Re: [liberationtech] Bush-Era Whistleblower Claims NSA Ordered Wiretap Of Barack Obama In 2004
Snowden Rocks. The guy is extremely brave. We have to make sure he is not prosecuted! On Sat, Jun 22, 2013 at 5:30 AM, Mike Perry mikepe...@torproject.orgwrote: phryk: I have to admit, I find that rather amusing. I wonder if this is actually true and if it might change Obamas opinion on the surveillance machine. And if it does, how will he try to hide the obvious hypocrisy? I used to think there was a possibility that surveillance would capture our politicians through blackmail/etc. After seeing more and more of these releases, I am becoming convinced that this *already happened*. If they didn't capture Obama in this 2004 operation, capturing him later wouldn't be terribly difficult. NSA: You're the first black US President, and you want to *dismantle* the domestic surveillance operation that might prevent an assassination attempt on you or your family by some moron redneck lunatic? Sure would be a shame if something were to happen to you after that... I sure can understand his hesitance in the face of such a threat. I don't envy him, that's for sure :/. Actually I have to say that I'm beginning to see the whole phenomenon developing around Snowdens leaks with a good dose of gallows humor. It's kind of slapstick-y that every time someone of the US government tries to justify all the surveillance, there seem to be three new stories popping up that elaborate on all the stuff they actually do; some of which even directly contradicts what those apologists claim. I have noticed this pattern too. I think Snowden and his handlers at the Guardian have a far more sophisticated PR and release timing strategy than anyone has given them credit for (I'm referring to various rumblings about their release of material at the end of the week, questioning the value of the release of intel on US hacking, etc). If there is to be a journalistic award for this work, it should not be for any one story. The whole arc is magnificently directed. -- Mike Perry -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Dr. Warigia Bowman Assistant Professor Clinton School of Public Service University of Arkansas wbow...@clintonschool.uasys.edu - View my research on my SSRN Author page: http://ssrn.com/author=1479660 -- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Telecomix Broadcast System - Now including news from Turkey
Bulgaria is protesting against their corrupted government, too. Any chance of getting that into Telecomix' Broadcast System or expanding media coverage / awareness for those people? https://medium.com/better-humans/c48a55c30e29 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] RapNews Summary - Whistleblower
Hi, Apologies if this has already been posted or you are aware of it: http://www.youtube.com/watch?v=hnMPQmIPibE I find some of the conversations on LibTech are fantastic, and others in la la land. There's a very very long way to go in terms of raising awareness of privacy rights. We often assume everyone will drop Skype because their privacy/security is at risk - but it's going to take a much better product to make people switch. Privacy/security alone may not tip usage. We need to start explaining to the 5 year olds why it's problematic to share everything on the net, and get them to buy in to using tools that protect their privacy and increase their digital security. Anyways - have a good weekend, best, Sam. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Censorship circumvention and ticket inspectors
Walid, I like this a lot and would like to use as an example for my students. Perhaps using the Gaza Strip as a more concrete metaphor for some of the ideas would be helpful... Certainly re SSH tunnels. Michael On Jun 22, 2013 3:41 PM, Walid AL-SAQAF ad...@alkasir.com wrote: Dear friends, I have been asked to explain how four mechanisms of censorship circumvention work using some sort of analogy that any layman could understand. I proposed the analogy of surfing the Internet as traveling and firewalls as ticket inspectors checking where you are going as described below. So I would love to get from those of you who are familiar with censorship circumvention methods some feedback on how useful/accurate such an analogy is and ways to fix it. If you have another suggestion, I would love to know it because I could use it instead if it made more sense. This is all under development so changes can be accommodated. Note that I want the analogy to make it easier to understand each circumvention method without implying something that is inaccurate when it comes to the limitations and abilities of each method. == Technology today offers a variety of Internet censorship circumvention solutions to bypass those ISP-imposed firewalls. To illustrate some ways of how Internet censorship could be circumvented. I don’t know about you, but I truly love to travel. So let me present this simple analogy of travel. *Using a particular website = Visiting to a particular town* * * *Protocol used (http, ftp, ssh, pop3, ) = mode of transportation (taxi, bus, minibus, train, plane,..) * *Censorship authority (firewall) = Ticket inspector * And let us imagine that surfing the web, having a video chat or playing online games, etc. are all forms of travel. The different applications are like different transportation (e.g., train, car, sea, air). As a user in a country where there’s Internet censorship, you’re like a tourist hoping to buy a ticket to a particular destination as you can’t get out without having your ticket checked by the ticket inspector, who serves as the gatekeeper. Heavy censorship means very few destinations could be reached because tickets to forbidden destinations won’t be permitted by the ticket inspector. Now there are several methods of getting to a town that is normally off access. *Web-proxies: * If you get access to a web-based proxy, then it’s like having a ticket to an allowed destination that is not on the blocked list. However, that very destination is merely a transfer point where you could go to one more destination without any additional tickets. So while the ticket inspector thought you were going to a particular town, that town was basically used as a transfer point to another town that you were originally supposed not to go to. However, the ultimate destination could only be reached based on the conditions of the proxy station, which may not be convenient (too slow transportation, no air conditioning, etc., planting surveillance devices). But because the ticket inspector doesn't know, he let you go any way. Remember that this setting allowed you to only get one single ride. To go to another destination, you need to come back and take another ride. Surveillance is often possible to limit if the web-based proxy allows the use of SSL (adding an ‘s’ to http on the address bar). *HTTP/SOCKS proxies: * Through the HTTP/SOCKS proxy method, you’d get a pass that would allow you to go to one allowed destination and then from there, you would have free transfers on all the trains of the world. However, when you visit insecure websites (that don't start with https) with this method, you’ll sacrifice your privacy because you'll need to install a spyware device on your leg to track your movement for the ticket inspector to know where you are going. So when you come after a long vacation, authorities would know what you have been up to and what you bought and where you've been all this time . You might be in big trouble if you did naughty stuff while you were on the different trips. *SSH Tunnels:* Through a locally opened SSH tunnel, you would get a pass to an allowed destination that would grant you free access to not only trains, but also buses all over the world. At the same time, you also won’t be tracked. So you are really protecting yourself from being spied on while enjoying visiting almost all the destinations you wanted except the ones that can’t be reached by land. *VPNs: * And through VPNs, you show a pass to an allowed destination, from where you will be free to use all methods of transportation including land, sea and air. Furthermore, your movement or baggage would not be inspected. It’s the ultimate method that would allow you to be totally free in seeing the world with no restrictions. == Your feedback is welcome. Sincerely, Walid - Walid Al-Saqaf
Re: [liberationtech] PrivateCore and secure hosting
Hi Steve, a technical (and perhaps stupid) question: On Sat, Jun 22, 2013 at 1:49 AM, Steve Weis stevew...@gmail.com wrote: The host H will have a trusted platform module (TPM). When H boots up, it will measure all software state into platform control registers (PCRs) in the TPM. See Intel Trusted Execution Technology (TXT) for more info how this works. Does TXT provide any benefit over UEFI Secure Boot? I remember looking into integrating TXT, and it seemed like something not too well-supported, and essentially superseded by better-established standards like Secure Boot. -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] phantom protocol
Hi list, Did anyone ever take a look at Magnus Brading's phantom protocol? http://code.google.com/p/phantom/ Hasn't been much development on it for awhile. I'm just curious if anyone used it and saw problems with the design or not. Thanks, Jonathan-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] to encrypt or not to encrypt?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/21/2013 07:18 PM, Eleanor Saitta wrote: ...and for any kind of business-related organizational work, much of the time, wherein you do get plenty of actual high-value information. Engineering discussions are often had over e-mail, not just out of convenience but because messages are archived, indexed, and referred to in lieu of notes. Same with organizational planning and strategy. Don't forget documents being e-mailed back and forth... Because we're unlikely to move businesses off email any time soon (and I include NGO- and much of organized activist-land here), we do in the end need to do something for it. The private sector, too. - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ Sendmail isn't evil, it's job security. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlHFx5QACgkQO9j/K4B7F8GKngCgjvCorYJI8Y+L6qFnT/gh4peo qL4An0yu6tn5p/WthpCt6wY8rDHw6Jnp =yBhS -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Censorship circumvention and ticket inspectors
Thanks Michael for what I preceive as an endorsement of this analogy. I would love to know your students' reactions. Feel free to point any issues that could be problematic with thid annalogy or how it could improve. I look forward to others to comments as well. Best. Walid On Jun 22, 2013 2:54 PM, Michael Dahan dah...@gmail.com wrote: Walid, I like this a lot and would like to use as an example for my students. Perhaps using the Gaza Strip as a more concrete metaphor for some of the ideas would be helpful... Certainly re SSH tunnels. Michael On Jun 22, 2013 3:41 PM, Walid AL-SAQAF ad...@alkasir.com wrote: Dear friends, I have been asked to explain how four mechanisms of censorship circumvention work using some sort of analogy that any layman could understand. I proposed the analogy of surfing the Internet as traveling and firewalls as ticket inspectors checking where you are going as described below. So I would love to get from those of you who are familiar with censorship circumvention methods some feedback on how useful/accurate such an analogy is and ways to fix it. If you have another suggestion, I would love to know it because I could use it instead if it made more sense. This is all under development so changes can be accommodated. Note that I want the analogy to make it easier to understand each circumvention method without implying something that is inaccurate when it comes to the limitations and abilities of each method. == Technology today offers a variety of Internet censorship circumvention solutions to bypass those ISP-imposed firewalls. To illustrate some ways of how Internet censorship could be circumvented. I don’t know about you, but I truly love to travel. So let me present this simple analogy of travel. *Using a particular website = Visiting to a particular town* * * *Protocol used (http, ftp, ssh, pop3, ) = mode of transportation (taxi, bus, minibus, train, plane,..) * *Censorship authority (firewall) = Ticket inspector * And let us imagine that surfing the web, having a video chat or playing online games, etc. are all forms of travel. The different applications are like different transportation (e.g., train, car, sea, air). As a user in a country where there’s Internet censorship, you’re like a tourist hoping to buy a ticket to a particular destination as you can’t get out without having your ticket checked by the ticket inspector, who serves as the gatekeeper. Heavy censorship means very few destinations could be reached because tickets to forbidden destinations won’t be permitted by the ticket inspector. Now there are several methods of getting to a town that is normally off access. *Web-proxies: * If you get access to a web-based proxy, then it’s like having a ticket to an allowed destination that is not on the blocked list. However, that very destination is merely a transfer point where you could go to one more destination without any additional tickets. So while the ticket inspector thought you were going to a particular town, that town was basically used as a transfer point to another town that you were originally supposed not to go to. However, the ultimate destination could only be reached based on the conditions of the proxy station, which may not be convenient (too slow transportation, no air conditioning, etc., planting surveillance devices). But because the ticket inspector doesn't know, he let you go any way. Remember that this setting allowed you to only get one single ride. To go to another destination, you need to come back and take another ride. Surveillance is often possible to limit if the web-based proxy allows the use of SSL (adding an ‘s’ to http on the address bar). *HTTP/SOCKS proxies: * Through the HTTP/SOCKS proxy method, you’d get a pass that would allow you to go to one allowed destination and then from there, you would have free transfers on all the trains of the world. However, when you visit insecure websites (that don't start with https) with this method, you’ll sacrifice your privacy because you'll need to install a spyware device on your leg to track your movement for the ticket inspector to know where you are going. So when you come after a long vacation, authorities would know what you have been up to and what you bought and where you've been all this time . You might be in big trouble if you did naughty stuff while you were on the different trips. *SSH Tunnels:* Through a locally opened SSH tunnel, you would get a pass to an allowed destination that would grant you free access to not only trains, but also buses all over the world. At the same time, you also won’t be tracked. So you are really protecting yourself from being spied on while enjoying visiting almost all the destinations you wanted except the ones that can’t be reached by land. *VPNs: * And through VPNs, you show a pass to an allowed destination, from where you will be
[liberationtech] Any thoughts on this?
From: Dewald Pretorius, owner of SocialOomph.com The alarming revelations of the extent to which our privacy is being invaded by governments have inspired me to create a free encryption service that is for everyone. It is gratis, it's extremely easy to use, and it's anonymous (no need to sign up). https://www.encryptfree.com Essentially, you use the free service to encrypt the text you want to protect, paste the encrypted version into an email, tweet, Facebook post, Google+ post, etc., and give the decryption password to the intended recipient. The recipient uses the site to decrypt the text using the password you chose (only someone who knows the password can decrypt the text). It's extremely easy to use. Nothing to install and nothing to configure. And as the name suggests, it will always be free. If you know someone who can benefit from the service, please tell them about it. https://www.encryptfree.com If you're so inclined, please send tweets about the service and/or write a blog post about it, or record a Youtube video. Please think of usage scenarios and let other people know about the site. I believe there are many folks who would prefer a little more privacy when communicating online, but do not have the money to purchase or the technical expertise to configure commercial encryption products. The EncryptFree service is intended for us, the little guys. Best regards, Dewald Pretorius -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Any thoughts on this?
Uuuufgh, it does the encryption server-side via POST, so it's essentially begging for your trust. So while Total Amnesia is promised, it's really not assured. Neat tool and everything, but I'd prefer to see a local version. Also, it doesn't offer authentication like PGP and OTR do. On Sat, Jun 22, 2013 at 11:15 AM, Yosem Companys compa...@stanford.eduwrote: From: Dewald Pretorius, owner of SocialOomph.com The alarming revelations of the extent to which our privacy is being invaded by governments have inspired me to create a free encryption service that is for everyone. It is gratis, it's extremely easy to use, and it's anonymous (no need to sign up). https://www.encryptfree.com Essentially, you use the free service to encrypt the text you want to protect, paste the encrypted version into an email, tweet, Facebook post, Google+ post, etc., and give the decryption password to the intended recipient. The recipient uses the site to decrypt the text using the password you chose (only someone who knows the password can decrypt the text). It's extremely easy to use. Nothing to install and nothing to configure. And as the name suggests, it will always be free. If you know someone who can benefit from the service, please tell them about it. https://www.encryptfree.com If you're so inclined, please send tweets about the service and/or write a blog post about it, or record a Youtube video. Please think of usage scenarios and let other people know about the site. I believe there are many folks who would prefer a little more privacy when communicating online, but do not have the money to purchase or the technical expertise to configure commercial encryption products. The EncryptFree service is intended for us, the little guys. Best regards, Dewald Pretorius -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Any thoughts on this?
Yosem Companys writes: From: Dewald Pretorius, owner of SocialOomph.com The alarming revelations of the extent to which our privacy is being invaded by governments have inspired me to create a free encryption service that is for everyone. It is gratis, it's extremely easy to use, and it's anonymous (no need to sign up). https://www.encryptfree.com Um... ① You actually send them your plaintext every single time you use the service. If you want to send plaintext to a third party, why not a webmail or IM provider or social network? ② Reference to being run by a Canadian is possibly intended to invoke jurisdictional diversity but the server is hosted in the U.S. (Amazon AWS), not even on machines physically owned by the service operator. ③ Instructions say give the password to the recipient (obviously not in the same email!) -- so, how are users supposed to give the password to the recipient? ④ I suspect most users will choose passwords that can be brute-forced easily. There isn't even any advice to users about what a good password would be in this context (and no documentation about whether or how a KDF is used). People here were criticizing harshly criticizing the older version of CryptoCat over vulnerabilities less concrete and fundamental than these. Without (at least) some new browser functionality, nothing to install is a massive red flag for any cryptographic application. -- Seth Schoen sch...@eff.org Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Any thoughts on this?
..on Sat, Jun 22, 2013 at 09:15:45AM -0700, Yosem Companys wrote: From: Dewald Pretorius, owner of SocialOomph.com The alarming revelations of the extent to which our privacy is being invaded by governments have inspired me to create a free encryption service that is for everyone. It is gratis, it's extremely easy to use, and it's anonymous (no need to sign up). https://www.encryptfree.com Essentially, you use the free service to encrypt the text you want to protect, paste the encrypted version into an email, tweet, Facebook post, Google+ post, etc., and give the decryption password to the intended recipient. The recipient uses the site to decrypt the text using the password you chose (only someone who knows the password can decrypt the text). It's done server-side and so the owner of that service is in the sweet spot, getting everyone's text in the clear. Whether he actually does delete the text as he says begs far too much trust. Who says he wouldn't sell out if offered a ton of money for a back door? I certainly wouldn't use it for anything remotely important. PGP/GNUPG is a better way to go, done locally on the user's machine. PGP Desktop clients can be used for encrypting text, independently of email. Here's one for OS X: https://gpgtools.org/ Windows: http://gpg4win.org/ Us GNU/Linux users can just use the command line or a GUI like: http://utils.kde.org/projects/kgpg/ http://projects.gnome.org/seahorse/ Cheers, -- Julian Oliver http://julianoliver.com http://criticalengineering.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] to encrypt or not to encrypt?
That and get everyone to salt every message with a random assortment of words and phrases from flag lists On Jun 21, 2013, at 11:55 AM, Nadim Kobeissi na...@nadim.cc wrote: The solution to this is to make encryption more and more widely used. By increasing the number of people with access to encryption technology for their communications, we dilute this threat. NK On 2013-06-21, at 11:52 AM, Michael Rogers mich...@briarproject.org wrote: Signed PGP part It's unfortunate that Ars Technica has chosen that angle, since I believe it misrepresents the situation: if you use encryption, the NSA may indeed retain your encrypted traffic, but won't be able to read it. If you don't use encryption, the NSA will be able to read your traffic, and will retain it if it contains anything interesting, or if you're not an American. So encryption is still a net gain for privacy. Blending in is a red herring in my opinion - metadata (which isn't subject to the restrictions discussed in the Ars Technica article) reveals who talks to whom and when. That's sufficient to identify persons of interest, regardless of whether they use encryption. Any activist or journalist should assume they're already a person of interest, thanks to their job and the people they talk to. Not to be subject to surveillance would be something of a professional embarrassment. ;-) So forget about blending in. Assume you're subject to surveillance, and think about what steps you're going to take in response. Cheers, Michael On 21/06/13 16:41, dan mcquillan wrote: a few people who came to our university cryptoparty asked whether they're just going to draw attention to themselves by encrypting email. the latest leaks seems to give a firm 'yes', as the NSA specifically keeps encrypted comms indefinitely. sample news item: http://www.techdirt.com/articles/20130620/15390323549/nsa-has-convinced-fisa-court-that-if-your-data-is-encrypted-you-might-be-terrorist-so-itll-hang-onto-your-data.shtml http://www.techdirt.com/articles/20130620/15390323549/nsa-has-convinced-fisa-court-that-if-your-data-is-encrypted-you-might-be-terrorist-so-itll-hang-onto-your-data.shtml?utm_source=dlvr.itutm_medium=twitter how would list members answer the question 'to encrypt or not to encrypt'? cheers dan -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Any thoughts on this?
Yeah, this is completely nuts. You're sending the service's owner(s) your password and plaintext in the clear. The person(s) operating this service get(s) all the passwords, all the plaintext, and even which IP address is sending/receiving plain texts at what time with each password. It's terrifying. For what it's worth, I've tweeted at the author asking him to take it down. He seems to be just a well-meaning guy: https://twitter.com/kaepora/status/348530356317741056 NK On 2013-06-22, at 2:45 PM, Julian Oliver jul...@julianoliver.com wrote: ..on Sat, Jun 22, 2013 at 09:15:45AM -0700, Yosem Companys wrote: From: Dewald Pretorius, owner of SocialOomph.com The alarming revelations of the extent to which our privacy is being invaded by governments have inspired me to create a free encryption service that is for everyone. It is gratis, it's extremely easy to use, and it's anonymous (no need to sign up). https://www.encryptfree.com Essentially, you use the free service to encrypt the text you want to protect, paste the encrypted version into an email, tweet, Facebook post, Google+ post, etc., and give the decryption password to the intended recipient. The recipient uses the site to decrypt the text using the password you chose (only someone who knows the password can decrypt the text). It's done server-side and so the owner of that service is in the sweet spot, getting everyone's text in the clear. Whether he actually does delete the text as he says begs far too much trust. Who says he wouldn't sell out if offered a ton of money for a back door? I certainly wouldn't use it for anything remotely important. PGP/GNUPG is a better way to go, done locally on the user's machine. PGP Desktop clients can be used for encrypting text, independently of email. Here's one for OS X: https://gpgtools.org/ Windows: http://gpg4win.org/ Us GNU/Linux users can just use the command line or a GUI like: http://utils.kde.org/projects/kgpg/ http://projects.gnome.org/seahorse/ Cheers, -- Julian Oliver http://julianoliver.com http://criticalengineering.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] PrivateCore and secure hosting
Hi Maxim. This area is a bit murky since there is a lot of overlap between the notions of secure boot, trusted boot, and measured boot. If it had to venture an answer, I'd say the benefit of TXT is that it provides finer-grained measurements and visibility into the secure boot process. I don't know enough about the measured boot component of UEFI Secure Boot, though. It may already be using TXT. Intel answered a forum question similar to yours here: http://software.intel.com/en-us/forums/topic/391211 They refer to a summary article by Microsoft here: http://technet.microsoft.com/en-us/windows/dn168167.aspx Here's a post about an open source UEFI secure boot shim: http://mjg59.dreamwidth.org/20303.html And we have some general TXT-related links here: http://privatecore.com/resources-overview/server-attestation/ On Sat, Jun 22, 2013 at 7:38 AM, Maxim Kammerer m...@dee.su wrote: Hi Steve, a technical (and perhaps stupid) question: On Sat, Jun 22, 2013 at 1:49 AM, Steve Weis stevew...@gmail.com wrote: The host H will have a trusted platform module (TPM). When H boots up, it will measure all software state into platform control registers (PCRs) in the TPM. See Intel Trusted Execution Technology (TXT) for more info how this works. Does TXT provide any benefit over UEFI Secure Boot? I remember looking into integrating TXT, and it seemed like something not too well-supported, and essentially superseded by better-established standards like Secure Boot. -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Brazilian Activists automatically being banned from Facebook
Hello guys I cannot say exactly what's going on in Brazil, but we have just revealed what seems to be the tip of a surveillance strategy related to the military. We have found that, when you send the message Meu amigo general disse que a Força Nacional tá mega bem equipada, pra qualquer emergência. on the chat, this content is automatically reported as abusive and the account is automatically suspended. For those who do not understand Portuguese, this sentence would translate as My General-of-the-army friend said that the National Security Forces are very well equipped, for the case of any emergence. At least five friends needed to reconfirm their account, whereas I have not been able to come back. I suspect that this system of aumotically banning probably works outside Brazil as well, so you may try it yourselves, but take care, because it may not let you get you accounts back. Could you try to put some light on this? Any idea of what it may be? Thank you very much for any help Andre -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] to encrypt or not to encrypt?
Hi, On Fri, 21 Jun 2013 18:51:01 +0200 phryk ph...@phryk.net wrote: On Fri, 21 Jun 2013 11:55:57 -0400 Nadim Kobeissi na...@nadim.cc wrote: The solution to this is to make encryption more and more widely used. By increasing the number of people with access to encryption technology for their communications, we dilute this threat. My thought exactly, just encrypt ALL THE THINGS and let those people deal with humungous amounts of data, most of which will be completely useless even if decrypted. There is another ingredient to all this context of crisis and collapse: things are getting desperate in some cases where for a generation, people lived within a now dying mindset, so there is a lot of catharsis for change in the way we use data and networks just as there is with this cultural change and time of mass protests. Cities, neighbourhoods and regions can concievably plan or cultivate separate internets, or geographically dispersed interest groups can choose a platform or technology amongst the more secure or private/anonymous and work with that. Here in Catalunya we have the fast growing community run neutral wifi/cable network Guifi.net which can work as a separate internet and disconnect from it whilst still running services that users can connect to, for example. The key I think is to have locally funded data and networking services like data storage and transfer, maps, social network software and data storage or search, which also helps an area be resilient against google, facebook co's possible demise, or changes to legislation or of their business plans. I think there are 2 choices in planning for security in a more localised economy/community: you can create a walled garden within your network/community and keep a really tight control on who you let in, and what local processes or activities might work towards keeping that system going. Or you can work in a trust network of some kind, with each person or group gauging what and how much information to exchange between different networks. I wonder if the best way to enable more widespread use, alongside things like cryptoparties would be the creation of a fund for improving the interfaces, effectiveness and usability of these crypto/distributed data tools? Ale -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Brazilian Activists automatically being banned from Facebook
Hello Andre, For what it's worth, I tried sending this message on my Facebook (I am in Canada) and nothing happened. So the blocking, if factual, is probably limited to a certain number of accounts. From personal experience, I don't recall hearing about this sort of thing happening in the past. Facebook Chat anti-abuse is usually triggered by URLs, not by regular messages, as far as I know. NK On 2013-06-22, at 4:54 PM, André Costa andredmco...@gmail.com wrote: Hello guys I cannot say exactly what's going on in Brazil, but we have just revealed what seems to be the tip of a surveillance strategy related to the military. We have found that, when you send the message Meu amigo general disse que a Força Nacional tá mega bem equipada, pra qualquer emergência. on the chat, this content is automatically reported as abusive and the account is automatically suspended. For those who do not understand Portuguese, this sentence would translate as My General-of-the-army friend said that the National Security Forces are very well equipped, for the case of any emergence. At least five friends needed to reconfirm their account, whereas I have not been able to come back. I suspect that this system of aumotically banning probably works outside Brazil as well, so you may try it yourselves, but take care, because it may not let you get you accounts back. Could you try to put some light on this? Any idea of what it may be? Thank you very much for any help Andre -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Deterministic builds and software trust [was: Help test Tor Browser!]
On Tue, Jun 18, 2013 at 08:54:30PM -0700, Mike Perry wrote: [ one the most insightful, thoughtful messages I've ever read here ] There's very little I can add to that, except to say that I look forward to reading the future, longer writeup you mentioned. Now get to work. ;-) ---rsk -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Quick Guide to Alternatives
On Tue, Jun 18, 2013 at 11:30:00AM +0200, Julian Oliver wrote: It'd be also good to add GNU/Linux however. [...[ And the BSD family, notably OpenBSD -- whose development is led in large part by one of my favorite curmudgeons. (As I've said elsewhere, some of the people working on OpenBSD are nit-picking, anal-retentive, pedantic, intolerant, fanatical, insistent, demanding and relentless: in other words, the perfect people to be crafting an operating system.) Use of open source applications alone is an insufficient measure against snooping today, IMO. True. Open source OS/applications are necessary -- but not sufficient. ---rsk -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Brazilian Activists automatically being banned from Facebook
Hello guys Just to let you all know, we have found it possibly was a well-organized deceit. Apparently someone has spammed many messages with words related to the military, and then started to spread a rumor that there was a surveillance scheme going on. Since the combination of those words had already been reported as spam, all messages started to be automatically blocked. Some fears and rumours about the possibility of an attempt against democracy in Brazil have been circulating here lately, and those dreads are generally projected upon the military. Someone probably took advantage of this situation to spread misinformation and more fear. Thanks to everyone who tried to help. André Sorry for the confusion. This is not the only case of the infowar that's happening here, since journalists from independent media outlets received attacks on their webpages lately. 2013/6/22 André Costa andredmco...@gmail.com Hello guys I cannot say exactly what's going on in Brazil, but we have just revealed what seems to be the tip of a surveillance strategy related to the military. We have found that, when you send the message Meu amigo general disse que a Força Nacional tá mega bem equipada, pra qualquer emergência. on the chat, this content is automatically reported as abusive and the account is automatically suspended. For those who do not understand Portuguese, this sentence would translate as My General-of-the-army friend said that the National Security Forces are very well equipped, for the case of any emergence. At least five friends needed to reconfirm their account, whereas I have not been able to come back. I suspect that this system of aumotically banning probably works outside Brazil as well, so you may try it yourselves, but take care, because it may not let you get you accounts back. Could you try to put some light on this? Any idea of what it may be? Thank you very much for any help Andre -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Brazilian Activists automatically being banned from Facebook
On 2013-06-22, at 7:58 PM, André Costa andredmco...@gmail.com wrote: Hello guys Just to let you all know, we have found it possibly was a well-organized deceit. Apparently someone has spammed many messages with words related to the military, and then started to spread a rumor that there was a surveillance scheme going on. Since the combination of those words had already been reported as spam, all messages started to be automatically blocked. That sounds credible to me. Some fears and rumours about the possibility of an attempt against democracy in Brazil have been circulating here lately, and those dreads are generally projected upon the military. Someone probably took advantage of this situation to spread misinformation and more fear. The best thing to do is to adopt a wise security posture and focus more on keeping your own communicative safety and ignoring rumours and bait :-) NK Thanks to everyone who tried to help. André Sorry for the confusion. This is not the only case of the infowar that's happening here, since journalists from independent media outlets received attacks on their webpages lately. 2013/6/22 André Costa andredmco...@gmail.com Hello guys I cannot say exactly what's going on in Brazil, but we have just revealed what seems to be the tip of a surveillance strategy related to the military. We have found that, when you send the message Meu amigo general disse que a Força Nacional tá mega bem equipada, pra qualquer emergência. on the chat, this content is automatically reported as abusive and the account is automatically suspended. For those who do not understand Portuguese, this sentence would translate as My General-of-the-army friend said that the National Security Forces are very well equipped, for the case of any emergence. At least five friends needed to reconfirm their account, whereas I have not been able to come back. I suspect that this system of aumotically banning probably works outside Brazil as well, so you may try it yourselves, but take care, because it may not let you get you accounts back. Could you try to put some light on this? Any idea of what it may be? Thank you very much for any help Andre -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
