Upcoming events

Past Events in Boston Massachusetts

Date Details
2019-6-26 How to setup and use a 2FA token device, such as Yubikey at Sprout
2018-07-25 Monthly Digital Security 101 at Sprout
2018-06-27 Monthly Digital Security 101 at Sprout
2018-05-30 Monthly Digital Security 101 at Sprout
2018-05-09 A Crash Course in Digital Hygiene, at the Museum of Science
2018-04-25 Monthly Digital Security 101 at Sprout
2018-03-28 Monthly Digital Security 101 at Sprout
2018-02-10 Creating a (greater) Boston Meshnet at Somerville public library
2018-01-31Chatting about meshnets at Sprout
2017-12-27Monthly Digital Security 101 at Blue Shirt Cafe
2017-11-29Monthly Digital Security 101 at Sprout
  • There was interest in a discussion about mesh networking, so demo-ing an Enigmabox would be worthwhile. PirateBox, too? During the discussion, we talked about whether a cryptocurrency would be useful to incentivize hosting nodes / file sharing on the network. Someone specifically mentioned an Initial Coin Offering to build equity. Am not an expert in this area so I don't know whether it's at all feasible. Made for good discussion at the time!
  • We also discussed two apps that are trying to address the injustices of people sitting in jail because they are too poor to pay cash bail (something like 700,000 people at any given moment in America). Apps like BailBloc and Appolition are trying to generate money for community bail funds.
2017-11-11Boston Anarchist Bookfair
2017-11-04South Boston BPL
2017-10-25Monthly Digital Security 101 at Sprout

Talked about:

2017-09-27Monthly Digital Security 101 at Sprout

Talked about:

  • How to complete the set up for Signal, to ensure no man-in-the-middle exposure.
  • How DropBox is known to be p0wed by the NSA.
  • The down sides to keeping all your passwords in a Google docs, document, unencrypted.
  • Who uses which password manager.
  • Services which allow you to generate one time credit card numbers.
2017-08-30Monthly Digital Security 101 at Sprout
2017-07-26Monthly Digital Security 101 at Sprout

Thanks again to Troy for hosting us! Small turnout this week, but good discussion about semiconductors, trusting trust and thinking about security for lawyers.

2017-07-20In association with E5 & Boston Socialist School
2017-06-20BPL Fields Corner branch

I went to the Fields Corner cryptoparty last week and had a lot of fun. Had about 10 attendees. Talked about using general operational security, threat models, strong passwords, password managers, mobile security, and anonymous browsing. Seemed like our info was well-received. We're getting pretty good at the Digital Security 101 training, if I do say so myself!

2017-06-24BPL South Boston branch
2017-05-30Monthy Digital Security 101 at Sprout
2017-05-05LGBTQ-focused Details, Make Shift Boston South End
2017-04-26Monthy Digital Security 101 at Sprout
2017-04-22Boston Socialist Unity Project Conference, MIT
2017-03-31Privacy at the Border workshop for International Students - Harvard Univ
2017-03-29Monthy Digital Security 101 at Sprout
2017-03-27Privacy at the Border workshop for International Students - Harvard Univ
2017-03-24Libre Boston meetup Personal Privacy & Security Skillshare
DateLocationAddressAdditional Information
2017-03-02Fields Corner branch BPLBoston, MA

Jamie and I had a great cryptoparty last week at the Fields Corner branch of BPL. The flower of our conversation might be instructive for this month's “Train the Trainer” session.

For context: We were joined by a librarian and three older women, who meet regularly as a reading group. They did not have any expertise in technology.

We started the conversation by loading the Norse real-time attack map. We did this to communicate that, if they didn't already know (!), the internet is not a safe space. There are concerted efforts to compromise networks and identities going on all the time.

Because a few of the attendees had personal experience with phishing attacks, we talked about how to hover over a link with your cursor to check the path. Close reading and attention to URL length can save you from many attacks. Similarly, if you are downloading a file from e-mail, you can hover over the attachment and see the attachment's file extension. File extensions like .exe, .bat, .dll should be avoided! What are people phishing for, anyways? Bank accounts. Personal information. Usernames and passwords. &c &c.

We moved into a discussion of passwords – er, passPHRASES. The XKCD comic was great, if only to broach the fact that it's not individual humans trying to guess your password, but automated programs that query against dictionaries and tables of known passwords. We talked about salting, 2FA, and about not using the same password for multiple accounts.

That was the first 45 minutes of the cryptoparty. During the last 45 minutes we talked about threat modeling and a bit about encryption via HTTPS. I'd say the transition to talking about encryption needs work. It's a crucial topic but very difficult to grasp intuitively at first.

Scared straight, the group wondered about how they might audit their computers to know if they'd been compromised. We suggested running anti-malware programs on the reg (recommended AVG as a free alternative). We also walked through opening up the task manager and reviewing what processes are running at any given time. Right clicking was a new feature for most of the group. And we might have accidentally found some malware on the library computer, spoofing as the csrss.exe program(!).

2017-02-22Sprout339R Summer Street, Somerville, MA
2017-02-18East Boston branch BPLBoston, MA
2017-02-05Somerville LibrarySomerville, MA
2017-02-03The Humanist HubSomerville, MA
2017-01-25SproutSomerville, MA

Someone already sent a link to Sumana Harihareswara's talk from last year's LibrePlanet. It is really important that we provide a safe space for cryptoparty participants, like addressing our preferred gender pronouns during introductions. An easy thing we can do for our LGTBQIA+ cryptonauts. Same goes for people who don't share our class, politics, race, ethnicity, culture…

During the cryptoparty, we walked through securely installing a new operating system for a laptop. We downloaded an .iso file from a torrent for the Xubuntu OS. We downloaded the SHA256sum checksum file to verify that the .iso file we downloaded is the same .iso file Xubuntu uploaded. We also downloaded the public key signature associated with the signed chechsum file. We verified the checksum and the public key using command line tools. Finally, we used the dd command to format a USB into a bootable device with our .iso file on it. In all, it took a good 90 minutes!

We also chatted about Tor and privacy policy.

For next month, there was some talk about focusing on surveillance cameras. I think I heard that someone had a camera to bring in to play with? Anyways, I would find it super useful to learn how to “read” surveillance cameras, know what it is they are monitoring. Would anybody else be interested in this?

I thought it would be cool if we produced a short (~20 minute) cryptoparty show that we could get aired on SCATV. They might also help us distribute the show to community access stations across the country. Anybody else interested in producing this with me? I remember someone saying that this had already maybe been done before, too.

DateLocationAddressAdditional Information
2016-12-28Encuentro9A Hamilton Place, Boston
2016-11-30Sprout339R Summer Street, Somerville, MA
2016-10-26Sprout339R Summer Street, Somerville, MA

A couple things from last night: Mailvelope seems to be a pretty cool tool. There's a demand for a Linux “install fest”. Let's set aside some time to do that in the future. Speaking of which, seems we're developing a workflow to on-board new members into the crypto community. Something like this: Install Linux –> Generate key pair –> Exchange keys –> Start messaging. The more concrete we can be about this process on the website and during cryptoparties, the easier it'll be for others to join. Talked a little about botnets and DDOS attacks. V v interesting. Would love to learn more about systems administration and protecting home routers against botnets. So turns out the models I've been using to describe encrypted messaging (Alice, Bob, public key, private key) barely scratch the surface of the problem of secret messaging. It'd be great to have more information about what, exactly, models like the Diffie-Hellman diagram are trying to describe. From what I gather, the problem is how to make a handshake when you're being watched the entire time. If you can, please shed some light about this problem!

DateLocationAddressAdditional Information
2016-10-22BPL, Grove Hall Branch41 Geneva Avenue, Dorchester, MA
2016-09-28Sprout339R Summer Street, Somerville, MA
2016-08-31Parts and CraftsSomerville, MA
2016-07-27Parts and CraftsSomerville, MA
2016-01-27Parts and CraftsSomerville, MA
2015-12-30Parts and CraftsSomerville, MA
2015-10-28Parts and CraftsSomerville, MACommunity Jamboree: Imagining what the Internet will look like in 5 years
2015-09-30Somerville Ave StarbucksSomerville, MA
2015-09-16BLU PGP Keysigning
2015-08-26Parts and CraftsSomerville, MA
2015-07-23Parts and CraftsSomerville, MA
2015-06-30Parts and CraftsSomerville, MA
2015-05-21Parts and CraftsSomerville, MA
2015-05-17Danger! Awesome, Together Boston
2015-05-02Point to Point Camp http://ptp.camp/
2015-04-16Parts and CraftsSomerville, MA
2015-03-19Parts and CraftsSomerville, MA