[liberationtech] PrivacyBox review?
Hi all, Has anyone ever reviewed the code of PrivacyBox from a security point of view? Thank you, KheOps -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Latest article on silent circle
Yeah. It's thinly veiled marketing and pats on the back. And while I appreciate Silent Circle - this is a bit much. Sheesh. -Ali On Feb 5, 2013 12:37 PM, Axel Simon axelsi...@axelsimon.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I was expecting you to simply point to http://issilentcircleopensourceyet.com/ Nadim. :) Another great quote from the article: “The cryptographers behind this innovation may be the only ones who could have pulled it off.” Now, while I agree there is something to be said for ease-of-use of cryptographic tools, and many on this list have done so eloquently many times already, this article just simplifies too much to not be guilty of giving people a false sense of security, IMHO. Btw, I believe this is my first post to the list, so hello everyone! I'm axel, I help out (and have worked for) La Quadrature du Net and I'm from/in Paris, should anyone find that piece of information useful. I've found lurking this list to be highly interesting, so thanks everyone for your great contributions. axel Le 2013-02-05 17:46, Nadim Kobeissi a écrit : “This has never been done before,” boasts Mike Janke, Silent Circle’s CEO. “It’s going to revolutionize the ease of privacy and security.” NK On Tue, Feb 5, 2013 at 11:29 AM, Brian Conley bri...@smallworldnews.tv [3] wrote: http://mobile.slate.com/articles/technology/future_tense/2013/02/silent_circle_s_latest_app_democratizes_encryption_governments_won_t_be.html?original_referrer=http%3A%2F%2Ft.co%2FIm1pnCXk [1] -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech [2] Links: -- [1] http://mobile.slate.com/articles/technology/future_tense/2013/02/silent_circle_s_latest_app_democratizes_encryption_governments_won_t_be.html?original_referrer=http%3A%2F%2Ft.co%2FIm1pnCXk [2] https://mailman.stanford.edu/mailman/listinfo/liberationtech [3] mailto:bri...@smallworldnews.tv - -- Axel Simon - -- Axel Simon - -- mail/Jabber/Gtalk: axelsi...@axelsimon.net mobile: +33 (0)6 08 04 01 44 twitter/identi.ca: @AxelSimon -BEGIN PGP SIGNATURE- Version: APG v1.0.8 iQJCBAEBCgAsBQJREUMsJRxBeGVsIFNpbW9uIDxheGVsc2ltb25AYXhlbHNpbW9u Lm5ldD4ACgkQ94LtC1k/WHbK6w/9GbdD1t4AynswF+KcBtBra9CUJcpo0szQ1r0G UfskeagnYKU4bVq5bzr7CzBgtaJd0vMUtlovbQvQdvP9Fh69lge9jK2tZ1KB3NnV hy04/m52loQK9qBnzbnCeSykQbVvpa7PCjQYGCi6KuW2u5TXZw+5tWJ8bMH/Atvo 2uilZPoGsnhQZx9wlwbSD7YImQj3YIzA/t/L2dSoUSM9URTWSBEPBrYwA07EUCFJ bcCtnalRw9pZH6/TVPmOfSE0KLOse/JgE12j78WNFy4Fv3DVsaHoERfLVgWJpfyG umSXSYRpAv6H4wlgFslIf2N+5jYi6K490iVb8McWBruwrIfX6ypN04HnK/DU4vPm Afh6Ch5Bp+afI6JHwU3KLUfj06zkKh+xy84SGR26KqvJpavPG7FvfjzMWgQkHIag e8bZkhamdBuipdlCSJSDRMEa4PhL4mKXHCuZ9J0h1PeDHt39H3KIkGH6Wbxv7rc4 l+hy0p8eMKvzp6HNL4oZK3/P4i7G6lzcX6l/X0EjcjyKCxCYYg1Mg3VJCTBLGa6X megxU1iY7Y2LQJatv2aikWOHi7O1oB9pFsiBEv05dU21UlaNd8rP4xbgVcmz2BXV MKCkcl69RWMn6J+Y/p0nd3FjOsW9KQU4bCghOkUKHNrc9FUFj/jZ/C1bqKXXhSge 7bwLWis= =iv7r -END PGP SIGNATURE- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Is the Cyberwar beginning?
On 01/31/2013 04:39 PM, Gregory Foster wrote: Thanks for bringing up this subject, Andreas. I'll just add that aggression (cyber-aggression perhaps?) requires actors. And as Andreas points out, on January 27th the Pentagon announced approval of US Cyber Command's expansion from 900 personnel to 4,900 troops and civilians. WaPo (Jan 27) - Pentagon to boost cybersecurity force by Ellen Nakashima: http://www.washingtonpost.com/world/national-security/pentagon-to-boost-cybersecurity-force/2013/01/19/d87d9dc2-5fec-11e2-b05a-605528f6b712_story.html This five-fold expansion of personnel comes in the midst of threatened Defense budget cuts (the sequester) and a draw-down of overseas engagements, which signifies something about its perceived necessity. More importantly, DOD Cyber Command (which is right next door to the NSA and led by the Director of the NSA) is staffing combat mission forces now that DOD has the green light to perform offensive operations across the Internet. There is a difference between covert operations concealed in black budgets (e.g., Stuxnet) and overtly embraced state-sanctioned aggression. Remember that Stuxnet has proven it is quite possible for actions initiated from the information environment to have kinetic effects in physical space (destroying Iran's centrifuges IMO constitutes an act of war). I wonder how the Internet may change as a result of this slow, methodical unfolding. And I do think we're embroiled in something quite different than the hyperbolic language acts that have been occurring since the early 90's. The language acts are precipitating the desired result. Sorry for bringing this up again; but seen from your point of view this sounds like a new cold war. Hope that theres soon something like a convention for disarmament.. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Wickr app aims to safeguard online privacy
Brian Conley: Apparently Silent Circle is also proposing such a feature now. Such a feature makes sense when we consider the pervasive world of targeted attacks. If you compromise say, my email client today, you may get years of email. If you compromise my Pond client today, you get a weeks worth of messages. Such a feature is something I think is useful and I agreed to it when I started using Pond. It is a kind of forward secrecy that understands that attackers sometimes win but you'd like them to not win everything for all time. Seems rather reasonable, really. Hardly malware but hardly perfect. All the best, Jake -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Wickr app aims to safeguard online privacy
It's highly concerning to me that the rhetoric has shifted from actual security concerns such as auditing to whether a message deletion feature is useful. NK From: Jacob Appelbaum Sent: 2013-02-05 2:13 PM To: liberationtech@lists.stanford.edu Subject: Re: [liberationtech] Wickr app aims to safeguard online privacy Brian Conley: Apparently Silent Circle is also proposing such a feature now. Such a feature makes sense when we consider the pervasive world of targeted attacks. If you compromise say, my email client today, you may get years of email. If you compromise my Pond client today, you get a weeks worth of messages. Such a feature is something I think is useful and I agreed to it when I started using Pond. It is a kind of forward secrecy that understands that attackers sometimes win but you'd like them to not win everything for all time. Seems rather reasonable, really. Hardly malware but hardly perfect. All the best, Jake -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Wickr app aims to safeguard online privacy
Seems rather reasonable, really. Hardly malware but hardly perfect. Perhaps I am missing something, but isn't the point of contention that Wickr and Silent Circle are promising trust in the destruction of messages on the receiver side, which as far as I am aware is an improbable claim? Again, correct me if I am wrong, but Pond does not claim that a user cannot edit the source to extend the expiration period, let alone copy and paste from chats, correct? On Tue, Feb 5, 2013 at 2:11 PM, Jacob Appelbaum ja...@appelbaum.net wrote: Brian Conley: Apparently Silent Circle is also proposing such a feature now. Such a feature makes sense when we consider the pervasive world of targeted attacks. If you compromise say, my email client today, you may get years of email. If you compromise my Pond client today, you get a weeks worth of messages. Such a feature is something I think is useful and I agreed to it when I started using Pond. It is a kind of forward secrecy that understands that attackers sometimes win but you'd like them to not win everything for all time. Seems rather reasonable, really. Hardly malware but hardly perfect. All the best, Jake -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- *Collin David Anderson* averysmallbird.com | @cda | Washington, D.C. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Wickr app aims to safeguard online privacy
On 2/5/2013 11:11 AM, Jacob Appelbaum wrote: Brian Conley: Apparently Silent Circle is also proposing such a feature now. Such a feature makes sense when we consider the pervasive world of targeted attacks. If you compromise say, my email client today, you may get years of email. If you compromise my Pond client today, you get a weeks worth of messages. Such a feature is something I think is useful and I agreed to it when I started using Pond. Nobody is objecting to a feature that deletes certain messages after a configurable time. I agree that it mitigates some attacks (although less than one might think, if the mail account isn't tamper-evident), and timed message deletion has other benefits besides. Many MUAs provide this feature, often through filters or rules interfaces. Rich's objection, which I share, is that Wickr (and apparently, Silent Circle) attempt to impose this policy on users without allowing them to make an independent choice. Is your position that timed message deletion is valuable only if it is sender-selected and MUA-enforced? -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Wickr app aims to safeguard online privacy
Daniel Colascione: On 2/5/2013 11:11 AM, Jacob Appelbaum wrote: Brian Conley: Apparently Silent Circle is also proposing such a feature now. Such a feature makes sense when we consider the pervasive world of targeted attacks. If you compromise say, my email client today, you may get years of email. If you compromise my Pond client today, you get a weeks worth of messages. Such a feature is something I think is useful and I agreed to it when I started using Pond. Nobody is objecting to a feature that deletes certain messages after a configurable time. I agree that it mitigates some attacks (although less than one might think, if the mail account isn't tamper-evident), and timed message deletion has other benefits besides. Many MUAs provide this feature, often through filters or rules interfaces. I think that some people do object to such a feature. It makes sense - such a feature is pretty much an open research question... Rich's objection, which I share, is that Wickr (and apparently, Silent Circle) attempt to impose this policy on users without allowing them to make an independent choice. I agree that using closed source software with a software as a service model might really suck. Free software for freedom, right? Is your position that timed message deletion is valuable only if it is sender-selected and MUA-enforced? Nope. My position is that there is more than a binary choice and more than a receiver is the attacker at all times way of thinking about the problem. All the best, Jake -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Wickr app aims to safeguard online privacy
My impression is that this could work in any system that delivers encrypted messages to a third-party non SMS client. In fact, it could work in an SMS client as well, though an encrypted version of the message would of course be stored by the mobile service provider. As Jacob says its certainly not fool-proof, but where we are talking about fools specifically, it would avoid this problem: Joe, Billy, and Susan are all planning a super secret action to disrupt Authoritarianistan's hosting of the olympics. They all agree to use SuperSecretMessageSender™ to communicate in super secret mode. Unfortunately Billy is kind of an ass, and despite repeated discussions and collective agreement, he failed to delete his messages upon reading. When Authoritarianistan state operatives detained Billy, they tortured him to release his passwords, and then read messages from Joe, Susan, and Billy's mom, all of whom were detained and have not been heard from since. In this case, self-destruct would potentially save Joe and Susan from the fool Billy's lazy security culture. Certainly this is not a be all and and all, but does seem like a potentially valuable feature based on my own broad observation of fools amongst many activist and journalist groups. Brian On Tue, Feb 5, 2013 at 11:11 AM, Jacob Appelbaum ja...@appelbaum.netwrote: Brian Conley: Apparently Silent Circle is also proposing such a feature now. Such a feature makes sense when we consider the pervasive world of targeted attacks. If you compromise say, my email client today, you may get years of email. If you compromise my Pond client today, you get a weeks worth of messages. Such a feature is something I think is useful and I agreed to it when I started using Pond. It is a kind of forward secrecy that understands that attackers sometimes win but you'd like them to not win everything for all time. Seems rather reasonable, really. Hardly malware but hardly perfect. All the best, Jake -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Is the Cyberwar beginning?
Really there are layers going on here, aren't there? And in ways the governments have no interests in differentiating the levels of activity because each level ups civilian/legislative alert levels, and therefore budgets to meet the actual threat levels. Let me start a taxonomy, and y'all can argue it up and down. Harmless exploratory hacking - what machines can I get into and lok around, not leaving traces? Personal acts that may be perceived as stealing or disrupting business operations: - Non-violent selfless civil disobedient hacktivism (Posting an academic paper) - Pecuniary hacktivism (taking from BMG) - Vindictive hactivism (LOIC) Organizational sponsored hacking - non-violent selfless civil disobedient hacktivism (Tor Project) - pecuniary (malware - botnet rentals, hacking for identity/credit ca rd sale/rent,...) - vindictive (writing LOIC payloads, STUX, Chinese hacker type brigades) There are a couple categories here that are legitimate threats to someone, and several that are conflated into cyberwar threats by different governments or agencies within those governments according to context. Also, press will freely conflate others, and business press or spokespeople yet others, according to either their understanding or their propaganda (oh, excuse me, PR) interest. In any war, truth is the first casualty. As that is certainly the case here, yes, my friends, that is the archduke's corpse I just described outlined in chalk in the text above. The drums are thumping and the money is in the pipelines. The recruitment and training of special forces is accellerating all over the globe. You are looking at incidents, and that is the wrong place to look. Look at the build-up. There is a strategic back pressure of at least three really solid years and really five in inertia behind this, building funding and recuitment in the US. It's been a big focus of several beltway companies reinventing themselves for the future, oh joy. Gotta love the US military industrial complex. When heavy industry goes overseas, we figure out other ways to compete with the Chinese, amiright? Are there no other people here with military/strategic ties? (Andrew, Jake, haven't you seen this?) Shava Nerad shav...@gmail.com -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Is the Cyberwar beginning?
Distinction should be made between 'classic' military cyber-force buildup (be it any type of resource), and privatized force. We can be assured, to a certain degree, that only agents of state (i.e. armies) have access to 'classic' strategic weapons. The same cannot be said about cyber weapons of similar (potential) magnitude. Probably the most disturbing aspect of cyberwar is the newspeak rhetoric. War has always been a violent state of affairs between countries/nations/alliances, while cyberwar never needs to be explained or otherwise justified - it just *is*. Cyberwar exists by its own right, with no need to claim who's Side A and Side B. It is effectively the perfect vague, always-existing, Orwellian state of war of the new era.-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Wickr app aims to safeguard online privacy
Just to clarify, are you suggesting such a feature would put the users at *greater* threat? in my experience simply using CryptoTool™ puts you at risk of interrogation, torture, prison in certain countries. It seems that such a feature would mitigate. On the other hand, it seems like splitting hairs, until research is done, to suggest such a feature would be better than simply keeping all messages encrypted at rest. Once we are talking about rubber hose decryption methods, I think we've kind of already lost, no? B On Tue, Feb 5, 2013 at 12:46 PM, Nadim Kobeissi na...@nadim.cc wrote: NK On Tue, Feb 5, 2013 at 3:06 PM, Brian Conley bri...@smallworldnews.tvwrote: In this case, self-destruct would potentially save Joe and Susan from the fool Billy's lazy security culture. In this kind of scenario, adding a self-destruct feature would definitely be useful in preventing communications from leaking through certain vectors after the messages have served their purpose. However, they also shift the threat. If Authoritarianstan police know that CryptoToolX deletes messages after a while, they are likely to feel more justified in further interrogating the suspect, knowing that if the messages aren't there now, it's likely that they were there earlier. It's hard to discuss those features not because they aren't cool and useful (they are!) but because they make it difficult to maintain a sense of priority. Measuring how a feature will help, how it'll change the threat and whether it will eclipse attention from greater threats and concerns is kind of trick AFAICT. Certainly this is not a be all and and all, but does seem like a potentially valuable feature based on my own broad observation of fools amongst many activist and journalist groups. Brian On Tue, Feb 5, 2013 at 11:11 AM, Jacob Appelbaum ja...@appelbaum.netwrote: Brian Conley: Apparently Silent Circle is also proposing such a feature now. Such a feature makes sense when we consider the pervasive world of targeted attacks. If you compromise say, my email client today, you may get years of email. If you compromise my Pond client today, you get a weeks worth of messages. Such a feature is something I think is useful and I agreed to it when I started using Pond. It is a kind of forward secrecy that understands that attackers sometimes win but you'd like them to not win everything for all time. Seems rather reasonable, really. Hardly malware but hardly perfect. All the best, Jake -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Wickr app aims to safeguard online privacy
On Tue, Feb 5, 2013 at 4:13 PM, Brian Conley bri...@smallworldnews.tvwrote: Just to clarify, are you suggesting such a feature would put the users at *greater* threat? No: As mentioned in my previous email, I'm trying to point out that when features like this are introduced, it's definitely true that they may have positive benefits: But they also may shift the threat into a different situation, and may even interfere with the process of classifying and prioritizing threats. in my experience simply using CryptoTool™ puts you at risk of interrogation, torture, prison in certain countries. It seems that such a feature would mitigate. On the other hand, it seems like splitting hairs, until research is done, to suggest such a feature would be better than simply keeping all messages encrypted at rest. Agreed, and research is the best way I can think of to get answers on this. Until the research is done, by all means feel free to implement self-destruct features. But don't let such features distract from threat priorities and from the notion that they themselves may shift the threat landscape. Once we are talking about rubber hose decryption methods, I think we've kind of already lost, no? See, that's kind of my point when I talk about how those features distract from threat priorities. Shouldn't we be worrying about more low-level things, such as code delivery, side-channel attacks and so on? (These are just random examples.) B On Tue, Feb 5, 2013 at 12:46 PM, Nadim Kobeissi na...@nadim.cc wrote: NK On Tue, Feb 5, 2013 at 3:06 PM, Brian Conley bri...@smallworldnews.tvwrote: In this case, self-destruct would potentially save Joe and Susan from the fool Billy's lazy security culture. In this kind of scenario, adding a self-destruct feature would definitely be useful in preventing communications from leaking through certain vectors after the messages have served their purpose. However, they also shift the threat. If Authoritarianstan police know that CryptoToolX deletes messages after a while, they are likely to feel more justified in further interrogating the suspect, knowing that if the messages aren't there now, it's likely that they were there earlier. It's hard to discuss those features not because they aren't cool and useful (they are!) but because they make it difficult to maintain a sense of priority. Measuring how a feature will help, how it'll change the threat and whether it will eclipse attention from greater threats and concerns is kind of trick AFAICT. Certainly this is not a be all and and all, but does seem like a potentially valuable feature based on my own broad observation of fools amongst many activist and journalist groups. Brian On Tue, Feb 5, 2013 at 11:11 AM, Jacob Appelbaum ja...@appelbaum.netwrote: Brian Conley: Apparently Silent Circle is also proposing such a feature now. Such a feature makes sense when we consider the pervasive world of targeted attacks. If you compromise say, my email client today, you may get years of email. If you compromise my Pond client today, you get a weeks worth of messages. Such a feature is something I think is useful and I agreed to it when I started using Pond. It is a kind of forward secrecy that understands that attackers sometimes win but you'd like them to not win everything for all time. Seems rather reasonable, really. Hardly malware but hardly perfect. All the best, Jake -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Latest article on silent circle
Ali-Reza Anghaie a...@packetknife.com wrote: Yeah. It's thinly veiled marketing and pats on the back. And while I appreciate Silent Circle - this is a bit much. Sheesh. -Ali ... With all the 'major players' to give it instant 'street cred'. Color me skeptical. -- Sent from my Android tablet with K-9 Mail. Please excuse my brevity. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [open-science] Removing watermarks from pdfs (pdfparanoia)
On Tue, Feb 5, 2013 at 8:20 PM, Bryan Bishop kanz...@gmail.com wrote: How about removing those pesky watermarks from pdfs? Sometimes they completely obfuscate the contents of a paper we're trying to read, or sometimes they have more sinister purposes. PDF2SVG should be able to do this (http://bitbucket.org/petermr/pdf2svg). It should also remove the side annotations about which library the PDF was downloaded from. Send me one and I'll see. Of course if it's encrypted or DRM'ed there isn't much it can do Working proof of concept: https://github.com/kanzure/pdfparanoia https://pypi.python.org/pypi/pdfparanoia Discussion history: https://groups.google.com/group/science-liberation-front/t/c68964cf55d8f6fa People who could theoretically benefit from this: http://scholar.google.com/scholar?q=%22Authorized+licensed+use+limited+to%22 http://scholar.google.com/scholar?q=Redistribution+subject+to+SEG+license+or+copyright;http://scholar.google.com/scholar?q=%22Redistribution+subject+to+SEG+license+or+copyright%22 http://scholar.google.com/scholar?q=Redistribution+subject+to+AIP;http://scholar.google.com/scholar?q=%22Redistribution+subject+to+AIP%22 http://scholar.google.com/scholar?q=Downloaded+from+http%3A%2F%2Fpubs.acs.org+on;http://scholar.google.com/scholar?q=%22Downloaded+from+http%3A%2F%2Fpubs.acs.org+on%22 http://scholar.google.com/scholar?q=Downloaded+*+*+2001..2013+to+*;http://scholar.google.com/scholar?q=%22Downloaded+*+*+2001..2013+to+*%22 To get source code: git clone git://github.com/kanzure/pdfparanoia.git To install: sudo pip install pdfparanoia or: sudo easy_install pdfparanoia Right now there's IEEE and AIP support. I need more samples to work with. - Bryan http://heybryan.org/ 1 512 203 0507 ___ open-science mailing list open-scie...@lists.okfn.org http://lists.okfn.org/mailman/listinfo/open-science Unsubscribe: http://lists.okfn.org/mailman/options/open-science -- Peter Murray-Rust Reader in Molecular Informatics Unilever Centre, Dep. Of Chemistry University of Cambridge CB2 1EW, UK +44-1223-763069 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [open-science] Removing watermarks from pdfs (pdfparanoia)
On Tue, Feb 5, 2013 at 9:15 PM, Bryan Bishop kanz...@gmail.com wrote: On Tue, Feb 5, 2013 at 3:09 PM, Peter Murray-Rust pm...@cam.ac.uk wrote: PDF2SVG should be able to do this (http://bitbucket.org/petermr/pdf2svg). It should also remove the side annotations about which library the PDF was downloaded from. Send me one and I'll see. Is there a svg2pdf? The problem with using pdfquery is that it can only generate an xml format, and at first it looks like pdfxml, except Adobe came up with a standard called pdfxml that looks completely different. So getting things back into pdf seems to be difficult. I use Apache FOP. We should be able to: * read PDF into SVG * remove the rubbish * write the primitives back into PDF. We might get font problems so you may have to make do with PDF/ISO standard 14 fonts. That might screw some of the microkerning occasionally. If you want to reformat running text and lose the publishers layout (e.g. 2-col = 1-col then we will use SVGPlus. Some of this is alpha, not production. - Bryan http://heybryan.org/ 1 512 203 0507 -- Peter Murray-Rust Reader in Molecular Informatics Unilever Centre, Dep. Of Chemistry University of Cambridge CB2 1EW, UK +44-1223-763069 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [open-science] Removing watermarks from pdfs (pdfparanoia)
On Tue, Feb 5, 2013 at 3:09 PM, Peter Murray-Rust pm...@cam.ac.uk wrote: PDF2SVG should be able to do this (http://bitbucket.org/petermr/pdf2svg). It should also remove the side annotations about which library the PDF was downloaded from. Send me one and I'll see. Is there a svg2pdf? The problem with using pdfquery is that it can only generate an xml format, and at first it looks like pdfxml, except Adobe came up with a standard called pdfxml that looks completely different. So getting things back into pdf seems to be difficult. - Bryan http://heybryan.org/ 1 512 203 0507 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Latest article on silent circle
While we can debate the merits of Silent Circle as an application or a model, the article had a broader focus that should not be lost. Whether or not VoIP and other providers are the best actors, they are bound to abide by legal regimes that are not so privacy friendly. As the threat of a new CALEA fight looms,[1] it would be useful to not forget that fact. I would suggest from looking at his history of writing that Ryan Gallagher couldn't care less about the application, but the principle at stake. Silent Circle just makes for a good protagonist. [1] http://news.cnet.com/8301-1009_3-57428067-83/fbi-we-need-wiretap-ready-web-sites-now/ On Tue, Feb 5, 2013 at 5:14 PM, bbrewer bbre...@littledystopia.net wrote: Ali-Reza Anghaie a...@packetknife.com wrote: Yeah. It's thinly veiled marketing and pats on the back. And while I appreciate Silent Circle - this is a bit much. Sheesh. -Ali ... With all the 'major players' to give it instant 'street cred'. Color me skeptical. -- Sent from my Android tablet with K-9 Mail. Please excuse my brevity. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- *Collin David Anderson* averysmallbird.com | @cda | Washington, D.C. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Silent Circle is reading the list. ;-)
They're agile about their coverage. ;-) -Ali https://threatpost.com/en_us/blogs/phil-zimmermann-we-really-really-dont-have-keys-020513 --- The other thing that Silent Circle doesn't do is hold any user encryption keys, not even for a second, because the keys never pass through the company's servers. The crypto operations are done on the client side. That's an important point, because it prevents the company from having to deal with any demands from law enforcement agencies looking for encryption keys. We really, really don't have the keys, he said. This is for serious people in serious situations. I think probably it's not a good idea to trust crypto software if they don't publish the source code. It's not just [to look for] back doors, but what if they screw up and make a mistake? Silent Circle also has secure email and text apps. The company has published the source code for its VOIP app and plans to do the same for its text app next week. Zimmermann said that there is no chance that the company will include any back doors or law-enforcement access mechanisms for its products. We're not going to build in any back doors in our service. I've spent my whole career on the principle of no back doors, so I'm not going to start now. One thing we won't do is cave in. --- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] CFP: Frontiers of New Media, September 20-21 2013, U of Utah
The Beginning and End(s) of the Internet: Surveillance, Censorship, and the Future of Cyber-Utopia The Departments of Communication and History at the University of Utah are seeking submissions for the fourth Frontiers of New Media Symposium to be held on the campus of the University of Utah, September, 20-21, 2012. The Frontiers symposium, which has been held every other year since 2009, brings together a diverse group of scholars to discuss the past, present, and future of media and communication technologies. This year’s theme, “The Beginning and End(s) of the Internet: Surveillance, Censorship, and the Future of Cyber-Utopia,” asks scholars, activists, and journalists to consider the past, present, and possible futures of the Internet as a force for good in the world. In 1969, the University of Utah was the fourth of four nodes of the ARPANet. For many academic and popular commentators, the birth of the ARPANet, and later the Internet, marked the beginning of a new frontier: cyberspace. These same commentators believed that cyberspace heralded the emergence of a new and hopeful period of communication, political economy, and culture. In 1996, John Parry Barlow’s “Declaration of the Independence of Cyberspace” famously proclaimed that cyberspace “is a world that is both everywhere and nowhere, but it is not where bodies live. We are creating a world that all may enter without privilege or prejudice accorded by race, economic power, military force, or station of birth. We are creating a world where anyone, anywhere may express his or her beliefs, no matter how singular, without fear of being coerced into silence or conformity.” Here is the CyberUtopia: a new, cybernetic nonplace. And yet, this nonplace has a strong connection to a particular geographic place: the American West and the research institutions situated there. It is in the American West that a new nonplace is being built, also of global reach and significance, but of a decidedly different purpose. By September of this year – perhaps during this symposium – the National Security Agency’s “Community Comprehensive National Cybersecurity Initiative Data Center” will be completed in Bluffdale, Utah. As several investigative reports and academic studies have shown, this data center will be a key archive of the electronic communications of individuals all over the world, American citizens included. The NSA data center has quickly become an icon for those who point to the growth of government and corporate surveillance and censorship of the Internet worldwide, including among Western democracies. For some, this data center raises the specter of an emergent dystopia, all too real, and all too opposed to the heady dreams of cyber-utopia. This year’s Frontiers of New Media Symposium invites scholars, activists, and journalists to address a number of questions: How do we read cyber-utopian discourse today? With governments worldwide seeking ever-greater control of the Internet, what hope, if any, remains for for achieving the dreams of cyber-utopia? In what ways can the Internet still be a force for good? How does this history connect to other histories of communication and technology? What other methods of locating, mapping, and shaping communications networks have occurred in the past, and what can we learn from them? How are specific sites like the NSA data center connected to the seemingly ubiquitous and placeless network? Has the “frontier” of the Internet closed? Is this the end of the Internet as envisioned by cyber-utopians? Submit abstracts of no more than 600 words to submissi...@frontiersofnewmedia.org by April 1, 2013. Selection decisions will be made by April 30, 2013. Travel expenses and a modest honorarium will be provided for all selected participants, including international participants. The Frontiers of New Media Symposium is made possible by the generous support of Simmons Media and is produced jointly by the departments of History and Communication at the University of Utah. -- Robert W. Gehl Assistant Professor, Department of Communication The University of Utah www.robertwgehl.org/blog | @robertwgehl Sent from our OS on our Internet -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Chromebooks for Risky Situations?
Dear LibTech, I'm frankly not sure about this idea, it may certainly be a bad one, but I've been using a Chromebook for almost a week now, and I've had some observations regarding this device. I'd like to discuss whether it's a good idea to hypothetically have Chromebooks used by activists, journalists, human rights workers and so on, as opposed to laptops with either Windows or Mac OS X running on top. First, the security and operational models are very interesting. In fact, I think this is probably the most secure end-user laptop OS currently on the mainstream market. Namely, Chromebooks use verified boot, disk encryption (with hardware-level tamper-resistance,) and sandboxing. This compounds with a transparent automatic update schedule from Google's Chrome team, which already has (from my experience) a truly superb reputation for security management. I'm looking at you, Adam Langley! The operating system itself is minimal. There is *much* less room for malware to be executed or for spyware to embed itself on the OS level. The difference in attack vector size between Chromebooks and Mac OS/Windows appears phenomenal to me. Of course, Chromebooks still have a filesystem and users are allowed to plug in USB drives, but due to the minimal nature of the operating system, its highly unusual strength of focus on security, and its relatively new nature, even malware delivered from these mediums may end up being much less common than in other platforms (Windows/Mac). I also feel that the minimal nature of Chromebooks leaves security considerations out of the way while offering an interface that is accessible to activists and journalists around the world. This accessibility is also a security feature! (I've long argued that accessibility should be considered a security feature.) Now, for the obvious (and unfortunate!) downsides: Chromebooks natively encourage users to store all of their data on Google, leaving the company with an unbalanced amount of control over these machines, and attracting itself as a compromise target relevant to Chromebook users. Another downside: No Tor. No PGP. No encryption software. Cryptocat is available for Chrome OS, but I can hardly say that's enough at all! The restricted, minimal nature of the operating system and the security-focused design of both the hardware and boot process are really appealing to me, and are the brunt of what makes me write this email. Should Chromebooks be recommended for activists and journalists in dangerous situations? As I've disclaimed above, this is only a theoretical discussion, please feel free to disagree and don't take me seriously just yet. :-) NK -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
On 02/06/2013 10:29 AM, Nadim Kobeissi wrote: I'm frankly not sure about this idea, it may certainly be a bad one, but I've been using a Chromebook for almost a week now, and I've had some observations regarding this device. I'd like to discuss whether it's a good idea to hypothetically have Chromebooks used by activists, journalists, human rights workers and so on, as opposed to laptops with either Windows or Mac OS X running on top. For NGOs that have already standardized on Google Apps/Domains for their primary groupware backend, I think Chromebooks make a huge amount of sense. This is especially true for many of the groups I work with, who are under constant attack from some pretty serious malware attacks, using the Windows/Mac-focused spearfishing approach. Chromebooks would negate most (all?) of these kind of attacks. The one downside is that they are still hard to get abroad, and even then it isn't the 3G version, so you need to have plentiful wifi. Also battery life is not that great (4 hours typically), so I am more inclined to perhaps push orgs looking to replace traditional laptops towards using Nexus 7 or 10s. +n -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
It's something we've explored as an option in the Executive Protection space - and paired with Google two-factor it's a marked improvement over anything most of these end-users were doing before. There is at least one 3G radio version too - more almost certainly coming at better price points. As I've thought about it, some really disagreeable security risks of using certain types of security related Chrome plugins (e.g. recent Mailvelope, DOM, OpenPGP.js discussions), might be more tenable risks in a Chromebook deployment. Obviously that doesn't fix anything back home but it's another part of the risk equation. How can projects like Privly play into it? Carrying a Tor Router along with you or building one on-site. None of the operational matters will ever be squarely addressed by one platform but it all can be decision-treed out nicely. The Google ecosystem risk is real and reasonable to consider - but weighed against other realities? And while I don't expect any vendor to fight our Government battles for us - Google has been more ally than foe IMO. It's a worthwhile discussion that could lead to a fork or three down the road. -Ali On Tue, Feb 5, 2013 at 10:29 PM, Nadim Kobeissi na...@nadim.cc wrote: Dear LibTech, I'm frankly not sure about this idea, it may certainly be a bad one, but I've been using a Chromebook for almost a week now, and I've had some observations regarding this device. I'd like to discuss whether it's a good idea to hypothetically have Chromebooks used by activists, journalists, human rights workers and so on, as opposed to laptops with either Windows or Mac OS X running on top. First, the security and operational models are very interesting. In fact, I think this is probably the most secure end-user laptop OS currently on the mainstream market. Namely, Chromebooks use verified boot, disk encryption (with hardware-level tamper-resistance,) and sandboxing. This compounds with a transparent automatic update schedule from Google's Chrome team, which already has (from my experience) a truly superb reputation for security management. I'm looking at you, Adam Langley! The operating system itself is minimal. There is *much* less room for malware to be executed or for spyware to embed itself on the OS level. The difference in attack vector size between Chromebooks and Mac OS/Windows appears phenomenal to me. Of course, Chromebooks still have a filesystem and users are allowed to plug in USB drives, but due to the minimal nature of the operating system, its highly unusual strength of focus on security, and its relatively new nature, even malware delivered from these mediums may end up being much less common than in other platforms (Windows/Mac). I also feel that the minimal nature of Chromebooks leaves security considerations out of the way while offering an interface that is accessible to activists and journalists around the world. This accessibility is also a security feature! (I've long argued that accessibility should be considered a security feature.) Now, for the obvious (and unfortunate!) downsides: Chromebooks natively encourage users to store all of their data on Google, leaving the company with an unbalanced amount of control over these machines, and attracting itself as a compromise target relevant to Chromebook users. Another downside: No Tor. No PGP. No encryption software. Cryptocat is available for Chrome OS, but I can hardly say that's enough at all! The restricted, minimal nature of the operating system and the security-focused design of both the hardware and boot process are really appealing to me, and are the brunt of what makes me write this email. Should Chromebooks be recommended for activists and journalists in dangerous situations? As I've disclaimed above, this is only a theoretical discussion, please feel free to disagree and don't take me seriously just yet. :-) NK -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
On 02/06/2013 01:22 PM, Ali-Reza Anghaie wrote: How can projects like Privly play into it? Carrying a Tor Router along with you or building one on-site. None of the operational matters will ever be squarely addressed by one platform but it all can be decision-treed out nicely. You could also use Orbot with wifi-tether on Android phone. It can transparent proxy all the wifi hotspot traffic over Tor. +n -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Removing watermarks from pdfs (pdfparanoia)
On Tue, Feb 05, 2013 at 06:59:03PM -0500, liberationt...@lewman.us wrote: On Tue, 5 Feb 2013 14:20:22 -0600 Bryan Bishop kanz...@gmail.com wrote: How about removing those pesky watermarks from pdfs? Sometimes they completely obfuscate the contents of a paper we're trying to read, or sometimes they have more sinister purposes. I get PDFs watermarked to me by their placement of sections in relation to one another, their word choice in opening sentences of paragraphs, and figure/image locations within the PDF. The idea being that the content is the watermark, not some silly overlay watermark which is fairly easily stripped out in most free operating systems. If you render to bitmap, and then to djvu (maybe with OCR) then this should strip these. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech