Thought I’d put out a short writeup from the London CryptoParty, held last Friday at IDEALondon (https://www.cryptoparty.in/london)
First of all, massive thanks to IDEALondon for making the space available for the event (and the drinks!). Also thanks to Leonie Tanczer (@leotanczt) for organising and leading the evening.
After a brief introduction by Leonie and a run through of a selection of suggested topics that generated some great debate, each table took some time to talk about what they wanted to look at during the evening. What was great to see is that there was a real diversity of knowledge in the room, from cybersecurity experts to people who didn’t know what HTTPS was! It’s very encouraging to see people who don’t have a huge amount of experience coming to these events – it can often be very daunting for the newcomer.
Our table decided to discuss (amongst many other things) VPNs and TOR. A great comparison site was put forward – https://thatoneprivacysite.net/ which looks to be a fairly definite list of VPN providers. I shall definitely be checking some of them out. Ironically, many of the VPN sites were blocked on the local network…..
We also spent some time talking about TOR, why its use is justified, the risks in using it (given that ISPs can see that you’re using TOR unless you take extra steps to mask yourself) and a little rundown on how it works Check out https://www.torproject.org/about/overview for an overview.
I briefly moved over to one of the other tables, where they had moved onto more advanced discussions… machine learning in IDS was one – a little over my head! But it was interesting to hear about what the guys on the frontline are into in regards to security.
Unfortunately, that was all we had time for – a few moved on for the usual post-meeting beers, while I meandered back to Moorgate.
There were quite a few other topics posted up for discussion which we just didn’t get time for, including:
Disk Encryption (Veracrypt http://veracrypt.codeplex.com/, Filevault, etc)
Password Managers (Keepass, Lastpass, etc) – this was briefly discussed at the start of the meeting, with people in favour and against their use. As someone who doesn’t use one, it was interesting to hear what the other side thinks – it definitely made me consider using one in the future.
HTTPS (Ghostery, HTTPS Everywhere)
Email Encryption (GPG, Thunderbird, etc) – again, this was talked about. The main issue with this is the genuine difficulty in setting up signed email, which limits the amount of other users to send to… Most people seemed to be happier using Whatsapp or Signal!
Overall, I thought it was a great session. I liked the open discussion at the start of the evening – it gave everyone a good idea of what was worth discussing, as well as being able to have a wider discussion about the proposed topics. While I didn’t spend too much time doing anything practical (although I did finally install VeraCrypt), I found it particularly useful to hear about the latest trends in encryption, especially when it comes to VPNs. It can often be more useful to take a few notes, come home and do a bit of research rather than try to install and get a new program running at the event (especially when it’s PGP mail…..)
I’d definitely recommend this to any tech newbies (or even tech oldies!) – there was no judgement about people’s abilities and everyone was more than happy to spend time explaining the fundamentals and help get programs up and running. If you’re considering coming to a CryptoParty in the future, but you’re worried about not knowing what’s going on, don’t worry!