2020 Elections: What to Expect Harri Hursti · (60 minutes)

2020 will be a consequential year of elections for many nations, but one of the most followed will be the United States. USA primaries have foreshadowed potential issues to come in the November elections. Even before COVID-19, the trial of new technology threw caucuses and primaries into the center…


75,000 FOIA Requests Can't Be Wrong: Lessons From a Decade of Transparency Spelunking Michael Morisy · (50 minutes)

Over the past ten years, transparency non-profit MuckRock has helped thousands of requesters file tens of thousands of public records and Freedom of Information Act requests to government agencies large and small. In the process, they've unveiled everything from the government's program giving loca…


A Death Blow to the Web of Trust aestetix · (60 minutes)

The PGP web of trust is broken. Actually, that's not quite right. "Broken" implies it was working at one point, and web of trust never really worked. But that won't stop us from having fun with it.

This talk will look at PGP at the protocol level, show some really glaring issues with how the web of …


A Decepticon and Autobot Walk Into a Bar: A New Python Tool for Enhanced OPSEC Joe Gray · (50 minutes)

When we see the terms "Natural Language Processing" (NLP) or "Machine Learning" (ML), often our guts are correct, and it is vendor marketing material, frequently containing FUD. After tinkering with various libraries in Python and R with the use of some OSINT and SOCMINT techniques, Joe has found a…


Advanced Wi-Fi Hacking With $5 Microcontrollers Kody Kinzie, Stefan Kremser · (60 minutes)

With the price of ESP8266 and ESP32 development boards dropping to between $1 and $5, the Wi-Fi hacking community has embraced these tools as platforms for security research. Kody will go over the capabilities of these extraordinary devices and demonstrate the community projects that take advantage…


A Hacker's Toolkit for Global Travel (Or, How to Travel Anywhere on Airline Miles) Phillip Scroggins, Marjorie George · (60 minutes)

Traveling the world can be done with little or no money if the traveler knows how to properly hack various systems for obtaining airline miles. Using miles, Philip and Marjorie have traveled to Europe, Asia, and Oceania, and, using a combination of miles and money, traveled to the Middle East. In t…


A History of Social Engineering: From Mass to Interpersonal to Masspersonal Robert W. Gehl, Sean Lawson · (60 minutes)

"Social engineering" is quite familiar to hackers. Instead of breaking through encryption or utilizing a zero-day exploit, it's often easier to get a password or network access by simply asking for it. It can be done over the phone, via email, or even in an in-person visit. The approach is often hi…


Anatomy of an Accidental Honeypot Dr. Gillian "Gus" Andrews · (60 minutes)

Gus owns a couple of Gmail accounts with very generic, common user names. Unfortunately, this means she has ringside seats to some of the worst privacy and security mistakes on the web, as everyone with these names (and everyone they know) sends email to these accounts, thinking the mail will go to…


A New Techno-Communication Style (and Meta Media) Jamie Joyce · (60 minutes)

Social media and infocomm technologies have enabled communication capabilities to scale; however, society has failed to get on the same page, and is arguably more polarized than ever. "A New Techno-Communication Style" is a technical presentation showing the research methods deployed to understand …


Ask A Sex Geek: Hacking + Human Sexuality Dr. Kit Stubbs, SX Noir · (60 minutes)

Got a burning question about sex? Curious about making your own silicone sex toys? Not sure of the difference between biological sex and gender? Wondering about dating and digital spaces? In this session, Kit "where did this b!tch get [their] doctorate" Stubbs of the Effing Foundation for Sex-Posit…


Ask the EFF: The Year in Digital Civil Liberties Kurt Opsahl, Naomi Gilens, Rory Mir, India McKinney, Alexis Hancock · (120 minutes)

Get the latest information about how the law is racing to catch up with technological change from staffers at the Electronic Frontier Foundation, the nation's premiere digital civil liberties group fighting for freedom and privacy in the computer age. This session will include updates on current EF…


Back Seat Webdriving via Browser Automation Matthew Valites · (60 minutes)

There are many reasons to automate web browsing for security purposes, from scraping websites, to request manipulation, to task automation. Staid tools like wget and curl are a good start. But the modern web is dynamic and often client-side, limiting the effectiveness of these tools. Luckily, most …


Be Kind to the N00bz: Effective Knowledge and Resource Sharing Michael G. Williams, Charlie Mewshaw · (60 minutes)

Everyone has to start somewhere, and with the constantly escalating presence of information security and hacking related news, television shows, and even academic programs, there's a whole generation coming up looking for fortune and glory as "133t h4x0rz." How our community treats these folks is g…


Beyond End-to-End Phillip Hallam-Baker · (60 minutes)

And in the plague years, the words "end-to-end encryption" were on everybody's lips. For they were using Zoom for education and commerce and their socially distanced sex parties, and suddenly became worried that a government or two might be looking in. The fact that they had been doing all the same…


Bildschirmtext Casandro · (60 minutes)

Bildschirmtext was the German version of France's Minitel. The technology and the culture both shaped the German hacker community and provides a vision for a world beyond our current mess with web services.

It's particularly important due to the so-called BTX-Hack. The Chaos Computer Club (CCC) got …


Boot Genie: Hacking and Cheating at Boot Sector Games Eric (XlogicX) Davisson · (60 minutes)

Despite legacy BIOS going away, the boot sector gaming scene is on the rise. These are x86 16-bit games intended to fit inside the 512 byte MBR (Master Boot Record) space. Despite these limits, you'll find playable clones of games like PacMan, Invaders, Arkanoid, Flappy Bird, Snake/Nibbles, a rogue…


Borders and Biometrics: Boundaries of Computer of Vision Charlie Meyers · (50 minutes)

Machine learning has been rapidly adopted by law enforcement as a way to justify sentencing, policing focus, and border control. In particular, facial recognition technology has been deployed around the world through massive surveillance networks, public/private ‘fusion centers,’ and cloud tools th…


Brain Backups: What's My Brain Got to Do With Me? Russell Hanson · (60 minutes)

Imaging the human brain has remained one of the most outstanding scientific and technological challenges. With 86 billion neurons and an inter-neuron distance of one micron to 1/10 of a micron, developing technology that allows imaging the entire human brain in vivo at the so-called connectome-scal…


Censorship Is No Longer Interpreted as Damage (And What We Can Do About It) Michal "rysiek" Wozniak · (60 minutes)

In 2020, the Internet no longer interprets censorship as damage. Countrywide targeted web blocks are in effect everywhere from the Azerbaijan to Zimbabwe. TLS SNI-based blocking is deployed in places like Kazakhstan. And the only "solutions" seemingly on the table lead to further centralization via…


Clearview AI: The Shady Company Tracking Your Face Online Freddy Martinez · (60 minutes)

Over the last year, Freddy has been involved in investigating the use of facial recognition technology in surprising places, including in counter terrorism fusion centers. Primary documents became a front page exposé on Clearview AI, a secretive surveillance company that is scraping billions of ima…


Combating Disinformation and Tribalism Through Media Michael Morgenstern · (50 minutes)

Social media has created a balkanization of conversation. Trapped inside our filter bubbles, the walls between us have solidified and our narratives and identities can be hacked. How do we change our discourse to create new narratives? In September, Michael will be releasing a movie in a completely…


Cybersecurity and Clown J.M. Porup · (60 minutes)

Charlie Chaplin once said to be truly funny, you must take out your pain and play with it. How can we use comedy to address the anxiety and despair in cybersecurity? J.M. is a cybersecurity reporter, security engineer, and comedian exploring how to make our gaze into the abyss ye mighty and despair…


Defend Your Own System Through Binary Recompilation David Williams-King · (60 minutes)

Software distributors typically provide software in binary form to end users, yet many DevOps activities from performance profiling to security hardening are difficult to perform without access to source code. Furthermore, significant defenses such as the recent Spectre mitigations often require co…


DHS BioWatch: A Failure of Oversight and Accountability Dr. Harry Jackson · (60 minutes)

BioWatch is the nation's response to HSPD 10 (securing the nation from acts of bioterrorism) and HPSD 21 (public health and safety) managed by the Department of Homeland Security (DHS). It has been funded in excess of $1 billion over the past ten years. It has a controversial past of declaring fals…


Disgusting Secrets of Real Hardware Zach Freedman · (50 minutes)

Debug ports with root shells, gaping security holes, and lazy copy-and-paste circuitry lurk within your electronics. Overcome your impostor syndrome with these eye-rolling, groan-inducing tales that show how low the bar can go.

In this humorously pragmatic session, prototype developer Zack Freedman…


DIY Learning COVID-19 Jiang Xueqin · (60 minutes)

COVID-19 has exposed the major failings of the world's school systems, mainly how schools are failing to prepare students to learn on their own. In this talk, China-based educator Jiang Xueqin explains how, with a learning journal, students can master the skills necessary for lifelong learning duri…


Empathy, Equity, and Sex/Tech at the Margins Dr. Kit Stubbs, SX Noir · (50 minutes)

When we think about hacking or building sex/tech, it's easy to focus primarily on how we, as individuals, relate to it: "Am I and/or my partner(s) having fun with this?" Whether we're thinking about toys, apps, websites, or something else entirely, it's also important to consider the perspectives o…


Experiences in Sharing Digital Security Workshops in an Autonomous and Open Hackerspace in Mexico Carlos Martinez · (60 minutes)

This is a talk about the conditions in a very large city where a group of people who support this hackerspace have already made possible seven years of activities related to free software, free culture, hacking, digital security, and book presentations. Carlos will talk about the conditions that we…


Fake Faces Chris Landreth · (60 minutes)

In the last two decades, CG character animation has become a victim of its own success. Twenty years ago, recreating human beings in virtual 3D space was a fantasy, the Holy Grail of computer animation. Today, that fantasy is a reality that surrounds us in films, games, and TV commercials. A conseq…


Fakes Aren't Funny -- or Are They? Tom Keenan · (60 minutes)

The tools to create fake images are in the hands of the masses! From PhotoShop to InDesign to DeepFace Lab and Zao, you can make anyone say anything. Want a free drink on the plane? A simple editing on your self-printed boarding pass might do the trick (don't try this please!).

This talk will explor…


Fight Back Against Stalkers Online: Tips for Everyone The Cypurr Collective, David Ruiz · (60 minutes)

While the news is full of stories about government and corporate surveillance online, we don’t hear as much about online stalking. Digital stalking is a huge and fast growing problem. Android stalkerware apps increased by over 300 percent in the first eight months of 2019. The consequences of onlin…


Free as in Dirt: In Pursuit of Truly Open Source Physical Objects Dominic Muren · (50 minutes)

More than a decade ago, the democratization of 3D printers and CNC 2D cutters using lasers and routers brought with it a lot of breathless theorizing that mass customization and bespoke local production of objects would make global supply chains a thing of the past. Though these machines have chang…


From Cyber Stalking to Spyware - What Do We Know About Stalkerware in Intimate Partner Violence Situations? Jay Neuner, Thomas Bermudez, Maddalena Esposito · (50 minutes)

Surveillance technologies are becoming more and more accessible, providing the general public the ability to track, monitor, and control others. These systems are particularly dangerous to victims and survivors of intimate partner violence (IPV). Perpetrators frequently use so-called "stalkerware" …


Hacker:Hunter Rainer Bock, Lara Maysa Ingram · (50 minutes)

Hacking is a mystery to television and film producers. Efforts to get (serious) films about hacking often fail because commissioners don't understand the topic, have preconceived notions about hacker stereotypes, and believe the complexities and intricacies of "cyber" are too difficult to translate…


Hackers and the Arms Race for Privacy David Sidi · (60 minutes)

To create conditions favorable to privacy that last, hackers need to go on the offensive. The march of innovation in attacking privacy protections is ongoing, advanced by very well-resourced actors; to respond to new privacy attacks with new defenses is to perpetuate an arms race that disfavors pri…


Hackers and the Gnostic Tradition The Tarquin · (60 minutes)

Hackers and hacker culture are usually portrayed as being novel, with even the earliest proposed dates for "hackers" as a cultural group only going back to the 1960s or so. This talk will examine hacker culture in light of earlier cultural movements for whom knowledge and information were morally s…


Hackers Got Talent (1) Jason Scott · (120 minutes)

Do you have a cool talent or hack? Here’s your chance to present it to a planet of enthusiastic hackers, hosted in two parts on each Saturday of HOPE (2200 EDT on the speaker track) by hacker archivist Jason Scott. Rules, regulations, and how to sign up will all be announced. If you’ve got somethin…


Hackers in a Post Roe v. Wade World Maggie Mayhem · (50 minutes)

As the war on abortion gains momentum and the future status of Roe v. Wade is in question, it becomes imperative that the knowledge of how to safely terminate a pregnancy be protected and effectively disseminated to those in need. Although abortion is a common and safe medical procedure, political …


Hacking a Foreign Lawsuit: Project Gutenberg's Experience, and What It Means for You Greg Newby · (60 minutes)

What happens when your organization is based in the United States and is brought to court in another country for copyright infringement? This is the story of when this happened to Project Gutenberg, a free online library founded in 1971. The lawsuit was brought by a German publishing company for 18…


Hacking a Human Mind in Conversation: Penetrating the Conscious Mind's Critical Factor to Elicit a Desired Response Josh "Peon" Patrick Paulton · (60 minutes)

In this presentation, attendees learn how to hack the mind of a Homo sapiens target in conversation. Advanced understanding is presented of how humans' conscious mind critical factor works, and can be exploited in targeted social engineering. The critical factor is a part of the conscious mind that…


Hacking Cancer: A Personal Odyssey With Death Karamoon · (60 minutes)

The kindly doctor says something you never want to hear; "I'm so very sorry to tell you it's terminal." What the actual fuck do you do?

Karamoon heard those very same words in July 2016. Aged 36 with two young kids, he was diagnosed with Stage 4 (terminal) colon cancer. Due to the level of spread to…


Hacking Enigma: The Real Story of the "Imitation Game" and Alan Turing Tom Perera · (60 minutes)

The German military used Enigma cipher machines to encode all of their important communications. The breaking of these Enigma codes is credited with shortening the war by two years, saving thousands of lives, and perhaps keeping Hitler from developing the atomic bomb. This talk will explain in deta…


Hacking Fake News: How Hackers Can Help Fact Checkers Christopher Guess · (60 minutes)

Fact checkers around the world are overrun. There's too much misinformation, too little time, too little data, and stakes that are too high. Hackers can help. Fact checking focuses on systems, on analysis and deconstruction, on bypass, on verification and hardening. Sound familiar?

Christopher will …


Hacking ISO Shipping Container Corner - Mobilizing a TEU in a Way You Never Imagined Yoshinari Nishiki · (60 minutes)

Shipping containers are a backbone of our civilization, being involved with 90 percent of all the products that circulate around the globe today. The 20-foot equivalent unit (TEU) contributed a significant cost reduction in the handling of goods by introducing intermodality for freight transport. M…


Hacking Society, Hacking Humanity Bruce Schneier · (60 minutes)

A hacker mindset is essential to understanding the security of complex technological systems. This way of thinking applies much more broadly: not only to socio-technical systems but to purely social systems as well. Tax loopholes, for example, can be understood as hacks of the tax code. Disinformat…


Hacking Web Servers to Make Them More Secure and Faster Using Open Standards Dan York · (50 minutes)

So how can you be out there promoting open standards like TLS and IPv6 if your own websites don’t support these standards? Shouldn’t there be step-by-step recipes out there (or default configurations) that just make this easy? In this talk, Dan will dive into how the Internet Society fixed its mult…


Hacktivism Rides Again Joseph Menn, Oxblood Ruffin, Omega, Javaman · (60 minutes)

The publication of the definitive history of hacktivism pioneers Cult of the Dead Cow in mid-2019 renewed interest in the influential group and inspired members and others to revive the mission that cDc defined two decades ago as hacking for human rights. For this panel, three stalwarts in the grou…


HomeBot is Alive! Building a Wi-Fi-enabled, Cloud-based, Tweeting, and SMS-ing Arduino Water Leak Detector - A Basic DIY Project Story Jason Garbis · (60 minutes)

It all began when Jason’s home water heater started leaking. This led him down a path of learning and discovery, ultimately resulting in a basic but well-connected set of home water leak sensors. In this session, he will recap his experiences and journey around Arduino programming and electronics, …


HOPE 2020: How We Did It · (50 minutes)

The HOPE 2020 conference was re-launched as an entirely online event, leaving just a few months to decide on all the needed infrastructure, software, services, and support. Presenters needed to adjust their plans to utilize the online platforms, and attendees found themselves participating via comp…


How Asian Makers Unite During COVID-19 (Practices From Japan, Malaysia, and China) Takasu Masakazu, Shee Jin, Rockets Xia, Rachel Zhang · (60 minutes)

The maker community has always been a supportive and safe harbor when something unexpected happens, like COVID-19. The community in Japan, Malaysia, and China have done many things to unite and stay strong mentally, also creating many projects of social value to give back to the society.

In this ses…


How Much Food Coloring Can Your Robot Handle? An Intro to Poisoning Machine Learning Systems Corbin Frisvold · (60 minutes)

Machine learning has lately hit the buzz word spotlight. Finding both practical and impractical applications in fields from neuroscience to information security to... ranking bachelor contestants? This talk will cover some of the basics of manipulating and evading machine learning systems of all ki…


How to Hack Your Way in a Comedy Show Roni Carta (Lupin) · (60 minutes)

This talk is going to be about the world of Google dorking and how to use other tools like Shodan to perform passive reconnaissance. Roni will show techniques and share stories from within that universe. Dorking is an old technique that dates back to the early 2000s. However, most people aren't usi…


How to Turn Your Hacking Skills Into a Career Orson Mosley, Naz Markuta, Tom Kranz · (60 minutes)

As hackers, we all have unique skills and abilities that are in huge demand globally. But cybersecurity can be a tough industry to break into, and the acronym soup of qualifications and certifications can make it difficult to work out how to get started.

Orson, Naz, and Tom will present a discussion…


How Your Mobile Phone Is Tracking You - and How to Fight Back TProphet · (60 minutes)

Most people know that the government can track you via cell site location and e911 data, and that social networks have extensive location tracking capabilities. However, fewer people are familiar with the shadowy world of location tracking via data brokers and apps. Learn how simply giving a busine…


Hunting Bugs in Your Sleep - How to Fuzz (Almost) Anything With AFL/AFL++ vr0n · (60 minutes)

This is a “part one” talk on exploitation detailing how to get started with AFL to find bugs (usually memory corruption vulnerabilities). Finding bugs in a program gives you the opportunity to research further potential vulnerabilities and exploitation. It’s really that simple. vr0n will show how t…


Hybrid Attacks - Becoming the Stainless Steel Rat Eric Michaud · (50 minutes)

In our dystopian present, the digital world is enmeshed with the physical. Security controls once made of steel are turning into silicon and copper wire. Door locks are being replaced by key card access, car keys replaced by electronic fobs, and "wallets" are digital files which store your cryptocu…


Inside Job: Exploiting Alarm Systems and the People Who Monitor Them Nicholas Koch · (60 minutes)

Alarm systems are a staple of businesses nationwide. When you walk into a building, the door contact separates, making the alarm panel chime. The motion detector sees you... but what about what you don't see? The person in the central station getting a ping and looking at the signals, calling the o…


In the Beginning · (50 minutes)

A look at what's ahead as HOPE 2020 begins....


Introducing *DAS: A Framework for Certifying Hacker Knowledge Dana Gretton · (60 minutes)

Hacker knowledge is open to all, community-backed, and defies regulation. All education could be enhanced by these unique strengths, but they also represent challenges: How can we build trust in excellent hacker knowledge sharing? How can we start to style all education after hacker learning, while…


Introduction to Locksmithing The 703 Locksport Crew · (60 minutes)

Many "hacker" / infosec conferences have talks and workshops that cover lockpicking. However, the adjacent skills of locksmithing remain underexplored. This talk/demo seeks to focus on the following topics:

- explanation of basic locksmithing tools (re-pinning kit, plug followers, calipers, etc.);

- …


Intro to Game Hacking on the NES leethacks, stakfallt · (60 minutes)

The Nintendo Entertainment System features the Motorola 6502 CPU. This presentation serves as an introduction to the 6502 instruction set and features an overview of how the Game Genie works, memory hacks, and how to use techniques like write-breakpointing to further analyze and edit instructions. …


Irregulators v FCC: The Trillion Dollar Broadband and Accounting Scandal Bruce Kushnick · (50 minutes)

In 2018, Bruce presented a HOPE talk on how America was supposed to be a fiber optic nation where the telecom pipes were supposed to be open to all forms of competition. Customers paid over half a trillion dollars to make this happen by 2018 - and that was the low number. Through mergers and the ta…


iWar and Information Warfare, the Next Phase of Internet Motility: Manipulation Inherent to the Internet's DNA Alexander Urbelis, Roel Schouwenberg, Daniel Nowak · (60 minutes)

Information warfare, disinformation, and propaganda have persisted since the beginning of recorded history. Much like many of the world's oldest professions (espionage and sex work), information warfare has come under a variety of names and agendas. And much like espionage and sex work, information…


Keynote: Cindy Cohn Cindy Cohn · (50 minutes)

The digital rights movement started with the founding of EFF 30 years ago this summer. Let's take stock of where we are, what we've accomplished, which fights are still ongoing, and which are currently red hot (looking at your encryption). But then let's talk about where we go from here. We can onl…


Keynote: Cory Doctorow Cory Doctorow · (50 minutes)

We Used to Have Cake, Now We've Barely Got Icing

When free software licensing was born, software copyrights were essentially nonexistent, software patents didn't exist at all, terms of service weren't enforceable and there was no anti-circumvention law. In other words, you were legally permitted to…


Keynote: Flavio Aggio Flavio Aggio · (50 minutes)

COVID-19 Cybersecurity Attacks

Cybersecurity technologies to identify, protect, detect, respond, and recover are extremely important, but not sufficient. HumanOS upgrade is required to safely use the Internet and it is not only about training and awareness. It is about the way users must behave onl…


Keynote: Idalin Bobé Idalin Bobé · (50 minutes)

Keynote by: Idalin Bobé


Keynote: Jaron Lanier Jaron Lanier · (50 minutes)

Keynote by: Jaron Lanier


Keynote: Libby Liu Libby Liu · (50 minutes)

Keynote by: Libby Liu


Keynote: Richard Thieme Richard Thieme · (50 minutes)

Now More Than Ever: The Hacker Revolution Meets the Pandemic

A quarter century ago, Richard began addressing the impacts of the hacker revolution on the human inside the machine - how it would transform our lives, our thinking, our work, our identities. He was describing the "digital revolution" as…


Keynote: Tiffany Rad Tiffany Rad · (50 minutes)

Keynote by: Tiffany Rad

As the daughter of a former case officer, Tiffany's father taught her about electronic and physical security at an early age. (He had a lockpick set that rolled out of a canvas case and looked like a surgeon’s precision tools.) She grew up hearing stories about “sneaks,” as …


Keynote: Yeshimabeit Milner Yeshimabeit Milner · (50 minutes)

Keynote by: Yeshimabeit Milner


Launching the Cyrillic IDN TLD as the first Internationalized Domain Name in the World Dr. Yulia Ovchinnikova · (60 minutes)

This talk will cover the birth of the Russian domain space (.RU), its evolution, and how it addressed challenges such as creating/managing non-Latin international domain names (IDN) starting with the first Cyrillic domain (a pioneering ICANN program) and de-monopolization of the Russian domain busi…


Let's Have a Board Level Talk (i.e., Hardware Interface Boards) Bruce Barnett · (60 minutes)

This talk provides an introduction and survey of existing and future boards used to interface and reverse engineer electronic equipment. These are boards that allow your computer to interface to the protocols used in embedded computers, such as UART, I2C, SPI and JTAG, and SWD.

If you want to know m…


Librarians and Crisis Response: The Case of COVID-19 Maker Response Alex Gil, Madiha Choksi, Moacir P. de Sá Pereira · (60 minutes)

On Thursday, March 19, 2020, Dr. Pierre Elias, a Columbia University cardiology fellow, reached out to Research and Learning Technologies librarian Madiha Choksi to utilize the Columbia University Libraries' 3D printers to produce supplemental face shields. Within a few days, she had optimized an e…


Makerspaces Hacking the Space Industry by Enabling Effective Cross-Industry Collaboration and Enhancing the Space Workforce Development Nancy C. Wolfson · (60 minutes)

"Space belongs to all," we often hear. However, most people do not relate their lives to space. The Outer Space Treaty was signed on 27 January 1967. Article I of the Space Treaty says "The exploration and use of outer space including the Moon and other Celestial Bodies, shall be carried out for th…


Meet the EFA: A Discussion on Grassroots Organizing for Digital Privacy, Security, Free Expression, Creativity, and Access to Knowledge nash, Abi Hassen, Emilie St-Pierre, Elliot, Freddy Martinez · (60 minutes)

Founded by the Electronic Frontier Foundation (EFF), the Electronic Frontier Alliance (EFA) is a grassroots network of community and campus organizations across the United States. Join representatives from the EFF, and EFA affiliated groups, for this panel discussion on community-based tech advocac…


Mobile First Digital Identities and Your Privacy Alexis Hancock · (60 minutes)

"Mobile First" is more than a web developer's mantra chanted from 2010. It also means that many people now visit websites and use services from their mobile devices more than on laptops and desktops. Recently, several proposals and published models for establishing big parts of our lives through ou…


No One Can Predict the Future Xiaowei Wang · (60 minutes)

This talk is about the rural-urban connections of tech in the Chinese countryside, and the impacts of tech on rural areas that are increasingly globalized. Xiaowei will tell the story of their visit to a police station in the city of Guizhou, and how they talked to a police officer about the implem…


On Computational Law: Why the History of Computing Could Be the Future of Law Meng Weng Wong · (60 minutes)

The government of Singapore recently bet ten million dollars on a research program to develop an open-source domain-specific language - for law. This talk explains why, and introduces lesser-known corners of computer science (like formal methods, controlled natural languages, and logic and constrai…


On Doing Good Enough Mek · (60 minutes)

We're facing pretty difficult times and many in our communities are struggling. COVID-19, unemployment, racial inequality, turbulent politics, and the psychological stresses of shelter-in-place all conspire to form a perfect storm. If there is a silver lining, it's that there too are a multitude of…


One Ring to Surveil Them All: Hacking Amazon Ring to Map Neighborhood Surveillance Dan Calacci · (60 minutes)

The wealthiest company on earth now controls one of the U.S.'s most pervasive and complete video surveillance networks of public space, marketed as a personal and community safety tool: Amazon Ring. These doorbell cameras record public streets all day, every day, and make footage available to local…


OSINT of Facilities by Physical Reconnaissance Bill Graydon · (60 minutes)

When hacking a physical facility, intelligence is key. Knowing the internal layout of a building will assist in identifying and accessing targets as efficiently as possible and anticipating security measures. In addition, for effective social engineering, it helps to know where you're going. This t…


People Are Not Bots - or How Researchers Delegitimize Social Movements Michael Kreil · (60 minutes)

At first, it didn't sound wrong. Scientists were going to track down social bots using scientific methods in order to study their influence on public debates. But a deeper look into the research shows that it is anything but scientific.

Researchers work with wrong claims and flawed methods. Algorith…


Pick Better Fights With Your Boss Nada O'Neal · (60 minutes)

There's nothing worse than being right all the time, but having no power to persuade or make change. In this talk, Nada will show you how to talk to the suits in your work life, first about mundane matters like software purchases and info security, and then about what we really care about: violatio…


Polygraph "Tests" and How to Beat Them George Maschke · (60 minutes)

Polygraph or "lie detector" testing has long been discredited from a scientific standpoint. Yet it has been embraced by the United States government for decades, and in 2020 it is the centerpiece of American counterintelligence policy.

Employees and contractors of such agencies as the CIA, NSA, FBI…


PolySense: Reverse Engineering Flex Sensors, and Destroying Your Kitchen With Chemistry for Electrical Functionalization of Everyday Objects Cedric Honnet · (60 minutes)

PolySense is a fabrication process that adds electrical functionality to various materials. Using this method, you can, for example, create clothes which measure your body movement, or gloves which heat your hands. PolySense might find application in VR by creating thin, breathable gloves with prec…


Portal to Tesla's Wardenclyffe Lab Marc Alessi · (50 minutes)

Explore the wonders of Wardenclyffe, the historic laboratory built by science visionary Nikola Tesla, where he engineered a colossal 18-story wireless transmitting tower and conducted experiments that still evoke questions and controversy over a hundred years later. Presenter Marc Alessi, executive…


Power to the People: Effective Advocacy for Privacy and Security Aelon Porat · (60 minutes)

Whenever a co-worker's password is cracked or someone's intimate pictures are plastered online, we roll our eyes and laugh at the idiot. We lose patience when the commoners don't understand the implications of search engine companies diversifying into home automation and genetic testing. We still c…


Practical Solutions for Internet Routing Security and DDoS Mitigation Dr. Olaf Kolkman, Dr. Kotikalapudi Sriram · (50 minutes)

This talk will review a range of solutions for Internet routing security and distributed denial of service (DDoS) mitigation. The solution methods include RPKI, route origin validation (ROV), BGP signaling for mitigation of route leaks, enhanced feasible-path unicast reverse path filtering (EFP-uRP…


Pricing and Mapping the Underground Economy: An Analysis of Contracts on the Biggest Online Hacking Forum David Hétu · (60 minutes)

Hackforums is known as the script kiddie forum of hacking where most up and coming hackers drift to. Past investigations have shown, however, that many established hackers are still very much active on the platform and use it to transact illicit goods and services. This presentation builds on the c…


Principles of Digital Autonomy Karen Sandler, Molly de Blanc · (60 minutes)

We have rights with respect to our technology. These rights are imperative to ensuring our digital autonomy: our right to be in control of our own destinies. As the border between the physical and the digital breaks down, it is increasingly becoming necessary to reexamine what we consider to be the…


ProjectMF 2.0 with NPSTN Dylan Cruz · (60 minutes)

ProjectMF was originally started by Phiber Optik in 2006. ProjectMF 2.0 is an adapted version that is compatible with the latest versions of Asterisk (an open-source telephony toolkit), compatible on all hardware with no software recompilation or hardware modifications. It is a self-contained piece…


Quantum Encryption Robin Wilton · (50 minutes)

Every so often we see another headline announcing a major breakthrough in quantum computing, often accompanied by breathless warnings of the death of encryption as we know it. How real are these claims? Is encryption really doomed? How is quantum computing a threat anyway, and is there anything we …


QubesOS for Organizational Security Auditing Harlo Holmes · (60 minutes)

Many members of the international Internet freedom community perform organizational security audits for non-profits, media organizations, and small NGOs in need. These services are by no means full-fledged penetration tests, but they effectively respond to a specific need for affordable and achieva…


Reform or Expire? The Battle to Reauthorize FISA Programs India McKinney, Andrew Crocker · (60 minutes)

On March 15, 2020, Section 215 of the PATRIOT Act - a surveillance law with a rich history of government overreach and abuse - expired. Along with two other PATRIOT Act provisions, Section 215 lapsed after lawmakers failed to reach an agreement on a broader set of reforms to the Foreign Intelligenc…


Resistance to NSA-Level Global Adversaries With the Nym MixNet Ania Piotrowska · (50 minutes)

Anonymous communication networks, such as Tor, are vital to maintain our privacy against adversaries that can monitor our network traffic to collect metadata like IP addresses. However, Tor does not defend against global passive adversaries that can observe the input and output of the entire networ…


>RFC 1984 - or Why You Should Start Worrying About Encryption Backdoors and Mass Data Collection< Esther Payne · (60 minutes)

How do we slay the Hydra of mass surveillance?

We live in a time where citizens put data into commercial, health care, and government systems to access services. Some services are only accessible online. From CCTV to Facebook, people have little understanding of why mass collection of data is dange…


Ring's Wrongs: Surveillance Capitalism, Law Enforcement Contracts, and User Tracking Bill Budington · (60 minutes)

Throughout the last few years, the Ring smart doorbell has been purchased by many residents with the idea that it will keep their homes safer. But Ring, the company owned by Amazon that produces the Ring doorbell, does a lot more than simply monitor your home for you. It has forged secretive partne…


Saving Hacking From the Zaibatsus: A Memoir The_Gibson, The Doctor, Kirk Strauser, R¥, Alice Rhodes (c0debabe) · (60 minutes)

Your data is not theirs to own.

With the advent of centralized social networks in the mid-2000s, all culture became consumed by the giants. Those giants then proceeded to sell your information, your privacy, and even our nations. Yet they still trudge on, much like John Perry Barlow's weary giants o…


Secure or Get Compromised: Unveiling the Web Security in IoT Devices Dr. Aditya K. Sood · (60 minutes)

Threats in IOT space are increasing on an exponential scale. One of the most stringent issues encountered in IoT devices is the management and deployment of embedded web servers and security controls associated with them. A number of security flaws exist due to the inability of imposing strong auth…


Securing a Remote Workforce in the Face of COVID-19 and Planning for the Future Christopher M. Flatley · (60 minutes)

As the world quickly adapted to the move to a remote workforce, it became clear which companies had prepared proper DR plans, and which were making quick decisions. We have seen many examples where these quick decisions sacrificed security for functionality. Christopher will discuss the obstacles t…


SE for Introverts: A Proposed Handbook Edward Miro · (60 minutes)

Many books about social engineering presume the reader has a minimum level of social ability. In this talk, Edward provides his solution for enabling those of us on the more introverted side of things to make the skills taught in popular SE education more relevant and actionable. He will introduce …


Sex, Big Data, and User Autonomy Keegan Rankin · (60 minutes)

This talk will describe four mechanisms by which the big data paradigm degrades user autonomy:

1) Sensitive data is being aggregated without transparency and without meaningful consent from users;

2) Search functions and algorithms, content recommendations, and ads expose users to unwanted and potent…


Sex Work as Artistic Practice: A Discussion on Creativity, Digital Freedom and Mutual Aid in the Age of COVID Lena Chen · (60 minutes)

Through the lens of an artistic practice that combines sex work and performance, Lena will discuss the impact of the COVID-19 pandemic on sex worker communities, best practices for mutual aid organizing, and threats to digital freedom which concern sex workers, activists, and the public at large.

Ma…


Signalbots: Secrets Distribution and Social Graph Protection for Activists Sarah Aoun, Josh King · (60 minutes)

Signal is currently one of the most useful and widely-adopted tools that we have for secure communication amongst activists, journalists, and human rights defenders. The New York Times recently reported that in the first week of June 2020, on the onset of protests and marches that swept through the…


Solarpunk, Cyberpunk and Popculture: Technological Narratives tl;dr Pawel "alxd" Ngei · (60 minutes)

The western culture offers a very distilled narrative on what technology is and who builds, owns, and profits from it. Most non-technical audiences are unaware of how subjective this perspective is - and how strongly it favors well-marketed multinational corporations over local solutions. This talk…


Source Code to the Human Mind - The Science Behind Social Engineering Christian McLaughlin · (60 minutes)

Social engineering is one of the hottest talked about topics at conferences around the world. What makes social engineering so popular and why is it so successful? Why is social engineering so dangerous? In this talk, Christian goes beyond discussing popular techniques and exploits that are used in…


Stop Botting My Baby: How to Protect Your New Streaming Platform from Malicious Automation Randy Gingeleski · (60 minutes)

The launch of HBO Max yielded a lot of attention, though some of it was unwelcome. Credential stuffers, content scrapers, and trolls lined up to test this infant streaming platform. You'll hear how such threats were mitigated - sparing the app from media turmoil - plus maybe how to write your own (…


The Battle for Our Emotions... Control the Narrative, Control the People Oryx/Sarah Kraynick · (60 minutes)

Information has a profound effect on the population of a society. Controlling the information the populace sees can have a huge impact. We saw this in 2016, and continue to struggle with mis/disinformation.

Society has gone down a path that is ever becoming more bleak. Governments and society as a w…


The Election System - Can We Fix It? Yes, We Can! BiaSciLab · (60 minutes)

As security experts around the world have proven, our voting equipment and infrastructure are very vulnerable to multiple types of attacks. Instead of focusing on problems and broken things, this talk will focus on simple fixes that vendors and governments can put into action right now.

Starting wit…


The Hackbase Revolution Liam Kurmos · (60 minutes)

This talk looks at the hackbase movement and its potential to change the world by building a new economy through hacking and co-living. Hackbases are residential hackerspaces, of which there are currently only a few in Europe. Liam will look at the challenges faced by hackbases from the experience …


The Pocket Organ: An Open Source Musical Instrument Thomas Tempe · (60 minutes)

If you were to name three instruments, chances are they would all be over 300 years old. If not, then their user interface would be inherited from centuries past. They need to make beautiful sound while bearing archaic manufacturability constraints. They might be terribly difficult to learn, and pr…


The Privacy of 100+ Million Children, Families, and Young Adults Is Unprotected Dr. Travis Paakki · (60 minutes)

School districts throughout the United States suffer from notoriously poor information security. This is at a time when school district spending on technology is at an all-time high. Why is this? The public assumption that K through12 information security has kept pace with the rest of society is w…


The SecureDrop Journalist Workstation: Handling Anonymous Submissions With Qubes OS Mickael E. · (60 minutes)

The SecureDrop whistleblowing platform has become the de facto standard among news organizations for communicating with anonymous sources and accepting highly sensitive leaks, and is used by over 70 media organizations worldwide. The system was co-created by the late Aaron Swartz and first announce…


The U.S. Maker Response to COVID-19 Johnny Xmas · (50 minutes)

The U.S. government has become world famous for actively ignoring the inbound COVID-19 pandemic, opting to disband the NSC pandemic team which had been directly and recently trained to respond to these issues, splintering them into other roles. The new Directorate for Global Health Security and Bio…


The Wonderful World of Cocktail Robotics Johannes Grenzfurthner · (50 minutes)

Johannes has been co-organizing the world's leading cocktail-robotics festival, Roboexotica, for two decades. In it, he's seen a lot of inebriating and ingeniously designed machinery. This annual event brings scientists, researchers, computer experts, and artists from all over the world to Austria.…


Trust, but Verify: Maintaining Democracy In Spite of Информационные контрмеры Allie Mellen · (50 minutes)

There are many important elections this year. As you read this, Russia is already disrupting them.

When we talk about election security, most people think of hacking voting machines. But what about other cyber methods and means of disrupting an election? What can nation state threat actors do today,…


Twenty Years of Scary Technology: City Tech's "Gravesend Inn" John Huntington · (60 minutes)

City Tech's entertainment technology department has been presenting the "Gravesend Inn," a haunted hotel, for more than 20 years with annual attendance now typically around 6000. The system has evolved from the early days of manually operated systems and a few discrete control elements to a complet…


Updates on I-star Organizations From the Bullshit Police Amelia Andersdotter, Mehwish Ansari, Daniel Kahn Gillmor, Mallory Knodel, Juliana Guerra · (50 minutes)

A panel of experts, technologists, and lawyers will give an update on several I-star organizations, namely ICANN, IETF, IEEE, and ITU. Short presentations will touch on the major controversies in each space as they relate to human rights, namely freedom of expression and the right to privacy. Quest…


Weaknesses in Security Testing Brice Williams · (60 minutes)

Automation in security testing is critical to secure the rapidly growing amount of software being developed. As much as you might be led to believe that security tools have this covered, there are clearly areas that current solutions have challenges with. SAST, DAST, IAST, RASP, etc. tools all have…


Weeding Data Space Joel Austin, Kwan Q Li · (60 minutes)

As an ongoing investigation which unpacks the dehumanization conspiracy of growing data domination, this spatial research will leverage on the turmoiled case of Hong Kong, as a highly idiosyncratic context, to illustrate how the unheeded culmination of data centers has been silently engulfing urban…


We Need to Talk About Amazon: An Introduction to Capitalism Johannes Grenzfurthner, Jasmin Hagendorfer · (50 minutes)

Amazon is an American multinational technology company based in Seattle. It focuses on e-commerce, cloud computing, digital streaming, and artificial intelligence. Amazon is called "one of the most influential economic and cultural forces in the world" and the world's most valuable brand. For nerds…


When Cops Get Hacked: Lessons (Un)Learned from a Decade of Law Enforcement Breaches Madison Vialpando, Emma Best, Dave Maass · (60 minutes)

More than 125 U.S. law enforcement agencies have suffered some form of hack or data breach over the last ten years. Journalism school graduate Madison Vialpando has been working with the Electronic Frontier Foundation to build a dataset compiling all the ransomware, DDOS attacks, physical data thef…


Who Has Your Face? The Fight Against U.S. Government Agencies' Use of Face Recognition Jason Kelley, Dr. Matthew Guariglia · (60 minutes)

The fight against government use of face recognition technology is an important one, and one that civil liberties and other groups have come at from many different angles. Unfortunately, the technology is already out there - in use - and endangering people's privacy. Due to differing laws, regulati…


Zbay, Fighting FAANG, and the Quest for a Peer-To-Peer Messaging App That "Just Works" Holmes Wilson · (60 minutes)

We live in a time of tech monopolies, again. We escaped Microsoft's 90s desktop monopoly to hurtle into the FAANG monopolies, by walking a path where browsers, OSes, and developer tools might be free software, but the platforms we used to connect and collaborate were more locked down than ever. But…