wiki:RolePlay

Version 8 (modified by Jamie McClelland, 18 years ago) ( diff )

--

This description of a roleplay to demonstrate security practices relate to a workshop being planned for nyc_anarchist_book_fair_2008.

Security demonstration

For this demonstration we'll need a bunch of volunteers.

  • 2 people on opposite sides of the room, Mail Provider X and Mail Provider Y (each volunteer gets a sign identifying them and tape so it can be taped to their chest)
  • 6 e-mailers. Each e-mailer is handed a sign with their email address on it. In addition, they are all handed a half-sheet of paper to write a message and their directions (see below). People B - E are handed envelopes.
  • A@…
  • B@…
  • C@…
  • D@…
  • E@…
  • F@…

We can add more folks if we want more successfully sent messages.

A presenter should be chosen to play the role of the police (and will have a sign saying "Policy" taped to their shirt).

Instructions/demonstrate the "mail sending"

I'm Jon@X.com. I want to send a message to Jamie@Y.com. So I write it, and I put Jamie's name on the top, and give my message to X.com. They see that it's for Y.com, and they pass it along to a number of other computers until it reaches the Y.com computers. Next time Jamie decides to check his e-mail, he gets a copy from Y.com. He can reply and send it back, or forward it to someone else.

Since we're on a schedule, I'm going to ask that folks please follow the directions they're given and not decide to send e-mail via paper airplanes etc.

Person A starts by sending a message (sending a message means writing it down and then reading it aloud for everyone in the room to hear. When it reaches the mail server for person B, person B is invited into the room and is handed the message. They read the message out loud.

Then, person B sends their message and this continues until all messages are sent.

Scenarios

Person A

Instructions Send a message with a short incriminating phrase of your choosing to person b@…. If you can't think of one, use "I bought the dynamite."

Action Email is successfully delivered

Person B

Instructions You're expecting a message about an upcoming action from a@…. After you receive it, write a message telling your companer@ c@… when you'd like to plan a scouting run. Plan it for nighttime some time in the next week.

Action Police ask a router to hand them the message when it comes to them, take a picture of the message.

Person C

Instructions You are planning an action. You are expecting a message from person b@… about a scouting run in the next week.

Write a message that says, "We'll do the action on the night of _ _ ." When you get the message from person b@…, fill in a date a few days after the date of the scouting run and put it in the envelope so it can't be read by the policy. Put the address of person d@… and a subject on the outside of the envelope and send your e-mail.

Action Police say out loud: Hm. I can't read this message because it is encrypted! However, that won't stop me from replacing it with my own encrypted message. I know from the last message that they are planning an action. I'm going to mess with the action by replacing it with a message saying it is cancelled.

Person D

Instructions You are planning an action. You are expecting a message from person c@… about when the action should take place.

Forward that information to person e@…. Put a note at the top like, "FYI, here's the info." Make sure to encrypt the message by putting it in an envelope. Put the address of person e@… and a subject on the outside of the envelope Also, sign the envelope with "d@…" across the flap so they know the message came from you. After you send the message, have a seat in the room.

Action I still can't read it, and it appears to be signed. But, what's to stop me from replacing it and signing it myself?

Person E

Instructions You are planning an action. Person d@… will forward the info on the action to you. You should forward it to person f@….

Just before you write your email, write your signature (sign: e@…) on a piece of scrap paper and give it directly to person f@… (get up out of your chair if necessary) and say: "Here's my signature. Keep it so if you receive an email from me, you'll know it's really me."

When it is time to send your message, make sure to encrypt the message by putting it in an envelope. Put the address of person f@… on the outside of the envelope Also, sign the envelope with "e@…" along the flap so they know the message came from you.

Action Same as before - police switch out envelope, but with bad signature.

Person F

As the last person, you won't be sending e-mail, just receiving.

However, before receiving your message, person e@… will hand you their signature.

When you receive the email from Person e@…, be sure to compare the signature to make sure it's the correct one.

Action Compare signature and they don't match

Note: See TracWiki for help on using the wiki.