Re: [liberationtech] US State Dept Discourages Using Technology to Promote Democracy, Human Rights, and Citizen Engagement in Ukraine?
the key word people seem to be missing is unless: it says don't apply *unless your application meets the program objectives*. it is therefore encouraging, not discouraging, applications. as a RFP posted on state.gov, it doesn't make much sense to think State is discouraging applications. They appear to have updated the page almost immediately to avoid confusion; it now reads Proposals must demonstrate awareness of similar USG-supported programming in Ukraine and how the proposed program would complement ongoing efforts. http://www.state.gov/j/drl/p/206488.htm On Thu, Mar 21, 2013 at 3:04 PM, Yosem Companys compa...@stanford.eduwrote: Fostering Civic Engagement in Ukraine (approximately $500,000 available): DRL’s objective is to support the role of civil society in policy formation and enhancing accountability and responsiveness of government officials in Ukraine. The program will support civil society to foster an inclusive and participatory democratic system of government and hold politicians and public officials more accountable to constituents. In order to foster more unity among civil society efforts, the program should support post-election advocacy on areas of policy formation and implementation such as ongoing efforts related to elections and election law reform; freedom of assembly legislation; and/or reversing legislation restricting the rights of vulnerable or marginalized populations. The program should also examine how well existing laws are implemented and help civil society ensure that citizens can use official institutions and mechanisms to exercise their rights. Program activities could include, but are not limited to: support for activities to encourage debate and advocacy by citizens and civil society organizations, small grants to civil society for monitoring and/or advocacy activities, creating regional civil society partnerships to increase civil society unity on advocacy efforts, or connecting Ukrainian civil society with their counterparts in one or more countries in the region through NGO-to-NGO exchanges and mentoring in order to take advantage of shared post-communist and transition experiences. Successful proposals will demonstrate a strong knowledge of civil society in Ukraine and an established ability to work with regional civil society groups. DRL strongly discourages health, technology, or science- related projects unless they have an explicit component related to the requested program objectives listed above. http://www.state.gov/j/drl/p/206488.htm -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- David Golumbia dgolum...@gmail.com -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] US State Dept Discourages Using Technology to Promote Democracy, Human Rights, and Citizen Engagement in Ukraine?
My guess is that since money is already allocated for tech, they wanted to ensure that programs that weren't tech focused had some funds too. (Just a guess). On Fri, Mar 22, 2013 at 7:19 AM, Shava Nerad shav...@gmail.com wrote: Evgeny got to them. ;) More seriously, does anyone have digital divide info - cultural and financial - on Ukraine? Tech is not the solution for all cultures. Beer is the correct solution for some. A thousand cups of tea for others. Maybe State knows something we don't? Like: --- INTERNET Ukraine suffers digital divide - study Tuesday 22 March 2011 | 15:40 CET | News There is still a significant difference in household internet access across Ukraine, according to a study by GfK Ukraine. Internet penetration was just 12 percent in rural areas in Q4 2010, reports BizLigaNet. The figure rises to 25 percent in towns with a population below 50,000 and 38 percent of households in cities with more than 500,000 residents. http://www.telecompaper.com/news/ukraine-suffers-digital-divide-study--793094 yrs, Shava Nerad shav...@gmail.com On Mar 21, 2013 3:04 PM, Yosem Companys compa...@stanford.edu wrote: Fostering Civic Engagement in Ukraine (approximately $500,000 available): DRL’s objective is to support the role of civil society in policy formation and enhancing accountability and responsiveness of government officials in Ukraine. The program will support civil society to foster an inclusive and participatory democratic system of government and hold politicians and public officials more accountable to constituents. In order to foster more unity among civil society efforts, the program should support post-election advocacy on areas of policy formation and implementation such as ongoing efforts related to elections and election law reform; freedom of assembly legislation; and/or reversing legislation restricting the rights of vulnerable or marginalized populations. The program should also examine how well existing laws are implemented and help civil society ensure that citizens can use official institutions and mechanisms to exercise their rights. Program activities could include, but are not limited to: support for activities to encourage debate and advocacy by citizens and civil society organizations, small grants to civil society for monitoring and/or advocacy activities, creating regional civil society partnerships to increase civil society unity on advocacy efforts, or connecting Ukrainian civil society with their counterparts in one or more countries in the region through NGO-to-NGO exchanges and mentoring in order to take advantage of shared post-communist and transition experiences. Successful proposals will demonstrate a strong knowledge of civil society in Ukraine and an established ability to work with regional civil society groups. DRL strongly discourages health, technology, or science- related projects unless they have an explicit component related to the requested program objectives listed above. http://www.state.gov/j/drl/p/206488.htm -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Privacy, data protection questions
We're in the late prototype phase for Groundsourcehttp://groundsourcing.com, a mobile data collection and engagement platform -- designed for journalists, researchers, NGO's and others to use to gather first-hand knowledge. We've used the prototype to validate the need for the platform, and now privacy data protection have moved front and center as we ramp up for a beta phase later this spring/summer. We've had some early discussions with the Tor Project about protecting journalists using the platform in countries with repressive regimes (down the road). We're also looking into using Wickr for encrypting communications. In the short term, we need advisors who can help guide our decisions around privacy and personal data collection protection. Let me know if you're interested in helping us navigate these issues. I'd be happy to demo the platform for anyone who's interested -- and I am also beginning the search for a CTO/technical co-founder to lead on these and other tech/strategic decisions. We're looking for people who share our mission to put human experience and unmet needs at the heart of storytelling and decision-making, while giving sources control over the data that they share and their level of engagement. Comment here, or email me personally if you want to follow up. Best, Andrew Haeg http://www.linkedin.com/in/andrewhaeg @andrewhaeg @groundsourcing 612.501.0690 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] US State Dept Discourages Using Technology to Promote Democracy, Human Rights, and Citizen Engagement in Ukraine?
I just really don't see why this is a big deal. So State's funding priorities for tech stuff aren't about those subjects. So what? On Fri, Mar 22, 2013 at 3:46 PM, Katy P katyca...@gmail.com wrote: My guess is that since money is already allocated for tech, they wanted to ensure that programs that weren't tech focused had some funds too. (Just a guess). On Fri, Mar 22, 2013 at 7:19 AM, Shava Nerad shav...@gmail.com wrote: Evgeny got to them. ;) More seriously, does anyone have digital divide info - cultural and financial - on Ukraine? Tech is not the solution for all cultures. Beer is the correct solution for some. A thousand cups of tea for others. Maybe State knows something we don't? Like: --- INTERNET Ukraine suffers digital divide - study Tuesday 22 March 2011 | 15:40 CET | News There is still a significant difference in household internet access across Ukraine, according to a study by GfK Ukraine. Internet penetration was just 12 percent in rural areas in Q4 2010, reports BizLigaNet. The figure rises to 25 percent in towns with a population below 50,000 and 38 percent of households in cities with more than 500,000 residents. http://www.telecompaper.com/news/ukraine-suffers-digital-divide-study--793094 yrs, Shava Nerad shav...@gmail.com On Mar 21, 2013 3:04 PM, Yosem Companys compa...@stanford.edu wrote: Fostering Civic Engagement in Ukraine (approximately $500,000 available): DRL’s objective is to support the role of civil society in policy formation and enhancing accountability and responsiveness of government officials in Ukraine. The program will support civil society to foster an inclusive and participatory democratic system of government and hold politicians and public officials more accountable to constituents. In order to foster more unity among civil society efforts, the program should support post-election advocacy on areas of policy formation and implementation such as ongoing efforts related to elections and election law reform; freedom of assembly legislation; and/or reversing legislation restricting the rights of vulnerable or marginalized populations. The program should also examine how well existing laws are implemented and help civil society ensure that citizens can use official institutions and mechanisms to exercise their rights. Program activities could include, but are not limited to: support for activities to encourage debate and advocacy by citizens and civil society organizations, small grants to civil society for monitoring and/or advocacy activities, creating regional civil society partnerships to increase civil society unity on advocacy efforts, or connecting Ukrainian civil society with their counterparts in one or more countries in the region through NGO-to-NGO exchanges and mentoring in order to take advantage of shared post-communist and transition experiences. Successful proposals will demonstrate a strong knowledge of civil society in Ukraine and an established ability to work with regional civil society groups. DRL strongly discourages health, technology, or science- related projects unless they have an explicit component related to the requested program objectives listed above. http://www.state.gov/j/drl/p/206488.htm -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- US: +1-857-891-4244 | NL: +31-657086088 site: jilliancyork.com http://jilliancyork.com/* | * twitter: @jilliancyork* * We must not be afraid of dreaming the seemingly impossible if we want the seemingly impossible to become a reality - *Vaclav Havel* -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Microsoft Releases 2012 Law Enforcement Requests Report
The glossary indicates the reporting only covers criminal law enforcement
matters, so it probably excludes national security requests. Another thing to
ask for in future iterations, given Google's precedent on NSLs.
//
Cynthia M. Wong
Senior Researcher on the Internet
Business Human Rights Division
Human Rights Watch
-Original Message-
From: liberationtech-boun...@lists.stanford.edu
[mailto:liberationtech-boun...@lists.stanford.edu] On Behalf Of Dan Auerbach
Sent: Thursday, March 21, 2013 4:14 PM
To: liberationtech@lists.stanford.edu
Subject: Re: [liberationtech] Microsoft Releases 2012 Law Enforcement Requests
Report
On 03/21/2013 10:37 AM, Jacob Appelbaum wrote:
Joseph Lorenzo Hall:
On Thu Mar 21 12:27:47 2013, Jacob Appelbaum wrote:
Joseph Lorenzo Hall:
Two things seem particularly interesting: apparently zero
requests for content were fulfilled for Skype and the
associated FAQ [1] says CALEA (the US law that mandates intercept
capability) does not apply to Skype.
That seems particularly encouraging to me.
The FAQ is also interesting in that the non-content question
mentions location but then only lists state, country and ZIP
code as fields provided (I don't know how MSFT would have
access to precise geolocation, but that doesn't appear to be
something they provide). Also the NSL reporting in the FAQ is binned
in terms of thousands of NSLs...
so in 2009 they report receiving 0-999 NSLs and in 2010
1000-1999 NSLs (hard to tell if that was just one more NSL or a bunch).
I don't agree with that reading of the report. There is likely a
lot of word-smithing here - for example, Does Skype include
SkypeIn and SkypeOut or just Peer to Peer video, text and storage
of (other) meta-data? Does CALEA happen on the Skype side of
things or on the PTSN/VoIP service side of Skype{In,Out}? My
guess is the latter rather than the former.
Ok, I certainly agree there is probably a lot of wordsmithing here.
CALEA certainly applies to PSTN interconnection but then presumably
law enforcement would just go to the phone company which has
CALEA-compliant switching hardware there. (I think.)
Also, note that Microsoft Provided Guidance to Law Enforcement
- so when they say they didn't provide content, did they provide
the credentials? If so, the guidance could have allowed the Law
Enforcement to simply login and restore the account data. Or
perhaps merely disclosing a key?
They certainly don't describe what that means, which is strange
because for a transparency report with quantitative data, one would
want to bound what the categories of quantitative data are! I would
hope that MSFT would consider providing ciphertext and session keys
as providing content and increment the zeros in that column, but
there's no definitive statement in all of this that I can see which
would support that.
I wrote to them and asked these questions, as well as a few others.
What other questions should we pose to them, I wonder?
Reading quickly through the documents, there seems to be no information about
US FISA court orders, so that might be something to ask them about. I am
concerned about the possibility that FISA is being abused to access large
swaths of user data (esp given FAA provisions and secret interpretation of
section 215 of Patriot Act). You could suggest general rounded numbers for FISA
like for NSLs. Doubt you'll get any info, though.
That said, kudos to MS for releasing this info and to people for pushing them
on Skype!
--
Dan Auerbach
Staff Technologist
Electronic Frontier Foundation
d...@eff.org
415 436 9333 x134
--
Too many emails? Unsubscribe, change to digest, or change password by emailing
moderator at compa...@stanford.edu or changing your settings at
https://mailman.stanford.edu/mailman/listinfo/liberationtech
--
Too many emails? Unsubscribe, change to digest, or change password by emailing
moderator at compa...@stanford.edu or changing your settings at
https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Please Vote on Reply to Question
Hi Yosem, I vote for reply to all / the list. I can't believe that security geeks can't discipline themselves to take half a second to think about who they are replying to. The openness of the reply all default is refreshing. Mike On Mar 21, 2013, at 5:10 AM, Guido Witmond wrote: Dear Yosem, I vote for reply-to-poster. Your message really points out the problem: You ask us to connect to you, however, the reply button replies to the list. My 2cts. Guido Witmond. On 03/21/2013 02:17 AM, Yosem Companys wrote: Dear Liberationtech list subscribers, Several of you have petitioned to change Liberationtech mailing list's default reply to option from reply-to-all to reply-to-poster. Given the debate (see links below), we have decided to put the issue up for a vote: * Do you want replies to Liberationtech list messages directed to reply-to-all or reply-to-poster? -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Microsoft Releases 2012 Law Enforcement Requests Report
RU and CN are a glaring absence, which will skew the overall compliance rates. In previous iterations of Google's report, they declined to report numbers from China because of concerns that the government would designate that data a state secret (heavily punishable). However, given that the Skype data reports on both China and Russia, that doesn't seem to be the justification here? // Cynthia M. Wong Senior Researcher on the Internet Business Human Rights Division Human Rights Watch -Original Message- From: liberationtech-boun...@lists.stanford.edu [mailto:liberationtech-boun...@lists.stanford.edu] On Behalf Of Eric S Johnson Sent: Thursday, March 21, 2013 9:49 PM To: 'liberationtech' Subject: Re: [liberationtech] Microsoft Releases 2012 Law Enforcement Requests Report I wrote to them and asked these questions, as well as a few others. What other questions should we pose to them, I wonder? Why are RU and CN (most glaringly) absent from the first chart enumerating the number (and type) of requests by country? It's hard to believe those countries' security services have no interest in (non-Skype) Microsoft data. Is MS defining those countries as having no legal standing to request MS data, and therefore any requests from them would be rejected out-of-hand? We provide SSL encryption for Microsoft services and Skype-Skype calls on our full client (for full function computers) are encrypted on a peer-to-peer basis; however, no communication method is 100% secure. For example ... users of the Skype thin client (used on smartphones, tablets and other hand-held devices) route communications over a wireless or mobile provider network. --Is the implication that the Skype clients used on smartphones don't provide the same end-to-end encrypted-by-session-specific-keys level of security that the Skype for Windows client does? Skype received 4,713 requests from law enforcement. ... Skype produced no content in response to these requests. --It's hard to believe that LEAs never validly requested a record of a Skype user's IM sessions. Perhaps LEAs don't know those data exist? Best, Eric -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Microsoft Releases 2012 Law Enforcement Requests Report
Regarding SSL, hasn't Skype claimed in the past that the conversations are encrypted client-to-client, as in, even from Microsoft or Skype itself? If I'm right and my memory serves well, then it's striking that they only mentioned SSL in this report. NK On Fri, Mar 22, 2013 at 11:49 AM, Cynthia Wong wo...@hrw.org wrote: RU and CN are a glaring absence, which will skew the overall compliance rates. In previous iterations of Google's report, they declined to report numbers from China because of concerns that the government would designate that data a state secret (heavily punishable). However, given that the Skype data reports on both China and Russia, that doesn't seem to be the justification here? // Cynthia M. Wong Senior Researcher on the Internet Business Human Rights Division Human Rights Watch -Original Message- From: liberationtech-boun...@lists.stanford.edu [mailto: liberationtech-boun...@lists.stanford.edu] On Behalf Of Eric S Johnson Sent: Thursday, March 21, 2013 9:49 PM To: 'liberationtech' Subject: Re: [liberationtech] Microsoft Releases 2012 Law Enforcement Requests Report I wrote to them and asked these questions, as well as a few others. What other questions should we pose to them, I wonder? Why are RU and CN (most glaringly) absent from the first chart enumerating the number (and type) of requests by country? It's hard to believe those countries' security services have no interest in (non-Skype) Microsoft data. Is MS defining those countries as having no legal standing to request MS data, and therefore any requests from them would be rejected out-of-hand? We provide SSL encryption for Microsoft services and Skype-Skype calls on our full client (for full function computers) are encrypted on a peer-to-peer basis; however, no communication method is 100% secure. For example ... users of the Skype thin client (used on smartphones, tablets and other hand-held devices) route communications over a wireless or mobile provider network. --Is the implication that the Skype clients used on smartphones don't provide the same end-to-end encrypted-by-session-specific-keys level of security that the Skype for Windows client does? Skype received 4,713 requests from law enforcement. ... Skype produced no content in response to these requests. --It's hard to believe that LEAs never validly requested a record of a Skype user's IM sessions. Perhaps LEAs don't know those data exist? Best, Eric -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Microsoft Releases 2012 Law Enforcement Requests Report
On Fri, Mar 22, 2013 at 12:08:42PM -0400, Nadim Kobeissi wrote: Regarding SSL, hasn't Skype claimed in the past that the conversations are encrypted client-to-client, as in, even from Microsoft or Skype itself? Why is it relevant what they claimed? You can't check it, so why spend any time on guessing, while you could be running a system where you would *know for sure*. If I'm right and my memory serves well, then it's striking that they only mentioned SSL in this report. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Microsoft Releases 2012 Law Enforcement Requests Report
Eugen, Of course you're right, and I've made that specific argument about closed-source crypto many times before. But it's still interesting since we're trying to glean as much information as possible from that report here, which is a first for Skype. NK On Fri, Mar 22, 2013 at 12:16 PM, Eugen Leitl eu...@leitl.org wrote: On Fri, Mar 22, 2013 at 12:08:42PM -0400, Nadim Kobeissi wrote: Regarding SSL, hasn't Skype claimed in the past that the conversations are encrypted client-to-client, as in, even from Microsoft or Skype itself? Why is it relevant what they claimed? You can't check it, so why spend any time on guessing, while you could be running a system where you would *know for sure*. If I'm right and my memory serves well, then it's striking that they only mentioned SSL in this report. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Please Vote on Reply to Question
Can I vote reply-to-null? That would prevent all mishaps. Seriously though, this presents an interesting display of the trade-offs between privacy risks and convenience of use. Given that the purpose of the list is to perpetuate an ongoing discussion, the convenience of replying to the entire list seems to outweigh the risk of revealing private information. Optimally, the from header should say liberationtech with a inline note at the top identifying the author is. This would reduce (though not eliminate) the risk of someone misidentifying the intended recipient of their reply. I don't think the list software supports such configuration though. Just as a point of analysis, I've seen distribution lists that were intended to be one way (i.e. a few authorized individuals may send out messages) but were configured wrong such that replies not only were sent to the list, but the list allowed anybody, not just authorized individuals, to post. Contextually, this is much different, and the analysis would weigh in favor of making such a list reply to sender, not reply to all. However, in those cases, the problem results from a misconfiguration not a failure to weight the risks. My vote reply-to-list. *R. Jason Cronk, Esq., CIPP/US* /Privacy Engineering Consultant/, *Enterprivacy Consulting Group* enterprivacy.com * phone: (828) 4RJCESQ * twitter: @privacymaverick.com * blog: http://blog.privacymaverick.com -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] US State Dept Discourages Using Technology to Promote Democracy, Human Rights, and Citizen Engagement in Ukraine?
the whole thing is not a big deal, but i will risk repeating myself: the original comment on this list overlooked the phrase *unless they have an explicit component related to the requested program objectives listed above*, and this is actually a solicitation *for *proposals, not an effort to discourage them. The original discourage comment was just trying to ensure that proposals were area- and program-specific. State has already modified the page to make this clear, perhaps in reaction to comments such as the original one on this list: http://www.state.gov/j/drl/p/206488.htm. It's now clear that there is no intent to discourage applications. On Fri, Mar 22, 2013 at 11:36 AM, Jillian C. York jilliancy...@gmail.comwrote: I just really don't see why this is a big deal. So State's funding priorities for tech stuff aren't about those subjects. So what? -- David Golumbia dgolum...@gmail.com -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] US State Dept Discourages Using Technology to Promote Democracy, Human Rights, and Citizen Engagement in Ukraine?
I assumed the same. It's just an odd caveat in the context of US State Department's public relations drive about innovation. On Fri, Mar 22, 2013 at 7:46 AM, Katy P katyca...@gmail.com wrote: My guess is that since money is already allocated for tech, they wanted to ensure that programs that weren't tech focused had some funds too. (Just a guess). On Fri, Mar 22, 2013 at 7:19 AM, Shava Nerad shav...@gmail.com wrote: Evgeny got to them. ;) More seriously, does anyone have digital divide info - cultural and financial - on Ukraine? Tech is not the solution for all cultures. Beer is the correct solution for some. A thousand cups of tea for others. Maybe State knows something we don't? Like: --- INTERNET Ukraine suffers digital divide - study Tuesday 22 March 2011 | 15:40 CET | News There is still a significant difference in household internet access across Ukraine, according to a study by GfK Ukraine. Internet penetration was just 12 percent in rural areas in Q4 2010, reports BizLigaNet. The figure rises to 25 percent in towns with a population below 50,000 and 38 percent of households in cities with more than 500,000 residents. http://www.telecompaper.com/news/ukraine-suffers-digital-divide-study--793094 yrs, Shava Nerad shav...@gmail.com On Mar 21, 2013 3:04 PM, Yosem Companys compa...@stanford.edu wrote: Fostering Civic Engagement in Ukraine (approximately $500,000 available): DRL’s objective is to support the role of civil society in policy formation and enhancing accountability and responsiveness of government officials in Ukraine. The program will support civil society to foster an inclusive and participatory democratic system of government and hold politicians and public officials more accountable to constituents. In order to foster more unity among civil society efforts, the program should support post-election advocacy on areas of policy formation and implementation such as ongoing efforts related to elections and election law reform; freedom of assembly legislation; and/or reversing legislation restricting the rights of vulnerable or marginalized populations. The program should also examine how well existing laws are implemented and help civil society ensure that citizens can use official institutions and mechanisms to exercise their rights. Program activities could include, but are not limited to: support for activities to encourage debate and advocacy by citizens and civil society organizations, small grants to civil society for monitoring and/or advocacy activities, creating regional civil society partnerships to increase civil society unity on advocacy efforts, or connecting Ukrainian civil society with their counterparts in one or more countries in the region through NGO-to-NGO exchanges and mentoring in order to take advantage of shared post-communist and transition experiences. Successful proposals will demonstrate a strong knowledge of civil society in Ukraine and an established ability to work with regional civil society groups. DRL strongly discourages health, technology, or science- related projects unless they have an explicit component related to the requested program objectives listed above. http://www.state.gov/j/drl/p/206488.htm -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Please Vote on Reply to Question
..on Fri, Mar 22, 2013 at 12:21:54PM -0400, R. Jason Cronk wrote: Can I vote reply-to-null? That would prevent all mishaps. Seriously though, this presents an interesting display of the trade-offs between privacy risks and convenience of use. Given that the purpose of the list is to perpetuate an ongoing discussion, the convenience of replying to the entire list seems to outweigh the risk of revealing private information. Optimally, the from header should say liberationtech with a inline note at the top identifying the author is. This would reduce (though not eliminate) the risk of someone misidentifying the intended recipient of their reply. I don't think the list software supports such configuration though. Just as a point of analysis, I've seen distribution lists that were intended to be one way (i.e. a few authorized individuals may send out messages) but were configured wrong such that replies not only were sent to the list, but the list allowed anybody, not just authorized individuals, to post. Contextually, this is much different, and the analysis would weigh in favor of making such a list reply to sender, not reply to all. However, in those cases, the problem results from a misconfiguration not a failure to weight the risks. Don't people simply need to take responsibility for noting where and to whom they are sending their emails? Reply-to-sender seems like a very odd default on a mailing list - more so if implemented to 'protect us from ourselves'. If I want to reply to the sender, I will do so, but by default I expect when subscribed to a mailing list I'm there for the open discussion. Society is risky! Cheers, -- Julian Oliver http://julianoliver.com http://criticalengineering.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] US State Dept Discourages Using Technology to Promote Democracy, Human Rights, and Citizen Engagement in Ukraine?
I have now twice pointed out that this perception is a misreading of the document. They are simply trying to cut down on the number of inappropriate applications using very standard language. the original cut-and-paste obscured where the phrase appears on the page, but it is still followed by the exact phrase you quoted: unless they have an explicit component related to the requested program objectives listed above. If technology projects have an explicit component related to the program, they are NOT discouraged from applying. There is no story here. There is a lot of other qualifying information in the additional information block. The entire block of information appears to be repeated in all of their RFPs. I've pasted it in below. It suggests they get a lot of applications that don't read the RFP carefully. I repeat: there is no story here at all. Projects that have a strong academic, research, conference, or dialogue focus will not be deemed competitive. DRL strongly discourages health, technology, or science- related projects unless they have an explicit component related to the requested program objectives listed above. Projects that focus on commercial law or economic development will be rated as non-competitive. Cost sharing is strongly encouraged, and cost sharing contributions should be outlined in the proposal budget and budget narrative. On Fri, Mar 22, 2013 at 12:33 PM, Yosem Companys compa...@stanford.eduwrote: I assumed the same. It's just an odd caveat in the context of US State Department's public relations drive about innovation. On Fri, Mar 22, 2013 at 7:46 AM, Katy P katyca...@gmail.com wrote: My guess is that since money is already allocated for tech, they wanted to ensure that programs that weren't tech focused had some funds too. (Just a guess). On Fri, Mar 22, 2013 at 7:19 AM, Shava Nerad shav...@gmail.com wrote: Evgeny got to them. ;) More seriously, does anyone have digital divide info - cultural and financial - on Ukraine? Tech is not the solution for all cultures. Beer is the correct solution for some. A thousand cups of tea for others. Maybe State knows something we don't? Like: --- INTERNET Ukraine suffers digital divide - study Tuesday 22 March 2011 | 15:40 CET | News There is still a significant difference in household internet access across Ukraine, according to a study by GfK Ukraine. Internet penetration was just 12 percent in rural areas in Q4 2010, reports BizLigaNet. The figure rises to 25 percent in towns with a population below 50,000 and 38 percent of households in cities with more than 500,000 residents. http://www.telecompaper.com/news/ukraine-suffers-digital-divide-study--793094 yrs, Shava Nerad shav...@gmail.com On Mar 21, 2013 3:04 PM, Yosem Companys compa...@stanford.edu wrote: Fostering Civic Engagement in Ukraine (approximately $500,000 available): DRL’s objective is to support the role of civil society in policy formation and enhancing accountability and responsiveness of government officials in Ukraine. The program will support civil society to foster an inclusive and participatory democratic system of government and hold politicians and public officials more accountable to constituents. In order to foster more unity among civil society efforts, the program should support post-election advocacy on areas of policy formation and implementation such as ongoing efforts related to elections and election law reform; freedom of assembly legislation; and/or reversing legislation restricting the rights of vulnerable or marginalized populations. The program should also examine how well existing laws are implemented and help civil society ensure that citizens can use official institutions and mechanisms to exercise their rights. Program activities could include, but are not limited to: support for activities to encourage debate and advocacy by citizens and civil society organizations, small grants to civil society for monitoring and/or advocacy activities, creating regional civil society partnerships to increase civil society unity on advocacy efforts, or connecting Ukrainian civil society with their counterparts in one or more countries in the region through NGO-to-NGO exchanges and mentoring in order to take advantage of shared post-communist and transition experiences. Successful proposals will demonstrate a strong knowledge of civil society in Ukraine and an established ability to work with regional civil society groups. DRL strongly discourages health, technology, or science- related projects unless they have an explicit component related to the requested program objectives listed above. http://www.state.gov/j/drl/p/206488.htm -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at
[liberationtech] National Security Letters (NSLs) - in case you missed this
https://www.noisebridge.net/pipermail/noisebridge-discuss/2013-March/035200.html Thu Mar 21 09:15:36 UTC 2013 NSLs were still alive and kicking up until a week of so ago, when the EFF's successful ruling was announced. The EFF has let me know that the ruling only stands for 90 days and that there is a possibility the ruling will be rescinded after that upon appeal. So, we are not safe yet. I was in contact with the EFF this month regarding the issue. They referred me to some lawyers, but basically, the advice to me in general has been is that no digital information is protected from snooping unless it is stored in your home and encrypted. But even then, I am told that silent black bag jobs (tampering your home electronic devices) are a possibility if you are labeled a threat to national security. Here is some feedback I can share, since I am a rare person to have realized the snooping was in effect while it was occurring. I also got confirmation of this due to lack of a confidentiality requirement when multiple agents attempted to visit me in person and called me on the phone. They wanted to follow-up after their many months of snooping revealed that I was not in fact a terrorist -- simply a security researcher that had identified vulnerabilities of a North American utility company. After half a year of working with the utility company, they did nothing to protect my own data, so I went online to blow the whistle about the company being breached and all user data (including home addresses and names) being compromised. With this vulnerability, someone could effectively find your home address / phone / name on account no matter where you lived in North America, since you are required to provide this when receiving utility service. To my knowledge, the companies involved have still not gone public with this information. Some things the Secret Service did to snoop on me that you should also be aware of, and some feedback follow: * SS served Google with an NSL to obtain my account information. * Around January, upon logging into the Google account, Google showed a strange NOTICE message asking me to accept the terms of usage of my account. This was odd, because in a decade of being a Google user, I had never seen this. I am told that this is Google's way of telling you without telling you that you have been served an NSL. Google, by law, is not allowed to tell you about the NSL, but they definitely are within their right to ask you to accept their TOS upon login. This is the tell that everyone here should be aware of. If you see this, you are likely being monitored. * My Google account was being operated by someone else, despite utilizing 2-step and very strong passwords. This may have been limited to a Google Chat 0day, unpublished vulnerability, or a Google backdoor. My chat contacts said I was online when I was not online or had messaged them, when I had not. * I received multiple emails from shady individuals asking me to provide / sell 0day. Some were in poor English. I presume this may have been a baiting tactic to get me on some technicality. I did not sell any 0day nor did I accept their request to help them with whatever they were seeking in terms of shady deals. * One of my encrypted Desktop home Linux computers was mysteriously wiped upon my return from a trip. The RAID array was 'corrupted'. * People I know started getting strange calls from random numbers at odd hours. I wonder if this was some attempt to exploit remote listening flaws in some phones, but I am justly paranoid. * Someone opened mail / packages at my physical residence to reveal the contents inside. This was very odd and not something that ever happens. It occurred at least twice to my knowledge. * Local police were posted outside my residence the morning I received numerous calls from SS agents. * SS confirmed over the phone that they monitored my Google account, after I told them I knew they were. At first, they would not tell me they did and denied it. The agent actually said Google should not have told you that. When I asked how many other online accounts they monitored, the agent refused to let me know the details. When asked if they monitored my financial / banking / health records, they said the surveillance was limited to electronic records. I presume this includes my ISP, Google, phone, any accounts signed up via Google (third-party registration / account emails give it away), etc. * I was told that my security research activities are a legal grey area, but that the investigation was being closed. The SS said that the data they have on me is safe and will be destroyed after some expiration period. I vehemently expressed my distrust that it would be held securely or destroyed. For your background, I have been on the other side of such requests, as the person providing data to the Secret Service field agents before. These people don't understand technology and don't understand what they are asking for many
Re: [liberationtech] US State Dept Discourages Using Technology to Promote Democracy, Human Rights, and Citizen Engagement in Ukraine?
DRL strongly discourages health, technology, or science- related projects unless they have an explicit component related to the requested program objectives listed above. I read that as please stop applying for grants that aren't really related to your project, but I could be wrong on the intent. ~Griffin -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] US State Dept Discourages Using Technology to Promote Democracy, Human Rights, and Citizen Engagement in Ukraine?
David, you have indeed pointed it out twice. But it's still inconsistent for the US State Department to carry out a public relations campaign that gives the impression that it's adding a technology component to all its work and then issue RFPs that strongly discourage technology projects from applying unless they have an explicit component related to the requested program objectives. I understand it's standard language. But, presumably, everyone who applies will have the program objective in mind, whether they are tech-oriented or not, so why even bother with the caveat? Also, the language does not disprove Katy's suggestion that the caveat may be there to ensure non-technology projects get support. One way to test whether this is indeed the case is to see whether RFPs issued prior to the public relations campaign lacked that caveat. In any case, I suspect whoever wrote this standard language likely did not put as much thought into crafting the language as we are analyzing it. Best, Yosem On Fri, Mar 22, 2013 at 9:46 AM, David Golumbia dgolum...@gmail.com wrote: I have now twice pointed out that this perception is a misreading of the document. They are simply trying to cut down on the number of inappropriate applications using very standard language. the original cut-and-paste obscured where the phrase appears on the page, but it is still followed by the exact phrase you quoted: unless they have an explicit component related to the requested program objectives listed above. If technology projects have an explicit component related to the program, they are NOT discouraged from applying. There is no story here. There is a lot of other qualifying information in the additional information block. The entire block of information appears to be repeated in all of their RFPs. I've pasted it in below. It suggests they get a lot of applications that don't read the RFP carefully. I repeat: there is no story here at all. Projects that have a strong academic, research, conference, or dialogue focus will not be deemed competitive. DRL strongly discourages health, technology, or science- related projects unless they have an explicit component related to the requested program objectives listed above. Projects that focus on commercial law or economic development will be rated as non-competitive. Cost sharing is strongly encouraged, and cost sharing contributions should be outlined in the proposal budget and budget narrative. On Fri, Mar 22, 2013 at 12:33 PM, Yosem Companys compa...@stanford.edu wrote: I assumed the same. It's just an odd caveat in the context of US State Department's public relations drive about innovation. On Fri, Mar 22, 2013 at 7:46 AM, Katy P katyca...@gmail.com wrote: My guess is that since money is already allocated for tech, they wanted to ensure that programs that weren't tech focused had some funds too. (Just a guess). On Fri, Mar 22, 2013 at 7:19 AM, Shava Nerad shav...@gmail.com wrote: Evgeny got to them. ;) More seriously, does anyone have digital divide info - cultural and financial - on Ukraine? Tech is not the solution for all cultures. Beer is the correct solution for some. A thousand cups of tea for others. Maybe State knows something we don't? Like: --- INTERNET Ukraine suffers digital divide - study Tuesday 22 March 2011 | 15:40 CET | News There is still a significant difference in household internet access across Ukraine, according to a study by GfK Ukraine. Internet penetration was just 12 percent in rural areas in Q4 2010, reports BizLigaNet. The figure rises to 25 percent in towns with a population below 50,000 and 38 percent of households in cities with more than 500,000 residents. http://www.telecompaper.com/news/ukraine-suffers-digital-divide-study--793094 yrs, Shava Nerad shav...@gmail.com On Mar 21, 2013 3:04 PM, Yosem Companys compa...@stanford.edu wrote: Fostering Civic Engagement in Ukraine (approximately $500,000 available): DRL’s objective is to support the role of civil society in policy formation and enhancing accountability and responsiveness of government officials in Ukraine. The program will support civil society to foster an inclusive and participatory democratic system of government and hold politicians and public officials more accountable to constituents. In order to foster more unity among civil society efforts, the program should support post-election advocacy on areas of policy formation and implementation such as ongoing efforts related to elections and election law reform; freedom of assembly legislation; and/or reversing legislation restricting the rights of vulnerable or marginalized populations. The program should also examine how well existing laws are implemented and help civil society ensure that citizens can use official institutions and mechanisms to exercise their rights. Program
Re: [liberationtech] National Security Letters (NSLs) - in case you missed this
For the record, I do not think that the poster of this message is a reliable narrator, and I regret that this is being put about as a noisebridge document. It's present on the Noisebridge webserver merely because it was sent to a public mailing list which is automatically archived. The so-called ToS tell is obviously not a reliable indicator of NSL activity, and most of his evidence is similarly questionable. I do believe that this individual was interviewed by law enforcement as a follow-on to his full-disclosure posts about security weaknesses in US utility company systems, but the rest of the story seems weak. There's a pretty strong cultural tradition at Noisebridge of treating even fairly outlandish claims with a modicum of tongue-in-cheek respect (although like all rules it's observed mostly in the breach, and trolling and mockery rule the day). Please read my posts in that archive thread with that in mind. Yosem, I'm disappointed that you forwarded this to libtech without an editorial caution. -andy On Fri, Mar 22, 2013 at 10:00:19AM -0700, Yosem Companys wrote: https://www.noisebridge.net/pipermail/noisebridge-discuss/2013-March/035200.html Thu Mar 21 09:15:36 UTC 2013 NSLs were still alive and kicking up until a week of so ago, when the EFF's successful ruling was announced. The EFF has let me know that the ruling only stands for 90 days and that there is a possibility the ruling will be rescinded after that upon appeal. So, we are not safe yet. I was in contact with the EFF this month regarding the issue. They referred me to some lawyers, but basically, the advice to me in general has been is that no digital information is protected from snooping unless it is stored in your home and encrypted. But even then, I am told that silent black bag jobs (tampering your home electronic devices) are a possibility if you are labeled a threat to national security. Here is some feedback I can share, since I am a rare person to have realized the snooping was in effect while it was occurring. I also got confirmation of this due to lack of a confidentiality requirement when multiple agents attempted to visit me in person and called me on the phone. They wanted to follow-up after their many months of snooping revealed that I was not in fact a terrorist -- simply a security researcher that had identified vulnerabilities of a North American utility company. After half a year of working with the utility company, they did nothing to protect my own data, so I went online to blow the whistle about the company being breached and all user data (including home addresses and names) being compromised. With this vulnerability, someone could effectively find your home address / phone / name on account no matter where you lived in North America, since you are required to provide this when receiving utility service. To my knowledge, the companies involved have still not gone public with this information. Some things the Secret Service did to snoop on me that you should also be aware of, and some feedback follow: * SS served Google with an NSL to obtain my account information. * Around January, upon logging into the Google account, Google showed a strange NOTICE message asking me to accept the terms of usage of my account. This was odd, because in a decade of being a Google user, I had never seen this. I am told that this is Google's way of telling you without telling you that you have been served an NSL. Google, by law, is not allowed to tell you about the NSL, but they definitely are within their right to ask you to accept their TOS upon login. This is the tell that everyone here should be aware of. If you see this, you are likely being monitored. * My Google account was being operated by someone else, despite utilizing 2-step and very strong passwords. This may have been limited to a Google Chat 0day, unpublished vulnerability, or a Google backdoor. My chat contacts said I was online when I was not online or had messaged them, when I had not. * I received multiple emails from shady individuals asking me to provide / sell 0day. Some were in poor English. I presume this may have been a baiting tactic to get me on some technicality. I did not sell any 0day nor did I accept their request to help them with whatever they were seeking in terms of shady deals. * One of my encrypted Desktop home Linux computers was mysteriously wiped upon my return from a trip. The RAID array was 'corrupted'. * People I know started getting strange calls from random numbers at odd hours. I wonder if this was some attempt to exploit remote listening flaws in some phones, but I am justly paranoid. * Someone opened mail / packages at my physical residence to reveal the contents inside. This was very odd and not something that ever happens. It occurred at least twice to my knowledge. * Local police were posted outside my residence the morning I received numerous
Re: [liberationtech] US State Dept Discourages Using Technology to Promote Democracy, Human Rights, and Citizen Engagement in Ukraine?
I assume you are referring to this March 5 press release? http://www.state.gov/r/pa/prs/ps/2013/03/205666.htm the earliest open RFP on State's website is from Feb 15 and includes the same language, which appears on every other currently-open RFP: http://www.state.gov/j/drl/p/204850.htm I have some experience with both governmental and foundation grantsmaking, and in both cases something between many and a majority of applications completely omit one or more major, explicit requirements clearly stated in the RFP, creating a fair amount of hassle and administrative overhead for the grantsmakers. boilerplate language insisting on the formal requirements is standard for this reason (and still does not drastically reduce the number of inappropriate applications). this does not read to me in any way to actually be discouraging health, science, or technology proposals. On Fri, Mar 22, 2013 at 1:26 PM, Yosem Companys compa...@stanford.eduwrote: David, you have indeed pointed it out twice. But it's still inconsistent for the US State Department to carry out a public relations campaign that gives the impression that it's adding a technology component to all its work and then issue RFPs that strongly discourage technology projects from applying unless they have an explicit component related to the requested program objectives. I understand it's standard language. But, presumably, everyone who applies will have the program objective in mind, whether they are tech-oriented or not, so why even bother with the caveat? Also, the language does not disprove Katy's suggestion that the caveat may be there to ensure non-technology projects get support. One way to test whether this is indeed the case is to see whether RFPs issued prior to the public relations campaign lacked that caveat. In any case, I suspect whoever wrote this standard language likely did not put as much thought into crafting the language as we are analyzing it. Best, Yosem On Fri, Mar 22, 2013 at 9:46 AM, David Golumbia dgolum...@gmail.com wrote: I have now twice pointed out that this perception is a misreading of the document. They are simply trying to cut down on the number of inappropriate applications using very standard language. the original cut-and-paste obscured where the phrase appears on the page, but it is still followed by the exact phrase you quoted: unless they have an explicit component related to the requested program objectives listed above. If technology projects have an explicit component related to the program, they are NOT discouraged from applying. There is no story here. There is a lot of other qualifying information in the additional information block. The entire block of information appears to be repeated in all of their RFPs. I've pasted it in below. It suggests they get a lot of applications that don't read the RFP carefully. I repeat: there is no story here at all. Projects that have a strong academic, research, conference, or dialogue focus will not be deemed competitive. DRL strongly discourages health, technology, or science- related projects unless they have an explicit component related to the requested program objectives listed above. Projects that focus on commercial law or economic development will be rated as non-competitive. Cost sharing is strongly encouraged, and cost sharing contributions should be outlined in the proposal budget and budget narrative. On Fri, Mar 22, 2013 at 12:33 PM, Yosem Companys compa...@stanford.edu wrote: I assumed the same. It's just an odd caveat in the context of US State Department's public relations drive about innovation. On Fri, Mar 22, 2013 at 7:46 AM, Katy P katyca...@gmail.com wrote: My guess is that since money is already allocated for tech, they wanted to ensure that programs that weren't tech focused had some funds too. (Just a guess). On Fri, Mar 22, 2013 at 7:19 AM, Shava Nerad shav...@gmail.com wrote: Evgeny got to them. ;) More seriously, does anyone have digital divide info - cultural and financial - on Ukraine? Tech is not the solution for all cultures. Beer is the correct solution for some. A thousand cups of tea for others. Maybe State knows something we don't? Like: --- INTERNET Ukraine suffers digital divide - study Tuesday 22 March 2011 | 15:40 CET | News There is still a significant difference in household internet access across Ukraine, according to a study by GfK Ukraine. Internet penetration was just 12 percent in rural areas in Q4 2010, reports BizLigaNet. The figure rises to 25 percent in towns with a population below 50,000 and 38 percent of households in cities with more than 500,000 residents. http://www.telecompaper.com/news/ukraine-suffers-digital-divide-study--793094 yrs, Shava Nerad shav...@gmail.com On Mar 21, 2013
Re: [liberationtech] National Security Letters (NSLs) - in case you missed this
Great to hear your perspective, and I'm sorry you're disappointed. But that's why we have discussion lists. Best, Yosem On Fri, Mar 22, 2013 at 10:30 AM, Andy Isaacson a...@hexapodia.org wrote: For the record, I do not think that the poster of this message is a reliable narrator, and I regret that this is being put about as a noisebridge document. It's present on the Noisebridge webserver merely because it was sent to a public mailing list which is automatically archived. The so-called ToS tell is obviously not a reliable indicator of NSL activity, and most of his evidence is similarly questionable. I do believe that this individual was interviewed by law enforcement as a follow-on to his full-disclosure posts about security weaknesses in US utility company systems, but the rest of the story seems weak. There's a pretty strong cultural tradition at Noisebridge of treating even fairly outlandish claims with a modicum of tongue-in-cheek respect (although like all rules it's observed mostly in the breach, and trolling and mockery rule the day). Please read my posts in that archive thread with that in mind. Yosem, I'm disappointed that you forwarded this to libtech without an editorial caution. -andy On Fri, Mar 22, 2013 at 10:00:19AM -0700, Yosem Companys wrote: https://www.noisebridge.net/pipermail/noisebridge-discuss/2013-March/035200.html Thu Mar 21 09:15:36 UTC 2013 NSLs were still alive and kicking up until a week of so ago, when the EFF's successful ruling was announced. The EFF has let me know that the ruling only stands for 90 days and that there is a possibility the ruling will be rescinded after that upon appeal. So, we are not safe yet. I was in contact with the EFF this month regarding the issue. They referred me to some lawyers, but basically, the advice to me in general has been is that no digital information is protected from snooping unless it is stored in your home and encrypted. But even then, I am told that silent black bag jobs (tampering your home electronic devices) are a possibility if you are labeled a threat to national security. Here is some feedback I can share, since I am a rare person to have realized the snooping was in effect while it was occurring. I also got confirmation of this due to lack of a confidentiality requirement when multiple agents attempted to visit me in person and called me on the phone. They wanted to follow-up after their many months of snooping revealed that I was not in fact a terrorist -- simply a security researcher that had identified vulnerabilities of a North American utility company. After half a year of working with the utility company, they did nothing to protect my own data, so I went online to blow the whistle about the company being breached and all user data (including home addresses and names) being compromised. With this vulnerability, someone could effectively find your home address / phone / name on account no matter where you lived in North America, since you are required to provide this when receiving utility service. To my knowledge, the companies involved have still not gone public with this information. Some things the Secret Service did to snoop on me that you should also be aware of, and some feedback follow: * SS served Google with an NSL to obtain my account information. * Around January, upon logging into the Google account, Google showed a strange NOTICE message asking me to accept the terms of usage of my account. This was odd, because in a decade of being a Google user, I had never seen this. I am told that this is Google's way of telling you without telling you that you have been served an NSL. Google, by law, is not allowed to tell you about the NSL, but they definitely are within their right to ask you to accept their TOS upon login. This is the tell that everyone here should be aware of. If you see this, you are likely being monitored. * My Google account was being operated by someone else, despite utilizing 2-step and very strong passwords. This may have been limited to a Google Chat 0day, unpublished vulnerability, or a Google backdoor. My chat contacts said I was online when I was not online or had messaged them, when I had not. * I received multiple emails from shady individuals asking me to provide / sell 0day. Some were in poor English. I presume this may have been a baiting tactic to get me on some technicality. I did not sell any 0day nor did I accept their request to help them with whatever they were seeking in terms of shady deals. * One of my encrypted Desktop home Linux computers was mysteriously wiped upon my return from a trip. The RAID array was 'corrupted'. * People I know started getting strange calls from random numbers at odd hours. I wonder if this was some attempt to exploit remote listening flaws in some phones, but I am justly paranoid. * Someone opened mail / packages at my physical residence to reveal
Re: [liberationtech] National Security Letters (NSLs) - in case you missed this
On Fri, Mar 22, 2013 at 1:30 PM, Andy Isaacson a...@hexapodia.org wrote: The so-called ToS tell is obviously not a reliable indicator of NSL activity, and most of his evidence is similarly questionable. I'm not sure there's any reliable way to determine whether an account is under NSL or other gagged search request. But the idea that your account is (or might be) surveilled is certainly something that can weigh on one's mind. Classic example: my twitter account's direct messages suddenly started having the wrong timestamp on them last May, and the timing seemed suspect for reasons I won't bore the list with. This only appeared on DMs from specific people with specific political ties. The thought crossed my mind that it was under an NSL -- and seemed especially likely given that there are seemingly so many out there. After talking to a good friend with some insight, the chance that it was the case was put somewhere between Possible and Likely. Nowhere near guaranteed, but also not a paranoid fever dream ;-P The bug cleared up after almost a year, but only after submitting an information request to Twitter about it. Their response was that they would tell me if my account data had been requested. Unless they were gagged. Was my account under NSL? It's not something easily determined, but more likely it was simply a pervasive twitter bug. As for the political angle, the majority of my followers are interested in that specific political topic, and coincidence is not unlikely. But it just goes to show you that these situations tend to be very tenuous and have a lot of curious emotions attached to them. It might seem flippant to say, but I honestly wouldn't worry too much about whether an account has been targeted. I prefer to focus on overall security. While metadata *is* data itself, using encryption in email and chat, and opting for services which may be less-easily targeted is better than sitting around worrying about it. Just my $0.02. best, Griffin Boyce -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Microsoft Releases 2012 Law Enforcement Requests Report
On Fri, Mar 22, 2013 at 10:49 AM, Cynthia Wong wo...@hrw.org wrote: Why are RU and CN (most glaringly) absent from the first chart enumerating the number (and type) of requests by country? It's hard to believe those countries' security services have no interest in (non-Skype) Microsoft data. Is MS defining those countries as having no legal standing to request MS data, and therefore any requests from them would be rejected out-of-hand? I actually read it as those countries have made no specific requests and that the missing surveillance is already accounted for in the normal operation of the system, such that no formal requests were necessary. At least, that's how I interpret that statement in light of the Businessweek-Skype article [0], which says, in part: The surveillance feature in TOM-Skype, which has 96 million users in China, scans messages for specific words and phrases. When the program finds a match, it sends a copy of the offending missive to a TOM-Skype server, along with the account’s username, time and date of transmission, and whether the message was sent or received by the user, Knockel’s research shows. Whether that information is then shared with the Chinese government is unknown. Yes, the article's talking about Skype, but if a service as popular as Skype includes such features, it's probably imprudent to assume that other MS services act differently, especially when there's a blatant hole in the data: there's no way Skype, with that feature enabled, could've turned over only 6 conversations, so I'm forced to disbelieve both sets of numbers. I make this statement under the assumption that Businessweek would be competent enough publish only independently-verifiable claims on the first page of such a sensitive article. If Businessweek is a bunch of lunkheads, then I may have to revise my opinions and suspicions. Nick 0: http://www.businessweek.com/articles/2013-03-08/skypes-been-hijacked-in-china-and-microsoft-is-o-dot-k-dot-with-it -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Call for Proposals: International Summit for Community Wireless Networks 2013
Are you passionate about using technology to improve your community? Do you want to help expand access to affordable Internet? Are you an advocate for open technology, ICT4D or community-owned infrastructure? If so, then we invite to you to participate in this year's International Summit for Community Wireless Networks (IS4CWN) http://2013.wirelesssummit.org/. The Summit will take place in Berlin on October 2-4, 2013. IS4CWN is a gathering of technology experts, policy analysts, on-the-ground specialists, and researchers working on state-of-the-art community broadband projects across the globe. Above all, IS4CWN is a community of communities, and the annual summit serves as an opportunity to share ideas and challenges, discuss policy issues, and coordinate research and development efforts. The 2013 Summit theme is community. In the past decade -- which included the founding of Freifunk http://start.freifunk.net/, the birth of the International Summit for Community Wireless Networks, and the genesis of major projects including Commotion https://commotionwireless.net/ and CONFINE http://confine-project.eu/ -- the community wireless movement has expanded substantially in both size and visibility. But where do we go from here? How can we take the movement to the next level in terms of technological advancement, community engagement, and diversity? We encourage our speakers, workshop leaders, and participants to think big this year and help us grow our community of communities. Interested? Head on over to www.WirelessSummit.org http://www.wirelesssummit.org/. Registration is open and forms to submit workshop proposals and request travel funding are available. Early registrants will receive a 50% discount. Potential topics include: using wireless for social justice, rural broadband frameworks, technical developments in mesh networking, spectrum policy, training communities in technical skills, case studies of networks, challenges of corporate monopolies, and much more. This year's Summit is committed to having a diversity of voices and experience, and we're looking to have a lot of new faces in the room. Community networks encompass a whole range of social, political and technical challenges, so technical knowledge is definitely not required. Access to technology and technical knowledge has been historically inequitable and remains so to this day. Recognizing this, the International Summit for Community Wireless Networks aspires to include participants and speakers from a broad range of backgrounds and experiences. We seek and welcome diversity in order to reflect the communities that wireless networks can and should serve, cultivating expertise, creativity, and innovation. Please join us in creating an environment of respect, equity, and accessibility at all levels of Summit involvement. -- Dan Staples Open Technology Institute https://commotionwireless.net -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] skype
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 03/22/2013 05:23 AM, Joseph Lorenzo Hall wrote: On 3/21/13 9:36 PM, Michael Carbone wrote: Anyone looked into the reports that Skype leaks your IP address? Apparently you do not have to interact with the person whose location you are interested in to be able to get their IP address. I think this is (still) the vulnerability Kieth Ross and his team at NYU-Poly found a few years ago... last I talked to him this particular flaw was still exploitable and hadn't been fixed: That is definitely true. Basically, you can get the IP address the account last logged in from. Do a search for 'Skype Resolver' and you'll find a bunch of services that do this. Here's one: http://www.anonware.net/index.php?page=resolver Put in the Skype username. If it fails, try again as it sometimes messes up the first time. Apparently, Microsoft has not fixed this yet. Anthony -BEGIN PGP SIGNATURE- Comment: Need my public key? http://bit.ly/Y91VgY iQIcBAEBCgAGBQJRTK3yAAoJEAKK33RTsEsVxNQP/RnhumLDw4j8+bfRzdvxvZty ypaPyhpbaDEqBK5SYugU4P5XBTNN129nFa2hOagsOg9yCOaj/EoBxKQCo5AiWpHY t6zX0+9MjwBTZnKFuhNnvtC/bHhdDwR2GdQOnkF8hUHYKJVD810QlhKb7SPYN0hd uz16a0bLPoErVRBnI9yBDwsLCyPNeodPD36Sf7ixq+JifYeGLJUaob0WmLd0U/bi tUhpYohbwfC/lN+3HWSdrjkPW+6mtoAGYe67qWBY4Jv+scnLGZB7f26FJDcQHPRP Gh0/IzLyfCYhrXt7stnP3pK6Jbf+5PrWqqmGQQclj8ECkc8nH9hoUqkLHgSXDVIR +8m3FD9c3btAJXOfuL9dnLOZfO32Pe41ZpvQkIC7Suyde0wq+OjEVjluzEcQTETO fsnUaEln/BuQ7ojE/ByMZ5K0P+u7PlN8fRz0ajhMbe4LKXtMmnQffFu96dW5Ejig 1i0ohxQfFLW+Wdsa/tjKvgwl9OkVfPEkZjSxV6YWRTYaek6hkheARQayn2MJ/XVs tguLuGut6OHwHGsMeTTHvsvaPHuy4m4mHqIKWMOBHyaJqfX3WItWJti91SHjOJN4 Zq1TKJFujmNcGIYx4RFtmEFZlXDGl/uJxkfAK5pES7cOoQpnOK3RrpyA/msTvHYw f2LSx8TXSdkgHuwpwHVU =zsvv -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] skype
Anthony Papillion: On 03/22/2013 05:23 AM, Joseph Lorenzo Hall wrote: On 3/21/13 9:36 PM, Michael Carbone wrote: Anyone looked into the reports that Skype leaks your IP address? Apparently you do not have to interact with the person whose location you are interested in to be able to get their IP address. I think this is (still) the vulnerability Kieth Ross and his team at NYU-Poly found a few years ago... last I talked to him this particular flaw was still exploitable and hadn't been fixed: That is definitely true. Basically, you can get the IP address the account last logged in from. Do a search for 'Skype Resolver' and you'll find a bunch of services that do this. Here's one: http://www.anonware.net/index.php?page=resolver Put in the Skype username. If it fails, try again as it sometimes messes up the first time. Apparently, Microsoft has not fixed this yet. Is this the same Script Kiddie Hack that was available for IQC a few years ago? Don't you think that will solve itself? Andreas -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] skype
On 03/22/2013 02:21 PM, Andreas Bader wrote: Anthony Papillion: On 03/22/2013 05:23 AM, Joseph Lorenzo Hall wrote: On 3/21/13 9:36 PM, Michael Carbone wrote: Anyone looked into the reports that Skype leaks your IP address? Apparently you do not have to interact with the person whose location you are interested in to be able to get their IP address. I think this is (still) the vulnerability Kieth Ross and his team at NYU-Poly found a few years ago... last I talked to him this particular flaw was still exploitable and hadn't been fixed: That is definitely true. Basically, you can get the IP address the account last logged in from. Do a search for 'Skype Resolver' and you'll find a bunch of services that do this. Here's one: http://www.anonware.net/index.php?page=resolver Put in the Skype username. If it fails, try again as it sometimes messes up the first time. Apparently, Microsoft has not fixed this yet. Is this the same Script Kiddie Hack that was available for IQC a few years ago? Don't you think that will solve itself? Possibly. I've not read up on the details of it yet. But, regardless, it does show that Skype leaks information that could be used in an attack. How did it solve itself with ICQ? Anthony -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] skype
Anthony Papillion: On 03/22/2013 02:21 PM, Andreas Bader wrote: Anthony Papillion: On 03/22/2013 05:23 AM, Joseph Lorenzo Hall wrote: On 3/21/13 9:36 PM, Michael Carbone wrote: Anyone looked into the reports that Skype leaks your IP address? Apparently you do not have to interact with the person whose location you are interested in to be able to get their IP address. I think this is (still) the vulnerability Kieth Ross and his team at NYU-Poly found a few years ago... last I talked to him this particular flaw was still exploitable and hadn't been fixed: That is definitely true. Basically, you can get the IP address the account last logged in from. Do a search for 'Skype Resolver' and you'll find a bunch of services that do this. Here's one: http://www.anonware.net/index.php?page=resolver Put in the Skype username. If it fails, try again as it sometimes messes up the first time. Apparently, Microsoft has not fixed this yet. Is this the same Script Kiddie Hack that was available for IQC a few years ago? Don't you think that will solve itself? Possibly. I've not read up on the details of it yet. But, regardless, it does show that Skype leaks information that could be used in an attack. How did it solve itself with ICQ? I will say it in an easy way: ICQ realized that they fucked up and fixed it. Don't know how, but they got it. But that happened 3 or 4 years before now. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] skype
On 03/22/2013 02:34 PM, Andreas Bader wrote: Is this the same Script Kiddie Hack that was available for IQC a few years ago? Don't you think that will solve itself? Possibly. I've not read up on the details of it yet. But, regardless, it does show that Skype leaks information that could be used in an attack. How did it solve itself with ICQ? I will say it in an easy way: ICQ realized that they fucked up and fixed it. Don't know how, but they got it. But that happened 3 or 4 years before now. Well, I certainly hope Microsoft realizes they 'fucked up' and follows ICQ's lead. We'll see, I suppose. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] skype
On 3/22/13 3:21 PM, Andreas Bader wrote: Is this the same Script Kiddie Hack that was available for IQC a few years ago? Don't you think that will solve itself? Not familiar with that hack... This one essentially omits a few steps of the Skype client handshake and the IP address is sent to the attacker without any notice to the target Skype user. This is one reason I only keep skype on when I'm using it and then make sure VPN before launching it. best, Joe -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] skype
On 03/22/2013 03:25 PM, Joseph Lorenzo Hall wrote: On 3/22/13 3:21 PM, Andreas Bader wrote: Is this the same Script Kiddie Hack that was available for IQC a few years ago? Don't you think that will solve itself? Not familiar with that hack... This one essentially omits a few steps of the Skype client handshake and the IP address is sent to the attacker without any notice to the target Skype user. This is one reason I only keep skype on when I'm using it and then make sure VPN before launching it. One thing to note is that this 'hack' gives the *last* IP that the user logged in from (which, of course, might be the current IP if the user is currently logged in). The user doesn't have to be logged in for it to work. I just resolved mine and it gave me my IP address but I haven't been logged on in two days. Anthony -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Crypho
Anybody know the people who are doing this? http://www.crypho.com/ It's still in beta, so I'm assuming they are working out bugs prior to releasing the code which they say they will do. See http://www.crypho.com/faq.html Is it Open-Source? Yes! We are reviewing the source code for release. It will be available under an OSI approved license in the near future. *R. Jason Cronk, Esq., CIPP/US* /Privacy Engineering Consultant/, *Enterprivacy Consulting Group* enterprivacy.com * phone: (828) 4RJCESQ * twitter: @privacymaverick.com * blog: http://blog.privacymaverick.com -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Crypho
I had a chance to try out crypho a couple of weeks ago at a demo they put on at noisebridge. I have some concerns about it, namely the delivery of crypto code over javascript without any sort of verification of it's authenticity (via browser plugin, etc.), since this point has already been discussed to death on this list however, I do not wish to re-open that debate. I managed to find a couple of javascript injection attacks in the beta already, though the developer assures me that they are working on fixing all the bugs right now, still the lack of attention to basic web security at such an early stage is concerning. That aside it seems okay, though I have some worries about side channel attacks and the fact that it hasn't been peer reviewed as far as I can tell yet. It does seem like an interesting project though, with some smart people behind it. I am looking forward to seeing the code once they open source it. Cooper Quintin PGP Key ID: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA On 03/22/2013 01:48 PM, R. Jason Cronk wrote: Anybody know the people who are doing this? http://www.crypho.com/ It's still in beta, so I'm assuming they are working out bugs prior to releasing the code which they say they will do. See http://www.crypho.com/faq.html Is it Open-Source? Yes! We are reviewing the source code for release. It will be available under an OSI approved license in the near future. *R. Jason Cronk, Esq., CIPP/US* /Privacy Engineering Consultant/, *Enterprivacy Consulting Group* enterprivacy.com * phone: (828) 4RJCESQ * twitter: @privacymaverick.com * blog: http://blog.privacymaverick.com -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] skype
Anthony Papillion: On 03/22/2013 03:25 PM, Joseph Lorenzo Hall wrote: On 3/22/13 3:21 PM, Andreas Bader wrote: Is this the same Script Kiddie Hack that was available for IQC a few years ago? Don't you think that will solve itself? Not familiar with that hack... This one essentially omits a few steps of the Skype client handshake and the IP address is sent to the attacker without any notice to the target Skype user. This is one reason I only keep skype on when I'm using it and then make sure VPN before launching it. One thing to note is that this 'hack' gives the *last* IP that the user logged in from (which, of course, might be the current IP if the user is currently logged in). The user doesn't have to be logged in for it to work. I just resolved mine and it gave me my IP address but I haven't been logged on in two days. Anthony -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech Here in Europe IPs mostly change every 24h. Some need more time. If you are quick enough the IP change is no problem. Andreas -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Crypho
How is this any different from Cryptocat? NK On Fri, Mar 22, 2013 at 4:59 PM, Cooper Quintin coo...@radicaldesigns.orgwrote: I had a chance to try out crypho a couple of weeks ago at a demo they put on at noisebridge. I have some concerns about it, namely the delivery of crypto code over javascript without any sort of verification of it's authenticity (via browser plugin, etc.), since this point has already been discussed to death on this list however, I do not wish to re-open that debate. I managed to find a couple of javascript injection attacks in the beta already, though the developer assures me that they are working on fixing all the bugs right now, still the lack of attention to basic web security at such an early stage is concerning. That aside it seems okay, though I have some worries about side channel attacks and the fact that it hasn't been peer reviewed as far as I can tell yet. It does seem like an interesting project though, with some smart people behind it. I am looking forward to seeing the code once they open source it. Cooper Quintin PGP Key ID: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA On 03/22/2013 01:48 PM, R. Jason Cronk wrote: Anybody know the people who are doing this? http://www.crypho.com/ It's still in beta, so I'm assuming they are working out bugs prior to releasing the code which they say they will do. See http://www.crypho.com/faq.html Is it Open-Source? Yes! We are reviewing the source code for release. It will be available under an OSI approved license in the near future. *R. Jason Cronk, Esq., CIPP/US* /Privacy Engineering Consultant/, *Enterprivacy Consulting Group* enterprivacy.com * phone: (828) 4RJCESQ * twitter: @privacymaverick.com * blog: http://blog.privacymaverick.com -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Crypho
Crypho is a team collaboration tool, comparable to Basecamp and Yammer. It provides a real-time persistent team chat, collaborative document editing and file sharing. Unlike comparable tools, all data is encrypted before leaving the browser, with encryption keys held only by the team members. It is impossible for anyone without the keys to decrypt your data. collaborative document editing and file sharing. that's how, no? B On Fri, Mar 22, 2013 at 2:03 PM, Nadim Kobeissi na...@nadim.cc wrote: How is this any different from Cryptocat? NK On Fri, Mar 22, 2013 at 4:59 PM, Cooper Quintin coo...@radicaldesigns.org wrote: I had a chance to try out crypho a couple of weeks ago at a demo they put on at noisebridge. I have some concerns about it, namely the delivery of crypto code over javascript without any sort of verification of it's authenticity (via browser plugin, etc.), since this point has already been discussed to death on this list however, I do not wish to re-open that debate. I managed to find a couple of javascript injection attacks in the beta already, though the developer assures me that they are working on fixing all the bugs right now, still the lack of attention to basic web security at such an early stage is concerning. That aside it seems okay, though I have some worries about side channel attacks and the fact that it hasn't been peer reviewed as far as I can tell yet. It does seem like an interesting project though, with some smart people behind it. I am looking forward to seeing the code once they open source it. Cooper Quintin PGP Key ID: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA On 03/22/2013 01:48 PM, R. Jason Cronk wrote: Anybody know the people who are doing this? http://www.crypho.com/ It's still in beta, so I'm assuming they are working out bugs prior to releasing the code which they say they will do. See http://www.crypho.com/faq.html Is it Open-Source? Yes! We are reviewing the source code for release. It will be available under an OSI approved license in the near future. *R. Jason Cronk, Esq., CIPP/US* /Privacy Engineering Consultant/, *Enterprivacy Consulting Group* enterprivacy.com * phone: (828) 4RJCESQ * twitter: @privacymaverick.com * blog: http://blog.privacymaverick.com -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Crypho
Nadim, The only major difference I see (assuming you're asking about the product and not the threats Cooper lays out) is the persistence. It appears you can set up projects and store encrypted data on their servers. This certainly opens you up to other threats but I don't see it serving the same market as CryptoCat, namely it's going after a business audience that just doesn't want Google having all their files/chats/etc in the clear on some server somewhere whereas my take on CryptoCat is that it facilitates secure non-persistent multiparty chat. Oh, and the two factor authentication is interesting for login is interesting. Jason On 3/22/2013 5:03 PM, Nadim Kobeissi wrote: How is this any different from Cryptocat? NK On Fri, Mar 22, 2013 at 4:59 PM, Cooper Quintin coo...@radicaldesigns.org mailto:coo...@radicaldesigns.org wrote: I had a chance to try out crypho a couple of weeks ago at a demo they put on at noisebridge. I have some concerns about it, namely the delivery of crypto code over javascript without any sort of verification of it's authenticity (via browser plugin, etc.), since this point has already been discussed to death on this list however, I do not wish to re-open that debate. I managed to find a couple of javascript injection attacks in the beta already, though the developer assures me that they are working on fixing all the bugs right now, still the lack of attention to basic web security at such an early stage is concerning. That aside it seems okay, though I have some worries about side channel attacks and the fact that it hasn't been peer reviewed as far as I can tell yet. It does seem like an interesting project though, with some smart people behind it. I am looking forward to seeing the code once they open source it. Cooper Quintin PGP Key ID: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA On 03/22/2013 01:48 PM, R. Jason Cronk wrote: Anybody know the people who are doing this? http://www.crypho.com/ It's still in beta, so I'm assuming they are working out bugs prior to releasing the code which they say they will do. See http://www.crypho.com/faq.html Is it Open-Source? Yes! We are reviewing the source code for release. It will be available under an OSI approved license in the near future. *R. Jason Cronk, Esq., CIPP/US* /Privacy Engineering Consultant/, *Enterprivacy Consulting Group* enterprivacy.com http://enterprivacy.com * phone: (828) 4RJCESQ * twitter: @privacymaverick.com http://privacymaverick.com * blog: http://blog.privacymaverick.com -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu mailto:compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu mailto:compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech *R. Jason Cronk, Esq., CIPP/US* /Privacy Engineering Consultant/, *Enterprivacy Consulting Group* enterprivacy.com * phone: (828) 4RJCESQ * twitter: @privacymaverick.com * blog: http://blog.privacymaverick.com -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] skype
On 03/22/2013 04:03 PM, Andreas Bader wrote: Here in Europe IPs mostly change every 24h. Some need more time. If you are quick enough the IP change is no problem. ISP's usually store the IP's they have assigned to customers for a certain period of time. Even if your IP changes, there is an entry in a database somewhere that notes what your IP was. At the very least, knowing your IP denotes what ISP you're on and (depending on how large your ISP is) your locale. I'm not trying to argue with you here. I just think it's a pretty big deal that *anyone* can get your IP. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] US State Dept Discourages Using Technology to Promote Democracy, Human Rights, and Citizen Engagement in Ukraine?
Yes, that's a longer version of my first comment. On Mar 22, 2013 5:29 PM, David Golumbia dgolum...@gmail.com wrote: the whole thing is not a big deal, but i will risk repeating myself: the original comment on this list overlooked the phrase *unless they have an explicit component related to the requested program objectives listed above*, and this is actually a solicitation *for *proposals, not an effort to discourage them. The original discourage comment was just trying to ensure that proposals were area- and program-specific. State has already modified the page to make this clear, perhaps in reaction to comments such as the original one on this list: http://www.state.gov/j/drl/p/206488.htm. It's now clear that there is no intent to discourage applications. On Fri, Mar 22, 2013 at 11:36 AM, Jillian C. York jilliancy...@gmail.comwrote: I just really don't see why this is a big deal. So State's funding priorities for tech stuff aren't about those subjects. So what? -- David Golumbia dgolum...@gmail.com -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Crypho
Nadim, It seems like Cryptocat has a browser plugin, which I though offers more security than just delivering js straight from the server to the browser. I am incorrect in my assumption? The other difference between this and Cryptocat is, as Jason mentioned, the fact that it uses strong authentication, where Cryptocat is more oriented toward anonymity and privacy. For what it's worth, I would prefer to use Cryptocat over Crypho for most of the use cases I am interested in. Cooper Quintin PGP Key ID: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA On 03/22/2013 02:03 PM, Nadim Kobeissi wrote: How is this any different from Cryptocat? NK On Fri, Mar 22, 2013 at 4:59 PM, Cooper Quintin coo...@radicaldesigns.org mailto:coo...@radicaldesigns.org wrote: I had a chance to try out crypho a couple of weeks ago at a demo they put on at noisebridge. I have some concerns about it, namely the delivery of crypto code over javascript without any sort of verification of it's authenticity (via browser plugin, etc.), since this point has already been discussed to death on this list however, I do not wish to re-open that debate. I managed to find a couple of javascript injection attacks in the beta already, though the developer assures me that they are working on fixing all the bugs right now, still the lack of attention to basic web security at such an early stage is concerning. That aside it seems okay, though I have some worries about side channel attacks and the fact that it hasn't been peer reviewed as far as I can tell yet. It does seem like an interesting project though, with some smart people behind it. I am looking forward to seeing the code once they open source it. Cooper Quintin PGP Key ID: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA On 03/22/2013 01:48 PM, R. Jason Cronk wrote: Anybody know the people who are doing this? http://www.crypho.com/ It's still in beta, so I'm assuming they are working out bugs prior to releasing the code which they say they will do. See http://www.crypho.com/faq.html Is it Open-Source? Yes! We are reviewing the source code for release. It will be available under an OSI approved license in the near future. *R. Jason Cronk, Esq., CIPP/US* /Privacy Engineering Consultant/, *Enterprivacy Consulting Group* enterprivacy.com http://enterprivacy.com * phone: (828) 4RJCESQ * twitter: @privacymaverick.com http://privacymaverick.com * blog: http://blog.privacymaverick.com -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu mailto:compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu mailto:compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Disturbing
This is one way to register a complaint: http://capwiz.com/fabbs/home/ Are there others? BTW, what about other social sciences? Just political science?? -- Doug On Mar 21, 2013, at 7:55 AM, Yosem Companys wrote: WASHINGTON, March 20, 2013 /PRNewswire-USNewswire/ -- The following is being released by the American Political Science Association: (Logo: http://photos.prnewswire.com/prnh/20120604/DC18511LOGO-b ) This afternoon, the United States Senate delivered a devastating blow to the integrity of the scientific process at the National Science Foundation (NSF) by voting for the Coburn Amendment to the Continuing Appropriations Act of 2013. Senator Coburn (R-OK) submitted an amendment (SA 65, as modified) to the Mikulski-Shelby Amendment (SA 26) to H.R. 933 (Full-Year Continuing Appropriations Act of 2013). The amendment places unprecedented restriction on the national research agenda by declaring the political science study of democracy and public policy out of bounds. The amendment allows only political science research that promotes national security or the economic interests of the United States. Adoption of this amendment is a gross intrusion into the widely-respected, independent scholarly agenda setting process at NSF that has supported our world-class national science enterprise for over sixty years. The amendment creates an exceptionally dangerous slippery slope. While political science research is most immediately affected, at risk is any and all research in any and all disciplines funded by the NSF. The amendment makes all scientific research vulnerable to the whims of political pressure. Adoption of this amendment demonstrates a serious misunderstanding of the breadth and importance of political science research for the national interest and its integral place on the nation's interdisciplinary scientific research agenda. Singling out any one field of science is short-sighted and misguided, and poses a serious threat to the independence and integrity of the National Science Foundation. And shackling political science within the national science agenda is a remarkable embarrassment for the world's exemplary democracy. For the latest in political science research in the news, follow us on Facebook and Twitter. About the American Political Science Association Founded in 1903, the American Political Science Association is the leading professional organization for the study of political science and serves more than 15,000 members in over 80 countries. With a range of programs and services for individuals, departments and institutions, APSA brings together political scientists from all fields of inquiry, regions, and occupational endeavors within and outside academe in order to expand awareness and understanding of politics. SOURCE American Political Science Association RELATED LINKS http://www.apsanet.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech Douglas Schuler doug...@publicsphereproject.org -- Public Sphere Project http://www.publicsphereproject.org/ Liberating Voices! A Pattern Language for Communication Revolution (project) http://www.publicsphereproject.org/patterns/lv Liberating Voices! A Pattern Language for Communication Revolution (book) http://mitpress.mit.edu/catalog/item/default.asp?ttype=2tid=11601 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Privacy, data protection questions
On Fri, Mar 22, 2013 at 09:58:17AM -0500, Andrew Haeg wrote: We're in the late prototype phase for Groundsourcehttp://groundsourcing.com, a mobile data collection and engagement platform -- designed for journalists, researchers, NGO's and others to use to gather first-hand knowledge. We've used the prototype to validate the need for the platform, and now privacy data protection have moved front and center as we ramp up for a beta phase later this spring/summer. We've had some early discussions with the Tor Project about protecting journalists using the platform in countries with repressive regimes (down the road). We're also looking into using Wickr for encrypting communications. In the short term, we need advisors who can help guide our decisions around privacy and personal data collection protection. Ok. Here's some advice. You're not going to like it. ;-) Sorry. But better now than later, when lives are on the line. I'd like to ask you to open a web browser and use your favorite search engine to search for: mobile malware epidemic smartphone malware android malware windows phone malware and similar. Then I'd like you to explain how you propose to keep all those mobile phones secure in the face of routine malware, let alone targeted and custom malware crafted by hostile governments who would very much like all those journalists and researchers and NGOs you mentioned to STFU because they're saying and reporting and doing things those governments find...disturbing. Forget all the other security and privacy issues for a moment (some of which I touched on in a previous list message [1]): how, EXACTLY, do you propose to keep those phones from being infested just like a gazillion other phones already are or will be real soon now? Because once those endpoints are compromised, all the crafty routing and anonymization and encryption layers you could possibly put in place aren't going to matter very much. And those endpoints WILL be compromised (probably much sooner than you think) because they're going to be in the hands of journalists and researchers and NGOs, *not* in the hands of paranoid clueful paranoid diligent (did I mention paranoid?) geeks. Oh, sure, someone sufficiently knowledgeable, cautious, etc. can probably keep *one* phone secure. Just like someone with those qualities might be able to keep a single Windows system secure. There are people on this list who are capable of both of those things. But dozens? Hundreds? Thousands? Being carried around all over the place by their owners? There's not a chance in hell. None. This is not a solved problem in computing. Nor is there even a hint of a twitch of a notion of a suggestion of a whisper that it will be solved anytime soon. It's not even solved for people who've stacked the deck in their favor (e.g., those who have the luxury of centralized control) let alone for those who are allowing end users to connect their own. And most of them aren't painting big targets on their chests, they're just caught up in the general crossfire...unlike *your* users, who are self-nominating to be on the business end of some very serious attention from some very determined, clueful and nasty people -- people who probably *already* have been working on building or buying custom malware for phones because of course that's what any prudent adversary with sufficient resources would be doing just about now. Yeah, okay, so I'm making the point at your expense, and I don't really mean to do that, so I'll make it in the more general case: look, people, unless you can produce a plan -- and more than that, a plan that's been proven in the field to work -- for keeping, let's say, a population of, oh, a thousand independent scattered phones free of malware, then you CAN'T deploy your whizbang singing dancing smartphone app because it's going to be promptly undermined. Any government worthy of the term oppressive is going to 0wn each and every phone of interest and is going to install trackers, spyware, keystroke loggers, and whatever else occurs to them, and you're not going to stop them. At best, you might figure out that this is happening after-the-fact and remediate some of them...until they go back out in the field and get infested again. Lather, rinse, repeat. Not to put too fine a point on it (but I suppose I will anyway): If someone else can run arbitrary code on your computer, it's not YOUR computer any more. [2] The phone may be in a journalist's hand or it may be in a researcher's pocket, but it's not theirs. *Not any more*. Which means that your liberation app, the one that you designed and developed and sweated over, the one that your user is trusting to send and receive sensitive information, the one that's connecting to a backend through umpteen layers of encryption and obfuscation and misdirection and whatever...is now running on the
Re: [liberationtech] Privacy, data protection questions
Nose to the grindstone Andrew. Use Rich's email to remind you this is hard, but its still worth doing. Also remember you aren't going to solve these problems, but you may make it easier for people who want to act. Lastly, if Rich is really getting you down, click this link: http://2.bp.blogspot.com/-w7WBItj9rgA/UCv2vNYVuhI/AW0/U1yNrdmndV8/s1600/haters_gonna_hate3.jpg That said, do speak to Nathan Freitas, Harlo Holmes, Hans Christoph-Steiner and others at the Guardian Project, and Bryan Nunez, et al at Witness about Informacam, IOCipher, and other steps they're taking to solve some of these problems. Don't just innovate, collaborate. I'd also like to talk to you about our work on StoryMaker an app to allow individuals to produce compelling stories and publish them via Tor among other features. cheers Brian On Fri, Mar 22, 2013 at 3:50 PM, Rich Kulawiec r...@gsp.org wrote: On Fri, Mar 22, 2013 at 09:58:17AM -0500, Andrew Haeg wrote: We're in the late prototype phase for Groundsource http://groundsourcing.com, a mobile data collection and engagement platform -- designed for journalists, researchers, NGO's and others to use to gather first-hand knowledge. We've used the prototype to validate the need for the platform, and now privacy data protection have moved front and center as we ramp up for a beta phase later this spring/summer. We've had some early discussions with the Tor Project about protecting journalists using the platform in countries with repressive regimes (down the road). We're also looking into using Wickr for encrypting communications. In the short term, we need advisors who can help guide our decisions around privacy and personal data collection protection. Ok. Here's some advice. You're not going to like it. ;-) Sorry. But better now than later, when lives are on the line. I'd like to ask you to open a web browser and use your favorite search engine to search for: mobile malware epidemic smartphone malware android malware windows phone malware and similar. Then I'd like you to explain how you propose to keep all those mobile phones secure in the face of routine malware, let alone targeted and custom malware crafted by hostile governments who would very much like all those journalists and researchers and NGOs you mentioned to STFU because they're saying and reporting and doing things those governments find...disturbing. Forget all the other security and privacy issues for a moment (some of which I touched on in a previous list message [1]): how, EXACTLY, do you propose to keep those phones from being infested just like a gazillion other phones already are or will be real soon now? Because once those endpoints are compromised, all the crafty routing and anonymization and encryption layers you could possibly put in place aren't going to matter very much. And those endpoints WILL be compromised (probably much sooner than you think) because they're going to be in the hands of journalists and researchers and NGOs, *not* in the hands of paranoid clueful paranoid diligent (did I mention paranoid?) geeks. Oh, sure, someone sufficiently knowledgeable, cautious, etc. can probably keep *one* phone secure. Just like someone with those qualities might be able to keep a single Windows system secure. There are people on this list who are capable of both of those things. But dozens? Hundreds? Thousands? Being carried around all over the place by their owners? There's not a chance in hell. None. This is not a solved problem in computing. Nor is there even a hint of a twitch of a notion of a suggestion of a whisper that it will be solved anytime soon. It's not even solved for people who've stacked the deck in their favor (e.g., those who have the luxury of centralized control) let alone for those who are allowing end users to connect their own. And most of them aren't painting big targets on their chests, they're just caught up in the general crossfire...unlike *your* users, who are self-nominating to be on the business end of some very serious attention from some very determined, clueful and nasty people -- people who probably *already* have been working on building or buying custom malware for phones because of course that's what any prudent adversary with sufficient resources would be doing just about now. Yeah, okay, so I'm making the point at your expense, and I don't really mean to do that, so I'll make it in the more general case: look, people, unless you can produce a plan -- and more than that, a plan that's been proven in the field to work -- for keeping, let's say, a population of, oh, a thousand independent scattered phones free of malware, then you CAN'T deploy your whizbang singing dancing smartphone app because it's going to be promptly undermined. Any government worthy of the term oppressive is going to 0wn
[liberationtech] Fwd: USAID/Humanity United Tech Challenge for Atrocity Prevention
-- Forwarded message -- From: Mia Newman newman@gmail.com Date: Tue, Mar 19, 2013 at 7:15 AM Subject: USAID/Humanity United Tech Challenge for Atrocity Prevention To: Sam King samk...@cs.stanford.edu Hi Sam, Not sure if you remember me, but we talked when I was president of Stanford STAND for the past few years, and I also remember seeing you around at LibTech seminars. I'm now working on a Gardner fellowship from the Haas Center for the year at a foundation called Humanity United, which works on anti-genocide and anti-human trafficking around the world. One of the projects I've been working on is called the Tech Challenge for Atrocity Prevention http://www.thetechchallenge.org. The Tech Challenge is a prize-based challenge that hopes to spark new interdisciplinary partnerships and new thinking on the application of technological solutions to daunting problems in conflict situations. It seems like something totally up your alley, especially because of your work with Code the Change. I really hope you're interested in participating, but even if not please feel free to forward widely - we're hoping to spread the word as much as possible, especially outside the traditional human rights community. To let you know where we are now: our second and final round formally launched in early March. Three challenges are now open, soliciting excellent proposals to compete for prizes of up to $10,000. The open challenges are: - The MODEL http://www.thetechchallenge.org/#!model Challenge: to model conflict situations to determine community-level risk of violence (TopCoder) - *Geared toward technical coders and data modelers interested in applying their skills to conflict datasets. The challenge is composed of two stages: first to discover data and then to model it. * - The COMMUNICATE http://www.thetechchallenge.org/#!communicateChallenge: to facilitate on-the-ground communication among communities affected by conflict (Innocentive) - *Ideal for a wide audience with varying backgrounds to apply their experience and creativity to overcome the challenge of secure two-way communication.* - The ALERT http://www.thetechchallenge.org/#!alert Challenge: to develop improved methods of gathering and verifying information from hard-to-access conflict areas (OpenIDEO) - *This platform was specifically selected to channel empathy, ideation, and analysis to help communities in conflict inform the wider world about their situation. With its multi-stage process, a new part of the challenge is opening every few weeks, and we encourage you to continue to revisit the site. * It would be great if you could pass along this email to anyone you think might be interested in participating! Feel free to contact me with questions or comments, and you can also check our FAQhttp://www.thetechchallenge.org/faqs/Tech_Challenge_for_Atrocity_Prevention_-_FAQ.pdffor more information. Thanks, and hope you're doing well! Mia -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] US State Dept Discourages Using Technology to Promote Democracy, Human Rights, and Citizen Engagement in Ukraine?
I think that means they discourage them *for applying for those grants*. Which is meh, but not really a big deal. On Thu, Mar 21, 2013 at 8:04 PM, Yosem Companys compa...@stanford.eduwrote: Fostering Civic Engagement in Ukraine (approximately $500,000 available): DRL’s objective is to support the role of civil society in policy formation and enhancing accountability and responsiveness of government officials in Ukraine. The program will support civil society to foster an inclusive and participatory democratic system of government and hold politicians and public officials more accountable to constituents. In order to foster more unity among civil society efforts, the program should support post-election advocacy on areas of policy formation and implementation such as ongoing efforts related to elections and election law reform; freedom of assembly legislation; and/or reversing legislation restricting the rights of vulnerable or marginalized populations. The program should also examine how well existing laws are implemented and help civil society ensure that citizens can use official institutions and mechanisms to exercise their rights. Program activities could include, but are not limited to: support for activities to encourage debate and advocacy by citizens and civil society organizations, small grants to civil society for monitoring and/or advocacy activities, creating regional civil society partnerships to increase civil society unity on advocacy efforts, or connecting Ukrainian civil society with their counterparts in one or more countries in the region through NGO-to-NGO exchanges and mentoring in order to take advantage of shared post-communist and transition experiences. Successful proposals will demonstrate a strong knowledge of civil society in Ukraine and an established ability to work with regional civil society groups. DRL strongly discourages health, technology, or science- related projects unless they have an explicit component related to the requested program objectives listed above. http://www.state.gov/j/drl/p/206488.htm -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- US: +1-857-891-4244 | NL: +31-657086088 site: jilliancyork.com http://jilliancyork.com/* | * twitter: @jilliancyork* * We must not be afraid of dreaming the seemingly impossible if we want the seemingly impossible to become a reality - *Vaclav Havel* -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Online Certificate Course in Organizing and OpenGov (April 15 - May 10)
Hi LiberationTech Folks! My colleagues and I at TechChange have decided to offer another round of our online certificate course on *Digital Organizing and Open Government* (course description included below). The course will run from April 15th - May 10th. We've got an amazing line-up of guest experts but are looking for a few more. If you're interested in speaking in the class or sharing case studies from your work then let us know. We're also looking to fill a few more seats so feel free to circulate to your colleagues. Here's a one-minute animation about the course: http://vimeo.com/6575 For those that are less familiar with TechChange http://techchange.org/ we offer online certificate courses on our dedicated platform using a number of techniques including social learning, game mechanics, animation, interactive simulations, and more. We're also looking to do a lot more work in animation so if anyone is interested in having their message or content animated then let us know. Cheers, Nick *** *TC104: Digital Organizing and Open Government (April 15th - May 10th)* http://techchange.org/online-courses/global-innovations-for-digital-organizing/ Technological innovation is transforming civil society organization and creating new opportunities for government accountability. This four-week online professional development certificate course will evaluate case studies where new technologies have been used for activism and what factors and contexts are most influential on outcomes. It will also provide participants with strategies for maximizing the impact of new media and train them in the effective use of analysis and message management tools. *Speakers:* - Kaushal Jhalla, World Bank - Linda Raftree, Plan International, USA - Barak Hoffman, Georgetown University *Topics Tech:* - Communicating Online: Social Media Analytics and Outreach - Simple Tools for Big Data: Sunlight Labs and Accountable Congress - Building an Engaged Public: CrowdHall and Online Discussions - Open Government Partnerships and Local Connections: How to Open Your Government *Cost:* Full course cost: $445 Register before March 26th: $395 Use liberationtech as a discount code: $345 *Apply now: * http://techchange.org/online-courses/global-innovations-for-digital-organizing/ -- Nicholas Carl Martin President TechChange web: http://techchange.org twitter: @ncmart (240)-505-2324 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Please Vote on Reply to Question
Reply to all. On Thu, Mar 21, 2013 at 8:38 PM, Enrique Piraces pira...@hrw.org wrote: Reply to all. Best, Enrique Piracés Human Rights Watch https://www.hrw.org https://www.twitter.com/epiraces On Mar 20, 2013, at 9:17 PM, Yosem Companys wrote: Dear Liberationtech list subscribers, Several of you have petitioned to change Liberationtech mailing list's default reply to option from reply-to-all to reply-to-poster. Given the debate (see links below), we have decided to put the issue up for a vote: - Do you want replies to Liberationtech list messages directed to reply-to-all or reply-to-poster? Please vote by submitting your preference to me by 11.59 pm PST on Sunday, March 24, 2013. Any votes received after this date and time will not be counted. Thanks, Yosem One of your moderators PS To read a summary of the advantages and disadvantages of reply-to-all, click on the corresponding links below: - Reply-to-all considered useful: http://marc.merlins.org/netrants/reply-to-useful.html - Reply-to-all considered harmful: http://www.unicom.com/pw/reply-to-harmful.html If you'd like to read the entire debate on the Liberationtech list, please click on the links below: http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03767.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03768.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03769.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03771.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03772.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03773.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03774.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03775.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03776.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03777.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03778.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03779.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03780.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03781.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03782.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03783.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03788.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03789.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03790.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03791.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03799.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03801.html -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- *Katherine R. Maher* katherine.ma...@gmail.com @krmaher https://www.twitter.com/krmaher US: +1 203 858 7316 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Please Vote on Reply to Question
Reply to all. On Fri, Mar 22, 2013 at 9:55 AM, Katherine Maher katherine.ma...@gmail.comwrote: Reply to all. On Thu, Mar 21, 2013 at 8:38 PM, Enrique Piraces pira...@hrw.org wrote: Reply to all. Best, Enrique Piracés Human Rights Watch https://www.hrw.org https://www.twitter.com/epiraces On Mar 20, 2013, at 9:17 PM, Yosem Companys wrote: Dear Liberationtech list subscribers, Several of you have petitioned to change Liberationtech mailing list's default reply to option from reply-to-all to reply-to-poster. Given the debate (see links below), we have decided to put the issue up for a vote: - Do you want replies to Liberationtech list messages directed to reply-to-all or reply-to-poster? Please vote by submitting your preference to me by 11.59 pm PST on Sunday, March 24, 2013. Any votes received after this date and time will not be counted. Thanks, Yosem One of your moderators PS To read a summary of the advantages and disadvantages of reply-to-all, click on the corresponding links below: - Reply-to-all considered useful: http://marc.merlins.org/netrants/reply-to-useful.html - Reply-to-all considered harmful: http://www.unicom.com/pw/reply-to-harmful.html If you'd like to read the entire debate on the Liberationtech list, please click on the links below: http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03767.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03768.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03769.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03771.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03772.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03773.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03774.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03775.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03776.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03777.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03778.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03779.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03780.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03781.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03782.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03783.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03788.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03789.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03790.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03791.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03799.html http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg03801.html -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- *Katherine R. Maher* katherine.ma...@gmail.com @krmaher https://www.twitter.com/krmaher US: +1 203 858 7316 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Lina Srivastava -- linasrivastava.com | twitter http://twitter.com/lksriv | linkedinhttp://www.linkedin.com/in/linasrivastava -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] US State Dept Discourages Using Technology to Promote Democracy, Human Rights, and Citizen Engagement in Ukraine?
Evgeny got to them. ;) More seriously, does anyone have digital divide info - cultural and financial - on Ukraine? Tech is not the solution for all cultures. Beer is the correct solution for some. A thousand cups of tea for others. Maybe State knows something we don't? Like: --- INTERNET Ukraine suffers digital divide - study Tuesday 22 March 2011 | 15:40 CET | News There is still a significant difference in household internet access across Ukraine, according to a study by GfK Ukraine. Internet penetration was just 12 percent in rural areas in Q4 2010, reports BizLigaNet. The figure rises to 25 percent in towns with a population below 50,000 and 38 percent of households in cities with more than 500,000 residents. http://www.telecompaper.com/news/ukraine-suffers-digital-divide-study--793094 yrs, Shava Nerad shav...@gmail.com On Mar 21, 2013 3:04 PM, Yosem Companys compa...@stanford.edu wrote: Fostering Civic Engagement in Ukraine (approximately $500,000 available): DRL’s objective is to support the role of civil society in policy formation and enhancing accountability and responsiveness of government officials in Ukraine. The program will support civil society to foster an inclusive and participatory democratic system of government and hold politicians and public officials more accountable to constituents. In order to foster more unity among civil society efforts, the program should support post-election advocacy on areas of policy formation and implementation such as ongoing efforts related to elections and election law reform; freedom of assembly legislation; and/or reversing legislation restricting the rights of vulnerable or marginalized populations. The program should also examine how well existing laws are implemented and help civil society ensure that citizens can use official institutions and mechanisms to exercise their rights. Program activities could include, but are not limited to: support for activities to encourage debate and advocacy by citizens and civil society organizations, small grants to civil society for monitoring and/or advocacy activities, creating regional civil society partnerships to increase civil society unity on advocacy efforts, or connecting Ukrainian civil society with their counterparts in one or more countries in the region through NGO-to-NGO exchanges and mentoring in order to take advantage of shared post-communist and transition experiences. Successful proposals will demonstrate a strong knowledge of civil society in Ukraine and an established ability to work with regional civil society groups. DRL strongly discourages health, technology, or science- related projects unless they have an explicit component related to the requested program objectives listed above. http://www.state.gov/j/drl/p/206488.htm -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
