Cryptoparty

CryptoParty?

Create a Cryptoparty ‘template’ so that other groups can use it to set up their own events. Simplify, and make more accessible, the guides and literature concerning online privacy, so that you don’t have to be particularly technically skilled to understand how to protect yourself online.

To kickoff here is a conversation from the ORG supporters council mailing list:

How many of these Cryptoparties have been conducted so far? Do we have a record of what was done, and what the effect was thought to be for each, that we could share?

I personally have been involved with 10 CryptoParties in Berlin, Luxembourg & Brighton as well as contributing to the CryptoParty Handbook. While each had a similar format, they have had a different public and feel. Attendees have picked up some new knowledge and skills about specific tools, installed some stuff on their devices and generally thought more about what they do and why in the digital domain.

I'd be interested to know how the other parties around the UK have gone.

I've done one, in Bath, and the audience was the over 60s, like me. It had to be done steadily and over some time. A day-long course would never be attended, so I did a three hour session on what the situation was, why they might need to consider they had to do something, and get them to ask questions and think about what was going on, and what they may wish to do for themselves.

Mostly, they did not think that there was anything they wanted to do. But some asked for follow-ups on specific topics and tools. So I then put on three other two-hour sessions, one on Truecrypt, one on choice and management of passwords, and one on e-mail encryption where I chose Thunderbird as the demonstration client. One person asked for a way of encrypting a file system for backup on Dropbox, and We went through encfs as a one-off session.

The demographic has to be motivated to want to perform a particular function - they are not interested in learning about tools per se. And the key was to get them thinking about why they want something. Of the 16 who attended the first session, only 6 or 7 attended any of the other sessions.

One thing that was very noticeable was that they were less than enthusiastic about e-mail encryption, not because they did not understand a possible need for it, but that they were very practical: "Why bother until everyone else has it?"

Among other people (not this audience) a very common attitude is one of trusting the government, and they do not mind the intelligence services looking at their messages and what they do. I wonder how much of that is still a hangover from the excellent work Bletchley Park did during the last war, and lack of realisation that things have changed radically. I'd be interested to know what other age-ranges think.