Hacking Together Something New

Trying something a little different.

Hacking Together Something New
Photo by Adrien / Unsplash

Inspired by the DEF CON Franklin project– and a little bit by this Darknet Diaries episode – I'm updating the Grove City Tech Lab lack of business model: instead of providing computer and device repair – we're going to restart as a responsible hacktivist.

A Second-Second Chance

Let's be honest - while getting better, the secondary-repair market for devices (phones, tablets, etc.) isn't exactly third-party friendly.

The Repair Association
Fighting for your right to repair your digital products.

Consider supporting repair.org

Google doesn't have a partner program for Google Pixel devices. Apple does, but the last time I reviewed it, my co-working space didn't meet the retail space requirements, which means I could only do out-of-warranty repairs.

And let's be honest: I wasn't making (any) money anyhow. But I did setup the infrastructure for Grove City Tech Lab to continue in other capacities.

A local hacktivist, eh?

Project Franklin outlines what they later refer to as the Franklin Cyber Volunteer Task Force:

"Aside from policy work, Franklin will establish a mechanism that empowers individual members of the DEF CON community to volunteer at under-resourced organizations supporting our critical infrastructure."
— DEF CON Franklin website

But what if I wanted to focus on my local community? For example, it will take some amount of time for DEF CON Franklin to disseminate information and tasks to volunteers - of which there will likely be many more available than help required. But there are plenty of people and businesses local to me that need help on physical and digital security - why not start small?

Franklin will mobilize the DEF CON community to solve real world problems.
— DEF CON Franklin website

That's exactly what I've been missing – a real-world, tangible way to help – a way to feel like I'm contributing: more than just donating to the EFF and Repair.org every month.

So I've identified a general set of real-world problems that I can help with:

  • People need to understand digital safety, security, and privacy.
  • Businesses needs to test their defenses to keep people safe.

Mapping these real-world problems to simplified security concepts, I've come up with the concept of blue-teaming for people, and red-teaming for businesses.

Blue-Teaming for People

There are a variety of ways that I think Grove City Tech Lab can help individuals:

  • learning the basics of digital security (password managers, MFA/2FA, etc.)
  • running your own personal or family infrastructure (think a family Mastodon instance or your club's Matrix chat server.)
  • switch to GrapheneOS for a more private mobile experience
  • setup online presence without relying on big-tech platforms and ad-tech
Basically, anything I listed here is fair game. This part of the plan was largely inspired by DEF CON Franklin and Cory Doctorow's Enshittification talks.

Red-Teaming for Businesses

This side of the plan was largely inspired by Darknet Diaries episode 117, Daniel the Paladin. (But maybe without the crime part of it.)

Essentially, we'll identify a local business to help with their physical and digital security. Once identified, we'll use ethical hacking concepts to find and responsibility disclose any vulnerabilities or issues found. Once disclosed, we can assist in resolving the issue, if desired. And we do this without expectation of payment for our time.

Then we repeat for another local business.

This allows us to build experience, help our local community, and lets me feel like I'm doing something to help fix the internet.

We also sponsor and run the monthly Lock Picking Columbus event: you can learn how easy it is to bypass common locks and safes. Useful for both people and businesses to gain perspective on every-day security.

Capitalism: Nope?

The business plan behind this effectively boils down to this: I don't have one. I'm doing this to help my family and friends, learn new tools and concepts, and reinforce my reputation for helping others.

But making money will likely come down to these avenues (in no particular order):

  1. Potential for word-of-mouth recommendations from businesses we help.
  2. Content-marketing through authorized publishing of free security audits.
  3. Merchandise sales. I love a good online shop, especially stickers.
I'd like to make this a non-profit one day...but for now all the funding is essentially donations of my time and expertise - any financial support is provided by myself, Patrick Labbett, via Call Theory.

Summary

A quick summary of what you should expect moving forward:

  • Lock Picking Columbus every month at Grove City Business Center
  • Stories about improving local residents and companies security
  • Security and Privacy Consulting & Support
  • A merchandise shop of some kind.

If you want to nominate a company for a security review (or if you're the owner) please email support@grovecitytechlab.com with as much detail you'd like to provide.