Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] CryptoParty Handbook

Jacob Appelbaum jacob at
Tue Oct 9 04:36:51 PDT 2012

Asher Wolf:
> Re: the book edit portal - I do not have control over the platform it is
> being edited on. The handbook project was launched by people in Berlin's
> CryptoParty, and I was brought on board at a later point.

I think it isn't even clear where the portal is located. I think it
should be the first link on the web pages.

> On 9/10/12 9:30 AM, Jacob Appelbaum wrote:
>>> @samthetechie
>> Why were you offended?
>> Did you work on any of the software in the book? Did you try to help a
>> bunch of the first CryptoParty events out? 
> Sam organised and ran CryptoParty London. He stepped up when nobody else
> did. He found a venue. He asked for access to edit the book repeatedly.
> He has run impromptu cryptoparty sessions with activists since. He
> should be commended for that.

I think such efforts are commendable. My critiques about *some* of the
content in manual are not at all meant to suggest that an individual's
*efforts* aren't important.

> I did those things -
> Jacob, I'm aware you had contact with at least couple of cryptopartie,
> which is great. Your work talking about privacy, surveillance and Tor
> was instrumental in beginning the conversations that lead to
> CryptoParty. Due to the respect many people have for you, it's
> reasonable to assume events around the world would approach you to
> speak. I'm not aware that you attended a party or spoke at one yet. Can
> you advise me if this is different?

I did talk to a number of crypto parties - sadly, I did not speak at any
of the events due to time/connection constraints. I consider my
pre-event work to have been in support of the event that took place.

With that said - I reject earning, collecting and wearing merit badges
as some kind of social reward. It doesn't matter if I helped with a
specific CryptoParty before, during, or after the hours of the event. My
critique is about the *content* and not the *energy invested* or the
*intention* of the people involved. I specifically said it was a good
idea and I think it is a noble goal.

> We want your involvement, and are very grateful for your critical
> analysis so far.

I think that is amazingly frustrating but I'm glad to hear it - I think
the above statements indicate an approach to dis-empower people not
wearing CryptoParty Helper Merit Badges.

>> and you say that I should do more because I dared to not endorse it with fanfare?
> I agree that the book doesn't need any more endorsements - only critical
> analysis and editing and content revision.

> I am concerned though that some of the ways in which the conversation is
> being framed around issues with the current edition are not particularly
> productive in encouraging people to continue.

No kidding - a critique of work isn't a critique of effort or the
individual. Short of an *intentional* backdoor, anyway.

> One of the things I believe is there's only a certain number of people
> with the correct skill set and motivation to successfully pull of
> certain projects. It's important to get the process of constructive
> criticism right - otherwise interaction becomes demoralising.

I agree and I would extend the analogy against an elitist CryptoParty
vanguard - if there is only a certain number of people - we should
expand that group until it is the total number of people who have an
interest and beyond.

> I did not work on the technical aspects of the book. I cannot. I do not
> have the right skill set.

This attitude, I think, is a key issue this community and many others
face. You cannot? Or you will not?

I believe that you are totally able to learn and I think that it is very
demoralizing when people say they are *unable* or *unwilling* to learn.
That isn't to say that you will become a developer of cryptographic
protocols. It is to say that many people will need to make choices about
security and trusting a vanguard is dangerous. We're always trusting
someone and I realize that reality. I didn't write my own compiler to
compile my email client before sending this email with hand crafted
electrons... However the high level view of most of this stuff is well
within the grasp of each person - it just requires an interest and
*educational resources* that empowers *all people* to learn.

> I have fielded maybe 6 criticisms of current
> version of the book since Jacob's comments on twitter.  I've tried to
> encourage people to write their own revisions and directed the concerns
> towards @julian0liver who was with the original team working on the
> handbook when possible.

I appreciate that you're getting noise and handling it with grace. Thank

My comments were not meant as personal disrespect - I actually felt that
I was clear about my positive feelings for the effort with a serious
concern about the results.

I have worked for around a decade on these issues. I am currently in a
room in South Africa training users who wanted to dig in deep. I firmly
believe it is possible to go from a user who rates themselves as
"non-technical" and take them to a verified OTR conversation with Jabber
over Tor *without* opening a computer science book. We did it today and
English is the second language for most people in the room.

The first step is to acknowledge that we have a problem that needs
solving. In Australia, the problem according to the CryptoParty as I
understand it is the Surveillance State.

The second step is to put the energy into learning about mitigations,
positive directions, reversals that are possible and so on. We might use
the law, we might use politics, we might use technology. In all of those
cases - it starts with us and an investment of our time and with us
believing that we might make such changes in *ourselves* first.

I reject that you cannot do it - this handbook is for you - so the first
step - how do we know things in the book are good or bad? Do they make
sense? Are they true? Are they technically accurate? How do we know what
any of those things mean anyway?

Until we have self-professed people who "cannot" do these things helping
to evaluate any handbook at hand - that book probably isn't reaching the
target audience and achieving a key stated goal: empowering people
through technology.

I am more than happy to help edit the book in solidarity but not if the
goal is to preach or to argue as a vanguard. If the goal is to empower,
we will not do it by relying on such a vanguard. That is why we have so
many problems today - the vanguard is often wrong - that is why most of
the applications are badly programmed, not encrypted, log excessively,
and so on. That same kind of vanguard structure is why the laws are all
kinds of messed up.

So how will we empower people with technology? I think we will do it by
relying on you Asher - so if you commit to learn, I'll commit to
contribute. If we all work together, we'll find that we all have
something to contribute and that critiques are due all around.

I'm sorry if what I said previously was frustrating or upsetting to anyone.

All the best,

More information about the liberationtech mailing list