the CryptoParty handbook - Version: 2013-08-21 - Back to Index
What is CryptoParty?
Interested parties with computers, devices, and the willingness to learn how to use the most basic crypto programs and the fundamental concepts of their operation! CryptoParties are free to attend, public and commercially non-aligned.
CryptoParty is a decentralized, global initiative to introduce basic cryptography tools - such as the Tor anonymity network, public key encryption (PGP/GPG), and OTR (Off The Record messaging) - to the general public.
The CryptoParty idea was conceived in the wake of the Australian Cybercrime Legislation Amendment Bill 2011.
Currently sixteen CryptoParties have been held in a dozen different countries worldwide, and many more are planned. Tor usage in Australia has spiked after four CryptoParties, and the London CryptoParty had to be moved from London Hackspace to the Google Campus to accommodate the large number of eager participants, with 125 ticketed guests and 40 people on the waiting list. Similarly, CryptoParty Melbourne found interest outstripped venue capacity - originally planned for approximately 30 participants - over 70 people turned up.
“Man is least himself when he talks in his own person. Give him a mask, and he will tell you the truth.” - Oscar Wilde
In 1996, John Perry Barlow, co-founder of the Electronic Frontier Foundation (EFF), wrote ‘A Declaration of the Independence of Cyberspace’. It includes the following passage:
Cyberspace consists of transactions, relationships, and thought itself, arrayed like a standing wave in the web of our communications. Ours is a world that is both everywhere and nowhere, but it is not where bodies live.
We are creating a world that all may enter without privilege or prejudice accorded by race, economic power, military force, or station of birth.
We are creating a world where anyone, anywhere may express his or her beliefs, no matter how singular, without fear of being coerced into silence or conformity.
Sixteen years later, and the Internet has changed the way we live our lives. It has given us the combined knowledge of humankind at our fingertips. We can form new relationships and share our thoughts and lives with friends worldwide. We can organise, communicate and collaborate in ways never thought possible. This is the world we want to hand down to our children, a world with a free Internet.
Unfortunately, not all of John Perry Barlow’s vision has come to pass. Without access to online anonymity, we can not be free from privilege or prejudice. Without privacy, free expression is not possible.
The problems we face in the 21st Century require all of humanity to work together. The issues we face are are serious: climate change, energy crises, state censorship, mass surveillance and on-going wars. We must be free to communicate and associate without fear. We need to support free and open source projects which aim to increase the commons’ knowledge of technologies that we depend on http://opensourceecology.org/wiki Contribute!
To realise our right to privacy and anonymity online, we need peer-reviewed, crowd-sourced solutions. CryptoParties provide the opportunity to meet up and learn how to use these solutions to give us all the means with which to assert our right to privacy and anonymity online.
We are all users, we fight for the user and we strive to empower the user. We assert user requests are why computers exist. We trust in the collective wisdom of human beings, not software vendors, corporations or governments. We refuse the shackles of digital gulags, lorded over by vassal interests of governments and corporations. We are the CypherPunk Revolutionaries.
The right to personal anonymity, pseudonymity and privacy is a basic human right. These rights include life, liberty, dignity, security, right to a family, and the right to live without fear or intimidation. No government, organisation or individual should prevent people from accessing the technology which underscores these basic human rights.
Privacy is the right of the individual. Transparency is a requirement of governments and corporations who act in the name of the people.
The individual alone owns the right to their identity. Only the individual may choose what they share. Coercive attempts to gain access to personal information without explicit consent is a breach of human rights.
All people are entitled to cryptography and the human rights crypto tools afford, regardless of race, colour, sex, language, religion, political or other opinion, national or social origin, property, birth, political, jurisdictional or international status of the country or territory in which a person resides.
Just as governments should exist only to serve their citizens - so too, cryptography should belong to the people.Technology should not be locked away from the people.
Surveillance cannot be separated from censorship, and the slavery it entails. No machine shall be held in servitude to surveillance and censorship. Crypto is a key to our collective freedom.
Code is speech: code is human created language. To ban, censor or lock cryptography away from the people is to deprive human beings from a human right, the freedom of speech.
Those who would seek to stop the spread of cryptography are akin to the 15th century clergy seeking to ban the printing press, afraid their monopoly on knowledge will be undermined.
Throw a party. All you need is a time, a date and a location. Add it to the wiki: https://cryptoparty.org.
Make sure you have Internet connectivity and enough power sources for all devices. If you do not have a place to hold a CryptoParty, find a pub or park where you can meet and squeeze the public bandwidth. That will really hone your skills!
Bring USB sticks and printed handouts for those who need them, and set up old computers for people to fiddle with and try out new skills.
Talk about Linux to everyone you meet at your CryptoParty. If you are new to CryptoParties - ask someone “what is Linux?” ASAP.
Make entry free for all if possible - CryptoParties are not-for-profit, not commercially aligned and especially important for those without other resources.
Teach basic cryptographic tools to the masses. Crowd-source the best crypto. We suggest PGP, OTR, and Tor as the first tools to install.
Invite experts and non-experts from all fields. Everyone is an expert on something.
If you want CryptoParty to do something, start doing it. Organise organically and chaotically. Have no clear leadership. Urge people to take on a sudo leadership role - take a tutorial, fix the wifi, update the wiki, or organise the next CryptoParty. If someone claims others are doing it wrong - invite them to nominate themselves to do it better.
Ask for feedback. Assimilate critics - ask them for their help in creating a better CryptoParty. Do not be scared to troll the trolls back or boot them from your space. Share feedback on the wiki. Iterate.
A successful CryptoParty can have as many or as few as two people. Size doesn’t count, it’s what you do with it that matters. The criterion for success should be that everyone had fun, learned something and wants to come to the next party.
Think of the CryptoParty movement as a huge Twitter hive ready to swarm at any moment. Tweet a lot, and make your tweets are meaningful. ReTweet other CryptoPartiers frequently.
Make sure the way crypto is taught at your party could be understood by a 10 year old. Then have the 10 year old teach it to an 80 year old. Breach the digital divide with random acts of awesomeness such as unfettered use of images of kittens in all CryptoParty literature. Red underpants on heads is only mandatory if you wish to bid in our spectrum auction.
Consider hosting private, off-the-radar CryptoParties for activists, journalists and in individuals working in dangerous locations.
Don’t scare non-technical people. Don’t teach command lines before people know where the on-off buttons are located on their laptops. Everyone learns at their own pace - make sure there is support for those in need of help.
Doing excellent stuff at CryptoParty does not require permission or an official consensus decision. If you’re uncertain about the excellence of something you want to do, you should ask someone else what they think.
Consider the need for a bouncer, particularly if your CryptoParty expects over 50 people. Dress the bouncer up as a Sumo wrestler. Do not be afraid bounce people who breach CryptoParty’s anti-harassment policy.
CryptoParty is dedicated to providing a harassment-free sharing experience for everyone, regardless of gender, sexual orientation, disability, physical appearance, body size, heritage, or religion. Behaving like an arsehole may mean you are permanently uninvited to CryptoParties events. Harassment includes:
Encourage a culture of sharing. Encourage advanced users to help not-so advanced ones. Delegate.
Use online meeting platforms like mumble, or even chatrooms (e.g. #cryptoparty room on http://occupytalk.org/) when physical meetups are not possible or impractical.
Copy from other cryptoparties. Remix, Reuse and Share. Create a basket of old devices people are willing to donate to more needy CryptoPartiers.
Get the word out! Print posters and/or flyers and distribute them in your neighbourhood, post online versions to social networks and mail them to friends, for them to distribute the info even further.
Don’t sell out to sponsors for pizza and beer money. Ask people to try and bring food and drink to share. Host CryptoPicnics as often as possible. Make friends with librarians. They wield power over keys to local, public meeting rooms that may be free of charge to utilize.
Invite all the people. Bring people together who have a wide range of skills and interests - musicians, political pundits, activists, hackers, programmers, journalists, artists and philosophers. Spread the love.
Invite the graphic designers and illustrators you know to contribute new ways to help people understand crypto.
Invite everyone to share their knowledge and their skills. Individuals with little or no coding, programming, hacking or crypto skills can change cultures by promoting the idea that privacy is a fundamental right.
Share music, beers, & chips. Bond together over eclectic music, cheeseballs, installing GPG, TrueCrypt, OTR and Tor, as well as watching movies together. We recommend Hackers, The Matrix, Bladerunner, Tron, Wargames, Sneakers, and The Net.
Do not work too hard. Take breaks. Eat popcorn together. Create slang, phrases, memes.
When people at CryptoParties ask for advice on “hacking the Gibson” refer them to episodes of ‘My Little Pony’.
Create fliers and advertise using slogans like: “CryptoParties: If there is hope, it lies in the proles” and “CryptoParty like it’s 1984.” CryptoParty all the things to avoid oppression and depression.
Seed CryptoParties in your local communities - at nursing homes, scout groups, music festivals, universities, schools. Take CryptoParty to isolated and remote communities. Make friends in far away places and travel whenever possible. Ask people in rural farming communities if they’d like to CryptoParty.
Share shimmering opportunities of crowd-sourced privacy: swap cheap, pre-paid SIMs, handsets and travel cards.
Create logos in bright pink and purple, with hearts all over them. Promote CryptoParties to rebellious 13 year old girls. Declare success if rebellious 13 year old girls demand to attend your parties.
Become friends with journalists. Invite them to your parties. Teach them crypto. Do not scare them by discussing Assassination Markets.
Strew CryptoParty sigils across your city in 3am post-party raids. Make lots of stickers, paste them everywhere.
Experiment, constantly. Do not be afraid to make mistakes. Encourage people to tinker. Assume all mistakes are meant to made. Most people under intel agency scrutiny have electronic devices already compromised before they walk in the door. Teach people to install tools from scratch, so they can do it on a new machine, away from prying eyes.
Assume intel agencies send representative to CryptoParties. Acknowledge their presence at the start of your meeting, ask them to share their crypto skills. Joke about paranoia as often as possible without instilling panic. Wear tinfoil hats.
Be excellent to each other and CryptoParty on.
Privacy is a fundamental human right. It is recognized in many countries to be as central to individual human dignity and social values as Freedom of Association and Freedom of Speech. Simply put, privacy is the border where we draw a line between how far a society can intrude into our personal lives.
Countries differ in how they define privacy. In the UK for example, privacy laws can be traced back to the 1300s when the English monarchy created laws protecting people from eavesdroppers and peeping toms. These regulations referred to the intrusion of a person’s comfort and not even the King of England could enter into a poor persons house without their permission. From this perspective, privacy is defined in terms of personal space and private property. In 1880 American lawyers, Samuel Warren and Louis Brandeis described privacy as the ‘right to be left alone’. In this case, privacy is synonymous with notions of solitude and the right for a private life. In 1948, the Universal Declaration of Human Rights specifically protected territorial and communications privacy which by that became part of constitutions worldwide. The European Commission on Human Rights and the European Court of Human Rights also noted in 1978 that privacy encompasses the right to establish relationships with others and develop emotional well-being.
Today, a further facet of privacy increasingly perceived is the personal data we provide to organizations, online as well as offline. How our personal data is used and accessed drives the debate about the laws that govern our behavior and society. This in turn has knock-on effects on the public services we access and how businesses interact with us. It even has effects on how we define ourselves. If privacy is about the borders which govern who we give permission to watch us and track aspects of our lives, then the amount and type of personal information gathered, disseminated and processed is paramount to our basic civil liberties.
An often heard argument, when questions of privacy and anonymity come up, goes along the lines of, “I only do boring stuff. Nobody will be interested in it anyway” or, “I have nothing to hide”. Both of these statements are easily defeated.
Firstly, a lot of companies are very interested in what boring things you do precisely so they have opportunity to offer “excellent” products fitting interests. In this way their advertising becomes much more efficient - they are able to tailor specifically to assumed needs and desires. Secondly you do have lots to hide. Maybe you do not express it in explicitly stated messages to friends and colleagues, but your browsing - if not protected by the techniques laid out in this book - will tell a lot about things you might rather keep secret: the ex-partner you search for using Google, illnesses you research or movies you watch are just few examples.
Another consideration is that just because you might not have something to hide at this moment, you may very well in future. Putting together all the tools and skills to protect yourself from surveillance takes practice, trust and a bit of effort. These are things you might not be able to achieve and configure right when you need them most and need not take the form of a spy movie. An obsessed, persistent stalker, for example, is enough to heavily disrupt your life. The more you follow the suggestions given in this book, the less impact attacks like this will have on you. Companies may also stalk you too, finding more and more ways to reach into your daily life as the reach of computer networking itself deepens.
Finally, a lack of anonymity and privacy does not just affect you, but all the people around you. If a third party, like your Internet Service Provider, reads your email, it is also violating the privacy of all the people in your address book. This problem starts to look even more dramatic when you look at the issues of social networking websites like Facebook. It is increasingly common to see photos uploaded and tagged without the knowledge or permission of the people affected.
While we encourage you to be active politically to maintain your right to privacy, we wrote this book in order to empower people who feel that maintaining privacy on the Internet is also a personal responsibility. We hope these chapters will help you reach a point where you can feel that you have some control over how much other people know about you. Each of us has the right to a private life, a right to explore, browse and communicate with others as one wishes, without living in fear of prying eyes.
The CryptoParty Handbook was born from a suggestion by Marta Peirano (http://petitemedia.es) and Adam Hyde (http://booksprints.net) after the first Berlin CryptoParty, held on the 29th of August, 2012. Julian Oliver (http://julianoliver.com) and Danja Vasiliev (http://k0a1a.net), co-organisers of the Berlin CryptoParty along with Marta were very enthusiastic about the idea, seeing a need for a practical working book with a low entry-barrier to use in subsequent parties. Asher Wolf, originator of the CryptoParty movement, was then invited to run along and the project was born.
This book was written in the first 3 days of October 2012 at Studio Weise7, Berlin, surrounded by fine food and a small ocean of coffee. Approximately 20 people were involved in its creation, some more than others, some local and some far.
The writing methodology used, BookSprint (http://booksprints.net), is all about minimising any obstruction between expertise and the published page. Face-to-face discussion and dynamic task-assignment were a huge part of getting the job done, like any good CryptoParty!
The open source, web-based (HTML5 and CSS) writing platform BookType (http://booktype.pro) was chosen for the editing task, helping such a tentacular feat of parallel development to happen with relative ease. Asher also opened a couple of TitanPad pages to crowd-source the Manifesto and HowTo CryptoParty chapters.
Combined, this became the official CryptoParty Handbook by midnight October the 3rd, GMT+1.
The Book Sprint was 3 days in length and the full list of onsite participants included:
This version of the handbook has since moved to github to collaboratively edit it. Find it at https://github.com/cryptoparty/handbook. If you see areas that need improvement or simply come across a typo, create a github account and start editing, commenting or creating issues. For help using git and github, see https://help.github.com/.
CryptoParty HandBook Credits
Facilitated by:
Core Team:
Assisted by:
Cover Image by Emile Denichaud.
Other material included:
The manuals used in the second half of this book borrow from 2 books sprinted by FLOSS Manuals:
“How to Bypass Internet Censorship” 2008 & 2010 Adam Hyde (Facilitator), Alice Miller, Edward Cherlin, Freerk Ohling, Janet Swisher, Niels Elgaard Larsen, Sam Tennyson, Seth Schoen, Tomas Krag, Tom Boyle, Nart Villeneuve, Ronald Deibert, Zorrino Zorrinno, Austin Martin, Ben Weissmann, Ariel Viera, Niels Elgaard Larsen, Steven Murdoch, Ross Anderson, helen varley jamieson, Roberto Rastapopoulos, Karen Reilly, Erinn Clark, Samuel L. Tennyson, A Ravi
“Basic Internet Security” 2011 Adam Hyde (Facilitator), Jan Gerber, Dan Hassan, Erik Stein, Sacha van Geffen, Mart van Santen, Lonneke van der Velden, Emile den Tex and Douwe Schmidt
All content in the CryptoParty Handbook is licensed under the Creative Commons Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0).
All chapters © the contributors unless otherwise noted below.
the CryptoParty handbook - Version: 2013-08-21 - Back to Index