Having seen videos of excellent presentations at the annual Chaos Communications Congress
for years, and having been encouraged by a friend who's a regular participant, I finally got myself a plane ticket to Germany at the end of 2012 to see what it's all about. (Afterward I visited some of my Midorikai classmates in eastern Europe, so CCC wasn't the sole point of my trans-Atlantic trip.)
As someone with an ongoing interest—albeit no professional background—in computer and network security, open source stuff, and general technical geekery, I've been to various iterations of three other "hackercons": HOPE, ShmooCon, and DefCon. So my expectations come with those communities as a background.
I arrived at 29C3 around the middle of the first day, which was nigh miraculous considering that a snowstorm in the northeastern U.S. grounded three out of four legs of my journey to Hamburg. Props to my parents for spending far too long on snowy roads to get me to a functioning international airport so my flights could be rearranged relatively quickly.
My first impressions of CCC were that it was larger than the American hackercons I'd been to, and that it was dominantly German-speaking. Oh yeah, and I knew no one there with the exception of the aforementioned friend who was largely too busy to hang out. So, it was a little intimidating. But I was optimistic when I heard that the conference organizers had adopted an anti-harassment policy
On the first day, after rebooting my travel-worn self at my hotel, I attended Privacy and the Car of the Future: Considerations for the Connected Vehicle
, Enemies of the State: What Happens When Telling the Truth about Secret US Government Power Becomes a Crime: Blowing the Whistle on Spying, Lying & Illegalities in the Digital Era
, and Time is Not on Your Side: Mitigating Timing Side Channels on the Web
. (Recordings from all the talks can be downloaded from the official and unofficial mirrors
, but for casual viewing I recommend searching on a talk's title on youtube.) The whistleblowing talk was the most powerful one of the day, for me. I'd heard William Binney speak at HOPE last summer, but here Jesselyn Radack's and Thomas Drake's accounts of the ostracism they experienced for refusing to sanction unconstitutional government spying and power grabs were even more compelling than Binney's alone.
On the second day of 29C3, I set out to fix my problem of not knowing anybody by querying vaurora
for their recommended awesome people at 29C3. I was not disappointed. :) In short order I met eqe
, and others, and they are excellent people with whom I'd like to hang out again, which makes it fortunate that they all live on the same continent I do. We failed to get to the room where the Tor software ecosystem talk
would happen before it filled up, so some of us headed to Many Tamagotchis Were Harmed in the Making of this Presentation
, of which I had low expectations because of the "fluffy" subject matter. It turned out to be clear, engaging, and technical. Actually, I'd rate the average quality of talks at CCC—based on my small, English-only sample—to be the highest of any con I've attended. Later that day I went to "How I met your pointer": Hijacking client software for fuzz and profit
, which was less sketchy than the title suggests. That night m_c_t
, and I visited one of Hamburg's most popular attractions, Miniatur Wunderland
, the largest model railway in the world. I took some photos
. Indeed, it is vast. We spent a couple hours there and still didn't see everything. Their control center
has more monitors than the one at my workplace where we control two interplanetary spacecraft! The model cities and countryside were sprinkled with Santa Clauses, including this contingent
that I think is engaging in a labor protest(?). I'd recommend visiting this place if you're going to be in or near Hamburg, particularly during the parts of the year when it's bleak outside.
On the third day I went to Securing the Campaign: Security and the 2012 US Presidential Election
, Writing a Thumbdrive from Scratch: Prototyping Active Disk Antiforensics
, and Low-Cost Chip Microprobing
, along with lots of Lightning Talks
. Chatter was building about the previous night's Hacker Jeopardy, which I'd not been interested in attending because it was in German. (I'd later find out that real-time interpretation was available for all or most German-language talks for people with a DECT phone (not me) or watching the live stream(s), which would've required reliable access to power outlets). Some sexist incident had taken place at Hacker Jeopardy, but English-language details were not to be found.
A lot of the chatter—overheard and on twitter, the CCCers' social medium of choice—referenced creeper cards. I was familiar with creeper cards even though I'd never, and still haven't, seen any in person. They're yellow or red, analogous to the cards used to indicate fouls in association football
, with pre-printed explanations that the recipient has done something inappropriate. There are also green ones to reward particularly respectful behavior. These cards were developed for last year's DefCon, and my impression in the wake of that event was that creeper cards had become a recognized—if not widely accepted—phenomenon in hacker culture.
The story started to emerge that one of the hosts of Hacker Jeopardy had said something sexist (possibly it was his complaint about having to choose a woman contestant in addition to men) and had been handed a red card by someone in the audience. Whereupon he treated the card as a joke, which apparently was his honest interpretation of it. I can understand his not being familiar with the cards, but to automatically treat a statement that you have done something inappropriate as a joke? To me that is not reasonable at all.
With regard to my personal experience at the con, I did have one creepy incident: when I was relaxing in one of the con's foam-filled pits, sitting back with my eyes closed, some guy outside of the pit started aggressively and nonconsensually taking flash photos of me and other people nearby. Confused (at first) and then peeved, I picked up my stuff and left. I regret not doing more; I could have confronted him or found some con volunteer to explain the rule about photography
, or at the very least reported it. But being non-confrontational in general and flustered at that moment, I didn't.
I attended a haecksen breakfast
on the final day of 29C3. (Haecksen is a loose aggregation of European and Australian women hackers.) I'm grateful to them for indulging my lack of German comprehension by conducting the discussion in English. I think this discussion was where I first learned that there was an Awareness Team among the volunteers and that incidents could be reported to them. Naturally there was talk of Hacker Jeopardy and the creeper cards. I was disappointed to hear so many of the women there excuse recipients' response to the creeper cards, though. Repeatedly I heard that the recipients had no way of knowing the cards weren't a joke, when they were "dumped on" the con-goers without context. I don't know how the cards got to CCC, and I was baffled on hearing that they were distributed in large numbers. When? To whom? I still don't know. I never saw a creeper card being handed to anyone, so I don't know how they were used in practice, but at least one attendee reports there were thousands of cards
Much digital ink has been spilled in the last few weeks about sexism and creeper cards at 29C3, most of it exasperating. One exception is vaurora
's piece at The Ada Initiative
. Another is tensory
. There are a few others. This post is certainly late to the discussion, of which I've read most of the fraction I care to. And I haven't even, until this sentence, brought up Asher Wolf's breakup with the CryptoParty
. But I have no personal experience related to that.
I don't plan to return to the Chaos Communications Congress this year. I have no investment in that community, and I can visit the awesome folks I met more easily outside of CCC. Plus all the talks are freely available online, live and recorded. This year I'll return to viewing them from a safe distance.