Don’t Miss Our Next Cryptoparty!

If you weren’t able to attend the Cryptoparty we held this month, you missed out on a lot of tools and knowledge you need in order to operate in the cyber world as part of the partisan resistance. Never fear—we’re looking to hold another one after the first of the year. They’re completely free, with food, drinks, and excellent networking and discussion, all in a very casual and laid-back environment—and they only last a few hours. In short, you have nothing to lose by attending, and everything to gain.

If you weren’t able to attend the Cryptoparty we held this month, you missed out on a lot of tools and knowledge you need in order to operate in the cyber world as part of the partisan resistance. Never fear—we’re looking to hold another one after the first of the year. They’re completely free, with food, drinks, and excellent networking and discussion, all in a very casual and laid-back environment—and they only last a few hours. In short, you have nothing to lose by attending, and everything to gain.

At the last Cryptoparty, we went over some of the beginning steps to protecting yourself, your identity, your group, and your communications. We’ll be going over some of the same in the next one, but we’ll also be expanding that and dealing with more topics. If you attend the next one, here’s what you’ll be learning:

  • What the Tor Browser is, why you need it, and some of the more interesting links on the dark web for patriots. We’ll help you get it installed, configured, and set you up with some starter links and tools.
  • What i2p is, and how it can offer you more resources on the dark web. We’ll help you get this installed and running as well.
  • Communication channels on the dark web. You’ll leave with some new ways to communicate a little more under the radar.
  • What a live operating system is, and how it can protect you. Bring a flash drive, and leave with a fully-functioning live TAILS distribution.
  • How to “disconnect” from the surveillance state as much as possible
  • How to encrypt emails. You’ll leave with a set of GPG keys…and the keys of some new contacts.
  • How to choose a VPN, email provider, and other tools.
  • Open source alternatives to the bloated, spying software you’ve been using all your life.
  • How to make your mobile device more secure.
  • MUCH more.

You owe it to yourself and to the people you work with to attend. Cryptoparties are designed for people to ask questions, to openly discuss concerns and ideas. Bring your questions, your laptops, your flash drives and external hard drives. You’ll leave with a whole host of new tools and tricks, and a lot more knowledge that will help you in your operations.

If you’re interest in attending our next Cryptoparty, email us! If you’ve got an area of expertise and are willing to share your knowledge with the group, let us know.

Don’t Use Web-Based Email Search Services for OSINT Unless…

We often use web-based email search to find information about an email address, and in some cases, to find out information about who that email address communicates with. For those of us performing open source intelligence (OSINT) research for our various groups and personal vetting, email search is pretty important. Two of the most known web-based email search services are Reverse Genie and Email Sherlock.

While the services do provide information you need about an email address, it also notifies the owner of the email address that someone in your geographical area performed that search, and gives them a copy of the information it provided to you. This compromises your research and possibly your identity, especially if the target is aware that they’re on your radar in the first place.

Obviously, having your target notified that you’ve done a search on their email address defeats many purposes.

(For a general explanation of OSINT and some of the tools available, you can start here with this paper. There are MANY more resources on the web, including here at TOWR.)

You might be asking “Well, what am I supposed to use then?” There are a few things you can try; we aren’t saying stop performing email searches. Some of the issues could possibly be averted by using a VPN for all OSINT research—and not using that same VPN server again or for anything else (there are a host of VPN servers out there, even if you stick with only one provider). Using the Tor Browser is also a common-sense given. In addition, I’d recommend doing your OSINT research from a public wifi not in your immediate area. We all love doing our work while in comfy pants and our own recliner, but doing things right is far more important than doing them conveniently.

Whatever you do, don’t stop vetting your people—and by vetting I don’t mean “checking their Facebook profile to see what they post about and if you have mutual friends.” Keep in mind that there are currently known federal agents and informants that have mutual friends with you…and might even be friends with you themselves….collecting everything you post. Remember: it only takes one mistake to compromise your entire group.

If you’d be interested in a one-day class on how to vet your people and tighten your contact networks, contact us at TOWR@whiterose.us.