In early March 2016, a lone voice on the Open Rights Group North East mailing list suggested the idea of hosting a CryptoParty — to help people who were interested in learning about some of the privacy and security tools that exist to allow users to reclaim their digital rights and freedom.
The idea started to gain momentum almost immediately, and on 22 May 2016 we hosted what we’re pretty certain was the first CryptoParty to be held in a British public library — and almost certainly the first to be directly supported by one!
In this post, we will introduce the concept of a CryptoParty, and highlight some of the things we learned when hosting our first. Hopefully our experience can inspire other potential hosts to push forward with the idea and organise parties and events in their own area.
What is a CryptoParty?
At its heart, a CryptoParty is simply a collection of people who come together with a common goal of helping each other safeguard their digital privacy and security.
If you’re one of the many people who has read any privacy-related news articles or stories recently — such as those relating to GCHQ’s mass internet surveillance or Theresa May’s proposed Investigatory Powers Bill — you might find yourself feeling a need to take steps to try and protect your digital life. This can be a pretty involved task, and you may end up finding yourself trying to navigate a sea of confusing and conflicting information with little clue about how it all fits together.
A common sentiment we heard from newer users at our party was “I tried looking, but didn’t know where to start so I eventually had to give up”.
One of the aims of a CryptoParty is to try and ease some of this confusion by introducing the basics of practical real-world tools to users, and explaining what steps they can take to start protecting their privacy and security straight away.
CryptoParties are a global movement, with a main community ‘base’ hosted at the CryptoParty wiki. The site offers some general ideas and recommendations to potential hosts on the formats that a party might take, but part of the philosophy of the CryptoParty movement is to create a public and open format — allowing for DIY-style parties that fit whatever format the hosts think will work best for them.
Often, a CryptoParty will take the form of a public workshop-type event, where experienced users of technology join together with newer users and help them to gain the skills and confidence required to start protecting their digital lives with some of the many tools and techniques available. This style was what we opted for when planning our event.
The first hurdle to cross when planning our party was the difficulty of finding an appropriate venue to host the event. Many venue owners will insist on charging a fee to use their event rooms, and this can be a risky investment for a small CryptoParty just starting up.
We would definitely recommend potential hosts check out local Makerspaces and Hackerspaces, as these are likely to have some like-minded individuals and may have spare rooms that could be used to host an event:
Another option to check out is local museums and libraries in the area who might be interested in free events that benefit the community.
In our case, Newcastle Library came to the rescue, allowing us to use one of their rooms for our event free of charge, and even offering to advertise it through their channels. As mentioned above, we’re pretty sure this makes them the first British library to officially host and support a CryptoParty!
In many ways, libraries are the perfect venue for an event like a CryptoParty. The Library Freedom Project and Radical Librarians Collective exist as a clear reminder of librarians’ commitment to “protect each library user’s right to privacy and confidentiality”. Indeed, it wasn’t long before our CryptoParty caught the attention of other librarians around the country. Many thanks to all those who commented and helped spread the word about our event to a wider audience.
Like the example above, most of our outreach and advertising relied on word about our party spreading online through social networks between people who were already interested in privacy and security. This ended up working quite well, though now that we know we are able to host a successful event, we will widen our approach for future parties.
Some ideas we came up with for groups to advertise future events to:
- University students
- Charities (especially community-focused charities who handle sensitive personal data)
- Local journalists
- Legal professionals (it would be great to see an increase in solicitors offering provably-secure communication methods to clients)
We decided to opt for an informal layout for our party, with a number of tables spread out around the room. Each table featured a different topic or technology that people could learn about. The idea was that people could move around the room at their own pace and learn about the different technologies in whatever order they wanted. (Think ‘cypherpunk Apple Store’).
On the day, we found that this system worked rather well. Attendees seemed to appreciate the freedom to roam around the tables in whatever order they wanted. We did notice that some of our hosts found that the table format led to difficulty talking to more than one or two people at once, meaning that queues sometimes formed for some of the tables hosting the most popular topics.
For any potential party hosts, we definitely recommend giving our table-layout a try — but it might be a good idea to also introduce a small presentation at the beginning of the event that covers some of the core concepts of each tool, before the group breaks off into smaller groups to work on the hands-on demonstrations.
One idea put forward by a CryptoParty attendee was to distribute a “privacy checklist” to people when they arrived at the event. The checklist would have a list of the topics covered at the event, allowing people to tick-off which tables they had already been to, and make it easier for them to navigate the event and ensure they saw all of the things we had to offer.
The main CryptoParty site also hosts the ‘CryptoParty Handbook’, which aims to be the primary resource for those wanting to host a party. It suggests topics that organisers might want to cover at their events, along with suggested tutorials that hosts can follow when teaching topics to attendees.
Although it is a useful tool, the handbook is sadly quite outdated. The last official update was in August 2013, and it covers many tools and pieces of software which have been replaced by better solutions, or are no longer considered safe. Fortunately, since the handbook is collaboratively written by the CryptoParty community, we are able to help out the project by contributing changes. Some of our members are are currently working on rewriting a number of sections of the handbook to bring it up-to-date and help future party hosts.
For our actual event, we realised that, even if it had been up-to-date, the information in the handbook was very dense and comprehensive, and mainly targeted at CryptoParty hosts rather than attendees. To solve this, we decided to get creative and work on some ‘handouts’ that users could take away with them to jog their memories after the event, or give to friends when passing on their newly-acquired skills.
The handouts were a great success at our event, and we would recommend any party organiser definitely consider putting together similar handouts for their event that users can take home or distribute to friends and family.
As with all of our assets and content, we distribute the source materials and final files for these handouts on our GitHub page, and will keep them updated if we produce more or refresh them for future parties. Please feel free to use or modify these for your own CryptoParty or other event. If you do something cool with these, please let us know!
One decision CryptoParty organisers inevitably end up facing is how they intend to keep in contact with attendees after the event is over. Maintaining contact in this way is vital to organise community-focused events, as it allows suggestions and questions from the community can be taken into account when planning future parties.
We also wanted to create an environment where people could ask questions and socialise with other members of the group. Somewhere that attendees could ask follow-up questions to things they had learned. There’s no reason the learning should stop just because the CryptoParty is over!
Many similar projects could probably just opt to create a Facebook page and call it a day, but we found (and this probably won’t surprise you to learn) that among our attendees there was a significantly high number of people without any form of Facebook account. We also aren’t interested in advocating that people create one, as Facebook’s ‘Real Name Policy’ prevents any kind of anonymous or pseudonymous participation in a community.
Currently, our solution to this is to direct people to the Open Rights Group mailing list, but this isn’t exactly perfect. Mailing lists aren’t particularly intuitive for newer users in the way that newer social networks might be. In fact, some may be surprised to learn that they actually predate the world-wide-web by a number of decades!
We are currently looking into and trialing a number of different self-hosted alternatives that might serve to replace the mailing list. Right now, Crabgrass and Anahita are looking like promising free-and-open alternatives that should be much friendlier to newer users. For anyone else trying to solve a similar problem, the “Awesome Selfhosted” GitHub project is a highly recommended resource.
So all-in-all, our first CryptoParty was a great success! Our attendees seemed to enjoy the experience, and everyone learned a great deal (especially those organising the event).
As organisers, we are looking to improve upon the things we learned from the experience and host our next CryptoParty in a few months time. Please stay tuned on the mailing list for updates, or follow @ORGNorthEast on Twitter. If you have any suggestions for our future parties, please feel free to post to the list, tweet at us, or comment on this article.