Working title: CryptoParty
The Cryptoparty is an event where everyone learns and shares their knowledge about digital privacy. Participants will learn how much information about us and our online activity can be collected by Wi-Fi owners, Internet service providers, governments, online services we use, and malicious subjects in cyberspace. We will discuss how much information we leave behind unknowingly and what these digital traces are, how they compromise our privacy and anonymity, and what we can do to protect ourselves from specific adversaries. We will demonstrate how we can start to exchange encrypted e-mails and how to start encrypted group chats (instant messaging). We will also help participants install privacy protection tools in their devices. The Cryptoparty workshop is for everyone – even those who have no experience with or knowledge about Internet privacy. All you need to do is bring your device – a laptop and/or a smartphone and join us!
At the cryptoparty workshop, the essentials of how the internet works will be quickly explained to all participants, so that they can understand from where privacy threats come and from what instance. We will then facilitate the installation of privacy protection tools on participant devices that will help them achieve higher levels of privacy protection, security and anonymity online. Participants are kindly advised to bring some of devices they use be it laptop or/and smartphone. Each participant will be able to choose to get acquainted with one or all privacy protection tools from the following list:
0] Backup and file encryption is very important (especially due to cryptolocker ransomware). Making periodical backups that are stored offline or unconnected and encrypted in the cloud is the only alternative to preventing losing important files. Local file encryption and online backups with both symmetric and asymmetric encryption algorithms will be demonstrated. Now with locally encrypted backups you can use some cloud services to sync pre-encrypted data backups to sync them securely on cloud.
1] This will give a nice intro to network protection, encryption and anonymisation tools such as TLS/HTTPS, Proxy, VPN, Tor, and discuss what each of them can protect you from. This section will include the practical part of using Tor and/or VPN on your device.
2] Then we will talk about more secure operating systems, what can users do to further secure their current operating system. This part can include practical beginning of using Tails.
3] We have to say something about web browsers and their threat models, since they are most used programs for everyday communication and informing.
4] Email will be our most important topic, introducing GPG/OpenPGP and programs that implement it. Explaining how it works, what part of email it protects and from whom. Alternative email providers and alternatives to centralized email system will be mentioned.
5] Need for secure instant messaging and/or group messaging will be covered introducing OTR and OMEMO protocols and clients for desktop and mobile phones that do support them. This should also be done practically with participants.
6] Video and voice communication can be secured with ZRTP and SRTP protocols, and software implementing it will be presented. Also, there are alternative decentralized encrypted video and voice communication.
7] This part can include guidelines for creating secure passwords, and managing your password across devices.
8] SMS/MMS protection can be applied by using apps based on Signal protocol for mobile phones.
9] GSM/Location privacy. KillYourPhone solution will be presented.
10] Checking validity of downloaded files and programs from the Internet with digital signatures and hash functions sha256, sha512 (obsolete and broken hash function that should not be used: sha1, md2, md4, md5)
- Arandjel Bojanovic, ISOC Serbia, Hacklab Belgrade
- Chivintar Amenty, YouthDIG
- Liora, Hackerspace BIH
- Aleksej Jocic, Hacklab Belgrade