On Wednesday, March 7, 2018 at 8:11:25 PM UTC+1, Tim W wrote: > I am sorry what is reason so many people want to get and use a riseup.net > account outside political or some other social reason > > They had their canary down for over a year because of gag order from the feds. > > They have totally rewritten there canary statement since which was prior very > clear and concise. Now it looks to be heavily lawyered careful play on > words...thus its vague using words that can having wide varying meaning. > what is omitted is any speech with the words warrant, gag order, NSL. If > they get any of those it will NOT of itself require them activating the > canary protocol. > > Here is their old Canary statement followed by the new one: > > OLD: > riseup has not received any National Security Letters or FISA court orders, > and we have not been subject to any gag order by a FISA court, or any other > similar court of any government. Riseup has never placed any backdoors in our > hardware or software and has not received any requests to do so. Riseup has > never disclosed any user communications to any third party. > > > NEW: > Riseup positively confirms that the integrity of our system is sound. all our > infrastructure is in our control, we have not been compromised or suffered a > data breach, we have not disclosed any private encryption keys, and we have > not been forced to modify our system to allow access or information leakage > to a third party. > > > Unfortunately we cannot use common sense to read these but they must be read > thru the eye of a laywer I think you really see the effects of the rewritten > statement. > > From what I can tell the system is closed source. They no longer offer any > form of encryption. I must all be done on your email client. There is no > two factor authentication. The user name and password to get your into your > mailbox from what I can see maybe moot as there is no info on any use of > encryption outside users manually or thru a client using gpg. If that is > correct then any mail not gpg encrypted is sitting in the mailbox in > cleartext. Unless there is something like AES 256 protecting the mailbox via > your password but then that means thru the recovery passcode system they very > well can get back into your mailbox even with lost credentials and no reset > alternate email address. > > For a person that plans to gpg encrypt all their emails what does this offer > anyone over the other free email accounts. Sure your contacts are not mined > to hell and back but in terms of email content I see no difference and > actually lower login security. > > I was looking at the thread and it looks like around 40 people requested > referral codes on this thread while the canary was expired. One person even > mentioned it and it went uncommented on. > > Compare this to say protonmail its not even remotely close. As both can be > had for free and without all the need for referrals as its targeted toward > liberal/social/anticapital political change groups not sure the point? > Elitism? > > I honestly was surprised so many people on this list asking for it and where > unphase by the fact the canary was expired and it was known they were under a > gag order. We make a big deal about a close source binary blob for a driver > or firmware to a nic or gpu yet a closed source email provider system with a > triggered canary and no one misses a beat? I know the thread was off topic > and has been running for years and why I never even read it till now for no > other reason than I was wasting time but wow I am surprised.
Had to scratch my head, I didn't even know about them. But after a quick look, aren't they doing the same as the Libre laptop developers (Purism) are doing? Overselling and thereby preying on people's feelings to get more security, without actually delivering what they are promising? It seems a bit similar in that sense. Also using anything U.S. based is a huuuuuge No Thanks! We don't even need Trump to screw up so badly that he can barely find any more lies to cover it up, and as a result make a trade war with the EU (like what happened today). In general security business with anything U.S. is a big fat no. The website also looks like a mix of something meant for 3rd graders and something out of the last late century. It isn't very clear what is what when you land on the frot page, you have to stare a while to find out rather than immediately know what is what that all good websites manage to do. Their website is definitely a fail. e-mail? The technology in and on itself is fail. It's only because people don't want to use something else, and there are few e-mail standards to govern the security and privacy among the many 100 of thousands of e-mail providers whom are still around in 2018. Using riseup wont solve the innate design failure of multiple decade old e-mail technology born back in the 1960s. <-- that's a wooping 7 towards 8 decades. Well convenience before privacy I suppose? *cringe* XMPP? It's open source anyway, we can always just go and make our own chat system with it, doesn't take an expert to do. But as far as I know, XMPP has some issues that can be exploited too? Again they seem to be over-promising their promise. VPN? It's just another ISP... by the end of the day, we can't trust any VPN either. TOR is the only close to real thing we go, but it's slow and end notes are a big problem. What would work though? If we transformed all the internet into a TOR network so that it won't leave the TOR network, then it'll be much, much more secure to use TOR technology. The problems as far as I understand them, is the moment you leave the Tor network at the end nodes, which can be , surveilled and/or manipulated, by pretty much anyone (not just your government, but other governments, private companies, hackers who seek to do you harm, profiling companies, and what else. If we could speed up the TOR's slow technology a bit, and increase it for normal use among everyday people, then we'd have something nice for a change. Still, current TOR is better than VPN imho. It's odd they don't even mention TOR. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/81fee5d7-7b8a-4bf6-8369-925faef0f4a4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
