Making without fabrication: Do-it-yourself activities for IT security in an open lab

•The maker movement is based on claims of user sovereignty.•Open laboratories as public spaces allow different claims of user sovereignty.•A case study on IT security shows how making can proceed without fabrication.•Users find their own ways of claiming sovereignty over a subject matter. Do-it-yourself activities of hackers or makers are accompanied by fundamental claims about the sovereignty of users in their treatment of technology. In Fab Labs and Maker Spaces, such claims are realised by giving users access to hardware for the fabrication and alteration of artefacts. In open laboratories where no such hardware is available, users establish sovereignty in other ways as they step beyond the design and construction of artefacts and get involved in a wider scope of sense-making and agenda-setting behaviours. Using the example of an open lab project on IT security for critical infrastructures, this paper tries to gain a better understanding of these behaviours. Due to the sensitivity of IT security, visitors of the lab are not allowed to get directly involved in the fabrication or alteration of technical architectures, algorithms, etc. Nevertheless, the visitors engage in a variety of other do-it-yourself activities in their approach to the subject matter and the project itself that add new facets to the notion of user sovereignty in hacking and making.