This year's FSCONS took place on November 7.-8. here in Gothenburg. I've been asked to write a brief report, so read on if you're interested in some of my personal highlights. Though I should probably warn you that I'm not really capable of writing brief reports.
This year's edition had three tracks on each day. On Saturday, they were “P2P Society”, “Biohacking”, and “Everyday Crypto”. My focus was directed strongly towards the crypto track, but some of the other topics also sounded quite interesting, such as discussions about how to spark interest in the general public in the topics of ongoing scientific research, led by the biohacking folks, or talks about Bitcoin both by enthusiastic proponents of the technology, as well as sceptics.
Anyway, in the crypto track, Hans de Raad kicked the conference off with a presentation outlining the challenges and things to have in mind when hosting services such as email, or groupware, on one's own servers (or rented “cloud” VPS), and then went on to give a brief overview of setting up Kolab, an open-source groupware alternative to the integrated bundles of services offered by Google or Microsoft.
By the way, we also had an interesting lunchtime discussion with Hans about the impact of everyone just using those cloud services run by a few huge corporations without giving it a second thought. For example, government officials, or teachers who just dump their data onto Google Docs, even documents containing personal information, or other sensitive data that shouldn't really be just sent to any random entity, especially not one whose entire business model is built around using the personal data people entrust it with to make profit by better targeting ads. Simply forbidding public workers to use such services for sensitive data by law won't achieve much, because without better public awareness, people are going to just perceive it as if the government was trying to take away the convenience of these services, because inconveniencing people is what the government does.
Moving on, Joachim Strömbergson spoke about the development of a hardware security module that is as much open-source as possible. For a tiny bit of background, a lot of people and organizations rely on black boxes for critical cryptographic applications. These black boxes are designed to make it impossible to take them apart and investigate their inner workings, which sometimes results in some very poor cryptographic properties. When using one of these black boxes, you usually just have to trust that the gadget is really as secure as the manufacturer's marketing team says, and that the government “intelligence” bodies (like the NSA) had the best interest of the customers in mind when they slapped their seal of approval on it.
The Cryptech project is working on an alternative that makes it easier for anyone to look at its innards and point out any weaknesses so that they can be fixed, thus improving security for everyone. Joachim also mentioned some interesting physical techniques of hacking these devices, involving explosives and such. Sadly, he didn't have any videos to show us, but he told us that the Cryptech mailinglist archives might contain some interesting imagery or footage.
Saturday's keynote was by Ken MacLeod, a Scottish sci-fi writer. He spoke about the role of science fiction writers in the direction of the development of new technologies, but also about the dissonance between the geeky world of crypto nerds and the common folk. Crypto nerds tend to see more encryption, and in general, better technology, as a solution to big problems that our society faces these days (like, for example, mass surveillance), while many common people see the existence of these technologies as one of the reasons why all that surveillance had to be implemented in the first place.
In the afternoon, Werner Koch, the maintainer of GnuPG spoke about the current state of end-to-end cryptography, offering us some predictions on which technologies he thinks have a future and which don't. One of the sad takeaways from this talk was that the GnuPG project is still underfunded, which, for one thing, means there aren't enough resources to iron out all the known bugs in Enigmail, which otherwise has the potential to become a very nice GnuPG plug-in for Mozilla Thunderbird.
Seth David Schoen from the EFF gave us an overview of Let's Encrypt, a free, fully-automated certification authority that's currently in closed beta. If you're running a small website, after Let's Encrypt goes public, you'll no longer have any excuse not to turn on HTTPS on your server. I would know – I have tried it a few weeks ago, and it really is a breeze. Took me all of five minutes. You're reading this very article on a website using a Let's Encrypt certificate (or at least I hope so). What's even better, Let's Encrypt announced a few days after FSCONS that they were going to open the service up to the public on December 3, which means you'll no longer have to apply for closed beta participation and wait a few days to have your domains whitelisted.
On Sunday, Johanna Berg from the Swedish National Archives spoke about ways in which the gatekeepers at libraries and archives can improve public access to historical records. She also showcased some interesting visualizations of such historical records.
Sunday's keynote speaker was Birgitta Jónsdóttir from the Icelandic Pirate Party, member of the Icelandic Parliament. She warned us that institutions lobbying for the reduction of the freedom of individuals (such as surveillance agencies) are always ready to push their agenda in the wake of large-scale tragic events. Not too surprisingly, some really bad legislation had been fast-tracked in the aftermath of various high-profile extremist attacks. Even now, after the events in Paris, you can see how the self-proclaimed “intelligence community” have been making an incredible amount of noise in support of more surveillance, and pushing for the fast-tracking of more data collection legislation, bans on encryption, and other nonsense.
This means that activists on the other end of the spectrum need to be ready for these situations, too. Not only to act as the counterweight to the pro-surveillance propaganda, but also to try to push for positive change. The sad truth is that it is much more difficult to rally people behind a cause on an average Tuesday.
Moving on, Sam Tuke shared some really exciting news from the LibreOffice project – apparently, they're on track to release versions for both Android, and for the web. I'm really hoping that suites like Kolab or ownCloud make it possible to plug the new LibreOffice into their platforms. That way, there will be at long last a fully-featured, completely open-source alternative to the office/PIM bundles offered by the likes of Google and Microsoft. Also, as a side effect, it should become possible to include LibreOffice as a component in another application.
There was also some kind of “internet of things” workshop. The Mozilla crowd had some fancy hardware to play with, but I didn't pay much attention to this. I'll take a physical switch over a voice-controlled smart bulb any day. I prefer to be able to turn the lights on and off, or to silence a ringing alarm clock even when my internet connection is down, or when there's some other problem with all those cloud voice recognition servers, thank you very much. (And I really don't think some multi-national data-hoarding corporation needs to know at what moment I turn the lights on and off at home, in addition to the terrifying amount of tracking data they already keep on file for ad-targeting purposes.)
One more thing I found interesting was one of the lightning talks, which pointed out that as an alternative to all those fancy cloud sync services (such as Dropboxes, iClouds, Google drives and whatnot), distributed filesystems have been a thing for decades now. For example, the Coda filesystem seems to be available for Linux (including Android, probably with some hacking), several BSD flavors, and Windows. Definitely something to look into if I ever find some free time.
Anyway, this was my take on FSCONS. I certainly had a blast, and if an opportunity comes up for me to attend another edition in the future, I don't think I'll hesitate.