‘Twas the night before Christmas, and all through the house, hackers looked at each other and said : “w00t! Only two days to go until 28c3″.

The Chaos Communications Congress is the annual meetup of Germany's Chaos Computer Club, one of the oldest hacker collectives in the world. It takes place in Berlin every year at the height of the holiday season between Christmas and New Year's Eve, a time when only the dedicated European computer obsessive would leave their family and friends to spend four days in a conference centre with like-minded hackers and geeks.

The programme mixes technical talks from the security and free software worlds with talks about online rights and hacktivism, and is well known for breaking new issues that go on to be important in the wider world. Alongside the talks are space for Europe's computer clubs and hackspaces to demonstrate their current projects, as well as break out spaces for workshopping new tools and projects, and labs offering introductions to things like Arduino-based electronics, 3D printing and even lock-picking.

This year was the 28th Chaos Communications Congress (28c3 for short) and my third time going. Here are my highlights.

Roger Dingledine and Jacob Applebaum on TOR

For me, this talk illustrates the central role the hacker community is now playing in world events. The conference opened with a set piece from Evgeny Morozov on the perils of networked, digital surveillance, but it was this talk on Day 2 about the experiences of the TOR community with national network control infrastructures that felt like it united people at 28c3 against surveillance as a concept and a technology, in free societies as well as oppressed ones. The tub-thumping and the casual allusions to the technical vulnerabilities of state censorship technologies were tempered by the pair's obvious expertise and considered ethical attitude. Gold.

Defending mobile phones

Two years ago, at 26c3, Karsten Nohl announced that the GSM encryption protocol had been cracked. This year, he detailed how network operators should be securing their networks while they upgrade the encryption, and asked the community to help him keep track of how the operators perform. He also previewed a new project, CatcherCatcher, which will track the activity of IMSI catchers on behalf of phone users. IMSI catchers are thought to be increasingly used by law enforcement agencies to track people via their mobile phones.

The coming war on general computation

An expertly delivered talk in which Cory Doctorow reminded congress that “information appliances” (like iPads, Kindles and all the rest) are simply fully functional computers with spyware in them out-of-the-box: “All attempts at controlling PCs converge on rootkits and all attempts at controlling the network converge on surveillance”.

Sovereign keys

The EFF's Peter Eckersley proposes a way to fix the broken Certificate Authority system.

Towards a Single Secure European Cyberspace?

A beautifully constructed lecture by Suso Baleato cross-referencing the rhetoric used by European legislators to erode internet freedoms with the character of the new, networked activism which I ruin at the end by asking a stupid question no-one understands.

The hallway track

Random cool stuff I found out about from talking to people in and around the conference: the Open Source Next Generation Multicopter; the Hackerbus and Code Hero.