Re: [liberationtech] Announcing a privacy preserving authentication protocol
Well, given that protocol uses essentially now new tech (apart from the message bit, which to me looks a bit superfluous), it should require relatively little time to implement properly. Furthermore, there are various parts of the protocol that are Good Ideas, independently of the other parts - having a per-site CA, with trust anchored in the DNSSEC hierarchy is _significantly_ better than the current CA system, imo.[1] Kyle: A. This doesn't eliminate phishing because users will still enter their credentials at a site that doesn't actually match the one where the cert was previously signed. Otherwise, existing HTTPS controls would already protect them. Not speaking for the protocol author, but afaict, the client cert is tied to the specific domain, meaning if you enter the wrong domain, you won't get a similar page where you enter your credentials - you'll get a page where you're not authenticated (the client cert is never sent to a different domain from where it was signed). B. What zone would contain user keys for DNSSEC? I am not entirely sure what you are referring to here, but the server provides the (signed) user public keys to any who asks, no DNSSEC necessary. I am guessing a common API should be used for this (www.server.com/get-pubkey?uid=user or somesuch). This does let the server MITM messages unless you have sidechannel pubkey verification, which is another reason why I find the message storage bit to be somewhat badly integrated. I agree that the most cumbersome thing would seem to be supporting multiple user devices, or, indepentently, multiple users on the same browser session (log out me, log in my SO without killing the rest of the browser session). These are significant hurdles to overcome in order to gain adoption, but not insurmountable, I think. Once FPCAs are served via the DNSSEC hierarchy instead of having predefined CAs (if this ever happens), I think moving to client certs might very well be adopted as a user convenience thing. We'll see what happens though, but I'm at least somewhat hopeful. [1] though of course, a distributed/decentralised WoT-like construction for the complete DNS hierarchy may be preferrable overall On 12 March, 2013 - Steve Weis wrote: At its core of this proposal, sites run their own CAs and users install site-specific client-side certificates. Many organizations have been doing this for years. For example, MIT: http://ist.mit.edu/certificates . I like client certificates as an additional factor in general, but user enrollment across multiple devices, browser and platform compatibility, and revocation of lost devices are a pain. I think the biggest adoption of client certificates has been in large organizations with managed devices and support staff. Incidentally, there have been attacks to use client certificates as persistent supercookies to track users, but I don't know the current state of how browsers handle this. Here's an old PoC: http://0x90.eu/ff_tls_poc.html . Firefox 4 at least prompts you before dumping your cert to https://www.apache-ssl.org/cgi/cert-export . The author also makes claims this could prevent cross-site scripting with a cryptographic same origin policy. I don't buy that, since XSS attacks could still be served from sites with valid certificates. If someone has a vulnerable web app, it's still going to be vulnerable. Finally, this proposal requires changes on server-side authentication and potentially in browsers themselves. Sites don't typically change their authentication system unless it drives user adoption (e.g. OpenID or Facebook Connect) or is needed for security (e.g. 2-factor auth). I don't see any incentives for adoption here. On Tue, Mar 12, 2013 at 4:31 PM, Kyle Maxwell ky...@xwell.org wrote: I appreciate the intention, but I see a lot of problems here. Without doing an exhaustive analysis: A. This doesn't eliminate phishing because users will still enter their credentials at a site that doesn't actually match the one where the cert was previously signed. Otherwise, existing HTTPS controls would already protect them. B. What zone would contain user keys for DNSSEC? C. Your message transport protocol seems a little unclear - could you walk through it? There are more issues here, but at a minimum I feel like it doesn't adequately address a broad enough threat model. On Tue, Mar 12, 2013 at 4:08 PM, Guido Witmond gu...@witmond.nl wrote: Ladies and Gentlemen, I've long disliked the direction the internet headed with regards to privacy. Or it's total disregard of it. I've come up with a novel architecture of existing old and recent cryptographic tools that offers a substantial improvement in security and privacy. I call it Eccentric Authentication. Unlike the current CA-system that requires people to trust them to gain security, my protocol turns that upside down. Security is what the protocol
Re: [liberationtech] Announcing a privacy preserving authentication protocol
Thank you for your concerns, I think I have the issues you mention covered in the 'protocol' On 03/13/2013 12:31 AM, Kyle Maxwell wrote: I appreciate the intention, but I see a lot of problems here. Without doing an exhaustive analysis: A. This doesn't eliminate phishing because users will still enter their credentials at a site that doesn't actually match the one where the cert was previously signed. Otherwise, existing HTTPS controls would already protect them. Perhaps a bit unclear from my description is the fact that the User Agent handles all credentials. When the user browses to a site, the agent looks up the client certificates that are signed by the *same CA* as the one that signed the server certificate. Only the matching certificates will be offered to user to log in. A phisher may scare a person into browsing to the phisher's bank-look-alike, but the phisher cannot impersonate the certificates. The user agent sees it as a different site -- which it is -- and won't offer the certificates that the user has from his bank. This protocol is not meant be be used stand-alone to secure access to bank sites. When the user falls for the phishers, enters his username and password (at US-banks) or his token from his token generator (at EU-banks), the bank sees a correct log in coming from a different client certficate and *knows* something's fishy. The bank blocks the account. The user agent must not allow the user to pick a certificate that does not match. Doing so would lead to the current yes-clicking, because the user is really scared that the there is CUR 1500.- being deducted from his account. There is a small window of vulnerability here, when the user signs up for an Eccentric certificate at the first time. This must be solved at bank-account signup time. B. What zone would contain user keys for DNSSEC? I'm not sure what the question is. There are no user keys in DNSSEC, only the First Party Root certificates. That is stored according to the DANE/TLSA specification. ( http://datatracker.ietf.org/doc/draft-ietf-dane-protocol/ ) The way to retrieve client certificates by user name is unspecified. DNS could be a way. Or a well known url at the site. C. Your message transport protocol seems a little unclear - could you walk through it? In short, the site where a user has an account allows incoming 'blobs' from other people. These blobs would be messages, signed with the senders' private key and encrypted with the recipients' public key. The blobs include the certificate to prove ownership of the private key. The recipient (she) can decrypt the message and it gives her the public key of the sender (him). She validates senders' certificate against the Root certificate. She checks the global memory to check if there are not two or more certificates with the same common name. (that indicates a MitM from the senders' CA, or just an incompetent senders' CA). Notice, the recipient doesn't know the identity of the sender. To reply, she signs with her private key, encrypt with his public key and delivers it at the site specified by the Root certifcate of his certificate. Each site name is unique because it is specified in DNSSEC. Each client certificate has a unique name (protocol requirement) to make names unique for a site. Here two people can send encrypted messages without ever having to exchange keys beforehand. There are more issues here, but at a minimum I feel like it doesn't adequately address a broad enough threat model. I've designed it with these things in mind: - eliminate passwords; - eliminate email address requirements at account setup; - create anonymous accounts that are easier to set up than passwords, yet more secure against abuse. - use TLS everywhere - certificates are not forever. If a site requires an account to view it, create an account, view the site and delete the private key. Repeat for each visit. There are weak spots: - browsers handle certificates badly, very badly or not at all; - browsers make it difficult to use crypto-card, share keys over devices; - there is no protection against traffic analysis. Tor to the rescue. It's a bit longer than I expected but I hope it answers your questions. Please let me know if it raises more questions. with regards, Guido Witmond. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Announcing a privacy preserving authentication protocol
On 03/13/2013 08:33 AM, Petter Ericson wrote: Kyle: A. This doesn't eliminate phishing because users will still enter their credentials at a site that doesn't actually match the one where the cert was previously signed. Otherwise, existing HTTPS controls would already protect them. Not speaking for the protocol author, but afaict, the client cert is tied to the specific domain, meaning if you enter the wrong domain, you won't get a similar page where you enter your credentials - you'll get a page where you're not authenticated (the client cert is never sent to a different domain from where it was signed). Indeed, correct. The local CA root certificate is the *identity* of the site. The browser restricts accounts to the site. B. What zone would contain user keys for DNSSEC? I am not entirely sure what you are referring to here, but the server provides the (signed) user public keys to any who asks, no DNSSEC necessary. I am guessing a common API should be used for this (www.server.com/get-pubkey?uid=user or somesuch). That's how I foresee it now. It could be a DNS(SEC)-based directory. I'm not sure which way to go with that. Perhaps your WoT could help here. This does let the server MITM messages unless you have sidechannel pubkey verification, which is another reason why I find the message storage bit to be somewhat badly integrated. It does fit in badly. I foresee the messaging part to be used both for person-to-person messages like email but also to bootstrap other secure connections. For example, a dating site that lets people connect over ZRTP. The message could just contains the endpoints and keys for that session. See: [2]. XMPP might be a better fit. We'll see what happens though, but I'm at least somewhat hopeful. [1] though of course, a distributed/decentralised WoT-like construction for the complete DNS hierarchy may be preferrable overall It would reduce the risk of pressure on the registrars to block a site. The requirement for a replacement of DNSSEC/DANE needs a secure 1:1 mapping of human-readable name to FPCA-Root-certificate. With Regards, Guido Witmond. 2: http://witmond.nl/blog/2012/10/22/the-worlds-most-private-dating-site.html (warning: old text) -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] You Only Click Twice
Dear LibTech I am pleased to announce the Citizen Lab's latest publication, You Only Click Twice: FinFisher's Global Proliferation, authored by Marquis-Boire, Bill Marczak, Claudio Guarnieri, and John Scott-Railton. https://citizenlab.org/2013/03/you-only-click-twice-finfishers-global-proliferation-2/ Bloomberg: http://www.businessweek.com/news/2013-03-13/gamma-finspy-surveillance-servers-in-25-countries Huff Post http://www.huffingtonpost.com/2013/03/13/finspy-spyware-activists_n_2864579.html Summary Below You Only Click Twice: FinFisher’s Global Proliferation March 13, 2013 Authors: Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri, and John Scott-Railton. This post describes the results of a comprehensive global Internet scan for the command and control servers of FinFisher’s surveillance software. It also details the discovery of a campaign using FinFisher in Ethiopia used to target individuals linked to an opposition group. Additionally, it provides examination of a FinSpy Mobile sample found in the wild, which appears to have been used in Vietnam. Summary of Key Findings We have found command and control servers for FinSpy backdoors, part of Gamma International’s FinFisher “remote monitoring solution,” in a total of 25 countries: Australia, Bahrain, Bangladesh, Brunei, Canada, Czech Republic, Estonia, Ethiopia, Germany, India, Indonesia, Japan, Latvia, Malaysia, Mexico, Mongolia, Netherlands, Qatar, Serbia, Singapore, Turkmenistan, United Arab Emirates, United Kingdom, United States, Vietnam. A FinSpy campaign in Ethiopia uses pictures of Ginbot 7, an Ethiopian opposition group, as bait to infect users. This continues the theme of FinSpy deployments with strong indications of politically-motivated targeting. There is strong evidence of a Vietnamese FinSpy Mobile Campaign. We found an Android FinSpy Mobile sample in the wild with a command control server in Vietnam that also exfiltrates text messages to a local phone number. These findings call into question claims by Gamma International that previously reported servers were not part of their product line, and that previously discovered copies of their software were either stolen or demo copies. Ronald Deibert Director, the Citizen Lab and the Canada Centre for Global Security Studies Munk School of Global Affairs University of Toronto (416) 946-8916 PGP: http://deibert.citizenlab.org/pubkey.txt http://deibert.citizenlab.org/ twitter.com/citizenlab r.deib...@utoronto.ca -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] CfP: USENIX Workshop on Free and Open Communications on the Internet (DC!)
I've been waiting for this CFP with great excitement and will be submitting for sure! Thanks, Collin. :-) NK On Wed, Mar 13, 2013 at 11:01 AM, Collin Anderson col...@averysmallbird.com wrote: Colleagues, Libtech receives a fair number of call for papers on conferences and journals every month, however, I wanted to direct special attention to the Free and Open Communications on the Internet Workshop at USENIX, being held in Washington, D.C. on August 13 this year. Participating in the first FOCI was a pretty great opportunity personally and I am hopeful that the location this time will help better connect researchers and the policy process that takes place locally. Please, submit, participate and attend! https://www.usenix.org/conference/foci13/call-for-papers Cordially, Collin --- Overview The 3rd USENIX Workshop on Free and Open Communications on the Internet (FOCI '13) seeks to bring together researchers and practitioners from technology, law, and policy who are working on means to study, detect, or circumvent practices that inhibit free and open communications on the Internet. Internet communications drive political and social change around the world. Governments and other actors seek to control, monitor, and block Internet communications for a variety of reasons, ranging from extending copyright law to suppressing free speech and assembly. Methods for controlling what content people post and view online are also multifarious. Whether it's traffic throttling by ISPs or man-in-the-middle attacks by countries seeking to identify those who are organizing protests, threats to free and open communications on the Internet must be addressed by the research community in an interdisciplinary way that includes both policy and technology. Topics We encourage submission of new, interesting work on a wide variety of topics of interest, including but in no way limited to the following areas: Evaluation or analysis of existing anti-censorship systems Comparisons of existing tools that might be used to detect tampering, blocking, or violations of net neutrality Studies and findings on real-world censorship or tampering from field deployments or other methods, such as the topics or content censored by states or the extent to which ISPs are degrading certain types of content or service Metrics and benchmarks for content tampering or performance degradation Detection, measuring, and analysis of the censorship of search results Design of network protocols and topologies that resist tampering or censorship Techniques to counter mass surveillance or its effects The role of private corporations in spreading or enabling surveillance and censorship Capabilities of deep packet inspection (DPI) and robust mechanisms to circumvent DPI Capabilities and constraints of censorship technologies Legality of censorship-resistant systems or bypassing censorship Economic considerations in the design and deployment of censorship or censorship-resistant tools Analysis of the economic impact of censorship Usability in censorship-resistant systems Effects of censorship on individuals, society, business, or political processes We emphasize that this workshop seeks to draw submissions from a range of disciplines. As such, non-technical work that examines the wider implications of censorship and its effects will be considered favorably. What to Submit We invite two distinct tracks for papers: a technical track for technically-focused position papers or works-in-progress; and a social science track for papers focused on policy, law, regulation, economics or related fields of study. FOCI will favor interesting and new ideas and early results that lead to well-founded position papers. We envision that work presented at FOCI will ultimately be published at relevant, high-quality conferences. Papers will be selected primarily based on originality, with additional consideration given to their potential to generate discussion at the workshop. Papers in the technical track will also be evaluated based on technical merit. Submission Guidelines Technical Track: Submitted papers must be no longer than six 8.5 x 11 pages, based on the standard USENIX format. References will not count towards the six-page limit. Social Science Track: Submitted papers must be no longer than nine 8.5 x 11 pages, based on the standard USENIX format, but shorter papers are encouraged. References will not count towards the nine-page limit. The social science track aims to encourage submissions from fields such as law and political science, where longer articles are traditional. Authors should not submit technically-focused papers to the social science track in order to avoid page limits—such papers may be rejected out of hand. All papers should be in the standard USENIX format. Specifically, regarding page limits, your paper should be typeset in two-column format in 10-point
[liberationtech] Update on Humanity United USAID Tech Challenge for Atrocity Prevention
From: Mia Newman mnew...@humanityunited.org I wanted to follow up on my email from last month about the Tech Challenge for Atrocity Prevention, as we are excited to announce that our second round formally launched last week. Hopefully you received our email blast announcement below, but I also wanted to give you an update personally. The three challenges that are now open are: *The MODEL http://www.thetechchallenge.org/#!model Challenge*: to model conflict situations to determine community-level risk of violence (TopCoder) - Geared toward technical coders and data modelers interested in applying their skills to conflict datasets. The challenge is composed of two stages: first to discover data and then to model it. The COMMUNICATE http://www.thetechchallenge.org/#!communicate Challenge: to facilitate on-the-ground communication among communities affected by conflict (Innocentive) - Ideal for a wide audience with varying backgrounds to apply their experience and creativity to overcome the challenge of secure two-way communication. The ALERT http://www.thetechchallenge.org/#!alert Challenge: to develop improved methods of gathering and verifying information from hard-to-access conflict areas (OpenIDEO) - This platform was specifically selected to channel empathy, ideation, and analysis to help communities in conflict inform the wider world about their situation. With its multi-stage process, a new part of the challenge is opening every few weeks, and we encourage you to continue to revisit the site. We believe the Liberation Tech community is a prime candidate for this kind of collaboration and innovation. Feel free to contact me or find our FAQhttp://www.thetechchallenge.org/faqs/Tech_Challenge_for_Atrocity_Prevention_-_FAQ.pdfhere with more information. Thanks so much! Mia Mia Newman John Gardner Fellow | Humanity United 1700 Pennsylvania Ave NW, Ste 520| Washington, DC 20006 mnew...@humanityunited.org | 202.503.3212 Final three challenges now live at http://www.thetechchallenge.orghttp://humanityunited.us1.list-manage.com/track/click?u=1336b663fea2e53f9b0821d91id=d9f1aa895be=c580170197 . Learn more during a Google+ Hangouthttp://humanityunited.us1.list-manage2.com/track/click?u=1336b663fea2e53f9b0821d91id=2555f9e610e=c580170197on Friday, March 8th. Is this email not displaying correctly? View it in your browserhttp://us1.campaign-archive1.com/?u=1336b663fea2e53f9b0821d91id=85739f8dcde=c580170197. http://humanityunited.us1.list-manage.com/track/click?u=1336b663fea2e53f9b0821d91id=d3cf93b8d9e=c580170197 *NOTE: Our program team wanted to make sure you were the first to hear about our next round of challenges. Here's the joint announcement from USAID and Humanity United.* Dear friends and partners, *We are excited to announce today that Humanity United and USAID are launching the next round of our **Tech Challenge for Atrocity Prevention*http://humanityunited.us1.list-manage1.com/track/click?u=1336b663fea2e53f9b0821d91id=347ad82613e=c580170197 *. * As many of you know, the Tech Challenge opened last October in search of the most innovative applications of new and existing technologies to help prevent mass atrocities. We announced the seven winning innovations http://humanityunited.us1.list-manage.com/track/click?u=1336b663fea2e53f9b0821d91id=c07ce12007e=c580170197of our first round a few weeks ago. The second round tackles the vital issues of (1) modeling conflict situations to determine community-level risk of violence; (2) facilitating on-the-ground communication among communities affected by conflict; and (3) developing improved methods of gathering and verifying information from hard-to-access conflict areas. To access these challenges, please go to the Tech Challenge websitehttp://humanityunited.us1.list-manage.com/track/click?u=1336b663fea2e53f9b0821d91id=fca9142852e=c580170197 . We are also diversifying our approach in this next round to use as many creative processes as possible. Based on the success of the first two challenges, we will continue to use an “ideation” contest via InnoCentive; a more collaborative, crowd-sourced process via OpenIDEO; as well as a multi-phased call for data and algorithm contest via TopCoder. *Participate in our Google+ Hangout on Friday, March 8 @ 2:00 pm EST. *The Hangout features first round winners speaking with leading technologists and human rights experts about the future of technology in the field of human rights. We will be taking questions via the hashtag #genprevtech on Twitter and you can watch the live Hangout here: http://bit.ly/VOSPJRhttp://humanityunited.us1.list-manage1.com/track/click?u=1336b663fea2e53f9b0821d91id=5c00dfec10e=c580170197 *Spread the word! *Please encourage your networks to submit their innovations for the second round for a chance to win up to $10,000 and, potentially, the opportunity to develop and scale their ideas with Humanity United and USAID. Forward this e-mail, forward our
[liberationtech] Bay area opensource mesh wireless meetups
From: Rich Bodo richb...@gmail.com Cc: ja...@cozybit.com If any of you are in the San Francisco bay area, I'm interested in starting an open-source mesh wireless meetup group. I am a member of hacker dojo (hackerdojo.com) so we could meet there. Ping me if you are interested. If there is enough interest we'll get a google group going. -Rich -- http://linkedin.com/in/complete http://linkedin/in/complete C: 650-283-6037-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Can HAM radio be used for communication between health workers in rural areas with no cell connectivity?
fl...@pgm.com writes: Thanks to Ali-Reza for reposting Dr. Dey's reply. If you are looking for lowest-cost short to medium range communications using ham radio, Android phones are not the answer. You still need VHF or UHF radio hardware. There are at least 20 radio manufacturers in China that make small variations on a common design of VHF transceiver, that can be bought for less than USD 50 each (often much less). Radio repeaters can be built using these same transceivers. There is also a huge surplus of transceivers in the US that have been made obsolete by the FCC's narrow band mandate, that you can buy for a few dollars, particularly interesting for higher power mobile radios. Shipping will be your major expense there unless you are able to do a freight container full at once. The biggest problem in most countries is almost always getting legal permission to use amateur radio for other public purposes. Solve that problem for your group, and find out what frequencies and power levels are permissible, and the technical issues are much easier. Because it's related to the same problem domain, I'll point out: The OpenBTS project is an open-source software-based GSM access point, that allows people to use standard consumer GSM cell phones to communicate in a network that anyone (with the right hardware) can set up. http://en.wikipedia.org/wiki/OpenBTS http://openbts.blogspot.com/ http://wush.net/trac/rangepublic http://gnuradio.org/redmine/projects/gnuradio/wiki/OpenBTS (I'm not sure whether the burden of having the right hardware for OpenBTS is lower or higher than the burden of having ham radio tranceivers.) HTH, -Karl -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] CodeX Fellowship 2013/14
From: Roland Vogl rv...@law.stanford.edu CodeX – The Stanford Center for Legal Informatics (http://codex.stanford.edu) is accepting applications for a Resident Fellowship for the 2013-14 academic year. CodeX is a cross-disciplinary research center jointly operated by Stanford Law School and the Stanford School of Engineering. The center's mission is to explore the application of technology toward improving the quality, efficiency, and accessibility of the legal system. Codex research fellows will have the opportunity to spend one to two years at Stanford Law School collaborating with scholars in computer science and other relevant disciplines. Fellows will work on the center's existing projects, and will have the opportunity to explore related research on their own and commence new projects. Fellows will work with cutting-edge technologies emerging from Stanford's engineering departments, and will be expected to bring a legally oriented perspective toward integrating these technologies into the law. Fellows will also be involved in bringing in leading thinkers in the field to speak at the law school on these topic areas and will work with law and computer science students to engage them in the center's activities. Qualifications: Because the primary focus of the center is employing technology within the law, applicants should also have experience in the legal, computer science or engineering related fields. We welcome applicants with practical/professional technical experience in these fields as well as those with formal legal, computer science or engineering undergraduate or graduate training. Applicants should be capable of learning and be comfortable with the technological aspects of the center's projects. How to Apply: All qualified and interested applicants must apply via the Stanford jobs website: http://jobs.stanford.edu/ search for this specific posting by entering job number: 51463 in the keyword search field. Applicants should submit: a resume a brief letter (no more than 2 pages) describing the applicant's interest in issues applying technology to the law, the applicant's background, and the research that they propose to conduct a list of references Review of applications will begin immediately, and all applications must be received by March 31, 2013. For more information about the Stanford Codex Center please visit the website at http://codex.stanford.edu, or contact CodeX Executive Director Roland Vogl at rv...@law.stanford.edu. Dr. Roland Vogl, Esq. Executive Director and Lecturer in Law Stanford Program in Law, Science Technology CodeX - The Stanford Center for Legal Informatics Transatlantic Technology Law Forum rv...@law.stanford.edu Stanford Law School Crown Quadrangle 559 Nathan Abbott Way Stanford, CA 94305-8610 Tel: (650) 723-8532 Fax: (650) 725-2190-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Free university student government election app to increase voter turnout
Hi LibTech, The EveryVote Facebook app is a free (open source) technology to increase voter turnout in university student government elections by helping students learn about, share their opinion on, and interact with all of their candidates on one convenient page. The app is still a prototype but it is available for testing at http://apps.facebook.com/everyvote. Our goal over these next 4 months is to pursue additional volunteers and grant funding so that we can release an improved Facebook app, a stand-alone (non-Facebook) platform, a mobile, and tablet version for Fall 2013 university student government and campus activities board elections. *To watch a video intro to the app, please visit** **everyvote.org/fbintro.* Furthermore, EveryVote.org is dedicated to accomplishing 2 long-range goals we believe are essential to a healthy democracy, yet too few people are talking about. They are: 1) Advocate for the creation of a publicly-accessible comprehensive candidate database, so that any developer can make a tool that provides you with factual information about every candidate in every election you can vote for on a single page, and 2) participate in a federated civic data sharing network, which allows users to transfer their civic data to any site they want in the network, so no one website can monopolize our public election data. You can watch a 2:30 cartoon summary of these 2 aforementioned goals here: http://www.youtube.com/watch?v=PN85p5oSbb4 If any LibTech members would like to learn more, or can offer feedback on the EveryVote project, we'd be excited to hear from you. Thanks so much for your consideration, Mitch Downey EV Project Manager Twitter: @EveryVoteU http://www.twitter.com/everyvoteu - @EveryVoteOrghttp://www.twitter.com/everyvoteorg -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Era of the Digital Mercenaries
Today, 12 March, World Day Against Cyber-Censorship, we are publishing two lists. One is a list of five “State Enemies of the Internet,” five countries whose governments are involved in active, intrusive surveillance of news providers, resulting in grave violations of freedom of information and human rights. The five state enemies are Syria, China, Iran, Bahrain and Vietnam. The other is a list of five “Corporate Enemies of the Internet,” five private-sector companies that are “digital era mercenaries.” The five companies chosen are Gamma, Trovicor, Hacking Team, Amesys and Blue Coat, but the list is not exhaustive and will be expanded in the coming months. They all sell products that are liable to be used by governments to violate human rights and freedom of information. Reporters Without Borders -- http://surveillance.rsf.org/en/ -- G.W. Schulz Center for Investigative Reporting Desk: 512-382-5969 E-mail: gwsch...@cironline.org About.Me/GWSchulz www.cironline.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] New book: Digital Disconnect
“A major new work by one of the nation's leading analysts of media.… A hard to put down, meticulously researched must-read.” —Juliet Schor, author of True Wealth Purchase Digital Disconnect “Over the past 20 years, the world has experienced a profound communications revolution delivered by the internet as well as an equally profound rise in economic inequality and instability delivered by neoliberal capitalism. Digital Disconnect explores the connections between these epoch-defining trends with clarity, depth, originality and verve. —Robert Pollin, Professor of Economics and Co-Director, Political Economy Research Institute (PERI), University of Massachusetts-Amherst +++ I am writing you to tell you about my new book on the Internet that may interest you. It is titled Digital Disconnect: How Capitalism is Turning the Internet Away from Democracy. The book is a political economic examination of the digital revolution based upon 15 years of research. The book provides considerable detail but also an overarching analysis and argument, so it is intended for anyone concerned with the Internet. It is the capstone of my career. Michael Delli Carpini, Dean of the Annenberg School for Communication at the University of Pennsylvania, said: “Digital Disconnect makes a convincing case that one can only understand the Internet and related communication technologies through the lens of political economy, and that the capitalist political economy in which they are currently embedded in the United States is anathema to a truly democratic information environment.” The book includes the following: * how the standard dichotomy of views on the Internet as “celebratory” or skeptical” have important and necessary insights, but they almost all fail to factor in or appreciate the importance of capitalism as the driving force, as well as the problems capitalism can create for democratic values and practices * a fresh look at the noncommercial origins of the Internet, and the shadowy process whereby it was converted into an engine for commercialism * how the dinosaur industries of telecommunication and entertainment media have managed to survive and even prosper in the Internet era by their domination of the corrupt policymaking process * how the Internet, once seen as an engine of economic competition, has become arguably the greatest generator of economic monopoly in history, with troubling implications for both the economy and political democracy; the dominant Internet firms now comprise nearly one-half of the 30 largest publicly traded corporations in the United States, based on market value * how advertising has been radically transformed online such that traditional notions of privacy have been eliminated, and the traditional support for media content advertising once provided is disappearing * how the national security state has surveillance powers over private citizens that were unimaginable a generation ago and are inimical to the foundations of a free society * how the Internet has assisted in destroying journalism as it has been practiced for the past century, and offers no hope on its own of rejuvenating journalism as a credible broad-based democratic institution; this chapter updates the research I did with John Nichols in 2010’s multiple-award-winning Death and Life of American Journalism (Nation Books) * how a series of crucial policy debates in the next decade will go a long way toward determining the course of the Internet and the course of society. This book is written with the aim of helping scholars and citizens be informed participants, and to see that the revolutionary democratic potential of the digital revolution be realized. After reading the book, Eric Alterman of The Nation and Brooklyn College wrote: “Once again, McChesney stands at the crossroads of media dysfunction and the denial of democracy, illuminating the complex issues involved and identifying a path forward to try to repair the damage. Here's hoping the rest of us have the good sense to listen this time.” Matthew Rothschild, editor of The Progressive, wrote: “With a panoramic sweep and profound insights, McChesney rings the alarm bells, showing clearly how capitalism is swallowing up the promise of the Internet. No one knows this field better than McChesney, and with this book, he has reached the pinnacle.” Thank you for your consideration, Bob McChesney-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Soft launch of VOA Radiogram this weekend
From: Dewayne Hendricks dewa...@warpspeed.com VOA Radiogram will soft launch this weekend. VOA Radiogram is a Voice of America program experimenting with digital text and images via shortwave broadcasting. http://voaradiogram.net Dewayne-Net RSS Feed: http://www.warpspeed.com/wordpress -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
