Cybersecurity / Events / Privacy

3 lessons in online security from CryptoPartying in Brooklyn

Get a crash course in internet security this Saturday at NYC Resistor. Here's what we learned at a similar session held earlier this week.

NYC Resistor is hosting a CryptoParty on Saturday. (Courtesy photo)

Ever since the National Security Agency’s surveillance program was revealed by Edward Snowden in 2013, cybersecurity has become a more pressing topic for the average person. It’s especially gained prominence as of late, with secure messaging apps gaining popularity among political staffers (and journalists), according to the Wall Street Journal, and guidelines for securely leaking information becoming a staple on news sites from the New York Times to ProPublica.

So now seems fitting for NYC Resistor in Boerum Hill to host its first CryptoParty of the year. CryptoParties, a few of which we’ve covered in the past, are gatherings dedicated to helping people maintain security on the internet. The NYC Resistor CryptoParty, which is organized by developer David Huerta, is scheduled for Saturday, Jan. 28, from 3-9 p.m. The event will include a mix of talks and help sessions.

On Monday, I attended another CryptoParty led by Huerta at the Brooklyn Public Library. The event was organized by the Society for Environmental Journalists and designed for members of the media. Over the course of two hours, Huerta and security user researcher Martin Shelton covered the basics of password security, two-factor authentication, virtual private networks and secure messaging.

As a preview of Saturday’s CryptoParty, here are a few takeaways from the Brooklyn Public Library event, which increased the total number of messaging apps on my phone to probably the maximum I can handle.

  • There’s a good chance you’ve been affected by a data breach. Huerta introduced the attendees to a site called, appropriately enough, HaveIBeenPwned.com, which allows you to check whether any of your online accounts have been compromised. I checked for myself, and yes, I’d been pwned. So had Huerta. Given that more than two billion accounts have been breached, according to the site, it’s likely you’ve been, too.
  • VPNs aren’t all they’re cracked up to be. Virtual private networks, or VPNs, enable their users to shield their IP addresses, which signal their network locations, by appearing to log on from another location. But they don’t offer anonymity, and a badly configured one could actually heighten your security risk, Huerta cautioned. So choosing one can be tricky. Huerta pointed attendees to a guide on Ars Technica written by Yael Grauer.
  • The flap over WhatsApp is largely overblown. Recently, the Guardian published a report suggesting that the popular messaging app WhatsApp had a critical security flaw. But according to Shelton — as well as many other security and cryptography experts, who’ve signed a petition calling for the retraction of the story — that’s a mischaracterization. WhatsApp uses the same security protocol developed by the makers of another app, Signal. The apps differ in how they handle messages sent to offline numbers: if the same number becomes associated with a new phone using the app, WhatsApp will send the message to that phone, whereas Signal won’t. In Shelton’s view, though that could cause problems for a tiny fraction of users, it’s a straightforward design choice.
Series: Brooklyn

Before you go...

Please consider supporting Technical.ly to keep our independent journalism strong. Unlike most business-focused media outlets, we don’t have a paywall. Instead, we count on your personal and organizational support.

Our services Preferred partners The journalism fund

Join our growing Slack community

Join 5,000 tech professionals and entrepreneurs in our community Slack today!

Technically Media