Re: [liberationtech] Linux distribution on encrypted USB?

[carlo von lynX]

On Tue, Sep 10, 2013 at 02:41:24PM +0200, Moon Jones wrote:
> A portable distribution on an encrypted stick.

I know of two distributions that do this.. one is TAILS and
the one I prefer is liberte linux.. and the guy who does it
is even on this list.

> But is it feasable to have a two device solution? Media1 has the
> /boot but Media2 has the strong key. Media1 boots, prompts, than
> mounts Media2, takes the key, unmounts Media2 prompting and goes
> ahead with the boot without touching the other drives.

You boot from the stick, then mount the encrypted harddrive
with your pass phrase. The laptop as such is thus no longer
a source of danger without the stick. Best of all, if you
unplug the stick the system wipes its memory and shuts down.
Both systems work this way.

-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] iPhone5S Fingerprint and 5th amendment

[Rich Kulawiec]

That's a valid concern.

But I think you should probably be more concerned that it's only a matter
of time until malware is released which grabs the fingerprint and quietly
uploads it to someone's database.  I'm sure they'll find uses for it,
doubly so if it happens to unlock something other than a phone.

Perhaps this has already happened.

---rsk
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] iPhone5S Fingerprint and 5th amendment

[Peat Bakke]

> This is likely subject to a precompiled hash lookup table attack,
> as the number of all possible fingerprints, quantized via a classification
> vector is not that large.

Can you give us a better idea of how large "not that large" is?

Rainbow tables are always a problem, but I suspect that there's more
diversity in those vectors than in user generated passwords.
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] iPhone5S Fingerprint and 5th amendment

[Peat Bakke]

> my guess is that fingerprint scanners don't produce the exact same output
every
> time a finger is scanned (similar to what an image scanner might see).
Hash
> functions should produce completely different output if only a single bit
is
> changed, making comparison with a stored value at least a very hard
problem
> if not impossible.

Shifting data from a the sensor would make any bit-for-bit comparison
impossible regardless of hashing, so there is some kind of additional
calculation being done to get to a bit-for-bit comparison.

Vaguely analogous is music recognition software (ala Shazam), which
develops a series of tonal signatures for a piece of music: it's impossible
to recreate the original song from the signatures, but it can still match
with high confidence.

Conjecture conjecture conjecture, of course. Hah. I'm just trying to
consider how fingerprints can be used without the threat of
revealing/reconstructing/hijacking the fingerprint itself ...
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] iPhone5S Fingerprint and 5th amendment

[Eugen Leitl]

On Wed, Sep 11, 2013 at 11:04:44AM -0500, Matt Mackall wrote:

> Similarly, any other sort of one-way algorithm that prevents you from
> reconstructing a valid input from the stored data is not going to work.

Typical fingerprint matching uses classification, recognizing and
encoding multiple features into a vector. You could use a one-way
hash on that vector. This is likely subject to a precompiled hash
lookup table attack, as the number of all possible fingerprints,
quantized via a classification vector is not that large.
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] iPhone5S Fingerprint and 5th amendment

[Matt Mackall]

On Wed, 2013-09-11 at 08:42 -0700, Peat Bakke wrote:
> Are there any reasons why fingerprint data couldn't be treated with the
> same concern as passwords? That is, subject to a one-way hash before being
> stored, transmitted in signed payloads, etc?
>
> I'm not sure how securing this data would be different than passwords --
> and given how much unique data can be generated from a fingerprint, it
> should be significantly better than John Doe's 8 character password.

Fingerprint matching (like just about anything analog) is not going to
be error or noise-free, and thus will have to work on something less
than a 100% perfect match. Thus, comparing cryptographic hashes of the
input with a stored hash won't work: any single bit change in the input
will completely change the hash.

Similarly, any other sort of one-way algorithm that prevents you from
reconstructing a valid input from the stored data is not going to work.

-- 
Mathematics is the supreme nostalgia of our time.


-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] iPhone5S Fingerprint and 5th amendment

[Eugen Leitl]

On Wed, Sep 11, 2013 at 09:20:56AM -0700, Peat Bakke wrote:
> > This is likely subject to a precompiled hash lookup table attack,
> > as the number of all possible fingerprints, quantized via a classification
> > vector is not that large.
> 
> Can you give us a better idea of how large "not that large" is?

I thought there was insufficient variability so there could
be dupes within the world population of mere 7 gigamonkeys, 
but that might be wrong,
given http://lwn.net/Articles/276318/

See FBI Appendix F specifications in
http://www.fbibiospecs.org/fbibiometric/docs/EBTS%20V8.00...
500 pixels per inch or 1000 ppi at 8 bits per pixel. Capture size 1.6" x 1.5" 
(600 Kpixels)
for roll finger or 1" x 2" for thumb (500 Kpixels).

But once you threshold the images, you effectively get rather less than 1 bit 
per pixel, as
there's a lot of correlation between pixels. Also rotations all count the same. 
My fingers
have more like 50 ridges per inch. But that's still a *lot* of possible values. 

After extracting the minutiae, there's rather less information held. One finger 
reader I have
states the software extracts between 10 and 70 minutiae points, held as (x,y) 
vectors, in a
transform claimed to be non-reversible. If coordinates are accurate to 6 bits, 
that means 10 x
(6+6) bits = 120 bits minimum. Still allows for significantly more possible 
prints than the
world population. 

See also Sir James Crosby's report,
http://www.hm-treasury.gov.uk/media/6/7/identity_assuranc..., suggesting that 
only
non-unique digital representations should be stored. This would allow the 
master copy in the
database to be replaced with another version, so would provide some limited 
options to
"change" a compromised fingerprint.

Uniqueness of fingerprints?
Posted Apr 6, 2008 11:32 UTC (Sun) by man_ls (guest, #15091) [Link]

Hmmm... doesn't the principle behind the Birthday paradox apply here? Even if 
there are 366 days in a year, the probability of two people having the same 
birthday reach 0.5 with a group of only 23 people. Therefore you would only 
need roughly the square root of the number of possibilities to find a collision.
With 120 bits you are still safe, since the world population is about 2^32. But 
the security factor is not as high as it would seem. Surely we don't expect all 
values to be as likely, as with birthdays; if they tend to cluster around 
certain values (some kinds of fingerprint configurations are more probable than 
others) then collisions become increasingly likely.
 
> Rainbow tables are always a problem, but I suspect that there's more
> diversity in those vectors than in user generated passwords.
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] iPhone5S Fingerprint and 5th amendment

[Felix Eckhofer]

Peat,

Am 11.09.2013 17:42, schrieb Peat Bakke:

Are there any reasons why fingerprint data couldn't be treated with
the same concern as passwords? That is, subject to a one-way hash
before being stored, transmitted in signed payloads, etc?


my guess is that fingerprint scanners don't produce the exact same 
output every time a finger is scanned (similar to what an image scanner 
might see). Hash functions should produce completely different output if 
only a single bit is changed, making comparison with a stored value at 
least a very hard problem if not impossible.



felix
--
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] quid pro quo

[The Doctor]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 09/10/2013 03:27 PM, Lucas Gonze wrote:


This may be illustrative:

https://www.eff.org/deeplinks/2007/10/qwest-ceo-nsa-punished-qwest-refusing-participate-illegal-surveillance-pre-9-11

http://www.businessinsider.com/the-story-of-joseph-nacchio-and-the-nsa-2013-6

http://www.washingtonpost.com/wp-dyn/content/article/2007/10/12/AR2007101202485.html

http://www.wired.com/threatlevel/2007/10/qwest-ceo-not-a/

http://dailycaller.com/2013/06/13/jailed-qwest-ceo-claimed-that-nsa-retaliated-because-he-wouldnt-participate-in-spy-program/

Cooperate, and say out of jail (and make lots of money).  Don't
cooperate, don't make lots of money and possibly wind up in jail.



Probably, yes.  Whether or not that matters anymore is a different
question.

- -- 
The Doctor [412/724/301/703] [ZS]
Developer, Project Byzantium: http://project-byzantium.org/

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F  DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

File not found: A)bort, R)etry, M)assive heart attack?

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.20 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlIwoOYACgkQO9j/K4B7F8FiyACeNcwWFofNRT4mXDKIADJYybO0
4YQAnRjVARSlS3aA6WgbbCNRFDZTl7y0
=vHXV
-END PGP SIGNATURE-
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Linux distribution on encrypted USB?

[The Doctor]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 09/11/2013 02:33 AM, Moon Jones wrote:

> Yes, Tails seems to be the solution here as well. It has a very
> elegant way of handling this with its encrypted storage. But, in
> this case, it's rather limited upgrade-wise.

In what sense?

At least insofar as being able to access the encrypted storage
partition of a USB install of TAILS is concerned, so long as you don't
repartition the device it should just work.  I've tested this a few
times (upgrading a USB key from TAILS v0.19 to TAILS v0.20) and the
data's been accessible every time.

Were you referring to something else (namely, potentially needing to
repartition the device if the distro grows too large to be accomodated
by previous installs)?

- -- 
The Doctor [412/724/301/703] [ZS]
Developer, Project Byzantium: http://project-byzantium.org/

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F  DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

END OF LINE

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.20 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlIwokgACgkQO9j/K4B7F8GM1wCfRd3w/Aqe0bHz8LrPZrO48vht
fRUAoLM69KhnFWBf1iQgnpv8XwILG74k
=P5Ve
-END PGP SIGNATURE-
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] iPhone5S Fingerprint and 5th amendment

[Peat Bakke]

Awesome. That's plenty for me to chew on. I'm satisfied for now. :)

Thanks, Eugen!


On Wed, Sep 11, 2013 at 9:35 AM, Eugen Leitl  wrote:

> On Wed, Sep 11, 2013 at 09:20:56AM -0700, Peat Bakke wrote:
> > > This is likely subject to a precompiled hash lookup table attack,
> > > as the number of all possible fingerprints, quantized via a
> classification
> > > vector is not that large.
> >
> > Can you give us a better idea of how large "not that large" is?
>
> I thought there was insufficient variability so there could
> be dupes within the world population of mere 7 gigamonkeys,
> but that might be wrong,
> given http://lwn.net/Articles/276318/
>
> See FBI Appendix F specifications in
> http://www.fbibiospecs.org/fbibiometric/docs/EBTS%20V8.00...
> 500 pixels per inch or 1000 ppi at 8 bits per pixel. Capture size 1.6" x
> 1.5" (600 Kpixels)
> for roll finger or 1" x 2" for thumb (500 Kpixels).
>
> But once you threshold the images, you effectively get rather less than 1
> bit per pixel, as
> there's a lot of correlation between pixels. Also rotations all count the
> same. My fingers
> have more like 50 ridges per inch. But that's still a *lot* of possible
> values.
>
> After extracting the minutiae, there's rather less information held. One
> finger reader I have
> states the software extracts between 10 and 70 minutiae points, held as
> (x,y) vectors, in a
> transform claimed to be non-reversible. If coordinates are accurate to 6
> bits, that means 10 x
> (6+6) bits = 120 bits minimum. Still allows for significantly more
> possible prints than the
> world population.
>
> See also Sir James Crosby's report,
> http://www.hm-treasury.gov.uk/media/6/7/identity_assuranc..., suggesting
> that only
> non-unique digital representations should be stored. This would allow the
> master copy in the
> database to be replaced with another version, so would provide some
> limited options to
> "change" a compromised fingerprint.
>
> Uniqueness of fingerprints?
> Posted Apr 6, 2008 11:32 UTC (Sun) by man_ls (guest, #15091) [Link]
>
> Hmmm... doesn't the principle behind the Birthday paradox apply here? Even
> if there are 366 days in a year, the probability of two people having the
> same birthday reach 0.5 with a group of only 23 people. Therefore you would
> only need roughly the square root of the number of possibilities to find a
> collision.
> With 120 bits you are still safe, since the world population is about
> 2^32. But the security factor is not as high as it would seem. Surely we
> don't expect all values to be as likely, as with birthdays; if they tend to
> cluster around certain values (some kinds of fingerprint configurations are
> more probable than others) then collisions become increasingly likely.
>
> > Rainbow tables are always a problem, but I suspect that there's more
> > diversity in those vectors than in user generated passwords.
>
> --
> Liberationtech is a public list whose archives are searchable on Google.
> Violations of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
>



-- 
Peat Bakke
http://peat.org/
(503) 701-4135
@peat
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] iPhone 5S Fingerprint and Records (Was: iPhone5S and 5th amendment)

[Joseph Lorenzo Hall]

On Wed Sep 11 12:59:57 2013, The Doctor wrote:
>
> A question that hasn't been asked yet (to my knowledge, anyway): Will
> any of the iProduct copying devices available to LEOs bypass the 5S'
> fingerprint reader?

Not sure about that... certainly the reporting Declan did a few months 
ago about the "waiting list" at Cupertino for PIN-bypass forensics 
seems to indicate that if they can get and keep your device 
indefinitely, Apple has a way to get around this (and Android can force 
a reset such that LE can set their own PIN/etc. without being 
challenged on the previous one).

The reporting from Der Spiegel this past weekend didn't seem to clear 
this up much... (not clear if they are getting access to a local 
computer to which the smartphones sync, or a cloud backup, etc.)

best, Joe

--
Joseph Lorenzo Hall
Senior Staff Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
j...@cdt.org
PGP: https://josephhall.org/gpg-key
fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8



-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] quid pro quo

[Joseph Lorenzo Hall]

On 9/10/13 4:51 PM, Kyle Maxwell wrote:
> In general, as has been well documented, the telcos and other firms
> charge the government for data records. While possibly distasteful
> ("they're making money off of giving our data to the gov!"), it makes
> sense from an operational point of view: there are real, concrete
> costs associated with storing, retrieving, and providing those data to
> "valid" requests, not to mention the process of handling sensitive
> requests in the first place. So I'm not sure the counter approach
> ("provide it to us for free") is a good idea, either.

Yes, some of the reporting in the last weeks about the NSA's black
budget teased out these compensation relationships a bit, e.g.:

NSA paying U.S. companies for access to communications networks
http://articles.washingtonpost.com/2013-08-29/world/41712151_1_nsa-national-security-agency-companies

-- 
Joseph Lorenzo Hall
Senior Staff Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
j...@cdt.org
PGP: https://josephhall.org/gpg-key
fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8


-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] iPhone 5S Fingerprint and Records (Was: iPhone5S and 5th amendment)

[The Doctor]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 09/10/2013 05:57 PM, Bill Woodcock wrote:

> Coming soon to a checkpoint near you:  3D printing in gummi-bear
> material.

Or lifting one of the owner's fingerprints from the device in question
and using it to unlock the phone.

A question that hasn't been asked yet (to my knowledge, anyway): Will
any of the iProduct copying devices available to LEOs bypass the 5S'
fingerprint reader?

- -- 
The Doctor [412/724/301/703] [ZS]
Developer, Project Byzantium: http://project-byzantium.org/

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F  DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

File not found: A)bort, R)etry, M)assive heart attack?

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.20 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlIwoY0ACgkQO9j/K4B7F8F5fgCdE/QoChZiXpthbGgc/C++hL3h
A9oAnAtIBG2uC8Q0HxeM26qkZF54LnAc
=MWN8
-END PGP SIGNATURE-
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] iPhone5S Fingerprint and 5th amendment

[Joseph Lorenzo Hall]

On 9/11/13 12:08 PM, Eugen Leitl wrote:
> On Wed, Sep 11, 2013 at 11:04:44AM -0500, Matt Mackall wrote:
> 
>> Similarly, any other sort of one-way algorithm that prevents you from
>> reconstructing a valid input from the stored data is not going to work.
> 
> Typical fingerprint matching uses classification, recognizing and
> encoding multiple features into a vector. You could use a one-way
> hash on that vector. This is likely subject to a precompiled hash
> lookup table attack, as the number of all possible fingerprints,
> quantized via a classification vector is not that large.

There's a good deal of existing research out there on using symmeteric
hashes -- a hash that can accept discrete inputs in arbitrary order and
always calculate to the same value -- for secure biometric template
storage and matching.

Here is a paper I point people to that many of you will find absolutely
fascinating (although it's been some years so do check citations
pointing to this for further work):

Sergey Tulyakov, Faisal Farooq, Praveer Mansukhani, & Venu Govindaraju.
(2007). Symmetric hash functions for secure fingerprint biometric
systems. Pattern Recognition Letters, 28(16), 2427–2436. Retrieved from
http://www.researchgate.net/publication/222570842_Symmetric_hash_functions_for_secure_fingerprint_biometric_systems/file/79e4150d06419e02ec.pdf


-- 
Joseph Lorenzo Hall
Senior Staff Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
j...@cdt.org
PGP: https://josephhall.org/gpg-key
fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8


-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] New Access report on fake domain attacks on civil society

[Michael Carbone]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi libtech,

Back in May I asked for examples of fake websites and social media
that impersonate civil society and news organizations to include in a
report that we at Access were working on. Thanks to all those who
provided feedback, we have now released the report:

One of These Things is Not Like the Other:
A Report on Fake Domain Attacks
https://www.accessnow.org/FakeDomainsReport [pdf]

The report details how civil society organizations and news media are
the targets of a variety of sophisticated attacks to compromise their
websites and users, including the use of fake websites and social
media profiles. These fake domain attacks may be created with the
intention to draw readership from the original website and display
alternative content, create confusion amongst a targeted community, or
serve malware to compromise the target audience of the original
website. Attacks were seen in countries as diverse as Belarus, Iran,
Vietnam, and Kazakhstan.

We have observed these attacks on the eves of elections and other
important political events, including during critical social and
political periods. Attacks in Iran and Belarus attempted to minimize
the spread of information and disrupt potential civil unrest during
political elections and anniversaries.

Other attacks in Belarus and Kazakhstan utilized the privileged
position internet service providers (ISPs) have in a user’s
interaction with websites to redirect them away from targeted websites
to the fake websites. In addition, many fake domains took advantage of
procuring similarly-named URLs as the targeted website in order to
provide a sense of trust to the unwary user.

As news organizations and citizen media increasingly rely on digital
means to present their work, state-level adversaries are relying on
novel ways of diminishing their impact and targeting their readers.
Our data provides a window into the methods and effectiveness of these
attacks and the type of government environment that gives rise to them.

In addition, our report provides a number of mitigation mechanisms –
technical, policy, and legal – against fake domains for both users and
targeted websites. By providing such frameworks for mitigating these
attacks, we hope this report will give human rights defenders some of
the tools and understanding needed to better protect themselves and
their work in a hostile digital world.

In conjunction with the report, we have released an online tool “Fake
Domain Detective” (fakedomains.accessnow.org) to help organizations
and individuals search for fake domains of civil society and
independent media websites. If you run across any suspected fake
domains or have feedback on the tool, please share your findings with
us at repo...@accessnow.org.

Blogpost with overview of the report:
https://www.accessnow.org/blog/2013/08/01/one-of-these-things-is-not-like-the-other-report-on-fake-domains-attacks-on

Read the report [pdf]: https://www.accessnow.org/FakeDomainsReport

Test out the Fake Domain Detective: http://fakedomains.accessnow.org

Report suspected fake domains: repo...@accessnow.org

The report was written and managed by Michael Carbone; data analysis
and visualization by Béchir Nemlaghi and Dillon Reisman; policy and
legal analysis by Peter Micek, Drew Mitnick, Wes Paisley; design by
Mira Rojanasakul; Brett Solomon, Gustaf Björksten, Jochai Ben-Avie.

Let me know if you have any thoughts or comments, thanks!

Best,
Michael

- -- 
Michael Carbone
Manager of Tech Policy & Programs
Access | https://www.accessnow.org
mich...@accessnow.org | PGP: 0x81B7A13E
PGP Fingerprint: 25EC 1D0F 2D44 C4F4 5BEF EF83 C471 AD94 81B7 A13E

-BEGIN PGP SIGNATURE-

iQIcBAEBAgAGBQJSMKsGAAoJEDH9usG3Jz33EhAP/RmSOa/j8XQj0H/HkM3QONjr
5qcwr2Eli08U6meu5uzrsesx1yCykB1SlJeeWi4GbKPjIejQrg8nfzWvJyvq40+l
yJgDFOE9M0I5UFWu+FcPXIezEiCJSwhgQd2Qe7kgUOwrmCzCsWfJmFkQQeU918dc
/f+sLW+DR0g1vTZXvFc3b1nd8CI1y9Gx+KacoM3HX4SIikDKn+UDfvmetvJ3K3EH
FwuIQssBRNAy4bhSEKUAz8j8EFCBze66zA0vnTMFL/szkM3khH+D7PawaYUAy74g
/cTs2DMnIEObBLgcJnRue5mXjpMjm6Rx0J7hl9oIS+IybOTkpJAsPpq/yT1NwRRg
nFxNdSOCWeZkgExuvzFgK/hNeJN4PbYNFmwyKixYLxln+G1jYsCP9k2x5OAXV4E5
G5Al7fbBvZEKRh+h/htsyUs6VJfVHq81mCX0xT60BH4rM8e35j7R6NkQbwsZ94AH
v6jCmCKK6ZpiA08z3yuRdXQpHiaoXNZDyRay8Er91abMyFhfv7V0OWGBE0/2fhXh
Qgw8Nqtyd8+v76TuSWc22z7ymHvQ8r40zU0N185AuA2Qcr9/lJ85wvQCKZyYzJQX
phdGoDiWuz9dmdgC6RwPnX6PfA4TBHmu/WknWjBLkrFJmRHdhleBal96D0yX3qyx
DGk+mMtrMkp28aSohcNC
=HZx0
-END PGP SIGNATURE-
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] quid pro quo

[Lucas Gonze]

Again, the cash payments are a deception. They are in no way enough to
compensate these companies. Operational expenses associated with processing
data requests are a small part of the overall cost.


On Wed, Sep 11, 2013 at 10:36 AM, Joseph Lorenzo Hall  wrote:

>
>
> On 9/10/13 4:51 PM, Kyle Maxwell wrote:
> > In general, as has been well documented, the telcos and other firms
> > charge the government for data records. While possibly distasteful
> > ("they're making money off of giving our data to the gov!"), it makes
> > sense from an operational point of view: there are real, concrete
> > costs associated with storing, retrieving, and providing those data to
> > "valid" requests, not to mention the process of handling sensitive
> > requests in the first place. So I'm not sure the counter approach
> > ("provide it to us for free") is a good idea, either.
>
> Yes, some of the reporting in the last weeks about the NSA's black
> budget teased out these compensation relationships a bit, e.g.:
>
> NSA paying U.S. companies for access to communications networks
>
> http://articles.washingtonpost.com/2013-08-29/world/41712151_1_nsa-national-security-agency-companies
>
> --
> Joseph Lorenzo Hall
> Senior Staff Technologist
> Center for Democracy & Technology
> 1634 I ST NW STE 1100
> Washington DC 20006-4011
> (p) 202-407-8825
> (f) 202-637-0968
> j...@cdt.org
> PGP: https://josephhall.org/gpg-key
> fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8
>
>
> --
> Liberationtech is a public list whose archives are searchable on Google.
> Violations of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
>
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Linux distribution on encrypted USB?

[Moon Jones]

On 11.09.2013 19:03, The Doctor wrote:

On 09/11/2013 02:33 AM, Moon Jones wrote:

Yes, Tails seems to be the solution here as well. It has a very
elegant way of handling this with its encrypted storage. But, in
this case, it's rather limited upgrade-wise.


In what sense?


Tails is wonderfuly maid for its purpose. On the outside all drives look 
the same. Same space for the distribution and upgrades and the rest is 
one large encrypted space. So the packs added are put inside the 
encrypted drive. I'd say the libs and executables are fine out in clear, 
but the configs should be on the encrypted drive. Along with something 
like tripwire data, or at least some fingerprints and a file list to 
confirm the libs haven't turn against you overnight.



At least insofar as being able to access the encrypted storage
partition of a USB install of TAILS is concerned, so long as you don't
repartition the device it should just work.  I've tested this a few
times (upgrading a USB key from TAILS v0.19 to TAILS v0.20) and the
data's been accessible every time.


Yes. I did the same upgrade and it worked in an instant. I was so happy 
everything was ok. If I recall well, only three upgrades can be done, 
than I'll have to migrate the data by hand. Anyway, going from 0.19 to 
0.20 cured some unexplained hangups that persist in Debian 7.0 and 7.0.1.


Only that on an older than Tails 0.17 I fired up Synaptic and did some 
«cleanup», removing everything I did not want. Than I put some software 
I needed. And in the end I have broken the whole distro. I did nothing 
exotic. I have not add foreign repositories. And it did not work. So I'm 
trying to avoid customising Tails for every day use.



Were you referring to something else (namely, potentially needing to
repartition the device if the distro grows too large to be accomodated
by previous installs)?


I was thinking for my everyday system portable from one computer to 
another without touching the installed hard drive. The config is 
different. And I'm afraid to break stuff.

--
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] iPhone5S Fingerprint and 5th amendment

[R. Jason Cronk]

Not real familiar with fingerprint matching technology, but you might be 
able to use shingling to get around the problem of not wanting to keep 
raw data but also not have the divergence problem of hashing, no?


Jason


On 9/11/2013 12:04 PM, Matt Mackall wrote:

On Wed, 2013-09-11 at 08:42 -0700, Peat Bakke wrote:

Are there any reasons why fingerprint data couldn't be treated with the
same concern as passwords? That is, subject to a one-way hash before being
stored, transmitted in signed payloads, etc?

I'm not sure how securing this data would be different than passwords --
and given how much unique data can be generated from a fingerprint, it
should be significantly better than John Doe's 8 character password.

Fingerprint matching (like just about anything analog) is not going to
be error or noise-free, and thus will have to work on something less
than a 100% perfect match. Thus, comparing cryptographic hashes of the
input with a stored hash won't work: any single bit change in the input
will completely change the hash.

Similarly, any other sort of one-way algorithm that prevents you from
reconstructing a valid input from the stored data is not going to work.




*R. Jason Cronk, Esq., CIPP/US*
/Privacy Engineering Consultant/, *Enterprivacy Consulting Group* 



 * phone: (828) 4RJCESQ
 * twitter: @privacymaverick.com
 * blog: http://blog.privacymaverick.com

-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] iPhone5S Fingerprint and 5th amendment

[Peat Bakke]

Are there any reasons why fingerprint data couldn't be treated with the
same concern as passwords? That is, subject to a one-way hash before being
stored, transmitted in signed payloads, etc?

I'm not sure how securing this data would be different than passwords --
and given how much unique data can be generated from a fingerprint, it
should be significantly better than John Doe's 8 character password.



On Wed, Sep 11, 2013 at 6:40 AM, Rich Kulawiec  wrote:

> That's a valid concern.
>
> But I think you should probably be more concerned that it's only a matter
> of time until malware is released which grabs the fingerprint and quietly
> uploads it to someone's database.  I'm sure they'll find uses for it,
> doubly so if it happens to unlock something other than a phone.
>
> Perhaps this has already happened.
>
> ---rsk
> --
> Liberationtech is a public list whose archives are searchable on Google.
> Violations of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
>



-- 
Peat Bakke
http://peat.org/
(503) 701-4135
@peat
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Linux distribution on encrypted USB?

[intrigeri]

Hi,

Moon Jones wrote (11 Sep 2013 19:20:30 GMT) :
> Yes. I did the same upgrade and it worked in an instant. I was so happy 
> everything
> was ok. If I recall well, only three upgrades can be done, than I'll have to 
> migrate
> the data by hand.

This (or something similar) will be correct once we deploy incremental
upgrades in the wild (presumably by the end of the year). Until then,
Tails does full system upgrades while preserving user persistent data;
so, there is no such limit yet.

> So I'm trying to avoid customising Tails for every day use.

This would be my advice in general, unless one has good understanding
of the Tails design (and of Debian, and of [...]) and can guess what
the actual consequences of a change would be. I suspect that having
one's changes merged into mainline Tails may be the best strategy,
when it's relevant.

Cheers,
--
  intrigeri
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Henry Farrell for Democracy Journal: The Tech Intellectuals

[Yosem Companys]

http://www.democracyjournal.org/30/the-tech-intellectuals.php?page=all

The Tech Intellectuals

The good, bad, and ugly among our new breed of cyber-critics, and the
economic imperatives that drive them.

Henry Farrell

A quarter of a century ago, Russell Jacoby lamented the demise of the
public intellectual. The cause of death was an improvement in material
conditions. Public intellectuals—Dwight Macdonald, I.F. Stone, and
their like—once had little choice but to be independent. They had
difficulty getting permanent well-paying jobs. However, as
universities began to expand, they offered new opportunities to
erstwhile unemployables. The academy demanded a high price.
Intellectuals had to turn away from the public and toward the
practiced obscurities of academic research and prose. In Jacoby’s
description, these intellectuals “no longer need[ed] or want[ed] a
larger public…. Campuses [were] their homes; colleagues their
audience; monographs and specialized journals their media.”

Over the last decade, conditions have changed again. New possibilities
are opening up for public intellectuals. Internet-fueled media such as
blogs have made it much easier for aspiring intellectuals to publish
their opinions. They have fostered the creation of new intellectual
outlets (Jacobin, The New Inquiry, The Los Angeles Review of Books),
and helped revitalize some old ones too (The Baffler, Dissent).
Finally, and not least, they have provided the meat for a new set of
arguments about how communications technology is reshaping society.

These debates have created opportunities for an emergent breed of
professional argument-crafters: technology intellectuals. Like their
predecessors of the 1950s and ’60s, they often make a living without
having to work for a university. Indeed, the professoriate is being
left behind. Traditional academic disciplines (except for law, which
has a magpie-like fascination with new and shiny things) have had a
hard time keeping up. New technologies, to traditionalists, are
suspect: They are difficult to pin down within traditional academic
boundaries, and they look a little too fashionable to senior
academics, who are often nervous that their fields might somehow
become publicly relevant.

Many of these new public intellectuals are more or less self-made.
Others are scholars (often with uncomfortable relationships with the
academy, such as Clay Shirky, an unorthodox professor who is skeptical
that the traditional university model can survive). Others still are
entrepreneurs, like technology and media writer and podcaster Jeff
Jarvis, working the angles between public argument and emerging
business models.

These various new-model public intellectuals jostle together in a very
different world from the old. They aren’t trying to get review-essays
published in Dissent or Commentary. Instead, they want to give TED
talks that go viral. They argue with one another on a circuit of
business conferences, academic meetings, ideas festivals, and public
entertainment. They write books, some excellent, others incoherent.

In some ways, the technology intellectuals are more genuinely public
than their predecessors. The little magazines were just that, little.
They were written for an elite and well-educated readership that could
be measured in the tens of thousands. By contrast, TED talks are
viewed 7.5 million times every month by a global audience of people
who are mostly well-educated but are not self-conscious members of a
cultural elite in the way that the modal reader of Partisan Review
might have been.

In other ways, they are less public. They are more ideologically
constrained than either their predecessors or the general population.
There are few radical left-wingers, and fewer conservatives. Very many
of them sit somewhere on the spectrum between hard libertarianism and
moderate liberalism. These new intellectuals disagree on issues such
as privacy and security, but agree on more, including basic values of
toleration and willingness to let people live their lives as they
will. At their best, they offer an open and friendly pragmatism; at
their worst, a vision of the future that glosses over real politics,
and dissolves the spikiness, argumentativeness, and contrariness of
actual human beings into a flavorless celebration of superficial
diversity.

This world of conversation and debate doesn’t float unsupported in the
air. It has an underlying political economy, which is intuitively
understood by many of its participants. As Jacoby emphasizes, all
debates about ideas are shaped by their material conditions. The
intellectual possibilities of the purported golden age of the 1950s
were in part the product of bad pay, cheap rent, and a small but
intensely engaged audience of readers. Those of the 1960s and ’70s
were influenced by a burgeoning university system, which rewarded
intellectuals for writing impenetrably for an audience of their peers.

The possibilities today reflect a different set of materia

Re: [liberationtech] Naive Question

[R. Jason Cronk]

Anything which potentially signaled your receipt of an NSL would be 
grounds for prosecution under the gag-order. This is what the prosecutor 
was alluding to when he signaled that Lavabit's shut down was tantamount 
to a violation because his shut down essentially communicated the fact 
that he was under a court order to do something which he couldn't talk 
about.


Making your service secure such that you can't be forced to do this sort 
of thing (or such that it would be obvious, say open in reviewing your 
open source code) would be the only way to go.


*R. Jason Cronk, Esq., CIPP/US*
/Privacy Engineering Consultant/, *Enterprivacy Consulting Group* 



 * phone: (828) 4RJCESQ
 * twitter: @privacymaverick.com
 * blog: http://blog.privacymaverick.com

-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Naive Question

[coderman]

On Wed, Sep 11, 2013 at 2:52 PM, R. Jason Cronk  
wrote:
> Anything which potentially signaled your receipt of an NSL would be grounds
> for prosecution under the gag-order. This is what the prosecutor was
> alluding to when he signaled that Lavabit's shut down was tantamount to a
> violation because his shut down essentially communicated the fact that he
> was under a court order to do something which he couldn't talk about.


if this is prosecuted, and upheld, it would signal the death of for
profit or non-profit (e.g. incorporated) services for any private
communication.

this assumes the NSL provisions do not hold against individuals in a
private capacity...
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Inside the Effort to Crowdfund NSA-Proof Email and Chat Services | Motherboard

[Yosem Companys]

http://motherboard.vice.com/blog/inside-the-effort-to-crowdfund-nsa-proof-email-and-chat-services

Back in 1999, Seattle-based activists formed the communication
collective Riseup.net. The site's email and chat services, among other
tools, soon offered dissidents a means of encrypted communication
essential to their work. Fourteen years later, Riseup is still going
strong. In fact, they've been fighting the US state surveillance
apparatus longer than most people have been aware of the NSA's
shenanigans. Now, the collective is hoping to expand, given the gross
privacy transgressions of the NSA and US government as a whole.

"What surveillance really is, at its root, is a highly effective form
of social control," reads an AugustRiseup newsletter. "The knowledge
of always being watched changes our behavior and stifles dissent. The
inability to associate secretly means there is no longer any
possibility for free association. The inability to whisper means there
is no longer any speech that is truly free of coercion, real or
implied. Most profoundly, pervasive surveillance threatens to
eliminate the most vital element of both democracy and social
movements: the mental space for people to form dissenting and
unpopular views."

The impetus behind the project is Riseup's struggle to keep up with
new user demand for an email service that doesn't log IP addresses,
sell data to third parties, or hand data over to the NSA. Riseup will
also be able to expand its considerable anonymous emailing lists,
which features nearly 6 million subscribers spread across 14,000
lists. Their Virtual Private Network (VPN), which allows users to
securely connect to the internet as a whole, will also be made more
robust. What Riseup can't do is offer its users an anonymous browsing
experience, but that's not their aim.

To offer Riseup to more users, Free Press's Joshua Levy, Elizabeth
Stark (an open internet advocate who has taught at Stanford and Yale),
as well as others at the StopWatching.Us campaign (backed by Mozilla)
recently launched an Indiegogo crowd-funding effort on behalf of the
group. They hope to raise $10,000 in order to provide Riseup—which is
run by volunteers—with a new server, hardware, and software
capabilities. In short, they want to expand their reach so that
internet users have another alternative to email services such as
Gmail, Yahoo, and Hotmail.

To get a clearer picture of what StopWatching.Us and Riseup are doing,
I spoke with Levy, Stark, and an anonymous Riseup collective member.
We talked about how the crowdfunding money will be spent; how Riseup
helps users avoid NSA, as well as state and local repression; and why,
contrary to reports, the Tor Browser bundle is still the best option
for anonymous, encrypted browsing. (As of today, the crowdfunding
campaign reached it's $10,000 goal, but the organizers are hoping to
exceed that total by a good margin.)

[snip]
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Linux distribution on encrypted USB?

[Brad Beckett]

Use a Live USB distro with LOK-IT encrypted flash drives. All crypto and
authentication is handed on the drive itself...therefor bootable and works
on any OS: http://www.lok-it.net


On Tue, Sep 10, 2013 at 5:41 AM, Moon Jones wrote:

> A portable distribution on an encrypted stick.
>
> In the end, I think only an USB hard drive can offer that, because of the
> way memory locations are handled by flash media.
>
> But is it feasable to have a two device solution? Media1 has the /boot but
> Media2 has the strong key. Media1 boots, prompts, than mounts Media2, takes
> the key, unmounts Media2 prompting and goes ahead with the boot without
> touching the other drives.
>
> Are these doable? Are they already made?
> --
> Liberationtech is a public list whose archives are searchable on Google.
> Violations of list guidelines will get you moderated:
> https://mailman.stanford.edu/**mailman/listinfo/**liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
>
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.