Photo courtesy of the Whitney Museum of American Art

CryptoParty: The Good Parts

David Huerta
May 18, 2017 · 6 min read

The very first CryptoParty in New York City fell on a cold and windy day in December 2012, almost half a year after many other cities. I only started working on it after a month of hearing people tweet about wanting to start one in NYC, but no one picked up the torch — so I did and . Fast forward to 2016, there have been 42+ of these events between multiple organizers and numerous volunteers all across the city. It’s hard; I regret nothing. Here’s some useful takeaways for anyone thinking of doing the same.

Remember the mission

Let’s take a look at why CryptoParty started, and more importantly, who it’s for. The prospect of draconian data retention laws in Australia led to Asher Wolf and others to bring crypto tools to the masses. A lot of the discussions around that time mentioned bridging a gap between technologists and everyone else. If you’ve been to any event involving information security, you may have noticed that they tend to be by experts, for experts and generally just overwhelm and scare anyone who doesn’t know what’s going on. CryptoParty’s goal is not that, but rather to show your non-technical-expert neighbors that privacy-enhancing technology (not just crypto) is something for them too. Every single decision you make from picking a location to speaker/volunteer/demo selection and even the words you use to describe technology should take that into account. DEF CON is the only thing I look forward to every gross, sweaty summer but it should absolutely not be what you model a CryptoParty after. If you want to bring the general public to your CryptoParty, they need to be convinced to bring themselves. If your CryptoParty seems like it’s not for them, they won’t come. Make sure your event is friendly to newbies, even if it means boring the more l337 h4x0r contingent with talks on password managers and 2FA. They can go to their local BSides conference if they want to jump into the hard stuff.

Pick volunteers who can talk to people

Going back to developing a newbie reputation, it’s a good idea to start with volunteers who are patient with folks new to the fold and can talk to people about technology without drowning them in an alphabet soup of acronyms and jargon. No one is born a security expert, and while it’s important to avoid giving bad security advice, it’s also important the audience doesn’t misunderstand sound security advice and end up making a different set of mistakes that put them in just as much or more risk. It’s easier to teach good teachers why Telegram is trash and why Signal is a better implementation of a secure messenger than it is to show people who live in IRC how to talk to people who live in SnapChat. A counsel of security experts can help fact-check trainers though, so there’s still opportunities for l337 h4x0rs to help out in CryptoParty planning in between Arch builds.

Have an official voice

If you’ve been to any art world event in New York City with the unfortunate addition of a Q&A session, you’ll notice that there’s a contingent of humanity that loves to use any opportunity to speak to a crowd to hear themselves talk for what seems like an incredibly long period of time without ever actually asking a question or saying anything useful. Your CryptoParty will devolve into a live YouTube comment section LARP if you let it. Have a distinction between your volunteers and the village conspiracy theorist. There will always be at least one person who will try to tell everyone that everything is back-doored and using Tor/Signal/anything more advanced than a steam engine is pointless. Don’t give them a free soapbox. Have talks and tables ran by your own vetted volunteers. Introduce your volunteers at the beginning of the event, and maybe make some cool pinback buttons for them to wear so people know who to get answers from if they come in late.

Choose a community, not just a location

Way back in 2012, I reached out to Eyebeam to host the first NYC CryptoParty. They host events all the time, so they actually had things like chairs and a projector. Some CryptoParties fail to have these basic amenities and end up being terrible. More importantly though, it wasn’t an echo chamber of security experts, but people who had a good combination of interest and political awareness of privacy issues before Snowden and the 2016 election forced every community to have it. Hurricane Sandy put a dent in those plans and the first event happened at a hackerspace, AlphaOne Labs at the time — easy to book but not ideal, because that community already knew this stuff. Since then, however, CryptoParties have been hosted around New York in many communities, each with different focuses where surveillance technology clashes with their particular concerns. Having CryptoParty hosted everywhere from the CUNY Graduate Center to the Brooklyn Public Library to the Harlem Business Alliance casts a wider net than having an event in just one community, and the experience of talking about privacy with a wide range of professions for a wider range of goals helps volunteers understand the real-world needs of people who are looking for more than yet another encrypted messenger app.

Calendar carefully

In every event you host, add the date of the event in the title and description, even if it’s listed elsewhere in an announcement, as people will always ask when it is if you don’t. Add the name of the location with the address in the description. Facebook, Meetup and every other platform have fields for these but they often get lost in the mix of responsive web, apps, e-mail and other ways people use this info on their devices. If your audience knows how to perfectly navigate every platform, then you’re probably not reaching the right audience. In my experience it helps to spread out announcements. At CryptoParty Phoenix, we ended up hosting two events in the same week and around five to ten people mixed up the date, time, location or some combination and realized they missed out too late or assumed it was too late to attend.

Use the wiki

If you think your city doesn’t have a CryptoParty yet, it might actually have one or several. The official unofficial list of all CryptoParties on the planet, may already list one in your neighborhood! However, it may only have one or two events from years ago. Being on the group email, I get a message every three months asking when there’s going to be a CryptoParty in Seattle, which I reply by sending them to a wiki page that hasn’t been updated since Jimmy Hendrix was a alive, probably. Add your events to the wiki so I won’t have to disappoint people by sending them to dusty wiki pages anymore.

Read everything matt mitchell writes

Matt Mitchell from CryptoHarlem is a solid authority on digital security training and wrote a more complete introductory guide for anyone wanting to host their own digital privacy training event. You should read it next!

Running a good CryptoParty is hard, but worth the effort. In-person digital privacy training is inefficient, and it doesn’t scale. What it does do well, however, is bring a personal connection between you and your neighbors. While they learn how to use Signal and Tor, lessons are also learned on the teacher’s end. It’s a waking moment to see the eyes of someone master something they thought was impossible to learn, to realize that what you do is magic to the rest of humanity and that you just showed someone cursed by the gods how to make fire. Some in your audience may have come to you from a place of fear stoked by a twenty-four hour news cycle. They’ve been told by talking heads that the tiny amount of agency they have online — and there is no offline anymore — is being rapidly eroded by seemingly invincible machines and that they may not have anything left. We are here to say that what is etched into silicon is not etched into stone, that there’s no fate but what we make for ourselves, and that we are here to take back our privacy, together.