Re: [liberationtech] Draft checklist for choosing tools

[Jon Gosier]

Bob,

This is a great list.  My organization, Abayima, would be happy to help
maintain it in a public forum: either on a wiki, or gDoc, or a text
document housed in a Git repo, or something else entirely.

It seems like there're three conversations the list is having. One
regarding what this checklist should be, what tools such a list might
recommend, and another regarding how best to relate the information to
users (who may or may not be technical).

Jon
abayima.com


On Sun, Jan 6, 2013 at 1:18 AM, Fabio Pietrosanti (naif) <
li...@infosecurity.ch> wrote:

> With such kind of "checklist" it would be nice to create:
>
> - an inventory of existing tools with related capabilities
> - a wizard (even a purely javascript one) that let the user choose and
> at the end does provide a report
>
> It's not a small task, but it maybe wonderful to have a software to
> choose a software.
>
> Fabio
>
> On 1/4/13 3:04 AM, Nadim Kobeissi wrote:
> > I think that is a wonderful checklist! Perhaps also add:
> >
> > * Make sure tool has been audited and that the audit results have been
> > published,
> > * Take into consideration the accessibility of the tool to potential
> > third parties that may need it.
> >
> > Sorry if any of the above points have already been mentioned.
> >
> >
> > NK
> >
>
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>



-- 
Jon Gosier
Founder, Appfrica
Work: (202) 470-2652
Mobile: (520) 301-7906
Appfrica.com  | @appfrica 
 | Bio 

*TED Senior Fellow Alum*
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Roundcube PGP plugin

[Petter Ericson]

Hi!

In case you have not tired of webmail-related PGP discussions, a friend of
mine just implemented a PGP plugin for Roundcube:

http://qnrq.se/rc_openpgpjs_ending_seven_years_of_roundcube_insecurity/

"Roundcube is a popular open source IMAP webmail application. Roundcube
is used by Harvard University, UC Berkeley and University of Michigan.
Apple Mac OS X 10.7 uses Roundcube per default in its Mail Server. While
writing this a lazy Google dork estimates 133 000 public Roundcube
installations.

PGP support was first requested seven years ago and set critical six
years ago. PGP support has been requested actively ever since. One of
the core developers began the development of his PHP implementation, the
Enigma plugin, two years ago but the plugin has not been made functional
yet.

Today I am proud to release a beta version of my Roundcube plugin that
implements PGP using the OpenPGP.js (based on GPG4Browsers) JavaScript
library. rc_openpgpjs enables OpenPGP to function in the user’s browser
so that fundamental key storage security isn’t immediately broken by
design, in opposite to the official Enigma plugin."

Code is available on github: https://github.com/qnrq/rc_openpgpjs

Best

/P

-- 
Petter Ericson (pett...@acc.umu.se)
Telecomix Sleeper Jellyfish
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] New report on Internet Censorship and Surveillance in Turkmenistan

[Jacob Appelbaum]

Rafal Rohozinski:
> Collin, (John),
> 
> All of this requires longer discussion, but I'll be brief here (for now).
> 
> Yes, we intend on making Black Watch open-source. And yes, we intend on
> making data from Black Watch Open Data on censorship and surveillance.
> 

What is the difference between Black Watch and ooniprobe, practically?

Or rephrased, we'd be happy to take patches for ooniprobe if the
features aren't already implemented and if nothing else, we'd like to
ensure that our output data formats are compatible for analysis.

All the best,
Jacob
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Safe app like Dropbox?

[Griffin Boyce]

On Sun, Jan 6, 2013 at 9:11 PM, Kelvin Quee (魏有豪)  wrote:
> Being paranoid is probably a good thing on this list but spreading
> falsehoods OR unverified claims is something that we all should not do.
>
> Kelvin Quee (魏有豪)
> +65 9177 3635

Dropbox has broken every single truecrypt container I've ever
uploaded, without exception.  I'm not paranoid of Dropbox -- quite the
contrary, I'm a very happy user.

~Griffin
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Safe app like Dropbox?

[魏有豪]

Griffin, how is Dropbox making a diff of what has changed "breaking
encrypted files and truecrypt containers"? Dropbox most likely merely works
along the principles of rsync.

If you have ever used encryption properly, you will realise that Dropbox
uploads the entire encrypted container whether one file or many files
within has changed.

Being paranoid is probably a good thing on this list but spreading
falsehoods OR unverified claims is something that we all should not do.

Kelvin Quee (魏有豪)
+65 9177 3635

gpg: AB3DB8AC


On Mon, Jan 7, 2013 at 6:20 AM, Griffin Boyce wrote:

> On Sun, Jan 6, 2013 at 3:50 PM, John Adams  wrote:
> > Why don't you just get around the problem entirely and use Dropbox's
> storage for encrypted disk images?
> >
> > If you have data sufficiently encrypted, it doesn't matter how it's
> stored.
> >
> > -j
>
> On Sun, Jan 6, 2013 at 4:47 PM, Jacob Appelbaum 
> wrote:
> > The main concern that I have is that an attacker pwning a Dropbox
> > account could tamper with encrypted files.
>
>   Dropbox has a history of breaking encrypted files and truecrypt
> containers. Which makes a lot of sense when you consider that when
> syncing a file, Dropbox replaces only the part of the file that has
> changed. (Or tries to). [1]
>
>   There are a lot of great uses for Dropbox, Box.net, SpiderOak etc
> etc -- but storing sensitive files securely is not one of them.  I
> have Dropbox and Box accounts, and use them for client designs and
> stock art.  I think this is a pretty standard use of the service and
> would not recommend putting anything particularly sensitive there.
>
>   In terms of security from other people, an encrypted hard drive,
> thumb drive or memory card is going to be a much better choice.  If
> you absolutely need to pass an encrypted container back and forth,
> there's probably not a cloud service that fits your needs.
>
> Best,
> Griffin
>
> [1] http://dl.dropbox.com/u/27532820/original_screencast.html
>
> --
> "What do you think Indians are supposed to look like?
> What's the real difference between an eagle feather fan
> and a pink necktie? Not much."
> ~Sherman Alexie
>
> PGP Key etc: https://www.noisebridge.net/wiki/User:Fontaine
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] New report on Internet Censorship and Surveillance in Turkmenistan

[Rafal Rohozinski]

Collin, (John),

All of this requires longer discussion, but I'll be brief here (for now).

Yes, we intend on making Black Watch open-source. And yes, we intend on
making data from Black Watch Open Data on censorship and surveillance.

WTR to your question Collin, Black Watch consists of client/server
environment that includes distributed testing clients that are located
across any number of network and at edge locations (ie ISP's, or specific
locations). The code runs on multiple platforms: android phones, windows
 boxes and a special Linux distribution that can be run off of small form
factor devices.

We developed Black Watch in part as a result of known issues with  rturtle
(the standard ONI testing tool). We needed something that could test for
"just-in-time",  and "just-in-place" filtering of the kind we were seen in
the former Soviet Union during elections/referendums, and other times of
social unrest. We also need a system capable of changing testing lists and
parameters rapidly, and giving the tester simultaneous feedback on results
(from their location, and a control location). Finally, we needed a system
that could test on mobile networks and devices.

I also want to stress that Black Watch is only one of the number sensor
suites we operate. We also have a system for  DNS monitoring/enumeration
(ZeroPoint), and  another that monitors specific (targeted) resources and
BGP/net block withdrawals (TrackR). We also monitor social media, which can
often give us important cues of what to look for, and where. It's through a
combination of these systems that we can begin to paint an accurate picture
of the topography of network  within a particular region. So, for example,
we detected a blip in Syrian Internet traffic today that included
significant route/BGP withdrawals  (that we will be writing up tomorrow).
Taken together, all of these data points allows to make certain assertions
about how the infrastructure changes over time, including points of
control.

Are we 100% certain of our analysis and results? Nope,real life is just too
messy to be quantified in technical terms and besides, that would be way
too much hubris. Often our analysis is inconclusive, takes way too much
time to assemble, is badly written, and can be just plain wrong. However,
doing it day in day out  (and as a team) means that we are getting much
better over time. In that respect, Syria has "forcing function" in the
development of these monitoring capabilities…

As I said, all of this requires a longer discussion but for the moment
I can tell you that we push out all the relevant information derived from
these systems through our Syria activity Facebook pages. Most of the
material is available in Arabic only, but we do put out a Cyber watch and
special reports in English, at least once every two weeks, and usually more
often. I think I posted one or two of these to this list, but could
certainly copy them here more regularly if there is interest. The landing
page to access the Syria facing resources is http://souriya.secdev.com (And
yes, there is a privacy policy you can review). All of this is still a far
cry from an Open Data describing censorship and surveillance, but it is a
step forward.

I'll try to respond to the other points in more detail this week. Both you
and John raise excellent questions that require a more details than I can
peck out on my iPhone while looking after two very energetic kids :-) As I
mentioned in my earlier email, we are waiting for word back from a funding
source that if successful will allow us to prioritize the Open Data project.

Best wishes,

Rafal





Sent by PsiPhone mobile. Please excuse typos or other oddities.

On 2013-01-06, at 6:16 PM, Collin Anderson 
wrote:

> This thought led me to a more general question: does Secdev have plans to
make data / methodology / code behind Black Watch and the other components
of Secdev's measures and study of openness available for peer review &
replication?

John's point drove at the heart of a concern of mine regarding Black
Watch's data collection methods -- based out of frustrations trying to
reconcile such research issues in my own work. When Telecomix investigated
aspects of Syria's filtering and surveillance apparatus, it became clear
that these functions had been devolved to the ISP from the start;
journalistic inquiries lent evidence to such understandings. This meant
differences in capacity and execution of more sophisticated blocking and
filtering rules, namely DPI on circumvention tools. These random variables
are especially more complex if the datasource is, for example, connections
made through open SOCKS and HTTP proxies.

It would be interesting -- and vitally important -- to see an argument that
these functions had migrated back up to the PDN, particularly since the
increase of human rights sanctions and public scrutiny should have limited
the willingness of external actors to participate in such a large project.

Could you speak on ho

Re: [liberationtech] New report on Internet Censorship and Surveillance in Turkmenistan

[Collin Anderson]

> This thought led me to a more general question: does Secdev have plans to
make data / methodology / code behind Black Watch and the other components
of Secdev's measures and study of openness available for peer review &
replication?

John's point drove at the heart of a concern of mine regarding Black
Watch's data collection methods -- based out of frustrations trying to
reconcile such research issues in my own work. When Telecomix investigated
aspects of Syria's filtering and surveillance apparatus, it became clear
that these functions had been devolved to the ISP from the start;
journalistic inquiries lent evidence to such understandings. This meant
differences in capacity and execution of more sophisticated blocking and
filtering rules, namely DPI on circumvention tools. These random variables
are especially more complex if the datasource is, for example, connections
made through open SOCKS and HTTP proxies.

It would be interesting -- and vitally important -- to see an argument that
these functions had migrated back up to the PDN, particularly since the
increase of human rights sanctions and public scrutiny should have limited
the willingness of external actors to participate in such a large project.

Could you speak on how Black Watch's methodology takes this into account,
whether you do seen specific evidence of such a change in the topology of
the control of the network, and how you handle potential incongruities in
your reporting?

Cordially,
Collin





On Sat, Jan 5, 2013 at 4:29 PM, John Scott-Railton
wrote:

> Hi Rafal,
>
> First off, thanks for sharing a copy of your report with the list!
>
> On the theme of open methods while studying openness…
>
> The cycle of reporting on FinFisher by Morgan and Bill / Rapid7 and
> others, as you rightly noted, was a good thing. And it had some
> confidence-building features of transparency and replication.  It was
> clearly good for the community.  I thought Collin's question about the
> release of data on the SORM-II signatures you referenced was a good one,
> and in this spirit: is Secdev planning on releasing them publicly or making
> them available to other research groups?
>
> This thought led me to a more general question: does Secdev have plans to
> make data / methodology / code behind Black Watch and the other components
> of Secdev's measures and study of openness available for peer review &
> replication?
>
> All the best,
>
> John
>
> On Sat, Jan 5, 2013 at 3:46 PM, Rafal Rohozinski 
> wrote:
>
>> Hi Colin,
>>
>> Just about to rest any doubt about this, I meant "clandestine" as a
>> synonym of "in secret". Likewise, by "debriefs" I simply mean having long
>> in-depth discussions with individual designed to accrue as many data points
>> as possible about past events, or circumstances. None of this is
>> particularly privileged to the IC, these are tried-and-true methods used by
>> a wide range of investigators (including those involved in fraud
>> investigations, police work, product research, marketing, or experimental
>> work) as well as investigative journalists, and it usually yields good
>> results over time.
>>
>> With respect to reporting on signatures, and establishing Open Data  on
>> censorship and surveillance through the publication of technical data, yes,
>> that's the intention. In some cases, and I think Morgan's  (et al) work on
>> FinFisher is a good example, it will be possible to publish the technical
>> protocols/signatures for surveillance tools. In other cases, especially for
>> in-line surveillance tools, there will be no signature except for the fact
>> that it may be detectable by the presence of unusual infrastructure and
>> verified through human sources or documentation. The latter  is quite
>> important, because of the vast majority of cases there will be some
>> documentation somewhere: in law, security regulations, commercial or
>> marketing documentation, or otherwise, that indicates that a surveillance
>> technology is being used, or considered. So perhaps not technical
>> signatures in the malware sense, but signatures in a broader sense.
>>
>> For censorship technologies it's a bit more straightforward because
>> presence or absence is pretty straightforward to establish. The tough part
>> is to see whether you can identify specific techniques/products from their
>> technical characteristics. Again, human sources are usually best to
>> establish a degree of ground truth, or at least verify/validate what's
>> visible in the technical domain.
>>
>> We are waiting to hear back from some sources of funding, and if we are
>> successful, we will be making a broader announcement about this initiative
>> shortly.
>>
>> Rafal
>>
>> Sent by PsiPhone mobile. Please excuse typos or other oddities.
>>
>> On 2013-01-05, at 5:58 PM, Collin Anderson 
>> wrote:
>>
>> > In the case of SORM-II, it also has a very distinct signature which is
>> visible if you are sitting in line with the system...
>> > Our intention with the tes

Re: [liberationtech] Safe app like Dropbox?

[Griffin Boyce]

On Sun, Jan 6, 2013 at 3:50 PM, John Adams  wrote:
> Why don't you just get around the problem entirely and use Dropbox's storage 
> for encrypted disk images?
>
> If you have data sufficiently encrypted, it doesn't matter how it's stored.
>
> -j

On Sun, Jan 6, 2013 at 4:47 PM, Jacob Appelbaum  wrote:
> The main concern that I have is that an attacker pwning a Dropbox
> account could tamper with encrypted files.

  Dropbox has a history of breaking encrypted files and truecrypt
containers. Which makes a lot of sense when you consider that when
syncing a file, Dropbox replaces only the part of the file that has
changed. (Or tries to). [1]

  There are a lot of great uses for Dropbox, Box.net, SpiderOak etc
etc -- but storing sensitive files securely is not one of them.  I
have Dropbox and Box accounts, and use them for client designs and
stock art.  I think this is a pretty standard use of the service and
would not recommend putting anything particularly sensitive there.

  In terms of security from other people, an encrypted hard drive,
thumb drive or memory card is going to be a much better choice.  If
you absolutely need to pass an encrypted container back and forth,
there's probably not a cloud service that fits your needs.

Best,
Griffin

[1] http://dl.dropbox.com/u/27532820/original_screencast.html

--
"What do you think Indians are supposed to look like?
What's the real difference between an eagle feather fan
and a pink necktie? Not much."
~Sherman Alexie

PGP Key etc: https://www.noisebridge.net/wiki/User:Fontaine
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Modern FIDONET for net disable countries?

[Rich Kulawiec]

On Thu, Dec 27, 2012 at 01:21:38PM -0500, Miles Fidelman wrote:
> That's a rather intriguing concept, though I might look at starting
> from UUCP & NNTP, or perhaps BITNET, rather than the FIDO model -
> the software is a bit more mature, and UUCP at least is still
> supported.  Mobile devices could associate themselves, via local
> WiFi, when in range of each other, and messages would just flow
> through normal news exchange protocols.

I'll second this.  Usenet is still the most successful experiment in
distributed communication, it's resource-frugal (after all, it was
developed at a time when we thought 1200 baud modems were speedy),
it's highly resilient, it's delay-tolerant, it's scalable, it's agnostic
about transport, and it supports undirected broadcast communication --
something useful when trying to evade traffic analysis.  It supports
bidirectional mail<->news gateways, it runs on minimal hardware, and
among other things, it could be used to provide prolific news feeds
(albeit with some delay) into areas that are heavily censored.

---rsk

--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Safe app like Dropbox?

[Jacob Appelbaum]

John Adams:
> Why don't you just get around the problem entirely and use Dropbox's
> storage for encrypted disk images?
> 
> If you have data sufficiently encrypted, it doesn't matter how it's stored.

I generally agree that the data should be encrypted, though I think it
should also be authenticated and integrity checked before it is actually
used.

The main concern that I have is that an attacker pwning a Dropbox
account could tamper with encrypted files. I think that EncFS or
FileVault might not handle malformed disk images very well. I'm sure
this is true of any disk or file encryption program - most software is
pretty terrible when the attack surface is radically increased.

I also think most disk images are not actually that difficult to brute
force - I was involved in a project to perform FileVault bruteforcing
accelerated by an FPGA a few years ago. With a modern GPU, I think
things are pretty slanted toward the attacker.

In this - I rather like what I've read about SpiderOak but I haven't
seen a totally free implementation of the client or the server side...

All the best,
Jake
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Safe app like Dropbox?

[John Adams]

Why don't you just get around the problem entirely and use Dropbox's
storage for encrypted disk images?

If you have data sufficiently encrypted, it doesn't matter how it's stored.

-j


On Sun, Jan 6, 2013 at 12:49 AM, Jerzy Łogiewa  wrote:

> Hello!
>
> Dropbox is completely convenient, but source is closed and I do not really
> want storing my data on their server.
>
> What other app exist? Anything truly open and support own remote storage,
> but working as: drop into folder, auto syncro happens on a supported
> platform?
>
> Thanks!
>
> --
> Jerzy Łogiewa -- jerz...@interia.eu
>
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Draft checklist for choosing tools

[Robert Guerra]

In case it hasn't been mentioned before, the source source commons is  good 
resource for list of toolkits and "social" software ..

URL -  https://socialsourcecommons.org/

regards

Robert

On 2013-01-06, at 1:18 AM, Fabio Pietrosanti (naif) wrote:

> With such kind of "checklist" it would be nice to create:
> 
> - an inventory of existing tools with related capabilities
> - a wizard (even a purely javascript one) that let the user choose and
> at the end does provide a report
> 
> It's not a small task, but it maybe wonderful to have a software to
> choose a software.
> 
> Fabio
> 
> On 1/4/13 3:04 AM, Nadim Kobeissi wrote:
>> I think that is a wonderful checklist! Perhaps also add:
>> 
>> * Make sure tool has been audited and that the audit results have been
>> published,
>> * Take into consideration the accessibility of the tool to potential
>> third parties that may need it.
>> 
>> Sorry if any of the above points have already been mentioned.
>> 
>> 
>> NK
>> 
> 
> --
> Unsubscribe, change to digest, or change password at: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Safe app like Dropbox?

[Eugen Leitl]

On Sun, Jan 06, 2013 at 02:48:42PM +0100, Jerzy Łogiewa wrote:
> Hm it only solve 1 part of problem.
> 
> Still have to trust Dropbox binary.

OwnCloud is open source. Run it on your own or
rented (virtual) servers.
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Safe app like Dropbox?

[Jerzy Łogiewa]

Hm it only solve 1 part of problem.

Still have to trust Dropbox binary.

--
Jerzy Łogiewa -- jerz...@interia.eu

On Jan 6, 2013, at 11:35 AM, Brad Beckett wrote:

> Or better yet -- encrypt your data with CloudFogger, it's free: 
> http://www.cloudfogger.com/en/

--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Call for Open Letter on Skype

[Griffin Boyce]

I can't believe you're making us work!

Skype Open Letter Etherpad: https://etherpad.mozilla.org/TuuP6uVhBI

~Griffin

On Sun, Jan 6, 2013 at 12:24 PM, Nadim Kobeissi  wrote:

> Alright guys, the holidays are over and it's time to get the ball
> rolling regarding an open letter! Let's start a PiratePad and edit the
> draft together.
>
> NK
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Call for Open Letter on Skype

[Nadim Kobeissi]

Alright guys, the holidays are over and it's time to get the ball
rolling regarding an open letter! Let's start a PiratePad and edit the
draft together.

NK


On Thu, Dec 27, 2012 at 5:26 PM, Alfredo Lopez  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 12/22/2012 05:23 AM, Nadim Kobeissi wrote:
>> Dear LibTech, As pointed out by many of you, including the EFF,
>> Jake Appelbaum, Chris Soghoian, myself and others, Skype has
>> ignored repeated requests to clarify its privacy/security policy,
>> and it continues to be used by many who depend on strong notions on
>> privacy, sometimes even for their lives.
>>
>> Isn't it time for an open letter regarding Skype?
>>
>
> May First/People Link would endorse such a letter and we *do* think
> it's very important for many reasons. Just tell us where to go to
> review the contents when they are ready.
>
> Abrazos,
>
> Alfredo
>
> - --
> Alfredo Lopez
> Co-Chair, Leadership Committee
> May First/People Link
> https://mayfirst.org
>
> My Blog
> http://www.alfredolopez.org
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.12 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQIcBAEBAgAGBQJQ3MsgAAoJEDWfIjs2VOOXa3MP/RWadXaQFb6LSYUr3JQA8ZRm
> fULXL3FiONNSdC//xBQZa3ee7G1/R3PW2XvL/sGXIlNyFkCEw3jn7Nm/i4Ak4PNV
> M/nvrzdvPapMNwo6YxYTAxr8ucrw4CAR3NCcp94FmRVNingsAqSuBSiMxKvu66Zs
> 6myTjlQtsuX/25MjyYcXR4k6/aA2o35SWuEjHyQOK0xQscRXqyoXou5sIDyjh43A
> XLeomR7DQNprrKTkSrkkW18MXFUviU050bgXLd3y4Rom7XRmQCSsTxzn3QYEQeDo
> Tnz5vMst6dBlp2itr5DfXuv/GoJ/KmiU2JZkeECH3+ueFk2s2hORvLYlqbw5wIA/
> aN5H0A404ftwJyKUDpNSg718YIibUq4Xx1zjoMkhHnvhchSkQgIgyIOWKAJE86lJ
> SpPg7K4BMYQBs6XVZcSNNpR6ZszXL4jrgThlOgLcX+kapbRLQrBCrdh9xXjQauPu
> Gl4SeWVeWAhid9ILrxqIEtRYLTubFXSEN24bTmmaKsz+xJZ+QNlL90bk+J548NYw
> JNrMHLyuRedlYHK7F/tao68l9GVGt6pnkUioLBBRyFbMhpLO6xByntzoLbdOB3No
> aHsb+QkAJpAyIXG7GYSyTsOkaRDN6lcm9p6a5eZbCQ2Gp8s9IbJ+C6zpAEsN4cwG
> LOvCbiAeKF2p9DgG9wqk
> =escP
> -END PGP SIGNATURE-
> --
> Unsubscribe, change to digest, or change password at: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] New Media, Legislation & Activism in the Digital Age

[Arzak Khan]

CGCS Media Wire provides a look back at 2012′s new and social media law, 
legislation and activism in Pakistan. 
http://cgcsblog.asc.upenn.edu/2013/01/03/status-update-new-media-legislation-activism-in-the-digital-age/
  --
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Travel without drive

[Jerzy Łogiewa]

Yes, one extreme method (ending: destroy stick) but about cloning and shipping 
stick not much.

And I still like to know Jake's method.

Maybe not worth another thread, sorry.

--
Jerzy Łogiewa -- jerz...@interia.eu

On Jan 6, 2013, at 2:47 PM, Julian Oliver wrote:

> I think many of these questions were addressed in the previous thread.

--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Travel without drive

[Julian Oliver]

Hi,

..on Sun, Jan 06, 2013 at 02:44:45PM +0100, Jerzy Łogiewa wrote:
> This is "branch" to "Travel with notebook habit". I am interested in 
> discussing travel notebook- without drive.
> 
> Again I have read Jake Appelbaum travels without any drive. It presents some 
> question however:
> 
> 1: How to move data?
> - mail in some crypted booting USB stick, ship back out?
> - config and system files cloned to remote service + downloaded at location?
> - operate 100% from remote session??
> 
> 2: Make data redundant?
> - if mailing USB stick, what happens if lost or confiscated?
> - 2 sticks, ship to 2 address (how to easily clone sticks? standart dd?)
> 
> Other ideas? If Jake reads here then I would like to know his method.
> 
> And, for OS/booting on USB stick:
> 
> Does some tool or method exist where removal boot USB stick immediate clears 
> all of RAM (prevention notebook RAM being read + encryption key captured!)

I think many of these questions were addressed in the previous thread.

Cheers,

-- 
Julian Oliver
http://julianoliver.com
http://criticalengineering.org
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Travel without drive

[Jerzy Łogiewa]

Hello!

This is "branch" to "Travel with notebook habit". I am interested in discussing 
travel notebook- without drive.

Again I have read Jake Appelbaum travels without any drive. It presents some 
question however:

1: How to move data?
- mail in some crypted booting USB stick, ship back out?
- config and system files cloned to remote service + downloaded at location?
- operate 100% from remote session??

2: Make data redundant?
- if mailing USB stick, what happens if lost or confiscated?
- 2 sticks, ship to 2 address (how to easily clone sticks? standart dd?)

Other ideas? If Jake reads here then I would like to know his method.

And, for OS/booting on USB stick:

Does some tool or method exist where removal boot USB stick immediate clears 
all of RAM (prevention notebook RAM being read + encryption key captured!)

--
Jerzy Łogiewa -- jerz...@interia.eu

--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Safe app like Dropbox?

[Moritz Bartl]

On 06.01.2013 09:49, Jerzy Łogiewa wrote:
> What other app exist? Anything truly open and support own remote storage

Apart from OwnCloud, there is also http://sparkleshare.org/ (Git backed)

-- 
Moritz Bartl
https://www.torservers.net/
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Safe app like Dropbox?

[Brad Beckett]

Or better yet -- encrypt your data with CloudFogger, it's free:
http://www.cloudfogger.com/en/

I told DropBox long ago that encryption would reck havoc on their
de-duplication and that people would continue to use it until they feel
their data is secure.

2 years ago I asked for two factor authentication. They ignored me, and a
lot of accounts were compromised. Now they have 2 factor.

I still do not trust my data on Amazon servers therefor I encrypt.

The nice thing about CloudFogger is that well it's free and also has
matching mobile apps.

- Brad Beckett

On Sun, Jan 6, 2013 at 2:05 AM, Eugen Leitl  wrote:

> On Sun, Jan 06, 2013 at 09:49:25AM +0100, Jerzy Łogiewa wrote:
> > Hello!
> >
> > Dropbox is completely convenient, but source is closed and I do not
> really want storing my data on their server.
> >
> > What other app exist? Anything truly open and support own remote
> storage, but working as: drop into folder, auto syncro happens on a
> supported platform?
>
> Try OwnCloud.
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Safe app like Dropbox?

[Eugen Leitl]

On Sun, Jan 06, 2013 at 09:49:25AM +0100, Jerzy Łogiewa wrote:
> Hello!
> 
> Dropbox is completely convenient, but source is closed and I do not really 
> want storing my data on their server.
> 
> What other app exist? Anything truly open and support own remote storage, but 
> working as: drop into folder, auto syncro happens on a supported platform?

Try OwnCloud.
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Safe app like Dropbox?

[Jerzy Łogiewa]

Hello!

Dropbox is completely convenient, but source is closed and I do not really want 
storing my data on their server.

What other app exist? Anything truly open and support own remote storage, but 
working as: drop into folder, auto syncro happens on a supported platform?

Thanks!

--
Jerzy Łogiewa -- jerz...@interia.eu

--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech