Saturday, September 7, 2013

CryptoParty Mumbai





What is CryptoParty?
CryptoParty (Crypto-Party) is a grassroots global endeavour to introduce the basics of practical cryptography.A CryptoParty is a hands-on training program  where we introduce Internet users to the tools that help in protecting privacy in the online world. The training program will teach the ways in which communications and data can be encoded to prevent disclosure of their contents through eavesdropping or message interception, using codes (2), ciphers (3), and other methods, so that only certain people can see the real message.

It was my first CryptoParty. I was introduced to such a party by my buddy, Parin who had already attended it in Delhi this year. This week I read a mail on ilug-bom mailing list that they are organising in Mumbai at VJTI college on 7th Sept 10am-1pm.

I considered it a very good opportunity to meet and interact with open source enthusiasts and privacy concerned maniacs. I registered online for the party the day before. On 7th morning, the party was organised at CS lab of VJTI.
Disappointing part: 
1. Less participants as many people are unaware of such events. 
2. VJTI CS lab doesnt have Linux in all its machines.
3. There was no wifi availability for grand workshops nor there was freedom to use proxy network in the lab.
4. No proper organisation of the event although the event had good quality presentation. 

Gradually by 11am, there was atleast respectable number of participants for the party. 
The response from all the participants was great. I met a freelancer technology journalist Ms. Rohini with whom I could interact after the event too.
The volunteer who organised this event was Nikita Belavate from wikipedia-mum and Free Software Movement Maharashtra (FSMM).
The presentation was conducted by Surendran Sir surendran.info/.
Free Software Movement Maharashtra (FSMM) in association with Software Freedom Law Centre (SFLC) had organised the cryptoparty.
 

Agenda:
Introduction
Browsing Security

TOR
Browser security
Password Management

Email and IM Security

Web based email
Email clients (thunderbird)
Mail encryption
 

The contents in brief were as follows:
* Google: The Godfather who gives away your data to the advertisements. So next time if you get bugged by ads which already has your name on it, you know the culprit.

* Collusion is an addon by which you can visualize who's tracking you in real time.

* If you think you are safe and not getting tracked, take an example of my friend who was searching for a 4 slot toaster which actually comes in 2 slot in Amazon.com. He failed to get it.
Next week he got a mail from some other e-commerce site which recommended him few toasters.Do you still feel you are safe? Did'nt you experience such thing? Or you trying to be oblivious as the usage of such sites is inevitable? If its inevitable atleast you can prevent them from tracking you. Every individual is concerned about his/her privacy policy. You are booking a flight for a vacation on a site say makemytrip.com. Google, makemytrip, bank  etc. already know you are going on a vacation. When you are concerned about who encroaches your house then how can you allow someone encroach your profiles and access your data. No thing is 100% secure on internet but we atleast can do our best to be safer although can't be safest. Such encroachment is nothing but data mining.
Humor : Target corporation, a supermarket in US already knew a woman was pregnant before she declared. That supermarket tracked the products she purchased and calculated the months and date.
Did you know Twitter firehose sells tweets to advertisements?
Metadata is nothing but some sites can access your data after data by accessing just your email id.

* Best OS is TAILS https://tails.boum.org/.

* Best browser TOR.

* openpgp for encrypting your mails in thunderbird.

* Install add on https finder/everywhere for secured search.

* Use browser extension DoNotTrackMe.

* Use passwrd manager keypass.

* In chrome, if you save passwords, then in settings you will get list of passwords you have saved for sites and any one who will get access to your system can view the passwords. SO NEVER SAVE and use lastpass password manager.

* VPN : Another secured internet access.

5 comments:

  1. Hi Trupti,

    Nicely covered in brief. It was a pleasure meeting you too.

    ReplyDelete
  2. Yes and you did your part really well :) Lucky to meet you on such event

    ReplyDelete
  3. Hi.. That's a nice summary. Actually I showed LastPass as an example but there are many other password managers too.. You might look at http://sflc.in/why-should-we-use-a-password-manager/ for a more detailed write up on how to use it

    ReplyDelete
  4. Hi Trupti! Thanks for the summary. Please do join the low traffic mailing list of FSMM here http://fsmm.in/mailman/listinfo/fsmm-discuss_fsmm.in
    We would love to have all you folk help organise such workshops in the future.
    Thanks
    Vikram Vincent

    ReplyDelete

Mesmerizing Fortnight

This time its Sangli,Satara & Kolhapur. We hate to spend our daytime in journey so we prefer night journey. Unfortunately trains f...