Greetings cryptoparty comrades old and new!
A few of us met back in June to discuss rebooting digital security
workshops at sudo room - and oh my, I just discovered these notes in my
Drafts folder >_<
AND we didn't get it together for our proposed first workshop date, August
19th.
Shall we aim to host one in October or November?
Recorded for posterity at: https://sudoroom.org/wiki/Cryptoparty/2018/June
<3jnny
*--*
*Cryptoparty Reboot - 16 June 2018*
= attendees =
* jenny, lesley, bill, sierk, gabby, alexis, toast, mai
Wiki: https://sudoroom.org/wiki/Cryptoparty
Mailing List: http://lists.sudoroom.org/listinfo/cryptoparty
= notes =
* alexis works with techactivist.org - outreach and education for activists
* offensive-security.com - training by the makers of Kali
* bill - wary of using Tor for false assurances - eg web browsing
identifiers
* bill: always going to be a "well actually" douchebag at every cryptoparty
- how to deal with the know-it-all taking over the cryptoparty / making it
alienating for those who most need the education
** alexis: got excellent training on that from Khalil __ (missed it) -
cutting off soliloquoy and redirecting back to the convo, invite to
converse after the workshop, etc
*** bill: having knowledge and skills doesn't make one able to be an
educator - match technical knowledge with
** mai: best cryptoparties i've been to set expectations right at the
beginning, code of conduct, "no such thing as stupid questions",
* alexis: always make sure to emphasize how using Tor/VPNs can impact your
web traffic
* gabby: I've been using a VPN and it's been slowing my web browsing very
significantly
** bill: There's not particularly a correlation between speed and security
of VPNs. Suggests reviewing thatoneprivacysite.net to compare VPNs
* bill: i always make sure to emphasize there's no such thing as 100%
secure - eg; endpoints can be hacked - tho you can continue to improve
** mai: using metaphors helps a lot -
* toast: get a list going of things people would like to see in messaging
apps. EFF probably has this. brainstorming suggestions
* alexis: best to try and work with what people already use, hard to get
people to adopt new things
** eg; facebook has encrypted messaging - most people don't know about it -
"make conversation secret"
* bill - hushmail - big security vulnerability - can target a specific
population to backdoor the service (eg by IP address) - protonmail has this
same problem
== previous cryptoparties ==
* lesley: trying to do it every month was just too often. sam moved away...
* jnny: just no capacity at a certain point - to do the outreach, hold the
space, get someone super infosec-savvy to be present in the event of
complex problems someone brings
* gabby: outreach-teaching event one month, training trainers / working
group another month. could also have just two of us host it every month
* jnny: having equal # tech/sec-savvy and people coming to learn is great,
can pair people off
* bill - don't want to call it a cryptoparty as it draws the wrong people
(people who already know what they're doing)
* mai: could do it more thematically, eg "Secure your mobile
communications" - narrowing framing would enable us to teach better and
target a more specific audience
* sierk: users teaching users, Drupal meetups, [missed this]
* bill: narrowing focus great way to bring people out
** lesley: could have different talks set up ahead of time. got me
interested was looking up things, the acronyms etc
*** jenny: maybe make that a ground rule, don't abuse acronyms.
**** bill: or just state that "we'll be covering a lot of things, but
everything we're talking about is in the handout
* gabby: didn't know exactly what a cryptoparty was - didn't expect
= what to learn/teach =
== web browsing ==
* orbot - tor for mobile - initiated by Guardian Project, now officially
Tor Project?
** orfox - tor browser for android - Guardian Project -
https://guardianproject.info/apps/orfox/
** firefox focus - app that essentially enables you to always be browsing
incognito
** firefox quantum - multi container add-on -
https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/?sr…
- create different containers for eg facebook, google, etc
* HTTPS Everywhere - download separately and then deliver it to the browser
- offline signing process
== email ==
* protonmail - encrypts email in transit (still shows plantext in browser)
- https://protonmail.com/
* mailvelope - add-on for GMail encryption - https://www.mailvelope.com/en
* riseup - and the canary: https://riseup.net/en/canary
== operating systems ==
* qubes - "A reasonably secure operating system" - https://www.qubes-os.org/
** like having multiple containers/Virtual Machines (VMs)
** network VM separate from application VM
* tails - https://tails.boum.org/
== VPNs ==
* can be fast and secure, slow and insecure, fast and insecure, etc;
** https://thatoneprivacysite.net/ -
https://thatoneprivacysite.net/simple-vpn-comparison-chart/
== Clearing up Misconceptions ==
* Using Signal securely
* Vulnerabilities of PGP
* No 100% security - endpoints can be hacked
= resources to create/build =
* piratebox with software for faster downloads
* handouts:
** anonyzebra zine? (see https://sudoroom.org/wiki/Cryptoparty /
https://sudoroom.org/mediawiki/images/1/11/Anonyzebra.jpg )
** for different levels of security / threat models (eg average users,
* code of conduct
= resources for trainers =
* EFF's Security Education Companion - https://sec.eff.org/
*
= next digital security wkshp =
* August 19th
--
Jenny
Help open a professional kitchen at the Omni Commons in Oakland!
https://omnicommons.org/kitchen
`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`
"Technology is the campfire around which we tell our stories."
-Laurie Anderson
"Storytelling reveals meaning without committing the error of defining it."
-Hannah Arendt
"To define is to kill. To suggest is to create."
-Stéphane Mallarmé
"Anything done for the first time unleashes a demon."
--Dave Sim, "Cerebus the Aardvark"
~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`
In case anyone on the cryptoparty(a)lists.sudoroom.org list is interested in
this, see message below sent to info(a)sudoroom.org
---------- Forwarded message ----------
From: camden murtagh <camdenmurtagh(a)gmail.com>
Date: Tue, Jul 14, 2015 at 12:47 PM
Subject: [sudo-info] CryptoParty
To: info(a)sudoroom.org
Hello
My name is Camden Murtagh and I am with the RSA Conference, the leading
global conference in everything cyber security. It is a 5 day conference
held in San Francisco around the end of February where the leaders of the
industry come to discuss the current state of Cyber Security. I am looking
to put on a Cryptoparty during one of the nights of the conference and
after looking over your website I was wondering if you guys feel you'd be
equipped and or interested in hosting a cryptoparty at the conference. If
not would you be able to point me in the direction of someone who would be
able to help me out.
Thank you for your time.
- Camden
_______________________________________________
Info mailing list
Info(a)lists.sudoroom.org
https://sudoroom.org/lists/listinfo/info
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
Join us at sudo room this Sunday from 2-5pm for a cryptoparty -
journalist edition. We'll overview tools for preserving anonymity, and
demoing open source whistleblower tools such as SecureDrop.
We'll also be going over the usual subjects, such as PGP email
encryption, hard drive encryption ans mobile security.
Learn more and view the soon-to-be-posted schedule here:
https://sudoroom.org/wiki/Cryptoparty
Cheers,
Jenny
http://jennyryan.nethttp://sudomesh.orghttp://thevirtualcampfire.orghttp://technomadic.tumblr.com
`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`
"Technology is the campfire around which we tell our stories."
- -Laurie Anderson
"Storytelling reveals meaning without committing the error of defining
it."
- -Hannah Arendt
"To define is to kill. To suggest is to create."
- -Stéphane Mallarmé
~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTUPTnAAoJEHTWWpBUSeDhpyUH+gN5PMZrYVBt4waZaFt9IQKP
n/pCRPjmCdBHlzhaJ0ooTGTTMv5wiV5xgbmSjfopiSlTO7IFt/8KWJOnX+kgWzBd
1yQ6Jtl3G4Tz+oHvmO8tNPOqjxZqa7giOV2tuLv7VGQBiOHfPdgFjzWG0+078+Z/
wFeECerZW6NwuoubST+SoCYJD7xipmoDApeW+tasA2HL7J8mAlMTOOCsVVJsnIpM
aspWluEyXtUpoAc+sKc+UDvP/d2rTt7GNmScFLN+N1BMFUEV/03PLF7b2OVLnpbR
otuR/hMZRxpZpdxBi8YMcl7ZAOLYlHFFKW737xorPdyBl3UUZ6ke10oJX7VHS7U=
=fwQQ
-----END PGP SIGNATURE-----
Hi!
Might I suggest pulling names of potential groups off of Oakland Wiki?
We've done a lot to map/list collectives/co-ops/free/sharing spaces that
could be of interest to you...
http://oaklandwiki.org/tags/oaklandmapjam (this is your best bet, though we
may have missed some groups from the following lists...)
http://oaklandwiki.org/tags/cooperativeshttp://oaklandwiki.org/tags/collective
I also know that the SR event Mass Effect generated a list of said types of
spaces. I haven't had a moment yet to transfer any missing ones to OW:
https://sudoroom.org/wiki/Mass_effect
w00t,
V
2014-03-28 12:00 GMT-07:00 <cryptoparty-request(a)lists.sudoroom.org>:
> Send Cryptoparty mailing list submissions to
> cryptoparty(a)lists.sudoroom.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.sudoroom.org/listinfo/cryptoparty
> or, via email, send a message with subject or body 'help' to
> cryptoparty-request(a)lists.sudoroom.org
>
> You can reach the person managing the list at
> cryptoparty-owner(a)lists.sudoroom.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Cryptoparty digest..."
>
>
> Today's Topics:
>
> 1. Cryptoparty outreach/targeting planning (William Gillis)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 27 Mar 2014 19:16:15 -0700
> From: William Gillis <rechelon(a)riseup.net>
> To: cryptoparty(a)lists.sudoroom.org
> Subject: [Cryptoparty] Cryptoparty outreach/targeting planning
> Message-ID: <5334DB6F.40807(a)riseup.net>
> Content-Type: text/plain; charset=ISO-8859-1
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi folks,
>
> We've been talking for a long time about targeting cryptoparties at
> specific communities, maybe doing one at a radical mosque, another at a
> high school, another at an anarchist infoshop. And of course we don't
> need to go anywhere, with the right contacts we could organize a
> training/handholding day for journalists or any other industry at Sudoroom.
>
> In order to bite off such a big task though, we'll need to organize! To
> sit down, get a map of our personal resources / contacts / capacity,
> decide on what to do first, and then coordinate outreach. This requires
> a meeting! But it doesn't have to be painful. We can make food, do it in
> a park, whathaveyou.
>
> Last cryptoparty a couple of us talked about meeting up again this
> sunday, but that date no longer works for me. Is there a better time for
> people on this list?
>
> If not, :( , can you at least give us a summary of any resources /
> contacts / capacity within certain at risk communities you might have?
>
> https://sudoroom.org/wiki/Cryptoparty
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.14 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBAgAGBQJTNNtvAAoJEOAgxFe/8oPKejMP/3ItnAvYEVYHWES2IRTosv+0
> KVvHFThsY4Trtse2JYlBv2M/Zpze7L0kG03V3akhRuSfTnTzAiwPEPhX17lxvbJy
> JNituXzgLwCI7VWPy8sSq4vPTGSrvxtme/YiKu61kNMycYrRV7vb1TXMrg63RuXy
> L2NyPn02at9+wGJaGsbYuGvO8n8BML6RbWdtCZc+kjN7/1lW3iCeUTbrzEhQ4XHl
> PRD9GFOUDI9CBk/EaMfKLGcQf9BC0y92vA33Pp1I72UdBSSh31rMbv0BAjbsfP+K
> fjmB8NHPG3XMxY7ty6ibiG+rCJ05QSGYnxcVjc54U1qFkP3dWKuQQaFYLvawWMnJ
> UQouXqscSa6CmG/nRX2EAU7ux3Kf4oJl+99kT8xQY7q+z6CLnng3zM1aEUxkH973
> cCeX4Zu3LzUMjQFWZhgMb2Rs3c6ASQHgMCWfgXDSvtly+6ytaZW3cL6TEjr/laP0
> GorauVAmSZBkC+2Z2LRpdf6O0r9nqOoXwMQC2zHLmlrADjK0UTeAfZpEVCxarZIl
> hNs1XirtC5P9VhWF34Lbsakc2JhO8ZOg20MA70YVxXKTgttcqR4iSZsav42y9HAg
> Qw9VMeWHSES67dQxvsyF5Pv5uic8b0jXLBp/Oxu+AYxcb82m6dVr1YLlEZAExcqF
> Sj7hbSo4JfG6eNtnAUDW
> =3ha3
> -----END PGP SIGNATURE-----
>
>
>
> ------------------------------
>
> _______________________________________________
> Cryptoparty mailing list
> Cryptoparty(a)lists.sudoroom.org
> https://lists.sudoroom.org/listinfo/cryptoparty
>
>
> End of Cryptoparty Digest, Vol 5, Issue 4
> *****************************************
>
Come on by this afternoon and learn about digital security, encrypt your
communications, make some anti-NSA/pro-crypto buttons, and join us for a
GPG keysigning party!
All skill levels welcome!
Hope to see you there!
-Jenny
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
It's that time of month again! Join us at sudo room on Sunday between
2-5pm for another cryptoparty, in which we co-learn and co-work on
digital security. Have an idea for a workshop, discussion or a
lightning talk? Add to https://sudoroom.org/wiki/Cryptoparty :-)
Feel free to just show up, also. We've been creating the agenda ad-hoc
based on what people are interested in talking and learning about, and
it's been really fun learning and teaching this way.
Looking forward!
Jenny
http://jennyryan.nethttp://sudomesh.orghttp://thevirtualcampfire.orghttp://technomadic.tumblr.com
`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`
"Technology is the campfire around which we tell our stories."
- -Laurie Anderson
"Storytelling reveals meaning without committing the error of defining
it."
-Hannah Arendt
"To define is to kill. To suggest is to create."
- -Stéphane Mallarmé
~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTIm0LAAoJEHTWWpBUSeDhSe4H/jdIAgz3Lg/76/8BKm4mmHfs
DPfmQDkG0MsjcjGnuiZbv0/V+b4c7sPNbmY4fmFwEVw6YvfHIzWviUN9HA8g5vLz
s2/6qQXP/mkgYoejp4rkYnHIF/T4QWBUGfKU9ioMtD+BHBMkVYRDN8I63jCGp3dG
m4Unb/KjYudPHmI4GSJezJemYHeQ+kjnz9fFX+Rq/tiK5J398hRXC677zdmtyDEd
6D5/h0VgHQKtb1xEe07T31a9dFNcTpl6rqJsgRFbkxnwlus48Jqvg9Xpt3NgJBdd
eZfIjpq0MbSGBRDAWNK8+s7mJ2seIoQj0bym+0UnGY4fmtcdOlGyiYH2xWpbS+g=
=UPqK
-----END PGP SIGNATURE-----
---------- Forwarded message ----------
From: Vicky Knox <vknoxsironi(a)gmail.com>
Date: 2014-02-21 16:57 GMT-08:00
Subject: Cryptoparty article live on Oakland Wiki!
To: Sudo Room discuss <sudo-discuss(a)lists.sudoroom.org>
I dunno why we didn't already have it! Please add/link to it! ;]
http://oaklandwiki.org/Cryptoparty
ALSO, the Oakland Wiki DAC article now has a subsection called Privacy
Resources. Please add! ...or maybe we need another OW page altogether.
http://oaklandwiki.org/Domain_Awareness_Center#Resources
