This is not going to make me a popular person, but I thought I’d talk about some of my odd “habits” from cons, in particular my habits and general thoughts about con swag. But stick around to the end, as I’ll add some con hacks that involve swag to make it worth the trouble.

You see, one thing that seems to irritate other Infosec people is when I say I don’t like con swag. Many of my friends think it is some type of mental deficiency on my part.

The SWAG List

This is the list of items that cause the most contention:

• Stickers - I am not exactly sure what the fascination with stickers is all about. I know there are tons of stickers out there, and plenty of people trade and collect them. I did at first because I though maybe I might do something with them, but they just sat there in a pile. I know a lot of people deck out their laptops with them, but over the years with tons of travel under my belt, I’ve noticed that TSA (and non-US border control) will pay a bit more attention to a laptop covered in hacker and anti-government/anti-authority stickers than a plain laptop, so I opt for the clean look.

• Other wearable items - This includes buttons, badges, pins, and other things. I don’t see the need, it is more clutter when traveling, and again it draws more attention by security personnel at airports.

• T-shirts - There are people that collect con t-shirts. I try to avoid any shirt with a logo on it and stick with drab colors so I blend in, aka Gray Man style. As a security person it makes sense from a privacy and security standpoint to avoid attracting attention, but maybe that’s simply my personal threat model (I’ve had some odd encounters with authorities from multiple countries). Besides, I see no reason to advertise for some company that sponsors a con by wearing the con shirt with the logo of a bunch of con sponsors on it whose corporate greed approach to our industry and privacy in general I take umbrage with.

• Other branded items - The conference “goodie bag” is typically filled with all kinds of crap. It isn’t just t-shirts, there are mugs, cups, pens, notepads, backpacks, duffel bags, coozies, flashlights, USB devices, and the list goes on and on. I rarely want any of it.

• Badges - Before you say it, yes I consider badges to be swag and no you can’t change my mind. And no, I don’t save them.

The Habits

Here are the things I do that drive many of my friends insane:

• I don’t save hardly anything from the conference that is handed out, and try to avoid them altogether. If there is a goodie bag, I will look in it when it is handed to me, and I will often hand it back without removing anything from it. If there is something I want I’ll go ahead and take the whole bag, but if I can simply return it intact I will. Items I will take could include any post-it pads (I use them at home), a pen and a notepad to replenish things if my pen has stopped working or I’m out of paper to take notes on, any medications (some cons include “hangover” meds including over-the-counter pain relievers), any printed con schedule, and that’s about it.

• If I’ve taken out an item or two, I don’t return the goodie bag. Instead I hold it up and ask if anyone in line wants it. So far, at least one person has spoken up every time. And people go nuts when the goodie bag is a backpack or duffel bag.

• If the badge can be given away at the end of the con, I will most likely try to do that, as someone always seems willing to grab it. I will remove the part with my name on it (to shred it) and anything that is scannable such as a QR code, but otherwise I will simply loudly proclaim in a public place “does anyone want my badge?” and someone always does.

• I will abandon swag at the con. For example if I need to leave the con early and maybe go straight to the airport, I will take swag items I’ve been using (water bottle, badge holder, etc) and just leave them unattended in a conference public place for anyone to grab.

Hack The Con

There are some cons where you can use some of this badge bullshit to your own end to either have fun or cheat the system in some way, plus a few other fun things. Here are just a few examples (I’m saving a couple of them for myself):

• There are some cons where all of the badges are the same and they attach one of those ribbons on the bottom of the plastic badge holders. I save those, and have even traded my own for others. It is nice to be at a con as an attendee, but get into the speaker or press room because of a ribbon acquired at a previous con is the best. It also helps when your speaker, press, or even keynote friend has to leave the con early and they give you their badge. I had a friend once hand me her speaker badge as she had to leave the Black Hat conference early, and I entered the speaker room wearing a speaker badge that identified me as one Jennifer Granick - no one caught it.

• I typically avoid the vendor areas at most cons (the main exception is hacker cons like DEF CON, they sell cool stuff) but will enter if there is something I need. Once I left my water bottle in the hotel room, so I went into the vendor area, picked up a business card from one booth while they were busy, and then went to another booth that was giving away those branded empty water bottles if you sat through a sales pitch. While they were busy I tried to grab a bottle, tossed my recently acquired business card into the bowl and said “I’ll be right back” and they nodded while still giving the pitch to some other poor soul, and let me take the bottle. Before I left the con for that day I left the bottle unattended on a table near registration.

• The previous one reminded me, if for some reason I am on the vendor floor, I typically drop off business cards I’ve been handed by pushy sales people into their competitor’s bowls or jars, especially if they are drawing for prizes later.

• I often ask if they can reprint my badge because “I just changed jobs” or “privacy purposes” when I check in so I can get a different company listed on there. “Oh no, give me the old badge I need to shred that”. If they say no I ask them to tear it in half and give me the halves, because “I don’t want to deal with The Man” or some other crazy thing. I now have two badges (after a quick repair) with my name and two different companies.

• Many cons have QR codes on the front of the badges, which are easily modified with a pen to make the scan fail. Vendors will sometimes want to scan badges at those open-bar vendor parties and this helps get in without giving up personal info. If it is my alternate badge from my previous hack and they demand an email address, then I make one up. One year Intel received spam to the non-existent “mloveless@intel.com” from several vendors running vendor parties at Black Hat.

• Many cons have private parties and the only entrance requirement is a colored wristband with a name printed on it. There are a small group of individuals (who shall remain nameless) that show up to every con with a selection of different-colored wrist bands, figure out the color for the party they want to go to, and simply walk in with the wristband on in a crowd with others. To quickly let a larger group in, door security (usually venue staff and not security people) simply look for the right color on the wrists and wave everyone in. One year I attended the Black Hat speaker’s party this way, and none other than Jeff Moss approached me after I was in and said “I didn’t realize you were speaking” so I told him what happened. He laughed and just told me to enjoy the free drinks and snacks I just earned for hacking the party.

• At the end of the con if there are leftover goodie bags (and even backpacks) they will simply give them away, as it costs money to ship that stuff back and otherwise they end up in a dumpster. So hang around the check-in area near the end of the con, and if you’re impatient simply go up and ask.

Conclusion

So that’s my unpopular swag habits at a con. Hopefully the hacks make up for it.