It looks like you're having connection troubles. Reconnect now.
01/02/2015 19:25:31
Public Pad Latest text of pad 7rJKafAxkt Saved Jan 2, 2015 |
Participants:
Anton, Graz, an.to_n-73@riseup.net, 0xA2A97D7D,
Yuval, TLV, yuval@y3xz.com, 271386AA2EB7672F
Eelco, Amsterdam, eelco@hotting.nl, 0x791EB13F406A6F3B
Fred, Hamburg, hallo@cryptoparty-hamburg.de, 0xB960EC68
Petter, Umeå, pettter@acc.umu.se 0xD8363776E1BF1597 congress-GSM 2517
Marie, Berlin, marie.gutbub@systemli.org, 0x4c5980f4bb86a00a
Christian, Berlin, dawning_sun@mailbox.org, E215 FA04 3B3A 5E0B E6A3 4E65 1816 EADC BA98 5D1E, Congress-GSM: 2610
Patrik, Stockholm, pawal@blipp.com, 0xdbffe2d7b76249f2
Fabian, Bielefeld, fabian.kurz@digitalcourage.de, 0x315DFB0A
Jens, Ingolstadt, jens.stomber@gmx.de, 0x6951B4FA
Topics:
- Handbook as a verbose, not neccesarily useful resource
- House cryptoparties group of 5-10 friends
--> page in german and english: https://www.cryptoparty.in/berlin/living_room
- How to deal with the different kinds of hardware/OS'es that visitors bring
- How to organize those parties? Exchanging best practices
-AktivCongrez: https://shop.digitalcourage.de/aktivcongress-20115-1.html
Privacy Cafe (NL): Cooperation with public Libraries
Non-mandatory sign-up form (demanded by libraries)
Poblems with Win8 machines
Cryptoparty Köln/Bonn: Event for journalists
Jens (Ingolstadt): Ask for info about hardware / OS before Party
- Put dates of ucoming parties on https://www.cryptoparty.in/parties/upcoming
- How-To add your own CryptoParty: https://www.cryptoparty.in/parties/add-a-date
--> Christian (dawning_sun) is more than glad to help you with it
- Ask universities for rooms
- Possibility for anonymity important (no mandatory signing-up etc)
- No need for detailled planning, "Self organisation" :-)
- Luxemburg: Announcement via meetup (?), overcrowded party, participants new the topic
- NL: Advertisement for parties at schools, public institutions ...
- Berlin: Ask motivated participants to come back and enter the organisation
- Individual decision for non-mandatory sign-up form for preparation of party (devices, OS ...)
- Hamburg: promise to delete data of sign-up process. Information before party for preparation is helpful (programs to install etc. ...)
- NL: Flyers for Privacy Cafe, Location: Cafes and bars in libraries
- Question: Need for best-practice Cryptoparty HowTo in written form, e. g. guidelines, experiences ... ?
- No mandatory "standards", every cryptoparty is very individual
- Cryptoparty: Non-political, no political direction
- Privacy cafe: Requests from political parties and companies. No commercial aims, tell the compabies how to do this themselves
- Discussion: May an event only for women take the name "Cryptoparty"? => Exclusion of men etc..
- SE: Paid for talk at journalist association,
- Hamburg: Good experience with guidelines, "protecting the brand", Request from political party: Can call it Cryptoparty, but needs to be open, Refuse of public school throwing paid cryptoparties
- Guidelines are important to keep less-desired people out (political radicals, trolls etc)
- No lever to enforce the commitment to the rules
- Final objective: Get the people to encrypt their stuff
- Yuval: Content of cryptoparty (Tor, OTR, PGP). Do we address the right topics? Other topics like threat modelling?
- Luxemburg: Individual topics, dependent on participants, e. g. one Facebook session
- NL: Tell the people about the risks of mass surveillance, create motivation to keep their privacy, FSFE E-Mail seld defense guide
- Frankfurt: Teach a mindset, teach best practices.
- SE: No "complete" security, every little bit helps
- NL+Ingolstadt: Many more messaging tools in Post-Snowden era
- NL: General audience at privacy cafe, not afraid of NSA, more concerned about kids on FB, neighbors knowing something, online banking security etc.
- Luxemburg: Address normal people, not the "super digital activist" etc. The right tools for the individual needs
- Huge knowledge gap of normal users, show pictures where which data flows to (Google, Bluffdale ...)
Question: Get the people. Everybody listens to the lectures about surveillance, almost nobody acts afterwards
- General problem to motivate people to do encryption in practice
- Do not focus on NSA and mass surveillance, keep the secret services
- Concept of compartementialisation (different nicks fo different needs)
- Workshop at NDR: Half of room cleared out after talk. Journalists said afterwards, he would need somebody to explain instead he was there
- Most journalists do not talk to whistleblowers, no high danger during communication
- Frankfurt: Release non-perfect software, encryption with possible errors is better than no encryption.
- Do not intimidate visitors too much
- Know your limits, journalists in real danger shall consult experts, _not_ the local crytoparty
- Experience with visitors from non-democratic countries: Give a short introduction, raise awareness
- Fit the IT security to the threat level
- Users must feel good with applied IT security, even if it is plaintext e-mail
-
THE END: Keysigning
Thanks for reading
- existing materials: https://github.com/cryptoparty
-Hamburg material: https://github.com/ccchh/Cryptoparty-Slides
(^^^ if anyone wants/needs github write access, email Yuval)
--> add your own, remix existing stuff (yay Creative Commons License)
- another great handbook alternative: http://www.tcij.org/resources/handbooks/infosec
Recommended Sessions (Go there or watch the stream):
GnuPG in use with smart cards (Werner Koch, Maintainer GnuPG)
DO! NOT! TRACK! (Antitracking Firefox)
Talk on Monday: "Trackography" @ 10 pm:
