Re: [liberationtech] PRISM and an Agenda for European Network
On 07/04/2013 10:04 PM, hellekin wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I want to thank Christian Grothoff and his team(s) for the exceptional work they're doing on GNUnet. Christian gave an awesome presentation at the Free University of Amsterdam a couple of days ago, and the slides are available as a PDF file. [1] PRISM and an Agenda for European Network Security Research Another Turn of the Wheel: Mainframe, Desktop, Cloud, Peer introduces the European situation in the light of the PRISM surveillance program of the NSA, with good insight on its dimensions, and goes on to describe how the GNUnet framework is offering a viable solution to the decentralization problem. Highlights (with personal comments): * Current practice of encryption on the Internet: send everything to the USA in plaintext * NSA's upcoming Bluffdale datacenter is estimated to suck 65 MW power consumption. Compare with the new super-computer of the Leibniz Supercomputing Centre, SuperMuc: 3 MW, 155,656 cores, ≈ 3 Peta FLOPS * US companies trade unpatched software vulnerabilities in exchange for access to intelligence gathered from the NSA: i.e., there's a vicious circle where NSA acquires more intelligence capability with the help of businesses. Does that sound like fair trade, free competition, ethical practice? Or collusion between big business and government? * US controls Internet infrastructure: IANA, DNS roots, DNSSec root certificate, x509 Certificate authorities, i.e. it's compromised! * Decentralize data and trust: end-to-end encryption, decentralized PKI, decentralized data storage, no servers, no authorities * current decentralized solutions are slower, more complex to use and develop, do not benefit from economies of scale, and are harder to secure and evolve * in comparison, centralized solutions are... COMPROMISED! * GNUnet seeks to make decentralized systems: faster, more scalable; easier to develop, deploy, and use; What exactly is GNUnet? To put it in gaming parlance (useful because games-- or at least the gaming community-- take UX seriously), is it currently the equivalent of a prototype for a gaming engine that has a GUI for the sake of convenience and development? Or is it a prototype for a system that includes a GUI that an end-user would eventually use? (I.e., the game itself.) Or something else? You write that it aims to make decentralized system easier to use, but where does the user actually fit in to the picture? I sometimes feel like GNU forgets that freedom to run the program for any purpose is moot if merely running the program requires skills that 99% of the population doesn't have. -Jonathan -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [cryptography] SSL session resumption defective (Re: What project would you finance? [WAS: Potential funding for crypto-related projects])
- Forwarded message from Adam Back a...@cypherspace.org - Date: Thu, 4 Jul 2013 20:33:50 +0200 From: Adam Back a...@cypherspace.org To: Thierry Moreau thierry.mor...@connotech.com Cc: Crypto discussion list cryptogra...@randombit.net Subject: Re: [cryptography] SSL session resumption defective (Re: What project would you finance? [WAS: Potential funding for crypto-related projects]) User-Agent: Mutt/1.5.21 (2010-09-15) I do not think it is a narrow difference. End point compromise via subpoena, physical seizing, or court mandated disclosure are far different things than pre-emptive storing and later decryption. The scale at which a society will do them, and tolerate doing them given their inherently increased visibility is much curtailed. Trying to do wide scale MITM is much harder, than hoovering ciphertext and then after the fact obtaining keys by whatever method is expedient, legal/extra-legal, secret particularized warrant, secret general warrants, government authorized malware, etc. All of these things are apparently happening on scale larger than authorized by society. Having to physically seize systems, issue individualized subpoenas to a generally public court process based on articulated suspicion creates a natural balance vs general warrants that the US rightly fought a revolution against my ancesters, the British over. Basically unless you think PRISM is a good idea, you should use DH. On Thu, Jul 04, 2013 at 12:37:40PM -0400, Thierry Moreau wrote: (The argument that other parts of the system are poorly secured, is not an excuse; and anyway their failure modes are quite distinct). In my opinion, when you consider the casual user needs, I see those arguments not at a top priority. Subpoena resistance is a pretty high priority for end user systems. Btw DH is not the only way to get forward secrecy; ephemeral (512-bit) RSA keys were used as part of the now-defunct export ciphers, and the less well known fact that you can extend forward secrecy using symmetric key one way functions hash function k' = H(k), delete k. Not completely by this counterexample: generate k, suffer from an enemy copy of system state including k, let k'=H(k), delete k', use k' in dangerous confidence. I mean the textbook PFS definition is not satisfied by k'=H(k). I think you are confusing forward secrecy (aka backward security) with backward secrecy (forward security). Ross Anderson tried to improve things with his forward secure/backward secure alternative terminology: http://www.cypherspace.org/adam/nifs/refs/forwardsecure.pdf Forward secrecy is a bad term from a mnemonic point of view, I think Anderson's forward/backward security terms are better. EDH provides both, k'=H(k) provides only backward security (aka forward secrecy). The point is you do both; you can computationally afford to do k'=H(k) with an agile key-schedule cipher like AES every minute or whatever. Adam ___ cryptography mailing list cryptogra...@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Revealed: secret European deals to hand over private data to America (retracted article from Guardian)
http://pastebin.com/yMGTZ1PZ# DELETED ARTICLE FROM GUARDIAN http://www.guardian.co.uk/info/2013/jun/30/taken-down Revealed: secret European deals to hand over private data to America Germany 'among countries offering intelligence' according to new claims by former US defence analyst At least six European Union countries in addition to Britain have been colluding with the US over the mass harvesting of personal communications data, according to a former contractor to America's National Security Agency, who said the public should not be kept in the dark. Wayne Madsen, a former US navy lieutenant who first worked for the NSA in 1985 and over the next 12 years held several sensitive positions within the agency, names Denmark, the Netherlands, France, Germany, Spain and Italy as having secret deals with the US. Madsen said the countries had formal second and third party status under signal intelligence (sigint) agreements that compels them to hand over data, including mobile phone and internet information to the NSA if requested. Under international intelligence agreements, confirmed by declassified documents, nations are categorised by the US according to their trust level. The US is first party while the UK, Canada, Australia and New Zealand enjoy second party relationships. Germany and France have third party relationships. In an interview published last night on the PrivacySurgeon.org blog, Madsen, who has been attacked for holding controversial views on espionage issues, said he had decided to speak out after becoming concerned about the half story told by EU politicians regarding the extent of the NSA's activities in Europe. He said that under the agreements, which were drawn up after the second world war, the NSA gets the lion's share of the sigint take. In return, the third parties to the NSA agreements received highly sanitised intelligence. Madsen said he was alarmed at the sanctimonious outcry of political leaders who were feigning shock about the spying operations while staying silent about their own arrangements with the US, and was particularly concerned that senior German politicians had accused the UK of spying when their country had a similar third-party deal with the NSA. Although the level of co-operation provided by other European countries to the NSA is not on the same scale as that provided by the UK, the allegations are potentially embarrassing. I can't understand how Angela Merkel can keep a straight face, demanding assurances from [Barack] Obama and the UK while Germany has entered into those exact relationships, Madsen said. The Liberal Democrat MEP Baroness Ludford, a senior member of the European parliament's civil liberties, justice and home affairs committee, said Madsen's allegations confirmed that the entire system for monitoring data interception was a mess, because the EU was unable to intervene in intelligence matters, which remained the exclusive concern of national governments. The intelligence agencies are exploiting these contradictions and no one is really holding them to account, Ludford said. It's terribly undermining to liberal democracy. Madsen's disclosures have prompted calls for European governments to come clean on their arrangements with the NSA. There needs to be transparency as to whether or not it is legal for the US or any other security service to interrogate private material, said John Cooper QC, a leading international human rights lawyer. The problem here is that none of these arrangements has been debated in any democratic arena. I agree with William Hague that sometimes things have to be done in secret, but you don't break the law in secret. Madsen said all seven European countries and the US have access to the Tat 14 fibre-optic cable network running between Denmark and Germany, the Netherlands, France, the UK and the US, allowing them to intercept vast amounts of data, including phone calls, emails and records of users' access to websites. He said the public needed to be made aware of the full scale of the communication-sharing arrangements between European countries and the US, which predate the internet and became of strategic importance during the cold war. The covert relationship between the countries was first outlined in a 2001 report by the European parliament, but their explicit connection with the NSA was not publicised until Madsen decided to speak out. The European parliament's report followed revelations that the NSA was conducting a global intelligence-gathering operation, known as Echelon, which appears to have established the framework for European member states to collaborate with the US. A lot of this information isn't secret, nor is it new, Madsen said. It's just that governments have chosen to keep the public in the dark about it. The days when they could get away with a conspiracy of silence are over. This month another former NSA contractor, Edward Snowden, revealed to the Guardian
Re: [liberationtech] Deadline extension: International Summit for Community Wireless Networks 2013
Dear Dan, two weeks ago I submitted a proposal for a panel on Community Cloud Networks, using the on line tool. I have not received any feedback, and I am wondering if the proposal did go thru, or if I should try again. Please advise. Thank you, Ermanno On Fri, May 31, 2013 at 8:01 PM, Dan Staples danstap...@opentechinstitute.org wrote: FYI, the deadline for workshop and panel proposals at this year's Summit has been extended until July 1st. See below for more info. -- Are you passionate about using technology to improve your community? Do you want to help expand access to affordable Internet? Are you an advocate for open technology, ICT4D or community-owned infrastructure? If so, then we invite to you to participate in this year's International Summit for Community Wireless Networks (IS4CWN) http://2013.wirelesssummit.org/. The Summit will take place in Berlin on October 2-4, 2013. IS4CWN is a gathering of technology experts, policy analysts, on-the-ground specialists, and researchers working on state-of-the-art community broadband projects across the globe. Above all, IS4CWN is a community of communities, and the annual summit serves as an opportunity to share ideas and challenges, discuss policy issues, and coordinate research and development efforts. The 2013 Summit theme is community. In the past decade -- which included the founding of Freifunk http://start.freifunk.net/, the birth of the International Summit for Community Wireless Networks, and the genesis of major projects including Commotion https://commotionwireless.net/ and CONFINE http://confine-project.eu/ -- the community wireless movement has expanded substantially in both size and visibility. But where do we go from here? How can we take the movement to the next level in terms of technological advancement, community engagement, and diversity? We encourage our speakers, workshop leaders, and participants to think big this year and help us grow our community of communities. Interested? Head on over to www.WirelessSummit.org http://www.wirelesssummit.org/. Registration is open and forms to submit workshop proposals and request travel funding are available. Early registrants will receive a 50% discount. Potential topics include: using wireless for social justice, rural broadband frameworks, technical developments in mesh networking, spectrum policy, training communities in technical skills, case studies of networks, challenges of corporate monopolies, and much more. This year's Summit is committed to having a diversity of voices and experience, and we're looking to have a lot of new faces in the room. Community networks encompass a whole range of social, political and technical challenges, so technical knowledge is definitely not required. Access to technology and technical knowledge has been historically inequitable and remains so to this day. Recognizing this, the International Summit for Community Wireless Networks aspires to include participants and speakers from a broad range of backgrounds and experiences. We seek and welcome diversity in order to reflect the communities that wireless networks can and should serve, cultivating expertise, creativity, and innovation. Please join us in creating an environment of respect, equity, and accessibility at all levels of Summit involvement. -- Dan Staples Open Technology Institute https://commotionwireless.net -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Ermanno Pietrosemoli Presidente Fundación Escuela Latinoamericana de Redes (EsLaRed) www.EsLaRed.org.ve -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Terry Winograd and Evgeny Morozov
I enjoyed seeing the discussion that Evgeny provoked here (and indeed provoke is his MO). I found Alex Madrigal's review in the Atlantic very thoughtful (though long): http://www.theatlantic.com/technology/archive/2013/03/toward-a-complex-realistic-and-moral-tech-criticism/273996/ --t On Wed, Jul 3, 2013 at 7:55 AM, The Doctor dr...@virtadpt.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/02/2013 06:50 PM, Doug Schuler wrote: And not to be churlish, but of course language did not solve all of our problems. But as in the parable you mentioned, It did help humankind dominate nature ? lions included. Talking to a lion doesn't help when it has you in its mouth. - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ Become a producer of experiences, not a consumer. --Terrence McKenna -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlHUO0QACgkQO9j/K4B7F8GIYwCeL3HjQf715t/VWmXc+t9QPwXb Xq0AnixN13EA6fk12clYa6M3E9mj7cub =aGL+ -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Terry Winograd and Evgeny Morozov
So after reading the review (and admitting I have not read the book) my question is this - more serious than it may sound at first. Within Evgeny Morozov's framework is Evgeny Morozov a media creation that allows people working with the Internet to self track their own critiquing of the Internet? (My last Morozov post I hope). Michael From: liberationtech-boun...@lists.stanford.edu [liberationtech-boun...@lists.stanford.edu] on behalf of Terry Winograd [winog...@cs.stanford.edu] Sent: Friday, July 05, 2013 5:56 PM To: liberationtech Cc: Alexis Madrigal Subject: Re: [liberationtech] Terry Winograd and Evgeny Morozov I enjoyed seeing the discussion that Evgeny provoked here (and indeed provoke is his MO). I found Alex Madrigal's review in the Atlantic very thoughtful (though long): http://www.theatlantic.com/technology/archive/2013/03/toward-a-complex-realistic-and-moral-tech-criticism/273996/ --t On Wed, Jul 3, 2013 at 7:55 AM, The Doctor dr...@virtadpt.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/02/2013 06:50 PM, Doug Schuler wrote: And not to be churlish, but of course language did not solve all of our problems. But as in the parable you mentioned, It did help humankind dominate nature ? lions included. Talking to a lion doesn't help when it has you in its mouth. - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ Become a producer of experiences, not a consumer. --Terrence McKenna -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlHUO0QACgkQO9j/K4B7F8GIYwCeL3HjQf715t/VWmXc+t9QPwXb Xq0AnixN13EA6fk12clYa6M3E9mj7cub =aGL+ -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] A mesh grows in Oakland, California!
From: Jenny Ryan je...@thepyre.org Howdy hackers! The sudo room mesh networking group has gotten to the point where we are nearly ready to launch a free community wireless network in the east bay! Take a look at our map http://meshmap.sudoroom.org to see where we are. We will be launching the first part of the network with 100+ wifi nodes, and we need your help to raise the money! Even a single dollar helps! We are 68% of the way to our goal: https://www.wepay.com/donations/oakland-community-mesh-network You can also donate bitcoins using the following wallet address: 12RxU4DpLpdWcmEBn7Tj325CCXBwt5i9Hc Or gittip: https://www.gittip.com/sudomesh/ Even if you can't contribute monetarily, please consider forwarding this to your friends / social networks of choice. We will provide a free wireless network controlled and maintained by the local community. The network will be used it to provide both local community services, post-disaster backup connectivity and free internet connectivity focusing on the less connected communities. We are also looking for new members and allies. What you can do to help: *Have you been involved with a mesh project before? We'd love to hear from you! Join our mailing list http://lists.sudoroom.org/listinfo/mesh or hop into our IRC channel: #510pen on Freenode. *Do you want to help with community outreach? We want to engage the local communities and need your help to reach more people. *Can you help with design of fliers or websites? We meet every Thursday evening at 8:30 pm at sudo room https://sudoroomorg, and everyone is welcome to join! We take notes at http://pad.riseup.net/p/510penmeeting, and post meeting minutes on our wiki: http://sudoroom.org/wiki/Mesh If you're more interested in donating equipment directly, look at our wishlist: https://sudoroom.org/wiki/Mesh/Wishlist Mesh the planet!! Jenny http://jennyryan.net http://thepyre.org http://thevirtualcampfire.org http://technomadic.tumblr.com `~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~` Technology is the campfire around which we tell our stories. -Laurie Anderson Storytelling reveals meaning without committing the error of defining it. -Hannah Arendt To define is to kill. To suggest is to create. -Stéphane Mallarmé ~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~` -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
