing to look+donate when a new thing comes out that could/should be free as in freedom.

Security is mostly theatre, and the average person probably isn't under much threat even doing everything wrong. But slightly more informed as a consumer and user could really make a positive impact on their lives + those around them.

Maybe take some audience participation. Whip out true people search dot com or another data broker, and use their name or phone number. Show them how much of their info is out there and how a stalker or malicious player could obtain a ton of info about them. Problem is then if people go “but I have nothing to hide” and that’s a deeper conversation.

Ignore the people saying 1 hour won't cut it. You have to keep it to an hour or you lose your audience.

I did a security talk at my last job and realized all I was creating was a bunch of scary slides. Went back to focus on actionable responses; What can the user do to defend themselves?

Here are six topics you can probably do in about ten minutes each.

• Password manager
• Avoid password reuse
• Basic phishing prevention
• Adblocking (be sure to mention private DNS on phones to block ads in apps)
• Reasons to prefer websites to apps
• Scam recognition (if there's time - the concepts are similar to phishing)

I'd mention Firefox in the adblocking section, but getting them to use anything will be a big win.

Never plug a random USB drive you find laying on the ground into any device you own.