On Tue, 04 Dec 2012 14:13:23 -0700 <fr...@journalistsecurity.net> wrote:
> Quotes CL and EFF's Eva on risks. Main news here that sticks out for > me is that Syrian activists largely seem aware of the risks, yet many > are still using Skype due to a lack of alternatives. Syrian activists aren't much different than activists anywhere else in the world. The ones with which we've worked are activists first, technologists second/third/fourth. They don't go through an evaluative process upfront. They use what technology their friends use. > “I saw this incident right in front of my eyes,” Mohamed said. “We > put his info on Skype so he was arrested and killed.” > > In August, an activist named Baraa al-Boushi was killed during > shelling in Damascus. Activists later circulated a report saying that > a Saudi Arabian claiming to support the revolution was actually a > government informant who determined Mr. Boushi’s location after a long > conversation on Skype. Stories like this are powerful, but make me ask lots of questions and to go find evidence. At tor, we ran into this problem when working with southeast asian activists. They used skype, believed it was encrypted, and therefore they were safe. They did zero vetting of other activists, and they completely ignored the fact that government agents were sitting across the street with parabolic microphones recording the conversations. Skype is not going to solve the problem of moles and out of band recording. > A Skype spokesman, Chaim Haas, said calls via the service between > computers, smartphones and other mobile devices are automatically > encrypted. But just like e-mail and instant messaging can be > compromised by spyware and Trojan horses, so can Skype. > > “They’re listening to the conversation before it gets encrypted,” > Mr. Haas said. “That has nothing to do with Skype at all.” Mr. Haas is likely correct here. There are technicalities of some phones disabling encryption in calls because the either the phone operating system or the cpu cannot handle skype's encryption routines. However, for the most part, skype uses some sort of variable voice encoding with encryption. However, if the govt is infecting people with spyware, then no matter which technology is used, the activist has already lost. If you cannot trust your laptop/desktop/phone, then no application on it is going to make it safe. Using a livesystem (such as tails, liberte, or any number of linux/bsd livecds) is going to help, but only if you can assess risk correctly. Knowing about installed hardware keyloggers, ram snapshot devices, gps trackers, imsi catchers, covert audio/video recording devices in the area, etc will help you make better risk assessments. This is as true in Syria as it is in Germany. However, all of this knowledge takes time to accumulate, internalize, and practice. There is no app for that. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
