Re: [liberationtech] AdLeaks - a whistleblowing platform

[Fabio Pietrosanti (naif)]

Il 6/23/13 2:53 PM, Jens Christian Hillerup ha scritto:
Quickly noting that I'm not affiliated with AdLeaks, just passing on 
the information.


On Sun, Jun 23, 2013 at 1:56 PM, Andrea St > wrote:


it sounds different from globaleaks project. Am i right? 



Yes. GlobaLeaks seeks to establish an open-source version of the 
submission system of Wikileaks such that any and everyone can make 
their own leaks site. The core development team of GlobaLeaks is also 
on this list, so I'll let them describe it further.


GlobaLeaks mission is to be a framework with support for different 
digital whistleblowing workflow and security threat model.


The AdLeaks concept is very cool (http://arxiv.org/abs/1301.6263), even 
if it appear to me very difficult to be deployed and used in a real 
world scenario:
See 6.1 (submission duration), it would keep the whistleblower 21 days 
to upload a single 2MB file.


Passive traffic analysis with correlation of timing/size/destination is 
*extremely difficult and unlikely* to be easy to be protected without 
"awareness and actions of the whistleblower" (like using an open wifi, 
an internet caffè, using Tor from another persons communication line, etc) .


For a whistleblowing project we're working on, we are going to develop a 
Widget to support covert-traffic generation:

https://github.com/globaleaks/GlobaLeaks/issues/263

This will work with inclusion into the websites of all the partners's 
website of this whistleblowing inititives.


This "does not guarantee protection to the whistleblower" doing submission.

Our widget for covert-traffic is specifically designed only to provide 
some "additional aid" in some specific case we've discussed (and that 
should be better documented in TM).


It help  for Whistleblowers that access a submission site from their 
corporate/governmental networks, trough proxy servers that save detailed 
access logs. In context where Whistleblowers are prevented from doing a 
submission (because hind a proxy) but can access it.


In such context the WB will leave trace that maybe interpreted like "he 
intended to do a submission, but then he haven't done" .


If in the Enterprise/Government organization's proxy logs, there are 
traces of thousands of users connecting to the submission interface (due 
to the Widget being embedded in third party popular websites), there 
will not be a single, incriminating "log entry" generated by the 
unaware/unconscious whistleblower, but thousands of them making slightly 
more difficult the analysis.


Supporting covert-traffic generation it's something that "help", but 
doesn't fix the real problem that i think *require* Whistleblower awareness.


Anyhow i'm excited to meet at OHM2013 the AdLeaks team and do a 
brainstorming on it! :)


--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http://tor2web.org

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Spiegel Online (Germany): The Public Must Fight for its Right to Privacy

[fukami]

Hi,

just to share an English text from one of the biggest news sites in Germany, 
which makes some very clear, simple and strong statements:

Global Surveillance: The Public Must Fight for its Right to Privacy
http://www.spiegel.de/international/world/public-must-fight-against-prism-and-tempora-surveillance-a-907495.html


Cheers,
  fukami


--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

[Douwe Schmidt]

Dear LibTech Readers,

In a little bit over a month OHM2013 is happening in The Netherlands. There has 
been a lot of controversy in the run-up to this gathering. There was criticism 
of the involvement of tech security company Fox-IT, then there was a heated 
debate on the presence of Dutch High-tech Crime Unit in a village of their own. 
Both discussions have calmed down. But the relevance of these topics was 
clarified and reinforced.

The Noisy Square Village will be the centre at OHM for discussing these and 
many more topics revolving around netpolitics, liberation technologies and 
surveillance. We want to be the place for connecting techno-activists, 
hacktivists, people involved with circumvention tools, and everyone interested 
in anti-censorship and anti-surveillance technology. We will connect the NGO's 
which work in the field to the hackers and programmers who work  on machines. 
We believe that all technology is political, and that we need to discuss and 
question its development and usage as critically as possible.

This call for participation is meant to ask the community which topics must be 
addressed -- especially those which might go unnoticed or undiscussed . So if 
you would like to: present recent work, hold a discussion, do a demonstration, 
organize the largest key signing party ever, co-create a hackathon or 
booksprint, or something radically different:

Go to: https://cfp.ohm2013.org/

There you can make an account and submit your proposal. Please make sure to tag 
your proposal in the title with 'Noisy Square' so we can find it easily! 

If you already submitted content to OHM, but would like to present it with us 
at Noisy Square, just send us the title of your proposal.

Looking forward to the richness of you ideas!

Douwe Schmidt, Jurre van Bergen, and Sacha van Geffen,

The Noisy Square Village Team - "Because Revolutions don't happen in Silent 
Circles"
https://ohm2013.org/wiki/Village:Noisy_Square

Organizations supporting the Noisy Square are:
- AccessNow
- Associated Whistle-Blowing Press
- Bits of Freedom
- Cryptocat
- Fairphone/Waag
- Free Press Unlimited
- Greenhost
- Hermes Center for Transparency and Digital Human Rights
- Hivos
- IMMI
- ISOC
- The Internet Protection Lab
- Torservers.net
- Vrijschrift

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Censorship circumvention and ticket inspectors

[Nathan of Guardian]

On 06/22/2013 08:40 AM, Walid AL-SAQAF wrote:
> 
> I have been asked to explain how four mechanisms of censorship
> circumvention work using some sort of analogy that any layman could
> understand. I proposed the analogy of surfing the Internet as traveling
> and firewalls as ticket inspectors checking where you are going as
> described below. 


One variation on this transportation analogy that we have used at the
Tibet Action Institute is the idea of knowing who or what is in the car
on the road, or not.

We speak of jeeps or public buses, vs private cars or limousines.

In this way, we try to explain encryption as what information is
revealed (the type of car, the destination, the license plates, etc),
and what is not (how many people in the car, what the car is carrying in
the trunk, etc).

Keep up the great work!

+n
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Cryptocat: Adopting Accessibility and Ease of Use as Security Properties

[Nadim Kobeissi]

Today, with Cryptocat nearing 65,000 regular users, the Cryptocat project 
releases “Cryptocat: Adopting Accessibility and Ease of Use as Security 
Properties,” a working draft which brings together the past year of Cryptocat 
research and development.

We document the challenges we have faced, both cryptographic and social, and 
the decisions we’ve taken in order to attempt to bring encrypted communications 
to the masses.

Paper: http://arxiv.org/abs/1306.5156

Give it a read, and please share it with people who might be interested. 
Feedback and discussion are welcome.

Excerpt from the introduction follows.

———

Cryptocat is a Free and Open Source Software (FL/OSS) browser extension that 
makes use of web technologies in order to provide easy to use, accessible, 
encrypted instant messaging to the general public. We aim to investigate how to 
best leverage the accessibility and portability offered by web technologies in 
order to allow encrypted instant messaging an opportunity to better permeate on 
a social level. We have found that encrypted communications, while in many 
cases technically well-implemented, suffer from a lack of usage due to their 
being unappealing and inaccessible to the “average end-user”.

Our position is that accessibility and ease of use must be treated as security 
properties. Even if a cryptographic system is technically highly qualified, 
securing user privacy is not achieved without addressing the problem of 
accessibility. Our goal is to investigate the feasibility of implementing 
cryptographic systems in highly accessible mediums, and to address the 
technical and social challenges of making encrypted instant messaging 
accessible and portable.

NK
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

[Eleanor Saitta]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 2013.06.24 07.19, Douwe Schmidt wrote:
> Dear LibTech Readers,
> 
> In a little bit over a month OHM2013 is happening in The
> Netherlands. There has been a lot of controversy in the run-up to
> this gathering. There was criticism of the involvement of tech
> security company Fox-IT, then there was a heated debate on the
> presence of Dutch High-tech Crime Unit in a village of their own.
> Both discussions have calmed down. But the relevance of these
> topics was clarified and reinforced.

It's very sad that the organizing team has not actually taken any
meaningful steps to address either their complicity with the
manufacture of surveillance equipment, their acceptance of the
promotion of a fascist police force, or the way they treated people
who had previously been part of their own team during the "discussion"
that ensued.  In fact, as far as I can tell, absolutely nothing has
happened on their end, they've just out-waited any discussion.

A lot of people are asking me to change my mind on attending, and it
sounds like you guys are going to have a lot of fun, but I'm finding
myself pretty unmotivated to change my mind given that much of the
organizing team doesn't seem to care at all about human rights.

E.

- -- 
Ideas are my favorite toys.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.17 (MingW32)

iF4EAREIAAYFAlHIayEACgkQQwkE2RkM0wpEqwD/b0/oaJEcff0Dwj0ELR4CByiR
ZDTh75L6HCSoXRxBoyQBAJn9e29RAuXFzA+ohaRVtRu/hwmD5PezbKXBFxaNMhFu
=gbiw
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

[phryk]

On Mon, 24 Jun 2013 11:52:01 -0400
Eleanor Saitta  wrote:

> A lot of people are asking me to change my mind on attending, and it
> sounds like you guys are going to have a lot of fun, but I'm finding
> myself pretty unmotivated to change my mind given that much of the
> organizing team doesn't seem to care at all about human rights.

Wouldn't that be all the more reason to go and mitigate the negative
effects? It'd also give you a chance to go meet the organizers in
person and tell them what you think of it, which is harder to dismiss
than someone querying them over IRC.

@Douwe, could you point me to the Village of that dutch crime unit?
My hope would be that this is the instant target for all kinds of
pranks that people might or might not come up with. I have high hopes
for hilarity to ensue and keep me merry.

Whatever the case, I'll be there. I won't be staying in the
Noisy Square Village, but I'll be around.
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

[micah]

Eleanor Saitta  writes:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 2013.06.24 07.19, Douwe Schmidt wrote:
>> Dear LibTech Readers,
>> 
>> In a little bit over a month OHM2013 is happening in The
>> Netherlands. There has been a lot of controversy in the run-up to
>> this gathering. There was criticism of the involvement of tech
>> security company Fox-IT, then there was a heated debate on the
>> presence of Dutch High-tech Crime Unit in a village of their own.
>> Both discussions have calmed down. But the relevance of these
>> topics was clarified and reinforced.
>
> It's very sad that the organizing team has not actually taken any
> meaningful steps to address either their complicity with the
> manufacture of surveillance equipment, their acceptance of the
> promotion of a fascist police force, or the way they treated people
> who had previously been part of their own team during the "discussion"
> that ensued.  In fact, as far as I can tell, absolutely nothing has
> happened on their end, they've just out-waited any discussion.
>
> A lot of people are asking me to change my mind on attending, and it
> sounds like you guys are going to have a lot of fun, but I'm finding
> myself pretty unmotivated to change my mind given that much of the
> organizing team doesn't seem to care at all about human rights.

I felt the same way as you, but someone convinced me that boycotting
just removes my voice from this conversation, and that attending gives a
chance to have this well needed discussion with the community.
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

[Jurre andmore]

I'm one of the noisysquare organizers, I replied inline.

2013/6/24 phryk 

> On Mon, 24 Jun 2013 11:52:01 -0400
> Eleanor Saitta  wrote:
>
> > A lot of people are asking me to change my mind on attending, and it
> > sounds like you guys are going to have a lot of fun, but I'm finding
> > myself pretty unmotivated to change my mind given that much of the
> > organizing team doesn't seem to care at all about human rights.
>
> Wouldn't that be all the more reason to go and mitigate the negative
> effects? It'd also give you a chance to go meet the organizers in
> person and tell them what you think of it, which is harder to dismiss
> than someone querying them over IRC.
>
> @Douwe, could you point me to the Village of that dutch crime unit?
> My hope would be that this is the instant target for all kinds of
> pranks that people might or might not come up with. I have high hopes
> for hilarity to ensue and keep me merry.
>

After much discussion on the OHM mailinglist and social media storms, the
police backed of and decided not to have a village. Instead, like all the
previous conferences before, they will be undercover! Just like CCCamp,
EMFcamp and all the other hacker conferences. At least we can play spot the
fed again, hooray!

Further, I agree with micah, would we not participate in a discussion like
we're having on this list with policymakers that things needs to be
radically changed? We can let our voice heard for a change and explain the
police and other surveillance vendors that what they do is an awful thing
and explain they are not welcome at our party.

My 0,02.

-- 
With kind regards,

Jurre van Bergen
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

[phryk]

> After much discussion on the OHM mailinglist and social media storms,
> the police backed of and decided not to have a village. Instead, like
> all the previous conferences before, they will be undercover! Just
> like CCCamp, EMFcamp and all the other hacker conferences. At least
> we can play spot the fed again, hooray!

Yaaay. I remember two guys coming to our village at the CCCamp11 and
going like "Err, uh do you guys know where we can get some err, *cough*
illegal music *cough* ?" It was hilarious. :P

> Further, I agree with micah, would we not participate in a discussion
> like we're having on this list with policymakers that things needs to
> be radically changed? We can let our voice heard for a change and
> explain the police and other surveillance vendors that what they do
> is an awful thing and explain they are not welcome at our party.

Agreed. If we don't speak up we can't honestly expect things to change.
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Help test the new Tor Browser!

[Brian Conley]

Hi Jacob,

This is great news, do you know when the new version available for download
on torproject.org?

Also, I'm not sure how I know whether I'm running 32 or 64 bit OSX 10.6,
since it doesn't tell me in the "About this Mac."

While I can certainly figure that out, I'm not sure how many users will be
able to solve this issue, much less be aware it is an issue(I only
recently(2 years back?) realized it exists on Windows, much less Mac). Any
thoughts about this, besides trial and error?

B


On Tue, Jun 18, 2013 at 5:24 AM, Masayuki Hatta  wrote:

> Hi,
>
> Now the new TBB works nicely for me, and I love it.  One regret is UI
> messages are not translated into Japanese...actually, the messages seems to
> be already translated(
> https://www.transifex.com/projects/p/torproject/language/ja/), but
> somehow it doesn't show up (messages in the installer is translated, btw).
> Is there anything I can help?
>
> Best regards,
> MH
>
>
> 2013/6/17 Jacob Appelbaum 
>
>> Hi,
>>
>> I'm really excited to say that Tor Browser has had some really important
>> changes. Mike Perry has really outdone himself - from deterministic
>> builds that allow us to verify that he is honest to actually having
>> serious usability improvements. I really mean it - the new TBB is
>> actually awesome. It is blazing fast, it no longer has the sometimes
>> confusing Vidalia UI, it is now fast to start, it now has a really nice
>> splash screen, it has a setup wizard - you name it - nearly everything
>> that people found difficult has been removed, replaced or improved.
>> Hooray for Mike Perry and all that helped him!
>>
>> Here is Mike's email:
>>
>>  https://lists.torproject.org/pipermail/tor-talk/2013-June/028440.html
>>
>> Here is the place to download it:
>>
>>  https://people.torproject.org/~mikeperry/tbb-3.0alpha1-builds/official/
>>
>> Please test it and please please tell us how we might improve it!
>>
>> All the best,
>> Jacob
>> --
>> Too many emails? Unsubscribe, change to digest, or change password by
>> emailing moderator at compa...@stanford.edu or changing your settings at
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>>
>
>
> --
> Masayuki Hatta
> Assistant Professor, Faculty of Economics and Management, Surugadai
> University, Japan
>
> http://about.me/mhatta
>
> mha...@gnu.org  / mha...@debian.org / mha...@opensource.jp /
> hatta.masay...@surugadai.ac.jp
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>



-- 



Brian Conley

Director, Small World News

http://smallworldnews.tv

m: 646.285.2046

Skype: brianjoelconley
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Help test the new Tor Browser!

[Dragana Kaurin]

On 06/24/2013 02:53 PM, Brian Conley wrote:
> Hi Jacob,
>
> This is great news, do you know when the new version available for
> download on torproject.org ?
>
> Also, I'm not sure how I know whether I'm running 32 or 64 bit OSX
> 10.6, since it doesn't tell me in the "About this Mac."

What kind of processor do you have? Inter Core 2 Duo, Intel Quad-Core
Xeon, or Intel Core i5  and  i7  all are 64 bit.
>
> While I can certainly figure that out, I'm not sure how many users
> will be able to solve this issue, much less be aware it is an issue(I
> only recently(2 years back?) realized it exists on Windows, much less
> Mac). Any thoughts about this, besides trial and error?
>
> B
>
>
> On Tue, Jun 18, 2013 at 5:24 AM, Masayuki Hatta  > wrote:
>
> Hi,
>
> Now the new TBB works nicely for me, and I love it.  One regret is
> UI messages are not translated into Japanese...actually, the
> messages seems to be already
> translated(https://www.transifex.com/projects/p/torproject/language/ja/),
> but somehow it doesn't show up (messages in the installer is
> translated, btw).  Is there anything I can help?
>
> Best regards,
> MH
>
>
> 2013/6/17 Jacob Appelbaum  >
>
> Hi,
>
> I'm really excited to say that Tor Browser has had some really
> important
> changes. Mike Perry has really outdone himself - from
> deterministic
> builds that allow us to verify that he is honest to actually
> having
> serious usability improvements. I really mean it - the new TBB is
> actually awesome. It is blazing fast, it no longer has the
> sometimes
> confusing Vidalia UI, it is now fast to start, it now has a
> really nice
> splash screen, it has a setup wizard - you name it - nearly
> everything
> that people found difficult has been removed, replaced or
> improved.
> Hooray for Mike Perry and all that helped him!
>
> Here is Mike's email:
>
>  https://lists.torproject.org/pipermail/tor-talk/2013-June/028440.html
>
> Here is the place to download it:
>
>  
> https://people.torproject.org/~mikeperry/tbb-3.0alpha1-builds/official/
> 
> 
>
> Please test it and please please tell us how we might improve it!
>
> All the best,
> Jacob
> --
> Too many emails? Unsubscribe, change to digest, or change
> password by emailing moderator at compa...@stanford.edu
>  or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
>
>
>
> -- 
> Masayuki Hatta
> Assistant Professor, Faculty of Economics and Management,
> Surugadai University, Japan
>
> http://about.me/mhatta
>
> mha...@gnu.org   / mha...@debian.org
>  / mha...@opensource.jp
>  / hatta.masay...@surugadai.ac.jp
> 
>
> --
> Too many emails? Unsubscribe, change to digest, or change password
> by emailing moderator at compa...@stanford.edu
>  or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
>
>
>
> -- 
>
>  
>
> Brian Conley
>
> Director, Small World News
>
> http://smallworldnews.tv 
>
> m: 646.285.2046
>
> Skype: brianjoelconley
>
>
>
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Help test the new Tor Browser!

[Brian Conley]

Thanks Dragana,

But wouldn't that mean there is no new browser bundle for recent macs as
only 32 is specified at Jacob's link?

Brian
On Jun 24, 2013 3:18 PM, "Dragana Kaurin"  wrote:

>  On 06/24/2013 02:53 PM, Brian Conley wrote:
>
> Hi Jacob,
>
>  This is great news, do you know when the new version available for
> download on torproject.org?
>
>  Also, I'm not sure how I know whether I'm running 32 or 64 bit OSX 10.6,
> since it doesn't tell me in the "About this Mac."
>
>
> What kind of processor do you have? Inter Core 2 Duo, Intel Quad-Core
> Xeon, or Intel Core i5  and  i7  all are 64 bit.
>
>
>  While I can certainly figure that out, I'm not sure how many users will
> be able to solve this issue, much less be aware it is an issue(I only
> recently(2 years back?) realized it exists on Windows, much less Mac). Any
> thoughts about this, besides trial and error?
>
>  B
>
>
> On Tue, Jun 18, 2013 at 5:24 AM, Masayuki Hatta  wrote:
>
>>  Hi,
>>
>>  Now the new TBB works nicely for me, and I love it.  One regret is UI
>> messages are not translated into Japanese...actually, the messages seems to
>> be already translated(
>> https://www.transifex.com/projects/p/torproject/language/ja/), but
>> somehow it doesn't show up (messages in the installer is translated, btw).
>> Is there anything I can help?
>>
>>  Best regards,
>> MH
>>
>>
>> 2013/6/17 Jacob Appelbaum 
>>
>>> Hi,
>>>
>>> I'm really excited to say that Tor Browser has had some really important
>>> changes. Mike Perry has really outdone himself - from deterministic
>>> builds that allow us to verify that he is honest to actually having
>>> serious usability improvements. I really mean it - the new TBB is
>>> actually awesome. It is blazing fast, it no longer has the sometimes
>>> confusing Vidalia UI, it is now fast to start, it now has a really nice
>>> splash screen, it has a setup wizard - you name it - nearly everything
>>> that people found difficult has been removed, replaced or improved.
>>> Hooray for Mike Perry and all that helped him!
>>>
>>> Here is Mike's email:
>>>
>>>  https://lists.torproject.org/pipermail/tor-talk/2013-June/028440.html
>>>
>>> Here is the place to download it:
>>>
>>>  https://people.torproject.org/~mikeperry/tbb-3.0alpha1-builds/official/
>>>
>>> Please test it and please please tell us how we might improve it!
>>>
>>> All the best,
>>> Jacob
>>> --
>>> Too many emails? Unsubscribe, change to digest, or change password by
>>> emailing moderator at compa...@stanford.edu or changing your settings
>>> at https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>
>>>
>>
>>
>>  --
>>  Masayuki Hatta
>> Assistant Professor, Faculty of Economics and Management, Surugadai
>> University, Japan
>>
>>  http://about.me/mhatta
>>
>> mha...@gnu.org  / mha...@debian.org / mha...@opensource.jp /
>> hatta.masay...@surugadai.ac.jp
>>
>> --
>> Too many emails? Unsubscribe, change to digest, or change password by
>> emailing moderator at compa...@stanford.edu or changing your settings at
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>
>
>
>  --
>
>
>
> Brian Conley
>
> Director, Small World News
>
> http://smallworldnews.tv
>
> m: 646.285.2046
>
> Skype: brianjoelconley
>
>
>
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
>
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Help test the new Tor Browser!

[Jacob Appelbaum]

Brian Conley:
> Thanks Dragana,
> 
> But wouldn't that mean there is no new browser bundle for recent macs as
> only 32 is specified at Jacob's link?

Hi Brian,

So a few things - one is that if you go into "About this mac" you should
see a system profiler link or a "details" button of some sort. This
should allow you to see the details of the hardware. You may also find
this system profiler application by searching with spotlight, I think it
is in /Applications/Utilities/ - or something similar.

Next up - if you have a 64bit mac, I think you can run 32bit mac os x
programs without any issues at all. Thus if you download the
TorBrowserBundle-3.0-alpha-1-osx32_en-US.zip file and verify it:


https://people.torproject.org/~mikeperry/tbb-3.0alpha1-builds/official/TorBrowserBundle-3.0-alpha-1-osx32_en-US.zip

Verify it by checking the signature of the hash list and then ensure
that the hash for your TorBrowserBundle-3.0-alpha-1-osx32_en-US.zip file
matches:

https://people.torproject.org/~mikeperry/tbb-3.0alpha1-builds/official/sha256sum.txt.asc
https://people.torproject.org/~mikeperry/tbb-3.0alpha1-builds/official/sha256sum.txt

In the case of the OS X build for the English speaking audience, you
should see a sha256sum of:

c141e2db01a395bdd480357b1b808691f2a61f4d12e9039806fe0ac538d2e38d
TorBrowserBundle-3.0-alpha-1-osx32_en-US.zip

If you download it to your downloads file, I believe on OS X you can see
the hash by opening Terminal.app, change to the Downloads directory and
then run the sha256sum command or the openssl command to verify the hash:

  cd ~/Downloads
  sha256sum TorBrowserBundle-3.0-alpha-1-osx32_en-US.zip

Or if that doesn't work, I believe you can just type the following:

  openssl dgst -sha256
~/Downloads/TorBrowserBundle-3.0-alpha-1-osx32_en-US.zip

The output should look like this:

SHA256(/Users/x/Downloads/TorBrowserBundle-3.0-alpha-1-osx32_en-US.zip)=
c141e2db01a395bdd480357b1b808691f2a61f4d12e9039806fe0ac538d2e38d

Once you have verified that these match the expected value, open the
.zip file:

   open ~/Downloads/TorBrowserBundle-3.0-alpha-1-osx32_en-US.zip

Extract the TBB folder into /Applications/ for example.

Now run it with the Finder as you would any other application.

All the best,
Jacob

P.S.

Please upgrade your Mac OS X version; I would not suggest running
anything less than 10.8.x if I had a desire to stay safe. Apple tends to
treat older OS X versions differently than the most current version of
the OS.

> 
> Brian
> On Jun 24, 2013 3:18 PM, "Dragana Kaurin"  wrote:
> 
>>  On 06/24/2013 02:53 PM, Brian Conley wrote:
>>
>> Hi Jacob,
>>
>>  This is great news, do you know when the new version available for
>> download on torproject.org?
>>
>>  Also, I'm not sure how I know whether I'm running 32 or 64 bit OSX 10.6,
>> since it doesn't tell me in the "About this Mac."
>>
>>
>> What kind of processor do you have? Inter Core 2 Duo, Intel Quad-Core
>> Xeon, or Intel Core i5  and  i7  all are 64 bit.
>>
>>
>>  While I can certainly figure that out, I'm not sure how many users will
>> be able to solve this issue, much less be aware it is an issue(I only
>> recently(2 years back?) realized it exists on Windows, much less Mac). Any
>> thoughts about this, besides trial and error?
>>
>>  B
>>
>>
>> On Tue, Jun 18, 2013 at 5:24 AM, Masayuki Hatta  wrote:
>>
>>>  Hi,
>>>
>>>  Now the new TBB works nicely for me, and I love it.  One regret is UI
>>> messages are not translated into Japanese...actually, the messages seems to
>>> be already translated(
>>> https://www.transifex.com/projects/p/torproject/language/ja/), but
>>> somehow it doesn't show up (messages in the installer is translated, btw).
>>> Is there anything I can help?
>>>
>>>  Best regards,
>>> MH
>>>
>>>
>>> 2013/6/17 Jacob Appelbaum 
>>>
 Hi,

 I'm really excited to say that Tor Browser has had some really important
 changes. Mike Perry has really outdone himself - from deterministic
 builds that allow us to verify that he is honest to actually having
 serious usability improvements. I really mean it - the new TBB is
 actually awesome. It is blazing fast, it no longer has the sometimes
 confusing Vidalia UI, it is now fast to start, it now has a really nice
 splash screen, it has a setup wizard - you name it - nearly everything
 that people found difficult has been removed, replaced or improved.
 Hooray for Mike Perry and all that helped him!

 Here is Mike's email:

  https://lists.torproject.org/pipermail/tor-talk/2013-June/028440.html

 Here is the place to download it:

  https://people.torproject.org/~mikeperry/tbb-3.0alpha1-builds/official/

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Help test the new Tor Browser!

[Nadim Kobeissi]

On 2013-06-24, at 3:43 PM, Jacob Appelbaum  wrote:

> Brian Conley:
>> Thanks Dragana,
>> 
>> But wouldn't that mean there is no new browser bundle for recent macs as
>> only 32 is specified at Jacob's link?
> 
> Hi Brian,
> 
> So a few things - one is that if you go into "About this mac" you should
> see a system profiler link or a "details" button of some sort. This
> should allow you to see the details of the hardware. You may also find
> this system profiler application by searching with spotlight, I think it
> is in /Applications/Utilities/ - or something similar.
> 
> Next up - if you have a 64bit mac, I think you can run 32bit mac os x
> programs without any issues at all. Thus if you download the
> TorBrowserBundle-3.0-alpha-1-osx32_en-US.zip file and verify it:
> 
> 
> https://people.torproject.org/~mikeperry/tbb-3.0alpha1-builds/official/TorBrowserBundle-3.0-alpha-1-osx32_en-US.zip

Yup, works on my 64-bit Mac just fine. Should work for you too, Brian.

NK

> 
> Verify it by checking the signature of the hash list and then ensure
> that the hash for your TorBrowserBundle-3.0-alpha-1-osx32_en-US.zip file
> matches:
> 
> https://people.torproject.org/~mikeperry/tbb-3.0alpha1-builds/official/sha256sum.txt.asc
> https://people.torproject.org/~mikeperry/tbb-3.0alpha1-builds/official/sha256sum.txt
> 
> In the case of the OS X build for the English speaking audience, you
> should see a sha256sum of:
> 
> c141e2db01a395bdd480357b1b808691f2a61f4d12e9039806fe0ac538d2e38d
> TorBrowserBundle-3.0-alpha-1-osx32_en-US.zip
> 
> If you download it to your downloads file, I believe on OS X you can see
> the hash by opening Terminal.app, change to the Downloads directory and
> then run the sha256sum command or the openssl command to verify the hash:
> 
>  cd ~/Downloads
>  sha256sum TorBrowserBundle-3.0-alpha-1-osx32_en-US.zip
> 
> Or if that doesn't work, I believe you can just type the following:
> 
>  openssl dgst -sha256
> ~/Downloads/TorBrowserBundle-3.0-alpha-1-osx32_en-US.zip
> 
> The output should look like this:
> 
> SHA256(/Users/x/Downloads/TorBrowserBundle-3.0-alpha-1-osx32_en-US.zip)=
> c141e2db01a395bdd480357b1b808691f2a61f4d12e9039806fe0ac538d2e38d
> 
> Once you have verified that these match the expected value, open the
> .zip file:
> 
>   open ~/Downloads/TorBrowserBundle-3.0-alpha-1-osx32_en-US.zip
> 
> Extract the TBB folder into /Applications/ for example.
> 
> Now run it with the Finder as you would any other application.
> 
> All the best,
> Jacob
> 
> P.S.
> 
> Please upgrade your Mac OS X version; I would not suggest running
> anything less than 10.8.x if I had a desire to stay safe. Apple tends to
> treat older OS X versions differently than the most current version of
> the OS.
> 
>> 
>> Brian
>> On Jun 24, 2013 3:18 PM, "Dragana Kaurin"  wrote:
>> 
>>> On 06/24/2013 02:53 PM, Brian Conley wrote:
>>> 
>>> Hi Jacob,
>>> 
>>> This is great news, do you know when the new version available for
>>> download on torproject.org?
>>> 
>>> Also, I'm not sure how I know whether I'm running 32 or 64 bit OSX 10.6,
>>> since it doesn't tell me in the "About this Mac."
>>> 
>>> 
>>> What kind of processor do you have? Inter Core 2 Duo, Intel Quad-Core
>>> Xeon, or Intel Core i5  and  i7  all are 64 bit.
>>> 
>>> 
>>> While I can certainly figure that out, I'm not sure how many users will
>>> be able to solve this issue, much less be aware it is an issue(I only
>>> recently(2 years back?) realized it exists on Windows, much less Mac). Any
>>> thoughts about this, besides trial and error?
>>> 
>>> B
>>> 
>>> 
>>> On Tue, Jun 18, 2013 at 5:24 AM, Masayuki Hatta  wrote:
>>> 
 Hi,
 
 Now the new TBB works nicely for me, and I love it.  One regret is UI
 messages are not translated into Japanese...actually, the messages seems to
 be already translated(
 https://www.transifex.com/projects/p/torproject/language/ja/), but
 somehow it doesn't show up (messages in the installer is translated, btw).
 Is there anything I can help?
 
 Best regards,
 MH
 
 
 2013/6/17 Jacob Appelbaum 
 
> Hi,
> 
> I'm really excited to say that Tor Browser has had some really important
> changes. Mike Perry has really outdone himself - from deterministic
> builds that allow us to verify that he is honest to actually having
> serious usability improvements. I really mean it - the new TBB is
> actually awesome. It is blazing fast, it no longer has the sometimes
> confusing Vidalia UI, it is now fast to start, it now has a really nice
> splash screen, it has a setup wizard - you name it - nearly everything
> that people found difficult has been removed, replaced or improved.
> Hooray for Mike Perry and all that helped him!
> 
> Here is Mike's email:
> 
> https://lists.torproject.org/pipermail/tor-talk/2013-June/028440.html
> 
> Here is the place to download it:
> 
> https://people.torproject.org/~mikeper

Re: [liberationtech] Help test the new Tor Browser!

[Jillian C. York]

Minor piece of feedback:

Why StartPage as default search engine?  They employ safe search by
default.


On Mon, Jun 24, 2013 at 12:59 PM, Nadim Kobeissi  wrote:

>
> On 2013-06-24, at 3:43 PM, Jacob Appelbaum  wrote:
>
> > Brian Conley:
> >> Thanks Dragana,
> >>
> >> But wouldn't that mean there is no new browser bundle for recent macs as
> >> only 32 is specified at Jacob's link?
> >
> > Hi Brian,
> >
> > So a few things - one is that if you go into "About this mac" you should
> > see a system profiler link or a "details" button of some sort. This
> > should allow you to see the details of the hardware. You may also find
> > this system profiler application by searching with spotlight, I think it
> > is in /Applications/Utilities/ - or something similar.
> >
> > Next up - if you have a 64bit mac, I think you can run 32bit mac os x
> > programs without any issues at all. Thus if you download the
> > TorBrowserBundle-3.0-alpha-1-osx32_en-US.zip file and verify it:
> >
> >
> >
> https://people.torproject.org/~mikeperry/tbb-3.0alpha1-builds/official/TorBrowserBundle-3.0-alpha-1-osx32_en-US.zip
>
> Yup, works on my 64-bit Mac just fine. Should work for you too, Brian.
>
> NK
>
> >
> > Verify it by checking the signature of the hash list and then ensure
> > that the hash for your TorBrowserBundle-3.0-alpha-1-osx32_en-US.zip file
> > matches:
> >
> >
> https://people.torproject.org/~mikeperry/tbb-3.0alpha1-builds/official/sha256sum.txt.asc
> >
> https://people.torproject.org/~mikeperry/tbb-3.0alpha1-builds/official/sha256sum.txt
> >
> > In the case of the OS X build for the English speaking audience, you
> > should see a sha256sum of:
> >
> > c141e2db01a395bdd480357b1b808691f2a61f4d12e9039806fe0ac538d2e38d
> > TorBrowserBundle-3.0-alpha-1-osx32_en-US.zip
> >
> > If you download it to your downloads file, I believe on OS X you can see
> > the hash by opening Terminal.app, change to the Downloads directory and
> > then run the sha256sum command or the openssl command to verify the hash:
> >
> >  cd ~/Downloads
> >  sha256sum TorBrowserBundle-3.0-alpha-1-osx32_en-US.zip
> >
> > Or if that doesn't work, I believe you can just type the following:
> >
> >  openssl dgst -sha256
> > ~/Downloads/TorBrowserBundle-3.0-alpha-1-osx32_en-US.zip
> >
> > The output should look like this:
> >
> > SHA256(/Users/x/Downloads/TorBrowserBundle-3.0-alpha-1-osx32_en-US.zip)=
> > c141e2db01a395bdd480357b1b808691f2a61f4d12e9039806fe0ac538d2e38d
> >
> > Once you have verified that these match the expected value, open the
> > .zip file:
> >
> >   open ~/Downloads/TorBrowserBundle-3.0-alpha-1-osx32_en-US.zip
> >
> > Extract the TBB folder into /Applications/ for example.
> >
> > Now run it with the Finder as you would any other application.
> >
> > All the best,
> > Jacob
> >
> > P.S.
> >
> > Please upgrade your Mac OS X version; I would not suggest running
> > anything less than 10.8.x if I had a desire to stay safe. Apple tends to
> > treat older OS X versions differently than the most current version of
> > the OS.
> >
> >>
> >> Brian
> >> On Jun 24, 2013 3:18 PM, "Dragana Kaurin"  wrote:
> >>
> >>> On 06/24/2013 02:53 PM, Brian Conley wrote:
> >>>
> >>> Hi Jacob,
> >>>
> >>> This is great news, do you know when the new version available for
> >>> download on torproject.org?
> >>>
> >>> Also, I'm not sure how I know whether I'm running 32 or 64 bit OSX
> 10.6,
> >>> since it doesn't tell me in the "About this Mac."
> >>>
> >>>
> >>> What kind of processor do you have? Inter Core 2 Duo, Intel Quad-Core
> >>> Xeon, or Intel Core i5  and  i7  all are 64 bit.
> >>>
> >>>
> >>> While I can certainly figure that out, I'm not sure how many users will
> >>> be able to solve this issue, much less be aware it is an issue(I only
> >>> recently(2 years back?) realized it exists on Windows, much less Mac).
> Any
> >>> thoughts about this, besides trial and error?
> >>>
> >>> B
> >>>
> >>>
> >>> On Tue, Jun 18, 2013 at 5:24 AM, Masayuki Hatta 
> wrote:
> >>>
>  Hi,
> 
>  Now the new TBB works nicely for me, and I love it.  One regret is UI
>  messages are not translated into Japanese...actually, the messages
> seems to
>  be already translated(
>  https://www.transifex.com/projects/p/torproject/language/ja/), but
>  somehow it doesn't show up (messages in the installer is translated,
> btw).
>  Is there anything I can help?
> 
>  Best regards,
>  MH
> 
> 
>  2013/6/17 Jacob Appelbaum 
> 
> > Hi,
> >
> > I'm really excited to say that Tor Browser has had some really
> important
> > changes. Mike Perry has really outdone himself - from deterministic
> > builds that allow us to verify that he is honest to actually having
> > serious usability improvements. I really mean it - the new TBB is
> > actually awesome. It is blazing fast, it no longer has the sometimes
> > confusing Vidalia UI, it is now fast to start, it now has a really
> nice
> > splash screen, it

Re: [liberationtech] Help test the new Tor Browser!

[Jacob Appelbaum]

Jillian C. York:
> Minor piece of feedback:
> 
> Why StartPage as default search engine?  They employ safe search by
> default.

That is a good question - I think it is open to discussion. Generally
speaking, I think that a censorship free search engine that requires no
cookies, no javascript, no plugins, uses HTTPS and is fine with Tor is
the best bet.

What meets that requirement right now? Oh also, with search results that
are relevant, useful and so on?

I honestly don't even know anymore. :(

All the best,
Jacob

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Help test the new Tor Browser!

[Michael Carbone]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

DuckDuckGo seems to work well with Tor and without
javascript/cookies/etc. They also run it as a hidden service so you
can keep your search in the Tor cloud -- I don't know of other search
engines that do that: 3g2upl4pq6kufc4m.onion

Michael

On 06/24/2013 04:38 PM, Jacob Appelbaum wrote:
> Jillian C. York:
>> Minor piece of feedback:
>> 
>> Why StartPage as default search engine?  They employ safe search
>> by default.
> 
> That is a good question - I think it is open to discussion.
> Generally speaking, I think that a censorship free search engine
> that requires no cookies, no javascript, no plugins, uses HTTPS and
> is fine with Tor is the best bet.
> 
> What meets that requirement right now? Oh also, with search results
> that are relevant, useful and so on?
> 
> I honestly don't even know anymore. :(
> 
> All the best, Jacob
> 
> -- Too many emails? Unsubscribe, change to digest, or change
> password by emailing moderator at compa...@stanford.edu or changing
> your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 

- -- 
Michael Carbone
Manager of Tech Policy & Programs
Access | https://www.accessnow.org
mich...@accessnow.org | PGP: 0x81B7A13E
PGP Fingerprint: 25EC 1D0F 2D44 C4F4 5BEF EF83 C471 AD94 81B7 A13E

-BEGIN PGP SIGNATURE-

iQIcBAEBAgAGBQJRyLH5AAoJEDH9usG3Jz33G10P/0gfNrJnxgqPmUhs9FgphruA
V7SsX541Y1smcilGJvfiDNtawznToMxwg4jx8eU0jKIZ1SbCGI/f8A3V8lcYLlWO
j5ST0Rc1LUal03ONpGQGHzEtN26SJtvVwh9Rv7fDqlTrj90/8d9q9jFKsli1KGav
o3U/AzUlcTcqqfZLTVKGKERTLsWOjECYob/Af+lz9thX0dtTWZLoe508DarllHwV
wY7jHzlEeuJUEw0r9Z6t2Gy6t9UNrAYiye/8L+6O9CyeiuZUEc4kRXaHv8HoG88k
0uumlP6yAMxSoPSNdb6bp4cTL0VZLETzxNmH59YcZfiH29gj3/1Wbmr6I+Gk2Nuq
bXE6fB8O8ex6kS+77EdNXX+uRUjVsB9r1ph6Jb6WHl2uNmA4svkmzyDYxNHmCsK/
On8dnXzUnx2NtR5yfcUMJdUGBZqimBtJ25/DBYfh1HpoxqibcYtlEw2Bcjg/G5pB
Mk2bLJtpIsMGfR2z1sO9Z8D/ikR2Nnp2td31zzTWenvgoEo9NIS54uJm8+3D05Iv
UGlqAqS0KszXPBopbN/M32OEIbdX7H64lPo/ymDV3J63gsp/2v957NYzDWtN/ktn
mJ4W8tSbDJzDBKQ9T5NJGyjnizGNNYibqAr45lEELfnGBlBfhbkZl+NLSQyqLKeb
2l0GV0AoWyUeNc40oxq3
=6Ndr
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Help test the new Tor Browser!

[Cooper Quintin]

The default engine was Google for a while until Mike Perry and I changed
it.  We chose StartPage over DDG because while both being privacy aware,
start page had more relevant search results.  However these days I
personally find that DDG's results are often more relevant than start
page.  They also have a page that does not require cookies or JS at
https://duckduckgo.com/html/

Cooper Quintin
Technology Director
radicalDESIGNS
PGP Key ID: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA

On 06/24/2013 01:54 PM, Michael Carbone wrote:
> DuckDuckGo seems to work well with Tor and without
> javascript/cookies/etc. They also run it as a hidden service so you
> can keep your search in the Tor cloud -- I don't know of other search
> engines that do that: 3g2upl4pq6kufc4m.onion
> 
> Michael
> 
> On 06/24/2013 04:38 PM, Jacob Appelbaum wrote:
>> Jillian C. York:
>>> Minor piece of feedback:
>>>
>>> Why StartPage as default search engine?  They employ safe search
>>> by default.
> 
>> That is a good question - I think it is open to discussion.
>> Generally speaking, I think that a censorship free search engine
>> that requires no cookies, no javascript, no plugins, uses HTTPS and
>> is fine with Tor is the best bet.
> 
>> What meets that requirement right now? Oh also, with search results
>> that are relevant, useful and so on?
> 
>> I honestly don't even know anymore. :(
> 
>> All the best, Jacob
> 
>> -- Too many emails? Unsubscribe, change to digest, or change
>> password by emailing moderator at compa...@stanford.edu or changing
>> your settings at
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Help test the new Tor Browser!

[Jacob Appelbaum]

Michael Carbone:
> DuckDuckGo seems to work well with Tor and without
> javascript/cookies/etc. They also run it as a hidden service so you
> can keep your search in the Tor cloud -- I don't know of other search
> engines that do that: 3g2upl4pq6kufc4m.onion
> 

I generally feel friendly to DuckDuckGo.

I wonder how it performs for search between https://duckduckgo.com/ and
http://3g2upl4pq6kufc4m.onion - has anyone performed any queries and
computed information about time to connect, delays in searching, etc?
Some kind analysis would be useful. Especially if we compare results and
timing with other choices.

All the best,
Jacob
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

[Jacob Appelbaum]

micah:
> Eleanor Saitta  writes:
> 
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> On 2013.06.24 07.19, Douwe Schmidt wrote:
>>> Dear LibTech Readers,
>>>
>>> In a little bit over a month OHM2013 is happening in The
>>> Netherlands. There has been a lot of controversy in the run-up to
>>> this gathering. There was criticism of the involvement of tech
>>> security company Fox-IT, then there was a heated debate on the
>>> presence of Dutch High-tech Crime Unit in a village of their own.
>>> Both discussions have calmed down. But the relevance of these
>>> topics was clarified and reinforced.
>>
>> It's very sad that the organizing team has not actually taken any
>> meaningful steps to address either their complicity with the
>> manufacture of surveillance equipment, their acceptance of the
>> promotion of a fascist police force, or the way they treated people
>> who had previously been part of their own team during the "discussion"
>> that ensued.  In fact, as far as I can tell, absolutely nothing has
>> happened on their end, they've just out-waited any discussion.
>>
>> A lot of people are asking me to change my mind on attending, and it
>> sounds like you guys are going to have a lot of fun, but I'm finding
>> myself pretty unmotivated to change my mind given that much of the
>> organizing team doesn't seem to care at all about human rights.
> 
> I felt the same way as you, but someone convinced me that boycotting
> just removes my voice from this conversation, and that attending gives a
> chance to have this well needed discussion with the community.

This is a false dichotomy of an argument if ever I've heard one. I keep
hearing it too. It bums me out to no end.

I understand that removing ourselves from specific discussions removes
our voices from those discussions. However, I see no reason why the
greater discussion itself is confined to that specific space at that
specific time. Who decided that? At best, we do when we engage with it
despite very serious and very reasonable misgivings.

We should work to create a space that is on level footing; we should not
engage seriously with spaces that demonstrate otherwise so blatantly.

I'm sure that OHM will be worth attending but let us not have the
illusion that it presents an ideal safe space for such discussions. Let
us also be clear that OHM is not the only place for such discussions nor
is by any means the only place that the community is able to hold such
discussions.

The question that is open for me and many others is clear - what is that
space? Where is that space?

I suspect that it will not be found at OHM or probably even at Noisy
Square. I'd love to be surprised but I don't expect to see the OHM
social contract amended to ensure equality and freedom from violence; I
suggested it to a few people online and was basically scoffed at in no
uncertain terms.

All the best,
Jacob
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Help test the new Tor Browser!

[Nick]

Quoth Jacob Appelbaum:
> I wonder how it performs for search between https://duckduckgo.com/ and
> http://3g2upl4pq6kufc4m.onion - has anyone performed any queries and
> computed information about time to connect, delays in searching, etc?
> Some kind analysis would be useful. Especially if we compare results and
> timing with other choices.

I haven't done any formal testing, but I use the above hidden 
service regularly, and it doesn't seem to be any slower or less 
reliable than https://duckduckgo.com/
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Help test the new Tor Browser!

[Jillian C. York]

I prefer DuckDuckGo as well - although the other option is convincing
StartPage to be less censorious...


On Mon, Jun 24, 2013 at 2:04 PM, Cooper Quintin
wrote:

> The default engine was Google for a while until Mike Perry and I changed
> it.  We chose StartPage over DDG because while both being privacy aware,
> start page had more relevant search results.  However these days I
> personally find that DDG's results are often more relevant than start
> page.  They also have a page that does not require cookies or JS at
> https://duckduckgo.com/html/
>
> Cooper Quintin
> Technology Director
> radicalDESIGNS
> PGP Key ID: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA
>
> On 06/24/2013 01:54 PM, Michael Carbone wrote:
> > DuckDuckGo seems to work well with Tor and without
> > javascript/cookies/etc. They also run it as a hidden service so you
> > can keep your search in the Tor cloud -- I don't know of other search
> > engines that do that: 3g2upl4pq6kufc4m.onion
> >
> > Michael
> >
> > On 06/24/2013 04:38 PM, Jacob Appelbaum wrote:
> >> Jillian C. York:
> >>> Minor piece of feedback:
> >>>
> >>> Why StartPage as default search engine?  They employ safe search
> >>> by default.
> >
> >> That is a good question - I think it is open to discussion.
> >> Generally speaking, I think that a censorship free search engine
> >> that requires no cookies, no javascript, no plugins, uses HTTPS and
> >> is fine with Tor is the best bet.
> >
> >> What meets that requirement right now? Oh also, with search results
> >> that are relevant, useful and so on?
> >
> >> I honestly don't even know anymore. :(
> >
> >> All the best, Jacob
> >
> >> -- Too many emails? Unsubscribe, change to digest, or change
> >> password by emailing moderator at compa...@stanford.edu or changing
> >> your settings at
> >> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> >
> > --
> > Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
>
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>



-- 
US: +1-857-891-4244 | NL: +31-657086088
site:  jilliancyork.com * | *
twitter: @jilliancyork* *

"We must not be afraid of dreaming the seemingly impossible if we want the
seemingly impossible to become a reality" - *Vaclav Havel*
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Help test the new Tor Browser!

[Cooper Quintin]

Start page also allows you to generate a url that has certain settings,
for example this one (
https://startpage.com/do/mypage.pl?prf=c2a9ee9b20d61e980b6f6cce7026bc91
)has safe search turned off and no caching for video and image search
results turned on.  It could be useful to put something like this in Tor
Browser to avoid search filtering.

Cooper Quintin
Technology Director
radicalDESIGNS
(O) 415-738-0456 (C) 510 827 5382
1201 Martin Luther King Jr. Blvd, Oakland, CA
PGP Key ID: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA

On 06/24/2013 02:26 PM, Jillian C. York wrote:
> I prefer DuckDuckGo as well - although the other option is convincing
> StartPage to be less censorious...
> 
> 
> On Mon, Jun 24, 2013 at 2:04 PM, Cooper Quintin
> mailto:coo...@radicaldesigns.org>> wrote:
> 
> The default engine was Google for a while until Mike Perry and I changed
> it.  We chose StartPage over DDG because while both being privacy aware,
> start page had more relevant search results.  However these days I
> personally find that DDG's results are often more relevant than start
> page.  They also have a page that does not require cookies or JS at
> https://duckduckgo.com/html/
> 
> Cooper Quintin
> Technology Director
> radicalDESIGNS
> PGP Key ID: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA
> 
> On 06/24/2013 01:54 PM, Michael Carbone wrote:
> > DuckDuckGo seems to work well with Tor and without
> > javascript/cookies/etc. They also run it as a hidden service so you
> > can keep your search in the Tor cloud -- I don't know of other search
> > engines that do that: 3g2upl4pq6kufc4m.onion
> >
> > Michael
> >
> > On 06/24/2013 04:38 PM, Jacob Appelbaum wrote:
> >> Jillian C. York:
> >>> Minor piece of feedback:
> >>>
> >>> Why StartPage as default search engine?  They employ safe search
> >>> by default.
> >
> >> That is a good question - I think it is open to discussion.
> >> Generally speaking, I think that a censorship free search engine
> >> that requires no cookies, no javascript, no plugins, uses HTTPS and
> >> is fine with Tor is the best bet.
> >
> >> What meets that requirement right now? Oh also, with search results
> >> that are relevant, useful and so on?
> >
> >> I honestly don't even know anymore. :(
> >
> >> All the best, Jacob
> >
> >> -- Too many emails? Unsubscribe, change to digest, or change
> >> password by emailing moderator at compa...@stanford.edu
>  or changing
> >> your settings at
> >> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> >
> > --
> > Too many emails? Unsubscribe, change to digest, or change password
> by emailing moderator at compa...@stanford.edu
>  or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> 
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password
> by emailing moderator at compa...@stanford.edu
>  or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> 
> 
> 
> -- 
> US: +1-857-891-4244 | NL: +31-657086088
> site:  jilliancyork.com *|
> *twitter: @jilliancyork* *
> 
> "We must not be afraid of dreaming the seemingly impossible if we want
> the seemingly impossible to become a reality" - /Vaclav Havel/
> 
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Help test the new Tor Browser!

[Cooper Quintin]

Jillian,
It is also worth noting that DDG has safe search enabled by default as
well.

Cooper Quintin
Technology Director
radicalDESIGNS
PGP Key ID: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA

On 06/24/2013 02:26 PM, Jillian C. York wrote:
> I prefer DuckDuckGo as well - although the other option is convincing
> StartPage to be less censorious...
> 
> 
> On Mon, Jun 24, 2013 at 2:04 PM, Cooper Quintin
> mailto:coo...@radicaldesigns.org>> wrote:
> 
> The default engine was Google for a while until Mike Perry and I changed
> it.  We chose StartPage over DDG because while both being privacy aware,
> start page had more relevant search results.  However these days I
> personally find that DDG's results are often more relevant than start
> page.  They also have a page that does not require cookies or JS at
> https://duckduckgo.com/html/
> 
> Cooper Quintin
> Technology Director
> radicalDESIGNS
> PGP Key ID: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA
> 
> On 06/24/2013 01:54 PM, Michael Carbone wrote:
> > DuckDuckGo seems to work well with Tor and without
> > javascript/cookies/etc. They also run it as a hidden service so you
> > can keep your search in the Tor cloud -- I don't know of other search
> > engines that do that: 3g2upl4pq6kufc4m.onion
> >
> > Michael
> >
> > On 06/24/2013 04:38 PM, Jacob Appelbaum wrote:
> >> Jillian C. York:
> >>> Minor piece of feedback:
> >>>
> >>> Why StartPage as default search engine?  They employ safe search
> >>> by default.
> >
> >> That is a good question - I think it is open to discussion.
> >> Generally speaking, I think that a censorship free search engine
> >> that requires no cookies, no javascript, no plugins, uses HTTPS and
> >> is fine with Tor is the best bet.
> >
> >> What meets that requirement right now? Oh also, with search results
> >> that are relevant, useful and so on?
> >
> >> I honestly don't even know anymore. :(
> >
> >> All the best, Jacob
> >
> >> -- Too many emails? Unsubscribe, change to digest, or change
> >> password by emailing moderator at compa...@stanford.edu
>  or changing
> >> your settings at
> >> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> >
> > --
> > Too many emails? Unsubscribe, change to digest, or change password
> by emailing moderator at compa...@stanford.edu
>  or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> 
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password
> by emailing moderator at compa...@stanford.edu
>  or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> 
> 
> 
> -- 
> US: +1-857-891-4244 | NL: +31-657086088
> site:  jilliancyork.com *|
> *twitter: @jilliancyork* *
> 
> "We must not be afraid of dreaming the seemingly impossible if we want
> the seemingly impossible to become a reality" - /Vaclav Havel/
> 
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Help test the new Tor Browser!

[Jillian C. York]

+1


On Mon, Jun 24, 2013 at 2:38 PM, Cooper Quintin
wrote:

> Start page also allows you to generate a url that has certain settings,
> for example this one (
> https://startpage.com/do/mypage.pl?prf=c2a9ee9b20d61e980b6f6cce7026bc91
> )has safe search turned off and no caching for video and image search
> results turned on.  It could be useful to put something like this in Tor
> Browser to avoid search filtering.
>
> Cooper Quintin
> Technology Director
> radicalDESIGNS
> (O) 415-738-0456 (C) 510 827 5382
> 1201 Martin Luther King Jr. Blvd, Oakland, CA
> PGP Key ID: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA
>
> On 06/24/2013 02:26 PM, Jillian C. York wrote:
> > I prefer DuckDuckGo as well - although the other option is convincing
> > StartPage to be less censorious...
> >
> >
> > On Mon, Jun 24, 2013 at 2:04 PM, Cooper Quintin
> > mailto:coo...@radicaldesigns.org>> wrote:
> >
> > The default engine was Google for a while until Mike Perry and I
> changed
> > it.  We chose StartPage over DDG because while both being privacy
> aware,
> > start page had more relevant search results.  However these days I
> > personally find that DDG's results are often more relevant than start
> > page.  They also have a page that does not require cookies or JS at
> > https://duckduckgo.com/html/
> >
> > Cooper Quintin
> > Technology Director
> > radicalDESIGNS
> > PGP Key ID: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA
> >
> > On 06/24/2013 01:54 PM, Michael Carbone wrote:
> > > DuckDuckGo seems to work well with Tor and without
> > > javascript/cookies/etc. They also run it as a hidden service so you
> > > can keep your search in the Tor cloud -- I don't know of other
> search
> > > engines that do that: 3g2upl4pq6kufc4m.onion
> > >
> > > Michael
> > >
> > > On 06/24/2013 04:38 PM, Jacob Appelbaum wrote:
> > >> Jillian C. York:
> > >>> Minor piece of feedback:
> > >>>
> > >>> Why StartPage as default search engine?  They employ safe search
> > >>> by default.
> > >
> > >> That is a good question - I think it is open to discussion.
> > >> Generally speaking, I think that a censorship free search engine
> > >> that requires no cookies, no javascript, no plugins, uses HTTPS
> and
> > >> is fine with Tor is the best bet.
> > >
> > >> What meets that requirement right now? Oh also, with search
> results
> > >> that are relevant, useful and so on?
> > >
> > >> I honestly don't even know anymore. :(
> > >
> > >> All the best, Jacob
> > >
> > >> -- Too many emails? Unsubscribe, change to digest, or change
> > >> password by emailing moderator at compa...@stanford.edu
> >  or changing
> > >> your settings at
> > >> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> > >
> > >
> > > --
> > > Too many emails? Unsubscribe, change to digest, or change password
> > by emailing moderator at compa...@stanford.edu
> >  or changing your settings at
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
> > >
> >
> >
> > --
> > Too many emails? Unsubscribe, change to digest, or change password
> > by emailing moderator at compa...@stanford.edu
> >  or changing your settings at
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> >
> >
> >
> > --
> > US: +1-857-891-4244 | NL: +31-657086088
> > site:  jilliancyork.com *|
> > *twitter: @jilliancyork* *
> >
> > "We must not be afraid of dreaming the seemingly impossible if we want
> > the seemingly impossible to become a reality" - /Vaclav Havel/
> >
> >
> > --
> > Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>



-- 
US: +1-857-891-4244 | NL: +31-657086088
site:  jilliancyork.com * | *
twitter: @jilliancyork* *

"We must not be afraid of dreaming the seemingly impossible if we want the
seemingly impossible to become a reality" - *Vaclav Havel*
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Help test the new Tor Browser!

[Jacob Appelbaum]

Jillian C. York:
> +1
> 
> 
> On Mon, Jun 24, 2013 at 2:38 PM, Cooper Quintin
> wrote:
> 
>> Start page also allows you to generate a url that has certain settings,
>> for example this one (
>> https://startpage.com/do/mypage.pl?prf=c2a9ee9b20d61e980b6f6cce7026bc91
>> )has safe search turned off and no caching for video and image search
>> results turned on.  It could be useful to put something like this in Tor
>> Browser to avoid search filtering.

It would be great if this was the default home page. I'd certainly be
happier with that as the default search engine.

All the best,
Jacob

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Help test the new Tor Browser!

[Mike Perry]

Cooper Quintin:
> The default engine was Google for a while until Mike Perry and I changed
> it.  We chose StartPage over DDG because while both being privacy aware,
> start page had more relevant search results.  However these days I
> personally find that DDG's results are often more relevant than start
> page. 

I find StartPage/Google immensely superior to Duckduckgo/Bing when
searching the "long tail" of technical material (which I do frequently).

This has always been the case, and has not changed these days, or ever.

One example: Try querying both engines for "deterministic builds" and
compare what you find on the front page of each. By result 10,
DuckDuckGo starts rambling about free will, philosophy, and life
planning. Startpage on the other hand, actually already includes this
very thread in the first page results.

I am curious which types of queries people perceive DuckDuckGo/Bing to
be better at. Is it only better if you're searching for hoodies, movies,
video games, and other mainstream things?

> They also have a page that does not require cookies or JS at
> https://duckduckgo.com/html/

I am not aware of any JS or cookie requirement via StartPage either, and
Startpage allows you to generate your own URL with the safesearch
features disabled (so you do not need cookies). You can then create a
keyword search for this URL.

I am not sure if we want to make that our default search option, but
I might be convinced to merge a third omnibox dropdown for it.


-- 
Mike Perry
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

[Griffin Boyce]

  Not only am I going to be presenting three talks at OHM, I will be
presenting talks that are (in many ways) totally dead conversations in the
US.

  It's interesting how much of the debate centers around the presence of
police at OHM, as if American hacker cons didn't have the head of the NSA
presenting keynotes. Or congratulating a child for doing things an adult
could be prosecuted for.  I find it really hard to pass judgement on OHM
organizers when our own ecosystem is so unbelievably toxic.

  I guess it's different when the cops are Dutch.

~Griffin

-- 
Just another hacker in the City of Spies.
#Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de

My posts, while frequently amusing, are not representative of the thoughts
of my employer.
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

[Jacob Appelbaum]

Griffin Boyce:
>   Not only am I going to be presenting three talks at OHM, I will be
> presenting talks that are (in many ways) totally dead conversations in the
> US.
> 

Congratulations. I look forward to seeing them, probably on a remote
stream but also perhaps in person.

>   It's interesting how much of the debate centers around the presence of
> police at OHM, as if American hacker cons didn't have the head of the NSA
> presenting keynotes. Or congratulating a child for doing things an adult
> could be prosecuted for. 

The debate centers around people in the community working with the
police, with the police being openly welcome, with those same police
being pushed with false arguments about how "undercover cops" will be
there anyway and so on. They are "required" by law to arrest people in
some unknown set of conditions - you know, except when you download
movies or other things where they are able to look the other way.

No one has said that the cops shouldn't submit a talk - many have even
called for debate panels and for the cops to join up. What is the status
on that? Did any of those high tech police or intelligence agencies
actually offer to join as a peer? Are they coming to share their new
forensics techniques with the community?

To arrest someone against their will is to commit an act of violence
against them. If one is required by law to perform such arrests, one
should avoid such an event - it puts the community in danger. The event
should ban anyone who is "required" to commit such acts of violence -
people should come as peers, as equal. Exceptions are required under
Dutch law, those are unfortunate - though they can stay exceptions if
the community makes a commitment to creating a safe space by explicitly
banning anyone who is required to commit such acts of violence. OHM
hasn't, sadly. Rather, suggestions of such have been looked at as
laughable, much to the surprise of many.

> I find it really hard to pass judgement on OHM
> organizers when our own ecosystem is so unbelievably toxic.
> 

I don't pass judgment on OHM orga independent of the US ecosystem. I
pass judgment specifically because of the dialog and those very same
people saying that they're not the US ecosystem. Yet we know very well
that AiVD now says that they use PRISM data - talk about a distinction
without a difference!

>   I guess it's different when the cops are Dutch.
> 

The Dutch police have FBI agents embedded in their offices. AiVD shares
data with the NSA and vice versa. The difference is that many
nationalists in the Dutch hacker scene don't see that any scenes with
such ties is possibly toxic; differently toxic but certainly
subserviently! To compare the Dutch legal system to the US in light of
the PRISM scandal makes it all the more ridiculous.

All the best,
Jacob

P.S. https://www.youtube.com/watch?v=CjMLZuuXDRQ
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Help test the new Tor Browser!

[Mike Perry]

Jacob Appelbaum:
> Jillian C. York:
> > +1
> > 
> > 
> > On Mon, Jun 24, 2013 at 2:38 PM, Cooper Quintin
> > wrote:
> > 
> >> Start page also allows you to generate a url that has certain settings,
> >> for example this one (
> >> https://startpage.com/do/mypage.pl?prf=c2a9ee9b20d61e980b6f6cce7026bc91
> >> )has safe search turned off and no caching for video and image search
> >> results turned on.  It could be useful to put something like this in Tor
> >> Browser to avoid search filtering.
> 
> It would be great if this was the default home page. I'd certainly be
> happier with that as the default search engine.

I don't have anything against porn, and do I strongly believe we should
make it easy for people to search for whatever they want (hence right
now, I like the idea of adding a "Startpage (unfiltered)" omnibox item
rather than changing the default), but I am not sure that I like the
idea of exposing people to porn who are not looking for it. I worry that
changing the default *might* do this.


Two things could tip the scales in my mind either way about the default:

1. Can anyone provide concrete examples where the image and/or video
filters of Startpage/Google (I think Startpage just uses Google's
filters) have inadvertently censored material that is not porn, and this
error has persisted uncorrected for a significant period of time?

I think it is important to weigh this against people being provided with
porn results if they are not actually looking for porn -- which is an
important issue of consent, IMO. I am sure there are many Muslim users
of TBB who do not want to see porn at all, and merely want free access
to information. The possibility of subjecting those people to porn
potentially against their will weighs on me a bit..


2. The converse is that making people in the Islamic world who *are*
looking for porn potentially signal this via their omnibox choice isn't
a great option either, since that choice can leak to disk. I don't think
it is fair to allow these people to potentially subject themselves to
government persecution via this choice. :/


I am open to suggestions on how to balance these concerns.



-- 
Mike Perry
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

[phryk]

On Mon, 24 Jun 2013 21:17:16 +
Jacob Appelbaum  wrote:

> This is a false dichotomy of an argument if ever I've heard one. I
> keep hearing it too. It bums me out to no end.
> 
> I understand that removing ourselves from specific discussions removes
> our voices from those discussions. However, I see no reason why the
> greater discussion itself is confined to that specific space at that
> specific time. Who decided that? At best, we do when we engage with it
> despite very serious and very reasonable misgivings.

Of course the greater discussion isn't confined to the OHM Camp but my
understanding is that the mentioned discussion is specific to that
event. And at least for me it will be also the next chance to meet any
of the people here.

> We should work to create a space that is on level footing; we should
> not engage seriously with spaces that demonstrate otherwise so
> blatantly.
> 
> I'm sure that OHM will be worth attending but let us not have the
> illusion that it presents an ideal safe space for such discussions.
> Let us also be clear that OHM is not the only place for such
> discussions nor is by any means the only place that the community is
> able to hold such discussions.

Personally, I'm not aware of any place that would fit that description,
but it is at least a place where a bunch of the people here will be
able to meet in person.
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

[Jacob Appelbaum]

phryk:
> On Mon, 24 Jun 2013 21:17:16 +
> Jacob Appelbaum  wrote:
> 
>> This is a false dichotomy of an argument if ever I've heard one. I
>> keep hearing it too. It bums me out to no end.
>>
>> I understand that removing ourselves from specific discussions removes
>> our voices from those discussions. However, I see no reason why the
>> greater discussion itself is confined to that specific space at that
>> specific time. Who decided that? At best, we do when we engage with it
>> despite very serious and very reasonable misgivings.
> 
> Of course the greater discussion isn't confined to the OHM Camp but my
> understanding is that the mentioned discussion is specific to that
> event. And at least for me it will be also the next chance to meet any
> of the people here.
> 

A lot of the context is related but not entirely specific.

>> We should work to create a space that is on level footing; we should
>> not engage seriously with spaces that demonstrate otherwise so
>> blatantly.
>>
>> I'm sure that OHM will be worth attending but let us not have the
>> illusion that it presents an ideal safe space for such discussions.
>> Let us also be clear that OHM is not the only place for such
>> discussions nor is by any means the only place that the community is
>> able to hold such discussions.
> 
> Personally, I'm not aware of any place that would fit that description,
> but it is at least a place where a bunch of the people here will be
> able to meet in person.

The 30th CCC Congress is likely to be such a space. Alternatively, we
could create a new space that talks about the issues at hand.

All the best,
Jacob
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

[Nadim Kobeissi]

On 2013-06-24, at 6:23 PM, Griffin Boyce  wrote:

>   Not only am I going to be presenting three talks at OHM, I will be 
> presenting talks that are (in many ways) totally dead conversations in the 
> US.  
> 
>   It's interesting how much of the debate centers around the presence of 
> police at OHM, as if American hacker cons didn't have the head of the NSA 
> presenting keynotes. Or congratulating a child for doing things an adult 
> could be prosecuted for.  I find it really hard to pass judgement on OHM 
> organizers when our own ecosystem is so unbelievably toxic.

Hear hear, Griffin.
Also, Micah made some good points.

Adding on what Griffin and Micah have saidI think OHM is an opportunity for 
those discussions to happen between legitimate people at a legitimate and 
exciting event. I myself am presenting a talk and a workshop at OHM and 
NoisySquare.

If you want to focus your ire on something, go take a look at how DEFCON and 
BlackHat are inviting NSA Director Keith Alexander to give the keynote!

NK

> 
>   I guess it's different when the cops are Dutch.
> 
> ~Griffin
> 
> -- 
> Just another hacker in the City of Spies.
> #Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de
> 
> My posts, while frequently amusing, are not representative of the thoughts of 
> my employer. --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

[phryk]

On Mon, 24 Jun 2013 23:02:00 +
Jacob Appelbaum  wrote:

> The 30th CCC Congress is likely to be such a space. Alternatively, we
> could create a new space that talks about the issues at hand.

Works for me. The only thought I'd have about that is if the timeframe
is okay; But then again the problem isn't exactly new either, so I
guess a few months won't lead to the sudden death of our culture…
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Help test the new Tor Browser!

[Nadim Kobeissi]

I'd just like to add that I'm a DuckDuckGo user myself and that I can 
definitely vouch for the service.

NK


On 2013-06-24, at 6:50 PM, Mike Perry  wrote:

> Jacob Appelbaum:
>> Jillian C. York:
>>> +1
>>> 
>>> 
>>> On Mon, Jun 24, 2013 at 2:38 PM, Cooper Quintin
>>> wrote:
>>> 
 Start page also allows you to generate a url that has certain settings,
 for example this one (
 https://startpage.com/do/mypage.pl?prf=c2a9ee9b20d61e980b6f6cce7026bc91
 )has safe search turned off and no caching for video and image search
 results turned on.  It could be useful to put something like this in Tor
 Browser to avoid search filtering.
>> 
>> It would be great if this was the default home page. I'd certainly be
>> happier with that as the default search engine.
> 
> I don't have anything against porn, and do I strongly believe we should
> make it easy for people to search for whatever they want (hence right
> now, I like the idea of adding a "Startpage (unfiltered)" omnibox item
> rather than changing the default), but I am not sure that I like the
> idea of exposing people to porn who are not looking for it. I worry that
> changing the default *might* do this.
> 
> 
> Two things could tip the scales in my mind either way about the default:
> 
> 1. Can anyone provide concrete examples where the image and/or video
> filters of Startpage/Google (I think Startpage just uses Google's
> filters) have inadvertently censored material that is not porn, and this
> error has persisted uncorrected for a significant period of time?
> 
> I think it is important to weigh this against people being provided with
> porn results if they are not actually looking for porn -- which is an
> important issue of consent, IMO. I am sure there are many Muslim users
> of TBB who do not want to see porn at all, and merely want free access
> to information. The possibility of subjecting those people to porn
> potentially against their will weighs on me a bit..
> 
> 
> 2. The converse is that making people in the Islamic world who *are*
> looking for porn potentially signal this via their omnibox choice isn't
> a great option either, since that choice can leak to disk. I don't think
> it is fair to allow these people to potentially subject themselves to
> government persecution via this choice. :/
> 
> 
> I am open to suggestions on how to balance these concerns.
> 
> 
> 
> -- 
> Mike Perry
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Help test the new Tor Browser!

[Mike Perry]

Mike Perry:
> Jacob Appelbaum:
> > Jillian C. York:
> > > +1
> > > 
> > > 
> > > On Mon, Jun 24, 2013 at 2:38 PM, Cooper Quintin
> > > wrote:
> > > 
> > >> Start page also allows you to generate a url that has certain settings,
> > >> for example this one (
> > >> https://startpage.com/do/mypage.pl?prf=c2a9ee9b20d61e980b6f6cce7026bc91
> > >> )has safe search turned off and no caching for video and image search
> > >> results turned on.  It could be useful to put something like this in Tor
> > >> Browser to avoid search filtering.
> > 
> > It would be great if this was the default home page. I'd certainly be
> > happier with that as the default search engine.
> 
> I don't have anything against porn, and do I strongly believe we should
> make it easy for people to search for whatever they want (hence right
> now, I like the idea of adding a "Startpage (unfiltered)" omnibox item
> rather than changing the default), but I am not sure that I like the
> idea of exposing people to porn who are not looking for it. I worry that
> changing the default *might* do this.

In fact it does do this. Queries for "female condom help", "female
condom use", "female condom pictures", "female condom videos" return
increasing numbers of porn results with the query without filters. With
the filters in place, they return no porn, only instructional material,
diagrams, and pictures.

I think it is reasonable to expect that a number of sexual education
and potentially even sexual abuse topics will have similar results.

> Two things could tip the scales in my mind either way about the default:
> 
> 1. Can anyone provide concrete examples where the image and/or video
> filters of Startpage/Google (I think Startpage just uses Google's
> filters) have inadvertently censored material that is not porn, and this
> error has persisted uncorrected for a significant period of time?
> 
> I think it is important to weigh this against people being provided with
> porn results if they are not actually looking for porn -- which is an
> important issue of consent, IMO. I am sure there are many Muslim users
> of TBB who do not want to see porn at all, and merely want free access
> to information. The possibility of subjecting those people to porn
> potentially against their will weighs on me a bit..
> 
> 
> 2. The converse is that making people in the Islamic world who *are*
> looking for porn potentially signal this via their omnibox choice isn't
> a great option either, since that choice can leak to disk. I don't think
> it is fair to allow these people to potentially subject themselves to
> government persecution via this choice. :/
> 
> 
> I am open to suggestions on how to balance these concerns.

Still am, but I also want to point out that there is also the "Do
Nothing" option: DuckDuckGo is our second omnibox choice, and it is not
hard to switch to it to get unfiltered porn results without signaling
that you are looking for such material...


-- 
Mike Perry
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

[coderman]

On Mon, Jun 24, 2013 at 4:17 PM, Nadim Kobeissi  wrote:
> ...
> If you want to focus your ire on something, go take a look at how DEFCON and 
> BlackHat are inviting NSA Director Keith Alexander to give the keynote!


they bring great exploit kit; make yourself a target and get world
class "auditing" for free...
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

[Jurre andmore]

Sorry, but why would 30c3 be this place and not any other venue in the
world? Without context this sounds silly.

2013/6/25 Jacob Appelbaum 

> phryk:
> > On Mon, 24 Jun 2013 21:17:16 +
> > Jacob Appelbaum  wrote:
> >
> >> This is a false dichotomy of an argument if ever I've heard one. I
> >> keep hearing it too. It bums me out to no end.
> >>
> >> I understand that removing ourselves from specific discussions removes
> >> our voices from those discussions. However, I see no reason why the
> >> greater discussion itself is confined to that specific space at that
> >> specific time. Who decided that? At best, we do when we engage with it
> >> despite very serious and very reasonable misgivings.
> >
> > Of course the greater discussion isn't confined to the OHM Camp but my
> > understanding is that the mentioned discussion is specific to that
> > event. And at least for me it will be also the next chance to meet any
> > of the people here.
> >
>
> A lot of the context is related but not entirely specific.
>
> >> We should work to create a space that is on level footing; we should
> >> not engage seriously with spaces that demonstrate otherwise so
> >> blatantly.
> >>
> >> I'm sure that OHM will be worth attending but let us not have the
> >> illusion that it presents an ideal safe space for such discussions.
> >> Let us also be clear that OHM is not the only place for such
> >> discussions nor is by any means the only place that the community is
> >> able to hold such discussions.
> >
> > Personally, I'm not aware of any place that would fit that description,
> > but it is at least a place where a bunch of the people here will be
> > able to meet in person.
>
> The 30th CCC Congress is likely to be such a space. Alternatively, we
> could create a new space that talks about the issues at hand.
>
> All the best,
> Jacob
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>



-- 
With kind regards,

Jurre van Bergen
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

[Jacob Appelbaum]

Nadim Kobeissi:
> 
> On 2013-06-24, at 6:23 PM, Griffin Boyce 
> wrote:
> 
>> Not only am I going to be presenting three talks at OHM, I will be
>> presenting talks that are (in many ways) totally dead conversations
>> in the US.
>> 
>> It's interesting how much of the debate centers around the presence
>> of police at OHM, as if American hacker cons didn't have the head
>> of the NSA presenting keynotes. Or congratulating a child for doing
>> things an adult could be prosecuted for.  I find it really hard to
>> pass judgement on OHM organizers when our own ecosystem is so
>> unbelievably toxic.
> 
> Hear hear, Griffin. Also, Micah made some good points.
> 
> Adding on what Griffin and Micah have saidI think OHM is an
> opportunity for those discussions to happen between legitimate people
> at a legitimate and exciting event.

Legitimate? You mean the event that has driven away a number of people,
including those who don't feel safe but wanted to be a part of the
discussion?

Using the word legitimate is a rhetorical disarming tactic in such a
social context. It declares a really contentious situation to be safe
for all when many have dissented. The social contract hasn't changed to
take their concerns into account, either.

Pretty illegitimate if you ask me!

> I myself am presenting a talk and
> a workshop at OHM and NoisySquare.

Congratulations on your talk and workshop.

> 
> If you want to focus your ire on something, go take a look at how
> DEFCON and BlackHat are inviting NSA Director Keith Alexander to give
> the keynote!
> 

Why not both? The Dutch intelligence will be undercover watching OHM,
right? They're able to access and use NSA intercepts, much to the
previously quite over the top nationalist hackers chagrin.

I suspect that Gen. A won't receive a warm welcome at Defcon or BlackHat
- though I wager he won't get the customary cream pie prank either.
Either way - this is a stark contrast to the "lets make a village" and
"our cops are fine and dandy" dialog I've heard from many people during
various OHM dialogs.

All the best,
Jacob
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

[Jacob Appelbaum]

Jurre andmore:
> Sorry, but why would 30c3 be this place and not any other venue in the
> world? Without context this sounds silly.
> 

It was merely a suggestion and it is hardly without context.

Any event or space that is willing to create an explicitly safe space
for an open dialog is probably in a good position to host such a discussion.

All the best,
Jacob

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

[Jurre andmore]

2013/6/25 Jacob Appelbaum 

> Nadim Kobeissi:
> >
> > On 2013-06-24, at 6:23 PM, Griffin Boyce 
> > wrote:
> >
> >> Not only am I going to be presenting three talks at OHM, I will be
> >> presenting talks that are (in many ways) totally dead conversations
> >> in the US.
> >>
> >> It's interesting how much of the debate centers around the presence
> >> of police at OHM, as if American hacker cons didn't have the head
> >> of the NSA presenting keynotes. Or congratulating a child for doing
> >> things an adult could be prosecuted for.  I find it really hard to
> >> pass judgement on OHM organizers when our own ecosystem is so
> >> unbelievably toxic.
> >
> > Hear hear, Griffin. Also, Micah made some good points.
> >
> > Adding on what Griffin and Micah have saidI think OHM is an
> > opportunity for those discussions to happen between legitimate people
> > at a legitimate and exciting event.
>
> Legitimate? You mean the event that has driven away a number of people,
> including those who don't feel safe but wanted to be a part of the
> discussion?
>
> Using the word legitimate is a rhetorical disarming tactic in such a
> social context. It declares a really contentious situation to be safe
> for all when many have dissented. The social contract hasn't changed to
> take their concerns into account, either.
>
> Pretty illegitimate if you ask me!
>
> > I myself am presenting a talk and
> > a workshop at OHM and NoisySquare.
>
> Congratulations on your talk and workshop.
>
> >
> > If you want to focus your ire on something, go take a look at how
> > DEFCON and BlackHat are inviting NSA Director Keith Alexander to give
> > the keynote!
> >
>
> Why not both? The Dutch intelligence will be undercover watching OHM,
> right? They're able to access and use NSA intercepts, much to the
> previously quite over the top nationalist hackers chagrin.
>

Unless the AIVD will cut and splice the fiber somewhere along the way or
install blackboxes without the NOC knowing at the DC which is NOC
controlled (who don't like spooks at all..) I don't see how this stands-up.
Next to that, the AIVD/MIVD hasn't deployed a nationwide eavesdropping
setup for internet unlike the Swedes, Germans and Americans.

GSM is a different story..


-- 
With kind regards,

Jurre van Bergen
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

[Jillian C. York]

On Mon, Jun 24, 2013 at 4:31 PM, Jacob Appelbaum wrote:

> Nadim Kobeissi:
> >
> > On 2013-06-24, at 6:23 PM, Griffin Boyce 
> > wrote:
> >
> >> Not only am I going to be presenting three talks at OHM, I will be
> >> presenting talks that are (in many ways) totally dead conversations
> >> in the US.
> >>
> >> It's interesting how much of the debate centers around the presence
> >> of police at OHM, as if American hacker cons didn't have the head
> >> of the NSA presenting keynotes. Or congratulating a child for doing
> >> things an adult could be prosecuted for.  I find it really hard to
> >> pass judgement on OHM organizers when our own ecosystem is so
> >> unbelievably toxic.
> >
> > Hear hear, Griffin. Also, Micah made some good points.
> >
> > Adding on what Griffin and Micah have saidI think OHM is an
> > opportunity for those discussions to happen between legitimate people
> > at a legitimate and exciting event.
>
> Legitimate? You mean the event that has driven away a number of people,
> including those who don't feel safe but wanted to be a part of the
> discussion?
>
> Using the word legitimate is a rhetorical disarming tactic in such a
> social context. It declares a really contentious situation to be safe
> for all when many have dissented. The social contract hasn't changed to
> take their concerns into account, either.
>
> Pretty illegitimate if you ask me!
>
> > I myself am presenting a talk and
> > a workshop at OHM and NoisySquare.
>
> Congratulations on your talk and workshop.
>
> >
> > If you want to focus your ire on something, go take a look at how
> > DEFCON and BlackHat are inviting NSA Director Keith Alexander to give
> > the keynote!
> >
>
> Why not both? The Dutch intelligence will be undercover watching OHM,
> right? They're able to access and use NSA intercepts, much to the
> previously quite over the top nationalist hackers chagrin.
>
> I suspect that Gen. A won't receive a warm welcome at Defcon or BlackHat
> - though I wager he won't get the customary cream pie prank either.
> Either way - this is a stark contrast to the "lets make a village" and
> "our cops are fine and dandy" dialog I've heard from many people during
> various OHM dialogs.
>

I have to agree with Jake here.  While I am not choosing to boycott the
event myself, I've also been very put off by the excuses made about the
police presence.  I also do not feel comfortable around police, and while I
am pragmatically sympathetic to the fact that Dutch law requires some
presence (correct me if I'm wrong), I do think that the concerns around
this have been handled too lightly.

>
> All the best,
> Jacob
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>



-- 
US: +1-857-891-4244 | NL: +31-657086088
site:  jilliancyork.com * | *
twitter: @jilliancyork* *

"We must not be afraid of dreaming the seemingly impossible if we want the
seemingly impossible to become a reality" - *Vaclav Havel*
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

[Jacob Appelbaum]

Jurre andmore:
> 2013/6/25 Jacob Appelbaum 
> 
>> Nadim Kobeissi:
>>> 
>>> On 2013-06-24, at 6:23 PM, Griffin Boyce
>>>  wrote:
>>> 
 Not only am I going to be presenting three talks at OHM, I will
 be presenting talks that are (in many ways) totally dead
 conversations in the US.
 
 It's interesting how much of the debate centers around the
 presence of police at OHM, as if American hacker cons didn't
 have the head of the NSA presenting keynotes. Or congratulating
 a child for doing things an adult could be prosecuted for.  I
 find it really hard to pass judgement on OHM organizers when
 our own ecosystem is so unbelievably toxic.
>>> 
>>> Hear hear, Griffin. Also, Micah made some good points.
>>> 
>>> Adding on what Griffin and Micah have saidI think OHM is an 
>>> opportunity for those discussions to happen between legitimate
>>> people at a legitimate and exciting event.
>> 
>> Legitimate? You mean the event that has driven away a number of
>> people, including those who don't feel safe but wanted to be a part
>> of the discussion?
>> 
>> Using the word legitimate is a rhetorical disarming tactic in such
>> a social context. It declares a really contentious situation to be
>> safe for all when many have dissented. The social contract hasn't
>> changed to take their concerns into account, either.
>> 
>> Pretty illegitimate if you ask me!
>> 
>>> I myself am presenting a talk and a workshop at OHM and
>>> NoisySquare.
>> 
>> Congratulations on your talk and workshop.
>> 
>>> 
>>> If you want to focus your ire on something, go take a look at
>>> how DEFCON and BlackHat are inviting NSA Director Keith Alexander
>>> to give the keynote!
>>> 
>> 
>> Why not both? The Dutch intelligence will be undercover watching
>> OHM, right? They're able to access and use NSA intercepts, much to
>> the previously quite over the top nationalist hackers chagrin.
>> 
> 
> Unless the AIVD will cut and splice the fiber somewhere along the way
> or install blackboxes without the NOC knowing at the DC which is NOC 
> controlled (who don't like spooks at all..) I don't see how this
> stands-up.

Did you see the BOUNDLESSINFORMANT map? Did you hear about the
statements by various members of the Dutch government about using PRISM?

Is there a reason to think that OHM is exempt from NSA dragnet
surveillance and that AiVD will never query the NSA database for such
information?

> Next to that, the AIVD/MIVD hasn't deployed a nationwide
> eavesdropping setup for internet unlike the Swedes, Germans and
> Americans.


I find it a bit hard to imagine being so certain about what spy agencies
*aren't* doing.

Did you feel certain that there was also {an or no} NSA program spying
on the Netherlands? Or perhaps just as certain that AiVD used and
continues to use the data gleaned from that system (of systems)?

I wouldn't be so sure about AiVD/MiVD having deployed or not having
deployed a nationwide eavesdropping setup. Furthermore, if they get to
query the NSA database, I'd hardly say that it matters if they deployed
it. Though I'm sure they helped when requested. In any case, what
matters to the Big Picture is that they take what they need, what or are
able to get from such a system.

> 
> GSM is a different story..
> 

I'd say it is essentially the same story at a different scale. Though
with GSM, we've had trouble denying it for quite some time. I suppose it
will take time to come to terms with the latest news.

All the best,
Jacob
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

[Jurre andmore]

I wish we all spoke out against the police being present 20 years ago and
not in 2013.

2013/6/25 Jillian C. York 

>
>
>
> On Mon, Jun 24, 2013 at 4:31 PM, Jacob Appelbaum wrote:
>
>> Nadim Kobeissi:
>> >
>> > On 2013-06-24, at 6:23 PM, Griffin Boyce 
>> > wrote:
>> >
>> >> Not only am I going to be presenting three talks at OHM, I will be
>> >> presenting talks that are (in many ways) totally dead conversations
>> >> in the US.
>> >>
>> >> It's interesting how much of the debate centers around the presence
>> >> of police at OHM, as if American hacker cons didn't have the head
>> >> of the NSA presenting keynotes. Or congratulating a child for doing
>> >> things an adult could be prosecuted for.  I find it really hard to
>> >> pass judgement on OHM organizers when our own ecosystem is so
>> >> unbelievably toxic.
>> >
>> > Hear hear, Griffin. Also, Micah made some good points.
>> >
>> > Adding on what Griffin and Micah have saidI think OHM is an
>> > opportunity for those discussions to happen between legitimate people
>> > at a legitimate and exciting event.
>>
>> Legitimate? You mean the event that has driven away a number of people,
>> including those who don't feel safe but wanted to be a part of the
>> discussion?
>>
>> Using the word legitimate is a rhetorical disarming tactic in such a
>> social context. It declares a really contentious situation to be safe
>> for all when many have dissented. The social contract hasn't changed to
>> take their concerns into account, either.
>>
>> Pretty illegitimate if you ask me!
>>
>> > I myself am presenting a talk and
>> > a workshop at OHM and NoisySquare.
>>
>> Congratulations on your talk and workshop.
>>
>> >
>> > If you want to focus your ire on something, go take a look at how
>> > DEFCON and BlackHat are inviting NSA Director Keith Alexander to give
>> > the keynote!
>> >
>>
>> Why not both? The Dutch intelligence will be undercover watching OHM,
>> right? They're able to access and use NSA intercepts, much to the
>> previously quite over the top nationalist hackers chagrin.
>>
>> I suspect that Gen. A won't receive a warm welcome at Defcon or BlackHat
>> - though I wager he won't get the customary cream pie prank either.
>> Either way - this is a stark contrast to the "lets make a village" and
>> "our cops are fine and dandy" dialog I've heard from many people during
>> various OHM dialogs.
>>
>
> I have to agree with Jake here.  While I am not choosing to boycott the
> event myself, I've also been very put off by the excuses made about the
> police presence.  I also do not feel comfortable around police, and while I
> am pragmatically sympathetic to the fact that Dutch law requires some
> presence (correct me if I'm wrong), I do think that the concerns around
> this have been handled too lightly.
>
>>
>> All the best,
>> Jacob
>> --
>> Too many emails? Unsubscribe, change to digest, or change password by
>> emailing moderator at compa...@stanford.edu or changing your settings at
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>
>
>
> --
> US: +1-857-891-4244 | NL: +31-657086088
> site:  jilliancyork.com * | *
> twitter: @jilliancyork* *
>
> "We must not be afraid of dreaming the seemingly impossible if we want the
> seemingly impossible to become a reality" - *Vaclav Havel*
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>



-- 
With kind regards,

Jurre van Bergen
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

[Jacob Appelbaum]

Jurre andmore:
> I wish we all spoke out against the police being present 20 years ago and
> not in 2013.

Actually, I think a lot of old-school Dutch hackers did just that -
especially against the undercover cops who infiltrated the scene. This
was documented in the hacking zines of that era.

In any case, if you wished for it then, what are you doing about it now?

I'm speaking out about it because it bothers me. Others have spoken out
as well.

All the best,
Jacob

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

[hellekin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 06/24/2013 08:39 PM, Jurre andmore wrote:
> 
> I don't see how this stands-up. Next to that, the AIVD/MIVD hasn't
> deployed a nationwide eavesdropping setup for internet unlike the
> Swedes, Germans and Americans.
> 
*** Does anyone remember the low altitude AWACS stunt at HAL2001?

Do not be fooled. Cops are cops. They work for the politico-legal
system, and the system tells that hackers are terrorists.

Surely, there won't be any arrest, and there will be clueless cops
asking for tips to download illegal music. And there will be more
smoke to throw at your eyes to catch you off-guard, sooner or later.

First thing, as nothing special will happen, many attendants will look
at Eleanor, Jake, and other voices as paranoids the next time they
tell the truth.

Of course, there's nothing different between OHM nor other
conferences: cops are present, they're watching, they're learning.
They surely even learn a lot of bullshit from their paranoid point of
view. And they can make that bullshit into a case that might even lead
them to some special.

The huge difference, and now it's not even related to OHM per se, is
the outlook people will take on the scene. Between those who will
consider police harmless, or dumb, or those who will take them as
friendly, or heroic, there we have a problem. The problem is not
police, it's not us vs. them. The problem is blurring the lines
between resistance to the society of control, and collaboration to
keep that corrupted system running.

Everyone wants to love the mayor on election day.

==
hk
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQIcBAEBCgAGBQJRyN3cAAoJEEgGw2P8GJg9ZlkP+wdlpu/fAWMZR5SdivuEjIlb
zPhrm0oFZtm1eiIZCkH3D2Jt3pXigoLa5lCmJhswbELsDzAAsHAInNlpe34TGM/i
zDo2dydVFKiEKB4+REoFV2Ov2GmUraGwGiboO8OtaUVaHrrPjSEVN7Tg9+ZQzPAE
ckXpg/hUfhRhHw1W3oidbPkuc1KHvUtaDk90LRzlu24VnzyHDprf/MbRct3TeLaA
BNvHF33gfxgYLuvCp4BXASYVBRtk7DQlp6mLojGTJhoTZ4UCWYJVO9pLQSrExNzO
sT/ow8ywyNCzbL5I0OPqYSkgA4TjHzDsH7d7uuGO17Yuk99m9WGoI7MbDBdTiOXj
Qg+gcuWepNnDp03EqCMVwrbJ497yFMiWvPZuPtPJmMmH1wvU+2YFFwA93kli62UG
G8uQXZmnEmEBB8WpugVvgzf37Mz1cYvYe5elK1QPaanwoIo8UUqDBbfjQHhg7gBo
st5XyqaE51bpT65ypz5WzZuaF8UrNYOwNP55QrOflQ2n1IlXgJFhdav85yQraN+e
gFXLBbtlSUhtiKrDcTMhfStJR312UZubG5wkhFJOh/WxU3mBN1mF/RFX3ZPoYINp
DsLhxg+Uz3Fu4KC9kFEcgM92MD7JKHSPEaY6+mUI5h81LHU7cICqK9+do4bDyPKh
kpC7Ef8dk6SXvzeUhRSM
=Axhb
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

[Jurre andmore]

2013/6/25 Jacob Appelbaum 

> Jurre andmore:
> > 2013/6/25 Jacob Appelbaum 
> >
> >> Nadim Kobeissi:
> >>>
> >>> On 2013-06-24, at 6:23 PM, Griffin Boyce
> >>>  wrote:
> >>>
>  Not only am I going to be presenting three talks at OHM, I will
>  be presenting talks that are (in many ways) totally dead
>  conversations in the US.
> 
>  It's interesting how much of the debate centers around the
>  presence of police at OHM, as if American hacker cons didn't
>  have the head of the NSA presenting keynotes. Or congratulating
>  a child for doing things an adult could be prosecuted for.  I
>  find it really hard to pass judgement on OHM organizers when
>  our own ecosystem is so unbelievably toxic.
> >>>
> >>> Hear hear, Griffin. Also, Micah made some good points.
> >>>
> >>> Adding on what Griffin and Micah have saidI think OHM is an
> >>> opportunity for those discussions to happen between legitimate
> >>> people at a legitimate and exciting event.
> >>
> >> Legitimate? You mean the event that has driven away a number of
> >> people, including those who don't feel safe but wanted to be a part
> >> of the discussion?
> >>
> >> Using the word legitimate is a rhetorical disarming tactic in such
> >> a social context. It declares a really contentious situation to be
> >> safe for all when many have dissented. The social contract hasn't
> >> changed to take their concerns into account, either.
> >>
> >> Pretty illegitimate if you ask me!
> >>
> >>> I myself am presenting a talk and a workshop at OHM and
> >>> NoisySquare.
> >>
> >> Congratulations on your talk and workshop.
> >>
> >>>
> >>> If you want to focus your ire on something, go take a look at
> >>> how DEFCON and BlackHat are inviting NSA Director Keith Alexander
> >>> to give the keynote!
> >>>
> >>
> >> Why not both? The Dutch intelligence will be undercover watching
> >> OHM, right? They're able to access and use NSA intercepts, much to
> >> the previously quite over the top nationalist hackers chagrin.
> >>
> >
> > Unless the AIVD will cut and splice the fiber somewhere along the way
> > or install blackboxes without the NOC knowing at the DC which is NOC
> > controlled (who don't like spooks at all..) I don't see how this
> > stands-up.
>
> Did you see the BOUNDLESSINFORMANT map? Did you hear about the
> statements by various members of the Dutch government about using PRISM?
>

Yes I watched the discussion in parliament about this, there is a lot
unclear. All what I know off, there aren't any spook black boxes at the
main gateways in Amsterdam.

>
> Is there a reason to think that OHM is exempt from NSA dragnet
> surveillance and that AiVD will never query the NSA database for such
> information?
>

Probably they will like all the previous conferences before or the early
infiltrations that they did during the hippies from hell era. The Amsterdam
TOOOL association of lockpickers got an undercover cop at their meetings
for a while.


>
> > Next to that, the AIVD/MIVD hasn't deployed a nationwide
> > eavesdropping setup for internet unlike the Swedes, Germans and
> > Americans.
>
>
> I find it a bit hard to imagine being so certain about what spy agencies
> *aren't* doing.
>
> Did you feel certain that there was also {an or no} NSA program spying
> on the Netherlands? Or perhaps just as certain that AiVD used and
> continues to use the data gleaned from that system (of systems)?
>

I don't see how much this is related to the ohm discussion, I thought we
had more class but at the same time that was having a bit of hope left. I
guess we were all wrong.


>
> I wouldn't be so sure about AiVD/MiVD having deployed or not having
> deployed a nationwide eavesdropping setup. Furthermore, if they get to
> query the NSA database, I'd hardly say that it matters if they deployed
> it. Though I'm sure they helped when requested. In any case, what
> matters to the Big Picture is that they take what they need, what or are
> able to get from such a system.
>

They are ramping such a system up but it isn't in place yet, remember, they
are firing 600 people in the following years.


>
> >
> > GSM is a different story..
> >
>
> I'd say it is essentially the same story at a different scale. Though
> with GSM, we've had trouble denying it for quite some time. I suppose it
> will take time to come to terms with the latest news.
>
They actually do bulk intercepting, processing for keywords and storing
since the 2000s! Huzzay!


>
> All the best,
> Jacob
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>



-- 
With kind regards,

Jurre van Bergen
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

[hellekin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 06/24/2013 09:06 PM, Jurre andmore wrote:
> 
> They are ramping such a system up but it isn't in place yet,
> remember, they are firing 600 people in the following years.
> 
*** I guess you mean: outsourcing to the private sector.

==
hk

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQIcBAEBCgAGBQJRyN+aAAoJEEgGw2P8GJg9B8wQAK0Mk7ZwAReC9FaZBu7jNSJN
DvvLuR63eBpdksBdYTKgtaBIG2oKW/tIq1FSWAwcBLSCpdug74j8TxMhkpbqFDD6
P+r7YmNtEPSBVarxmgiYjXSr4RtzlMlmCUSnL72y49BQda+LsHwgZeRxuPHfAoNS
QEkzltJLfKQ4hUMtIPIbVgyjtJA88PMdQ97KtyLepJGFLpnuUUX5b1T3Qez0KuXG
A/YHZrEeASOcUzAQVLy3NJ3yNmIZI6M0HJna3DDjgHHIx1N9WJdWnB5Qc5rqrOVP
AuZ1Dx1vgSgCzG8tHczh/5NLDjecrU45aP+eT7s9eEZbgCi3PwzbnqzcUaJFU1MZ
SJerCpp9CrV08uvuDYVhDA4prOQ9huorRksm+IsAT3t8laEGw2f0tEhQiE4RAbqG
mLYrU/WMWZY9WLs06c6t4e9WGmwUFGIPQhV76KDbjxkw9jpDvVHAZpQzA2AHGUKO
JRBC/SALK8/v5A8XcF032h6ez5yAJdE5Rhj/Fha2rq0/qxvub0hGKXFa1LRW0vAn
Yh6BvE9Pk5SBj9twuj+MFVRWM2NaGgCVYo62GLgCYzR8DhIXmOFDE6vVLbLwwPog
mEGd2fpMbLYQ/UmHcJ8q22irc3WotdE7J/6SqGZuUmCTOf4xwvAJUGDS0JI9pRpR
j/Stv2rKaCFOGMchC+BT
=yRvk
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

[Jurre andmore]

2013/6/25 Jacob Appelbaum 

> Jurre andmore:
> > I wish we all spoke out against the police being present 20 years ago and
> > not in 2013.
>
> Actually, I think a lot of old-school Dutch hackers did just that -
> especially against the undercover cops who infiltrated the scene. This
> was documented in the hacking zines of that era.
>
> In any case, if you wished for it then, what are you doing about it now?
>
> I'm speaking out about it because it bothers me. Others have spoken out
> as well.
>

I'm definitely outspoken, I do not wish cops at our only party we have
every 4 years. I wish things were going better and im working with a bunch
of good people in Amsterdam to fight for this better Holland.

The problem here is, every hacker conference has undercover feds these
days. I see a bunch of them at CCC as well, that isn't going to stop me
from not going. Instead, I want to make it very clear that those people are
not welcome.

This is why we started noisysquare and we will win in the end.

-- 
With kind regards,

Jurre van Bergen
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

[Jurre andmore]

2013/6/25 hellekin 

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 06/24/2013 09:06 PM, Jurre andmore wrote:
> >
> > They are ramping such a system up but it isn't in place yet,
> > remember, they are firing 600 people in the following years.
> >
> *** I guess you mean: outsourcing to the private sector.
>

Yup, fox-it is a good example..


>
> ==
> hk
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.12 (GNU/Linux)
> Comment: Using GnuPG with Icedove - http://www.enigmail.net/
>
> iQIcBAEBCgAGBQJRyN+aAAoJEEgGw2P8GJg9B8wQAK0Mk7ZwAReC9FaZBu7jNSJN
> DvvLuR63eBpdksBdYTKgtaBIG2oKW/tIq1FSWAwcBLSCpdug74j8TxMhkpbqFDD6
> P+r7YmNtEPSBVarxmgiYjXSr4RtzlMlmCUSnL72y49BQda+LsHwgZeRxuPHfAoNS
> QEkzltJLfKQ4hUMtIPIbVgyjtJA88PMdQ97KtyLepJGFLpnuUUX5b1T3Qez0KuXG
> A/YHZrEeASOcUzAQVLy3NJ3yNmIZI6M0HJna3DDjgHHIx1N9WJdWnB5Qc5rqrOVP
> AuZ1Dx1vgSgCzG8tHczh/5NLDjecrU45aP+eT7s9eEZbgCi3PwzbnqzcUaJFU1MZ
> SJerCpp9CrV08uvuDYVhDA4prOQ9huorRksm+IsAT3t8laEGw2f0tEhQiE4RAbqG
> mLYrU/WMWZY9WLs06c6t4e9WGmwUFGIPQhV76KDbjxkw9jpDvVHAZpQzA2AHGUKO
> JRBC/SALK8/v5A8XcF032h6ez5yAJdE5Rhj/Fha2rq0/qxvub0hGKXFa1LRW0vAn
> Yh6BvE9Pk5SBj9twuj+MFVRWM2NaGgCVYo62GLgCYzR8DhIXmOFDE6vVLbLwwPog
> mEGd2fpMbLYQ/UmHcJ8q22irc3WotdE7J/6SqGZuUmCTOf4xwvAJUGDS0JI9pRpR
> j/Stv2rKaCFOGMchC+BT
> =yRvk
> -END PGP SIGNATURE-
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>



-- 
With kind regards,

Jurre van Bergen
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] DuckDuckGo vs Startpage [was: Help test Tor Browser]

[Mike Perry]

Nadim Kobeissi:
> I'd just like to add that I'm a DuckDuckGo user myself and that I can
> definitely vouch for the service.

I've had a number of people tell me that they vouch for DuckDuckGo. What
does this even mean? Nobody seems to be capable of rationally explaining
it.

Have you inspected their datacenter/server security? Have you audited
their logging mechanisms?

Does DuckDuckGo even have an https channel to Bing on the back end?


Note that I don't vouch for StartPage. I merely think that StartPage
provides superior search results to DDG.

In fact, I wish both companies the best of luck business-wise, and I'm
happy to have both of them at the two top positions in TBB's omnibox.

This is because right now, there are only two ways to get https web
search results over Tor. Microsoft allows Tor, but has officially
refused to support https directly for Bing. Google regularly bans Tor
nodes entirely, often without the possibility of even entering a Captcha
or using a valid Gmail account (both of which are non-starters for a
default engine of course, but would be better than status quo).

Every time Tor tries to start a conversation with either Google or
Microsoft on these two topics, they both give us a litany of excuses as
to why fixing the situation is a "hard problem", even after we present
potential cost-effective engineering solutions to both problems.

For this reason, the loss of either DDG or Startpage would scare the
shit out of me, but right now, neither one has done enough for Tor to
warrant the default search position**, and since StartPage tends to
index more of the deep web faster, it is my opinion we should stick with
them as the top position, and have DDG in second.


** Sure, DuckDuckGo runs a hidden service, and also one of the slowest
Tor relays on the network (rate limited to 50KB/sec or less), but it is
quite debatable as to if either of these things are actually helpful to
Tor. In fact, such a slow Tor relay probably harms Tor performance more
than helps (in the rare event that you actually happen to select it).


-- 
Mike Perry
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] DuckDuckGo vs Startpage [was: Help test Tor Browser]

[Daniel Sieradski]

Has there ever been any effort to create an open source search engine that is 
entirely transparent in both its software and practices? (dmoz.org doesn't 
count!)

--
Daniel Sieradski
d...@danielsieradski.com
http://danielsieradski.com
315.889.1444

Follow me at http://twitter.com/selfagency
Public key http://danielsieradski.com/share/ds_public.key

On Jun 24, 2013, at 8:20 PM, Mike Perry  wrote:

> Nadim Kobeissi:
>> I'd just like to add that I'm a DuckDuckGo user myself and that I can
>> definitely vouch for the service.
> 
> I've had a number of people tell me that they vouch for DuckDuckGo. What
> does this even mean? Nobody seems to be capable of rationally explaining
> it.
> 
> Have you inspected their datacenter/server security? Have you audited
> their logging mechanisms?
> 
> Does DuckDuckGo even have an https channel to Bing on the back end?
> 
> 
> Note that I don't vouch for StartPage. I merely think that StartPage
> provides superior search results to DDG.
> 
> In fact, I wish both companies the best of luck business-wise, and I'm
> happy to have both of them at the two top positions in TBB's omnibox.
> 
> This is because right now, there are only two ways to get https web
> search results over Tor. Microsoft allows Tor, but has officially
> refused to support https directly for Bing. Google regularly bans Tor
> nodes entirely, often without the possibility of even entering a Captcha
> or using a valid Gmail account (both of which are non-starters for a
> default engine of course, but would be better than status quo).
> 
> Every time Tor tries to start a conversation with either Google or
> Microsoft on these two topics, they both give us a litany of excuses as
> to why fixing the situation is a "hard problem", even after we present
> potential cost-effective engineering solutions to both problems.
> 
> For this reason, the loss of either DDG or Startpage would scare the
> shit out of me, but right now, neither one has done enough for Tor to
> warrant the default search position**, and since StartPage tends to
> index more of the deep web faster, it is my opinion we should stick with
> them as the top position, and have DDG in second.
> 
> 
> ** Sure, DuckDuckGo runs a hidden service, and also one of the slowest
> Tor relays on the network (rate limited to 50KB/sec or less), but it is
> quite debatable as to if either of these things are actually helpful to
> Tor. In fact, such a slow Tor relay probably harms Tor performance more
> than helps (in the rare event that you actually happen to select it).
> 
> 
> -- 
> Mike Perry
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] DuckDuckGo vs Startpage [was: Help test Tor Browser]

[Michael Carbone]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 06/24/2013 08:20 PM, Mike Perry wrote:
> I've had a number of people tell me that they vouch for DuckDuckGo.
> What does this even mean? Nobody seems to be capable of rationally
> explaining it.
> 
> Have you inspected their datacenter/server security? Have you
> audited their logging mechanisms?

The data center thing is a non-sequitur -- no third-party service has
this type of the transparency. My understanding is that you don't need
to trust these service providers to use them anonymously as they are
friendly to Tor and no scripts/cookies/etc -- hence the difficulties
you mention later on with Bing & Google. So it doesn't split either
way between StartPage or DDG. They are equivalent in not allowing
personal audits of their servers.

> Does DuckDuckGo even have an https channel to Bing on the back
> end?

Not sure the fixation on Bing, but they pull results from a lot of
folks, including Yahoo!, Yandex, and others:
http://help.dukgo.com/customer/portal/articles/216399

> Note that I don't vouch for StartPage. I merely think that
> StartPage provides superior search results to DDG.

Since this is the only criterion you base your choice of search engine
on, then perhaps StartPage is the way to go for you. If I were to
argue for DDG, I would point to its much more friendly user
interface/experience (including the html version) and the great !bang
syntax. Maybe it also provides better results for "mainstream" things
as you alluded, I don't know. But there's certainly nothing wrong with
appealing to mainstream folks, this is TBB after all.

I think these are the reasons why it is gaining a lot of users (
https://duckduckgo.com/traffic.html ). Either way, users will be able
to choose the other search engine in the omnibox as you mention.

> In fact, I wish both companies the best of luck business-wise, and
> I'm happy to have both of them at the two top positions in TBB's
> omnibox.
> 
> This is because right now, there are only two ways to get https
> web search results over Tor. Microsoft allows Tor, but has
> officially refused to support https directly for Bing. Google
> regularly bans Tor nodes entirely, often without the possibility of
> even entering a Captcha or using a valid Gmail account (both of
> which are non-starters for a default engine of course, but would be
> better than status quo).
> 
> Every time Tor tries to start a conversation with either Google or 
> Microsoft on these two topics, they both give us a litany of
> excuses as to why fixing the situation is a "hard problem", even
> after we present potential cost-effective engineering solutions to
> both problems.
> 
> For this reason, the loss of either DDG or Startpage would scare
> the shit out of me, but right now, neither one has done enough for
> Tor to warrant the default search position**, and since StartPage
> tends to index more of the deep web faster, it is my opinion we
> should stick with them as the top position, and have DDG in
> second.
> 
> 
> ** Sure, DuckDuckGo runs a hidden service, and also one of the
> slowest Tor relays on the network (rate limited to 50KB/sec or
> less), but it is quite debatable as to if either of these things
> are actually helpful to Tor. In fact, such a slow Tor relay
> probably harms Tor performance more than helps (in the rare event
> that you actually happen to select it).

The hidden service is a plus, no? They seem to be trying at least,
does Ixquick have either? Maybe it'd be good to reach out to DDG about
their relay.

Just trying to rationally explain it.

Michael

- -- 
Michael Carbone
Manager of Tech Policy & Programs
Access | https://www.accessnow.org
mich...@accessnow.org | PGP: 0x81B7A13E
PGP Fingerprint: 25EC 1D0F 2D44 C4F4 5BEF EF83 C471 AD94 81B7 A13E

-BEGIN PGP SIGNATURE-

iQIcBAEBAgAGBQJRyO/IAAoJEDH9usG3Jz33g7oQAK0ebsqOWa25tb1FysETYDCB
YCsO/6Mllvuh8VYA/rGRNh+wzU0O3E9V1BGt0G95VENLm3NoT9LxxJ+eyxKuZwLV
OEai1UUdnJA3fIMLHEimxsBXIPF/B4jVKZpkXE5Jm44m1g156cwJg0Wu/UeXD8VZ
I+LUY8TtfPwvmBQwM87RXy18h49NDPUo26WmTraAyYDp8iDo0G9STmRqWUn+CQKl
o5wSa3imMSFlCgydwfUa/RpBpmkLx9RVzjF/thyGPrsPswAG3YEC8ES0vI3QRw0I
nrfIs2NufAzfQzTXHa+tWh0HbycziowHENoTY/vUL2GCNedVaYqYy0qF+hQUYnYc
S66ZcnadDb9yitiaMQGZE0sqPkg9tSsrZp8XYsQ8DfUp0CmXa6LOQFvILqcd77om
zyeuVau/ftO3O+t1VDTaG1k8HzAvw0RI2BYg+WIgFE+pYrVoCnTMmFZf8MqJ9USM
wzlaSBo/wS47YMATnN3TeIHpiqp8lUSXI65KqxLeE3sfb4yoTQ4h04P4uSPmX1c5
gytnuRRFgvCzpoTH8+XF0k2I5h+xFSWcOtUWP6LTDeICxybKgaZp+xibggkCm651
NuT1EgQ7sXX06UJ39Ix6uKnWr4Gy6t34y8OfckHd0wwJWkA6gevXsMAW28CKmaj8
Q87mbgFEhlhARJ3nGtEj
=yk6T
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] DuckDuckGo vs Startpage [was: Help test Tor Browser]

[Mike Perry]

Michael Carbone:
> On 06/24/2013 08:20 PM, Mike Perry wrote:
> > I've had a number of people tell me that they vouch for DuckDuckGo.
> > What does this even mean? Nobody seems to be capable of rationally
> > explaining it.
> > 
> > Have you inspected their datacenter/server security? Have you
> > audited their logging mechanisms?
> 
> The data center thing is a non-sequitur -- no third-party service has
> this type of the transparency. My understanding is that you don't need
> to trust these service providers to use them anonymously as they are
> friendly to Tor and no scripts/cookies/etc -- hence the difficulties
> you mention later on with Bing & Google. So it doesn't split either
> way between StartPage or DDG. They are equivalent in not allowing
> personal audits of their servers.

I was questioning where the "vouching" comes from. "Vouch" is a pretty
strong word -- it typically suggests that you are laying down your
reputation on the line to support someone or something else, either by
oath or by evidence.

My general point is that DuckDuckGo seems to have a lot of appeal behind
it, causing many people to endorse it in extreme ways without any
supporting evidence.

I want to understand where that support is coming from. As you point
out, the two engines seem largely identical from the perspective of
third party "vouching"/audits wrt privacy.

> > Note that I don't vouch for StartPage. I merely think that
> > StartPage provides superior search results to DDG.
> 
> Since this is the only criterion you base your choice of search engine
> on, then perhaps StartPage is the way to go for you. If I were to
> argue for DDG, I would point to its much more friendly user
> interface/experience (including the html version) and the great !bang
> syntax. Maybe it also provides better results for "mainstream" things
> as you alluded, I don't know. But there's certainly nothing wrong with
> appealing to mainstream folks, this is TBB after all.
> 
> I think these are the reasons why it is gaining a lot of users (
> https://duckduckgo.com/traffic.html ). Either way, users will be able
> to choose the other search engine in the omnibox as you mention.

That's great! I am glad they are succeeding, and hopefully are in no
danger of going away!
 
> > Every time Tor tries to start a conversation with either Google or 
> > Microsoft on these two topics, they both give us a litany of
> > excuses as to why fixing the situation is a "hard problem", even
> > after we present potential cost-effective engineering solutions to
> > both problems.
> > 
> > For this reason, the loss of either DDG or Startpage would scare
> > the shit out of me, but right now, neither one has done enough for
> > Tor to warrant the default search position**, and since StartPage
> > tends to index more of the deep web faster, it is my opinion we
> > should stick with them as the top position, and have DDG in
> > second.
> > 
> > ** Sure, DuckDuckGo runs a hidden service, and also one of the
> > slowest Tor relays on the network (rate limited to 50KB/sec or
> > less), but it is quite debatable as to if either of these things
> > are actually helpful to Tor. In fact, such a slow Tor relay
> > probably harms Tor performance more than helps (in the rare event
> > that you actually happen to select it).
> 
> The hidden service is a plus, no? They seem to be trying at least,
> does Ixquick have either? Maybe it'd be good to reach out to DDG about
> their relay.

IxQuick has so far successfully negotiated with Google against outright
banning us. Google sees a spike in IxQuick traffic every time we
increase StartPage's prominence in TBB, and this does not go unnoticed
by Google.

Unfortunately, Google's knee-jerk reaction to each increase so far is to
argue harder in favor of banning all Tor users from both Startpage and
Google, so we'll have to wait and see how this plays out...

Backchannel like that (and direct-channel refusals to work with Tor)
really makes you wonder about Google's commitment to privacy and the
freedom of access to information.

> Just trying to rationally explain it.

I would not rationally use the hidden service version in lieu of https
by default.

As I alluded to through my questioning of the https backend link to Bing,
the transit path from Tor to DDG is not the weakest link in an
already-https search engine.

Further, claims that the performance is the same or similar are not
rigorous.

Hidden service circuits require ~4X as many Tor router traversals as
normal Tor exit circuits to set up, and unlike normal Tor exit circuits,
they are often *not* prebuilt. Once they are set up, they still require
2X as many Tor router traversals end-to-end as normal circuits. You
could easily circle the globe several times to issue a single search
query.

And all this is to use the Tor hidden service's 80bit-secure hash
instead of an https cert, along with all of the other issues with Tor
Hidden Services that have accumulated over the past decade due 

Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

[micah]

Jacob Appelbaum  writes:

> micah:
>> Eleanor Saitta  writes:
>> 
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA256
>>>
>>> On 2013.06.24 07.19, Douwe Schmidt wrote:
 Dear LibTech Readers,

 In a little bit over a month OHM2013 is happening in The
 Netherlands. There has been a lot of controversy in the run-up to
 this gathering. There was criticism of the involvement of tech
 security company Fox-IT, then there was a heated debate on the
 presence of Dutch High-tech Crime Unit in a village of their own.
 Both discussions have calmed down. But the relevance of these
 topics was clarified and reinforced.
>>>
>>> It's very sad that the organizing team has not actually taken any
>>> meaningful steps to address either their complicity with the
>>> manufacture of surveillance equipment, their acceptance of the
>>> promotion of a fascist police force, or the way they treated people
>>> who had previously been part of their own team during the "discussion"
>>> that ensued.  In fact, as far as I can tell, absolutely nothing has
>>> happened on their end, they've just out-waited any discussion.
>>>
>>> A lot of people are asking me to change my mind on attending, and it
>>> sounds like you guys are going to have a lot of fun, but I'm finding
>>> myself pretty unmotivated to change my mind given that much of the
>>> organizing team doesn't seem to care at all about human rights.
>> 
>> I felt the same way as you, but someone convinced me that boycotting
>> just removes my voice from this conversation, and that attending gives a
>> chance to have this well needed discussion with the community.
>
> This is a false dichotomy of an argument if ever I've heard one. I keep
> hearing it too. It bums me out to no end.

A false dichotomy would be to suggest that this discussion cannot happen
anywhere else, except for at OHM, when in reality there are plenty of
other potential options for discussion... for example what we are doing
here. I would be quite silly to suggest that it is not possible to have
this discussion anywhere other than OHM while in the middle of having
such a discussion which is obviously not at OHM.

There *is* a dichotomy involved in what we are talking about, but it is
a real one: you either go to this event or you do not. Although, I've
already had discussions online with the organizers about their various
poor choices, as well as others in the community who were upset and
uncomfortable with how things happened, the ones that have been most
useful have been the ones that I've had in person. Online discussions
have never been as persuasive or as productive as real face to face
discussions. 

I would hope that nobody thinks that this discussion can just wait until
we are all together in person at OHM, and then once that is finished
then pencils down! no more discussion. Rather let us talk about it now
(we are!), let us organize ourselves to bring a strong statement to OHM
against this disease that rots the hacker community, and let us continue
to discuss it afterwards.
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] DuckDuckGo vs Startpage [was: Help test Tor Browser]

[Nadim Kobeissi]

On 2013-06-24, at 8:20 PM, Mike Perry  wrote:

> Nadim Kobeissi:
>> I'd just like to add that I'm a DuckDuckGo user myself and that I can
>> definitely vouch for the service.
> 
> I've had a number of people tell me that they vouch for DuckDuckGo. What
> does this even mean? Nobody seems to be capable of rationally explaining
> it.
> 
> Have you inspected their datacenter/server security? Have you audited
> their logging mechanisms?

Oh! I see my statement has been applied to a different context than the one I 
originally intended. I simply meant that I vouch for DuckDuckGo as a great 
service with good policies. I was not commenting with regards to their server 
security or logging mechanisms. In fact, how could I? I don't suppose it's easy 
or even possible to, at whim, audit the datacenter of any big search engine. 
Such an endeavour would require facilitation from the DuckDuckGo team. Auditing 
a search engine is not like auditing a git repository.

NK

> 
> Does DuckDuckGo even have an https channel to Bing on the back end?
> 
> 
> Note that I don't vouch for StartPage. I merely think that StartPage
> provides superior search results to DDG.
> 
> In fact, I wish both companies the best of luck business-wise, and I'm
> happy to have both of them at the two top positions in TBB's omnibox.
> 
> This is because right now, there are only two ways to get https web
> search results over Tor. Microsoft allows Tor, but has officially
> refused to support https directly for Bing. Google regularly bans Tor
> nodes entirely, often without the possibility of even entering a Captcha
> or using a valid Gmail account (both of which are non-starters for a
> default engine of course, but would be better than status quo).
> 
> Every time Tor tries to start a conversation with either Google or
> Microsoft on these two topics, they both give us a litany of excuses as
> to why fixing the situation is a "hard problem", even after we present
> potential cost-effective engineering solutions to both problems.
> 
> For this reason, the loss of either DDG or Startpage would scare the
> shit out of me, but right now, neither one has done enough for Tor to
> warrant the default search position**, and since StartPage tends to
> index more of the deep web faster, it is my opinion we should stick with
> them as the top position, and have DDG in second.
> 
> 
> ** Sure, DuckDuckGo runs a hidden service, and also one of the slowest
> Tor relays on the network (rate limited to 50KB/sec or less), but it is
> quite debatable as to if either of these things are actually helpful to
> Tor. In fact, such a slow Tor relay probably harms Tor performance more
> than helps (in the rare event that you actually happen to select it).
> 
> 
> -- 
> Mike Perry
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] DuckDuckGo vs Startpage [was: Help test Tor Browser]

[Michael Carbone]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 06/24/2013 10:00 PM, Mike Perry wrote:
> Michael Carbone:
>> On 06/24/2013 08:20 PM, Mike Perry wrote:
>>> I've had a number of people tell me that they vouch for
>>> DuckDuckGo. What does this even mean? Nobody seems to be
>>> capable of rationally explaining it.
>>> 
>>> Have you inspected their datacenter/server security? Have you 
>>> audited their logging mechanisms?
>> 
>> The data center thing is a non-sequitur -- no third-party service
>> has this type of the transparency. My understanding is that you
>> don't need to trust these service providers to use them
>> anonymously as they are friendly to Tor and no
>> scripts/cookies/etc -- hence the difficulties you mention later
>> on with Bing & Google. So it doesn't split either way between
>> StartPage or DDG. They are equivalent in not allowing personal
>> audits of their servers.
> 
> I was questioning where the "vouching" comes from. "Vouch" is a
> pretty strong word -- it typically suggests that you are laying
> down your reputation on the line to support someone or something
> else, either by oath or by evidence.
> 
> My general point is that DuckDuckGo seems to have a lot of appeal
> behind it, causing many people to endorse it in extreme ways
> without any supporting evidence.
> 
> I want to understand where that support is coming from. As you
> point out, the two engines seem largely identical from the
> perspective of third party "vouching"/audits wrt privacy.
> 
>>> ** Sure, DuckDuckGo runs a hidden service, and also one of the 
>>> slowest Tor relays on the network (rate limited to 50KB/sec or 
>>> less), but it is quite debatable as to if either of these
>>> things are actually helpful to Tor. In fact, such a slow Tor
>>> relay probably harms Tor performance more than helps (in the
>>> rare event that you actually happen to select it).
>> 
>> The hidden service is a plus, no? They seem to be trying at
>> least, does Ixquick have either? Maybe it'd be good to reach out
>> to DDG about their relay.
> 
> IxQuick has so far successfully negotiated with Google against
> outright banning us. Google sees a spike in IxQuick traffic every
> time we increase StartPage's prominence in TBB, and this does not
> go unnoticed by Google.
> 
> Unfortunately, Google's knee-jerk reaction to each increase so far
> is to argue harder in favor of banning all Tor users from both
> Startpage and Google, so we'll have to wait and see how this plays
> out...
> 
> Backchannel like that (and direct-channel refusals to work with
> Tor) really makes you wonder about Google's commitment to privacy
> and the freedom of access to information.

Very interesting. I don't know the backchannel relationships but I'd
guess Google's decision to allow or not allow Tor users doesn't depend
on the levels of traffic they get from StartPage from TBB front page.
And if it does then that'd be pretty sad, as you note.

>> Just trying to rationally explain it.
> 
> I would not rationally use the hidden service version in lieu of
> https by default.
> 
> As I alluded to through my questioning of the https backend link to
> Bing, the transit path from Tor to DDG is not the weakest link in
> an already-https search engine.

Okay, so this seems to be the sticking point? Using the !g bang syntax
they route Google requests through DDG (so you can search Google if
you want, even though they don't seem to rely on Google for their own
index). Is that reroute different than what Ixquick does? I don't
know. For the index itself, I wasn't able to find anything on the
technical connection between DDG and their index sources.

Apparently the founder of DDG is interested in getting an external
audit, so this might be the type of issue that could solve? He was
looking for external audit recommendations as of two days ago (
https://duck.co/topic/we-have-to-talk-about-ddgs-honesty#2846901487421
). I'd ping him @yegg or y...@alum.mit.edu with some recs.

> Further, claims that the performance is the same or similar are
> not rigorous.
> 
> Hidden service circuits require ~4X as many Tor router traversals
> as normal Tor exit circuits to set up, and unlike normal Tor exit
> circuits, they are often *not* prebuilt. Once they are set up, they
> still require 2X as many Tor router traversals end-to-end as normal
> circuits. You could easily circle the globe several times to issue
> a single search query.
> 
> And all this is to use the Tor hidden service's 80bit-secure hash 
> instead of an https cert, along with all of the other issues with
> Tor Hidden Services that have accumulated over the past decade due
> to the lack of time for maintenance on Tor's part? I am not
> convinced.

This is good to know -- don't promote hidden service versions of
websites (including DDG) when they have an https version, as hidden
services are broken as of now.

Michael

- -- 
Michael Carbone
Manager of Tech Policy & Programs
Access | https://www.accessnow.org
mich...@acce

Re: [liberationtech] DuckDuckGo vs Startpage

[Mike Perry]

Michael Carbone:
> On 06/24/2013 10:00 PM, Mike Perry wrote:
> > IxQuick has so far successfully negotiated with Google against
> > outright banning us. Google sees a spike in IxQuick traffic every
> > time we increase StartPage's prominence in TBB, and this does not
> > go unnoticed by Google.
> > 
> > Unfortunately, Google's knee-jerk reaction to each increase so far
> > is to argue harder in favor of banning all Tor users from both
> > Startpage and Google, so we'll have to wait and see how this plays
> > out...
> > 
> > Backchannel like that (and direct-channel refusals to work with
> > Tor) really makes you wonder about Google's commitment to privacy
> > and the freedom of access to information.
> 
> Very interesting. I don't know the backchannel relationships but I'd
> guess Google's decision to allow or not allow Tor users doesn't depend
> on the levels of traffic they get from StartPage from TBB front page.

Well, that's not exactly how it works directly, but the effect is the
same. I was simplifying the explanation for the purposes of brevity,
and because I was basically a 3rd party to this pressure who was not
present during the actual negotiation.

However, near as I can tell, the actual mechanism of the pressure is
both economic and service-level. Google isn't transparent about what it
pays for ad revenue and what it allows for API key volume, and they
simply pay less ad revenue and/or ban your API key if they don't like
your query flow for whatever reason. They also call you up and start
asking questions if your volume suddenly increases, and sometimes just
shut off your API key at random (and when they do this, StartPage has to
ban Tor users, which has happened each time we've featured them in a
more easily accessible way in TBB so far).

Google is also unwilling to work with us to deploy rate limiting
solutions, even if Tor were to develop them for them. I've tried
numerous times through multiple channels over the past 5 (five!) years
now to get some level of agreement to support various alternative and
less intrusive rate limiting mechanisms based on proof of work, blind
signatures, and other schemes instead of SMS and Captcha, so that Tor
could turn around and try to find a sponsor to build it, but the only
response we can get is "Abuse rate limiting is hard, and Google is the
best in the world at it! You can't mess with success!"

It is very frustrating, but I also feel like if we stop trying to use
any flavor of Google results entirely, we lose the ability to signal to
them how many people care about Tor.

> >> Just trying to rationally explain it.
> > 
> > I would not rationally use the hidden service version in lieu of
> > https by default.
> > 
> > As I alluded to through my questioning of the https backend link to
> > Bing, the transit path from Tor to DDG is not the weakest link in
> > an already-https search engine.
> 
> Okay, so this seems to be the sticking point? Using the !g bang syntax
> they route Google requests through DDG (so you can search Google if
> you want, even though they don't seem to rely on Google for their own
> index). Is that reroute different than what Ixquick does? I don't
> know. For the index itself, I wasn't able to find anything on the
> technical connection between DDG and their index sources.

g! is just a redirect. There is no privacy there.
 
> Apparently the founder of DDG is interested in getting an external
> audit, so this might be the type of issue that could solve? He was
> looking for external audit recommendations as of two days ago (
> https://duck.co/topic/we-have-to-talk-about-ddgs-honesty#2846901487421
> ). I'd ping him @yegg or y...@alum.mit.edu with some recs.

Sure. I don't think this stuff is rocket science. There are probably
several people on this list that could help him figure out how to make
stuff end-to-end encrypted for front end and backend, excluding his
actual servers, and help him certify and promote that claim.

I am after a bigger monster, though.

> > Further, claims that the performance is the same or similar are
> > not rigorous.
> > 
> > Hidden service circuits require ~4X as many Tor router traversals
> > as normal Tor exit circuits to set up, and unlike normal Tor exit
> > circuits, they are often *not* prebuilt. Once they are set up, they
> > still require 2X as many Tor router traversals end-to-end as normal
> > circuits. You could easily circle the globe several times to issue
> > a single search query.
> > 
> > And all this is to use the Tor hidden service's 80bit-secure hash 
> > instead of an https cert, along with all of the other issues with
> > Tor Hidden Services that have accumulated over the past decade due
> > to the lack of time for maintenance on Tor's part? I am not
> > convinced.
> 
> This is good to know -- don't promote hidden service versions of
> websites (including DDG) when they have an https version, as hidden
> services are broken as of now.

Right. However, hidden services are still use