Cryptoparty: a fun way to learn about security

At this year’s Internet Freedom Festival, Ian Drysdale and I met human rights workers from all over the world.

Many of the people we met risk their lives in the work they do. In a digital world, they rely on technology to keep themselves and their contacts safe. Too often, ‘security’ is something that’s difficult and boring. People sometimes think that passwords are annoying and that encryption is complicated.

But that’s a problem.

Encryption and anonymity, and the security concepts behind them, provide the privacy and security necessary for the exercise of the right to freedom of opinion and expression in the digital age

– Human Rights Council, United Nations, May 2015

It’s important that everyone understands this stuff so we tried to make it fun.

Cryptoparty is a fun way to learn

Screen Shot 2017-04-26 at 16.34.48Inspired by what we’d heard, the Digital Product Research team hosted the Co-op Digital’s first Cryptoparty – a fun space for people to gets hands-on with digital security. It’s a place to discuss, to play and to have a bit of fun.

Cryptoparty is a worldwide movement. It’s a community with few rules and a mission to help people learn to protect their digital lives.

We made great passwords using dice

Screen Shot 2017-04-26 at 16.35.02Passwords aren’t the best way to get a party started. We mixed in some dice and a codebook containing thousands of words, and turned it into a game. Using a jazzy worksheet, we rolled dice and looked in the codebook to make strong, memorable passwords.

People liked the physical aspect of rolling dice and looking in a book. With no computers involved, it felt safe from hackers. The only snag was the 3 desks needed to display the 36 printed pages!

We sent secret messages with Signal

The second activity had people sending secret messages to their loved ones. We installed the free, open source Signal messaging app. Signal was built from the ground up to respect your privacy. As a result, it has become the trusted choice for many journalists and NGOs.

Playing with Signal was a great way to introduce people to end-to-end encryption. That means your messages can’t be read by anyone, including those who make Signal.

If you use WhatsApp you’ll have seen that it also uses end-to-end encryption. The underlying technology is the same – WhatsApp partnered with the Signal developers to build it – but Signal is designed for a more privacy-conscious audience than WhatsApp. All of Signal’s code and design discussions are public, allowing anyone to scrutinise the organisation and the app. That helps build trust that there’s nothing sneaky going on.

We browsed the web privately

In the last activity people installed the private Tor browserCitizens in authoritarian countries use Tor to bypass internet censorship. NGOs use Tor to research illegal activities by corrupt officials. Officials and politicians themselves use Tor to carry out sensitive work. Millions of ordinary people use Tor to protect against identity thieves, unscrupulous marketers, corporations and authoritarian governments.

Tor protects your identity by bouncing your requests through servers around the world. People were surprised when they realised they were viewing the web from Canada or Sweden!

Encryption and anonymity is for everyone

Technology enables wonderful new ways of connecting with each other. How we use technology can be used against us by corporations, criminals and governments. Laws made by ‘good’ governments are inherited by ‘bad’ ones. Historically, arguments about privacy have missed the point, forgetting that privacy sits right after “innocent until proven guilty” in the universal declaration of human rights.

To face the future, we’re going to need better debate and better laws. We want to encourage open and inclusive discussion around these issues. Security and privacy affects everyone, so we all need to co-operate and have a say in shaping the future.

This stuff is important. That’s why we party with crypto!

Would you like to see more work in this area?

Paul Furley
Engineer

One thought on “Cryptoparty: a fun way to learn about security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s