This event has ended. Visit the official site or create your own event on Sched.

Welcome to the Official Schedule for RightsCon Toronto 2018. This year’s program, built by our global community, is our most ambitious one yet. Within the program, you will find 18 thematic tracks to help you navigate our 450+ sessions

Build your own customized RightsCon schedule by logging into Sched (or creating an account), and selecting the sessions that you wish to attend. Be sure to get your ticket to RightsCon first. You can visit rightscon.org for more information. 

To createIf you’ve created a profile with a picture and bio, please allow a few hours for the RightsCon team to merge it with your existing speaker profile. 

Last updated: Version 2.3 (Updated May 15, 2018).

View analytic
Thursday, May 17 • 12:00 - 13:15
Tech Demo Block #3: Privacy and digital security for all

Sign up or log in to save this to your schedule and see who's attending!

DiY Kit - How to analyze privacy and security at smartphone apps (Karisma Foundation)

Speakers: Maria del Pilar Saenz & Stephane Labarthe

The session is about presenting a methodology of app analysis (for smartphones and tablets), that seek to evaluate transparency, privacy and digital security with a pedagogical approach in a DIY, legal/ethical and non-intrusive way.

Last year, Karisma presented in the RightsCon 2017 his methodology of website analysis in a conference named “DiY Kit - How to analyze Websites”, after publishing its first analysis of a governmental website linked to the Colombian IMEI cellphones registry database (https://karisma.org.co/?wpdmdl=6785). This year, although there were not published in details to respect a non disclosure agreement, Karisma has made other governmental websites analysis. The stronger impact and the advocacy potential of this approach to induce positives changes in a multi-stakeholders and co-responsibility approach was recently presented as an example in two local conferences (Foro de Seguridad Digital 2017 and Barcamp SE Bogotá 2017).

Karisma is now beginning, with the same approach, to analyze smartphone apps. The methodology is a little more complex than the one for website, but the investigation is more interesting since privacy and security concerns are less visible for apps than for websites. Apps seem to be a black box we would like to open: Is this App using HTTPS ? Is this App sharing data with third party actors ? Etc. The evaluation is still based on a methodology that any person (with some basic technical knowledge) can follow in order to make the digital citizen able to audit his favorite apps himself. Similar to the website cases, we do think this methodology can be used as an advocacy tool with governments and other sectors in our countries.

The methodology is principally based on a data flow analysis generated by the app, by connecting the smartphone to an access point setup on a computer. This analysis uses only free software (Wireshark in particular) in order to be easily reproducible. It is not intrusive and to keep us in a legal and ethical path.

We will introduce our methodology and the results of the the analysis of apps in different aspects:
• we will see legal information, transparency, and we will learn how to read technical information about an app;
• we will look for tracking, cookies and privacy concerns (analyze of DNS request and third party request, set-cookies, etc.);
• we will analyze the security of the app, in particular the use of HTTPS.

Interactivity would be promoted making the public participate and give ideas of improvements and possible replica.

Security Education Companion walkthrough (Electronic Frontier Foundation)

 Soraya Okuda

Soraya will give an overview of the Security Education Companion website (sec.eff.org), which is an educational resource for new teachers of digital security. She will solicit feedback and collect ideas for needed educational materials in the digital security space in the remaining minutes of the demo.

MaadiX, your cloud in your hands (MaadiXZone S.L)

 Maddalena Falzoni Gallerani

MaadiX is a practical solution to protect the privacy of our data and to avoid censorship. Instead of being dependent on the services offered by large companies, MaadiX provides journalists, human rights defenders and citizens in general with the digital autonomy and tools they need and use every day, having them running in their own secure space.

We will reveal and share our plan to ensure confidentiality of information as a right and not a luxury, without the need of any previous know-how or significant investment.

Crafting Resilient Communities
(Center for Digital Resilience)

 Josh Levy & Holly Kilroy

The Center for Digital Resilience (CDR) works with regional/thematic communities of NGOs to improve their understanding of the digital threats they face and how to mitigate them. We do this by partnering with a cohort of organizations to identify their needs, and connecting those organizations to qualified digital security trainers. If and when specific threats materialise, we work with digital security experts to facilitate fast, effective responses. With our first projects successfully up and running, we’d like to help more communities improve their digital resilience and bring more experts and service providers in to fill gaps where needed.

This session will be a lighting talk we discuss how activists, digital security experts, and human rights advocates -- and the communities they work with -- might benefit from the CDR model.

Thursday May 17, 2018 12:00 - 13:15

Attendees (61)