It was December 11, 2012, and in a small art space behind a furniture store in Honolulu, NSA contractor Edward Snowden was working to subvert the machinery of global surveillance.

Snowden was not yet famous. His blockbuster leaks were still six months away, but the man destined to confront world leaders on a global stage was addressing a much smaller audience that Sunday evening. He was leading a local “Crypto Party,” teaching less than two dozen Hawaii residents how to encrypt their hard drives and use the internet anonymously.

“He introduced himself as Ed,” says technologist and writer Runa Sandvik, who co-presented with Snowden at the event, and spoke about the experience for the first time with WIRED. “We talked for a bit before everything started. And I remember asking where he worked or what he did, and he didn’t really want to tell.”

The grassroots crypto party movement began in 2011 with a Melbourne, Australia-based activist who goes by Asher Wolf. The idea was for technologists versed in software like Tor and PGP to get together with activists, journalists, and anyone else with a real-life need for those tools and show them the ropes. By the end of 2012, there’d been more than 1,000 such parties in countries around the world, by Wolf's count. They were non-political and open to anyone.

“Don’t exclude anybody,” Wolf says. “Invite politicians. Invite people you wouldn’t necessarily expect. It was about being practical. By the end of the session, they should have Tor installed and be able to use OTR and PGP.”

The site of Edward Snowden's December, 2012 Crypto Party. Image: Google Street View

That Snowden organized such an event himself while still an NSA contract worker speaks volumes about his motives. Since the Snowden revelations began in June 2013, the whistleblower has been accused in editorial pages, and even the halls of Congress, of being a spy for China or Russia. A recent Wall Street Journal column argues that Snowden might have been working for the Russians and Chinese at the same time. “[O]nly a handful of the secrets had anything to do with domestic surveillance by the government and most were of primary value to an espionage operation.”

For the most part, these attacks have bounced harmlessly off Snowden, deflected by the Teflon of his well-managed public appearances and the self-evident risk and sacrifice he took on. One notable exception came last month, when Snowden submitted a video question to a televised town hall with Russian president Vladamir Putin; his question to Putin about Russia’s surveillance apparatus came across as a softball, and for a moment Snowden looked like a prop in Putin’s stage show.

But regardless of what you think of his actions, Snowden’s intentions are harder to doubt when you know that even before he leaked hundreds of thousands of documents to expose the surveillance world, he spent two hours calmly teaching 20 of his neighbors how to protect themselves from it. Even as he was thinking globally, he was acting locally. It’s like coming home to find the director of Greenpeace starting a mulch pit in your backyard.

The roots of Snowden’s crypto party were put down on November 18, 2012, when he sent an e-mail to Sandvik, a rising star in privacy circles, who was then a key developer on the anonymous web surfing software Tor.

Tor is free software that lets you go online anonymously. The software is used by a wide swath of people in need of extreme anonymity, including human rights groups, criminals, government agencies, and journalists. It works by accepting connections from the public internet, encrypting the traffic and bouncing it through a winding series of relays before dumping it back on the web through any of more than 1,000 exit nodes.

Most of those relays are run by volunteers, and the pre-leak Edward Snowden, it turns out, was one of them. (Through his lawyer, ACLU attorney Ben Wizner, Snowden declined to comment for this story).

In his e-mail, Snowden wrote that he personally ran one of the "major tor exits”–a 2 gbps server named "TheSignal"–and was trying to persuade some unnamed coworkers at his office to set up additional servers. He didn’t say where he worked. But he wanted to know if Sandvik could send him a stack of official Tor stickers. (In some post-leak photos of Snowden you can see the Tor sticker on the back of his laptop, next to the EFF sticker).

“He said he had been talking some of the more technical guys at work into setting up some additional fast servers, and figured some swag might incentivize them to do it sooner rather than later,” Sandvik says. “I later learned that he ran more than one Tor exit relay.”

Technologist Runa Sandvik held a how-to digital privacy session with Edward Snowden in Hawaii in 2012. Photo: Courtesy of Sandvik

Snowden used the address cincinnatus@lavabit.com – the same account he would use again less than two weeks later in his initial approach to journalist Glenn Greenwald. Snowden followed up by sending Sandvik his real name and street address in Hawaii, for the stickers.

Sandvik had never heard of Edward Snowden; at that point, nobody had. But she was already scheduled to be in Hawaii the next month for a vacation. She wrote Snowden back and offered to give a presentation about Tor to a local audience. Snowden was enthusiastic and offered to set up a crypto party for the occasion.

“I don't think Hawaii has had a successful crypto party yet, so that could be a really good opportunity to get the community going,” he wrote.

In Melbourne, Wolf received an e-mail asking for advice on putting together the Oahu event. She offered some tips: Teach one tool at a time, keep it simple. “If I’d known it was someone from the NSA, I’d have gone and shot myself,” she says.

Snowden used the Cincinnatus name to organize the event, which he announced on the Crypto Party wiki, and through the Hi Capacity hacker collective, which hosted the gathering. Hi Capacity is a small hacker club that holds workshops on everything from the basics of soldering to using a 3D printer.

“I’ll start with a casual agenda, but slot in additional speakers as desired,” write Cincinnatus in the announcement. “If you've got something important to add to someone's talk, please share it (politely). When we're out of speakers, we'll do ad-hoc tutorials on anything we can.”

When the day came, Sandvik found her own way to the venue: an art space on Oahu in the back of a furniture store called Fishcake. It was filled to its tiny capacity with a mostly male audience of about 20 attendees. Snowden spotted her when she walked in and introduced himself and his then-girlfriend, Lindsay Mills, who was filming the event. “He was just very nice, and he came to the door and introduced himself and talked about how the event was going to run,” Sandvik says.

They chatted for a bit. Sandvik asked Snowden where he worked, and after hemming and hawing, he finally said he worked for Dell. He didn’t let on that his work for Dell was under an NSA contract, but Sandvik could tell he was hiding something. “I got the sense that he didn’t like me prying too much, and he was happy to say Dell and move on,” she says.

Crypto Party founder Asher Wolf. Photo: Courtesy of Wolf

Sandvik began by giving her usual Tor presentation, then Snowden stood in front of the white board and gave a 30- to 40-minute introduction to TrueCrypt, an open-source full disk encryption tool. He walked through the steps to encrypt a hard drive or a USB stick. “Then we did an impromptu joint presentation on how to set up and run a Tor relay,” Sandvik says. “He was definitely a really, really smart guy. There was nothing about Tor that he didn’t already know.”

“Everything ran very smoothly,” she adds. “There were no questions about how to do things or where to put the chairs. Maybe he’s just really good at organizing events.”

At the end of the party, Sandvik said goodbye and returned to her Hawaii vacation. Snowden, in a follow-up post to the Crypto Party wiki, pronounced the event a “huge success.” “More people attended than expected, and we had a solid mix of age groups and genders.”

Sandvik, based in Washington, DC, didn’t think of the Dell worker again, until six months later on June 9, 2013, when the Guardian identified the source of its first two blockbuster NSA leaks. “It was pretty funny. Twitter was talking about ‘Edward Snowden,’” she says. “I click on a link to the Guardian and think, he looks really familiar.”

After Snowden revealed himself, Sandvik began quietly keeping tabs on his Tor relays, which went dark a month later. But she kept the story to herself. “I didn’t feel it was my story to tell, but it’s online and anyone can easily find out I was there,” she says. “I’ve been waiting for it to pop up.”

Surprisingly, she was never contacted by the FBI–who would probably not find her cooperative anyway. “That puzzled me a bit,” she says. “His girlfriend was filming it–the whole thing was on film. But the video was never put online, I’m told because the audio was bad.”

Last week Glenn Greenwald published his book on Snowden, No Place To Hide, which revealed the Cincinnatus nickname for the first time, leading me and others to the Oahu crypto party post. It turns out Snowden sent his first anonymous e-mail to Greenwald just 11 days before the party. At the time of the event, he was still waiting for Greenwald to reply.

“I kind of hope, secretly, that the crypto party offered Snowden an outlet to think about what he was already beginning to plan to do,” Wolf says.

“I’m kind of proud that he taught a group of people as well,” she says. “That’s huge. We relied on volunteers who often put themselves at risk to teach at places and situations that were uneasy for them. That was a huge risk for him to teach a crypto party while he was working for the NSA. I’m glad he did. What a fucking legend.”

(Disclosure: I'm on the Freedom of the Press Foundation's Technical Advisory Board with Sandvik, and both Snowden and Greenwald sit on the foundation's board of directors.)