My first reported feature for @therecord_media is a complicated story about the community and compliance issues I encountered penetration testing mask policies at Hacker Summer Camp therecord.media/fear-and-covid…
It’s not just an exploration of how well the masking rules were followed or enforced in Vegas, but my own identity as a hacker and how it compels me to use journalism to report on public safety issues—like mass travel and gatherings in a delta variant hotspot.
The Union that reps workers at the conference venues told me 146 members or their immediate families have died and 1,508 have been hospitalized due to COVID-19 since March 1, 2020.
Black Hat was scary—no vax requirement—extremely lax mask compliance and there wasn’t any sort of enforcement mechanism. Hostile unmasked attendees.
DEF CON was clearly prepared better than Black Hat for pandemic chaos and was responsive, but I found that their policies broke down when tested.
On Aug. 7, I was told by Inhuman Reg that if I saw someone violating the mask policy, I should ask a Goon to remind them. So I did, and that worked—at first.
Then a Goon refused to ask someone to mask, instead fighting with me about it being something only the hotel staff could do until the unmasked person had walked away.
That Goon walked away after I asked them to follow me back to registration so we could get clarification and I was shuffled through different folks without getting a firm answer until the next day
I also reported the same person for being unmasked to vape or talk 9 times over 2 days, Aug. 7 and 8, getting shifting responses from DEF CON Goons about what would and already had been done
On Aug. 8 the Goon Security folks assured me they were taking my (later confirmed) reports about the Goon who wouldn’t help the day before and the repeat unmasker seriously
But on my way to enjoy the conference after that meeting, a Goon themselves was unmasked so they could vape. The other Goon next to then refused to ID themselves by their handle so I could report them as a witness.
Then once I reported it through the nearest Security Goon, I got held up from my next meeting to be questioned until the Goons I already met with showed up and confirmed I was already in touch.
I felt like a security researcher being blamed for pointing out an exploit in code
I did still have meaningful moments of community at the CON, including talking #badgelife with the @ANDxNOR crew, comparing respirator modifications, and crying while sharing stories to Goons in the Memorial Room.
But ultimately the problems related to compliance, reporting, and enforcement on masks left me feeling gaslit and unsafe in ways that aren’t reflected in DEF CON’S Transparency Report.
Of course, compliance is inherently hard because we are all humans who make mistakes. I had my own compliance failures during reporting that I am transparent about in the piece.
The last of them was failing to immediately report sexual harassment I faced as I was leaving DEF CON on Aug. 8:
a quick exchange with an unmasked conference goer who declined to comment while calling me a “honey trap” — a demeaning joke about my female-presenting body
I didn’t report it until this week because of all the similar harassment I’d faced covering cons in years past—but also because the enforcement issues on masking made me feel like there was no point to making any reports.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
When major phone outages hit big cities including LA and DC in the early ‘90s, glitches in SS7, part of telephone software infrastructure, were to blame. But part of the supposed solution, a tech experts group chartered to advise the FCC called CSRIC, is now part of the problem.
As new innovation sped up, expertise within the FCC struggled to keep up and became more and more reliant on CSRIC for troubleshooting. But CSRIC’s membership is heavily skewed towards industry.