[liberationtech] Free cryptography I course (courtesy Coursera)
https://www.coursera.org/course/crypto?utm_classid=971022utm_notid=5333944utm_linknum=1 Cryptography I Dan Boneh Learn about the inner workings of cryptographic primitives and how to apply this knowledge in real-world applications! Workload: 5-7 hours/week Watch intro video Sessions: Jun 17th 2013 (6 weeks long)Sign Up Mar 25th 2013 (6 weeks long)Sign Up Future sessions Add to Watchlist About the Course Cryptography is an indispensable tool for protecting information in computer systems. This course explains the inner workings of cryptographic primitives and how to correctly use them. Students will learn how to reason about the security of cryptographic constructions and how to apply this knowledge to real-world applications. The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. We will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two or more parties generate a shared secret key. We will cover the relevant number theory and discuss public-key encryption and basic key-exchange. Throughout the course students will be exposed to many exciting open problems in the field. The course will include written homeworks and programming labs. The course is self-contained, however it will be helpful to have a basic understanding of discrete probability theory. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Oakland Cryptoparty This Sunday at 1pm
On Fri, Jun 14, 2013 at 12:11:34AM -0700, William Gillis wrote: Now that everyone knows about the NSA isn't it time you tackled setting up PGP? If it's not transparent, Johny User will eventually drop it. Before you do that, rather enable StartTLS on your mail transport agent (e.g. postfix). And then install email encryption gateways http://www.postfix.org/addon.html#security-gateway https://code.google.com/p/gpg-mailgate/ After you have done that, you can turn to PGP/SMIME for end user MUAs. Are you or friends you know looking to adopt bread and butter encryption tools online and on your phone? Could you use folks to show the way, lend a hand, answer questions, or offer explanations? Drop by Sudoroom (2141 Broadway, Oakland CA) between 1pm and 4:30pm this Sunday the 16th! The NSA leaks provide most folks with a rare impetus to slog though installing and getting up to speed on the basics. If you can merely handle showing random people off the street one-on-one how to download textsecure from google's appstore, you're golden, we want you to come hang with us and potentially save people's lives, certainly their privacy. Think impromptu demonstrations, one-on-one help and informal presentations. https://sudoroom.org/ai1ec_event/digital-security-workshop/?instance_id -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] U.S. Agencies Said to Swap Data With Thousands of Firms
http://www.bloomberg.com/news/2013-06-14/u-s-agencies-said-to-swap-data-with-thousands-of-firms.html U.S. Agencies Said to Swap Data With Thousands of Firms By Michael Riley - Jun 14, 2013 4:44 AM GMT+0200 Thousands of technology, finance and manufacturing companies are working closely with U.S. national security agencies, providing sensitive information and in return receiving benefits that include access to classified intelligence, four people familiar with the process said. These programs, whose participants are known as trusted partners, extend far beyond what was revealed by Edward Snowden, a computer technician who did work for the National Security Agency. The role of private companies has come under intense scrutiny since his disclosure this month that the NSA is collecting millions of U.S. residents’ telephone records and the computer communications of foreigners from Google Inc (GOOG). and other Internet companies under court order. Microsoft Corp., the world’s largest software company, provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix, according to two people familiar with the process. Photographer: Scott Eells/Bloomberg June 14 (Bloomberg) -- Ronny Tong, a member of the Hong Kong Legislative Council and a practicing barrister, talks about Edward Snowden, the former national security contractor who has admitted leaked details of a U.S. electronic surveillance program. He speaks with Rishaad Salamat on Bloomberg Television's On the Move. (Source: Bloomberg) In addition to private communications, information about equipment specifications and data needed for the Internet to work -- much of which isn’t subject to oversight because it doesn’t involve private communications -- is valuable to intelligence, U.S. law-enforcement officials and the military. Photographer: Jacob Kepler/Bloomberg Larry Page, chief executive officer of Google Inc., said in a blog posting June 7 that he hadn’t heard of a program called Prism until after Edward Snowden’s disclosures and that the company didn’t allow the U.S. government direct access to its servers or some back-door to its data centers. Photographer: Robert Galbraith/Pool via Bloomberg Many of these same Internet and telecommunications companies voluntarily provide U.S. intelligence organizations with additional data, such as equipment specifications, that don’t involve private communications of their customers, the four people said. Makers of hardware and software, banks, Internet security providers, satellite telecommunications companies and many other companies also participate in the government programs. In some cases, the information gathered may be used not just to defend the nation but to help infiltrate computers of its adversaries. Along with the NSA, the Central Intelligence Agency (0112917D), the Federal Bureau of Investigation and branches of the U.S. military have agreements with such companies to gather data that might seem innocuous but could be highly useful in the hands of U.S. intelligence or cyber warfare units, according to the people, who have either worked for the government or are in companies that have these accords. Microsoft Bugs Microsoft Corp. (MSFT), the world’s largest software company, provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix, according to two people familiar with the process. That information can be used to protect government computers and to access the computers of terrorists or military foes. Redmond, Washington-based Microsoft (MSFT) and other software or Internet security companies have been aware that this type of early alert allowed the U.S. to exploit vulnerabilities in software sold to foreign governments, according to two U.S. officials. Microsoft doesn’t ask and can’t be told how the government uses such tip-offs, said the officials, who asked not to be identified because the matter is confidential. Frank Shaw, a spokesman for Microsoft, said those releases occur in cooperation with multiple agencies and are designed to be give government “an early start” on risk assessment and mitigation. Willing Cooperation Some U.S. telecommunications companies willingly provide intelligence agencies with access to facilities and data offshore that would require a judge’s order if it were done in the U.S., one of the four people said. In these cases, no oversight is necessary under the Foreign Intelligence Surveillance Act, and companies are providing the information voluntarily. The extensive cooperation between commercial companies and intelligence agencies is legal and reaches deeply into many aspects of everyday life, though little of it is scrutinized by more than a small number of lawyers, company leaders and spies. Company executives are motivated by a desire to help the national defense as well as to help their own companies, said the people, who are familiar
Re: [liberationtech] Schrodinger’s Catnip: Questions Answers on NSA Data Collection
Very nice analysis, thanks. My supposition is that the next stage of this saga, is the NSA could stop collecting the data from the phone companies, but mandate that the phone companies retain the data indefinitely. Already in many countries and quite possibly the US also against peoples expectations, the phone companies keep pen-register and location data for decades. The only thing they give up is hiding from the phone company what searches they are executing. However even that risk is rather small - they can require security clearance equivalent to the employee or sub-contractor that the NSA/CIA itself would use. The next objection might be that they do not control the computing environment, however that is also likely overcomeable. Eg we know from previous leaks NSA has fibre tap rooms were collocated next to telco office space. Surely its also easily overcomeable, the NSA can specify the environment, have the company paid, but NSA equivalent security cleared contractor install it to NSA specification. Basically a of the security apparatus is apparently sub-contracted, so whether the telcos, ISPs and service providers pay for the equipment, power and space and whether the telcos pay for the NSA equivalent security-cleared sub-contractors (and are re-imbursed by NSA) or the contractors are paid for by government direct is a rather small distinction. Technology is fortunately (and unfortunately) immensely flexible for working around any arbitrary restrictions. Maybe NSA can lease the space its currently using back to the telcos and transfer the sub-contractor operating it to the respective telcos. Or a shared telco consortium. So it seems to me a few leases and contracts could be signed and they can continue business as usual because then its the telcos retaining the data. Now in europe we have the data protection act which says that companies can not retain information without a legitimate business need (amongst other things). However even here telcos are reportedly retaining pen-register and location indefinitely. This is even required under the data retention directive, which is about retaining records for 6months to 2 years to make it easier for law enforcement to obtain records by subpoena. So because of this I suspect its not going to improve even with a successful US constitutional challenge - they can seemingly do the same thing, just contract out the datbase to the telcos and ISPs. As Mark Rasch noted the objectionable thing is the general warrant to get all records handed over to the government. However the precursor to that is the telco and ISP retaining that information in the first place. At least in europe apparently they are legally required to retain it, specifically to make law enforcement easier. That itself seems like some kind of warrant precursor, or pre-emptive wiretap of everyone. Wiretap everyone (or pen-register record everyone) and give the government information on presentation of a warrant. A question for Mark Rasch therefore is whether it would remain unconstitutional if the NSA required the telcos and ISPs to store the data in a searchable form. If not its game over, and the difference is probably technical - worth arguing about, but of limited practical consequence. Unfortunately I think the only solution is forward-secret end2end and opportunistic encryption, and LOTs of it. Maybe even whole countries mandating their ISPs VPN protect their peering traffic. Maybe further digial mixes because we are also seeing the freedom of association attacked. And freedom of speech. There are probably other undisclosed uses of this data by the US governmen that people would be even more alarmed about. For example I am not sure about Main Core, a list of reportedly 8 million americans who might be pre-emptively incarcerated in event of some future nationnal security emergency. You could well imagine they would feed main core with information gleened from PRISM and pen-register searches. Cloud service like gmail, hotmail, facebook, dropbox, twitter etc are another problem. They log and collate associations, in social graphs. They retain cleartext. Some things can be protected while still leveraging cloud - eg you can encrypt data for storage by a cloud provider, and still share the data with other users. Mega did it the with their second offering, there are a number of more secure cloud offerings that do it. Open source is key. You need to be able to look at the code, and verify that it is the code being run, which typically is going to mean running the code on your own hardware. Even if you cant read code, the availabilit helps as other people will read it and speak up if anything careless or malicious is found. Finally the other frontier is hardware tampering and software backdoors. The US is worried about chinese tech companies putting hardware or firmware backdoors in the equipment, and Chinese companies manufacture much of it. You know
[liberationtech] Is the Wall Street Journal intentionally confusing the NSA surveillance issue?
There's an article published Yesterday in the WSJ entitled Foreign Stakes Shield Two Phone Firms from Sweep. It's currently paywalled, but here's the link: http://online.wsj.com/article/SB10001424127887324049504578543800240266368.html Here's the important bit: The National Security Agency's controversial data program, which seeks to stockpile records on all calls made in the U.S., doesn't collect information directly from T-Mobile USA and Verizon Wireless, in part because of their foreign ownership ties, people familiar with the matter said. The blind spot for U.S. intelligence is relatively small, according to a U.S. official. Officials believe they can still capture information, or metadata, on 99% of U.S. phone traffic because nearly all calls eventually travel over networks owned by U.S. companies that work with the NSA. The title of this article is misleading. This article does not say the NSA does not have access to Verizon Wireless customer call data. It just says they don't get it DIRECTLY from Verizon Wireless. They have other ways of going about getting this data, but that isn't what The Wall Street Journal wants you to be focusing on here. Verizon could request the information from Verizon Wireless, and then pass it onto the NSA, or they could just use any number of SIGINT technologies they have available to pull the information directly from cell towers (obviously this takes more effort and suffers issues when scaling) If you're inclined to disregard this argument consider that the Director of National Intelligence has already lied about it in front of congress. If US government officials are willing to lie about it under oath on television, they're more than happy to play games of semantics with journalists in hopes that one or more of them will run with stories like this one, making it seem like the NSA isn't doing what it's doing. Jason Gulledge @ramdac / twitter-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] U.S. Agencies Said to Swap Data With Thousands of Firms
On Fri, Jun 14, 2013 at 11:01 AM, Eugen Leitl eu...@leitl.org wrote: http://www.bloomberg.com/news/2013-06-14/u-s-agencies-said-to-swap-data-with-thousands-of-firms.html Microsoft Corp., the world’s largest software company, provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix, according to two people familiar with the process. An interesting article, showing why “responsible disclosure” of exploitable bugs is a bad idea. While companies are offered powerful inducements to cooperate with U.S. intelligence, many executives are motivated by patriotism or a sense they are defending national security, the people familiar with the trusted partner programs said. Since this is essentially recruitment (wonder why Bloomberg doesn't use the term), it makes sense for non-US intelligence services to recruit disgruntled lower-ranking managers to provide the same information, as well. Should be easy, since no treason / classified information is involved. -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Internet blackout
On Thu, Jun 13, 2013 at 04:27:17PM -0700, Seth David Schoen wrote: These properties are really awesome. One thing that I'm concerned about is that classic Usenet doesn't really do authenticity. It was easy for people to spoof articles, although there would be _some_ genuine path information back to the point where the spoofed article originated. It seems like if we're talking about using Usenet in an extremely hostile environment, spoofing and forgery are pretty significant threats (including classic problems like spoofed control messages! but also cases of nodes modifying message content). I completely agree with you: I share that concern. I think a *possible* fix for it -- or perhaps fix is too strong a term, let me call it an approach -- is to remove the Path: header (among others) and use the article body's checksum as a unique identifier. Thus node A, instead of telling node B I have article 123456, do you want it?, would say instead, I have an article with checksum 0x83FDE1, do you want it? -- slightly complicating propagation, but not unduly so. I think this can be used to strip out all origination information: when A presents B with articles, B will not be able to discern which originated on A and which are merely being passed on by A. Encrypting everything should stop article spoofing. (Although it doesn't stop article flooding, and an adversary could try to overwhelm the network by injecting large amounts of traffic. Deprecating the Path: header actually makes this easier for an attacker.) The use of encryption also means that private messages can be sent from user U1 to user U2 -- yes, they'll be present on every node (eventually) but only user U2 will be able to decrypt them using her private key. (In other words, the way U2 discovers which messages are directed to her is that she attempts to decrypt them *all*. When it works: that one was for her. Provided an adversary does not have U2's private key, the adversary can't figure out which ones are addressed to her. Or who they're from. Or where they originated. [1]) Your mention of spoofed control messages is spot-on: that's another problem with this. I've been thinking that perhaps the approach to that is to consider only allowing certain control messages: for example, article cancellation probably shouldn't be supported. (I briefly thought about encrypted article cancellation but then realized that it would only work on one node: that belonging to U2 in the example above. Not very useful!) I rather suspect though, that my analysis of this is incomplete and that the best way to figure out how to deal with control messages might be to set up a testbed network and have someone play the role of an adversary. Clearly, the Usenet model is very efficient for one-to-many, but inefficient for many-to-one and one-to-one. However, that same inefficiency is what gives it the ability to survive major node loss and link disruption and still work. It's also what makes it resistant to traffic analysis: when everyone says everything to everyone else, it's much harder to discern who's really talking to who. Speaking of survivability, this recent work: Guaranteed delivery -- in ad-hoc networks http://web.mit.edu/newsoffice/2013/ad-hoc-networks-0109.html has direct applicability here. Hauepler's algorithm shows that to guarantee delivery to a network of N nodes, delivery to log2(N) nodes will suffice. What all this does *not* give a real-time communications medium. But I'm not at all sure that's desirable. Over the past few years, I've slowly formed the hypothesis that the closer to real-time network communications are, the more susceptible they are to (adversarial) analysis. I can't rigorously defend that -- like I said, it's just a hypothesis -- but if it's correct, then it would be a good idea, when and where possible, to make communications NON-real-time. (Thus it might be a good idea for nodes participating in this kind of network to randomize the time intervals for outbound transmissions, in order to avoid generating a flurry of network activity that can be readily associated with an external event, a location, or a person.) One of other nice features of a Usenet-like architecture is that it works beautifully with sneakernet data transmission. A micro SD card or a USB stick can hold a *lot* of data, and they're easily concealed, traded, or dropboxed. It's not at all unreasonable to conceive of a scheme where daily reports of events inside Elbonia are transmitted by physically carrying them to a location outside Elbonian-controlled network space and injecting them back into the network. Or vice-versa. I'm not saying this is the answer. I'm not even sure it's an answer. But I think it might be the foundation for one. Now if I could just find the funding to work on it for 6-12 months I'd be all set. ;-) ---rsk [1] I suspect that an adversary in possession of a large number of nodes might be
Re: [liberationtech] U.S. Agencies Said to Swap Data With Thousands of Firms
On Fri, Jun 14, 2013 at 02:14:16PM +0300, Maxim Kammerer wrote: An interesting article, showing why ?responsible disclosure? of exploitable bugs is a bad idea. I concur. I've often argued that there is no such thing as responsible disclosure -- it's a self-serving fiction concocted to satisfy the PR needs of companies. [1] I'll also note that this fairly conclusively demontrates that all the blather about how the US government wants to promote cybersecurity is 100% bullshit. ---rsk [1] The same companies that have the arrogance to demand responsible disclosure from people who owe them *nothing* are very often the same companies who've failed to provide responsible coding to their own customers. *cough* Adobe Acrobat security hole-of-the-week *cough* -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Secure and Cheap Provider in Sweden or Iceland?
On Thu, Jun 13, 2013 at 02:51:05PM -0400, Lorenzo Franceschi Bicchierai wrote: Hey guys, In lieu of the recent NSA leaks, I'm going to transfer my website to a new provider in either Sweden or Iceland (because well, you never know). Griffin Boyce suggested I use moln.is, do you guys have any other 1984.is is another option. suggestion? Any other kind of advice? We need something like Tahoe LAFS as a backend that scales, and has a way to find your content without resorting to DNS centralism. The only way to avoid censorship and surveillance long-term is to access something that starts with localhost, a weird port, and has a longish cryptohash postfixed (perhaps prettified with a P2P name resolution, or foundable with a distributed P2P search engine indexing that particular darknet). It's a hard problem, but not unsolvable one. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Secure and Cheap Provider in Sweden or Iceland?
On Thu, Jun 13, 2013 at 8:51 PM, Lorenzo Franceschi Bicchierai lorenzo...@gmail.com wrote: In lieu of the recent NSA leaks, I'm going to transfer my website to a new provider in either Sweden or Iceland (because well, you never know). Griffin Boyce suggested I use moln.is, do you guys have any other suggestion? Any other kind of advice? I've heard good stuff about greenqloud.com. Not only are they in Iceland, but they seem to have a pretty good environmental observance, if you value that. JC -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [cryptography] Free cryptography I course (courtesy Coursera)
On Fri, Jun 14, 2013 at 9:43 AM, Eugen Leitl eu...@leitl.org wrote: https://www.coursera.org/course/crypto?utm_classid=971022utm_notid=5333944utm_linknum=1 Cryptography I Dan Boneh Learn about the inner workings of cryptographic primitives and how to apply this knowledge in real-world applications! It 'a very nice course indeed. I followed it and passed the exam too :=). In July, it take the Part II. Courses like this can be a stimulus for studying very well the theoretical aspect of cryptography often not considered by the IT professional, that prefer, in general, the applied cryptography (many don't like the math aspect). Best -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] [tt] NSA Prism is motivated in part by fears that environmentally-linked disasters could spur anti-government activism
http://www.guardian.co.uk/environment/earth-insight/2013/jun/14/climate-change-energy-shocks-nsa-prism Pentagon bracing for public dissent over climate and energy shocks NSA Prism is motivated in part by fears that environmentally-linked disasters could spur anti-government activism US domestic surveillance has targeted anti-fracking activists across the country. Photograph: Les Stone/REUTERS Top secret US National Security Agency (NSA) documents disclosed by the Guardian have shocked the world with revelations of a comprehensive US-based surveillance system with direct access to Facebook, Apple, Google, Microsoft and other tech giants. New Zealand court records suggest that data harvested by the NSA's Prism system has been fed into the Five Eyes intelligence alliance whose members also include the UK, Canada, Australia and New Zealand. But why have Western security agencies developed such an unprecedented capacity to spy on their own domestic populations? Since the 2008 economic crash, security agencies have increasingly spied on political activists, especially environmental groups, on behalf of corporate interests. This activity is linked to the last decade of US defence planning, which has been increasingly concerned by the risk of civil unrest at home triggered by catastrophic events linked to climate change, energy shocks or economic crisis - or all three. Just last month, unilateral changes to US military laws formally granted the Pentagon extraordinary powers to intervene in a domestic emergency or civil disturbance: Federal military commanders have the authority, in extraordinary emergency circumstances where prior authorization by the President is impossible and duly constituted local authorities are unable to control the situation, to engage temporarily in activities that are necessary to quell large-scale, unexpected civil disturbances. Other documents show that the extraordinary emergencies the Pentagon is worried about include a range of environmental and related disasters. In 2006, the US National Security Strategy warned that: Environmental destruction, whether caused by human behavior or cataclysmic mega-disasters such as floods, hurricanes, earthquakes, or tsunamis. Problems of this scope may overwhelm the capacity of local authorities to respond, and may even overtax national militaries, requiring a larger international response. Two years later, the Department of Defense's (DoD) Army Modernisation Strategy described the arrival of a new era of persistent conflict due to competition for depleting natural resources and overseas markets fuelling future resource wars over water, food and energy. The report predicted a resurgence of: ... anti-government and radical ideologies that potentially threaten government stability. In the same year, a report by the US Army's Strategic Studies Institute warned that a series of domestic crises could provoke large-scale civil unrest. The path to disruptive domestic shock could include traditional threats such as deployment of WMDs, alongside catastrophic natural and human disasters or pervasive public health emergencies coinciding with unforeseen economic collapse. Such crises could lead to loss of functioning political and legal order leading to purposeful domestic resistance or insurgency... DoD might be forced by circumstances to put its broad resources at the disposal of civil authorities to contain and reverse violent threats to domestic tranquility. Under the most extreme circumstances, this might include use of military force against hostile groups inside the United States. Further, DoD would be, by necessity, an essential enabling hub for the continuity of political authority in a multi-state or nationwide civil conflict or disturbance. That year, the Pentagon had begun developing a 20,000 strong troop force who would be on-hand to respond to domestic catastrophes and civil unrest - the programme was reportedly based on a 2005 homeland security strategy which emphasised preparing for multiple, simultaneous mass casualty incidents. The following year, a US Army-funded RAND Corp study called for a US force presence specifically to deal with civil unrest. Such fears were further solidified in a detailed 2010 study by the US Joint Forces Command - designed to inform joint concept development and experimentation throughout the Department of Defense - setting out the US military's definitive vision for future trends and potential global threats. Climate change, the study said, would lead to increased risk of: ... tsunamis, typhoons, hurricanes, tornadoes, earthquakes and other natural catastrophes... Furthermore, if such a catastrophe occurs within the United States itself - particularly when the nation's economy is in a fragile state or where US military bases or key civilian infrastructure are broadly affected - the damage to US security could be considerable. The study also warned of a possible shortfall in global oil output by
Re: [liberationtech] Oakland Cryptoparty This Sunday at 1pm
Eugen, I don't think MTA configuration will help the target audience of the cryptoparties. I doubt many of them run their own mail servers. I believe they are targeting end user client machines. Of course you are right that many users will stop using it if it is difficult. The idea of the cryptoparty, as I understand it, it to help those users. This way more people learn how to use cryptography and the the people who write the cryptography software may learn what is difficult for end users. Your dismissive attitude will not help, the cryptoparty might. -- Matt Johnson On Fri, Jun 14, 2013 at 12:56 AM, Eugen Leitl eu...@leitl.org wrote: On Fri, Jun 14, 2013 at 12:11:34AM -0700, William Gillis wrote: Now that everyone knows about the NSA isn't it time you tackled setting up PGP? If it's not transparent, Johny User will eventually drop it. Before you do that, rather enable StartTLS on your mail transport agent (e.g. postfix). And then install email encryption gateways http://www.postfix.org/addon.html#security-gateway https://code.google.com/p/gpg-mailgate/ After you have done that, you can turn to PGP/SMIME for end user MUAs. Are you or friends you know looking to adopt bread and butter encryption tools online and on your phone? Could you use folks to show the way, lend a hand, answer questions, or offer explanations? Drop by Sudoroom (2141 Broadway, Oakland CA) between 1pm and 4:30pm this Sunday the 16th! The NSA leaks provide most folks with a rare impetus to slog though installing and getting up to speed on the basics. If you can merely handle showing random people off the street one-on-one how to download textsecure from google's appstore, you're golden, we want you to come hang with us and potentially save people's lives, certainly their privacy. Think impromptu demonstrations, one-on-one help and informal presentations. https://sudoroom.org/ai1ec_event/digital-security-workshop/?instance_id -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Oakland Cryptoparty This Sunday at 1pm
Any little bit helps. +1 to cryptoparties. On Fri, Jun 14, 2013 at 8:04 AM, Matt Johnson railm...@gmail.com wrote: Eugen, I don't think MTA configuration will help the target audience of the cryptoparties. I doubt many of them run their own mail servers. I believe they are targeting end user client machines. Of course you are right that many users will stop using it if it is difficult. The idea of the cryptoparty, as I understand it, it to help those users. This way more people learn how to use cryptography and the the people who write the cryptography software may learn what is difficult for end users. Your dismissive attitude will not help, the cryptoparty might. -- Matt Johnson On Fri, Jun 14, 2013 at 12:56 AM, Eugen Leitl eu...@leitl.org wrote: On Fri, Jun 14, 2013 at 12:11:34AM -0700, William Gillis wrote: Now that everyone knows about the NSA isn't it time you tackled setting up PGP? If it's not transparent, Johny User will eventually drop it. Before you do that, rather enable StartTLS on your mail transport agent (e.g. postfix). And then install email encryption gateways http://www.postfix.org/addon.html#security-gateway https://code.google.com/p/gpg-mailgate/ After you have done that, you can turn to PGP/SMIME for end user MUAs. Are you or friends you know looking to adopt bread and butter encryption tools online and on your phone? Could you use folks to show the way, lend a hand, answer questions, or offer explanations? Drop by Sudoroom (2141 Broadway, Oakland CA) between 1pm and 4:30pm this Sunday the 16th! The NSA leaks provide most folks with a rare impetus to slog though installing and getting up to speed on the basics. If you can merely handle showing random people off the street one-on-one how to download textsecure from google's appstore, you're golden, we want you to come hang with us and potentially save people's lives, certainly their privacy. Think impromptu demonstrations, one-on-one help and informal presentations. https://sudoroom.org/ai1ec_event/digital-security-workshop/?instance_id -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Oakland Cryptoparty This Sunday at 1pm
On Fri, Jun 14, 2013 at 08:04:24AM -0700, Matt Johnson wrote: Eugen, I don't think MTA configuration will help the target audience of the cryptoparties. I doubt many of them run their own mail servers. Relying on your ISP-issued relay or your mail provider's SMTP provides a convenient one-stop shop for information collection. It is definitely possible and desirable for small organisations and groups of users to run their own SMTP servers, and potentially also IMAP servers. All it takes is a static IP address which is not on the usual blacklists. We must get users out of the cloud. I believe they are targeting end user client machines. Of course you are right that many users will stop using it if it is difficult. The idea of the cryptoparty, as I understand it, it to help those users. This way more people learn how to use cryptography and the the people who write the cryptography software may learn what is difficult for end users. Your dismissive attitude will not help, the cryptoparty might. My or your attitude will not change the fact that use of GNUPG in MUA will not happen on a large scale. Nor will any amount of cryptoparties. Even the developers of GNUPG are of the opinion, which why they've been pushing towards STEED http://g10code.com/steed.html which obviously has one giant cloven hoof speaking against it: DNS. Now, they have *two* problems, not one. StartTLS already secures order of magnitude more traffic than PGP in MUAs or PGP gateways ever will (look into this message's rich headers, chances are, you're already secure along some part of transport way without being even aware of it). And of course it's fully compaptible with VPNs, or GNUPG or whatever have you. -- Matt Johnson On Fri, Jun 14, 2013 at 12:56 AM, Eugen Leitl eu...@leitl.org wrote: On Fri, Jun 14, 2013 at 12:11:34AM -0700, William Gillis wrote: Now that everyone knows about the NSA isn't it time you tackled setting up PGP? If it's not transparent, Johny User will eventually drop it. Before you do that, rather enable StartTLS on your mail transport agent (e.g. postfix). And then install email encryption gateways http://www.postfix.org/addon.html#security-gateway https://code.google.com/p/gpg-mailgate/ After you have done that, you can turn to PGP/SMIME for end user MUAs. Are you or friends you know looking to adopt bread and butter encryption tools online and on your phone? Could you use folks to show the way, lend a hand, answer questions, or offer explanations? Drop by Sudoroom (2141 Broadway, Oakland CA) between 1pm and 4:30pm this Sunday the 16th! The NSA leaks provide most folks with a rare impetus to slog though installing and getting up to speed on the basics. If you can merely handle showing random people off the street one-on-one how to download textsecure from google's appstore, you're golden, we want you to come hang with us and potentially save people's lives, certainly their privacy. Think impromptu demonstrations, one-on-one help and informal presentations. https://sudoroom.org/ai1ec_event/digital-security-workshop/?instance_id -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Secure and Cheap Provider in Sweden or Iceland?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/13/2013 02:51 PM, Lorenzo Franceschi Bicchierai wrote: In lieu of the recent NSA leaks, I'm going to transfer my website to a new provider in either Sweden or Iceland (because well, you never know). Griffin Boyce suggested I use moln.is http://moln.is, do you guys have any other suggestion? Any other kind of advice? 1984.is have been very helpful to colleagues of mine. The boxen over there are said to be very stable. - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ Fail fast. Fail hard. Move on. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlG7OTEACgkQO9j/K4B7F8FLfACeIRXIIS6f3HB+rhGH208ngoVZ p6gAoM5fWzN+vMGv3QutWx0WpjawS273 =9AiG -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Oakland Cryptoparty This Sunday at 1pm
On Fri, Jun 14, 2013 at 10:30 AM, Eugen Leitl eu...@leitl.org wrote: ICBM: 48.07100 Hey, Eugene, do you have your very own ICBM - Inter-Continental Ballistic Missile? if so, is it aimed at you, or are you aiming it at someone/thing/where else? Best Regards | Cordiales Saludos | Grato, Andrés L. Pacheco Sanfuentes a...@acm.org +1 (817) 271-9619 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Oakland Cryptoparty This Sunday at 1pm
This thread has deteriorated, so we are moderating it. As a reminder, personal attacks are not tolerated on this list. Yosem, one of your moderators. On Fri, Jun 14, 2013 at 8:40 AM, Andrés Leopoldo Pacheco Sanfuentes alps6...@gmail.com wrote: On Fri, Jun 14, 2013 at 10:30 AM, Eugen Leitl eu...@leitl.org wrote: ICBM: 48.07100 Hey, Eugene, do you have your very own ICBM - Inter-Continental Ballistic Missile? if so, is it aimed at you, or are you aiming it at someone/thing/where else? Best Regards | Cordiales Saludos | Grato, Andrés L. Pacheco Sanfuentes a...@acm.org +1 (817) 271-9619 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Oakland Cryptoparty This Sunday at 1pm
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2013.06.14 18.20, Rich Kulawiec wrote: Now since I have (once again) opened my big mouth, I'll step up as well: if any organizations want to get their email out of the cloud/third parties, contact me off-list. I have a pretty good stash of disused hardware that could be put to work -- better that it be used for good than gathering dust. The issue with this approach is that maintaining infrastructure like this takes an ongoing time commitment by someone who is clueful (and thus at least moderately expensive for broke organizations where everyone's constantly overworked), and that older hardware fails, and keeping enough spares around to get reliability adds cost and complexity again. I'm (definitely) not saying this is a bad idea here, but it's important to understand what the real costs look like for organizations that may not natively have this talent, or where the folks who are supposed to do the work also have other jobs. For instance, in every small org that I've seen that does development and has infrastructure, infrastructure-only hires quickly get absorbed into development work. Running mail as reliably, securely, and conveniently as Google does with GMail is actually hard; this is why it's achieved the popularity it has, not just the cost. I've watched many friends and orgs over the past 9 years decide they just didn't have the time any more. E. - -- Ideas are my favorite toys. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iF4EAREIAAYFAlG7RiIACgkQQwkE2RkM0wpplAD9EofYcu2avh9PSeI6C1jjggUh stkxtMIY8X5T68vyclUA+wQ+HO3a/JINZfKmpignWZMjPBdMhiA0mXT5wDecT9lZ =gkuS -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] OpenWatch Releases #OccupyGezi Android Application
Rich, Today a road caravan through Texas starts in El Paso, to promote immigration reform across the state. A tool like OpenWatch would be very useful to ensure all activities of the caravan are broadcast, at least through the Internet, since a lot of the US news media - especially in Texas - is allergic to activist event coverage. How can we go about making this tool available? I need a quick reply, there's an internal conference call in less than two hours, and it would be great if I can tell them something about this.. Ideally a channel would be set up in Openwatch with the hashtag #Texas4CIR http://www.rightsworkinggroup.org/event/press-conference-announcing-start-texas4cir-caravan I used it to record the touch'n'go stop of the Network Nuns Bus in Dallas last Saturday, and then posted it in YouTube: http://www.youtube.com/watch?v=W-Fn0WN7S8g Best Regards | Cordiales Saludos | Grato, Andrés L. Pacheco Sanfuentes a...@acm.org +1 (817) 271-9619 On Fri, Jun 7, 2013 at 10:13 PM, Rich Jones r...@anomos.info wrote: We were asked by members of the media in Turkey who have been shut down to release a version of our new streaming media capture applications. In an effort document the history of the struggle and to help show abuses by authorities there, we are pleased to announce the Occupy Gezi android application. Announcement: https://openwatch.net/i/87/openwatch-releases-occupygezi-mobile-application Download: https://play.google.com/store/apps/details?id=org.ale.occupygezi Code: https://github.com/OpenWatch You will be able to see all of the media produced by the apps live as it comes in here: https://openwatch.net/w/occupygezi and we will use the media received to produce additional documentaries and reports. If you've got any feedback, please get at us: t...@openwatch.net Thanks!, Rich Jones OpenWatch = Why Turkey Needs an Independent Free Press - And How OpenWatch Is Helping Media conglomeration and an ever-worsening press-freedom record have created a void in independent reporting in Turkey, so OpenWatch has released a mobile application for Turkish mobile reporters. In support of a free press, the right to demonstrate, and the right to use media to document the truth, OpenWatch has released an Occupy Gezi application for Android (with an iPhone version coming out shortly) to allow people on the ground to collaboratively document the history they are making together. Download the application here on the Google Play store! The applications will send videos and photos directly online, where they can be found in the apps and on the web by following the #occupygezi hashtag on OpenWatch, which will show a live feed of media as it is received. We have optimized the application to stream videos and photos to our servers in the fastest way possible, even in low-connectivity environments. We will be producing documentaries and reports using the media created by the Occupy Gezi applications. All media created is Creative Commons, and all of the code is Free and Open Source, and available on our GitHub page. We have also updated our own open source software with additional Turkish translations. Why? While thousands of demonstrators took over a public space in an unprecedented act of mass political protest, the mainstream Turkish media instead ran documentaries about penguins. This is actually not surprising, as Turkey, which has the most imprisoned journalists of any country according to Reporters Without Borders, has been increasingly restrictive of press freedom in the past few years. As a result, much of the coverage of the events in the Turkish streets was provided by users of social networking services like Twitter. Now, authorities are targeting social media reporters and provocateurs as well: Authorities in Turkey have raided the houses and detained 38 people accused of using social media services to promote insurrection. What now? Going forward, we hope that people will be able to use mobile media to document the truth, the history they are making, and to protect themselves from abusive authorities by capturing and exposing the reality of events. The #OccupyGezi App was built on top of open source software which is being actively developed - there are some bugs, so please report them so that we can fix them. (It is not an app for anonymous reporting, and we do not make any such claims - it is an application simply designed to rapidly capture and redistribute important information which needs to be seen by as many people as possible. In the future, we do intend to build a separate architecture to support anonymous submissions, but we take identity security extremely seriously here, which is why we make no claims about anonymity at the moment.) If you are in Turkey and wish to document your experiences during this struggle, or just want to show your solidarity, use the application and share your
Re: [liberationtech] Secure and Cheap Provider in Sweden or Iceland?
The Doctor dr...@virtadpt.net wrote: 1984.is have been very helpful to colleagues of mine. The boxen over there are said to be very stable. The only downside with 1984 is they require you to order an annual subscription, rather than monthly. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Secure and Cheap Provider in Sweden or Iceland?
On 6/13/13 8:51 PM, Lorenzo Franceschi Bicchierai wrote: Hey guys, In lieu of the recent NSA leaks, I'm going to transfer my website to a new provider in either Sweden or Iceland (because well, you never know). Griffin Boyce suggested I use moln.is http://moln.is, do you guys have any other suggestion? Any other kind of advice? For email uses, to achieve some geo-political protection, i wrote something a while ago that maybe interesting: https://mailman.stanford.edu/pipermail/liberationtech/2012-February/003144.html - Split your communication flow - Stay on countries with (strong economy strong privacy law) -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Secure and Cheap Provider in Sweden or Iceland?
On Fri, Jun 14, 2013 at 01:32:14PM -0400, Griffin Boyce wrote: The Doctor dr...@virtadpt.net wrote: 1984.is have been very helpful to colleagues of mine. The boxen over there are said to be very stable. The only downside with 1984 is they require you to order an annual subscription, rather than monthly. Are you sure about that? Ours can be canceled monthly. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Internet blackout
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 14/06/13 12:49, Rich Kulawiec wrote: I think a *possible* fix for it -- or perhaps fix is too strong a term, let me call it an approach -- is to remove the Path: header (among others) and use the article body's checksum as a unique identifier. Thus node A, instead of telling node B I have article 123456, do you want it?, would say instead, I have an article with checksum 0x83FDE1, do you want it? -- slightly complicating propagation, but not unduly so. I think this can be used to strip out all origination information: when A presents B with articles, B will not be able to discern which originated on A and which are merely being passed on by A. This was exactly my jumping-off point for Briar: take Usenet, remove the path header, remove cancellation messages, require message IDs to be cryptographic hashes of the content, and require link encryption. :-) Encrypting everything should stop article spoofing. (Although it doesn't stop article flooding, and an adversary could try to overwhelm the network by injecting large amounts of traffic. Deprecating the Path: header actually makes this easier for an attacker.) ...and this is the point where I decided Usenet wasn't the best place to start from. Spam pretty much killed conversation on Usenet - and the spammers weren't even trying to kill it. I have some ideas about how to limit spam/flooding in a decentralised way, if we can assume the network's built on real-world social relationships and some fraction of the users are willing to take part in moderation - but so far they're untested. What all this does *not* give a real-time communications medium. But I'm not at all sure that's desirable. Over the past few years, I've slowly formed the hypothesis that the closer to real-time network communications are, the more susceptible they are to (adversarial) analysis. I can't rigorously defend that -- like I said, it's just a hypothesis -- but if it's correct, then it would be a good idea, when and where possible, to make communications NON-real-time. I agree - if you design the system to tolerate latency, there's scope for using mix network-like techniques against traffic analysis. Many attacks against mix networks are based on correlating messages entering the network with messages leaving it; if the network's peer-to-peer then messages don't enter or leave - the endpoints are inside the network. And if the network uses store-and-forward, senders and recipients don't have to be online at the same time, further frustrating intersection attacks. But best of all, store-and-forward networks can include nodes and edges that don't show up in the adversary's traffic logs at all, because they only communicate over sneakernet or short-range links like Bluetooth and wifi. I'm not saying this is the answer. I'm not even sure it's an answer. But I think it might be the foundation for one. Now if I could just find the funding to work on it for 6-12 months I'd be all set. ;-) Come and work on Briar. We might even be able to find some funding. :-) Cheers, Michael -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJRu2sPAAoJEBEET9GfxSfMWR8H/AtxcA41sgvmY1HW3EwDN0/w z8LFbrYvimL/CI34eWvytzKU8on/GyS4nBhJ0PRW7KbBpDm9SKEpi83jXoBDNvrN Ix4hM5dMdNp1dTZB8rI7NEWWOcpR/ChMfEHkV/EDtAZiQX3fzeC1rX3kx0PaqOne a0SRjIxXF/wrfqNN405vvTT6POjI6AEKwHomNdb6mZLsW8X16F7ejn8vpFwkOHQ6 Q4manS2FzVMVb4VmbmjFmrAJqhAaSTxziYbxosJqXqGiy9bugAlcJ14KmE97k4rG rqwM2wjSwiSJ9vdytbPE6Dmav3hpwKtYxzIDvZcN2z4kJ01h42Izah0qsxo= =jCtk -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Free cryptography I course (courtesy Coursera)
Sounds like a great course! Thanks! On Fri, Jun 14, 2013 at 3:43 AM, Eugen Leitl eu...@leitl.org wrote: https://www.coursera.org/course/crypto?utm_classid=971022utm_notid=5333944utm_linknum=1 Cryptography I Dan Boneh Learn about the inner workings of cryptographic primitives and how to apply this knowledge in real-world applications! Workload: 5-7 hours/week Watch intro video Sessions: Jun 17th 2013 (6 weeks long)Sign Up Mar 25th 2013 (6 weeks long)Sign Up Future sessions Add to Watchlist About the Course Cryptography is an indispensable tool for protecting information in computer systems. This course explains the inner workings of cryptographic primitives and how to correctly use them. Students will learn how to reason about the security of cryptographic constructions and how to apply this knowledge to real-world applications. The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. We will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two or more parties generate a shared secret key. We will cover the relevant number theory and discuss public-key encryption and basic key-exchange. Throughout the course students will be exposed to many exciting open problems in the field. The course will include written homeworks and programming labs. The course is self-contained, however it will be helpful to have a basic understanding of discrete probability theory. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Bambi http://BambisMusings.WordPress.com -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] eternity USENET (Re: Internet blackout)
Kind of old now (1997) but take a look at USENET eternity for a distributed censor resistant web publishing system based on USENET, PGP and hashes/committments. The documents could either by public, semi-private (secret URLs) or secured. Content updateble only by the author using PGP, and yet browseable from a web browser with the plugin. The whole thing was a perl script, but you may find the approaches interesting. http://cypherspace.org/adam/eternity/ There's an old Phrack article describing it in more detail and a howto, and the software. Adam On Fri, Jun 14, 2013 at 08:12:15PM +0100, Michael Rogers wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 14/06/13 12:49, Rich Kulawiec wrote: I think a *possible* fix for it -- or perhaps fix is too strong a term, let me call it an approach -- is to remove the Path: header (among others) and use the article body's checksum as a unique identifier. Thus node A, instead of telling node B I have article 123456, do you want it?, would say instead, I have an article with checksum 0x83FDE1, do you want it? -- slightly complicating propagation, but not unduly so. I think this can be used to strip out all origination information: when A presents B with articles, B will not be able to discern which originated on A and which are merely being passed on by A. This was exactly my jumping-off point for Briar: take Usenet, remove the path header, remove cancellation messages, require message IDs to be cryptographic hashes of the content, and require link encryption. :-) Encrypting everything should stop article spoofing. (Although it doesn't stop article flooding, and an adversary could try to overwhelm the network by injecting large amounts of traffic. Deprecating the Path: header actually makes this easier for an attacker.) ...and this is the point where I decided Usenet wasn't the best place to start from. Spam pretty much killed conversation on Usenet - and the spammers weren't even trying to kill it. I have some ideas about how to limit spam/flooding in a decentralised way, if we can assume the network's built on real-world social relationships and some fraction of the users are willing to take part in moderation - but so far they're untested. What all this does *not* give a real-time communications medium. But I'm not at all sure that's desirable. Over the past few years, I've slowly formed the hypothesis that the closer to real-time network communications are, the more susceptible they are to (adversarial) analysis. I can't rigorously defend that -- like I said, it's just a hypothesis -- but if it's correct, then it would be a good idea, when and where possible, to make communications NON-real-time. I agree - if you design the system to tolerate latency, there's scope for using mix network-like techniques against traffic analysis. Many attacks against mix networks are based on correlating messages entering the network with messages leaving it; if the network's peer-to-peer then messages don't enter or leave - the endpoints are inside the network. And if the network uses store-and-forward, senders and recipients don't have to be online at the same time, further frustrating intersection attacks. But best of all, store-and-forward networks can include nodes and edges that don't show up in the adversary's traffic logs at all, because they only communicate over sneakernet or short-range links like Bluetooth and wifi. I'm not saying this is the answer. I'm not even sure it's an answer. But I think it might be the foundation for one. Now if I could just find the funding to work on it for 6-12 months I'd be all set. ;-) Come and work on Briar. We might even be able to find some funding. :-) Cheers, Michael -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJRu2sPAAoJEBEET9GfxSfMWR8H/AtxcA41sgvmY1HW3EwDN0/w z8LFbrYvimL/CI34eWvytzKU8on/GyS4nBhJ0PRW7KbBpDm9SKEpi83jXoBDNvrN Ix4hM5dMdNp1dTZB8rI7NEWWOcpR/ChMfEHkV/EDtAZiQX3fzeC1rX3kx0PaqOne a0SRjIxXF/wrfqNN405vvTT6POjI6AEKwHomNdb6mZLsW8X16F7ejn8vpFwkOHQ6 Q4manS2FzVMVb4VmbmjFmrAJqhAaSTxziYbxosJqXqGiy9bugAlcJ14KmE97k4rG rqwM2wjSwiSJ9vdytbPE6Dmav3hpwKtYxzIDvZcN2z4kJ01h42Izah0qsxo= =jCtk -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] diseconomies of scale
It occurs to me that Prism exclusively targets large providers. This suggests that it relies on economies of scale. Which suggests a defense against Prism: use small providers, because there are diseconomies of scale. Thoughts? -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [tt] NSA Prism is motivated in part by fears that environmentally-linked disasters could spur anti-government activism
Thanks for all the great food for thought. So much going on... On Fri, Jun 14, 2013 at 10:24 AM, Eugen Leitl eu...@leitl.org wrote: http://www.guardian.co.uk/environment/earth-insight/2013/jun/14/climate-change-energy-shocks-nsa-prism Pentagon bracing for public dissent over climate and energy shocks NSA Prism is motivated in part by fears that environmentally-linked disasters could spur anti-government activism US domestic surveillance has targeted anti-fracking activists across the country. Photograph: Les Stone/REUTERS Top secret US National Security Agency (NSA) documents disclosed by the Guardian have shocked the world with revelations of a comprehensive US-based surveillance system with direct access to Facebook, Apple, Google, Microsoft and other tech giants. New Zealand court records suggest that data harvested by the NSA's Prism system has been fed into the Five Eyes intelligence alliance whose members also include the UK, Canada, Australia and New Zealand. But why have Western security agencies developed such an unprecedented capacity to spy on their own domestic populations? Since the 2008 economic crash, security agencies have increasingly spied on political activists, especially environmental groups, on behalf of corporate interests. This activity is linked to the last decade of US defence planning, which has been increasingly concerned by the risk of civil unrest at home triggered by catastrophic events linked to climate change, energy shocks or economic crisis - or all three. Just last month, unilateral changes to US military laws formally granted the Pentagon extraordinary powers to intervene in a domestic emergency or civil disturbance: Federal military commanders have the authority, in extraordinary emergency circumstances where prior authorization by the President is impossible and duly constituted local authorities are unable to control the situation, to engage temporarily in activities that are necessary to quell large-scale, unexpected civil disturbances. Other documents show that the extraordinary emergencies the Pentagon is worried about include a range of environmental and related disasters. In 2006, the US National Security Strategy warned that: Environmental destruction, whether caused by human behavior or cataclysmic mega-disasters such as floods, hurricanes, earthquakes, or tsunamis. Problems of this scope may overwhelm the capacity of local authorities to respond, and may even overtax national militaries, requiring a larger international response. Two years later, the Department of Defense's (DoD) Army Modernisation Strategy described the arrival of a new era of persistent conflict due to competition for depleting natural resources and overseas markets fuelling future resource wars over water, food and energy. The report predicted a resurgence of: ... anti-government and radical ideologies that potentially threaten government stability. In the same year, a report by the US Army's Strategic Studies Institute warned that a series of domestic crises could provoke large-scale civil unrest. The path to disruptive domestic shock could include traditional threats such as deployment of WMDs, alongside catastrophic natural and human disasters or pervasive public health emergencies coinciding with unforeseen economic collapse. Such crises could lead to loss of functioning political and legal order leading to purposeful domestic resistance or insurgency... DoD might be forced by circumstances to put its broad resources at the disposal of civil authorities to contain and reverse violent threats to domestic tranquility. Under the most extreme circumstances, this might include use of military force against hostile groups inside the United States. Further, DoD would be, by necessity, an essential enabling hub for the continuity of political authority in a multi-state or nationwide civil conflict or disturbance. That year, the Pentagon had begun developing a 20,000 strong troop force who would be on-hand to respond to domestic catastrophes and civil unrest - the programme was reportedly based on a 2005 homeland security strategy which emphasised preparing for multiple, simultaneous mass casualty incidents. The following year, a US Army-funded RAND Corp study called for a US force presence specifically to deal with civil unrest. Such fears were further solidified in a detailed 2010 study by the US Joint Forces Command - designed to inform joint concept development and experimentation throughout the Department of Defense - setting out the US military's definitive vision for future trends and potential global threats. Climate change, the study said, would lead to increased risk of: ... tsunamis, typhoons, hurricanes, tornadoes, earthquakes and other natural catastrophes... Furthermore, if such a catastrophe occurs within the United States itself - particularly when the nation's economy
Re: [liberationtech] FT: Companies scramble for consumer data (personal data are so cheap... why bother to protect them)
Thanks for passing these articles on Yosem! Much appreciated. On Fri, Jun 14, 2013 at 2:48 PM, Yosem Companys compa...@stanford.eduwrote: From: Toon Vanagt toon.van...@casius.com I stumbled on this FT article with 'volume pricing' for personal data and a convenient estimation tool: http://www.ft.com/cms/s/0/f0b6edc0-d342-11e2-b3ff-00144feab7de.html#axzz2W5QWgUuR Basically, if you're a millionaire, your personal data is worth about $ 0.123 (if you're not, you start at: $ 0.007). The FT has build an interactive data value estimation tool. For example by adding ADHD to my profile I gained a stunning $ 0.200. Consider it extra money for 'salting data set' :) 3 Quick thoughts: The Financial Times will not collect, store or share the data users input into the calculator. Despite this disclaimer I wonder what the FT really does with the harvested data on its web servers or considered the risk of 'leaking logs'? At the end of their 'game', I'm invited to share my private 'data worth' on Twitter, which exposes how much Marketers would pay approximately for your data: and conveniently allows third parties to identify me... When linked with their identifiable FT subscriber profile, there's no need for a tweet to link the results to a person. Check https://twitter.com/search?q=%23FTdataworthsrc=typd - public search result. Great for marketeers. Also has the potential to reverse engineer profiles.. Prices in the article calculator seem very low and suggest that your 'personal data' are not really valuable to companies in a consumer society That is if you're not obese, don't subscribe to a gym, don't own a plane... Due to competition the broker prices are said to trending towards 'worthless'.. Data brokers seem to suggest we should not bother to protect something of so little economic value... Let me know if my reading between the lines is wrong. Does anybody know about a personal data value calculator that is not based on broker volume pricing, but reveals how much companies pay for qualified leads in different industries (mortgage, insurance, cruise travel, fitness, car test drive, hotel booking,...) The outcome of such an 'intent cast valuator' would be much higher and more of an economic incentive to raise awareness of data value. Cheers, @Toon -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Bambi http://BambisMusings.WordPress.com -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Cities adopting international human rights treaties
From: Blau, Judith judith_b...@unc.edu San Francisco was the pioneer when it adopted CEDAW. and a few other US cities have followed, adopting international human rights treaties, notably the Convention on the Rights of Children. This week, the Human Rights Center of Chapel Hill Carrboro successfully petitioned Chapel Hill, NC to adopt the Convention on the Protection of the Rights of Migrant Workers and their Families. This is good news because we can more assertively pursue cases of wage theft and discrimination, with the support of the Town. Judith Blau, Director. HRC -CHC -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] diseconomies of scale
Legal Struggles Over Interception Rules in the United States - EFF https://www.eff.org/pages/legal-struggles-over-interception-rules-united-states On Fri, Jun 14, 2013 at 3:24 PM, Lucas Gonze lucas.go...@gmail.com wrote: It occurs to me that Prism exclusively targets large providers. This suggests that it relies on economies of scale. Which suggests a defense against Prism: use small providers, because there are diseconomies of scale. Thoughts? -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Bambi http://BambisMusings.WordPress.com -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Secure and Cheap Provider in Sweden or Iceland?
Eugen Leitl eu...@leitl.org wrote: The only downside with 1984 is they require you to order an annual subscription, rather than monthly. Are you sure about that? Ours can be canceled monthly. At least with the signing up, there's no monthly option on the English site. ~Griffin -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Secure and Cheap Provider in Sweden or Iceland?
On 06/14/2013 01:32 PM, Griffin Boyce wrote: The Doctor dr...@virtadpt.net wrote: 1984.is have been very helpful to colleagues of mine. The boxen over there are said to be very stable. The only downside with 1984 is they require you to order an annual subscription, rather than monthly. The other issue with them is that their VPS service does not offer a control panel (as of yet). So, if your server goes down, the only way to restart it is to email their customer support to do it for you. Having said that, their support is really good, and I think they are working on having a control panel. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Watch 2013 Barack Obama Debate 2006 Joe Biden Over NSA Surveillance
https://www.eff.org/deeplinks/2013/06/watch-2013-president-obama-debate-2006-joe-biden-over-nsa-surveillance JUNE 14, 2013 | BY DAVE MAASS AND TREVOR TIMM Watch 2013 Barack Obama Debate 2006 Joe Biden Over NSA Surveillance After a leaked FISA court document revealed that the National Security Agency (NSA) is vacuuming up private data on millions of innocent Americans by collecting all the phone records of Verizon customers, President Obama responded by saying let's have a debate about the scope of US surveillance powers. At EFF, we couldn't agree more. It turns out, President Obama's most formative debate partner over the invasiveness of NSA domestic surveillance could his Vice President Joe Biden. Back in 2006, when the NSA surveillance program was first revealed by the New York Times, then-Senator Biden was one of the program's most articulate critics. As the FISA court order shows, the scope of NSA surveillance program has not changed much since 2006, except for the occupant in the White House. Watch this video, as Senator Biden from 2006 directly refutes each point President Obama made about the NSA surveillance program at his news conference last week. -- James S. Tyre Law Offices of James S. Tyre 10736 Jefferson Blvd., #512 Culver City, CA 90230-4969 310-839-4114/310-839-4602(fax) jst...@jstyre.com Policy Fellow, Electronic Frontier Foundation https://www.eff.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [tt] NSA Prism is motivated in part by fears that environmentally-linked disasters could spur anti-government activism
Technically, it's the duty of the military to evaluate these scenarios and act on the information *wisely*. It is our duty as activists to hold them on that and that's where everything collapses, because there is a crisis of trust. Listen, there is not a single great civilization in the history of the world that has not fallen to war or environmental impacts -- and many that have fallen to conquest have fallen to conquest as a side effect of (human influenced) environmental impacts of some sort (for example, heavy metals contributions theory of the decline of Rome http://www.poweredbyosteons.org/2012/01/lead-poisoning-in-rome-skeletal.html ). Much as I do not trust the conclusions of the military based on the simulations they may run through, it is, in fact, their duty to run through simulations based on the four horsemen scenarios they can imagine. And it is in fact their duty to to imagine that the environmentalists are going to trump them by lathering everyone up into freaking out that the sky is falling (because, nearly literally, it is, and the government are obscurantist cowards who want to get re-elected --- oops, was that my outside voice saying that inconvenient truth?) so just as they wiretap the Society of Friends (Quakers) in times when the peace movement is bucking a war effort and making their propaganda suppository of casus belli seem not so smooth an insert, yes -- they are going to track climate change activists if they are worried about panic in time of crop failure and rationing and empty shelves in the not-so-supermarkets of the breadbasket of the world. Short on petrochemicals? Most of our crops are made of them you know, between fertilizer, transportation, and various. Worried that revelations that disruptive health effects of glyphosphate (Round-up from Monsanto -- which is responsible for most of the corn/soy monocropping grown in the US now and a good proportion of other crops in this country and worldwide) in mammals may make revelations of DDT in the 60s look tame? Oops, there goes the 20% of the grain capacity of our current green revolution phase. That brings the planet down by a billion in carrying capacity, without global warming. These are the kinds of ecological messages that might make the military nervous. (Hi, for those of you who are listening! :) And they are correct to be nervous. They should be planning for rationing and unrest if a severe scenario comes up -- if for no other reason than that we will have hungry neighbors that will make a zombie apocalypse look pastoral. And these are ugly scenarios to think about. That's what we delegate to the military and law enforcement, ideally, as a sacred trust (the other side of sacred being taboo -- we don't *want* to have to ponder what happens in our neighborhoods when the food supply should go away for whatever reason and FEMA isn't the answer). So this is why one might, as a conservative even, think Prism is an UTTER TRAGEDY. Because it represents a broken social contract by pure dissonance, a lack of trust so profound, a disengagement so deep and suppurating, that we can't even imagine any more why it is that we would need a military to know these things that we could trust. (And as a disclaimer: I have family in the military, and have for generations, and have stubborn hope these things are fixable through both military/DHS/civilian elected/non-elected leadership) The problem is NOT that these scenarios are being spun out. They should be. The problem is, what is the response to each scenario proposed to be? I don't see that? And I expect that would be in executive control at the time of crisis. And there's where trust falls apart. Because this: http://www.gpo.gov/fdsys/pkg/FR-2013-04-12/html/2013-07802.htm essentially repeals this: http://en.wikipedia.org/wiki/Posse_Comitatus_Act ...and even with my background? I have a hard time with that. A very very hard time with it. This is not the cat is dead and not dead. The cat is DEAD, wrapped up in a brown shirt, weighted down with stones and dropped in the river. I am sorry, I do not understand how this can happen in this country without open discussion with the electorate. This is not something you do, undermining the Posse Comitatus by a snippet of regulation from the executive branch. That is not the way this democracy works. yrs, SN On Fri, Jun 14, 2013 at 3:26 PM, LilBambi lilba...@gmail.com wrote: Thanks for all the great food for thought. So much going on... On Fri, Jun 14, 2013 at 10:24 AM, Eugen Leitl eu...@leitl.org wrote: http://www.guardian.co.uk/environment/earth-insight/2013/jun/14/climate-change-energy-shocks-nsa-prism Pentagon bracing for public dissent over climate and energy shocks NSA Prism is motivated in part by fears that environmentally-linked disasters could spur anti-government activism US domestic surveillance has targeted anti-fracking activists across the country. Photograph: Les
[liberationtech] Stanford Security Seminar 6/17: Digital Forensics Tools
There's an upcoming Stanford security seminar on how bulk data from captured drives and network traffic are analyzed. Thought it might of some interest to this list. Lessons Learned Writing High-Performance Multi-Threaded Digital Forensic Tools for Analyzing Hard Drives and Network Intercepts Simson Garfinkel http://simson.net/ Monday, June 17, 2013 Talk at 4:15pm Gates Building 463A Stanford University Abstract: Writing digital forensics (DF) tools is difficult because of the diversity of data types that needs to be processed, the need for high performance, the skill set of most users, and the requirement that the software run without crashing. Developing this software is dramatically easier when one possesses a few thousand disks of other people’s data for testing purposes. This talk presents the internal design of two high-performance computer forensics tools --- bulk_extractor and tcpflow --- discussing the algorithmic and C++ coding techniques that were employed. Come see how we peg at 64 cores on our test machine! (Loosely based on Garfinkel's 2012 DFRWS paper, http://simson.net/clips/academic/2012.DFRWS.DIIN382.pdf) -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] eternity USENET (Re: Internet blackout)
On 14-06-13 21:22, Adam Back wrote: Kind of old now (1997) but take a look at USENET eternity for a distributed censor resistant web publishing system based on USENET, PGP and hashes/committments. The documents could either by public, semi-private (secret URLs) or secured. Content updateble only by the author using PGP, and yet browseable from a web browser with the plugin. The whole thing was a perl script, but you may find the approaches interesting. http://cypherspace.org/adam/eternity/ There's an old Phrack article describing it in more detail and a howto, and the software. Adam This was exactly my jumping-off point for Briar: take Usenet, remove the path header, remove cancellation messages, require message IDs to be cryptographic hashes of the content, and require link encryption. :-) Encrypting everything should stop article spoofing. (Although it doesn't stop article flooding, and an adversary could try to overwhelm the network by injecting large amounts of traffic. Deprecating the Path: header actually makes this easier for an attacker.) Doesn't Freenet already solve these issues by actively distributing content even wider when someone wants to censor something. A sort of built in Streisand Effect. https://en.wikipedia.org/wiki/Freenet Guido. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [tt] NSA Prism is motivated in part by fears that environmentally-linked disasters could spur anti-government activism
On 15-06-13 00:30, Shava Nerad wrote: Technically, it's the duty of the military to evaluate these scenarios and act on the information *wisely*. The original analysis read to me: We face severe problems that might lead to civil unrest. We need more population control, whatever the price. Now we also have civil unrest due to the population control. We need even more funds. Isn't diverting some of the military budget on population control towards research to prevent those problems a *wise* action? Guido. It is our duty as activists to hold them on that and that's where everything collapses, because there is a crisis of trust. Listen, there is not a single great civilization in the history of the world that has not fallen to war or environmental impacts -- and many that have fallen to conquest have fallen to conquest as a side effect of (human influenced) environmental impacts of some sort (for example, heavy metals contributions theory of the decline of Rome http://www.poweredbyosteons.org/2012/01/lead-poisoning-in-rome-skeletal.html). Much as I do not trust the conclusions of the military based on the simulations they may run through, it is, in fact, their duty to run through simulations based on the four horsemen scenarios they can imagine. And it is in fact their duty to to imagine that the environmentalists are going to trump them by lathering everyone up into freaking out that the sky is falling (because, nearly literally, it is, and the government are obscurantist cowards who want to get re-elected --- oops, was that my outside voice saying that inconvenient truth?) so just as they wiretap the Society of Friends (Quakers) in times when the peace movement is bucking a war effort and making their propaganda suppository of casus belli seem not so smooth an insert, yes -- they are going to track climate change activists if they are worried about panic in time of crop failure and rationing and empty shelves in the not-so-supermarkets of the breadbasket of the world. Short on petrochemicals? Most of our crops are made of them you know, between fertilizer, transportation, and various. Worried that revelations that disruptive health effects of glyphosphate (Round-up from Monsanto -- which is responsible for most of the corn/soy monocropping grown in the US now and a good proportion of other crops in this country and worldwide) in mammals may make revelations of DDT in the 60s look tame? Oops, there goes the 20% of the grain capacity of our current green revolution phase. That brings the planet down by a billion in carrying capacity, without global warming. These are the kinds of ecological messages that might make the military nervous. (Hi, for those of you who are listening! :) And they are correct to be nervous. They should be planning for rationing and unrest if a severe scenario comes up -- if for no other reason than that we will have hungry neighbors that will make a zombie apocalypse look pastoral. And these are ugly scenarios to think about. That's what we delegate to the military and law enforcement, ideally, as a sacred trust (the other side of sacred being taboo -- we don't *want* to have to ponder what happens in our neighborhoods when the food supply should go away for whatever reason and FEMA isn't the answer). So this is why one might, as a conservative even, think Prism is an UTTER TRAGEDY. Because it represents a broken social contract by pure dissonance, a lack of trust so profound, a disengagement so deep and suppurating, that we can't even imagine any more why it is that we would need a military to know these things that we could trust. (And as a disclaimer: I have family in the military, and have for generations, and have stubborn hope these things are fixable through both military/DHS/civilian elected/non-elected leadership) The problem is NOT that these scenarios are being spun out. They should be. The problem is, what is the response to each scenario proposed to be? I don't see that? And I expect that would be in executive control at the time of crisis. And there's where trust falls apart. Because this: http://www.gpo.gov/fdsys/pkg/FR-2013-04-12/html/2013-07802.htm essentially repeals this: http://en.wikipedia.org/wiki/Posse_Comitatus_Act ...and even with my background? I have a hard time with that. A very very hard time with it. This is not the cat is dead and not dead. The cat is DEAD, wrapped up in a brown shirt, weighted down with stones and dropped in the river. I am sorry, I do not understand how this can happen in this country without open discussion with the electorate. This is not something you do, undermining the Posse Comitatus by a snippet of regulation from the executive branch. That is not the way this democracy works. yrs, SN On Fri, Jun 14, 2013 at 3:26 PM, LilBambi lilba...@gmail.com mailto:lilba...@gmail.com wrote: Thanks for all the great food for thought. So much going on... On Fri, Jun 14, 2013
Re: [liberationtech] [tt] NSA Prism is motivated in part by fears that environmentally-linked disasters could spur anti-government activism
On 15.06.2013 02:18, Guido Witmond wrote: The original analysis read to me: We face severe problems that might lead to civil unrest. We need more population control, whatever the price. Now we also have civil unrest due to the population control. We need even more funds. How does population control come into this, and what do you mean by it? -- Moritz Bartl https://www.torservers.net/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [tt] NSA Prism is motivated in part by fears that environmentally-linked disasters could spur anti-government activism
I think he means people herding, not people culling -- at least I hope so! ;) It's at best ambiguous in idiomatic English. SN Shava Nerad shav...@gmail.com On Jun 14, 2013 9:10 PM, Moritz Bartl mor...@torservers.net wrote: On 15.06.2013 02:18, Guido Witmond wrote: The original analysis read to me: We face severe problems that might lead to civil unrest. We need more population control, whatever the price. Now we also have civil unrest due to the population control. We need even more funds. How does population control come into this, and what do you mean by it? -- Moritz Bartl https://www.torservers.net/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech