#CryptoFestBTN Decrypted

cryptofestbtn

Two weeks have flown by since Brighton CryptoFestival which I organised in collaboration with Lighthouse and Open Rights Group. Based around the idea of

“Critical thinking & practical privacy in an age of mass surveillance”

and inspired by London CryptoFestival, Brighton CryptoParty & Festival aimed to encourage critical thinking about technology, data, surveillance, censorship and privacy as well as offer practical tips, tools and behaviour.

The CryptoFestival was free and intended for everyone; no prior technical expertise or knowledge was assumed. In general the Festival achieved what it set out to do and I’m particularly pleased that the inclusion of kids and families was picked up on, being highlighted before the day itself in posts such as Making CryptoParties Inclusive in the Open Rights Group Zine & Brighton web users offered online security tips in the Brighton & Hove News.

As well as talks and the 1st Brighton CryptoParty, the Festival also featured the first playing of the prototype of Lego Panopticon, a game developed by  Maf’j Alvarez.

I was going to write up the event, but other people have already done it so much better:

Thanks to everybody who spoke on the day, the CryptoParty volunteers, Open Rights Group, and the Lighthouse crew.

 

#CryptoParty Decrypted

cplux3fb

The first Brighton CryptoParty will take place as part of Brighton CryptoFestival at Lighthouse on Dec 1st – (more info here & here) and inquiring minds want to know:

“So what exactly goes on at a CryptoParty?”

Cryptoparties are skill & knowledge sharing sessions which aim to teach people the basic ways of protecting themselves and their data from intrusive surveillance.

Generally the parties deal with how to have private conversations over instant messaging, how to encrypt emails, how to browse anonymously and how to reliably encrypt your hard disk amongst other things.

It is very important that you leave the CryptoParty with tools you can use on a daily basis, and explain to your friends how to do it too. All the attendees should come with device(s)  they want to install tools on.

  • We’ll discuss why Cryptography, anonymity and anti-tracking tools are important today
  • We’ll install online anonymity tools
  • We’ll secure our communications
  • We’ll make sure we can’t be easily tracked online
  • We’ll have a drink and a chat

No prior technical expertise or knowledge is assumed, so ask away about anything.

 

 

#TA3MBTN Launched

ta3mbtn

Techno-Activism 3rd Mondays Brighton (#TA3MBTN) got off to a great start on Monday with around 30 people coming together to hear short talks from Javier Ruiz of Open Rights Group and Lucinda Linehan from Tactical Tech. In the lively chats that followed members of Democratic Society and Aptivate as well as students from the Lighthouse MA in Digital Media Arts and the general public made connections and discussed the issues raised. Three people also volunteered their skills for the cryptoparty which will take place as part of Brighton CryptoFestival on December 1st at Lighthouse.

There was a lot of interest in doing another #TA3MBTN and I’m pleased to announce it will take place on January 20th – please get in touch if you’d like to speak then or at a future date ;-)

Thanks to Lighthouse & Open Rights Group for collaborating on the organisation of the event.

Techno-Activism 3rd Mondays Brighton

#ta3m

Tomorrow sees the first event I’m facilitating in Brighton, organised in collaboration with Lighthouse and Open Rights Group.

It’s the second #TA3M I’ve organised, the first one being on a bitterly cold and snowy Berlin night. Here’s the info from the Lighthouse website:

Joining an international community of monthly tech meetups, Techno-activism Third Monday (TA3M) is the product of a conversation with Lighthouse Studio resident Chris Pinchen, who decided to bring the practical skills, discussions, and community surrounding this established event to Lighthouse. This meetup aims to consider current concerns of surveillance and censorship, and is open to all levels of expertise and technical knowledge. TA3M aims to bring a larger community together, to learn in a supportive and informative environment.

Aimed at forging networks and creating communities, the meetups bring together a diversity of people interested in surveillance, censorship and open technology to explore common goals, ways of working together and skill and knowledge sharing.

The inaugural Brighton Techno-Activism 3rd Monday will bring together local people to present, and discuss, projects they are involved with through short talks. Tickets are free, but booking is advised as places are limited, to register your interest book here.

Talks from:

The Open Rights Group will talk about Privacy Not Prism, explaining why and how Big Brother Watch, Open Rights Group, English PEN and German internet campaigner Constanze Kurz are challenging the UK’s surveillance activities before the European Court of Human Rights.

Tactical Tech will show their guide to Visualising Information for Advocacy and give an overview of some of their other toolkits such as Security in a Box.

Chris Pinchen will present Kitten Groomer – cleaning up possible malware from a USB using Raspberry PI

Chris will also introduce Brighton Cryptofestival, which takes place at Lighthouse, Sunday 1 December.

The talks will be followed by discussion, drinks and networking. More talks may be added.

Date: Monday 18 November 2013

Times: 6.30 – 9.30pm

Venue: Lighthouse, 28 Kensington St, Brighton, BN1 4AJ

Tickets: Free, but book in advance as places are limited. Register your interest here.

Event Hashtag: #TA3MBTN

Prototyping Lighthouse Studio

lighthouse_logo

I am delighted to announce that I am currently a resident at the prototype Lighthouse Studio along with Aral Balkan and Mark Simpkins. Here is part of the announcement that lays out the scope of the project:

“We are currently prototyping Lighthouse Studio in advance of a launch in Spring 2014. To do this, we are running two short experiments in 2013 and early 2014. Selected residents will work within a ‘scratch’ studio environment on their own practice, but will also help us answer many questions about how the Studio can and should work.The theme for the current prototyping phase responds to our post-PRISM digital world. The recent scandals relating to the NSA, the revelation of the PRISM surveillance programme, and the treatment of whistleblowers such as Edward Snowden and Bradley Manning, have revealed how fundamentally intertwined our civil liberties are with our technological infrastructures. These systems can both enable, and threaten, both our privacy and our security. Ubiquitous networked infrastructures create radical new creative opportunities for a coming generation of makers and users, whilst also presenting us with major social dilemmas.

We are becoming more aware than ever that our data is a powerful resource and we need to think carefully about how we use it in the future. What happens to our data when we share it online? Who owns it? Who else is it being shared with, and how much control or oversight do we have over that sharing? How can we regain control?

The inaugural Lighthouse Studio residents are all exploring aspects of these questions, during the first phase of prototyping.”

Weeknotes 01: Crypto, Catalan Cuisine & Lashings of Builders Tea

I’ve started my short residency here at the Lighthouse Studio and the first two weeks have flown by in a whirl of crypto/surveillence discussions and lashings of the builders tea which Lighthouse appears to run on.

Mostly I’ve been preparing two events, Tech Activism 3rd Monday on November 18th and Brighton CryptoFestival on December 1st, both of which are collaborations with Lighthouse and Open Rights Group and will be hosted by Lighthouse. #TA3M “are monthly meetups that happen simultaneously in cities throughout the world. It brings together a diversity of people interested in surveillance, censorship and open technology”, and the aim is to find people in and around Brighton who are either working on or interested in, well, tech and activism, and explore ways to work together.

When I first moved to Brighton I was surprised to find that there hadn’t been a CryptoParty here so I started nosing around and discovered that various discussions were taking place which have finally come to fruition in Brighton CryptoFestival, inspired by the London CryptoFestival which takes place the day before. It will be a will be a mixture of talks, workshops, cryptoparty and kids activities, intended for everyone; no prior technical expertise or knowledge is assumed.

My fellow resident Mark brought along some of his Emotional Infrastucture diaries and I’ve been keeping one on surveillance which I’ll be posting more about – it’s been a great way to focus on the topic and you can download your own over at his site.

diary

So next week I’ll be doing more preparation for the events and also putting together a privacy session for the folks at Lighthouse – and somewhere along the way Catalan food got thrown into the mix too, so next week will see the first Practical Privacy & Catalan Cuisine Workshop ever.

DNShonest & Worldbank added to Chokepoint Project

crossposted from Chokepoint Project
We have been making steady progress behind the scenes and are very happy to finally be able to show off some of our hard work:
We have integrated the DNShonest remote DNS probing tool created by Joss Wright of the Oxford Internet Institute into Chokepoint Project´s Structured Human Rights Analytics platform.

This allows us to do a number of things :

1. See for each Domain Name Server if it lies about the domains we ask it about.

2. See which Autonomous Systems contain DNS servers that lie about domains

3. See who owns the Autonomous Systems that contain lying DNS systems

This iteration is testing a small set of domain servers (200) in China for replies given to a small set of domains (180). We are running the probe every hour which results in a little less than 18000 queries. The results are then tested for suspicious replies, which in turn are tested for states of “lying”, “probably lying” and “maybe lying”. From these results statistics are generated which are visualized on our public dashboard.

Country page : https://beta.chokepointproject.net/country/CN?show=2013-09-21
Worldmap : https://beta.chokepointproject.net/

dnh

Lying is a big claim, and in this case it explicitly means that a reply given by a domain name server is not the reply it should give. We have tried to avoid false positives as much as possible, and first identifying suspicious replies, after which additional probes aid in determining if something is a lie or not.More information is available at https://beta.chokepointproject.net/aboutWorldbank :
In this release we also show a visualization of a selection of Worlbank data, this is intended primarily to provide some basic contextual insight into the country for which data is presented. In the case of China, the internet usage in 2011 (most recent Worldbank statistic) was 38.4% of the country. In the context of the DNShonest results this means that 61.6% of the Chinese population is unaffected by these “lying” DNS servers. Of course the internet usage will have increased somewhat over the past 21 months, so this conclusion should not be seen as representative of the current situation.wbWhat´s next?

Well, a lot. First of all, we will start rolling this out to all countries and increase both the number of servers tested and the numbers of domains tested. Additionally, we can already see improvements to the dashboard visualizations that should be made.

Thanks

Many thanks are in order for the Internet Protection Lab who provided some sorely needed funding out of a donation made by the Dutch .nl registrar SIDN.

If you like our work so far, please consider throwing a little funding our way. Any amount, no matter how large will help us build more, faster and shinier tools (and pay the rent on our cardboard box sub-basement walk-downs.) https://chokepointproject.net/donate/

Grooming the Kitten (or cleaning up possible malware from a USB using Raspberry PI)

OMG! A post mentioning kittens and GitHub, I’m really turning into a geek!
Or not. Because that’s (one of) the great thing(s) about Kitten Groomer, you don’t have to be a geek to use it.

kgbig

OK let’s back up there…

Being involved in CryptoParties, seeing the problems of “normal” people, and the experience of my own learning curve with tech have resulted in a growing interest in “simple” solutions to geeky “problems”. So I’ve been checking out so-called Live operating systems or distributions such as Tails or Liberté Linux which aim to offer anonymous use of the Internet – however they are certainly not simple…(though I did manage to download and use Tails all on my ownsome following the instructions)

Raphael, a fellow organiser of CryptoParties in Luxembourg, is most certainly an über-geek, and one who puts his code where his mouth is when it comes to promoting accessible tools for the average tech user, taking Crypto out of hackerspaces and into the pub. And he’s been working on Kitten Groomer, as “simple needs need simple solutions”. Coming out of a conversation between writer Quinn Norton and designer/developer/creator @geekmaya who wrote the first version of the Groomer:

This project aims to be used by someone receiving a USB key from an unknown source and who wants to see the content on it without opening the original and potentially malicious files.

The code runs on a Raspberry Pi which means it is never required to plug nor open the original USB key on a computer.

It does not require any technical prerequisites of any kind and can be used by anyone.

The Raspberry Pi is a cheap and widely available device with a big user base so it’s a good choice for Kitten Groomer, which actually runs simply once installed. Basically you plug the suspicious USB into the top port and a larger clean USB into the bottom port and let the Kitten get on with grooming. All the details for use and downloading are available on the website of CIRCLean, a version Raphael put together for his day job at CIRCL (Computer Incident Response Center Luxembourg).

It still needs to be easier to install for non-geeks but that should be resolved very shortly. I’ll be helping out with documentation of the installation and use to make sure that even Luddites like myself will be able to get and use it. And if you’ve got any ideas for a logo, please get in touch.

With so much malware around, and plenty of malware being used for surveillance purposes, Kitten Groomer can be a quick and easy way to get some protection.

All comments/criticism should be directed to Raphael ;-)