Digital Pamphlet

Citizen Hacks Digital Pamphlet.

Check out this document for everything you need to know about Citizen Hacks! It will be updated regularly in the days leading up to the event, as well as during the event.


Friday, September 6th

Time Event
17:00 Bus from Waterloo arrives
17:15–18:15 Registration and Dinner
18:15 Opening ceremony begins
18:30–19:00 Keynote address from Dr. Ann Cavoukian
19:30 Opening ceremony ends
19:30–21:00 Team formation and sponsor fair
19:30–20:30 Problem-Product Market Fit: How to build a product for a scalable business
20:30–21:30 Putting PIPEDA into Practice: Generating privacy-based hack ideas
21:45–22:45 Intro to Keybase Bots
23:00–1:00 MLH Localhost: How to Collaborate with GitHub

Saturday, September 7th

Time Event
00:00–1:30 Midnight snack
7:00–9:00 Breakfast
8:45–9:45 Just say no to “Just say no”: youth engagement for privacy
10:00–11:00 A hands-on workshop on DNS Security
11:15–12:15 Privacy Enhancing Technologies for the Internet
12:00–13:30 Lunch
12:30–13:30 How to make an app that is not a privacy horror show
14:00–15:00 Panel Discussion: Education for ethical design thinking
15:30–17:30 Hands-on introduction to Offensive Cybersecurity
18:00–19:30 Dinner
18:30–19:30 The Future of AI in Society: from the perspective of three insiders
20:00–21:00 Slideshow Karaoke
22:00–23:00 VIM Competition

Sunday, September 8th

Time Event
00:00–1:30 Midnight snack
7:00–9:00 Breakfast
8:00 Devpost submissions close
10:00–11:30 Judging
11:30–13:00 Lunch
13:00–14:00 Closing ceremonies
14:00 Bus to Waterloo departs

General Information

Registration opens at 17:15 (5:15pm) on Friday the 6th, and will remain open all evening. The opening ceremony will begin at 18:15, with Dr. Ann Cavoukian speaking from 18:30 to 19:00, and is an integral part of the hackathon. We strongly recommend attending the opening ceremony, as Dr. Cavoukian's address will introduce the central criteria for judging your hacks.

Bus from Waterloo

There will be a bus with space for 46 hackers coming from Waterloo. Reserve tickets, first come, first served, here. Details as follows:

Friday September 6

  • 14:00–14:30: Pick up in front of Hagey Hall at the University of Waterloo. Please bring a student card or government-issued photo ID to confirm your seat on the bus.
  • 14:15: Any unreserved seats on the bus will be opened up first come, first served to participants at the bus stop who have not reserved tickets.
  • 14:30: The bus leaves.
  • 16:15: Arrival at the venue in Toronto.

Sunday September 8

  • 14:00–14:15: Pick up from the Citizen Hacks venue to return to Waterloo.
  • 14:15: Bus departs for Waterloo.
  • 16:00: Drop off at Hagey Hall.

What to bring

  • Student card or government-issued photo ID to present at registration
  • Your laptop and any other hardware you're planning to hack with
  • A reusable water bottle
  • If you're planning on staying overnight at the venue, bring a sleeping bag and pillow to get comfy!
  • All your meals will be provided for free!

Resources on Privacy

Looking for ideas for your privacy-themed hackathon project? Check out some of these resources, covering both general material on privacy and three specific focuses—AI, cybersecurity, and education:


At Citizen Hacks, you'll have the chance to develop skills and experience creating privacy-oriented technology, now a top priority for companies and organizations. Check out our program of workshops, panels and talks, run by experts and industry leaders in the field of privacy:

Keynote Address from Dr. Ann Cavoukian

Friday, September 6th, 18:30–19:00

Attend the opening ceremony to hear Dr. Ann Cavoukian speak about Privacy by Design (PbD) and how youth can incorporate it into their thinking as designers and users of technology. This is an integral part of the hackathon, where Dr. Cavoukian will introduce the central criteria for judging your hacks. Talk, followed by Q&A from the audience.

Problem-Product Market Fit – How to build a product for a scalable business

Friday, September 6th, 19:30–20:30. Run by Ivan Tsarynny.

Putting PIPEDA into Practice – Generating privacy-based hack ideas

Friday, September 6th, 20:30–21:30. Run by Charlotte Wong, Eric Fulton and Ivan Tsarynny.

Learn about the legal requirements of privacy in Canada from the Office of the Privacy Commissioner of Canada, and begin generating hack ideas with the support of industry experts.

Intro to Keybase Bots

Friday, September 6th, 21:45–22:45. Run by Josh Blum and Eric Fulton.

How to Collaborate with GitHub

Friday, September 6th, 23:00-1:00. Run by Marcel O'Neil.

At this MLH Localhost workshop, you'll learn best practices for using GitHub to collaborate.

Just say no to “Just say no”: youth engagement for privacy

Saturday, September 7th, 8:45-9:45. Run by Mariel García Montes.

In this workshop, we will brainstorm ways to do advocacy that raises awareness about privacy concerns among youth, and ways that youth advocates can engage in privacy policy at large.

A hands-on workshop on DNS Security

Saturday, September 7th, 10:00-11:00. Run by Cuneyt Karul.

Cuneyt Karul, Ph. D. is the Director of Information Security and Compliance for BlueCat Networks, a leading Enterprise DNS Software company. Cuneyt Karul will overview the importance of DNS both as an attack vector and from the viewpoint of detection and defense. The workshop will deep dive into how DNS is poisoned, can be used to ex-filtrate confidential data discretely and used to bypass common security controls. Bring your laptops!

Privacy Enhancing Technologies for the Internet

Saturday, September 7th, 11:15-12:15. Talk from Ian Goldberg.

The Internet is an essential tool for global communication and collaboration, but some governments dislike the free and open interaction it provides. Find out how Ian Goldberg of the Cryptography, Security, and Privacy (CrySP) research group at the University of Waterloo is combating Internet censorship and surveillance with privacy-enhancing technologies.

How to make an app that is not a privacy horror show

Saturday, September 7th, 12:30-13:30. Run by Miti Mazmudar.

Conventional software engineering paradigms do not require developers to engage in determining the privacy-relevant aspects of their design and thus often result in privacy horror shows. The Privacy by Design (PbD) paradigm addresses this shortcoming, but in order to implement the principles of PbD, developers need to know relevant tools. This workshop introduces privacy enhancing technologies (PETS) to address various aspects of a privacy-by-design approach, through online walkthroughs of deployed technologies or through examples of prototypes.

Panel Discussion: Education for ethical design thinking

Saturday, September 7th, 14:00-15:00. Panelists are Grant Hutchison, Mariel García Montes, Paul Heidebrecht and Scott Campbell.

The first step towards privacy by design is a mindset that cares about the social implications of technology. How can schools and universities cultivate this mindset in the next generation of users and innovators? Join an interdisciplinary panel of experts in thinking about this challenge, and get inspired to find answers with your own hacks. Panel discussion followed by Q&A.

Hands-on introduction to Offensive Cybersecurity

Saturday, September 7th, 15:30-17:30. Run by Helen Oakley, Opheliar Chan and Vitaly Volovich.

This is going to be a very quick dive into the world of computer hacking: the bad guys, and the friendly hackers (like us). If you think of the internet as an organism, then we are the immune system; but in today’s fast paced world the criminals have an edge. We will explore the major incidents and trends that shook our world in the last few years, the shadowy entities behind these global attacks, and the widening gap in the supply of professionals and basic cybersecurity literacy that leaves all of us vulnerable. Get a feel for what it's like to be an offensive cybersecurity professional by learning several common hacking techniques, and performing real attacks against a website and a Wifi network.

The Future of AI in Society – from the perspective of three insiders

Saturday, September 7th, 18:30-19:30. Panelists are Anson MacKeracher, David Hariri, Ivan Tsarynny and Laila Paszti.

Come join us for a panel discussion and Q&A featuring three firms at the cutting edge of the rapidly developing field of AI. Hear their stories and contribute to a discussion about the challenges and pathways towards implementing the recently-released OECD AI Principles for responsible stewardship of trustworthy AI.

Slideshow Karaoke

Saturday, September 7th, 20:00-21:00. Run by Paige from MLH.

Slideshow Karaoke is a fun game where participants are called up to the stage one at a time. The audience will shout out topics and organizer will use those topic suggestions to find a random yet topical slide deck on the Internet. The participant on stage will then present the slide deck without getting to view the content. The organizer will keep time and progress the slide deck as the participant makes their presentation.

VIM Competition

Saturday, September 7th, 22:00-23:00. Run by Curtis from Citizen Hacks.

Roll up your sleeves and type away at our VIM competition. Walk through the story of Citizen Hacks' Creation as you make edits in as few keystrokes as possible. With $50 in prizes and bunch of extra food, join the #vim channel if you're a VIM ninja!


Ann Cavoukian: Keynote Speaker


Dr. Ann Cavoukian is recognized as one of the world’s leading privacy experts. Dr. Cavoukian served an unprecedented three terms as the Information & Privacy Commissioner of Ontario, Canada. There she created Privacy by Design, a framework that seeks to proactively embed privacy into the design specifications of information technologies, networked infrastructure and business practices, thereby achieving the strongest protection possible. In 2010, International Privacy Regulators unanimously passed a Resolution recognizing Privacy by Design as an International Standard. Since then, PbD has been translated into 40 languages! In 2018, PbD was included in a sweeping new law in the EU: the General Data Protection Regulation. Dr. Cavoukian is now the Executive Director of the Global Privacy & Security by Design Centre. She is also a Senior Fellow of the Ted Rogers Leadership Centre at Ryerson University, and a Faculty Fellow of the Center for Law, Science & Innovation at the Sandra Day O’Connor College of Law at Arizona State University.

Dr. Cavoukian is the author of two books, “The Privacy Payoff: How Successful Businesses Build Customer Trust” with Tyler Hamilton, and “Who Knows: Safeguarding Your Privacy in a Networked World” with Don Tapscott. She has received numerous awards recognizing her leadership in privacy, including being named as one of the Top 25 Women of Influence in Canada, named as one of the Top 10 Women in Data Security and Privacy, and named as one of the ‘Power 50’ by Canadian Business. She was awarded the Meritorious Service Medal by the Governor General of Canada for her outstanding work on creating Privacy by Design and taking it global (May, 2017), named as one of the 50 Most Impactful Smart Cities Leaders (November, 2017), named among the Top Women in Tech (December, 2017), was awarded the Toastmasters Communication and Leadership Award (April, 2018), recognized among the Top 100 Identity Influencers (February, 2019), and most recently, she was named among the Top 18 Global AI Influencers within the AI & Tech Space (February, 2019).

Anson MacKeracher


Anson is a veteran technology startup executive who has led engineering teams at Top Hat, Tilt (acquired by AirBnB), and most recently Ada, one of North America's fastest growing AI companies. Anson holds an engineering degree from the University of Waterloo.

Charlotte Wong


Charlotte Wong is a Senior Privacy Advisor who works in the Business Advisory Directorate of the OPC in Toronto. In this role, she provides advice to businesses subject to PIPEDA in the context of advisory services for new programs and initiatives, reviews existing privacy practices and conducts proactive engagements with the business community. Prior to her advisory role, Ms. Wong worked as a Senior Privacy Investigator at the OPC where she conducted investigations under PIPEDA about the collection, use and disclosure of personal information in the course of commercial activities. Ms. Wong graduated from the Schulich School of Business and obtained her International Bachelor of Business Administration degree, with a specialization in Marketing and Organizational Behaviour. After graduation, Ms. Wong worked in various private and public sector organizations before joining the OPC in 2015.

Cuneyt Karul


Cuneyt Karul has over two decades of experience in software development, architecture and information security. He is a CISSP, CISM and RESILIA certified security professional who holds multiple security-related patents. Currently he is the Director of Information Security and Compliance at BlueCat, a global enterprise DNS software and hardware provider.

David Hariri


Co-founder & Head of Strategic Product, Ada

Eric Fulton


Eric Fulton is the Identity Evangelist for Keybase. With over 10 years experience advocating for privacy and Internet freedom Eric continues his mission of contributing to a secure, free, open Internet. Prior to Keybase Eric started an ISP, presented research at global hacker conferences, and helped draft model privacy legislation. In his free time he can be found hiking mountains and exploring the world.

Grant Hutchison


Grant is a high school Computer Science and Engineering teacher at Malvern CI (TDSB – Toronto District School Board). As a Sessional Facilitator for the University of Toronto (OISE – Ontario Institute for Studies in Education) he enables in-service teachers to teach high school Computer Science courses. Prior to joining the TDSB, he held a variety of technical and leadership roles at IBM Canada for over 18 years. Grant is a frequent speaker at educational conferences and is an executive member and conference chair fo the Association of Computer Science Education (ACSE) of Ontario. He is an author, inventor, and advocate for K-12 Computer Science Education in Canada.

Helen Oakley


Helen is a cybersecurity enthusiast and a data privacy expert. She works as Security Product Owner for Financial Services portfolio of web applications at SAP. Helen is also a co-organizer of #CyberLadies Toronto chapter and a public speaker in cybersecurity.

Ian Goldberg


Ian Goldberg is the Canada Research Chair in Privacy Enhancing Technologies. He is a Professor in the Cheriton School of Computer Science at the University of Waterloo, where he is a founding member of the Cryptography, Security, and Privacy (CrySP) research group. He holds a Ph.D. from the University of California, Berkeley, where he discovered serious weaknesses in a number of widely deployed security systems, including those used by cellular phones and wireless networks. He also studied systems for protecting the personal privacy of Internet users, which led to his role as Chief Scientist at Zero-Knowledge Systems, a Montreal-based startup. His research currently focuses on developing usable and useful technologies to help Internet users maintain their security and privacy. He is a Distinguished Member of the Association for Computing Machinery and a winner of the Outstanding Young Computer Science Researcher Award, the Electronic Frontier Foundation's Pioneer Award, and the Caspar Bowden Award for Outstanding Research in Privacy Enhancing Technologies.

Ivan Tsarynny


Ivan Tsarynny is the CEO and Co-Founder of Feroot, a company that works with security, privacy, and data protection departments to monitor the client side surface attack area of websites and web apps. Having previously co-founded PostBeyond—a revolutionary communications tool for marketing professionals—Ivan is well aware of the growing need for third-party tools to track and analyze customer and user behavior. As co-founder of Feroot, Ivan hopes to make it easier for security and privacy teams to gain visibility into potential security risks and vulnerabilities introduced by the third- and fourth-party tools such as web trackers, chatbots, tag managers, analytics and more. Ultimately, his goal is to shift the perception of regulatory security and privacy compliance to a competitive, business advantage and help security and privacy teams collaborate better with marketing, sales and customer success. Since launching in 2017, Feroot received the NextAI Top Venture Award for outstanding progress helping companies comply with data protection and security regulations. Ivan is also an active member of the GDPR Advisory Committee at the Standard Council of Canada.

Josh Blum


Software Engineer, Keybase

Laila Paszti


Laila Paszti delivers strategic legal advice and brings a unique technology-focused perspective to achieve optimal outcomes for clients. For clients, a key strength is her ability to leverage her legal, technical and industry experience to quickly identify, assess, and mitigate IP and technology risks to maximize value and minimize issues.

Laila’s practice focuses on mergers and acquisitions, licensing, and other technology-related transactions, with an emphasis on software code audits and big data platform diligence. She routinely advises on evolving multi-jurisdictional privacy regimes, cybersecurity, and data protection controls.

Mariel García Montes


Mariel García-Montes is a public interest technology capacity builder and researcher from Mexico. Her main topics of interest are privacy and information security, social exclusions in technology and participatory processes.

Most recently, Mariel was a graduate student at the Comparative Media Studies program at MIT, and a research assistant at the Center for Civic Media at the MIT Media Lab. There, she worked at the Codesign Studio and the Design Justice project, and wrote a thesis on tensions in organizational approaches to work on youth and privacy issues in the Americas.

Mariel has worked in communications, instructional design and research around open data, privacy and security, strategic communications and other digital literacies for organizations in Mexico and around the world. She is a philosophy graduate from the National Autonomous University of Mexico.

Mariel loves passionate opinions in the intersections of technology and society, creative communications efforts, random acts of kindness, passport stamps and both eating and dancing salsa.

Miti Mazmudar


Miti Mazmudar is a PhD student and researcher in the Cryptography, Security and Privacy lab (CrySP) in the University of Waterloo. Her Masters research was focused on ensuring compliance of privacy policies with source code using trusted hardware platforms. She has also been working on censorship-resistant publishing systems. In general, she in interested in designing and implementing privacy tools that are dictated by the needs of people.

Opheliar Chan


Opheliar Chan spends most of her time trying to make software security more accessible, pragmatic, and FUD-free. For over a decade, she has focused on software security, SDLC process consulting and implementations, program building, penetration testing/vulnerability assessments, and related. Prior to her career in consulting, she worked in security research, software development, and technical writing.

Her current roles include:

  • Director of Advisory at Security Compass Ltd. (A software security company)
  • Co-lead of the OWASP Toronto Chapter (Global not-for-profit software security community and advocacy group)
  • SecTor Advisory Committee member (Security Education Conference in Toronto)
  • Advocate for HackStudent (Not-for-profit cybersecurity school for teens)

You can usually find her in-person at OWASP Toronto Meetups, or at

Paul Heidebrecht


Paul Heidebrecht is the inaugural director of the Kindred Credit Union Centre for Peace Advancement, and teaches courses in Peace and Conflict Studies at Conrad Grebel University / University of Waterloo. His current research interests reflect a range of academic fields and professional experiences, including the intersection of social innovation and peacebuilding, political advocacy, and technology and ethics. He holds a Ph.D. in religious studies from Marquette University, and a B.A.Sc. in mechanical engineering from the University of Waterloo.

Scott Campbell


Scott Campbell is a Systems Design Engineering Lecturer and Director of the Centre for Society, Technology and Values (CSTV) at the University of Waterloo. His research revolves around the role of technology in Canadian society with specific focus on the history of computing technology and science in Canada. He is also a co-founder of the University of Waterloo Computer Museum.

Vitaly Volovich


Vitaly is a system architect and security expert who has been up and down the development stack. He is Co-Founder and CTO at ParkPass, and hacks together slick websites for fun.



Anindita Bose, Program/Project Manager, Global Privacy and Security by Design

Anthony de Fazekas, Head of Technology and Innovation, Canada, Partner, Norton Rose Fulbright

Derek Rayside, Associate Professor, University of Waterloo Department of Electrical and Computer Engineering

Grant Hutchison, Computer Science Teacher, Malvern Collegiate Institute

Josh Blum, Software Engineer, Keybase

Lauren Eikerman, Executive Assistant & Project Manager, Rogers Cybersecure Catalyst

Mariel García Montes, Researcher, Berkman Klein Center for Internet and Society

Rollen D’Souza, PhD Student, University of Waterloo

Sapna Malhotra, CEO, Digiruptor

Vitaliy Lim, Co-Founder & CTO, Feroot


All quantities are to be split evenly among the winning team:

First Place

  • 4x Yubico YubiKey 5 NFC - Two Factor Authentication USB and NFC Security Key
  • 4x ProtonMail Plus yearly accounts
  • $120 of Amazon Credit

Second Place

  • 4x Portable Charger
  • 4x ProtonMail Plus yearly accounts
  • $120 Amazon Credit

Third Place

  • 4x ProtonMail Plus yearly accounts
  • $120 Amazon Credit

Best Keybase Bot Integration

  • US$1000 in Stellar

Best Stellar Integration

  • US$1000 in Stellar