Hi Anna (& list)
Unfortunately, I'm not sure that a cryptoparty quite cuts it any more, in this post-Snowden world. It all feels a little too "last year".
Besides, what would we teach people?
As the various articles have revealed, actually using PGP/GPG is simply a flag to the spooks to monitor you even more closely. Personally, I don't really trust any of the PGP versions released this century (I used DOS PGP in the 90s - as part of my job - but v3.6.3i is the last one I ever published a key for). Even Phil Zimmerman no longer uses PGP - as he stated in this interview last month: http://www.forbes.com/sites/parmyolson/2013/08/09/e-mails-big-privacy-proble... GPG might be more secure, but I've not messed with it since last year, when I found that the key generation module in GPG4Win wasn't working properly.
We've known for a while that SSL can't be trusted on mobile browsers - as the telecoms providers perform a man-in-the-middle decrypt/re-encrypt on the stream (ostensibly so they can squeeze graphics to speed up page loading - but we now know who else gets to see the "temporary" plaintext). And the latest revelations show that VPNs can be cracked, if the spooks really want to look inside.
I could even see TOR being rendered useless soon - as fewer exit nodes can be trusted (many will already be run by government agencies - the others are going to be raided one-by-one using whatever bogey-man excuse works best under the laws of the resident's country). The recent botnet surge on TOR is probably a sign of the end-times: http://arstechnica.com/security/2013/09/sudden-spike-of-tor-users-likely-cau...
Online privacy/security is a massively complex topic - and (IMO) quite a fascinating one. There are many more techniques left in the armoury - OTR could be a useful one (maybe) - but many are not developed enough yet for use by "the masses", and are more like curiosities for academic study than practical tools.
If you've not seen it, read this piece by Bruce Schneier: http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-survei...
But you are right, Anna, in that this is now a very hot topic. The Mailpile project, on IndieGoGo, is currently at 147% of its $100K funding target, with 4 days to go - and the comments show that donors are mostly concerned about email privacy: http://www.indiegogo.com/projects/mailpile-taking-e-mail-back
A cryptoparty may still be a good idea - but it might just have to be Cryptoparty Ver2 (post Snowden).
Regards
David
On 06/09/13 12:21, Anna Morris wrote:
I am wondering if, following the news today about GCHQ trying to break bank and email encryption etc, we could run a massive crypto-party in Manchester - perhaps with the peoples assembly against austerity? (they have an email list with about 800 names on, all of which could potentially be intrested)
http://www.cryptoparty.in http://thepeoplesassembly.org.uk/
Any Thoughts?
(I know very little about this stuff!)
Best
Anna