Participants: Anton, Graz, an.to_n-73@riseup.net, 0xA2A97D7D, Yuval, TLV, yuval@y3xz.com, 271386AA2EB7672F Eelco, Amsterdam, eelco@hotting.nl, 0x791EB13F406A6F3B Fred, Hamburg, hallo@cryptoparty-hamburg.de, 0xB960EC68 Petter, Umeå, pettter@acc.umu.se 0xD8363776E1BF1597 congress-GSM 2517 Marie, Berlin, marie.gutbub@systemli.org, 0x4c5980f4bb86a00a Christian, Berlin, dawning_sun@mailbox.org, E215 FA04 3B3A 5E0B E6A3 4E65 1816 EADC BA98 5D1E, Congress-GSM: 2610 Patrik, Stockholm, pawal@blipp.com, 0xdbffe2d7b76249f2 Fabian, Bielefeld, fabian.kurz@digitalcourage.de, 0x315DFB0A Jens, Ingolstadt, jens.stomber@gmx.de, 0x6951B4FA Topics: - Handbook as a verbose, not neccesarily useful resource - House cryptoparties group of 5-10 friends --> page in german and english: https://www.cryptoparty.in/berlin/living_room - How to deal with the different kinds of hardware/OS'es that visitors bring - How to organize those parties? Exchanging best practices -AktivCongrez: https://shop.digitalcourage.de/aktivcongress-20115-1.html Privacy Cafe (NL): Cooperation with public Libraries Non-mandatory sign-up form (demanded by libraries) Poblems with Win8 machines Cryptoparty Köln/Bonn: Event for journalists Jens (Ingolstadt): Ask for info about hardware / OS before Party - Put dates of ucoming parties on https://www.cryptoparty.in/parties/upcoming - How-To add your own CryptoParty: https://www.cryptoparty.in/parties/add-a-date --> Christian (dawning_sun) is more than glad to help you with it - Ask universities for rooms - Possibility for anonymity important (no mandatory signing-up etc) - No need for detailled planning, "Self organisation" :-) - Luxemburg: Announcement via meetup (?), overcrowded party, participants new the topic - NL: Advertisement for parties at schools, public institutions ... - Berlin: Ask motivated participants to come back and enter the organisation - Individual decision for non-mandatory sign-up form for preparation of party (devices, OS ...) - Hamburg: promise to delete data of sign-up process. Information before party for preparation is helpful (programs to install etc. ...) - NL: Flyers for Privacy Cafe, Location: Cafes and bars in libraries - Question: Need for best-practice Cryptoparty HowTo in written form, e. g. guidelines, experiences ... ? - No mandatory "standards", every cryptoparty is very individual - Entry on https://www.cryptoparty.in/31c3 : Improve the writte recommendations - Cryptoparty: Non-political, no political direction - Privacy cafe: Requests from political parties and companies. No commercial aims, tell the compabies how to do this themselves - Discussion: May an event only for women take the name "Cryptoparty"? => Exclusion of men etc.. - SE: Paid for talk at journalist association, - Hamburg: Good experience with guidelines, "protecting the brand", Request from political party: Can call it Cryptoparty, but needs to be open, Refuse of public school throwing paid cryptoparties - Guidelines are important to keep less-desired people out (political radicals, trolls etc) - No lever to enforce the commitment to the rules - Final objective: Get the people to encrypt their stuff - Yuval: Content of cryptoparty (Tor, OTR, PGP). Do we address the right topics? Other topics like threat modelling? - Luxemburg: Individual topics, dependent on participants, e. g. one Facebook session - NL: Tell the people about the risks of mass surveillance, create motivation to keep their privacy, FSFE E-Mail seld defense guide - Frankfurt: Teach a mindset, teach best practices. - SE: No "complete" security, every little bit helps - NL+Ingolstadt: Many more messaging tools in Post-Snowden era - NL: General audience at privacy cafe, not afraid of NSA, more concerned about kids on FB, neighbors knowing something, online banking security etc. - Luxemburg: Address normal people, not the "super digital activist" etc. The right tools for the individual needs - Huge knowledge gap of normal users, show pictures where which data flows to (Google, Bluffdale ...) Question: Get the people. Everybody listens to the lectures about surveillance, almost nobody acts afterwards - General problem to motivate people to do encryption in practice - Do not focus on NSA and mass surveillance, keep the secret services - Concept of compartementialisation (different nicks fo different needs) - Workshop at NDR: Half of room cleared out after talk. Journalists said afterwards, he would need somebody to explain instead he was there - Most journalists do not talk to whistleblowers, no high danger during communication - Frankfurt: Release non-perfect software, encryption with possible errors is better than no encryption. - Do not intimidate visitors too much - Know your limits, journalists in real danger shall consult experts, _not_ the local crytoparty - Experience with visitors from non-democratic countries: Give a short introduction, raise awareness - Fit the IT security to the threat level - Users must feel good with applied IT security, even if it is plaintext e-mail - THE END: Keysigning Thanks for reading - existing materials: https://github.com/cryptoparty -Hamburg material: https://github.com/ccchh/Cryptoparty-Slides (^^^ if anyone wants/needs github write access, email Yuval) --> add your own, remix existing stuff (yay Creative Commons License) - another great handbook alternative: http://www.tcij.org/resources/handbooks/infosec Recommended Sessions (Go there or watch the stream): GnuPG in use with smart cards (Werner Koch, Maintainer GnuPG) https://events.ccc.de/congress/2014/wiki/Session:GnuPG_in_use_with_smart_cards DO! NOT! TRACK! (Antitracking Firefox) Talk on Monday: "Trackography" @ 10 pm: https://events.ccc.de/congress/2014/Fahrplan/events/6299.html