Turns out I am not alone in wanting to evaluate my online presence and update my security priorities. Partly to update my own security checkup, I wanted to update security knowhow here.
I got involved with an awesome Chicago-based group, the Lucy Parsons Labs this year. One thing that attracted me to the group was their outreach – they not only do work on behalf of others, but they also offer security training for journalists and activists. This week I got a chance to get involved and I led my first digital security training.
Ain’t No Party Like a CryptoParty
Monday was the November CryptoParty, hosted by moi. Like past Chicago CryptoParties, the point is to get all types of people together to talk about digital privacy and what’s important to each person. Some folks wanted to create stronger passwords, others wanted to divest from Google’s tracking tentacles.
I started by doing lots of research. There are great guides to hosting a CryptoParties, trainings, and resources for speakers and the general public. Once I got a grasp of what range of topics we might cover, I knew I wanted to start with a short presentation on “threat modeling” and then open it up to questions and discussions for everyone.
The EFF has a new and awesome Surveillance Self Defense guides and printouts, plus “playlists” for different threat models. I built my slides from there, with a quick intro to threat modeling (aka risk assessment since it sounds less militant and terrifying). I like the analogy of cold and flu season – the best thing to do is prevent getting sick and the easiest way to avoid colds is just washing your hands!
So what is security “hand washing” ? My favorite part of the threat model concept is that it depends. It depends on what information you have (assets), who you’re protecting it from (adversaries), and how comfortable you are with losing data (threat). If something happens (risk), how terrible is it? It depends on who you are and what you’re doing.
Part 2 was more tips & tricks, mostly based on Martin Shelton’s post “Securing your Digital Life Like a Normal Person.” Applying the “it depends” model to the tips and tricks was a nice segue into discussions. We covered encryption, VPNs, and 2FA.
Here’s a partial list of topics, tips and tools:
- Surveillance Self Defense from the EFF: https://ssd.eff.org/en
- “playlists” for different threat models from EFF: https://ssd.eff.org/en/playlist/want-security-starter-pack
- detailed comparison of VPN providers: https://thatoneprivacysite.net/vpn-comparison-chart/
- Encrypting you Laptop Like you Mean It: https://theintercept.com/2015/04/27/encrypting-laptop-like-mean/
- WhatsApps Security Settings to note: https://medium.com/@mshelton/upgrading-whatsapp-security-386c8ce496d3
- Signal tips: https://theintercept.com/2016/07/02/security-tips-every-signal-user-should-know/
- The CrytpoParty Dictionary: https://github.com/cryptoparty/handouts/blob/master/en/cryptoparty-dictionary.pdf
- How to See What the Internet Knows About You (And How to Stop It) : https://mobile.nytimes.com/2017/07/03/smarter-living/how-to-see-what-the-internet-knows-about-you.html
I was excited, humbled, and energized to get to participate in this CryptoParty. I was impressed how many folks knew about the “advanced” stuff I mentioned, like VPNs and Tor Browsers. I think next time we should jump into deep-dive topics like encryption, how VPNs work, and more. I’m ready, are you in?
Sound cool? Want to get involved with another CryptoParty or digital training? Have more in depth questions for any of us at Lucy Parsons Labs? Email us infoATlucyparsonslabs.com