TA3M Seattle, January 2016

January 15th, 2016 by yawnbox

Greetings!

Techno-Activism Third Mondays (TA3M) is an informal meetup designed to connect software creators and activists who are interested in censorship, surveillance, and open technology. Currently, TA3M are held in various cities throughout the world, with many more launching in the near future. In Seattle, thanks to a special donor, there will be free pizza!

When: Monday, January 18, 2016, 6:30 – 9:00 PM
Where: University of Washington Computer Science & Engineering building (CSE) room 403 [directions]

The State of Internet Censorship (7 PM)

By: Will Scott

The techniques to control access to the Internet, and the ability to bring transparency to those processes are both continuing to evolve. We’ll give an update on the landscape of online information controls, and our ability to measure them.

The talk will give an update on current country-level practices, the techniques in use to measure them, and an overview of major tools in use.

Over the past couple years, restrictions on Internet access have grown even more ubiquitous. Many take the form of URL or Domain blacklists implemented by western countries, along with increased levels of self censorship on social platforms with user generated content.

The measurement community continues to play a catch-up game. Through a mixture of watching legislature, an increased understanding of what we need to build to keep track of internet controls, and discoveries of side channels that let us externally measure connectivity, we’re making progress!

Will is a fourth year graduate student in the networks lab at the University of Washington. Over the last two years, Will has been teaching computer science in Pyongyang, North Korea. Will’s research centers on how to make a more resilient web, through working with in-browser peer-to-peer and caching, and applying operating systems lessons to web frameworks.

Introduction to Tor and Onion Services (8 PM)

By: Christopher Sheats

The Tor ecosystem, including Tor Browser, tor relays, and onion services are critical parts of your digital hygiene even if you’re not a journalist, lawyer, or domestic violence survivor. This talk will include an overview of how the Tor network works, how using Tor can protect you, Tor Browser best practices, how onion services (including “the dark web”) work, and examples for why you and the organization(s) that you work for should host an onion site along side your normal HTTPS website.

Christopher is an Encryption Evangelist at the ACLU of Washington, a board member of Seattle Privacy Coalition, a TA3M organizer, and a surveillance self-defense lecturer.

Privacy job openings!

Open Whispter Systems is looking for iOS developers, Android developers, and a Mobile UI / Product Designer.

Electronic Frontier Foundation is looking for a Criminal Defense Staff Attorney, an Activist, and a Technology Generalist. Various internships.

ACLU of Washington is looking for a Director of Accounting and Administration. Various internships.

Join the email list!

https://lists.ghserv.net/mailman/listinfo/ta3m-seattle

We’re on Twitter!

To best support the global TA3M meetup, please tweet using the #TA3M hashtag.

@TA3Mseattle
@SeattlePrivacy
@TechnoActivism

Seattle TA3M 1 Comment

TA3M Seattle, December 2015 (w/ Cascadia Wikimedians)

December 7th, 2015 by yawnbox

Greetings!

Techno Activism 3rd Mondays is an international, monthly meetup designed to connect people interested in modern anti-censorship and anti-surveillance issues. TA3M Seattle is Seattle Privacy Coalition’s “sister organization” because of our shared goals in advocating for personal privacy, and we are happy to be announcing December’s TA3M! This month’s meetup, like December 2014’s TA3M, is a joint meetup with Cascadia Wikimedians, so expect an extra-intelligent group of folks!

We are meeting this month!

If you are planning on attending, please register by picking the type of pizza you would like (or no pizza).

There are no scheduled talks, only 5-minute flash talks. If you would like to give a 5-minute flash talk, please include that information in the above registration form.

When: Monday, December 14, 2015, 18:30 to 21:00 (6:30 – 9:00 PM)
Where: University of Washington Computer Science & Engineering building (CSE) room 403 [directions]

Questions? Please email Christopher: yawnbox at riseup dot net

Seattle TA3M   Add a comment

TA3M Seattle, November 2015

November 10th, 2015 by yawnbox

Greetings!

Techno Activism 3rd Mondays is an international, monthly meetup designed to connect people interested in modern anti-censorship and anti-surveillance issues. TA3M Seattle is Seattle Privacy Coalition’s “sister organization” because of our shared goals in advocating for personal privacy, and we are happy to be announcing November’s TA3M!

We are meeting this month!

When: Monday, November 16, 2015, 6:30 – 9:00 PM
Where: University of Washington Computer Science & Engineering building (CSE) room 303 [directions]

* Free pizza! *

Talk one (7PM):

Virtualization for Security: An Introduction

This talk will explore virtualization and it’s utility within security and maintaining privacy. Learn about what virtualization is, the attack surface and threat model for virtualization software, the impact of recent vulnerabilities such as VENOM, and what the future of virtualization looks like. Finally, find out how you can use virtualization to limit compromise and compartmentalize everyday activity with the open source operating system Qubes OS. Note: despite the technical nature of this topic, effort will be made to ensure that this material is valuable to end users.

Andrew Sorensen is a security engineer at Twitter and former security consultant at Leviathan Security Group. In his spare time, Andrew enjoys researching virtualization security issues and building secure implementations of typically challenged software use cases (including home automation / internet of things).

Talk two (8PM):

Informational Privacy and Social Privilege: Discriminatory Data Practices in the Information Society

The well-off have historically sought to separate themselves from everyone else, employing privilege to maintain affluence and exclusivity. Gated communities, private schools, shell corporations, complex financial instruments — the tendency by elites to seek special advantages and insulation from others and to obscure themselves within walled gardens is well-established. Ghettos, glass ceilings, housing and employment discrimination and other elements of institutionalized oppression are obstacles that have historically prevented the unprivileged from gaining access to the educational and economic opportunities necessary to escape cycles of poverty and achieve the “good life.” As both the positive and negative inclinations of the material world find expression in the digital world, a move to separate and segment society is finding its way there as well, leading to new forms of oppression and social sorting.

These effects are not arbitrary, but reflect the biases inherent in our society and within the culture of information technology production and use. Information systems are truly socio-technical systems and, as such, have the capacity to amplify preexisting inequalities through practice and use, including pervasive data collection by major data controllers and an increasing inability to engage in socially-beneficial “forgetting.” So, we are left to cope with the fallout of the status quo as if this were all inevitable. Given the demographic makeup of the designers, producers and early adopters of information systems, it should not be surprising what inclinations these systems reflect and which groups find themselves dispossessed within the information society.

Mike Katell is a PhD student at the University of Washington Information School.

Follow us on Twitter!

@TechnoActivism
@TA3Mseattle
@SeattlePrivacy

Seattle TA3M   Add a comment

On the nature of surveillance, self defense, and activism

January 19th, 2015 by yawnbox

The Seattle Privacy Coalition instructed our first anonymous group of Seattleites who are victims of abusive surveillance or at risk of becoming a victim. Overwhelmingly, the students of our first workshop were women, even though everyone that attended ranged in age, background, race, nationality, ethnicity, and sexual-orientation. Despite their differences, their commonality was their genuine care for people — society — to such a degree that their non-violent actions are considered a threat to corporate and government power.

The concern

Almost 226 years ago, our fundamental rights as Americans were ratified. Broad protections were guaranteed to us against search and seizure, something that we, as a society, now sometimes call privacy due to the large amount of our lives willingly and unwillingly propelled into digital spaces. Objection to intrusive search and seizure of physical objects has evolved into our ability to control personal information made harder by advancing and cheapening technology.

Corporations, governments, and law enforcement agencies do not have a right to abuse people by way of deploying advanced technology. They may have the ability and privilege to do so, but that ability and privilege cannot and should not become a slippery slope to control people who are exercising their government-sponsored and government-protected right to protest perceived abuses of power. What is the significance of our constitutional protections unless we act, so that our rights become right and our values proven?

Despite the stark ethical differences between rights and privileges, activists are readily harassed, stalked, physically abused, or murdered. Anyone guided by justifiability and morality can understand why we need to support this vulnerable population of people.

The workshop

In large part, surveillance self-defense is about technology and education. Similar to the practice of martial arts, self-defense is learned by empowering one’s self with knowledge and control over mind, body, and environment. Understanding technological threats and assets will help non-violent activists achieve their goals. To best achieve our objectives, we approached this training with the wisdom of a teacher and also the curiosity of a student. Everyone there had something to share and learn.

Our students were not tech-savvy. Many of them had cell phones that were merely recommended to them by family members or casual friends. One of them had a Windows phone, something even our technologists didn’t know if it employs storage encryption. Even though only one person was the facilitator over the course of almost five hours of training, various Seattle Privacy Coalition co-educators were participants of the training and regularly contributed facts, metaphors, and applied real-time research.

We started off by introducing the Seattle Privacy Coalition and notable facts about the organizers, like not being associated with law enforcement or intelligence services. A story was told to create some initial privacy empowerment and a statement about everyone’s right to identity-self-determination while  participating in the workshop.

We started our curriculum by highlighting the cause of risk, which can be characterized by a balance between threat and vulnerability. Throughout the workshop, distinctions were made by attributing the specifics of scenarios to either a threat or a vulnerability to best appreciate any given risk.

The first tool provided to our students was not software; it was an information resource, one regularly brought back into the dialogue. The Electronic Frontier Foundation‘s (EFF) online guide titled “Surveillance Self Defense” (SSD) was chosen to be our primary reference material. Their amazing and much needed work is where we got the name of our new program. We think that the EFF’s SSD should discuss the notion of a vulnerability, not just the notion of a threat when assessing risk regarding “An Introduction to Threat Modeling“.

Another SSD concern was the need for a preemptive list of jargon in each article. As you might notice, one of the Seattle Privacy Coalition’s goals is to provide constructive feedback to the EFF from our experiences with our activist and journalist students.

Graciously, one of our students enjoyed sharing the words of every acronym that we used to instruct with. It was a healthy reminder that our students need a lot of breakdown, which in effect, leads to a lot of segues. Seattle Privacy Coalition needs to include more subtle structure into our curriculum plans so not to spend as much time on segues. Segues created a condition where it became too easy for non-technologists to get lost. We regularly asked if everyone were comfortable with the previously discussed topic so people could easily ask questions.

Other over-arching concepts included the differences between active and passive surveillance, and also the differences between transport encryption and encrypted storage. The Seattle Privacy Coalition needs to add a section disusing a basic concept of encryption in our upcoming workshops.

The majority of our students were iOS and OS X users, which was slightly unfortunate since we don’t have any Apple users among the active Seattle Privacy Coalition volunteers. Creating power users out of Apple users was a clear challenge in our workshop, but we were able to educate on a few important self-defense tactics and operations.

Regardless of the lack of Apple iOS and OS X experience, we were able to cover many outstanding encryption tools. We only instructed on the use of open source tools made by The Guardian Project, Open Whisper Systems, and The Tor Project . We limited our tools training to these developers because of their commitment to human rights, attention to usability, and their verifiable skills at employing strong encryption through careful software development.

We covered topics like “data linkability” and applied its concept throughout the workshop. We covered notions of “metadata” and applied its concept throughout the workshop. We covered search and seizure laws and rights. We covered Washington state audio and video recording laws and responsibilities. We made sure every Android and iOS user had storage encryption enabled. We also discussed OTR advantages in light of the above chosen software tools.

We spent a lot of time talking about cell phone communication encryption as a matter of risk deterrence. We did this by covering basic cellular network infrastructure and various vulnerabilities. Discussing SS7 vulnerabilities, baseband processor vulnerabilities, and IMSI-catcher threat detection was a primary knowledge area that we think is critically important for activists.

With only five hours before everyone was completely wiped, we barely had enough time to cover the proper use of Tor. Regrettably, Tor was talked about only as a solution. We did not comprehensively discuss threats and vulnerabilities. We did not have enough time to include any hands-on exercises which we think is ideal for showing activists how easy it is to install and use the above mentioned software tools. We also were not able to talk about HTTPS or PKI, which would have been useful after a basic intro to encryption.

Lastly, while we were able to discuss contact management for cell phones, we did not discuss contact management for personal computers. In fact, while 5 hours is a lot of time, we had no time for talking about personal computer hardening aside from a few brief mentions of Tails Linux. The only attendees to raise their hands as being Linux users were those from the Seattle Privacy Coalition.

In Retrospect

Everyone walked away having learned many important things, and with a some healthy paranoia. Seattle Privacy Coalition volunteers learned a lot too, particularly about the nature of this specific underrepresented community in Seattle. The Seattle City Council is advised by the Citizens Technology and telecommunications Advisory Board (CTTAB), and in a couple months, CTTAB will be hosting a privacy symposium specifically looking at underrepresented communities that are often hurt by data mismanagement or surveillance. Activists are not only underrepresented, they’re often abused and misunderstood by capitalists, politicians, and journalists. We hope that these surveillance self-defense workshops will help our fellow residents, our city, and our perception of privacy moving forward.

Privacy & Philosophy,Privacy & Technology,Recommended Privacy Reading,Surveillance Self Defense   Add a comment

Surveillance Self Defense for Activists, January 2015

January 8th, 2015 by yawnbox

foto_no_exif

 

Greetings Seattle activists!

Seattle Privacy Coalition is starting a new workshop in Seattle called Surveillance Self Defense, a name gratefully adopted from the Electronic Frontier Foundation’s “Tips, Tools and How-tos for Safer Online Communications“. Our workshops will be free to the public but limited in space.

Surveillance Self Defense for Activists will start in January 2015 and occur every-other month. So if you miss January’s, remember that another workshop will happen in March 2015. We are also starting Surveillance Self Defense for Journalists, which will begin in February 2015.

Our first workshop, for activists, will be on Sunday, January 18. Registration is not yet open. The time, location and curriculum will be announced when registration opens next week. Curriculum will include securing your phone and computer (and related communication) for on-the-ground activists, no matter if you’re an organizer or participant.

 

There will be no form of registration that will record who is attending, so no Facebook, Meetup, or email invites of any kind. This is done to protect the privacy of the attendees. Depending on our workshop space, we will have a limit to how many people we can accommodate. We’ll know how many people to expect based on how many anonymous surveys are submitted.

Below is a set of draft survey questions that we’ll be asking each participant to answer before they attend. They have been created with the help of Internews’ SaferJourno project. We’re putting these here now just to give you an idea of what kinds of things we’ll be educating you about:

  1. Do you use a cell phone when participating in protests?
  2. What is the operating system of the cell phone that you take to protests?
  3. Select the capabilities of said cell phone:
    1. Phone calls
    2. SMS (text messaging)
    3. Data (internet access via 2G, 3G, or 4G)
    4. Bluetooth
    5. Camera
    6. Video camera
    7. (fill in the blank)
  4. When participating in protests, what communication platforms do you use?
    1. Google Hangouts
    2. Apple iMessage
    3. SMS/texts
    4. Facebook Chat
    5. Email
    6. Twitter
    7. (fill in the blank)
  5. Do you know any differences between HTTP and HTTPS?
  6. Have you used privacy enhancing tools such as a VPN or Tor, either on a computer or on a cell phone?
  7. Have you ever sent an encrypted email before?
  8. Is your cell phone password protected?
    1. Yes, with a pin number
    2. Yes, with a password
    3. Yes, with a pattern
    4. Yes, with a fingerprint
    5. Yes, with a faceprint
    6. No
  10. Is your cell phone’s storage encrypted?
  11. Do you know what an IMSI-catcher, or “Stingray”, is?
  12. Regarding the personal computer that you use to coordinate protests, what is its operating system?
  13. Have you ever had a personal computing device seized or confiscated?
  14. Are you currently a victim of active surveillance?
  15. Do you drive, carpool, bus, bike, or walk to protests?
    1. Drive
    2. Carpool
    3. Bus
    4. Bike
    5. Walk
  16. Do you use your electronic debit, credit, and/or bus card(s) before, during, or after attending a protest?
    1. Yes, debit/credit
    2. Yes, bus (Orca) card
    3. No
  17. Do you have access to a technical specialist when you have questions about digital safety tools and practices?
  18. What topics would you like to see covered at this workshop?
  19. Will you be bringing your cell phone or laptop to the workshop? We encourage you to for our hands-on training.

Please be sure to check back here next week for registration! For organizing queries, please send an (ideally PGP encrypted) email to “yawnbox at riseup dot net”. If you’re a security or legal educator and wish to get involved, please email me.

Cheers!

Privacy & Technology,Seattle TA3M,Surveillance Self Defense   Add a comment
« Previous Entries