by chris •
How can we get the general public thinking and doing something about security and their online presence? One way is to actually go out to where the general public actually are and engage with them in a way which strips away the techno babble and specialist vocabulary.
BEE SECURE is the part of an organisation called SMILE (Security Made In Lëtzebuerg) whose remit is to increase awareness of security in the digital field and promote safer internet practises for the general public (the other two branches are CASES which reaches out to business and CIRCL – the Computer Incident Response Center Luxembourg, a government-driven initiative designed to provide a systematic response facility to computer security threats and incidents).
I’ve been working with BEE SECURE on the idea of Digital First Aid to be carried out at public events and possibly in schools, where BEE SECURE already carry out a lot of training.
So, the idea finally was to have a “Digital First Aid” post under the title of #BeeFirstAid where we are dressed as first responders and carry out a quick check on devices of members of the public. Like a medical centre, we have some posters about current issues, which are here on this page.
After carrying out the brief first aid, mainly on passwords, wifi permissions and cloud permissions, we give the “patient” a prescription (see image below) of things to carry out over the next week, and recommend that for further “treatment” they visit a Digital Privacy Salon and/or the local syn2cat hackerspace
by chris •
Panopticon is a creative commons licensed, open source game in constant development, meaning that anyone can take the game and adapt it to their own needs. The game grew out of conversations between Maf’j and Chris which Maf’j blogged about:
Met Chris pinchen from Cataspanglish who is currently resident at Lighthouse. He introduced us to Techno Activism at the launch of #TA3MBTN. It was a great event of eye-opening ideas around data retention by governments, surveillance, Prism and educating the public about open data and data protection. Chris and co run Cryptoparty. An event which brings people together to learn more about how to protect their identity and their online shadows and data. We talked about the next Cryptoparty which is on Sunday 1st December. How do you make a tech event more family friendly? we talked about Rootbeans. A version of the game that could be fun, relevant to younger players but exploring the issues core to crypto party.
After a bit of twitter ping pong we came up with Lego Panopticon. In this game players use lego bricks to build surveillance structures by connecting to each other and exchanging ‘bits’. Players with the tallest towers can see the furthest and can therefore ‘help’ the most when it comes to informing other players with valuable information further away from their own vantage point. Becoming the Google or Facebook of the game. We’ll have to meet up and hash this out but it’s exciting.
We met up at Lighthouse and Maf’j already had a version of the game that we could work on. Natalie Kane contributed the mission cards and player descriptions during and after the session and further development has taken place by playing the game at various events and incorporating player feedback into the game rules.
We used Lego as it is cheap and ubiquitous and people automatically know what to do with it. The baseboard can be made from anything, just needing to be laid out as described in the rules. We used the Lego pieces we had to hand (well, those that we could “borrow” from our kids), so you can replace them with any you have available.
Currently we have plans to develop the game for other contexts, do a Minecraft version, a Raspberry Pi Minecraft version and to incorporate it into the Coder Dojo in Luxembourg as well as continuing to develop it through playing. We’d love to see what others do with the game and if you want any further information please get in touch.
Oh yes, stickers and t-shirts will be available soon….
1st version of the game
1st playing of the game at Brighton CryptoFestival
Playing the game at DoubleBlink R&D weekend
Demonstrating the game at Bee Secure
by chris •
Here’s a really cool quick & dirty utility that Chokepoint has made:
Pacemaker is a utility that scans the Alexa Top 1 million websites  and attempts to connect to their port 443. If this succeeds, Pacemaker tries to inject the HeartBleed  vulnerability (http://heartbleed.com/) in order to retrieve data from the servers’ memory. An initial scan was performed on April 11th, where approximately 30 000 vulnerable websites were uncovered. Since then, Chokepoint Project have been re-scanning those URLs to see whether they have been patched, and that number has shrunk by about 10 000.
“By now we all know how serious an issue heartbleed is, affecting nearly all aspects of our use of networks. We were very interested to know more about the rate of adoption of patch implementation. Despite the very good adoption in the Alexa top 1 Million, given the severity of this particular bug it is a little depressing to see that at the time of writing (2014-04-15 20:24:08.) there are still 19721 sites unpatched. This might seem like a small number, but given that there are more than 246 million domains in the world and we have scanned only the top 1 Million according to Alexa, and have only scanned for webservers not for anything else, it is not unlikely that there might still be more than 5 million unpatched systems out there” said Chokepoint Project´s Ruben Bloemgarten.
What Pacemaker does not do :
The URL probing tool has a 5 second timeout to complete the request. If said request does not return within that time frame, it is marked as unresponsive, and therefore not considered vulnerable anymore. These timed out urls are not rechecked afterwards. In the same vein, it would be interesting to keep scanning the total of 1 million urls in case servers have been patched temporarily but are now again vulnerable, or some site owners took the website down (timing out the request, or failing) but failed to patch properly. URLs that do not have SSL are also marked as non-vulnerable and currently not re-checked. For full details, see https://github.com/l-r/heartbleed-masstest.
 About Alexa
Alexa Internet, Inc. is a subsidiary company of Amazon.com which provides commercial web traffic data. Its toolbar collects data on browsing behavior and transmits it to the Alexa website, where it is stored and analyzed, forming the basis for the company’s web traffic reporting. As of 2014, Alexa provides traffic data, global rankings and other information on 30 million websites, and its website is visited by over 8.8 million people monthly. https://en.wikipedia.org/wiki/Alexa_Internet
 About Heartbleed
Heartbleed is a security bug in the open-source OpenSSL cryptography library, widely used to implement the Internet’s Transport Layer Security (TLS) protocol. This vulnerability is due to a missing bounds check in the handling of the Transport Layer Security (TLS) heartbeat extension. http://en.wikipedia.org/wiki/Heartbleed
by chris •
Chokepoint’s joint proposal with OONI has made it to the “semi-finals” of the Knight News Challenge. The theme is How can we strengthen the Internet for free expression and innovation? The proposal is posted below but please head over to our Knight challenge page and “applaud” it.
Global Internet Monitoring Project
With the rapid growth of censorship and surveillance practices that directly or indirectly violate civil and human rights, it has become of vital importance to augment our incidental and anecdotal understanding of these practices with on-going, evidence-based reporting on what is actually happening on our networks. To achieve this requires a globally distributed network of standardized network measurement nodes, as well as powerful analysis and visualization tools.
We, the Tor project and Chokepoint Project, have over the past two years amassed extensive technical and domain-specific expertise on the detection, analysis and reporting of surveillance and censorship events. The Tor Project has been developing open standards, software and a methodology for conducting measurements. Chokepoint Project has been working on near real-time processing, analysis, visualization and contextualization of this type of data.
For this proposal, we aim to extend, improve and integrate the existing software systems and analysis tools, with the goal of enabling more comprehensive, evidence-based, and up-to-date reporting on censorship and surveillance events. Our proposal works towards this goal with a three-pronged approach:
1. Expand and improve Tor’s ooni-probe software suite, which provides the basic infrastructure to support a globally distributed measurement network.
- Support for running ooniprobe on raspberry pi devices.
- Running tests periodically, making ooniprobe a system daemon.
- Support for remotely provisioning probes with tests and inputs to run based on their geographical location and ASN.
2. Integrate and enhance Chokepoint’s data analysis and visualization tools, to incorporate and report on data from the ooniprobe software suite.
- Automated processing of ooniprobe yaml reports.
- Automated analysis of ooniprobe yaml reports.
- Automated collection of ooniprobe yaml reports
- Support for automated generation of analytics visualization and analytic data downloads.
3. Reach out to Tor’s and Chokepoint’s extensive list of contacts to plan the deployment of ooniprobes “on the ground”, in a selected set of 10 to 20 countries.
- Survey creation and distribution to determine country specific internet use
- User feedback features
- Training material
- Plan for software distribution
Since no country is alike, and internet use is equally diverse, any measurement needs to be contextualized into a regional socio-political framework. Surveys will be distributed to on-the-ground partner organizations to construct a measurement methodology that yields culturally relevant results.
Who is on your team, and what are their relevant experiences or skills?
Arturo Filastò He is a developer at GlobaLeaks and The Tor Project. He studied Mathematics and is currently student of Computer Science at Università di Roma “La Sapienza”. He is a well known security researcher and regularly gives lectures at international conferences. He has trained activists in the use of security and censorship circumvention technologies. He is also the lead developer of OONI (Open Observatory of Network Interference), a project aimed at detecting and monitoring censorship in the world.
Pascal Haakmat Is an analyst at Chokepoint Project. He has studied Artificial Intelligence at the University of Amsterdam and is currently studying Law at the University of Amsterdam. He has several decades of experience as a programmer in both free/open source and proprietary environments. Prior to working at Chokepoint, Pascal has been employed as co-founder and CTO of the digital agency Lightmaker Amsterdam.
Ruben Bloemgarten is architect at Chokepoint Project. He has over 18 years of experience in information technology, the past 15 years as a systems engineer in the telecom industry and as an independent systems architect.
Laurier Rochon is a developer at Chokepoint Project. He has studied the socio-political impacts of Free Libre Open Source Software in the Networked Media Program of Rotterdam’s Piet Zwart Institute. He has experience working on both FLOSS and prorietary projects for the last 10 years.
by Admin •
We are currently overhauling the site so a lot of content is currently unavailable – please bear with us 😉
by chris •
by chris •
“Critical thinking & practical privacy in an age of mass surveillance”
and inspired by London CryptoFestival, Brighton CryptoParty & Festival aimed to encourage critical thinking about technology, data, surveillance, censorship and privacy as well as offer practical tips, tools and behaviour.
The CryptoFestival was free and intended for everyone; no prior technical expertise or knowledge was assumed. In general the Festival achieved what it set out to do and I’m particularly pleased that the inclusion of kids and families was picked up on, being highlighted before the day itself in posts such as Making CryptoParties Inclusive in the Open Rights Group Zine & Brighton web users offered online security tips in the Brighton & Hove News.
I was going to write up the event, but other people have already done it so much better:
- Brighton Cryptofestival – December 1 2013, a Storyfied round up of tweets, images & links
Thanks to everybody who spoke on the day, the CryptoParty volunteers, Open Rights Group, and the Lighthouse crew.
by chris •
“So what exactly goes on at a CryptoParty?”
Cryptoparties are skill & knowledge sharing sessions which aim to teach people the basic ways of protecting themselves and their data from intrusive surveillance.
Generally the parties deal with how to have private conversations over instant messaging, how to encrypt emails, how to browse anonymously and how to reliably encrypt your hard disk amongst other things.
It is very important that you leave the CryptoParty with tools you can use on a daily basis, and explain to your friends how to do it too. All the attendees should come with device(s) they want to install tools on.
- We’ll discuss why Cryptography, anonymity and anti-tracking tools are important today
- We’ll install online anonymity tools
- We’ll secure our communications
- We’ll make sure we can’t be easily tracked online
- We’ll have a drink and a chat
No prior technical expertise or knowledge is assumed, so ask away about anything.
by chris •
Techno-Activism 3rd Mondays Brighton (#TA3MBTN) got off to a great start on Monday with around 30 people coming together to hear short talks from Javier Ruiz of Open Rights Group and Lucinda Linehan from Tactical Tech. In the lively chats that followed members of Democratic Society and Aptivate as well as students from the Lighthouse MA in Digital Media Arts and the general public made connections and discussed the issues raised. Three people also volunteered their skills for the cryptoparty which will take place as part of Brighton CryptoFestival on December 1st at Lighthouse.
There was a lot of interest in doing another #TA3MBTN and I’m pleased to announce it will take place on January 20th – please get in touch if you’d like to speak then or at a future date 😉
Thanks to Lighthouse & Open Rights Group for collaborating on the organisation of the event.