¶ 1 Leave a comment on paragraph 1 0 I visited the Secure and Resist! CryptoParty at Eyebeam on Dec 3. CryptoParties are events, usually consisting of a series of workshops, that aim to introduce cryptography and related tools (like the ones used by NYT for confidential news tips) to the general public. My impression of the event I attended, as well as of previous iterations I have heard of, is that these tend to gather political activism-oriented interest. This is not a surprise considering the many issues raised regarding surveillance (e.g. Snowden) during the last few years, and also the current political outlook.
¶ 2 Leave a comment on paragraph 2 0 However, political concerns are (while being very important) not the only reason to care about cryptography. The increasingly ubiquitous digital technology means computational devices are becoming a larger part of our lives, both in number and in importance. With such a change comes a greater threat of government surveillance, but also of invasive marketing data collection and of malevolent attacks from individuals, who may be remote hackers but also could be one’s neighbors.
¶ 3 Leave a comment on paragraph 3 0 A wide range of potential threat makes protecting oneself trickier; one reason is that while one could make use of all sorts of secure tools and encryptions across all devices, such a measure often comes with a trade-off. As was mentioned in the event, if you need to answer your phone quickly for your job, you probably don’t want to input a 40-characters long password everytime you unlock it.
¶ 4 Leave a comment on paragraph 4 0 In order to practically think about how to protect oneself in face of such a wide range of potential threat, the notion of threat model was presented at the event. To quote from the collective note from the day:
¶ 5 Leave a comment on paragraph 5 0 A threat model is the mental model you have of what and why you’re securing. You can break it down into:
- ¶ 6 Leave a comment on paragraph 6 0
- What you’re trying to secure (photos, emails, phone)
- Who you’re trying to secure it from (friends, police, FBI)
- Possible ways that people might try to access it (stealing, hacking, confiscating)
- The likelihood of success of an attack (vulnerability)
- The consequences of such an attack (inconvenience, life-threatening)
- The amount of work you’re willing to do to secure it (just a bit, really want to do legwork)
¶ 7 Leave a comment on paragraph 7 0 In other words, taking into account all the realistic issues, goals and other context is important in making a decision. This was a good thing to keep in mind, especially since there are a lot of things out there; if I had to choose one take-away from the event it was the idea of the threat model. There are many, many things that can leak from our devices, and there are also many approaches and tools that one can embrace; exploring all of them is time-consuming, and there is no one right way of doing things. Thinking of the threat model was helpful in not being overwhelmed. Also, it provides important points for technological literacy; it would be interesting to discuss what that would mean in, for example, the university environment.
¶ 8 Leave a comment on paragraph 8 0 With that in mind, the note page has links to some of the many tools and resources that the event discussed: https://pad.riseup.net/p/4AON9gQIZ92e