Talk:CryptoParty

From CryptoParty
Jump to: navigation, search

Contents

Misc

News Section / Media Archive

  • Should we consider bike shedding the Media Archive Section to News? --Samthetechie (talk) 15:34, 15 December 2012 (GMT)

Code of Conduct

  • Just added a brief note on conduct, basically one principle 'Be excellent to each other', and some other things to consider. Feel free to edit etc.

Pagenames

  • Would it be more sensible for the name/address of events to include a date? Ie maybe http://www.cryptoparty.org/wiki/Amsterdam/2012/October OR wiki/Amsterdam_October_2012. This means multiple events can happen and there is a system in place to make it clear how people should do that.
    • If there is the need for that the local Partiers can do that on their own .../City page I'd say.

Encrypt Everything

  • Hey guys, just wanted to point you in the direction of a similar project some of us here at the Pirate Party of Canada have been working. at Operation Encrypt Everything we've got quite a few guides for using encryption, as well as quite a few tools for privacy. We've added you to our front page and would love if you were interested in helping with our project too. Let's share and help each other. - VicToews (awesome! thank you!)
    • (comment). About that, I'd be careful of claims such as "By getting in the habit of using good privacy and encryption practices, you can ensure that your financial records, web surfing history, conversations with friends, and photos of your loved ones are private, and not endangered by your national government, a foreign government, major corporations like Facebook or Google, or even malicious hackers." *ensure*? We all run software and the weakest link is often not the actual standard encryption algorithm. These sort of claims can get people in trouble. The road is long, the subject hard, let's try and be more nuanced. Flame: that sort of malware used an 0day in the public key infrastructure / ssl system. Installing a few cryptography tools, whilst perhaps increasing your security by several magnitudes, is perhaps necessary for protecting yourself against a government, BUT it is NOT sufficient to protect yourself against a government. Cryptography only protects certain uses. It is not a magic wand.
    • Good point. I've fixed the intro so it's less misleading. This is a good example of where mutual help could be benefitial. There are some issues on OpE^2 with people not really contributing to the project, so even just another perspective for constructive criticism is immensely helpful. Being pragmatic I think an education campaign on crypto being pushed by a pro-Internet political party is a good approach to organizing on the issue of privacy, so we'd love help from CryptoParty and we'd love to help where we can. - VicToews

Cool. I saw you changed that, great to see someone is listening :-) - djon3s

  • We are absolutely listening and if you have any other concerns with the site /please/ let us know. I added it back to the resources section because it does have useful information on it. If you dont want it on your site I wont put it back if you remove it again, but do feel free to copy anything we've put up. Additionally, I am sending CryptoParty.org to some OpenMedia.ca organizers and Pirate Party members to see if we can get some local organizing going on. I have made plans to begin organizing some crypto parties here. Additionally, we've opened up registrations on encrypteverything.ca in case anyone is interested in helping out. - VicToews

Two tier approach to teaching cryptography

Having attended a couple of get togethers now, it occurred to me that there may be a place for a two tiered approach. By that I mean a Crypto primer & then something for the next level up. For example, a talk/lecture on a given subject, truecrypt for example, and then perhaps a more hands on affair for say, GPG. I've found every crypto useful inasmuch as I've always come away with a better understanding, but there's a limit to what an amateur can do 'one out' at 0200.


Developer Resources

I think there's an opportunity to not only help everyone protect themselves, but also provide information to developers on tools and practises to help protect their users' privacy and security. For example, I wrote a Redirection Anonymiser [1] (yes, it needs SSL) and would like to share this tool with others, but it's not relevant to end users, per se. Would it be appropriate for me to add this as a section to the home page, or perhaps start a subsection of the wiki for developer resources? --Anonifous (talk) 17:09, 20 September 2012 (MIST)

That is great. Crypto dot is https://crypto.is exists just for developers working on privacy enhancing tools who want to audit or be audited. Check them out. --A (talk) 01:03, 28 September 2012 (MIST)

CryptoParty is very, but not entirely, utilitarian. My sense is that our primary focus is on providing proven anonymity tools and methods for Joe Six-Pack. That said, a subsection pointing to developer resources would probably be appropriate, both to remind people that cryptography is a large and fascinating subject, and to warn them not to roll their own... Kencf0618 (talk) 11:30, 25 September 2012 (MIST)

Front page slogans - please discuss them here first

Please do not deface the front page of this wiki with "warning" messages and slogans, without discussing them here first.

This is a global website and what may be important to you, may very well not be applicable in other countries.


CryptoParty Counter

A running count of CryptoParties which have already been held would be useful. Kencf0618 (talk) 11:01, 26 September 2012 (MIST)

Structure

If noone vetos, I would create a page named "PreviousCryptoParties" and put all the past dates there. It's a nuisance to edit the front page right now because one never really know if one edits the forthcoming or the past section...

I propose that instead of having this massive list of cryptoparties on the front page, as we do now, we create separate pages for both previous and upcoming cryptoparties and simply link to them on the main page, to reduce clutter and improve the front page's structure immensely. I'll do it myself if no one opposes it. Saicotic (talk) 07:55, 11 March 2013 (MIST)


Reducing spam on this wiki

This wiki is being heavily spammed, though mostly on user pages. An easy approach that stops about 19 out of 20 spam attempts is to download the stopforumspam.com blacklist and add it to the htaccess file on the server. Manually updating it once a month is enough to considerably reduce the amount of spam. A small script can update it daily.

For manual cleanup to be at all effective you need a few helpers who have access to the delete function. Picking some helpful users and giving them sysop rights on the wiki usually helps.

Banning users using the mediawiki interface has no useful effect. The default is that mediawiki only bans by ip address for 24hours and they come back every day and create new accounts. The spammers get new cheap virtual servers every few days to get new ip addresses.

The math problem captcha that is currently being used on new account creation is totally ineffective, spammers scripts do that one.

It's possible, but a bit of a pain to setup, to get mediawiki to query the stopforumspam blacklist every time there is a submission. ziv 08:34, 14 April 2013

Stopping Total Page Deletion Attacks

Since April 26, the cryptoparty front page has been attacked 9 times in a similar manner.

Someone creates an account (BebeLsv,Latanya09,KirkGuay,AlbertoGi,TheresaEn,AndreaV06,WoodrowDn,DedraL11,CheriEthr) Then they post a fake biography modified from a template, involving Kansas. Then they DELETE the entire cryptoparty.org front page, replacing it with two line breaks.

Most of the edits since then have been a back-and-forth spam war of Undo.

It is apparently possible to create accounts and make edits from Tor. This means the suggestion of using IP blacklists will not help, unless you blacklist Tor exit nodes! Of course it is important to allow people in Syria, etc. to make edits. However, we also need security. Clearly we need to find a solution/compromise.

Firstly we need to stop the current series of attacks, which there are many ways to do. e.g. Gross page deletion should be prevented. Then perhaps we should consider making the front page, at least, only editable by users satisfying certain anti-spam criteria, whether it be a minimum number of prior edits, a timeout after account creation, or, if all else fails, having non-Tor IPs.

The list of meetings should obviously be editable by new users. Moving the list of meetings to a separate page, or making that section have separate threshold criteria would solve this problem.

Random suggestions. If anyone has an idea that would offer site security without compromising so much openness, speed or anonymity, please float it or implement it... Let's try to not block Tor?

Thanks.

This is really getting annoying :( --Hng (talk) 23:08, 9 May 2013 (MIST)
Agreed. I don't mind rolling back the changes, but this edit war weakens our reputation. We cannot link to cryptoparty.org because we cannot be sure that the user will see the expected content. --N4SueRn4 (talk) 01:43, 15 May 2013 (MIST)
Personal tools
Namespaces

Variants
Actions
Navigation