On 17.06.2013 21:06, micah wrote: > Do you have any suggestions for what Riseup can do to resolve that > concern for you? I don't disagree with you, I'm just curious about > solutions here.
I am happy to repeat myself, since the issues I have with Riseup have not been addressed so far. Tactical Tech should not be recommending Riseup, and Riseup only, without stressing that you *always* have to trust the operators and the systems behind them, and at least mention some alternatives to Riseup. A longer article should also discuss that Gmail is probably better security-wise than some random open source installation. In the end it depends on your threat model, right? Anyway: #1 There was a point in time when Riseup purposely decided to stop pushing decentralization. A lot of work was and is put into features that are *not* documented properly and not easily available to replicate. #2 As an example, the website states "minimal logging". What the hell is "minimum logging" other than marketing speech? Why don't you tell you're users what you are logging, up to the last byte? Especially when you provide a sensitive service like email, extra care should be put in the documentation and specification of logging policies. And by that I mean down to the config files of the syslog daemon. #3 How hard is it to be transparent about money and sponsors? There's some big money behind Riseup now, and you guys should be very open about the sources. -- Moritz Bartl https://www.torservers.net/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
