[ANNOUNCE] CryptoParty, 2015-02-12 21:30:00+08:00

[m...@vikramverma.com]

CryptoParty is a decentralized, global initiative to introduce basic
cryptography tools - such as the Tor anonymity network, public key
encryption (PGP/GPG), and OTR (Off The Record messaging) - to the
general public.

Mostly that's been realised through public workshops; in three weeks we
are hosting one:

* HackerspaceSG, 344B King George's Avenue
* 2015-02-12 21:30:00+08:00

Please join! Further:

* If you are willing and available to share your knowledge of anonymity
and privacy tools with others, please indicate so in this thread.

* If you know of others in town who might benefit from such knowledge,
please encourage they attend.

Cheers,

[Tomas Forgac]

I'd love to :-) Do you need details now? 

I'm no hacker, but if it's aimed at beginners, I could tell a bit about stuff I use (PGP and its integration with Gmail or Thunderbird, Threema - it still blows my mind how few people here use it, Jitsi/OSTN/Jabber, TextSecure/Redphone/Signal, Diskcryptor FDE) or stuff I'd like to look at more closely like I2P and of course Bitcoin :-)

T

--
--
Chat: http://hackerspace.sg/chat

---
You received this message because you are subscribed to the Google Groups "HackerspaceSG" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hackerspaces...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[vi]

> I'd love to :-)

<3

> Do you need details now?

I'm not sure what this question is referencing, so for totality:

Anyone who intends to attend should feel free to do so without notification: if
we run into problems with capacity, I think we can move to the roof with short
notice (?); I recognise no other valid purpose for that information; my
enumeration also came up with social evidence (overbalanced by privacy
considerations) and low turn-out (two's a crowd, right?). What do you think?

I asked that those intending to present give advance notification mostly to
avoid redundant preparation, but again this is not a hard requirement. You're
all welcome to announce your intention to share any time up to and during the
event.

> I'm no hacker, but if it's aimed at beginners, I could tell a bit about
> stuff I use (PGP and its integration with Gmail or Thunderbird, Threema -
> it still blows my mind how few people here use it, Jitsi/OSTN/Jabber,
> TextSecure/Redphone/Signal, Diskcryptor FDE) or stuff I'd like to look at
> more closely like I2P and of course Bitcoin :-)

Thank you! As far as competence is concerned: if you can walk through setting up
and use of a tool, and you can communicate the attacks it helps mitigate, you're
knowledgeable enough to present it.

[Tomas Forgac]

Cool. Count me in, I wanted to do such overview for a long time anyway, so finally I'll force myself to do it. If there's only one additional person who will learn how to protect his/her data, it's worth it imo.

The question was based on my assumption, that you would like to announce it with program to make sure it's interesting. If yes, I can send a few bulletpoints.

T

[vi]

> Cool. Count me in, I wanted to do such overview for a long time anyway, so
> finally I'll force myself to do it. If there's only one additional person
> who will learn how to protect his/her data, it's worth it imo.

Sweet, what on? Everything you listed?

[Tomas Forgac]

Yup, plus sharing invitations to keybase.io for those interested (want one btw.)?

T

[nameless`]

Hi,

Count me in ! I can share some knowledge (beginner and advanced) on the
following topics :

* HardDisk / PenDrive encryption using truecrypt
* Mail Signing and Encryption using GnuPG or enigmail for thunderbird
* SMS encryption using TextSecure
* understanding the 'S' behind httpS (what is a certificate, what are
the authorities, how to check that a connection is secure, https
everywhere plugin)
* Securing a wireless home router
* Setting up a tunnel with OpenVPN
* Escaping (or limiting the effect of) the web panopticon using browser
plugins and good practice (NoScript, Ghostery, cookies, etc.)
* Understanding TOR (technical talk or just example of usage)
* Installing and using Tails (Tor-oriented Linux distribution)
* Installing CyanogenMod on a mobile phone
* Self-hosting (plugcomputer + owncloud, yunohost or similar distribution)
* Also I can do a quick technical talk, beginner-oriented (or advanced)
on network security (passive vs active attack, mitm, metadata
(dns,ip,headers), web analytics) or on understanding what it is,
technically, surfing the web.

Feel free to drop me an email If any question on any other topic so that
I can prepare softwares and materials.

Cheers,


--
send me encrypted mails !
Contact : https://breizh-entropy.org/~nameless/random/ID/

[vi]

Tomas sez:
> Yup

That sounds to me like it could be prohibitively dense, but if you think
you can pull it off, then great!

nameless` sez:
> * HardDisk / PenDrive encryption using truecrypt

TrueCrypt is unmaintained, and the previous maintainers have recommended
moving to other solutions. As far as I know we don't why that happened,
but it is wildly held to be compromised. I don't recognise any real fair
contenders to its place, though; I'm fond of 'cryptsetup', but it's
interface is atrocious. So I recommend holding off on this for now.

> * Mail Signing and Encryption using GnuPG or enigmail for thunderbird

Sounds good, high priority, but overlaps with Tomas' proposal; I suggest
you resolve that between yourselves.

> * SMS encryption using TextSecure

Sounds good, high priority, but overlaps with Tomas' proposal.

> * understanding the 'S' behind httpS (what is a certificate, what are
> the authorities, how to check that a connection is secure, https
> everywhere plugin)

Yes please!

> * Securing a wireless home router

What kinds of attacks do you have in mind?

> * Setting up a tunnel with OpenVPN

Yes please!

> * Escaping (or limiting the effect of) the web panopticon using browser
> plugins and good practice (NoScript, Ghostery, cookies, etc.)

This is definitely important, but I don't understand there to be
established best practices here yet, particularly post-Panopticlick.
Convince me otherwise?

> * Understanding TOR (technical talk or just example of usage)

Yes please! Usage is more topical here than protocol details, though
that technical knowledge would be useful in clearing up common
misconceptions (the role of middle relays, anonymity vs. security..)

> * Installing and using Tails (Tor-oriented Linux distribution)

Yes please!

> * Installing CyanogenMod on a mobile phone

Yes please!

> * Self-hosting (plugcomputer + owncloud, yunohost or similar distribution)

I haven't played with these distributions at all, how much of this
depends on competence as a UNIX system administrator?

> * Also I can do a quick technical talk, beginner-oriented (or advanced)
> on network security (passive vs active attack, mitm, metadata
> (dns,ip,headers), web analytics) or on understanding what it is,
> technically, surfing the web.

Yes please!

[Shubham Goyal]

​Hi,

TrueCrypt is unmaintained, and the previous maintainers have recommended
moving to other solutions. As far as I know we don't why that happened,
but it is wildly held to be compromised. I don't recognise any real fair
contenders to its place, though; I'm fond of 'cryptsetup', but it's

interface is atrocious. So I recommend holding off on this for now.​

I would like to point your attention to Steve Gibson's thoughts on this matter​ - https://www.grc.com/misc/truecrypt/truecrypt.htm I agree with him :)

Thanks.

Warmest Regards,

Shubham

[nameless`]

On 22/01/2015 13:15, vi wrote:
> ...

> Sounds good, high priority, but overlaps with Tomas' proposal; I suggest
> you resolve that between yourselves.
>
>> * SMS encryption using TextSecure
> Sounds good, high priority, but overlaps with Tomas' proposal.

If there is more than one person attending the party, then having more
than one instructor is certainly a good thing

>
>> * understanding the 'S' behind httpS (what is a certificate, what are
>> the authorities, how to check that a connection is secure, https
>> everywhere plugin)
> Yes please!
>

>> * Securing a wireless home routerhttps://www.grc.com/misc/truecrypt/truecrypt.htm

> What kinds of attacks do you have in mind?

First, there are still a whole lot of people you still use WEP to secure
their WiFi (which is easily cracked in about 30 seconds to 5 minutes)
Second, it is more a good practice than a technical point but it is
always surprising to see how easily a rogue access point simply labeled
"Starbuck Free Wifi" would attract users who are in need of their
facebook fix :)

>> * Setting up a tunnel with OpenVPN
> Yes please!
>
>> * Escaping (or limiting the effect of) the web panopticon using browser
>> plugins and good practice (NoScript, Ghostery, cookies, etc.)
> This is definitely important, but I don't understand there to be
> established best practices here yet, particularly post-Panopticlick.
> Convince me otherwise?
>> * Understanding TOR (technical talk or just example of usage)
> Yes please! Usage is more topical here than protocol details, though
> that technical knowledge would be useful in clearing up common
> misconceptions (the role of middle relays, anonymity vs. security..)
>
>> * Installing and using Tails (Tor-oriented Linux distribution)
> Yes please!
>
>> * Installing CyanogenMod on a mobile phone
> Yes please!
>
>> * Self-hosting (plugcomputer + owncloud, yunohost or similar distribution)
> I haven't played with these distributions at all, how much of this
> depends on competence as a UNIX system administrator?

A minimum level is required, at least to install the packages, but once
it is running, it is pretty click-friendly :]

>
>> * Also I can do a quick technical talk, beginner-oriented (or advanced)
>> on network security (passive vs active attack, mitm, metadata
>> (dns,ip,headers), web analytics) or on understanding what it is,
>> technically, surfing the web.
> Yes please!
>

[Chinmay]

Yay!! Sounds like we have enough content to do a bunch of crypto-parties.

@Vi Do you envision it to be like talks, or informal discussion, or hands on workshop like sessions lead by individuals?

With so much great things to show and share, it might be good to put in a little structure so new comers don't get overwhelmed. I think we managed to do that the last time around. :(

-Chinmay

[vi]

> @Vi Do you envision it to be like talks, or informal discussion, or hands
> on workshop like sessions lead by individuals?

Whatever works.

Those sharing material should be free to choose how they'd like to. My
only preference is for attendees to leave more accurately understanding
risks to their privacy, and how they can (or how to learn how they can)
be mitigated. I think every mode you listed is compatible with those
goals, and I don't think inconsistency will hurt.

If it helps: I bumped into TF offline, and IIRC he has in mind brief
informal presentation of every subject he listed, walking through set up
where appropriate. Do you think we should worry about compromising breadth
for depth?

nameless`: Do you have any structure in mind?

[nameless`]

Previous cryptoparty I attended, their was usually a few presentations
about general privacy issues and/or some technical talks about certain
software like TOR, GPG, asymmetric cryptography etc. It was then
followed by a hands on workshop where attendees could install the
softwares and try them out.

I can prepare some slides on surveillance and privacy to introduce the
cryptoparty and better understanding why is it we are doing this (would
~20mn be ok ?)
Anyone else would like to share something ? If we do it this way, I
think all in all, the presentations should not exceed 1h in order to let
the attendees try the softwares.

nameless`

[vi]

> I can prepare some slides on surveillance and privacy to introduce the
> cryptoparty and better understanding why is it we are doing this (would
> ~20mn be ok ?)

Go for it!

[Lawrence Lau]

I'm just passing through Singapore before Chinese New Year but I note that whilst there's a lot of hands raised for confidentiality, there doesn't seem to be as much in the area of integrity and availability. It may be a bit of a stretch but cryptocurrencies as means of securing distributed resources (eg domain names) may be of interest to some.

Lawrence

http://www.linkedin.com/in/drllau

[vi]

> I'm just passing through Singapore before Chinese New Year but I note that
> whilst there's a lot of hands raised for confidentiality, there doesn't
> seem to be as much in the area of integrity and availability. It may be a
> bit of a stretch but cryptocurrencies as means of securing distributed
> resources (eg domain names) may be of interest to some.

Out of scope.

[Paul Wouters]

On Wednesday, 21 January 2015 23:06:25 UTC+8, vi wrote:

CryptoParty is a decentralized, global initiative to introduce basic
cryptography tools - such as the Tor anonymity network, public key
encryption (PGP/GPG), and OTR (Off The Record messaging) - to the
general public.

 

  * If you are willing and available to share your knowledge of anonymity

    and privacy tools with others, please indicate so in this thread.
 
  * If you know of others in town who might benefit from such knowledge,
    please encourage they attend.

Hi,

I'm in town for the ICANN conference and I'm planning to attend your cryptoparty.

I'm one of the core developers of the libreswan IPsec/VPN software. I'm a fedora packager for many crypto packages, and I wrote the openpgpkey and openpgpkey-milter tools to help making encrypting email easier. I could do some demoing, or I can just hang out and chat :)

Paul

 

[Chinmay]

Sweet! Welcome Paul!

Let us know if you need help finding HackerspaceSG.

-Chinmay

[Chinmay]

@Vi. I think we might have made a booboo in starting time for the event.

We should start at 7pm right? We accidentally booked it at 9.30pm (I was in India hence the 2.5hrs time zone change). 

Shall we move it back to 7pm?

-Chinmay

[vi]

> I think we might have made a booboo in starting time for the event.

> [..] We accidentally booked it at 9.30pm (I was in India hence the
> 2.5hrs time zone change).

Between this and other booboos, this was resolved off-list to the extent
of:

1. Postponing CryptoParty proper until a time we've had chance enough
to accurately advertise it.

2. Repurposing the current timeslot (starting at seven!) for a Q&A
with Paul and other generous ICANN delegates.

Sorry about this inconvenience!

[Chinmay]

Just to make it clear, we will start at 7pm SGT.

-Chinmay

[nameless`]

On 10/02/2015 05:00, vi wrote:
>> I think we might have made a booboo in starting time for the event.
>> [..] We accidentally booked it at 9.30pm (I was in India hence the
>> 2.5hrs time zone change).
> Between this and other booboos, this was resolved off-list to the extent
> of:
>
> 1. Postponing CryptoParty proper until a time we've had chance enough
> to accurately advertise it.

So when does the cryptoparty starts at the end ?

>
> 2. Repurposing the current timeslot (starting at seven!) for a Q&A
> with Paul and other generous ICANN delegates.
>
> Sorry about this inconvenience!
>

[nameless`]

On 10/02/2015 05:01, Chinmay wrote:

Just to make it clear, we will start at 7pm SGT.

didn't see that one. ack'd :)

--

--
Chat: http://hackerspace.sg/chat

---
You received this message because you are subscribed to the Google Groups "HackerspaceSG" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hackerspaces...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Meng Weng Wong]

can i suggest somebody re-post the announcement with a new thread and a new subject?