[HOPE_16] Talks

HOPE_16 Opening Ceremonies

It all starts Friday morning. Join us as we make sure everything works before another HOPE is unleashed on everyone.

Activism, Hactivism, and the Law

Alex Muentz

Protest has become more important and more dangerous in the U.S. It's harder to know where the line is between safe, lawful protest and actions that can get you sanctioned, arrested, or deported. Alex will discuss how to assess the risks you face in online and in-person protests, ranging from pickets to dropping docs.

Aging Cyber Safely

Laura Sang Hee Scherling, Josefina Piddo

This presentation asks how we can better care for our older adults and improve cybersecurity awareness training and policies with their needs in mind. American adults over the age of 60 filed over 100,000 cybercrime-related complaints to the FBI in 2023 and experienced losses amounting to $3.2 billion. Older adults are the most vulnerable to cybercrime, and studies have found they feel ashamed to disclose having been victims. Although important initiatives exist, such as AllState's training sessions on cyber safety and AARP's free fraud helpline, there's a noticeable shortage in relevant resources. This research examines emerging cybersecurity awareness resources and policies supporting older adults, drawing from interviews with FINRA and the Identity Theft Resource Center (ITRC). It also presents findings from the cybersecurity awareness initiative founded by the presenters: the Cyber Care Institute, recently introduced to four organizations and over 100 students in New York City.

Aphantasia: A Personal Reflection

Dr. Earl Brown

Imagine a mind without mental images, where "picture this" has no meaning. Aphantasia - the inability to form mental images - is a little-known, rare condition that affects around one to four percent of the population. In this presentation, Earl will talk about aphantasia and how it has impacted his professional life as a pathologist and a teacher with more than 35 years of experience. He will explore its impact - both good and bad - on everyday experiences such as chess, piano, drawing, reading, memory, and learning, finally speculating on how aphantasia may affect creativity and the hacker mindset.

Ask the EFF

William Budington, Lena Cohen, Cara Gagliano, José Martinez

This year, the Electronic Frontier Foundation (EFF) will be returning to HOPE for a special "Ask the EFF" panel to address some of the pressing questions the hacker community has in these troubled times. Panelists will provide updates on current EFF work, including the ongoing case against the "Department" of Government Oversight, educating the public on their digital rights, organizing communities to resist ongoing government surveillance, and more. The panel will then turn it over to attendees to pose questions and receive insights on how users can protect their civil liberties online during an increasingly volatile political and world situation.

ATM Hacking: Past and Present

Roman Pushkin

This talk explores the evolution of ATM hacking, from classic physical attacks to modern software exploits, using two real-world case studies. Roman will demonstrate how cybercriminals bypass security measures and why banks often stay silent. Attendees will see a live demo of a custom "flusher device" built for a tabletop coin dispenser (reverse-engineered from eBay), highlighting vulnerabilities in cash-handling systems.

Bitpart: 5-In-1 Platform for Activism Over Signal

Josh King

Signal is one of the most critical tools we have for secure communication amongst activists, journalists, and human rights defenders. As of 2024, Signal has over 70 million active users and over 220 million downloads, with no signs of slowing down. With the global rise of the far-right and corresponding attacks on human rights, the ability to securely organize via Signal against these forces is more important than ever.

To that end, Throneless Tech has embarked on an in-depth research project that resulted in the creation of Bitpart: a Rust-based software platform that allows for the creation of dynamic organizing tools on top of Signal. Depending on the end-users' tech capacity, Bitpart can be run on organizers' own self-hosted servers or through Throneless-hosted servers. The project builds on experience gained from past Signal chatbot projects, and new research conducted with targeted groups such as current organizers, activists, and journalists around the world.

In this session Josh King, developer of Bitpart, will demonstrate how the platform is being used to create bots that activists can use as secure, anonymous tiplines, digital helpdesks, broadcast lists, a tool to distribute eSIMs, and a tool to share VPN download codes. Participants will come away with an understanding of how Signal can be utilized in novel ways, how to think through the threat model and risk assessment for creating secure tools for activists, and how Bitpart can be expanded upon and applied to their own communities.

Both Sides of the Wire: Surveillance, Whistleblowing, and Building a Cyber Peace Movement

John Kiriakou

As a former CIA officer who exposed the agency's torture program, John Kiriakou paid the price with his freedom. In addition to disclosing wrongdoing, he understands surveillance from the inside. This talk brings together that firsthand knowledge with a challenge to the hacker community: we must pursue a cybersecurity model rooted in cooperation, transparency, and peace rather than conflict.

This talk will explain how today's digital ecosystems - including both software and hardware - are vulnerable not only to technical compromise but also to political manipulation. The threats we face are not just from malicious actors or hostile governments, but from within our own systems. Co-opted code, opaque procurement processes, and surveillance-by-design continue to erode public trust. It is time to reclaim the hacker ethos and direct it toward a global cyber peace movement. Here you will learn why hackers, technologists, and civil society must lead this effort, and how the only sustainable security is one built collaboratively, with integrity and purpose.

Build a Tech Community in Your Neighborhood, One Hackathon at a Time

William Hutson

This talk chronicles the journey of creating a vibrant tech community through short, accessible two-hour mini-hackathons that lower barriers to participation. The speaker shares their experience of building Flushing Tech's successful bi-weekly hackathon program, and provides a practical roadmap for you to try this at home in your own neighborhood. Leave with actionable guidelines for starting similar initiatives that emphasize the importance of creating an inclusive environment that welcomes participants of all skill levels while maintaining enough technical focus to drive meaningful project development. This talk is ideal for community organizers, tech enthusiasts, and anyone interested in fostering grassroots innovation in their local area.

Bureaucracy Hacking - Creating Organizational Exploit Chains for Good

Adam L. Hesch

At their core, all bureaucracies are, fundamentally, information systems, containing the ability to store information, compute information, and share information over a network. This means they all can be hacked. In this funny, enriching, and ultimately inspirational talk, the concept of "bureaucracy hacking" will be discussed as a way to make a difference in any organization of any size, even (perhaps most especially) when you feel like "just a cog in the machine." The talk will be suitable for a novice audience of any background, with high level references to traditional information security, hacking, and of course social engineering principles. What will make it unique and interesting will be particular emphasis on the exploitation of the emergent and unique properties of bureaucracies. It will be most actionable by young, idealistic entrants into the workforce. And, it may yet inspire the younger versions of ourselves inside each of us that our (warranted) cynicism has led us to ignore or forget (at our peril). Stories will come from the speaker's (and others') experiences at organizations like Meta, the U.S. Department of Defense, the U.S. Navy, and others. It is intended as a rebuttal to, and toolkit for, countering "Pournelle's iron law of bureaucracy."

Claw Back Your Data From Big Tech With Cyd

Micah Lee, redshiftzero

Tech platforms can't be trusted. Oligarchs and billionaires want you to keep giving your data to their Big Tech companies for free so they can sell it and manipulate you into believing nonsense. In this talk, the Lockdown Systems collective will introduce Cyd, their open source desktop app that makes it easy for people to reclaim control over their data from Big Tech. Giving users actual control over their data is challenging when dealing with hostile, enshittified tech platforms like X and Facebook. Cyd bypasses all of that though by putting the user in the driver's seat: it runs on the user's own computer, from their own IP address, and it works by automating a web browser on their behalf - and sometimes relying on APIs, when they're available, free, and don't suck. It doesn't share any access to your accounts or your data with the Lockdown Systems collective. Attendees will learn how Cyd works under the hood, how you can use it, and how you can contribute to building tools that challenge the dominance of Big Tech.

Communication and Movement in Internet Shutdown Protests: Rethinking Mesh Messaging

Cora Rowena Ruiz

2024 was the worst year for Internet shutdowns ever recorded, with nearly 296 documented events across 54 countries. Frequently imposed during protests and times of unrest, shutdowns are commonly used as a tactic to suppress dissent and restrict communication. Mesh messaging is widely hailed as a potential workaround, yet these tools are generally considered unreliable, untrusted, and ultimately go unused. Mesh systems depend heavily on the spatial relationships between nodes, but existing research on how people move and communicate in protest settings is sparse. This talk explores a holistic approach to mesh tool design, grounded in qualitative firsthand experiences to build effective blackout-resistant mesh tools.

Computational Techniques for Making Karaoke Harder

Jamie Brew

Robot Karaoke is a live comedy show that swaps lyrics with fragments of text drawn from a catalog of esoteric datasets (quora questions, web banner ads, tax forms, and more) to create and sing never-before-sung karaoke songs. This talk covers how the data is sourced, how the songs are phonetically annotated, and how the show is run and the core software (the Weird Algorithm) developed. The presentation will end with a demo of the future of karaoke.

The Computer Underground Scene - Past, Present, and Future

Netspooky (Phrack / HCC), TMZ ( Phrack / tmp.Out), Skyper (THC / ex-Phrack), John Threat (Masters of Deception), Bill Budington (Electronic Frontier Foundation)

This is a brainstorming session together with the audience. The panel will talk and unravel a bit about the past and present, and try to find a shared vision of where we are or should be heading.

Counter-Surveillance as Activism: Using Cameras Against State Violence in Israel/Palestine

Aman Abhishek

Palestinian, Israeli, and international anti-occupation activists in Israel/Palestine have been using cameras to deter and document violence from Israeli security forces and settlers for around two decades. Human rights organizations first started distributing cameras in the mid-2000s to facilitate documentation, and today, essentially every anti-occupation activist in the West Bank and Jerusalem carries some combination of video cameras, smartphones, and body cameras to deter and document state-settler violence. The activists also take it upon themselves to take the videos to journalists, human rights organizations, courts, and elsewhere; recently, this activism was the focus of the Oscar-winning documentary No Other Land. This talk will describe how activists organize, what happens to the footage, how this activism changed after October 7th, and what this all means for thinking about counter-surveillance as a strategic response to state violence.

CRXaminer - Deep Dive Into Chrome Extensions (Plus Tool)

Mark El-Khoury

You spend your time configuring HTTP headers and hardening your containers. Meanwhile your CFO just downloaded a Chrome extension to make the font in Gmail Comic Sans. What are Chrome extensions, exactly? This talk will dive into details, including format, contents, static analysis with custom rules, threat modeling (when does this even matter?), and some of the unique challenges of building a security scanner. A tool will be demoed that has just been released for this: CRXaminer (crxaminer.tech). You will learn how you can immediately start using it.

Dark Web Digger: Modular Scraping for Dark Web Intel

Samantha Stortz, Dominick Foti

Dark web forums are a major resource for the hacking community and play a large role in the spread of information, data leaks, tools, services, and related transactions. While it is common for users to keep similar usernames and identifiers across different forums to maintain their credibility, these users often need to create or change accounts. The prototype presented here looks to tie anonymized accounts to the same user, as they will likely have similar language usage, post content, tools, tactics, and procedures (TTPs). The presenters developed a modular web scraper that can extract data from forums and store said data for analysis. They explore opportunities to leverage machine learning techniques to automate and enhance the process of cyber threat intelligence (CTI) analysis in the future. This includes using natural language processing (NLP) to digitally fingerprint users based on speech patterns, trend detection between users and forums, and even a chatbot to assist the tool's users in finding specific information. The project provides analysts with a wholistic view of how users interact on these forums, making it more functional and versatile.

Data Autonomy: Counter-Surveillance Strategies for Civil Society

Marlon Kautz

The surveillance apparatus in the West is going critical, and civil society is not prepared for the fallout. Political leadership is explicitly targeting NGOs and social movements using surveillance capabilities that have been perfected over the past decade. This talk will evaluate the merits and limitations of different counter-surveillance approaches from the vantage point of grassroots organizers, and go beyond the stock advice of "use Signal and a VPN" to offer proposals for defeating state surveillance through technical infrastructure development and political organizing.

Design for Neurodiversity: Creating Neuro-Inclusive Spaces

Dorothy Howard

This talk will explore the concept of neurodiversity and its implications for designing events and spaces with neurodivergent people's diverse needs in mind. The neurodiversity paradigm promotes embracing neurological differences, emerging from the autistic rights and disability justice movements of the 1990s. Accessibility guides and resources rarely focus on neuro-inclusive design. The presentation will highlight strategies for creating neuro-inclusive environments informed by research in education, including examples such as low-sensory rooms in libraries and conferences. Attendees will be encouraged to reflect on how neuro-inclusive design can benefit the communities they engage with.

DIY Police Scanner With SDRs and Open Source Software

nop

Police accountability requires transparency, but access to relevant information is frequently hindered by collaborators in government or the police themselves. Fortunately there is one source of info we can take into our own hands: their radios. Police in the United States largely use the digital, trunked radio system "Project 25." We can listen in to this using spare computers, a few Software Defined Radios (SDRs), and open source software. Even better, we can go far beyond what very simple broadcastify-style dispatch streams offer, like having our own archives of radio traffic. Based on an actual system that sees real-world use, this talk will cover how to set up your very own DIY police scanner. Ansible playbooks and supporting scripts to streamline the process will be released, and practical tips and lessons for real-world applications of such a system will be covered.

Eco-Hacking Desire: The Intersection of Pornography, Sex, and Environmental Impact

Jasmin Hagendorfer

This talk explores the intersection of desire and sustainability, examining how even our most intimate moments leave an environmental footprint. The concept of sexecology, coined by Annie Sprinkle and Beth Stephens, bridges environmentalism and sexuality in creative ways. From solar-powered vibrators to eco-friendly sex toys, the session delves into the often overlooked world of green sex tech and eco-erotic practices.

Key questions explored will include:

• What are the true environmental costs of online pornography?

• How sustainable is our streaming culture and AI technologies?

• Can DIY pleasure practices be a form of political activism?

• What role does ethical pornography play in envisioning a better future?

The discussion will also cover energy consumption, server loads, and the hidden costs behind virtual acts of desire. The focus is not to shame desire, but to empower it with awareness, curiosity, and hacker ethics. The speaker, a feminist activist and artist, aims to foster a dialogue about how digital intimacy can become more visible, accountable, and hackable. This talk invites the hacker community and beyond to collaborate in rethinking the infrastructures behind online pleasure and to explore ways of making the environmental impact of these systems more transparent.

Esolangs as a Hacker Folk Art

Daniel Temkin

The most important computational art is happening far from museums, immersive art "experiences," and the smoldering ruins of NFT platforms. Esolangs, like demos and code golf, are hacker folk art, born entirely outside the art world, yet beginning to get wider attention as more digital artists and poets contribute to the form. This should not be a surprise with the critical work it has done to explore our relationship with technology, the politics of computing, the aesthetics of code, among many other subjects. This talk will present esolangs, not as a loose collection of language associated by algorithmic complexity, but a social history of how each language influenced the next, drawing from ten years of interviews for the blog esoteric.codes. It will look at esolangs as more than technical wizardry and consider aesthetics for this form that often pretends to eschew aesthetics entirely.

Expanding the BioArtBot Color Palette - A Beginner's guide to Lab Automation and Biosafety

Danny Chan

bioartbot.org/ is a project for encouraging curiosity in microbiology and lab automation through creative expression. It is an open source project built on a pipetting robot that draws user submitted pixel art by placing colored bacteria on agar. Using the story of the BioArtBot development as a guide, this talk will provide a basic overview of the technologies (hardware, software, and wetware) implemented in the BioArtBot. It will describe how lab automation is used in biotech companies, how it might be used by amateur/community investigators, and how the BioArtBot is an interesting framework to contribute to if you are looking to skill-up in lab automation. It will also describe how the living pigments for this project were created and sourced, how you might create/source your own, and the amazing diversity of living chemical refineries that are bacteria. So if you're interested in robots and bacteria, come find out how we can command our tireless inorganic creations to deposit aesthetically pleasing arrangements of the ancient form-factor of all life.

Exploiting Emergent Property-Based Vulnerabilities in Large Language Models

David Kuszmar

As AI technology expands across both benign and malicious applications, our understanding of the attack surface must evolve to account for emergent properties in complex systems. In large language models, these emergent behaviors create novel classes of vulnerabilities that are not only unpatched, but largely unrecognized. By systematically manipulating the model's limited perception of reality, attackers can induce cascading failures that go far beyond traditional filter bypasses, exposing fundamental weaknesses in the internal logic and contextual binding of these systems. This session will unpack how these vulnerabilities work, walk through real examples, and explore the far-reaching implications for AI security, governance, and safety.

The Five Pillars for Rewriting History and Culture

Alexander J. Urbelis, Daniel Nowak, Roel Schouwenberg

From printing press to blockchain, technological advances reshape historical narratives across five pillars: finance, governance, faith, communications, and consciousness. Influential entities employ sophisticated cyber and information solutions to manipulate resources and power. Governments, corporations, and NGOs manage narratives, shaping opinion and obscuring truths as they manage perception. Religious groups use digital platforms to spread doctrine, blurring traditional faith boundaries. Social media and emerging technologies amplify disinformation worldwide. These operations exploit cognitive vulnerabilities, reshaping collective memory and fueling evolving consciousness. This talk will examine how technology-driven psychological operations can unmake historical canons, normalizing new realities and marginalizing dissent. The presenters will highlight ethical dilemmas and stress the urgent need for transparency, critical awareness, and decentralization across all pillars. Lastly, they will offer recommendations for how the individual can remain resilient in the face of these existential threats and multifaceted Manichean devils.

From Activism to Hacktivism: Resisting Digital Repression

Gabrielle Joni Verreault, Elina Castillo-Jimnez, Jane Eklund, Ken Mayers (Moderator)

This panel discussion will offer insights into the challenges faced by human rights defenders and hacktivists in today's context of intensified digital repression, including surveillance, censorship, and cyberwarfare. The three panelists will report from the frontlines, sharing their technical expertise and experiences living among activists and supporting them in their work in different countries. Topics will include hacktivism in Ukraine, disrupting surveillance in Serbia and Thailand, and tech and reproductive rights in the USA and worldwide. Each panelist will briefly share their stories and insights, and then the discussion between them and the audience will be opened.

The Future of Email Is Open

Dejan Štrbac, William Lessard

Email is one of our most essential tools, yet it's controlled by a handful of corporations that scan, monetize, and gate-keep our communication. In this talk, the presenters will introduce OpenEmail, a ground-up re-imagining of async communication built on a radically simple, open protocol. Designed for privacy, integrity, and interoperability, OpenEmail combines end-to-end encryption; decentralized delivery; and a public, extensible architecture to give users true ownership of their communication, and developers the freedom to build on top of an open social protocol. They will explore how a spam-free, surveillance-free inbox, where messages are trustworthy by design, can reclaim the Internet as a space for open, human connection, free from Big Tech. More than just a talk, this is a call to arms: to take back control of our communication and build a digital future that serves people, not profit.

Getting Out of DOGE: A Discussion With a Former DOGE Engineer

Sahil Lavingia

The whole world has been watching as the "Department of Government Efficiency" (DOGE), the partnership between Elon Musk and the Trump administration, has worked to fulfill its pledge to reduce waste, fraud, and abuse in the federal government. Despite promises to the contrary, there has been very little transparency about DOGE or its operations - until now.

Join Sahil Lavingia, a former DOGE engineer, as he guides us through what DOGE is actually doing, explores the kinds of technology being used, and suggests ways we can improve systems in general. With both a background as a software engineer and rare insight from having actually worked for DOGE, Lavingia will help shed light on topics either previously unknown or filtered through the media.

To quote Livingia's NPR interview: "I personally was pretty surprised, actually, at how efficient the government was."

Hackers Got Talent

Jason Scott

It just wouldn't be HOPE without another installment of "Hackers Got Talent." This is an opportunity for hackers from all around the planet to show off their talents in this cheeky display of hacker (and totally non-hacker) skills. Just sign up at InfoDesk and the talent you decide to share is entirely up to you. (Seriously, anything you're good at is a talent.) Hacker archivist Jason Scott will again be on hand to keep everything moving. Judging will be done by a combination of panelists and audience members. First place wins a valuable prize! Second place... we'll see.

Hacking for Social Justice

Danacea Vo

"How can my hacking skills become a force for advancing social justice?" Those who ponder this question often know what they're up against - oppression, inequality, enshitification.... But the path toward building meaningful change can feel unclear or overwhelming. This talk draws from years of experience working alongside activists, human rights defenders, and digital organizers, and offers a practical framework for lasting, meaningful change. You'll gain social impact strategies that will help you align your technical skills with the movements and communities you care about. If you've ever felt the call to do more - with purpose, with clarity, with community - this is your invitation.

Hacking Search: Kagi's Revolt Against the Ad-Tech Machine

Vladimir Prelovac

You know the drill: search for official travel info, get an overcharging third-party site. Look for a hotel, get a misleading aggregator. "Free" search costs you time, money, and trust. Kagi is the revolt - a paid, obsessively user-centric search engine architected to serve you, not the advertisers. This session reveals how Kagi sidesteps the surveillance model, leveraging diverse sources and AI tools (under your control) to deliver clean, customizable results. Founder Vlad Prelovac will detail the tech choices enabling genuine user agency (blocking SEO garbage, elevating trusted sources via filters), the challenge of building viable alternatives outside the ad-tech ecosystem, and the fight to restore user agency against data-hoarding monopolies. If you're tired of being the product on the web, join the resistance.

Hacking the Future at Tesla Science Center

Michael Caprio, Jeffrey Velez, Ed Wilson

The year 2026 marks the 170th birthday of Nikola Tesla and will also be the year that the grounds of his Wardenclyffe laboratory will at last open to the public. Learn about the latest goings-on from Tesla Science Center at Wardenclyffe detailing their visitor center renovation and opening; development of their amateur radio station and radio club; expansion of their public and educational programming with space science courses, events, and hackathons; a future hackerspace; and more exciting projects!

Hacking the Tech-Industrial Complex: Learning to See Invisible Systems

Seth Godin

The author of more than 20 international bestsellers gives us an inside view of the systems that drive our culture. Every dominant system works to maintain itself, and we can find strategies and stories that push to make things better.

Hack the Violin Part 2: The Advanced Stuff - This Time There's AI

Andrew Morican, Ebmbat

This is a follow-on from "Hack the Violin: A Hacker's Approach to Learning, Playing, and Teaching the Violin" from Hope XV.

This will be a look at technology, most notably AI and hacking the violin. You will learn what's out there and what the presenters were able to achieve with their own AI project regarding practicing and engagement. You will also learn about AI with live performance and creation, as well as AI and string sampling - and see how sampling may be altering the stringscape.

Hardware Hacking Meets Art: How Movie Special Effects Are Made

Davis DeWitt

Step into the world of movie magic with Davis DeWitt, a filmmaker, inventor, and former Mythbuster and learn how combining hardware hacking with art creates objects that do more than function: they evoke emotion and tell stories. From blowing up cars to building robots with personality, this talk will explore why it's important to tackle projects that blur the lines between disciplines.

How a Handful of Location Data Brokers Actively Track Millions, and How to Stop Them

Bill Budington, Lena Cohen

In the past year, a number of investigations have revealed the outsized role of a few select companies in gathering, storing, and selling the location data of millions of devices - and by extension people - worldwide. These companies largely use technologies which power the online advertising industry in order to collect and disseminate this data. To make matters worse, this data has been both provided to private investigators on the mere assurance that they plan to work with law enforcement, and has been subject to data breaches which put the privacy of millions at risk. This talk will elaborate on the technologies, data flows, and industry players which comprise this complicated ecosystem. Most importantly, it will cover some basic steps you can perform to protect yourself against the wide array of location privacy harms your device subjects you to. The presenters will show tools and techniques they've developed to allow users to take back ownership of our devices, rather than our devices owning us.

How I Used and Abused LLMs to Get Top 250 on HTB

Rambo Anderson-You

This talk explores an experiment in giving AI system-wide access to compete on Hack The Box (HTB). The talk details the development of a semiautonomous workflow for capture the flag (CTF) competitions, involving jailbreaks, LLM switching, and hardware. Through iterative diagrams, the talk traces how the workflow evolved as the AI improved at capturing flags. This presentation considers how this CTF solving AI slop might extend to real world scenarios like penetration testing, red teaming, and bug bounty hunting.

How Law Enforcement Agencies Compromise Entire Encrypted Chat Platforms

Joseph Cox

Law enforcement agencies compromising entire encrypted communication platforms to read peoples' messages is no longer an outlier. It is the new normal. That includes the FBI taking a tech startup called Anom and inserting its own backdoor, French authorities pushing a malicious update to tens of thousands of EncroChat devices, European cops hacking another company called Sky, or any of the increasing number of related cases. In this talk, Joseph Cox, co-founder of 404 Media and author of Dark Wire will detail police tactics, pulling from his nearly ten years of covering the encrypted phone industry.

How to Be Positively Transgressive: Hacking Culture for Good

Johannes Grenzfurthner (monochrom)

In an era where transgression has been co-opted by reactionary forces, how can we reclaim subversion as a tool for positive change? Historically, countercultures, hackers, and artists have used disruption to challenge power structures, expose hypocrisy, and expand the boundaries of what is possible. Yet today, the same methods - culture jamming, media pranks, and ideological infiltration - are increasingly wielded by ultra-right movements to erode democratic values and spread reactionary narratives.

This talk will explore how we can re-hack the hacker mindset: How can we use transgressivity in ways that are constructive rather than destructive? How do we subvert without merely burning things down? Can we retool the aesthetics and tactics of countercultural rebellion to push society forward instead of backward?

Through historical examples, personal experiences, and a healthy dose of mischievous strategy, this talk will try to outline actionable ways to engage in cultural hacking that disrupt oppressive systems while reinforcing community, inclusivity, and progressive values. Because giving up on the tools of subversion means surrendering the battlefield. And that, phreaky phriends, is not an option.

Human Augmentation: Hacking Human Perception and Performance With Technology: Benefits and Dangers

Lucas Potter, Xavier Palmer, Vivekanand Pandey Vimal

Human augmentation is the idea of using technology to hack, alter, and enhance human perception and performance. Imagine being able to enhance your ability to navigate by sensing the flow of magnetic fields like a pigeon. Many industries are starting to explore human augmentation, such as space (enhancing astronauts), medical (rehabilitation), entertainment (greater immersion), military (greater performance), among others. In the first presentation, Dr. Vimal will begin by providing an overview of psychology and neuroscience research on the topics of human augmentation. Then he will share his own NASA-funded research on using sensory augmentation as a countermeasure for spatial disorientation. What dangers could arise from building a bridge between human and sensory augmentation devices that have the capability of altering human perception? This question will connect to the second presentation of the panel, where Dr. Palmer and Dr. Potter will explore how human augmentation connects to security through biocybersecurity followed by Q&A.

Introducing the HOPE Badge

Michael Schloh von Bennewitz, Victoria Joh, Vinicius Fortuna

If you are the lucky owner of a HOPE badge, you may ask how it really works and what are the limits of exploring its hacker potential? This talk is for novice and intermediate badge hackers, so they can benefit from expert mentors teaching and guiding the exploration of badge interfaces. If you want to develop in the way that the HOPE badge producers do, please install ESP-IDF for the ESP32-C3 and read "Get Started ESP-IDF" beforehand. Bring your computer, and you can do it!

Invisible Ink of Compression

XlogicX

When you pop the hood of RFC 1951 (DEFLATE), there lies an interesting playground that would be otherwise unseen in the context of compression use cases. This talk will address many aspects of the ubiquitous DEFLATE compression, none of which involve compressing data! "Designer Compression" scenarios will be explored, such as blocks of DEFLATE data that can be fully ASCII printable, contain no data, buffer underflow access of nulls, and even apply forms of recursion. We will also see forensic data extraction from compressed fragments, employ difficult to detect watermarking, demo a covert channel PoC (deflate in http), and forever-cookies. The presentation style will take a high-level first pass and then dig into the technical details with the time left.

Itinerant Signal Institute (Rite of Spring)

Amelia Marzec

"Itinerant Signal Institute" is a project that leverages open source technology to examine and communicate about land use. As we move into an era of potentially increasing climate migration, the project aims to create a network of sensors that test environmental toxins. It examines the effect of local emissions on global climate change, using small devices that test the air and soil. That information is then shared via a portal. Imagery for the project will include ritual costumes that mark the changing of seasons. The project began with visits to polluted locations in New York City, including Governors Island (a former military base) and Newtown Creek (one of the most toxic waterways), and working with the Urban Soils Institute to collect information for the project.

New Journalism: Reimagining Information Networks From the Ground Up

Patrick Boehler

This presentation explores how communities are developing resilient information-sharing systems that outperform traditional journalism. Drawing from research on independent journalism in China, Patrick will examine how these organic networks function as advanced social technologies that challenge conventional understanding of information distribution. The talk invites the HOPE community to reimagine information infrastructure that can withstand authoritarian control, resist corporate manipulation, and genuinely serve community needs through collaborative problem-solving and the application of security expertise in distributed systems.

Not Your Private Army: On the Trail of Cyber Ops

Emma Best

During the past two decades, hacktivist spaces have been infiltrated and co-opted by hostile interests, ranging from state actors to political and corporate entities and entitled oligarchs. This talk examines how these outside parties have attempted to build private cyber armies and task forces through the recruitment and exploitation of gray and black hat hackers. Special focus is given to the "Anonymous" brand, Western state actors, and the 2022 Russian invasion of Ukraine.

NymVPN: The First Real-World Decentralized Noise-Generating Mixnet for Anonymity

Harry Halpin

Nym is the first decentralized noise-generating mixnet to provision real-world network anonymity to Internet users even against nation-state adversaries. The aim here is to supersede existing VPNs in order to fight increasingly more powerful authoritarianism and surveillance. Unlike traditional centralized VPNs that can be de-anonymized by a global passive adversary - like the NSA - based on their traffic patterns, Nym adds noise ("cover traffic") to existing Internet communications. Similar to Tor, Nym routes each packet separately over a decentralized network of servers, but unlike Tor, mixes traffic and adds noise at each hop. After being introduced at HOPE five years ago, NymVPN has now shipped. NymVPN is an easy to use app for all major operating systems that makes using the Nym network as easy as using a traditional VPN for ordinary people, with both a "fast" and "anonymous" mode. The "fast" mode features speeds comparable to centralized VPNs using the same decentralized network as the mixnet, but without mixing. Via the SDK, the Nym mixnet remains free to use by hackers to build the next generation of privacy infrastructure.

Off-Grid Data Running in Oppressive Regimes: The Pirate Box Project (and Sneakernet!)

LambdaCalculus

In today's political climate in the U.S., the Internet as we know it is in danger of becoming heavily monitored, privatized, and censored. Information may only be what the corporations and government want you to see, and it may become difficult for marginalized and poor communities to have access to free information and education that the Internet provides. But by building an off-grid, mesh networked system known as the Pirate Box, it'll become a pivotal way of being the data runner your community needs. The Pirate Box is a form of Sneakernet, and this talk will give you a brief overview of both, as well as strategic tools and ways to make a Pirate Box of your own, along with projects in the spirit of the Pirate Box.

Phrack Magazine #72 - 40th Anniversary Release Party

Netspooky, TMZ

Celebrate 40 years of legendary hacking with Phrack Magazine! Netspooky and TMZ will be dropping a special hardcopy release of their magazine, packed with cutting-edge research, underground insights, and tributes to decades of digital rebellion. Don't miss this milestone issue - crafted by the hackers for the hackers. Free, of course, as always. Grab your copy, meet the crew, and honor the zine that defined an era.

The talk will explain a bit about Phrack's history, how it all started, and where it's going - the vision of the new editorial staff and how Phrack is changing. You will get a rare insight into what it takes to run an underground hacking magazine. You'll learn what it's like to work with the many authors, reading and fixing articles, dealing with obscure submissions, and what it takes to get your article accepted and become an author in Phrack.

For the first time ever, a "secret challenge" has been included in the hardcopy magazine for you to find and to solve. The prize for the winner will be revealed at the talk.

The Political and AI Singularity Are Inevitable - Or Are They?

Roel Schouwenberg

America's transition from a literary society to one shaped by social media and AI has revolutionized how we communicate, process information, and engage politically. AI's conversational nature deepens this shift, influencing culture and cognition. This talk will explore these new realities and provide insights into how to navigate them.

The Present and Future of Online Discourse

Harper Reed

Today's technologies greatly empower individuals and groups, while simultaneously creating tremendous risks to freedom and privacy. How can major forces like big tech, artificial intelligence, and political governance be guided towards pro-social outcomes? What can individuals do? Is there hope for social media to heal divisions, rather than amplify discord? These and other topics will be addressed during this lively and far-ranging presentation.

Print, Build, Fly, Heal: 3D-Printed Autonomous Planes for Medical Delivery in Rural Mexico

Dana Gretton, Jaguar Kristeller

This talk focuses on a project with medical students in Alamos, Sonora, Mexico to develop affordable delivery drones that can get urgent medical supplies to remote communities. What currently takes days to reach by mule through mountainous terrain can hopefully be accomplished in minutes by air. This talk chronicles the evolution from off-the-shelf hobby planes to locally-built, 3D-printed aircraft capable of autonomous waypoint missions. The speakers will discuss the technical choices behind their current $1000 prototype (and how they plan to cut costs in half), alongside the organizational structure they're developing to sustain this work. Recently, they established "club guilas" with local medical students - one of whom has completed pilot training for the test aircraft. The biggest challenges faced aren't the technical ones, but rather organizational sustainability: how to transition from a project driven by visiting engineers to one owned and operated by local communities. Plans will be shared for creating a federated network of university clubs, and the blueprint for a lean nonprofit structure to support them.

PrivacySafe and 3NWeb: Engineering User-Centric Digital Sovereignty

Mikalai Birukou

We want to control the technology we use, and we want to trust it. At the same time, we expect it to be convenient. 3NWeb is a groundbreaking framework that gives users full control over their digital interactions across devices, while preserving privacy and independence from centralized systems. Grounded in core principles like the principle of least authority (PoLA) and web-style federation, 3NWeb reimagines how services should operate in a user-first Internet. This presentation includes a demo of PrivacySafe, a client-side 3NWeb platform that is real, downloadable, and ready to use today. Its careful implementation raises meaningful questions from a range of perspectives: users, organizational administrators, application developers, and service providers. The session will address practical considerations and continue with in-depth conversations in the hallway track.

PrivacyTests.org: Web Browser Leak Testing

Arthur Edelstein

PrivacyTests.org is an open source privacy audit of popular web browsers. The project subjects web browsers to automated leak tests and regularly publishes the browsers' test results head-to-head on a website and on social media. The goal of PrivacyTests is to encourage all web browsers to mend their ways and comprehensively protect everyone's privacy. By thoroughly exposing the leaks in web browsers, the website helps users choose a more private browser, and thereby puts pressure on browser makers to fix their privacy leaks. In his talk, Arthur will give some details about the project's approach to testing and presenting test results, and show how browser privacy has evolved over the past four years.

Quantum Computing and AppSec: Preparing for the Post-Quantum Threat

Sheshananda Reddy Kandula

Quantum computing is poised to disrupt modern cybersecurity. With the potential to break widely used encryption algorithms, such as RSA and ECC, quantum threats pose a significant risk to web applications, APIs, and secure communications. This talk provides an introduction to quantum computing for application security professionals, outlines the threats to current AppSec practices, and explores how organizations can begin transitioning to post-quantum cryptography (PQC). Attendees will leave with an understanding of the timeline, tools, and strategies required to prepare for the post-quantum world.

The Quantum Curtain

Ed Ryan

High technology has taken on a new meaning. As AI technologies grow increasingly creepy and quantum computing catches major headlines, the U.S. government is scrambling to cover its posterior. Recognizing that these technologies pose a significant security risk, the U.S. Bureau of Industry and Security has imposed export controls on AI and quantum computing technologies in an attempt to limit their spread. This talk will discuss the history of export restrictions, touching on cryptography and the Playstation 2, before moving on to explain the new restrictions and their implications for those working in impacted fields. The idea of a "deemed export," which limits who is even allowed to learn about certain technologies, will be addressed.

RDP Spray and Pray: Research on Modern RDP Attacks From Spray to Exploit

Tess Mishoe

RDP has been around the block for a while. Since 1998, admins shudder at the mere mention of port 3389. It's anything but old-hat, though - even today, there are a lot of active attack methods and adaptations for the modern world. This talk will be going through the world of RDP attacks from the perspective of an attacker, a defender, and us - the researchers and engineers. Some mass RDP attack data will be showcased, along with how to identify, label, and further prevent these attacks in the future.

A Red Team Exercise 2025, 15 Years Later

Tom Brennan, Vladislav Gostomelsky, Logan Klein

This presentation is about red, blue and purple teams, along with the rest of the rainbow. Dig in for a fun and interactive presentation where the panel threat models and then attacks people, process, and technology. Bring your creative thinking and defensive skills and try to stop the... hackers.

rim: Reclaiming Personal Data Sovereignty in the Age of Wearables

Dana Gretton, Jaguar Kristeller

As we approach a future where body-worn devices capture increasingly intimate biometrics, the question of who controls that data has never been more urgent. This talk introduces rim, a techno-social vision and set of protocols challenging the standard model of cloud-based data extraction by building tangible, person-to-person systems for storing and sharing potentially intimate live data streams, innovating at the edge of taboo to expand human connection while preserving privacy and autonomy. There will be a demonstration of early prototypes of wearable devices implementing an "SD-core" aesthetic and detailing the technical underpinnings of protocol concepts including data "dissolution" and "crystallization" with erasure coding and intermittent connection tolerance. Beyond technical implementation, the presenters will discuss how this paradigm shift creates space for entirely new forms of human-to-human connection at the boundary of what's technically possible and socially acceptable.

Shadow Alts: Building a Surveillance-Resistant Web Presence

Iris

How do you get your messaging out to the world when the most extensive surveillance apparatus in human history is bearing down on you? Whether you're a whistleblower targeted by your government, an activist fed up with playing by the rules, or a journalist stepping on the toes of the world's most powerful, must we be resigned to having our identities revealed to those who would repress us?

This talk will outline the steps needed to build out a web presence that effectively conceals your identity from the most capable of three-letter agencies. This will include building and hosting websites, running social media, and even taking donations and hosting basic digital infrastructure.

Most importantly, the methods outlined will be as accessible as possible; building your platform should not just be a privilege of those with high technical skill.

The Shape of the Legal Battlefield for InfoSec Professionals at Work

Ken Vedaa

It is no secret that sometimes there can be tension between InfoSec professionals and the organizations that they work for. Security professionals spend their days (and sometimes nights and weekends as well) buried in the dirty laundry that others pretend does not exist. These tensions can bubble up in unexpected ways. As an InfoSec professional, what are the common legal concerns that you need to be aware of at work? How do these challenges change over time? What should you keep in mind when considering a new job?

A Sleuth's Stories on Detecting and Revealing Large-Scale Research Fraud

Mu Yang

In this talk, the speaker will share how they stumbled into this work by accident and what it's like to operate as a scientific sleuth within academia. The bulk of the presentation will focus on real-world cases of research fraud and misconduct, spanning fields from neurodegenerative diseases to chemistry, physics, and materials science. The talk will, through these examples, explore: the techniques and tools used to detect irregularities; how issues are reported to journals and publishers; the distinction between honest mistakes and deliberate manipulation; the collateral damage caused by misconduct, including its impact on public trust in science. The final section will examine the social and economic drivers of research fraud - and outline the systemic changes needed, globally, to break this cycle and restore integrity in science.

Solving My Identity Crisis

Dr. Phill Hallam-Baker

Traditionally, Internet accounts are controlled by the service providing them. There is no 'number portability' for email addresses. Switching costs discourage service changes. Recently, Bluesky has disrupted this model and 32 million users now use account names based on the Internet identity infrastructure, DNS - names that users can register and control directly through DNS handle providers.

This presentation will describe three standards proposals extending this approach. @nywhere extends the authentication approach to allow DNS handle accounts to be used at any Internet resource, not just those running ATprotocol. @nyone combines the DNS handle approach with JSContact to provide account portability and secure exchange of credentials for end-to-end secure communication. @nything allows network connected devices to become true Internet things with an Internet DNS name, WebPKI credentials, and using @nywhere and @nyone to support access control.

The Struggle for Connection in a Fragmented World: Rebuilding Third Spaces

Jack Gangi

Third spaces - those vital, informal gathering places between home and work - have long been central to hacker culture, but they're vanishing. This talk will explore why third spaces matter more than ever for connection, creativity, and counterculture, and how we can rebuild them in a world increasingly fragmented by gentrification, digital monopolies, and social isolation. From hackerspaces to IRC to local meetups, Jack will trace our roots and offer ideas for rekindling authentic community, both online and off.

Systems of Dehumanization: The Digital Frontlines of the War Against Bodily Autonomy

Daly Barnett

This presentation covers the years of security research and surveillance investigations that Daly (a senior staff technologist at the Electronic Frontier Foundation) has done on the various threats facing movements for bodily autonomy. She covers the bad Internet bills that made sex work more dangerous, the ongoing struggle for abortion access in America, and the persecution of trans people across all spectrums of life. These issue-spaces are deeply connected, and the digital threats they face are uniquely dangerous. Come to learn about these threat models, as well as the cross-movement strategies being built for collective liberation against an authoritarian surveillance state.

Things You Wish You Knew About Software Testing

Dan Nagle

Everybody agrees that software testing is important, but how does one actually go about accomplishing this efficiently? Here is a presentation about testing that has actual examples, immediate tools that can be used, and some really interesting and unexpected ways that code can break. This is a fast moving presentation discussing techniques in a way that both coders and non-coders can learn.

Tips on Living Life in Interesting Times

Mitch Altman

What motivates us to do what we do? How do we find meaning in doing it? What makes us choose what we choose? Can we do better? What is important? Can we thrive and feel excellent, regardless of particular outcomes? These questions may now be more pressing than ever in our most interesting of times.

Throughout our lives we tend to go with the flow of what is happening, making choices by default. Where do those choices come from? In the face of the rapidly changing and challenging times that we live in, personal and political, social and economic, can we find motivation to do what we do? Can we actually improve anything? Can we find and maintain enthusiasm to move forward into the unknown and feel good about our choices, regardless of outcome? Mitch will draw from lessons learned (and re-learned), doing his best to face the challenges while often haphazardly wandering through his 68 years on the planet. This talk will attempt to address these existential, important questions that we all face (whether consciously or not).

Top Ten: Democratic Open Source Software Defined Radio and Amateur Radio Applications That Matter Today

Steve Bossert

A major benefit of the widely used open source Git platform is every project is voted on by its followers, making selection easy for what is the most popular and worth paying attention to. This presentation focuses on the top voted applications focused around software defined radio, as well as amateur "ham" radio. Time only permits the top ten to be covered. This is a great way to showcase how diverse these two crossover topic areas have become in recent years. Some projects are purely software-based while others are a mix of open source hardware plus software. High level coverage of these amazing projects will be included, but will be explored in more depth as part of a separate hands-on workshop during HOPE_16, making this presentation a must attend for anyone interested in radio-related topics!

The Trials and Tribulations of Building Your Own Phone

Wesley Appler (aka lamemakes)

Over the last two decades digital surveillance has become baked into our daily lives. Your current and past location, who you're in contact with, habits/interests, sensor data, and a trove of other personal information is constantly being sent to third parties by the smartphone that is nearly always carried on us. What would it look like if we reconsidered the mobile phone entirely, putting extra emphasis on privacy and intentional disconnection via open source hardware and software? This talk will follow Wesley's journey to do just that, starting at the conception of the idea, getting acquainted with mobile networks/operators, obtaining proprietary datasheets, designing hardware, failed/successful prototypes, the current state of the project (along with demos), and how any interested parties can get involved.

Turning Leaks Into Leads With OCCRP Aleph

Ezana Ceman, Klil Eden

You've got a leak, a name, or a suspicious company. What's your next move? In a world where corruption thrives in the shadows, the Organized Crime and Corruption Reporting Project (OCCRP) provides the infrastructure to bring truth to light. At the core is Aleph, a powerful data platform built to help investigators follow the money and uncover complex networks across diverse sources. Bring your own data or explore the presenters' - the OCCRP data team collects and curates four billion records from nearly 200 countries, ranging from corporate registries and sanctions lists to court filings and leaked documents. This session will walk through how Aleph powers live investigations, transforming raw, chaotic data into structured insights that expose the actors and assets behind fraud and abuse of power. Designed by journalists, researchers, and developers on the frontlines, Aleph is more than a tool - it's a global community working together to uncover the truth. What will you find?

Unearthing Air

Todd Whitney

Breathing polluted air is an unfortunately common human experience. Yet even as particulate matter settles in our lungs and occupies our minds more than ever, most of us lack the words and abilities to create better breathing environments.

This talk will invite the HOPE community to develop personal and proactive approaches to the air we breathe by bringing it down to earth. Air is invisible, but very material and personal. This talk demonstrates hacking opportunities in the tools we traditionally use to sense, measure, and make air make sense. The presenter will dive into communication tools like the air quality index, open source sensors, and the emerging ethics of community air quality monitoring. Importantly, everyone will come away with fresh frameworks and tools they can use to begin designing their personal pollution priorities.

When the Lawman Comes Calling - Government Data Demands and Online Platforms

Fred Jennings

Drawing on over a decade of experience, this talk will first introduce the statutes, rules, and concepts governing law enforcement requests for user data, ranging from basic subpoenas to secret FISA search warrants. From that foundation, the discussion will cover practical steps that web services and individual users can take to reduce their legal attack surface, minimize their risks, and maximize their protection from invasive data disclosures.

Zodiac Killer Marketing: How I Used Codes, Cyphers and Nefarious Means to Launch a Covert Food Business

Chef Adam Sobel

During the pandemic, Adam launched Galactic MegaStallion, a new vegan food business, but decided traditional marketing was boring and morally icky. Instead, he created an elaborate system of codes, cyphers, a mysterious hotline, and strategically (and illegally) placed billboards that led curious people to find his food through coordinates. This presentation will cover how and why he developed this unconventional marketing approach, and how breaking traditional marketing rules and business conventions actually built a delighted customer base.

HOPE_16 Closing Ceremonies

Nothing lasts forever and that even applies to HOPE (the conference, not the concept). We will reminisce about what happened this weekend as if it was a decade ago. And we can guarantee there will be many fun stories to share. If you're really lucky, you'll get to help us clean up!