32C3 - Ten years after we lost the war

Posted on Sat 02 January 2016 in misc • 16 min read

Gated Communities

Just after Christmas, between 27 and 30 of December a city of Hamburg, Germany hosted a 32nd edition of Chaos Communication Congress, an annual meeting of hackers, security researchers, freedom activists and tech-savvy artists. This year's theme was "Gated Communities" - from social network walled gardens, vendor locking and filter bubbles to increasingly fragmented societies through Europe and the world.

Even with its usual uncontrollable energy of over nine thousand people buzzing around a variety of stalls, workshops, talks and gatherings - this year's Congress seemed dimmed and bleak. Once mad prophets of state surveillance are now proven right by the Snowden revelations and they are not happy about that. Facebook, Google and other corporations are centralizing the Internet again, and it's becoming even harder to fight their pull. No one believes in simple solutions any longer. Quoting one of the talks:

I love heroes. I love superheroes. I love comics. But unfortunately, this is not realistic in such a situation. We need to work hard.

Katharina Nocun discussing Diaspora*

If you just want to see the best talks:

Ten years after "We Lost The War" - Computational Meta-Psychology - PQCHacks - Unpatchable - The exhaust emissions scandal ("Diesel-gate") - Replication Prohibited - How Open Source Software, second hand laptops and hackers helped stop Ebola (and stopped an apocalypse) - Free Software and Hardware bring National Sovereignty - Rowhammer.js

Otherwise, let's start with what the Congress is:

Congress Communicating Chaotically

The Chaos Communication Congress traditionally takes place in Congress Center Hamburg, the biggest German port city. It's organized every year by Chaos Computer Club which has managed to give German hackers a good name, making it probably the only country openly accepting the hacker movement without prejudice. Both the Congress and the Club gather a spectrum of individuals - from lonely security researchers, inventive makers and unconventional artists to political activists and loud anarchists, all sharing similar values and working hand-in-hand.

The event can itself rival US DEF CON and Black Hat Briefings and every fourth year is accompanied by Chaos Communication Camp, taking place in the relative wilderness of German countryside. Both of the C3s are distinguished by their organizational mastery achieved through hundreds or thousands of skilled volunteers. They do everything from cleaning and resolving arising conflicts to subtitling, translating and streaming all the talks live. Cleaned-up versions are uploaded almost as soon as they are off the air. They do it completely for free (and an Angel t-shirt).

The physical world is only a part of the Congress: life in both the Internet and local networks is buzzing with activity. Every hall and room has its own IRC channel and questions from there - read aloud by the Communication Angels - are as important as the ones from the meatspace. 32C3 wiki is full of of ads for last-minute workshops, calls for help in a project and dating sections (Hacker looking for a Hardware).

There's also a local GSM network, with all internal and external calls completely free (after a 5 EUR activation fee). You can also call a call's number and hear live translation of the talk by the interpreting Angel - both en/de and de/en, virtually stripping the language barrier.

It would be strange if a Congress didn't have it's own suite of mobile apps, including the schedule, schedule conflict resolver or even an interactive map with navigation mode. These all are available in form of webapps, too.

There are rules of course. Some standard non-harassment and good behavior ones (with Queer Feminist Geeks group offering basic communication workshops and color-coded stickers), some guidelines for busy hackers ("Remember 6 hours of sleep, 2 hot meals and one shower. Per day, not per Congress"), and a very strict ban on photography of people without their consent.

The allowed photos, are traditionally available at Mitch Altman's Flickr.

Assemblies, Workshops, Noisy Squares, Tea Tents...

There are talks, of course. To watch after coming home, because you wouldn't be able to attend all of the interesting ones either way, and the workshops aren't streamed. Some of the participants aren't leaving the dimmed lights of the Assembly Hall at all.

There is a lot to do at the Chaos Communication Congress. The Assembly Hall at the ground level is a place for hackerspaces, makerspaces and fablabs from around the world to showcase their latest projects, share experiences with other people, hack together and take part in security contests. There's someone with a embroidery machine, someone engraving others' notebooks with a laser cutter, robo-bartenders, custom dildo creators (health-safe soft rubber!), a variety of 3D printers, LED matrices in every shape and form, quad copters and pneumatic postal system encompassing everything. There's Mozilla, c-base and noisebridge, food hackers and coffee ones, even someone with a popcorn machine. There's even a table for Neuro Hacking (disappointingly unsophisticated, mainly using EEG as some sort of random seed / one switch for simple 3D visualizations).

Just next to them, electronic workshop led by Mitch Altman himself teaches soldering and circuitry to hackers of any age.

A little bit on the side was the Lounge with a bar, small concert stage and a smoking space. Several DJs were rotating during the Congress, grabbing a good part of the attendance.

At the first floor some more 3D printers together with several podcast stations overlook lockpicking workshops (legal in Germany!). Diasporans* and rubists sit next to KinkyGeeks teaching BDSM of installing Vistas and Tens. At the far end of the corridor there's a Noisy Square full of activists - Free Software Foundation Europe, Wau Holland Foundation, Electronic Frontier Foundation and anarchists themselves. All of them giving workshops, discussing policies, activities and plans, giving away fliers, inviting others to join.

On the second floor - food stalls and Digital Courage shop, where you can get apparel from the previous Congresses, small RFID detectors, privacy wallets and phone cases.

Just outside sat a tent filled with music, herbal scents and confetti flying constantly for those who preferred to unwind after several hours of intense talks and workshops.

This year half of the bathrooms were made unisex, which allowed for a new kind of activity - bathroom party!

Third floor hosted an unofficial sleeping area, as some people preferred to attend the Congress nightly and rest while the sun is up. Small tents, private "tree" structures, hammocks and comfy bean pillows were free to use. At the other side of the hall, luckily not audible for the sleepers - were kids playgrounds. Dance Dance sets with Frozen playing almost on loop, simple Kinect setups created by hackers for kids, ball pits, octopuses and little climbing walls, just so the parents could attend the talks as well.

Finally the fourth floor, also divided in two. The "Brave new sector" with a bar and dimmed lights hosted a good portion of the CCC's nightlife. For those who preferred more peaceful (and quieter) environment, the other half consisted almost exclusively of a Tea Tent full of low, Japanese-style tables and little cups. La Quadrature Du Net activists were eager to refill these and gladly discussed a variety of topics with guests. This was a true meeting place for the Congress, which allowed both several-minute exchanges and many hour long debates. Some hacking card game playtesting took place, as well as finding long-lost friends and customary keysigning.

As usual, there were some rooms ready for last-moment workshops and talks which didn't manage to register beforehand.

The talks

...and their abundance. As soon as the list was published many hackers started their impossible quest of choosing a track which allowed them to attend everything they would like to. Luckily, all of them are available online for free, under CC-BY 4.0 DE license.

The Congress is tricky. Usually few talks at such a big conference are good, but here? Way over half of them are just brilliant.

I'd like to walk you through the ones I had an opportunity to attend, as well as some I was recommended. You can click on their titles for direct link to the videos, translations and downloads. Just remember - that's a very subjective choice, and the Congress might have something much relevant for your interests - try browsing yourself!

Day 0


Was a good one, as always - it made an introduction to this year's theme, Gated Communities, comparing our bubbles to small towns and ships in bottles.

Keynote [Culture]

Taught by experience I knew that the Keynote is (or at least was for the last two years) one of the weakest points of the Congress. This year continued the tradition by inviting Fatuma Musa Afrah - who, despite being an amazing and energetic person - seemed totally out of place at CCC. I allowed myself to move to another talk held at the same time:

Hacking EU funding for a decentralizing FOSS project [FOSS]

Given by Holger Krekel I had an opportunity to meet before, at last year's PySummit in Warsaw. I wish he could give another talk on IPFS, yet this one was pretty good - he shared his experiences on successfully translating Hacker way of thinking into EU Official one, treating the grant procedures as another complicated system to understand and use.

Avoiding kernel panic: Europe’s biggest fails [Politics]

A great take on the real and current problems of European Union - the mechanisms of decision making and the alienation of MPs from the regular citizens. It turns out not all of the politicians are corrupt and eager to listen only to the corporations - they just aren't given enough information by their environment, and don't have any grounds to face the lobbyists. The speakers suggested the best ways to get involved in the EU policymaking, which wants and requires more input from its citizens.

* The exhaust emissions scandal ("Diesel-gate") [Politics/Tech]

A great duo of Daniel Lange, former BWM IT strategist and Felix Domke, a security researcher who successfully replicated the VW bug. The talk revealed the reasons behind VW scandalous decision to cheat the tests, the official procedures which must have been involved leaving a huge paper trail, commented on several very-carefully-chosen words by VW officials, and finally the faulty software itself. A must-see for people interested in current world economy and corporate power ladders.

Lifting the Fog on Red Star OS [Politics/Tech]

The hall was actually so packed I couldn't get in and haven't watched it so far - yet, many people call it one of the best talks of 32C3. It showcases the quirks of the North Korea's official Linux distribution.

Public Library/Memory of the World [Tech]

Quite weak one, showcasing an academic researcher quest to share ebooks and publications using various technologies. I may have misjudged it due to much higher expectations, yet I think that it would be much better if it went deeper into politics. I would love to hear a coherent summary of current Open Access status, library laws in different countries and Aaron Swartz's story.

How the Great Firewall discovers hidden circumvention servers [Tech/Politics]

I didn't manage to make it for this one, but it explains how the Chinese Great Firewall works in practice. Reportedly a good one.

Datahavens from HavenCo to Today [Culture]

Or "How I decided to set up a startup in Sealand and Failed". More of a story to be remembered than an actual politic statement, quite an interesting talk. Too little on current state of various Datahavens (why not Iceland?).

* PQCHacks [Tech/Science/Culture]

Post-Quantum Cryptography Hacks. Even with the D-Wave being overhyped, the quantum computers are coming fast - and with them, the end of all cryptography we use. The talk explores the uncharted land of non-quantum, yet quantum-proof algorithms which could protect our privacy from spying governments and corporacies for several decades to come. Extremely well-told with simple mathematics, a Python script and some stories. A must see.

Day 1

Maker Spaces in Favelas [Culture]

The story. Just one, but quite awesome makerspace, and how it changed lives of people around. What are favelas, really? Who does live there? How do they work? All the shanty-town technology they use and how it blows our minds. A really nice and heart-warming talk.

Lightning Talks Day 2

Someone messed with the numbering again. Lightning talks are a series of 3- or 5- minute talks by people who either weren't chosen for a full-fledged talk or registered too late. Several nice ideas, several funny stories, and a Greenlight project by Natalia Łukaszewicz which I am helping her with. I didn't attend LT on the next days, but the videos are also available: Day 3 and Day 4.

* Rowhammer.js [Tech]

Another one I haven't managed to attend, but I was recommended to me as quite a ground-breaking concept of exploit: attacking RAM with JavaScript.

Let's Encrypt -- What launching a free CA looks like [Tech]

A great summary of first weeks of Let's Encrypt - a free Certificate Authority allowing small sites like this one to use HTTPS protocol and ensure security and privacy of all the guests. Short, nice, heartwarming.

Friendica Workshop [Workshop | Tech]

A workshop - or rather, a discussion I attended eagerly, as on the previous year's CCC I had much hopes for Friendica and Diaspora projects, together forming the Federation. During that time I had several very fruitful talks with designers, social media professionals and analysts, thanks to whom I got a broad perspective on the subject.

I believe that to get popularity (and funding) the Federation sites should allow some kind of monetization of their instances. Right now they have several faults - being designed by and for programmers, not designers and users, and being very Free Software, meaning not wanting any commercial exposure. Quoting myself from the discussion:

My problem isn't with a social network spying on users, because there will always be such a thing. My problem is with no ability to opt out of that. I can accept Facebook messenger being used to profile me, yet I'd like it to use XMPP and allow me to encrypt, opting out.

Let's create a network where some nodes can be commercial and create their own terms of services - while others are totally free, and can nevertheless connect with the former!

Project leaders do see the first problem and openly invite designers to take part in the discussions and creation of the networks. They're however convinced to the their freedom principle and the idea of small pods - which may render the protocol unmonetizable (unlike email), and therefore unable to be widely adopted.

* Unpatchable [Culture/Tech]

I was excited and nervous to see this talk since I learned about it. It touched the topic of medical implants - mainly pacemakers, from the perspective of an owner, Marie Moe, who is also an infosec expert. As you may know, I've been interested in the topic for some time now, both from the technical point and the law/cultural one, as with the improvement of this technology, we will have more and more devices running in our bodies.

The talk is... careful. It doesn't want to make people panic with claims like Barnaby Jack's, it tells a real story, shows how Marie was debugging the implant and the programmer together with her physician. Mentions the dangers of open wireless interfaces and the ownership of the data from one's heart. I really recommend it.

Day 2

Beyond Anti Evil Maid [Tech]

Quite a good advanced talk on the risks of bootkits and how to counter them - so far, with no good and universal solution.

* Computational Meta-Psychology [Science/Philosophy/Culture]

One of the best, if not the best talk of the Congress. Even if not actually scientific (as in showcasing and discussing specific research), this is exactly what a transhumanist talk should look like. Joscha Bach is a MIT researcher in a field of AGI and consciousness and an active H+ activist himself. He has given a series of talks on the topics on the previous Congresses, too.

During this one Joscha touches Artificial Neural Networks, neuroanatomy, cognitive biases and the neuropsychology of politics, to go into full lesswrongy attractors and death spirals. He goes as far as highlighting nerd's social ineptness and inability to take part in group politics as an important quality and defining factor of their current social role.

Neither Snow Nor Rain Nor MITM… The State of Email Security in 2015 [Tech]

Everything you wanted to know about email security but were afraid to ask. Because there's a lot to be afraid of. There are countries where 80% of emails are actually stripped of any protection. A clear, understandable and solid talk.

Say hi to your new boss: How algorithms might soon control our lives. [Science/Tech]

Again a talk I came to with high expectations, but seemed mediocre. Had several good points:

  • You have to be careful and responsible when teaching a neural network, because it will inherit your biases.
  • There's no such thing as 'objective' neural network with a human anywhere in the equation.

Good, but could have been better.

Mozilla FirefoxOS Workshops [Workshop/Tech]

FirefoxOS is fun, even if its future is quite unclear. It will be developed, not sure for which devices though. Run by Daniel Maslowski, the workshop showcased the system quite nicely, warning about several quirks and dangers, for example using Angular. Sadly, FOS emulator doesn't work well on the latest Ubuntu.

De-anonymizing Programmers [Tech/Culture]

Based on a scientific study, show how to recognize a programmer from a coding style. It's actually quite accurate, even with a compiled (!) code. The technology has been already used in several totalitarian countries to prosecute criminals like porn site webmasters. Scary, but definietely worthy watching.

** Ten years after "We Lost The War" [Culture]

Probably the most important talk of the whole Congress, showcasing its theme of sad realism and hopeful determination. Two philosophers, rop and frank continued their talk from 22C3 in which they proclaimed the "War for Freedom" to be lost. While few societies have fallen under a totalitarian regime since then, the move towards surveillance is plainly visible. Snowden has proven what people feared, and most of them reacted with indifference. Corporations are growing stronger and more resistant to any kind of citizen control, intertwined with governments way above regular people's reach. After initial shows of hope and solidarity by European nations, the refugee crisis is a crisis of trust, and many countries are choosing their own interests over shared ones.

It's a time to stop promising utopias. The war for freedom - as hackers define it - has been lost and there are no heroes, no miracles to wait for. It's time to fight small fights every day, in every hackerspace, making them open libraries and universities where free thought can thrive, where communities can meet and people help each other. It's time to make world a little better, not perfect.

I have to admit I really like this attitude and I found it inspiring. I don't believe in a hacker singularity when all the scientific articles are given to the masses, patents are abolished and culture made free for everybody. These would be world-changing events, but the old problems would still persist. The corporations would still have monopolies on resources and means of production (prototyping is not everything), the politicians and bureaucrats would still be corrupt, and people - thoughtless.

I prefer focusing on the smaller deeds: giving an "Intro to cybersecurity" talk at a local school, at least one a month. Helping talented and strong-willed young people achieve their goals. Work for open source, open access and open science. It's just a shame I cannot do that within our local hackerspace, as the speakers suggested.

It turns out that one of rop's points was especially controversial - when he proclaimed that hackers shouldn't rely on anti-depressants to live, they should instead change the community and the world so they would no longer cause depression. While I do agree with the broader and philosophical meaning of this point, I don't think that it'd be wise to opt out of proper medication having constant suicidal thoughts.

This talk is an absolute must-see, and main point of the whole Congress.


The fun one. Artistic circuitry hacking race with time. With no protections of course. Probably killed the speakers.

* Free Software and Hardware bring National Sovereignty [Politics/Tech]

A great, if a little bit over-the-top story of a Palestinian doctor who turned to hacking community to create tools he couldn't buy for his hospital. Then got them tested and certified, for a 1/200 of a regular market price.

Craft, leisure, and end-user innovation [Science]

Hacker scene and culture studying methodology. Pretty weak one. This is not a talk you're looking for.

Maritime Robotics [Tech]

I seem to have fell asleep on that one. Not that it has been bad, just the day much too long.

Day 3

I feel like a criminal and I have to be god at the same time [Science/Culture]

Another talk on the Hacker scene, this time several academic interviews on the topic what is hacking and a hacker. Pretty good methodology and responsible research, IMHO much better than the previous one.

* Replication Prohibited [Tech]

Haven't seen this one, yet it was highly recommended to me. Based on a scientific paper, the talk showcases the technology used to 3D print keys based on... photos of a keyhole.

It's also nice to observe how the speaker uses hacker terminology for physical word, describing 'bump keys' as a 'common attack'.

A New Kid on the Block [Tech/Culture]

Nice take on Diaspora history with several wonderful tongue slips. The speaker doesn't believe that any of the Federation members can rival Facebook, and shows instead a different route of consistent evolution in small communities - like hackerspaces and clubs. It's one of the talks which is deeply saturated by the Congress spirit of sad realism and determination - and the one the opening quote comes from.

When algorithms fail in our personal lives [Art]

Something totally different to what I was expecting - instead of a panorama of algorithms shaping our views (shown in "Sin in the time of Technology", below), it's an art project where self-proclaimed counselor helps people with their social media awkwardness, addictions and insecurities. Not really a significant test group, but valuable experience nevertheless.

* How Open Source Software, second hand laptops and hackers helped stop Ebola (and stopped an apocalypse) [Tech/Culture]

Yet to watch, but it's called one of the best talks of the Congress. A story of one admin who traveled to Ebola-infested Sierra Leone, built a team of local activists/hackers and revolutionized hospital infrastructure, significantly helping in stopping the epidemic.

If you need some inspiration, grab this one and see how giant impact single people can have.


Another one I haven't seen live, but which influenced the Congress' memesphere heavily - showing how there's little difference between Mao and LMAO.

Sin in the time of Technology [Culture]

A good take on how the social network policies and filter shape our reality and sensitivities. Well told story of third-party censors, working with some arbitrary rules given to them from way outside of their culture, having only several seconds to judge each piece of content.

Coming out of the basement

As usual, the Congress was one of the most important experiences in many of the attendees' year. For some inspirational, for some spiritual, for others just a place to exchange some news, meet old pals and hack together, it surely consolidated european hacker scene and gave people new ideas for the coming 2016.

I'm glad I could attend it and I would like to thank all the people who contributed to my wonderful experience.