CryptoParty hosted by Newcastle City Library

On Sunday (22 May) I attended an event hosted by the council-run Newcastle City Library, the main library which sits in the centre of Newcastle, and ORG North East, a local Open Rights Group. The event was a two-hour CryptoParty. The aim was to help people set up their devices (phones, tablets, laptops) with applications to improve their online privacy. On hand were several volunteers with knowledge on different applications. The set-up of the event was informal with attendees able to drop-in at tables to ask questions and set up their devices.

The main applications were

  • Signal (from Open Whisper Systems) – a private messeging app similar to WhatsApp except metadata isn’t skimmed off by Facebook
  • Tor browser – a web browser that doesn’t look much different to any other web browser but keeps your information private by use of Tor relays (more about this below)
  • PGP – a way of encrypting your email messages
  • Protection of your Windows/Mac computer with full disc encryption

I had already installed Signal on my phone some months ago but I did clarify that just because I’m using it doesn’t mean my messages are secure because only a handful of my contacts are also using it.  It does offer me the option to invite others to join, but I think like most of these things, most people aren’t too interested so I haven’t bothered.

Tor browser was something I’d been meaning to install for some time but I had conflated it with the whole ‘Tor’ conversation that I’ve been hearing about which is much more to do with the Tor relays. Tor relays, in simple terms (correct me if I’m wrong), are servers set up and run by voluneers that allow internet traffic to hop between several of these before sending/receiving whatever it is you are accessing online. The Tor browser is exactly that, a browser based on Firefox and as easy to download and install as any browser. It is suggested that you actually review the tutorial before you start using it as there are some real DON’T’s users should heed (i.e. using BitTorrent while connected to Tor). You can also download the browser for your Android phone or iPhone. Be sure you download the apps from The Tor Project, not any of the copycat apps. For Android you have to download two different apps – not sure about iPhone as I don’t have one of these.

I can’t say that I am any closer to understanding and getting my head around PGP. From what I understand if you use gmail for example, you need to use a third party mail application like Thunderbird with an add on like Enigmail. There was a lot of mention of public and private keys, but it wasn’t really clear how you went about establishing these. We were shown some demonstrations of messages being encrypted but it all seemed rather complex, and, as I said, I’m no closer to implementing this. Lots of gaps in my knowledge still…

Regarding encrypted email I did ask about a webmail client that I learnt about via Twitter some weeks ago – ProtonMail – but none of the folks on hand had heard of this. I registered for an email account a few weeks ago but haven’t made the move. Again it seems that if the person at the other end isn’t using it then it’s all a bit moot. I’d be happy to  be convinced otherwise. The thing is with ProtonMail that it is very similar to gmail so it would be something, like Signal, that shouldn’t be difficult to get other people to adopt. From what I understand from people far more knowledgeable about these things is that it’s still not great because the encryption is being done by the provider so they can still read your messages. Can anyone clarify this is a way that makes sense to someone like me?

Unfortnately I wasn’t able to speak to the expert about full disc encryption before the end of the event (and I had to go) so I’m hoping there is another event in the near future where I can maybe get some more clarity about PGP and start to get to grips with full disc encryption.

All in all it was a good event with about a dozen people attending (and half a dozen experts on hand). It seemed to be really well received by those that attended but a few of us did discuss the fact that a majority of people don’t feel they need to protect their privacy and that those of us implementing these technologies have something to hide and/or are highly paranoid. This isn’t an area that I’m well versed in in terms of public opinion so I’m not sure how we go about convincing the general public that they should be more interested in their online privacy though Ian Clark has written about this recently both in a peer-reviewed paper and on his blog.

Ian also posted about the novelty of this particular event as it appears to be the first of its kind in the UK that was not only hosted by a public library, but also promoted by the council. You can read his post to get some further detail.

It’s also worth pointing out for the librarians amongst you, and library/librarian sympathesisers, that there is a group of librarians that discuss these types of issue via a monthly Twitter journal club, through their mailing list, and at an annual meet-up. That group is the Radical Librarians Collective (RLC) and I urge you to check them out. This is a UK-based group and there are other groups in other countries. This short-ish piece written by members of the RLC and published by CILIP is probably a good place to start.

The Library Freedom Project is an excellent resource for those, especially librarians, interested in online privacy. It has information about what you can do individually and on a library scale.

If there are future events like this I’d be keen to learn more about Tor and Tails, full disc encryption, the best ways of making things like tablets private, and PGP in terms of actually a walk-thru of setting things up.