[liberationtech] CFP 30C3: The 30th Chaos Communication Congress
30C3 – 30th Chaos Communication Congress December 27th–30th 2013, CCH, Hamburg http://events.ccc.de/2013/07/18/30c3-call-for-participation-en/ 30C3 is the 2013 edition of the Chaos Communication Congress, the Chaos Computer Club’s international conference and hacker party. During the four days between Christmas and New Year’s Eve, thousands of technology enthusiasts, tinkerers, artists, utopians and foo from Europe and all over the world come together at the Congress Center Hamburg (CCH) to exchange ideas, learn and party together. Participants engage with topics covering information technology, computer security, the make-and-break scene, critically constructive ways of dealing with technology and its effects on our societies. The lecture programme review and selection process will be put on a new basis this year. Submitted talk proposals will be selected by content teams in charge of one of the following tracks: - Art Beauty - Ethics, Society Politics - Crafting Making - Security Safety - Science Engineering. Tracks Art Beauty Computers can be used to create art and beauty. This track is for all those lectures and installations dealing with creative approaches to culture, music and art. Crafting Making This track is about all those tools designed to turn the digital into the physical. We are looking forward to any submissions by those who, when they speak of cloud hacking, actually mean making it rain, who see e-bikes as a transport layer, and who happily forward viruses from their inbox to their dna sequencer. Ethics, Society Politics This track is about ethics, society and politics in the digital age. This includes submissions dealing with the dangers of technology in politics and society as well as the threats that politics pose for the digital society. At the same time, aside from fear and danger, we are interested in examples of happiness and hope for a better world through the interaction of technology and politics. Science Engineering This track is for all those who don’t think Knuth was a cute polar bear at the Berlin zoo. Submissions containing exoskeletons and “bleeding edge” research – anything cool that comes out of universities – as well as DIY experiments that aren’t about typical making belong in this track. You’ve solved the halting problem? Submit! Security Safety This track gathers people and groups who wish to describe or discuss technical computer related safety and security. We are interested in everything suitable to develop or bypass security mechanisms. This is not limited to software systems, this year the committee is especially interested in hardware topics. Technical weaknesses, tools, techniques and allied research all belong in this track. Assemblies Assemblies are places where communities of interest can meet in the core of the congress. They are comparable to villages at the various hacker camps. We will have lots of space again, so larger installations will be possible. The assemblies will be organized in the public Wiki. Self-understanding of the 30C3 The CCC runs the congress with the help of self-organized volunteer teams and on its own funds. We are proud of this and we are looking forward to once again being able to put together a congress with no external influences and no need for self-censorship. We regard this event as one of the few places where a global exchange using the creative-critical approach to technology and society is possible without censorship. We are not providing a stage to secret services or other state organisations. However, based on our concept and on the fact that work is done on a voluntary basis, a thorough advance screening of participants and speakers is not possible. It goes without saying that everyone attending the conference should be treated with respect and consideration. A significant proportion of delegates and speakers value their privacy, the integrity of their own data and their photographic likenesses. Those who attach less importance to personal agency in these matters are in a stronger position. We therefore ask them to respect the feelings and wishes of others. Submission Guidelines For talks and workshops: Please send us a description of your suggested talk that is as complete as possible. The description is of particularly importance to the selection, so please ensure it is as clear as possible. Quality takes precedence over quantity. Due to the non-commerical nature of the Congress, presentations which aim to market or promote commerical products or entities will not be entertained. As it is likely that that there will be multiple submissions about the same topic, please show us exactly why your talk should be part of the conference. Please write something about yourself, your environment and your motivation. It does not matter if the talk has been held at another conference, All it has to be is up to date. Talks should be no
[liberationtech] technical legal questions about FOIA redactions and MIT's FOIA oddness
Can anyone tell me if there are consequences if third party information, which should be redacted from FOIA documents, is not properly redacted from a FOIA requested document by the agency the document is requested from? Is there any consequence under the Privacy Act or any such thing? For example, if the DOJ were to, say, somewhat negligently miss a bunch of names on the Conde Nast FOIA request and hand it to Kevin Poulsen, would there actually be any consequences to the DOJ? From the case law quoted, it looks likely if there are any consequences they would be civil damages after anyone might be harrassed, SWATed, hacked, or bodily harmed, That might be cold comfort if you were the new president of MIT. Even colder comfort if you were named in those documents. I might post another post with a philosophical rant on SWATing and the prospect of retaliation implicit in all of this... But, it seems so odd that this is an issue, because my understanding is that MIT has every reason to expect that their staff names should be strictly and thoroughly redacted if everything were on the up and up. Or, this is how I would read: http://www.justice.gov/oip/courtdecisions/exemption6.html Where cases of privacy of redacted records of non-govt third parties that were supported after court *challenge* include: *The court holds that defendant properly invoked Exemption 6 to withhold the names and contact information of agency contracting officers. For one, the court notes that the Ninth Circuit has held that the possibility of harassment, embarrassment, stigma, and retaliation [among the harms cited by defendants in this case] are cognizable privacy interests under the exemption six precedents. The court comments that the responsive records abound with examples of contracting officers disclosing their own mistakes and notes that defendant points to plaintiff's own statements as additional evidence that the contracting officers... will be embarrassed, humiliated, or possibly harassed if their names and contact information are released in connection with the reported mistakes. The court also finds that defendant's contention that disclosure of the requested information would have a chilling effect on its employees' willingness to speak with candor in future reports is also as valid factor to be weighed in balancing the public and private interests. In terms of the public interest involved, the court agrees with defendant's assertion that because the [OIG] report and its findings have already been released, and release of the names, titles, and contact information will not further the public good. Accordingly, the court determines that the invasion of [the employees'] privacy is not warranted because their right of privacy is greater than the public interest served by disclosure of their private information.* *Chesterfield Assocs., Inc. v. U.S. Coast Guard, No. 08-4674, 2009 WL 1406994 (E.D.N.Y. May 19, 2009) (Block, J.). Defendant properly withheld the names of its own employees and the contractor's employees who were involved in the bidding process. [T]he Court perceives no principled basis for concluding that government employees involved in the bidding process for public contracts do not have the same privacy interest [as employees who conduct internal investigations] arising out of the same possibility of harassment or embarrassment. Moreover, [plaintiff] has offered no evidence to support its assertion that the bidding process was somehow tainted. There is, therefore, no public interest warranting disclosure.* *Harrison v. BOP, No. 07-1543, 2009 WL 1163909 (D.D.C. May 1, 2009) (Friedman, J.). Plaintiff's challenges to BOP's use of these exemptions reflect a misunderstanding of the law, and his notion that the third person personal privacy exemptions apply only to government employees is incorrect. The personal privacy exemptions . . . require the agency to protect the privacy of any third person identified in the records, and the statute does not except spouses. Plaintiff has failed to identify any interest in release of this information beyond his own personal interest. Similarly, he has failed to make a showing of governmental wrongdoing sufficient to satisfy the Favish standard.* and in http://www.justice.gov/oip/foia_guide09/exemption6.pdf page 449-451 *In addition, individuals who testify at criminal trials do not forfeit their rights to privacy * *except on those very matters that become part of the public record.123 Nor do individuals who * *plead guilty to criminal charges lose all rights to privacy with regard to the proceedings * *against them.124 Similarly, individuals who provide law enforcement agencies with reports * *of illegal conduct have well-recognized privacy interests, particularly when such persons * *reasonably fear reprisals for their assistance.125 Even absent any evidence of fear of reprisals,* *however, witnesses who provide information to investigative bodies -- administrative
Re: [liberationtech] seeking open wireless projects
Hi! I found one of existing documents on the topic: http://openwaves.ws/ Mitar On Fri, Jul 19, 2013 at 3:33 PM, Mitar mmi...@gmail.com wrote: Hi! I hope you checked this list: https://en.wikipedia.org/wiki/List_of_wireless_community_networks_by_region :-) There were already few times people were analyzing existing wireless networks. I think you should get into the contact with those researchers. (At least I know that I had to answer interview questions few times already.) Currently, as far as I know, part of this current EU project is to also analyze existing networks. I would recommend that you get into the contact with them: http://confine-project.eu/ And of course with everybody involved in International Summit for Community Wireless Networks. http://wirelesssummit.org/ I am involved with wlan slovenija, http://wlan-si.net/. Mitar On Fri, Jul 19, 2013 at 2:44 PM, Dan Auerbach d...@eff.org wrote: Hi libtech, We at EFF are writing up a taxonomy of existing open wireless commercial or non-commercial projects that have launched and would love input from folks on this list. So far we are looking at: Fon - http://corp.fon.com/ Comcast - http://corporate.comcast.com/news-information/news-feed/comcast-unveils-plans-for-millions-of-xfinity-wifi-hotspots-through-its-home-based-neighborhood-hotspot-initiative-2 Karma - https://yourkarma.com/ Ruckus - http://www.ruckuswireless.com/ KeyWifi - is this project still active? We're sure there are many more, and wanted to see if people here could help by pointing us towards launched projects to add to the list. It's hard to draw a bright line between what counts as a launched project vs, say, a technical solution. For example, we don't want to include a protocol like EAP-SIM or firmware that has optional open wireless as a launched project, but firmware that ships with default on guest networking might qualify. Any suggestions you have are great so don't hesitate to let us know about any cool thing related to open wireless, just please don't be offended if we decide not to categorize it as a launched project. Our goal is NOT to promote these solutions, but rather just to give an idea of what's out there, what desirable properties each offering has, and what properties it lacks. For example, we think decentralized solutions that have no captive portals or authentication and are universally available are preferred. We do not want to get into a discussion of the security properties of open wireless, or any discussion about the merits of one solution vs another -- we are simply seeking information on what is out there. Thanks, -- Dan Auerbach Staff Technologist Electronic Frontier Foundation d...@eff.org 415 436 9333 x134 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- http://mitar.tnode.com/ https://twitter.com/mitar_m -- http://mitar.tnode.com/ https://twitter.com/mitar_m -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Fwd: A hacker's guide to Amsterdam
There will be people at OHM on the 27th. Guaranteed. On 7/20/13 9:26 AM, phryk wrote: Well, I haven't been in Amsterdam ever but a quick look on hackerspaces.org got me the (apparently only) amsterdam hackerspace: https://technologia-incognita.nl/ Even if you're not interested in going there, those people might be able to give a few recommendations. Since I'm interested in this as well, I'll ask a few of the other people from the local hackerspace who'll be at the OHM too if they have any recommendatons. Thus far I only heard of a trustable coffee shop, though. :P Our initial plan was to go to the OHM venue at the 27th, but apparently whoever decided that didn't make any effort to find out that the earliest date for going to the campsite is the 29th… :/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Fwd: A hacker's guide to Amsterdam
Jens Christian Hillerup j...@hillerup.net wrote: ... So I'll be coming to Amsterdam ... I'm looking for suggestions for things to see that might be of interest for hackers -- small or large, well-known or obscure. Have a look at these sites: http://hippies.waag.org/ http://www.hippiesfromhell.org/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Traffic Analysis Countermeasures
Charles Allhands allhand...@gmail.com writes: Does anyone know of software designed to thwart traffic analysis? With all the recent news about metadata gathering this would seem like a useful privacy tool alongside Tor and good crypto. There was this interesting project, called sniffjoke: http://www.delirandom.net/sniffjoke/ but it doesn't appear to be developed anymore (last update 2 years ago...) micah -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] WeChat
Sarah Lai Stirland sa...@personaldemocracy.com wrote: Hi everyone -- I'm curious as to whether anyone on here has used WeChat, what they think of it, ... I would not use any Chinese software if security is a concern. See for example: http://www.businessweek.com/articles/2013-03-08/skypes-been-hijacked-in-china-and-microsoft-is-o-dot-k-dot-with-it There are some products from credible people available. Free, open source software for secure online chat, but (last I looked) not voice or video: http://www.cypherpunks.ca/otr/ A commercial service offering the lot -- email, voice. ... -- and running on smart phones: https://silentcircle.com/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Interesting things in keyservers
Hi Micah! Micah Lee micahf...@riseup.net writes: I'm working on a talk for OHM2013 about PGP. Can anyone send me examples of interesting keys in key servers that you know of? Since you are preparing a talk about the subject, I'm going to be pedantic and correct your usage of PGP, because it is important to get your terminology straight when giving a talk. I presume you aren't giving a talk about the commercial software, but instead you are actually giving a talk about OpenPGP which is the standard specified by RFC4880 that different programs like GnuPG, Seahorse, MacGPG, and PGP etc. all implement. If that is true, then you should refer to it as OpenPGP, and not PGP. I dont know what your talk will consist of, besides the funny enigmail XSS and goatse.cx stuff (thanks for that! always good to have some goatse early in the morning), but I would like to point out a few things that might be useful to mention. One is a wiki page that I created with some people: https://we.riseup.net/riseuplabs+paow/openpgp-best-practices - it contains some useful hints about using OpenPGP, maintaining a good key and some general good practices that people often dont know about (such as the importance of keeping your keys updated to get critical revocation and expiration extension certifications!) One thing mentioned on that page that I wanted to highlight, because you used pgp.mit.edu links in your original email, is that the keyserver pgp.mit.edu is not a good one to use/promote. Everyone uses it as their 'goto' keyserver, but it is a really bad idea! As a keyserver, it has been broken for years. For a long time it was just dropping revocations, subkey updates and expirations on the floor. That is *really* bad. Eventually, they upgraded their keyserver software, but it is *still* running an older version of SKS, a version that fails to handle 16-digit subkeyid lookups (among other failings). So, please don't rely on pgp.mit.edu for your security, and please don't include them in your slides! If you are looking for one to use, I highly recommend using the SKS pool address (hkp://pool.sks-keyservers.net or http://hkps.pool.sks-keyservers.net/ - or if you want a more close geographical pool, have a look at http://sks-keyservers.net/overview-of-pools.php). Finally, there seems to be some amazing misconceptions about keyservers, keys and the web of trust. In particular this http://cryptome.org/2013/07/mining-pgp-keyservers.htm circulated recently and it pained me to see because it suggested various wreckless conclusions that were dangerously off the mark[0] (and used pgp.mit.edu, hah). While it is true that we've jokingly called the OpenPGP web of trust the original social network because of the exposed social relational graphing that can be done by querying keyservers, and it is for this reason that many activists I know do not want to have signatures uploaded to keyservers (and instead use the bulky local-only signature work-around)... ... but for some reason people seem to think that if it is on a keyserver, is true, or it means something that it doesn't. People don't realize critical things, such as the fact that I can create a key with the UID Nadim Kobeissi and upload it to the keyservers[1]. That doesn't mean that is the real Nadim's key (this is what exchanging key fingerprints and doing certifications is for, so you can know, with a certain degree of certainty, that this person is the person who controls that secret key material). Or people think that because I signed your key and that signature is on the keyserver that indicates: I trust you; we met in person at that date; we know each other; we are involved in a criminal conspiracy with each other; or many other wrong assumptions about what that certification means. I can sign Edward Snowden's key and send that to the keyservers[1]. Hell, I can sign Snowden's key with my fake Nadim Kobeissi key[1] and then send it to the keyservers. Does that mean that Nadim and Snowden have met in person?! No, it does not at all. Anyways, I can keep going... but I dont know what the focus of your OHM talk is about, so going on like this isn't particularly useful to you and your talk... however, I'd be happy to provide more feedback about your talk if you would like![2] After all, we Micahs need to stick together, micah 0. the cryptome article just sounds like impenetrable bullshit from someone with no interest in actually understandning what's happening - I'm not saying who said this... 1. no, I didn't do that, nor did I upload the edward snowden or bradly manning keys. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Secure Android guide?
Cooper this video is so good! Thank you! -- Jerzy Łogiewa -- jerz...@interia.eu On Jul 15, 2013, at 9:04 PM, Cooper Quintin wrote: Jerzy, I gave a talk a while ago on pragmatic smartphone security. The video can be found here: http://vimeo.com/46044290 And more up to date slides can be found here: https://github.com/cooperq/spiders Enjoy! Please feel free to contact me directly if you have other questions. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Metadata Cleanup trough File Format Convertion?
Fabio Pietrosanti (naif) li...@infosecurity.ch wrote: i've been thinking about the topic of metadata cleanup of files from an implementation point of view. Regardless the consideration whether it's something useful or not for a Whistleblowing platform (GlobaLeaks), In general, it is. To be responsible, any such platform must at least look at anything they are going to release and consider whether some of it needs to be redacted. Metadata needs to be considered in that process. There are cases, though, where metadata indicating the source of a document is critical to evaluating it. Consider a document that purports to give US policy on targeting for drone strikes. Does it come from a field commander? Or Washington? Pentagon? CIA? President's office? Or is it, say, analysis by the Pakistani government? Or just speculation by some journalist? -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] liberationtech Digest, Vol 164, Issue 4
Re: Date: Thu, 18 Jul 2013 00:36:40 -0700 From: Mitar mmi...@gmail.com To: liberationtech liberationtech@lists.stanford.edu Subject: Re: [liberationtech] Stability in truly Democratic decision systems Message-ID: CAKLmikMVPFGXB5GB=ifc6dbjkyuvm+wzao_x1egrczjo8fk...@mail.gmail.com Content-Type: text/plain; charset=UTF-8 On Tue, Jul 9, 2013 at 8:34 PM, Peter Lindener lindener.pe...@gmail.com wrote: At his point, while we could have discussions about how best to resolve these cyclically ranked majority. It seems that you are assuming that the possibility of cyclically ranked majority is the biggest issue with democracy? I could argue that the biggest issue is assumption that we can based on preferences of individuals determine what would be the best for the group as a whole. Why exactly would this be related? Why exactly if we know what each individual wants for him or herself, we would know what would be best for the group? (For any definition of best.) Of course you get conflicts and cycles if everyone looks only at his or her own interests. I found it a bit premature optimization that we are concerned how to optimize voting among given choices when we should be maybe more concerned how the choices are constructed. Because this is the big question. Not how can we find fancy ways to sum up the votes among given options. The issue is that we are always given options to choose from. But we are hardly ever consulted in preparation of those options. Is this really democracy? To be allowed to vote which among two kings or queens (or hundred or whatever number) will rule you for next four or five years? Beautiful. So my question is more: how can we get new ideas and new solutions to issues from participation of everybody? How can we get people to be able to contribute to the solution to the issue, not just to choose among provided solutions? This is why we can't allow geeks to hijack the entire issue of electronic voting without adult supervision. This is why Liquid Democracy is not democracy. Mitar illustrates what is actually the geek's common yet shocking disregard for the rights of the individual, and a frighteningly casual willingness to replace the individual's rights with group interests as defined by a few radicals coding the system. That's called collectivism, and it turns out the way collectivism so often does -- a ruse of fake democracy that is created to enable the few to take power over the many. By inciting indignation over the fact that individuals only look to individual interests, as if that is pre-defined as bad, a few manipulators can pretend they are obtaining people's democracy for the group (this was the fallacy of communism and fascism). The idea that choices could be engineered into a free voting system by coders that individuals in the society themselves don't provide is another scary feature of these reformed voting systems -- again, unsupervised and unaccountable coders trumping real democracy and civil rights. Anarchist hackers want to achieve by code what they couldn't achieve by authentic free speech and free association and real democratic consensus. http://3dblogger.typepad.com/wired_state/2011/02/the-seven-deadly-flaws-of-online-democracy-.html http://3dblogger.typepad.com/wired_state/2012/05/direct-democracy-is-not-democracy-.html Catherine A. Fitzpatrick -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Practical Impact of NSA/Surveillance on Human Rights Orgs
From: Shawna Finnegan sha...@apc.org I have been following this list for some time, but I don't think I have introduced myself - I work with APC's Internet Rights programme. Alfredo Lopez from May First/People Link has been writing about the impact of PRISM surveillance on activists, and the importance of FLOSS for activists to protect data: http://www.thiscantbehappening.net/node/1842 APC wrote an issue paper on F/A online last year, which includes discussion of the impact of surveillance on organising: https://www.apc.org/en/pubs/freedom-peaceful-assembly-and-freedom-association And there are of course activists in many countries, such as Azerbaijan, who have felt the impact of government surveillance long before PRISM, and who have adopted a number of strategies to protect themselves: http://www.genderit.org/articles/azerbaijan-when-online-security-synonymous-personal-safety I am interested to read others' experiences, and personal practices for avoiding surveillance. Did these recent revelations convince anyone to abandon gmail, for example? Cheers, Shawna -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] safe-mail.net
On Wed, Jul 17, 2013 at 1:03 AM, A.Chukin achu...@riseup.net wrote: Some of my current partners use safe-mail.net for secure messaging. Does any of you have any information about maintainers and what is you opinion about security of this mail service ?? Based on 5 minutes looking at the web site, I see no reason to trust it. Using SSL (Secure Socket Layer), which is a component of all current browsers, for all data transmissions and strong proprietary encryption for server security, it offers the highest possible protection for all email communications and file attachments. The SSL encryption itself is generally thought to be secure, but it relies on X.509 certificates to identify the players so anyone who can subvert the certificate infrastructure can easily conduct a man-in-the -middle attack. If I can give you a bogus cert that says my machine is safe-mail.net, you will send me your not-yet-encrypted data, I save a copy and send it on to safenet. This is a real threat, at least against some enemies. Common browsers currently trust several hundred Certificate Authorities (CAs). Some have been subverted; a Dutch one was hacked credentials stolen there used by the Iranian government to attack dissidents. Others having admitted selling bogus certs that let corporate IT monitor employees. Several are controlled by governments I'm not inclined to trust: China, Syria, Then there is: and strong proprietary encryption for server security, That sets off alarm bells; basically strong proprietary encryption is an oxymoron. There's a link earlier in the thread to a Wikipedia explanation. Here's a different link to much the same thing: http://en.citizendium.org/wiki/Kerckhoffs%27_Principle This claim is worrying in two ways. First, it indicates that their system has not been published and independently analyzed, so it should not be trusted. Second, it shows that they are either ignorant of or ignoring a basic principle that has been well--known in the field for 100-odd years, so they should not be relied on to have designed their system well. Even if their proprietary encryption is secure, the encryption is done on their machines and they hold the keys. How safe is that? Not very if you are trying to protect against government agents who might show up with a warrant, or appeals to patriotism, just threats. Or if you are involved in high-stakes litigation where the opponent might use private detectives and large bribes. If they find a safe-mail system administrator who will co-operate, they read all your correspondence. The correct solution is end-to-end encryption such as PGP; encrypt on the sender's machine and decrypt on the receiver's. Even that is easily breakable if one of the machines involved has been subverted (downloaded a trojan horse or someone broke in and installed a key loggger or ...) and it does not stop someone like the NSA from seeing who you are talking to, but except for that it appears secure. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Fwd: A hacker's guide to Amsterdam
On Sat, 20 Jul 2013 12:38:34 +0200 Jason Gulledge ram...@ramdac.org wrote: There will be people at OHM on the 27th. Guaranteed. Yes, I was told that the 29th is supposed to be for people who don't help on setting up the OHM camp and infrastructure later today, too. Good to hear it from another source, though. :) -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Fwd: A hacker's guide to Amsterdam
On 7/20/13 8:25 PM, phryk wrote: On Sat, 20 Jul 2013 12:38:34 +0200 Jason Gulledge ram...@ramdac.org wrote: There will be people at OHM on the 27th. Guaranteed. Yes, I was told that the 29th is supposed to be for people who don't help on setting up the OHM camp and infrastructure later today, too. Good to hear it from another source, though. :) -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech Ah that may be true. The people I know who are going on the 27th are going to help setup. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Metadata Cleanup trough File Format Convertion?
Maybe this would help -- On the Mac platform, Lemkesoft's GraphicConverter is one of the oldest and most versatile graphic media format conversion programs (AND a good photo editor) -- it currently works with 60+ formats and explicitly allows removing OR modifying METADATA in batch mode. www.lemkesoft.com or write to the author, Thorsten Lemke at supp...@lemkesoft.com There are a dozen or more language versions of GraphicConverter -- it's modestly priced. bruce - - - - - - - On Jul 17, 2013, at 12:28 PM, Fabio Pietrosanti (naif) li...@infosecurity.ch wrote: Hi all, i've been thinking about the topic of metadata cleanup of files from an implementation point of view. Regardless the consideration whether it's something useful or not for a Whistleblowing platform (GlobaLeaks), i've been considering whenever the Metadata Cleanup can't be approached by File Format Conversion. If i'd like to remove metadata from various documents formats (pdf, word, ppt, excel, etc) or image file, i've been thinking that rather then explicitly removing metadata a possible different approach would be by doing a file convertion . If a JPEG is converted to PNG, maybe all metadatas are lost. (this has to be verified) If a DOC/DOCX is converted to a PDF, maybe all metadatas are lost. At GlobaLeaks we've been discussing about introducing metadata cleanup [1] , but also a file sterilization [2] with the goal to protect Receivers of a Whistleblowing site against targeted 0day attacks. Should we approach metadata cleanup by doing the file sterilization processing trough existing Libreoffice convertion API [3] to save engineering effort/time? [1] Metadata Cleanup https://github.com/globaleaks/GlobaLeaks/issues/305 [2] File Sterilization https://github.com/globaleaks/GlobaLeaks/issues/270 [3] Libreoffice Convertion API https://github.com/dagwieers/unoconv -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Practical Impact of NSA/Surveillance on Human Rights Orgs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey all, Le 20/07/2013 19:16, Yosem Companys a écrit : [...] Alfredo Lopez from May First/People Link has been writing about the impact of PRISM surveillance on activists, and the importance of FLOSS for activists to protect data: http://www.thiscantbehappening.net/node/1842 APC wrote an issue paper on F/A online last year, which includes discussion of the impact of surveillance on organising: https://www.apc.org/en/pubs/freedom-peaceful-assembly-and-freedom-association And there are of course activists in many countries, such as Azerbaijan, who have felt the impact of government surveillance long before PRISM, and who have adopted a number of strategies to protect themselves: http://www.genderit.org/articles/azerbaijan-when-online-security-synonymous-personal-safety I am interested to read others' experiences, and personal practices for avoiding surveillance. Did these recent revelations convince anyone to abandon gmail, for example? Even though some organizations are committed to protecting free speech and information, I do not believe that HR orgs' practices changed in the light of PRISM revelations. On the other hand, I think individuals here and there with a varying level of political activism may have changed a little bit their habits. On the longer term however, the revelations may help raise awareness and thus help moving into the right direction, i.e. installing FLOSS trustworthy software. I think already aware people have a big responsibility here in explaning, raising awareness and teaching. - From a less human rights centered perspective, I can tell the status of European institutions is catastrophic and that I am at the moment not able to perceive any will from them to turn to using more FLOSS. EC, EP and EUCJ all run MS Exchange, and the staff seems in general to be forced to have a particular version of Windows and MS Office. But again, the matter isn't ignored by everyone and efforts may lead to interesting developments in a longer future. Best, KheOps -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJR6zfBAAoJEK9g/8GX/m3dK7MH/3Fnjz7bkTEulgis1flRdjHQ KMHlSdr35YFa2E7O3OHHlYmaNjtdbJBAHBwYknJ7JkYYQSHJ65f5qXEdqLcpy9RN KJx49CofE7xuO5wiFzG22Ol7aR9KFFQSbIxGcI2sULm+YEtVka+KJQxPL1HRVvmL 1dNDmX7sW5Cz7IMF2ZDVm9cUPtipkrAFaYbeTZ84If6qrJdKsiH/IVVENX4YClds Lbrz3ZR16MI3W8QKk8qTotICCXUHLPt49iDFgQqUVDPx7kIQspp9IkhiSwytl6RK bXWZDWm1Ff1hlgtfhe+PMjL6Y1oMh28krRL9GKjO6vWYRCKky89n/qno130yLnc= =vGA5 -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] The Pirate Bay blocked from some Amazon EC2 instances?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello everyone, Having to play a little bit with a couple of Amazon EC2 virtual machines, I noticed that I wasn't able to access thepiratebay.sx from them. The DNS entry is correct, but an HTTP request simply times out. They are located in the US West 2 set. A friend having an instance in Europe said he could access thepiratebay.sx from it without problem. So, does any of you have any elements regarding this? Best, KheOps -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJR6zjMAAoJEK9g/8GX/m3dfJUIAIUvzcnlPXAPA0aH8rVkAZMZ FkacA+ILPKJYt596dBh7OiiD6IjAkQhmd3GmxCuWZVUIVLYCFqXkkzJKvl7ZnDLG h970Y0WRvQe4rNr4Kb23ChioI4TfTcp1nGGFQc8etVvKKaYAcrT5fGTldHAYzCQ/ J6MMAC77XA01Nfc+4Z7G2Z2sGb+xyTueHGLeV09Qj7wti5KUCE1dHZ/p9Q6pYkOf NCtwasYE01F/fTYbEFnICx8VU/M+P62u6+NfAjrUU6Aw25E+WkJSbiOs3feAPxpR EeNCBudgsp6XRUJp0sUAruVxdhDt4cGgXESeoLJZc5c8pOOZUFBKtZoMe81Hm/g= =p+v4 -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] The Pirate Bay blocked from some Amazon EC2 instances?
On Sun, Jul 21, 2013 at 03:26:36AM +0200, KheOps wrote: Having to play a little bit with a couple of Amazon EC2 virtual machines, I noticed that I wasn't able to access thepiratebay.sx from them. The DNS entry is correct, but an HTTP request simply times out. They are located in the US West 2 set. A friend having an instance in Europe said he could access thepiratebay.sx from it without problem. So, does any of you have any elements regarding this? Most likely some routing instability. Use tcptraceroute to find out where the issue lies. -andy -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech