CryptoParty 2018

From EuroDIG Wiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

5 June 2018
Consolidated programme 2018

CryptoParty-Logo

Working title: CryptoParty

Session teaser

The cryptoparty workshop showcases responses to today's digital privacy challenges that every user can include in their online routines and regain great deal of control over her own privacy going forward. Thanks to Snowden's revelations, we all have been made aware of how our communication is intercepted daily. Our private data collected whenever and wherever possible. During the cryptoparty, we will visually document threat models and explain in simple terms the technologies designed to deal with the particular threats. We will offer hands-on secure solutions to email, messaging group chat, and other types of communication on popular platforms like Gnu/Linux, Windows, Mac, Android, iOS. Anonymous online presence and searching will be covered as well as GSM location privacy. Take back your power and privacy as an internet user!

Keywords

privacy, encryption, anonymity, PGP, GPG, OTR, Tor, Omemo, VPN, ZRTP, SRTP, Tails, passwords, RSA, cryptoparty

Session description

At the cryptoparty workshop, the essentials of how the internet works will be quickly explained to all participants, so that they can understand from where privacy threats come and from what instance. We will then facilitate the installation of privacy protection tools on participant devices that will help them achieve higher levels of privacy protection, security and anonymity online. Participants are kindly advised to bring some of devices they use be it laptop or/and smartphone. Each participant will be able to choose to get acquainted with one or all privacy protection tools from the following list:

0] Backup and file encryption is very important (especially due to cryptolocker ransomware). Making periodical backups that are stored offline or unconnected and encrypted in the cloud is the only alternative to preventing losing important files. Local file encryption and online backups with both symmetric and asymmetric encryption algorithms will be demonstrated. Now with locally encrypted backups you can use some cloud services to sync pre-encrypted data backups to sync them securely on cloud.

1] This will give a nice intro to network protection, encryption and anonymisation tools such as TLS/HTTPS, Proxy, VPN, Tor, and discuss what each of them can protect you from. This section will include the practical part of using Tor and/or VPN on your device.

2] Then we will talk about more secure operating systems, what can users do to further secure their current operating system. This part can include practical beginning of using Tails.

  • Having this knowledge participants can start using Tails OS for further practical workshop examples of communication and data protection but are not limited to that option.

3] We have to say something about web browsers and their threat models, since they are (in our view and practice) most used programs for everyday communication and informing.

4] Email will be our most important topic, introducing GPG/OpenPGP and programs that implement it. Explaining how it works, what part of email it protects and from whom. Alternative email providers and alternatives to centralized email system will be mentioned.

5] Need for secure instant messaging and/or group messaging will be covered introducing OTR and OMEMO protocols and clients for desktop and mobile phones that do support them. This should also be done practically with participants.

6] Video and voice communication can be secured with ZRTP and SRTP protocols, and software implementing it will be presented. Also, there are alternative decentralized encrypted video and voice communication.

7] This part can include guidelines for creating secure passwords, and managing your password across devices.

8] SMS/MMS protection can be applied by using apps based on Signal protocol for mobile phones.

9] GSM/Location privacy. KillYourPhone solution will be presented.

10] Checking validity of downloaded files and programs from the Internet with digital signatures and hash functions sha256, sha512 (obsolete and broken hash function that should not be used: sha1, md2, md4, md5)

Format

Workshop

Further reading

Until . Links to relevant websites, declarations, books, documents. Please note we cannot offer web space, so only links to external resources are possible. Example for an external link: Main page of EuroDIG

People

  • Nikola Todorovic, Hacklab Belgrade, Cryptoparty.rs
  • Petar Simovic, ISOC Serbia, Cryptoparty.rs
  • Marko Jovanovic, Hacklab Belgrade, Cryptoparty.rs
  • Arandjel Bojanovic, ISOC Serbia, Hacklab Belgrade
  • Désirée Miloshevic, ISOC Serbia, Hacklab Belgrade, ISOC Board of Trustees

Get involved!

If you would just like to leave a comment feel free to use the discussion-page here at the wiki. Please contact wiki@eurodig.org to get access to the wiki.