ChaosPad V1.1
Full screen

Server Notice:


Public Pad Latest text of pad 7rJKafAxkt Saved Jan 2, 2015

Anton, Graz,, 0xA2A97D7D,
Yuval, TLV,, 271386AA2EB7672F
Eelco, Amsterdam,, 0x791EB13F406A6F3B
Fred, Hamburg,, 0xB960EC68
Petter, Umeå,  0xD8363776E1BF1597 congress-GSM 2517
Marie, Berlin,, 0x4c5980f4bb86a00a
Christian, Berlin,, E215 FA04 3B3A 5E0B E6A3  4E65 1816 EADC BA98 5D1E, Congress-GSM: 2610
Patrik, Stockholm,, 0xdbffe2d7b76249f2
Fabian, Bielefeld,, 0x315DFB0A
Jens, Ingolstadt,, 0x6951B4FA
- Handbook as a verbose, not neccesarily useful resource
- House cryptoparties group of 5-10 friends
    --> page in german and english:
- How to deal with the different kinds of hardware/OS'es that visitors bring
- How to organize those parties? Exchanging best practices
Privacy Cafe (NL): Cooperation with public Libraries
Non-mandatory sign-up form (demanded by libraries)
Poblems with Win8 machines
Cryptoparty Köln/Bonn: Event for journalists
Jens (Ingolstadt): Ask for info about hardware / OS before Party
- Put dates of ucoming parties on
    - How-To add your own CryptoParty:
        --> Christian (dawning_sun) is more than glad to help you with it
- Ask universities for rooms
- Possibility for anonymity important (no mandatory signing-up etc)
- No need for detailled planning, "Self organisation" :-)
- Luxemburg: Announcement via meetup (?), overcrowded party, participants new the topic
- NL: Advertisement for parties at schools, public institutions ...
- Berlin: Ask motivated participants to come back and enter the organisation
- Individual decision for non-mandatory sign-up form for preparation of party (devices, OS ...)
- Hamburg: promise to delete data of sign-up process. Information before party for preparation is helpful (programs to install etc. ...)
- NL: Flyers for Privacy Cafe, Location: Cafes and bars in libraries
- Question: Need for best-practice Cryptoparty HowTo in written form, e. g. guidelines, experiences ... ?
- No mandatory "standards", every cryptoparty is very individual
- Entry on : Improve the writte recommendations
- Cryptoparty: Non-political, no political direction
- Privacy cafe: Requests from political parties and companies. No commercial aims, tell the compabies how to do this themselves
- Discussion: May an event only for women take the name "Cryptoparty"? => Exclusion of men etc..
- SE: Paid for talk at journalist association, 
- Hamburg: Good experience with guidelines, "protecting the brand", Request from political party: Can call it Cryptoparty, but needs to be open, Refuse of public school throwing paid cryptoparties
- Guidelines are important to keep less-desired people out (political radicals, trolls etc)
- No lever to enforce the commitment to the rules
- Final objective: Get the people to encrypt their stuff
- Yuval: Content of cryptoparty (Tor, OTR, PGP). Do we address the right topics? Other topics like threat modelling?
- Luxemburg: Individual topics, dependent on participants, e. g. one Facebook session
- NL: Tell the people about the risks of mass surveillance, create motivation to keep their privacy, FSFE E-Mail seld defense guide
- Frankfurt: Teach a mindset, teach best practices. 
- SE: No "complete" security, every little bit helps
- NL+Ingolstadt: Many more messaging tools in Post-Snowden era
- NL: General audience at privacy cafe, not afraid of NSA, more concerned about kids on FB, neighbors knowing something, online banking security etc.
- Luxemburg: Address normal people, not the "super digital activist" etc. The right tools for the individual needs
- Huge knowledge gap of normal users, show pictures where which data flows to (Google, Bluffdale ...)
Question: Get the people. Everybody listens to the lectures about surveillance, almost nobody acts afterwards
- General problem to motivate people to do encryption in practice
- Do not focus on NSA and mass surveillance, keep the secret services 
- Concept of compartementialisation (different nicks fo different needs)
- Workshop at NDR: Half of room cleared out after talk. Journalists said afterwards, he would need somebody to explain instead he was there
- Most journalists do not talk to whistleblowers, no high danger during communication
- Frankfurt: Release non-perfect software, encryption with possible errors is better than no encryption.
- Do not intimidate visitors too much
- Know your limits, journalists in real danger shall consult experts, _not_ the local crytoparty
- Experience with visitors from non-democratic countries: Give a short introduction, raise awareness
- Fit the IT security to the threat level
- Users must feel good with applied IT security, even if it is plaintext e-mail
THE END: Keysigning
Thanks for reading
- existing materials:
(^^^ if anyone wants/needs github write access, email Yuval)
    --> add your own, remix existing stuff (yay Creative Commons License)
- another great handbook alternative:
Recommended Sessions (Go there or watch the stream):
GnuPG in use with smart cards (Werner Koch, Maintainer GnuPG)
DO! NOT! TRACK! (Antitracking Firefox)
Talk on Monday: "Trackography" @ 10 pm: