Re: [liberationtech] And now for some completely different flame... Chrome + password management

[Patrick Mylund Nielsen]

On Thu, Aug 8, 2013 at 9:22 PM, Shava Nerad  wrote:

> https://news.ycombinator.com/item?id=6166886
>
> Chrome security guy takes it up with the Mashable article author.
>
> Chrome guy:  This is what users expect!  They expect to see their
> passwords in plain text.  You are expecting us to provide them with a false
> sense of security.
>
> um...  alrighty then...
>
> yrs,
> SN
>
>
He is being quite condescending, but that's not what he's saying. He's
saying that masking the password would make it seem safer than it really
is, i.e. that it's not as trivially obtainable by a simple piece of
software. That's not an intuitive concept for users, but it's a choice the
Chrome team deliberately made so as to not mislead them. This is a fine
stance, and not one deserving of so much bad press.


>
> On Thu, Aug 8, 2013 at 12:05 PM, Kyle Maxwell  wrote:
>
>> On Thu, Aug 8, 2013 at 11:01 AM, Patrick Mylund Nielsen
>>  wrote:
>> > On Thu, Aug 8, 2013 at 8:56 AM, Kyle Maxwell  wrote:
>> >>
>> >> Must every app data store reinvent the wheel rather than use operating
>> >> system functionality?
>> >>
>> >
>> > Agree in theory, but do all operating systems have standard data stores
>> that
>> > are encrypted with the user's password? They don't.
>>
>> Understood and point taken - but in general I'd rather point users
>> towards better password management than the browser in any case,
>> whether that's something like Lastpass / Keepass or something else
>> entirely. *insert pointless rant about how passwords are a terribly
>> broken model in the first place*
>>
>> --
>> @kylemaxwell
>> --
>> Liberationtech list is public and archives are searchable on Google. Too
>> many emails? Unsubscribe, change to digest, or change password by emailing
>> moderator at compa...@stanford.edu or changing your settings at
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>
>
>
> --
>
> Shava Nerad
> shav...@gmail.com
>
> --
> Liberationtech list is public and archives are searchable on Google. Too
> many emails? Unsubscribe, change to digest, or change password by emailing
> moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] From Snowden's email provider. NSL???

[James S. Tyre]

And now Silent Circle's Silent Mail service.

 

https://silentcircle.wordpress.com/2013/08/09/to-our-customers/

 

(They say that they have not received any warrants, NSL letters, etc, but are 
shutting
sown that service before they do.)

 

--

James S. Tyre

Law Offices of James S. Tyre

10736 Jefferson Blvd., #512

Culver City, CA 90230-4969

310-839-4114/310-839-4602(fax)

jst...@jstyre.com

Policy Fellow, Electronic Frontier Foundation

https://www.eff.org

 

From: liberationtech-boun...@lists.stanford.edu
[mailto:liberationtech-boun...@lists.stanford.edu] On Behalf Of David Johnson
Sent: Thursday, August 08, 2013 1:31 PM
To: Liberation Technologies
Subject: [liberationtech] From Snowden's email provider. NSL???

 

 

 

 

 
 
https://lavabit.com/

My Fellow Users,

I have been forced to make a difficult decision: to become complicit in crimes 
against the
American people or walk away from nearly ten years of hard work by shutting 
down Lavabit.
After significant soul searching, I have decided to suspend operations. I wish 
that I
could legally share with you the events that led to my decision. I cannot. I 
feel you
deserve to know what's going on--the first amendment is supposed to guarantee 
me the
freedom to speak out in situations like this. Unfortunately, Congress has 
passed laws that
say otherwise. As things currently stand, I cannot share my experiences over 
the last six
weeks, even though I have twice made the appropriate requests.

What's going to happen now? We've already started preparing the paperwork 
needed to
continue to fight for the Constitution in the Fourth Circuit Court of Appeals. 
A favorable
decision would allow me resurrect Lavabit as an American company.

This experience has taught me one very important lesson: without congressional 
action or a
strong judicial precedent, I would _strongly_ recommend against anyone trusting 
their
private data to a company with physical ties to the United States.

Sincerely,
Ladar Levison
Owner and Operator, Lavabit LLC

Defending the constitution is expensive! Help us by donating to the Lavabit 
Legal Defense
Fund
 here.

 

--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] And now for some completely different flame... Chrome + password management

[Shava Nerad]

https://news.ycombinator.com/item?id=6166886

Chrome security guy takes it up with the Mashable article author.

Chrome guy:  This is what users expect!  They expect to see their passwords
in plain text.  You are expecting us to provide them with a false sense of
security.

um...  alrighty then...

yrs,
SN

On Thu, Aug 8, 2013 at 12:05 PM, Kyle Maxwell  wrote:

> On Thu, Aug 8, 2013 at 11:01 AM, Patrick Mylund Nielsen
>  wrote:
> > On Thu, Aug 8, 2013 at 8:56 AM, Kyle Maxwell  wrote:
> >>
> >> Must every app data store reinvent the wheel rather than use operating
> >> system functionality?
> >>
> >
> > Agree in theory, but do all operating systems have standard data stores
> that
> > are encrypted with the user's password? They don't.
>
> Understood and point taken - but in general I'd rather point users
> towards better password management than the browser in any case,
> whether that's something like Lastpass / Keepass or something else
> entirely. *insert pointless rant about how passwords are a terribly
> broken model in the first place*
>
> --
> @kylemaxwell
> --
> Liberationtech list is public and archives are searchable on Google. Too
> many emails? Unsubscribe, change to digest, or change password by emailing
> moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>



-- 

Shava Nerad
shav...@gmail.com
--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] From Snowden's email provider. NSL???

[Kyle Maxwell]

I find it unlikely that it's an NSL per se. That would compel Lavabit
to produce existing business records, and shutting down doesn't
provide any defense against that.

But if the FBI (likely the lead agency on this) tried to compel
Lavabit to weaken its implementation so that they could conduct
ongoing, future surveillance, that might be a different matter. My
guess is that the actual issue lies more in this direction.

On Thu, Aug 8, 2013 at 5:12 PM, Shava Nerad  wrote:
> http://boingboing.net/2013/08/08/lavabit-email-service-snowden.html
>
> has the link to the correct paypal donation page.
>
>
> On Thu, Aug 8, 2013 at 4:31 PM, David Johnson 
> wrote:
>>
>>
>>
>>
>> https://lavabit.com/
>>
>> My Fellow Users,
>> I have been forced to make a difficult decision: to become complicit in
>> crimes against the American people or walk away from nearly ten years of
>> hard work by shutting down Lavabit. After significant soul searching, I have
>> decided to suspend operations. I wish that I could legally share with you
>> the events that led to my decision. I cannot. I feel you deserve to know
>> what’s going on--the first amendment is supposed to guarantee me the freedom
>> to speak out in situations like this. Unfortunately, Congress has passed
>> laws that say otherwise. As things currently stand, I cannot share my
>> experiences over the last six weeks, even though I have twice made the
>> appropriate requests.
>> What’s going to happen now? We’ve already started preparing the paperwork
>> needed to continue to fight for the Constitution in the Fourth Circuit Court
>> of Appeals. A favorable decision would allow me resurrect Lavabit as an
>> American company.
>> This experience has taught me one very important lesson: without
>> congressional action or a strong judicial precedent, I would _strongly_
>> recommend against anyone trusting their private data to a company with
>> physical ties to the United States.
>> Sincerely,
>> Ladar Levison
>> Owner and Operator, Lavabit LLC
>> Defending the constitution is expensive! Help us by donating to the
>> Lavabit Legal Defense Fund here.
>>
>>
>> --
>> Liberationtech list is public and archives are searchable on Google. Too
>> many emails? Unsubscribe, change to digest, or change password by emailing
>> moderator at compa...@stanford.edu or changing your settings at
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
>
>
>
> --
>
> Shava Nerad
> shav...@gmail.com
>
> --
> Liberationtech list is public and archives are searchable on Google. Too
> many emails? Unsubscribe, change to digest, or change password by emailing
> moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech



-- 
@kylemaxwell
--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] From Snowden's email provider. NSL???

[Shava Nerad]

http://boingboing.net/2013/08/08/lavabit-email-service-snowden.html

has the link to the correct paypal donation page.


On Thu, Aug 8, 2013 at 4:31 PM, David Johnson wrote:

>
>
>
> https://lavabit.com/
>
> My Fellow Users,
> I have been forced to make a difficult decision: to become complicit in
> crimes against the American people or walk away from nearly ten years of
> hard work by shutting down Lavabit. After significant soul searching, I
> have decided to suspend operations. I wish that I could legally share with
> you the events that led to my decision. I cannot. I feel you deserve to
> know what’s going on--the first amendment is supposed to guarantee me the
> freedom to speak out in situations like this. Unfortunately, Congress has
> passed laws that say otherwise. As things currently stand, I cannot share
> my experiences over the last six weeks, even though I have twice made the
> appropriate requests.
> What’s going to happen now? We’ve already started preparing the paperwork
> needed to continue to fight for the Constitution in the Fourth Circuit
> Court of Appeals. A favorable decision would allow me resurrect Lavabit as
> an American company.
> This experience has taught me one very important lesson: without
> congressional action or a strong judicial precedent, I would _strongly_
> recommend against anyone trusting their private data to a company with
> physical ties to the United States.
> Sincerely,
> Ladar Levison
> Owner and Operator, Lavabit LLC
> Defending the constitution is expensive! Help us by donating to the
> Lavabit Legal Defense Fund 
> here
> .
>
>
> --
> Liberationtech list is public and archives are searchable on Google. Too
> many emails? Unsubscribe, change to digest, or change password by emailing
> moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>



-- 

Shava Nerad
shav...@gmail.com
--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] New CryptoCat bug

[Tom O]

I can't take RATT seriously, it reminds me of an 80's cock rock band.

https://en.wikipedia.org/wiki/Ratt

On Friday, August 9, 2013, Sahar Massachi wrote:

> S:POT are communist gun-grabbers. Please don't put them in the same list
> as the other, worthy, advocacy groups.
>
> On Thu, Aug 8, 2013 at 10:57 AM, Brian Conley wrote:
>
> To whom it may concern:
>
> RATT(Rodents Against Traumatic Tools) and ADDL(Against Dog Defamation
> League) hereby express serious concern regarding the insensitive nature of
> the cryptocat interface. RATT members deserve encrypted chat much as
> others, but the presence of Cat Facts leads to undue trauma and we lobby
> you to reconsider fixing this bug. ADDL feels your distribution of cat
> propaganda (facts) is damaging and demeaning to the image of canines and
> other house pets and urges all members of libtech to boycott said
> technology until it becomes more tolerant of other domestic animals and
> house pets.
>
> (Please add your organization below if you agree with our petition and
> forward to your friends and loved ones to stop this specist software from
> continuing)
>
> Signed
>
> Members of
> RATT
> ADDL
> CAT(canine advocacy team)
> MOUSE (Microorganisms Organizing Upward Solidarity for Everyone)
> BIRD(Beyond Individual Rat Defamation)
> S:POT (Solidarity:Pets Over Terrorists)
> On Aug 8, 2013 3:42 AM, "Nadim Kobeissi"  wrote:
>
>
> On 2013-08-08, at 12:25 PM, Jillian C. York 
> wrote:
>
> Dear LibTech,
>
> I would like to express my concern that the CatFacts function of CryptoCat
> is not operating. This is a Very Important Function to ensure the physical,
> mental and spiritual health of cryptocat users and I am deeply, deeply
> concerned about its inoperability.
>
>
> Jillian,
> My sincerest excuses regarding this. Cryptocat claims full responsibility
> for this issue. There was indeed a bug that would limit the number of cat
> facts displayed per Cryptocat session to a maximum of 2 (two) cat facts.
> This has already been fixed and is awaiting release in the next version:
>
> https://github.com/cryptocat/cryptocat/commit/83af5be7bb575187a404bb56e11f14a1ba866d9f
>
> In the meantime, Cryptocat will be deploying a *Cat Care Package* in
> order to alleviate the shortage of cat media that Cryptocat users may be
> facing. The Cat Care Package may be accessed here:
> みっちりねこマーチ - MitchiriNeko March
>
> We are currently in the process of writing a meow-dvisory to address the
> situation. It may take us a mew moments, but I am purr-sonally confident
> that we will do everything paw-ssible to prevent this situation from
> cat-apulting into something worse.
>
> Thanks very much for your patience and understanding.
>
> NK
>
>
> Perhaps some time at the upcoming hackathon should be spent improving this
> function.
>
> Thanks,
> Jillian
>
>
> --
> Note: I am slowly extricating myself from Gmail. Please change your
> address books to: jilliancy...@riseup.net or jill...@eff.org.
>
> US: +1-857-891-4244 | NL: +31-657086088
> site:  jilliancyork.com | twitter: @jilliancyork
>
> "We must not be afraid of dreaming the seemingly impossible if we want the
> seemingly impossible to become a reality" - Vaclav Havel
> --
> Liberationtech list is public and archives are searchable on Google. Too
> many emails? Unsubscribe, change to digest, or change password by emailing
> moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
>
>
> --
> Liberationtech list is public and archives are searchable on Google. Too
> many emails? Unsubscribe, change to digest, or change passwo
>
> Sahar Massachi
>
> c: (585) 313-6649
> t: twitter.com/sayhar
> w: saharmassachi.com
--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] From Snowden's email provider. NSL???

[Andrés Leopoldo Pacheco Sanfuentes]

right. They're putting their lives' work, their livelihood, at stake.

Best Regards | Cordiales Saludos | Grato,

Andrés L. Pacheco Sanfuentes

+1 (817) 271-9619


On Thu, Aug 8, 2013 at 3:53 PM, Mike Perry  wrote:
> It is profoundly encouraging to see that people of such courage and
> integrity as the Lavabit staff exist, and are willing to put everything
> on the line to stand up against this madness.
>
> David Johnson:
>> https://lavabit.com/
>>
>> My Fellow Users,
>> I have been forced to make a difficult decision: to become complicit in
>> crimes against the American people or walk away from nearly ten years of
>> hard work by shutting down Lavabit. After significant soul searching, I
>> have decided to suspend operations. I wish that I could legally share with
>> you the events that led to my decision. I cannot. I feel you deserve to
>> know what’s going on--the first amendment is supposed to guarantee me the
>> freedom to speak out in situations like this. Unfortunately, Congress has
>> passed laws that say otherwise. As things currently stand, I cannot share
>> my experiences over the last six weeks, even though I have twice made the
>> appropriate requests.
>> What’s going to happen now? We’ve already started preparing the paperwork
>> needed to continue to fight for the Constitution in the Fourth Circuit
>> Court of Appeals. A favorable decision would allow me resurrect Lavabit as
>> an American company.
>> This experience has taught me one very important lesson: without
>> congressional action or a strong judicial precedent, I would _strongly_
>> recommend against anyone trusting their private data to a company with
>> physical ties to the United States.
>> Sincerely,
>> Ladar Levison
>> Owner and Operator, Lavabit LLC
>> Defending the constitution is expensive! Help us by donating to the Lavabit
>> Legal Defense Fund
>> here
>> .
>
>> --
>> Liberationtech list is public and archives are searchable on Google. Too 
>> many emails? Unsubscribe, change to digest, or change password by emailing 
>> moderator at compa...@stanford.edu or changing your settings at 
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
>
> --
> Mike Perry
>
> --
> Liberationtech list is public and archives are searchable on Google. Too many 
> emails? Unsubscribe, change to digest, or change password by emailing 
> moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] From Snowden's email provider. NSL???

[Mike Perry]

It is profoundly encouraging to see that people of such courage and
integrity as the Lavabit staff exist, and are willing to put everything
on the line to stand up against this madness.

David Johnson:
> https://lavabit.com/
> 
> My Fellow Users,
> I have been forced to make a difficult decision: to become complicit in
> crimes against the American people or walk away from nearly ten years of
> hard work by shutting down Lavabit. After significant soul searching, I
> have decided to suspend operations. I wish that I could legally share with
> you the events that led to my decision. I cannot. I feel you deserve to
> know what’s going on--the first amendment is supposed to guarantee me the
> freedom to speak out in situations like this. Unfortunately, Congress has
> passed laws that say otherwise. As things currently stand, I cannot share
> my experiences over the last six weeks, even though I have twice made the
> appropriate requests.
> What’s going to happen now? We’ve already started preparing the paperwork
> needed to continue to fight for the Constitution in the Fourth Circuit
> Court of Appeals. A favorable decision would allow me resurrect Lavabit as
> an American company.
> This experience has taught me one very important lesson: without
> congressional action or a strong judicial precedent, I would _strongly_
> recommend against anyone trusting their private data to a company with
> physical ties to the United States.
> Sincerely,
> Ladar Levison
> Owner and Operator, Lavabit LLC
> Defending the constitution is expensive! Help us by donating to the Lavabit
> Legal Defense Fund
> here
> .

> --
> Liberationtech list is public and archives are searchable on Google. Too many 
> emails? Unsubscribe, change to digest, or change password by emailing 
> moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech


-- 
Mike Perry
--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] What if Firefox adopts Tor as feature?

[Mike Perry]

You can't have any of these configurations without a browser to begin
with, and serious support from Mozilla would make a number of things
better for Tor users in any number of deployment configurations,
including (and perhaps especially) high security ones.

As for capacity and all of that, we've been consistently adding relays
and capacity, but our userbase has not grown proportionally. My belief
is that this is largely due to usability issues.

In short, I am excited by this news, and I look forward to improving our
communication and cooperation with Mozilla on this front.

Kyle Maxwell:
> I've no idea about the capacity, but I will say that, in a general
> sense, this is a relatively insecure method of using Tor. Recent
> events have highlighted this, naturally, but Tor works best as network
> infrastructure where "split tunnelling" (to borrow a term from VPN
> architecture) is not allowed. Perhaps if it were fully sandboxed such
> that all communications had to go through a proxy, a la Whonix.
> 
> On Thu, Aug 8, 2013 at 9:24 AM, Lazlo  wrote:
> > Firefox is flirting with idea the to adopt Tor as a feature [1,2]. This
> > could easily multiply [3] the number of daily users on the Tor network [4].
> > These daily users are not likely to add new capacity to the network. Is the
> > Tor network able to handle a sudden peak in usage (there is some
> > overcapacity [5]) without a hassle or is there action required?
> >
> > [1] https://twitter.com/BrendanEich/status/364265592112414720
> > [2] https://bugzilla.mozilla.org/show_bug.cgi?id=901614
> > [3]https://en.wikipedia.org/wiki/Usage_share_of_web_browsers#Summary_table
> > [4] https://metrics.torproject.org/users.html
> > [5] https://metrics.torproject.org/network.html#bandwidth
> > --
> > Liberationtech list is public and archives are searchable on Google. Too
> > many emails? Unsubscribe, change to digest, or change password by emailing
> > moderator at compa...@stanford.edu or changing your settings at
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> 
> 
> -- 
> @kylemaxwell
> --
> Liberationtech list is public and archives are searchable on Google. Too many 
> emails? Unsubscribe, change to digest, or change password by emailing 
> moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

-- 
Mike Perry
--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] From Snowden's email provider. NSL???

[David Johnson]

https://lavabit.com/

My Fellow Users,
I have been forced to make a difficult decision: to become complicit in
crimes against the American people or walk away from nearly ten years of
hard work by shutting down Lavabit. After significant soul searching, I
have decided to suspend operations. I wish that I could legally share with
you the events that led to my decision. I cannot. I feel you deserve to
know what’s going on--the first amendment is supposed to guarantee me the
freedom to speak out in situations like this. Unfortunately, Congress has
passed laws that say otherwise. As things currently stand, I cannot share
my experiences over the last six weeks, even though I have twice made the
appropriate requests.
What’s going to happen now? We’ve already started preparing the paperwork
needed to continue to fight for the Constitution in the Fourth Circuit
Court of Appeals. A favorable decision would allow me resurrect Lavabit as
an American company.
This experience has taught me one very important lesson: without
congressional action or a strong judicial precedent, I would _strongly_
recommend against anyone trusting their private data to a company with
physical ties to the United States.
Sincerely,
Ladar Levison
Owner and Operator, Lavabit LLC
Defending the constitution is expensive! Help us by donating to the Lavabit
Legal Defense Fund
here
.
--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] FW: Lavabit down ...

[Sean Alexandre]

On Thu, Aug 08, 2013 at 09:30:26PM +0200, Trigger Happy wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> 
> what I saw today lavabit.com
> 
> My Fellow Users,
> 
> I have been forced to make a difficult decision: to become complicit
> in crimes against the American people or walk away from nearly ten
> years of hard work by shutting down Lavabit. After significant soul
> searching, I have decided to suspend operations. I wish that I could
> legally share with you the events that led to my decision. I cannot. I
> feel you deserve to know what’s going on--the first amendment is
> supposed to guarantee me the freedom to speak out in situations like
> this. Unfortunately, Congress has passed laws that say otherwise. As
> things currently stand, I cannot share my experiences over the last
> six weeks, even though I have twice made the appropriate requests.
> 
> What’s going to happen now? We’ve already started preparing the
> paperwork needed to continue to fight for the Constitution in the
> Fourth Circuit Court of Appeals. A favorable decision would allow me
> resurrect Lavabit as an American company.
> 
> This experience has taught me one very important lesson: without
> congressional action or a strong judicial precedent, I would
> _strongly_ recommend against anyone trusting their private data to a
> company with physical ties to the United States.
> 
> Sincerely,
> Ladar Levison
> Owner and Operator, Lavabit LLC
> 
> 
> - -- 
> Trigger Happy 
> jabber: triggerha...@jabber.ccc.de
> otr: 85e6d794bbf77f6defd7e6648a6e48ebba6f0ffd
> 
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.13 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> 
> iQIcBAEBAgAGBQJSA/HMAAoJEEtm9wC9fGLFxDkP/RQiZyIXv3sXHgYoocGEv+w3
> K4P+z5o1t7RVJBuSSu3AOwqBvKVZczgJsUJ2u/TT96KAGw/9zflCIqrsFDFHOA1T
> g2LdZ2qs8jxYEs9DWCNBSOmK964LmRpsJoyncwoXS0BYGD8eM0bN7v8HuR69GNbG
> IAMnI7WRiiQQnX8wpO0VIA0/V50pgIsFbZJt6swK2emuGRBzDgVedWNPTGpbLHbM
> +iDVAVGi4OLkT2DVUsne+pJOq3JDtpjASTo7y6VhxxS6v5i6lLbjDto2eXyS1/zM
> GW4iTLTqM7YY7nj3X4bpjeGM4G5i+gx74paq3o3hqbqwlKs30ehltAJiNpjleUWu
> FlvD5fuUWEYWjMzddfOFuidVXjRKhcRsuoeGvPIP+AifgKekqnKU1Pjrdx+9oU0q
> WCVjF4dDl7tebVPrdlNVjCDlUXTPhpCrpuMrjbkk/N44E7E/ik+ObraX0A8JGcDp
> +gOAXOPT3J/hVFwRm6ksqfi9lXe5HijHNXspuTQ4QLBqhVhS5O+WqnWo8xVCpVF6
> VQt0e8YCYrPD34A9WCodHaidy4kGtO2BOJq0VNqrJ/atAtPcBx4IHD9hRhlFJbqJ
> TCi7WBn++dtbYMiVYjSOq2Y9DDlO9WoSNaWC90Ae86ZnUfKmYTsj7TK+ynxfenR/
> X8t6xQ+Mp40MSLueVM8q
> =tzgx
> -END PGP SIGNATURE-
--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Fwd: Postdoc Position in Peer-to-Peer Finance

[Adam Fish]

Dear Colleagues,



[Apologies for cross posting.]

Applicants are invited for a EPSRC/Digital Economy Programme full-time
funded post-doctoral position investigating digital connectivity and
peer-to-peer relationships in financial services. The position is fixed
term until 09/12/2014 with the likelihood of a three month extension.

The project, 3rd Party Dematerialisation and Rematerialisation of Capital
(3DaRoC), will evaluate the role of infrastructural designs and its effects
on the patterns of use of financial services provided by digital
intermediaries.

You are expected to have (or be about to complete) a PhD in Information
Systems, Information Science, Behavioural Science, Financial Services,
Financial Computing, Economics, Geography, Sociology, Anthropology,
Interaction or Experience Design, with experience in using ethnographic or
survey-based research techniques. Candidates with research experience or
enthusiasm for digital technology and innovation would be especially
welcomed.

You will be expected to lead on the development of fieldwork, analysis of
data, and to develop business models around new technology deployments, as
well as working with project partners and supporting the work of the other
researchers. The direct line supervisor will be Dr. Adam Fish (Lancaster),
and you will be based in the Department of Sociology. Informal enquiries
may be made to Dr. Fish at a.fi...@lancaster.ac.uk.

This is a full time fixed-term post beginning 15 October, or as soon as
possible after this date.

Please see the link below for my information:

http://hr-jobs.lancs.ac.uk/Vacancy.aspx?ref=A775

Best,

Adam
--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Knight Mozilla Open News Fellowship

[Heather Leson]

Happy August!

We are seeking an Knight Mozilla OpenNews Fellow. Ushahidi and Internews
Kenya will share the successful candidate. Some of the other Fellow hosts
include the New York Times, Pro Publica, The Texas Tribune, and La Nacion.

Applications are due on August 17th (you'll need to apply directly with the
OpenNews Folks)
http://blog.ushahidi.com/2013/08/08/maps-data-with-the-knight-mozilla-opennews-fellow-ushahidi/

Also, see the great work that the Data Science for Social Good Fellows have
done:
http://strata.oreilly.com/2013/07/machine-learning-for-human-rights.html


Heather


-- 
Heather Leson
Director of Community Engagement
*Ushahidi*
hle...@ushahidi.com
www.ushahidi.com and https://wiki.ushahidi.com
@heatherleson / skype: heatherleson
--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] New CryptoCat bug

[Sahar Massachi]

S:POT are communist gun-grabbers. Please don't put them in the same list as
the other, worthy, advocacy groups.

On Thu, Aug 8, 2013 at 10:57 AM, Brian Conley wrote:

> To whom it may concern:
>
> RATT(Rodents Against Traumatic Tools) and ADDL(Against Dog Defamation
> League) hereby express serious concern regarding the insensitive nature of
> the cryptocat interface. RATT members deserve encrypted chat much as
> others, but the presence of Cat Facts leads to undue trauma and we lobby
> you to reconsider fixing this bug. ADDL feels your distribution of cat
> propaganda (facts) is damaging and demeaning to the image of canines and
> other house pets and urges all members of libtech to boycott said
> technology until it becomes more tolerant of other domestic animals and
> house pets.
>
> (Please add your organization below if you agree with our petition and
> forward to your friends and loved ones to stop this specist software from
> continuing)
>
> Signed
>
> Members of
> RATT
> ADDL
> CAT(canine advocacy team)
> MOUSE (Microorganisms Organizing Upward Solidarity for Everyone)
> BIRD(Beyond Individual Rat Defamation)
> S:POT (Solidarity:Pets Over Terrorists)
> On Aug 8, 2013 3:42 AM, "Nadim Kobeissi"  wrote:
>
>>
>> On 2013-08-08, at 12:25 PM, Jillian C. York 
>> wrote:
>>
>> Dear LibTech,
>>
>> I would like to express my concern that the CatFacts function of
>> CryptoCat is not operating. This is a Very Important Function to ensure the
>> physical, mental and spiritual health of cryptocat users and I am deeply,
>> deeply concerned about its inoperability.
>>
>>
>> Jillian,
>> My sincerest excuses regarding this. Cryptocat claims full responsibility
>> for this issue. There was indeed a bug that would limit the number of cat
>> facts displayed per Cryptocat session to a maximum of 2 (two) cat facts.
>> This has already been fixed and is awaiting release in the next version:
>>
>> https://github.com/cryptocat/cryptocat/commit/83af5be7bb575187a404bb56e11f14a1ba866d9f
>>
>> In the meantime, Cryptocat will be deploying a *Cat Care Package* in
>> order to alleviate the shortage of cat media that Cryptocat users may be
>> facing. The Cat Care Package may be accessed here:
>> https://www.youtube.com/watch?v=lAIGb1lfpBw
>>
>> We are currently in the process of writing a meow-dvisory to address the
>> situation. It may take us a mew moments, but I am purr-sonally confident
>> that we will do everything paw-ssible to prevent this situation from
>> cat-apulting into something worse.
>>
>> Thanks very much for your patience and understanding.
>>
>> NK
>>
>>
>> Perhaps some time at the upcoming hackathon should be spent improving
>> this function.
>>
>> Thanks,
>> Jillian
>>
>>
>> --
>> Note: I am slowly extricating myself from Gmail. Please change your
>> address books to: jilliancy...@riseup.net or jill...@eff.org.
>>
>> US: +1-857-891-4244 | NL: +31-657086088
>> site:  jilliancyork.com | twitter: @jilliancyork
>>
>> "We must not be afraid of dreaming the seemingly impossible if we
>> want the seemingly impossible to become a reality" - Vaclav Havel
>> --
>> Liberationtech list is public and archives are searchable on Google. Too
>> many emails? Unsubscribe, change to digest, or change password by emailing
>> moderator at compa...@stanford.edu or changing your settings at
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>>
>>
>> --
>> Liberationtech list is public and archives are searchable on Google. Too
>> many emails? Unsubscribe, change to digest, or change password by emailing
>> moderator at compa...@stanford.edu or changing your settings at
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>
> --
> Liberationtech list is public and archives are searchable on Google. Too
> many emails? Unsubscribe, change to digest, or change password by emailing
> moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>



-- 
Sahar Massachi

c: (585) 313-6649
t: twitter.com/sayhar
w: saharmassachi.com
--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] And now for some completely different flame... Chrome + password management

[Kyle Maxwell]

On Thu, Aug 8, 2013 at 11:01 AM, Patrick Mylund Nielsen
 wrote:
> On Thu, Aug 8, 2013 at 8:56 AM, Kyle Maxwell  wrote:
>>
>> Must every app data store reinvent the wheel rather than use operating
>> system functionality?
>>
>
> Agree in theory, but do all operating systems have standard data stores that
> are encrypted with the user's password? They don't.

Understood and point taken - but in general I'd rather point users
towards better password management than the browser in any case,
whether that's something like Lastpass / Keepass or something else
entirely. *insert pointless rant about how passwords are a terribly
broken model in the first place*

-- 
@kylemaxwell
--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] And now for some completely different flame... Chrome + password management

[Patrick Mylund Nielsen]

On Thu, Aug 8, 2013 at 8:56 AM, Kyle Maxwell  wrote:

> Must every app data store reinvent the wheel rather than use operating
> system functionality?
>
>
Agree in theory, but do all operating systems have standard data stores
that are encrypted with the user's password? They don't.


> On Thu, Aug 8, 2013 at 10:42 AM, R. Jason Cronk 
> wrote:
> > I'll bite. You design your systems for the threats your users face. As
> many
> > have mentioned, the threat most users face is from a spouse, partner,
> > business associate, sibling, parent, children. Password fields don't
> display
> > typed text to protect against shoulder surfers. It clearly doesn't
> protect
> > again other adversaries such as keyloggers or others with access to the
> > browser DOM. In this light, I think it is reasonable to encrypt the site
> > passwords with a master password or at least have require a master
> password
> > to display the cleartext. It could always have an option to disable or
> use a
> > blank default master password for those who don't face the threats
> > illustrated above.
> >
> > Really, however, we need to move to a post password model, that combines
> > security and useability.
> >
> > My 2 cents.
> >
> > Jason
>
--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] And now for some completely different flame... Chrome + password management

[Kyle Maxwell]

Must every app data store reinvent the wheel rather than use operating
system functionality?

On Thu, Aug 8, 2013 at 10:42 AM, R. Jason Cronk  
wrote:
> I'll bite. You design your systems for the threats your users face. As many
> have mentioned, the threat most users face is from a spouse, partner,
> business associate, sibling, parent, children. Password fields don't display
> typed text to protect against shoulder surfers. It clearly doesn't protect
> again other adversaries such as keyloggers or others with access to the
> browser DOM. In this light, I think it is reasonable to encrypt the site
> passwords with a master password or at least have require a master password
> to display the cleartext. It could always have an option to disable or use a
> blank default master password for those who don't face the threats
> illustrated above.
>
> Really, however, we need to move to a post password model, that combines
> security and useability.
>
> My 2 cents.
>
> Jason
>
>
>
> On 8/7/2013 10:04 PM, Brian Conley wrote:
>
> Are they being irresponsible or aren't they?
>
> http://mashable.com/2013/08/07/chrome-password-security/?utm_cid=mash-com-fb-main-link
>
> That is a serous question in interested to hear a variety of opinions on,
> both for and against Google's position, OK go!
>
> Spoiler alert, I think both players are being jerks and not considering the
> importance of outreach and how users learn...
>
>
>
> --
> Liberationtech list is public and archives are searchable on Google. Too
> many emails? Unsubscribe, change to digest, or change password by emailing
> moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
>
>
> R. Jason Cronk, Esq., CIPP/US
> Privacy Engineering Consultant, Enterprivacy Consulting Group
>
> phone: (828) 4RJCESQ
> twitter: @privacymaverick.com
> blog: http://blog.privacymaverick.com
>
>
> --
> Liberationtech list is public and archives are searchable on Google. Too
> many emails? Unsubscribe, change to digest, or change password by emailing
> moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech



-- 
@kylemaxwell
--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] And now for some completely different flame... Chrome + password management

[R. Jason Cronk]

I'll bite. You design your systems for the threats your users face. As 
many have mentioned, the threat most users face is from a spouse, 
partner, business associate, sibling, parent, children. Password fields 
don't display typed text to protect against shoulder surfers. It clearly 
doesn't protect again other adversaries such as keyloggers or others 
with access to the browser DOM. In this light, I think it is reasonable 
to encrypt the site passwords with a master password or at least have 
require a master password to display the cleartext. It could always have 
an option to disable or use a blank default master password for those 
who don't face the threats illustrated above.


Really, however, we need to move to a post password model, that combines 
security and useability.


My 2 cents.

Jason


On 8/7/2013 10:04 PM, Brian Conley wrote:


Are they being irresponsible or aren't they?

http://mashable.com/2013/08/07/chrome-password-security/?utm_cid=mash-com-fb-main-link

That is a serous question in interested to hear a variety of opinions 
on, both for and against Google's position, OK go!


Spoiler alert, I think both players are being jerks and not 
considering the importance of outreach and how users learn...




--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech



*R. Jason Cronk, Esq., CIPP/US*
/Privacy Engineering Consultant/, *Enterprivacy Consulting Group* 



 * phone: (828) 4RJCESQ
 * twitter: @privacymaverick.com
 * blog: http://blog.privacymaverick.com

--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] What if Firefox adopts Tor as feature?

[Kyle Maxwell]

I've no idea about the capacity, but I will say that, in a general
sense, this is a relatively insecure method of using Tor. Recent
events have highlighted this, naturally, but Tor works best as network
infrastructure where "split tunnelling" (to borrow a term from VPN
architecture) is not allowed. Perhaps if it were fully sandboxed such
that all communications had to go through a proxy, a la Whonix.

On Thu, Aug 8, 2013 at 9:24 AM, Lazlo  wrote:
> Firefox is flirting with idea the to adopt Tor as a feature [1,2]. This
> could easily multiply [3] the number of daily users on the Tor network [4].
> These daily users are not likely to add new capacity to the network. Is the
> Tor network able to handle a sudden peak in usage (there is some
> overcapacity [5]) without a hassle or is there action required?
>
> [1] https://twitter.com/BrendanEich/status/364265592112414720
> [2] https://bugzilla.mozilla.org/show_bug.cgi?id=901614
> [3]https://en.wikipedia.org/wiki/Usage_share_of_web_browsers#Summary_table
> [4] https://metrics.torproject.org/users.html
> [5] https://metrics.torproject.org/network.html#bandwidth
> --
> Liberationtech list is public and archives are searchable on Google. Too
> many emails? Unsubscribe, change to digest, or change password by emailing
> moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech



-- 
@kylemaxwell
--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] New CryptoCat bug

[Brian Conley]

To whom it may concern:

RATT(Rodents Against Traumatic Tools) and ADDL(Against Dog Defamation
League) hereby express serious concern regarding the insensitive nature of
the cryptocat interface. RATT members deserve encrypted chat much as
others, but the presence of Cat Facts leads to undue trauma and we lobby
you to reconsider fixing this bug. ADDL feels your distribution of cat
propaganda (facts) is damaging and demeaning to the image of canines and
other house pets and urges all members of libtech to boycott said
technology until it becomes more tolerant of other domestic animals and
house pets.

(Please add your organization below if you agree with our petition and
forward to your friends and loved ones to stop this specist software from
continuing)

Signed

Members of
RATT
ADDL
CAT(canine advocacy team)
MOUSE (Microorganisms Organizing Upward Solidarity for Everyone)
BIRD(Beyond Individual Rat Defamation)
S:POT (Solidarity:Pets Over Terrorists)
On Aug 8, 2013 3:42 AM, "Nadim Kobeissi"  wrote:

>
> On 2013-08-08, at 12:25 PM, Jillian C. York 
> wrote:
>
> Dear LibTech,
>
> I would like to express my concern that the CatFacts function of CryptoCat
> is not operating. This is a Very Important Function to ensure the physical,
> mental and spiritual health of cryptocat users and I am deeply, deeply
> concerned about its inoperability.
>
>
> Jillian,
> My sincerest excuses regarding this. Cryptocat claims full responsibility
> for this issue. There was indeed a bug that would limit the number of cat
> facts displayed per Cryptocat session to a maximum of 2 (two) cat facts.
> This has already been fixed and is awaiting release in the next version:
>
> https://github.com/cryptocat/cryptocat/commit/83af5be7bb575187a404bb56e11f14a1ba866d9f
>
> In the meantime, Cryptocat will be deploying a *Cat Care Package* in
> order to alleviate the shortage of cat media that Cryptocat users may be
> facing. The Cat Care Package may be accessed here:
> https://www.youtube.com/watch?v=lAIGb1lfpBw
>
> We are currently in the process of writing a meow-dvisory to address the
> situation. It may take us a mew moments, but I am purr-sonally confident
> that we will do everything paw-ssible to prevent this situation from
> cat-apulting into something worse.
>
> Thanks very much for your patience and understanding.
>
> NK
>
>
> Perhaps some time at the upcoming hackathon should be spent improving this
> function.
>
> Thanks,
> Jillian
>
>
> --
> Note: I am slowly extricating myself from Gmail. Please change your
> address books to: jilliancy...@riseup.net or jill...@eff.org.
>
> US: +1-857-891-4244 | NL: +31-657086088
> site:  jilliancyork.com | twitter: @jilliancyork
>
> "We must not be afraid of dreaming the seemingly impossible if we want the
> seemingly impossible to become a reality" - Vaclav Havel
> --
> Liberationtech list is public and archives are searchable on Google. Too
> many emails? Unsubscribe, change to digest, or change password by emailing
> moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
>
>
> --
> Liberationtech list is public and archives are searchable on Google. Too
> many emails? Unsubscribe, change to digest, or change password by emailing
> moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] What if Firefox adopts Tor as feature?

[Lazlo]

Firefox is flirting with idea the to adopt Tor as a feature [1,2]. This 
could easily multiply [3] the number of daily users on the Tor network 
[4]. These daily users are not likely to add new capacity to the 
network. Is the Tor network able to handle a sudden peak in usage (there 
is some overcapacity [5]) without a hassle or is there action required?


[1] https://twitter.com/BrendanEich/status/364265592112414720
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=901614
[3]https://en.wikipedia.org/wiki/Usage_share_of_web_browsers#Summary_table
[4] https://metrics.torproject.org/users.html
[5] https://metrics.torproject.org/network.html#bandwidth
--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Terminology correction [was: Freedom Hosting, Tormail Compromised // OnionCloud]

[Rich Kulawiec]

On Wed, Aug 07, 2013 at 08:37:55AM -0500, Crypto wrote:
> Continuing to SPAM the list with your constant bickering only
> increases your lack of credibility.

First, the correct term is "spam", or "Spam" if used at the beginning of
a sentence -- never "SPAM".  "Spam" is the slang term for unsolicited
bulk email (UBE), the canonical definition of spam in the content of
SMTP; it's also been used in other contexts, e.g., NNTP, SMS, and so on.
"SPAM" is a product of the Hormel Corporation, who have been surprisingly
sanguine over many years about our co-opting of the term, doubly
so given its negative connotations, triply so given the litigious
environment we now enjoy.  I think we owe it to them, as a small gesture
of consideration, to avoid conflating the two, especially since it's
trivially easy to avoid doing so.

Also, while SPAM is considered a delicacy by many, it is a rare person
indeed who would say the same about spam.

Second, none of these message constitute spam.  They may be annoying,
welcome, lengthy, short, educational, worthless, enlightening, confusing,
funny, maddening, repetitive, unique, or any number of other things
depending on one's viewpoint: but it is absolutely wrong to label them as
"spam" or to label their authors (by extension) "spammers".  There has
been an unfortunate trend on the part of some who do not know the proper
definition of spam or how to use it to apply the label when it clearly
isn't applicable; the resulting confusion greatly assists the *real*
spammers out there, who have spent much of the last two decades trying to
create as much of it as they possibly can, sometimes with great success.

---rsk

--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] New CryptoCat bug

[Nadim Kobeissi]

On 2013-08-08, at 12:25 PM, Jillian C. York  wrote:

> Dear LibTech, 
> 
> I would like to express my concern that the CatFacts function of CryptoCat is 
> not operating. This is a Very Important Function to ensure the physical, 
> mental and spiritual health of cryptocat users and I am deeply, deeply 
> concerned about its inoperability. 

Jillian,
My sincerest excuses regarding this. Cryptocat claims full responsibility for 
this issue. There was indeed a bug that would limit the number of cat facts 
displayed per Cryptocat session to a maximum of 2 (two) cat facts. This has 
already been fixed and is awaiting release in the next version:
https://github.com/cryptocat/cryptocat/commit/83af5be7bb575187a404bb56e11f14a1ba866d9f

In the meantime, Cryptocat will be deploying a Cat Care Package in order to 
alleviate the shortage of cat media that Cryptocat users may be facing. The Cat 
Care Package may be accessed here:
https://www.youtube.com/watch?v=lAIGb1lfpBw

We are currently in the process of writing a meow-dvisory to address the 
situation. It may take us a mew moments, but I am purr-sonally confident that 
we will do everything paw-ssible to prevent this situation from cat-apulting 
into something worse.

Thanks very much for your patience and understanding.

NK

> 
> Perhaps some time at the upcoming hackathon should be spent improving this 
> function.
> 
> Thanks, 
> Jillian
> 
> 
> -- 
> Note: I am slowly extricating myself from Gmail. Please change your address 
> books to: jilliancy...@riseup.net or jill...@eff.org.
> 
> US: +1-857-891-4244 | NL: +31-657086088
> site:  jilliancyork.com | twitter: @jilliancyork 
> 
> "We must not be afraid of dreaming the seemingly impossible if we want the 
> seemingly impossible to become a reality" - Vaclav Havel
> --
> Liberationtech list is public and archives are searchable on Google. Too many 
> emails? Unsubscribe, change to digest, or change password by emailing 
> moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] New CryptoCat bug

[Jason Gulledge]

Given that today is world cat day, It's even more important that we take time 
out to think about the cats. This is important for all of us, not just cats. 
We're in this together.

http://www.panorama.am/en/society/2013/08/08/world-cat-day/


Best,
Jason

On Aug 8, 2013, at 11:25 AM, Jillian C. York  wrote:

> Dear LibTech, 
> 
> I would like to express my concern that the CatFacts function of CryptoCat is 
> not operating. This is a Very Important Function to ensure the physical, 
> mental and spiritual health of cryptocat users and I am deeply, deeply 
> concerned about its inoperability. 
> 
> Perhaps some time at the upcoming hackathon should be spent improving this 
> function.
> 
> Thanks, 
> Jillian
> 
> 
> -- 
> Note: I am slowly extricating myself from Gmail. Please change your address 
> books to: jilliancy...@riseup.net or jill...@eff.org.
> 
> US: +1-857-891-4244 | NL: +31-657086088
> site:  jilliancyork.com | twitter: @jilliancyork 
> 
> "We must not be afraid of dreaming the seemingly impossible if we want the 
> seemingly impossible to become a reality" - Vaclav Havel
> --
> Liberationtech list is public and archives are searchable on Google. Too many 
> emails? Unsubscribe, change to digest, or change password by emailing 
> moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] New CryptoCat bug

[Jillian C. York]

Dear LibTech,

I would like to express my concern that the CatFacts
functionof
CryptoCat is not operating. This is a Very Important Function to
ensure the physical, mental and spiritual health of cryptocat users and I
am deeply, deeply concerned about its inoperability.

Perhaps some time at the upcoming hackathon should be spent improving this
function.

Thanks,
Jillian


-- 
*Note: *I am slowly extricating myself from Gmail. Please change your
address books to: jilliancy...@riseup.net or jill...@eff.org.

US: +1-857-891-4244 | NL: +31-657086088
site:  jilliancyork.com * | *
twitter: @jilliancyork* *

"We must not be afraid of dreaming the seemingly impossible if we want the
seemingly impossible to become a reality" - *Vaclav Havel*
--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] And now for some completely different flame... Chrome + password management

[coderman]

On Wed, Aug 7, 2013 at 9:09 PM, Patrick Mylund Nielsen
 wrote:
> Encrypting the passwords with a master passphrase wouldn't be useless...

even if this is useful, it is a policy that should be implemented in
the key manager and not the browser (or any other app, each on an
ad-hoc basis, each with their own controls and configuration and
assurances, each with their own flaws and shortcomings).

consider KeyChain on Android with keystore and hardware backed secret
storage - if you use the standard interfaces instead of rolling your
own you get hardware protections where available without any
additional effort. the same applies to desktop key manager policies;
apps should rely on existing infrastructure rather than implement
their own solutions poorly.


again, policies and configuration like master passwords, session
timeouts, explicit authorization, etc. are all the domain of a key
manager and not the browser or any other app.


the only thing Google could have done better is provide a more visible
and useful description of how Chrome uses existing key management
facilities on the desktop to save passwords and where the user can
find out more about how this service functions.
--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] New idea: Encrypt everything. was: Anonymity Smackdown: NSA vs. Tor

[Guido Witmond]

On 08-08-13 03:31, Jonathan Wilkes wrote:
> On 08/07/2013 03:46 PM, Guido Witmond wrote:
>> On 07-08-13 20:47, Jonathan Wilkes wrote:
>>> how exactly would you check to make sure something like this 
>>> scenario isn't happening?

>> Hmm, That would be easy. Place some false flag mails about
>> terrorist attacks and check for raised alerts... :-)
> 
> Wouldn't that be difficult?  When cross-referenced with the greater 
> social graph built from all available sources those false flag mails 
> would look like stumps.  They wouldn't connect up with cellphone
> metadata, social network activity, people under targeted
> surveillance, etc.

Your're right It's difficult. I think that placing false flags
successfully makes you the monster you are trying to defeat. It would
feed the terror threat to the 'normal people'.

I don't have a solution that problem. I defer that to Tor. They are
smarter than me on this topic. :-)


However, I am serious about encrypting everything. It serves two purposes:

1. if Tors anonymity routing gets bypassed, your message *content* is
still protected by the end-to-end cryptography.

2. as everything is encrypted, Tor traffic doesn't stand out.


Here is my new idea:

For this second thing, it would be neat to have a web server that would
serve both its own content and onion routing requests *at the same port*.

It's not a hidden service. On the contrary. It can be connected directly
(https only) for those who want and don't mind about hiding their end
point.

It can be reached via the tor network for those who do want to hide
their origin.

At the same time it participates in the onion routing protocol, bridge,
middle or exit node. We configure this website/Tornode to only route
onion packets to port 443. That would eliminate most abuse-prone traffic
and let me use my OVH-node as website/exit node without much risk of
them shutting it down.

It also makes it more difficult to block Tor nodes at the network level.
It would require a judge to order you to reject onion routing at your site.

Downside: There might be certain timing attacks that would make it more
easy to determine onion routes. That's left as an exercise for the Tor
developers. ;-)

I'd love to see comments, objections, questions. Flames to /dev/null.


Guido.

--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech