Cryptoparty/2018/June

Cryptoparty Reboot - 16 June 2018

attendees

  • jenny, lesley, bill, sierk, gabby, alexis, toast, mai

Wiki: https://sudoroom.org/wiki/Cryptoparty Mailing List: http://lists.sudoroom.org/listinfo/cryptoparty

notes

  • alexis works with techactivist.org - outreach and education for activists
  • offensive-security.com - training by the makers of Kali
  • bill - wary of using Tor for false assurances - eg web browsing identifiers
  • bill: always going to be a "well actually" douchebag at every cryptoparty - how to deal with the know-it-all taking over the cryptoparty / making it alienating for those who most need the education
    • alexis: got excellent training on that from Khalil __ (missed it) - cutting off soliloquoy and redirecting back to the convo, invite to converse after the workshop, etc
      • bill: having knowledge and skills doesn't make one able to be an educator - match technical knowledge with
    • mai: best cryptoparties i've been to set expectations right at the beginning, code of conduct, "no such thing as stupid questions",
  • alexis: always make sure to emphasize how using Tor/VPNs can impact your web traffic
  • gabby: I've been using a VPN and it's been slowing my web browsing very significantly
    • bill: There's not particularly a correlation between speed and security of VPNs. Suggests reviewing thatoneprivacysite.net to compare VPNs
  • bill: i always make sure to emphasize there's no such thing as 100% secure - eg; endpoints can be hacked - tho you can continue to improve
    • mai: using metaphors helps a lot -
  • toast: get a list going of things people would like to see in messaging apps. EFF probably has this. brainstorming suggestions
  • alexis: best to try and work with what people already use, hard to get people to adopt new things
    • eg; facebook has encrypted messaging - most people don't know about it - "make conversation secret"
  • bill - hushmail - big security vulnerability - can target a specific population to backdoor the service (eg by IP address) - protonmail has this same problem

previous cryptoparties

  • lesley: trying to do it every month was just too often. sam moved away...
  • jnny: just no capacity at a certain point - to do the outreach, hold the space, get someone super infosec-savvy to be present in the event of complex problems someone brings
  • gabby: outreach-teaching event one month, training trainers / working group another month. could also have just two of us host it every month
  • jnny: having equal # tech/sec-savvy and people coming to learn is great, can pair people off
  • bill - don't want to call it a cryptoparty as it draws the wrong people (people who already know what they're doing)
  • mai: could do it more thematically, eg "Secure your mobile communications" - narrowing framing would enable us to teach better and target a more specific audience
  • sierk: users teaching users, Drupal meetups, [missed this]
  • bill: narrowing focus great way to bring people out
    • lesley: could have different talks set up ahead of time. got me interested was looking up things, the acronyms etc
      • jenny: maybe make that a ground rule, don't abuse acronyms.
        • bill: or just state that "we'll be covering a lot of things, but everything we're talking about is in the handout
  • gabby: didn't know exactly what a cryptoparty was - didn't expect

what to learn/teach

web browsing

email

operating systems

VPNs

Clearing up Misconceptions

  • Using Signal securely
  • Vulnerabilities of PGP
  • No 100% security - endpoints can be hacked

resources to create/build

  • piratebox with software for faster downloads
  • handouts:
  • code of conduct


resources for trainers

next digital security wkshp

  • August 19th (edit: unfortunately this did not happen. will shoot for October!)