[liberationtech] uVirtus Linux, encrypted OS for Syria
Dlshad Othman, a Syrian hacker and anti-Assad activist (you might remember him for Stephan Faris' piece on the hackers of Damascus on Businessweek) is launching uVirtus Linux today in DC (see event here: https://www.uvirtus.org/?p=139). uVIrtus Linux, according to the project's site ( https://www.uvirtus.org/?page_id=4) is a fully encrypted OS based on Debian that has encryption tools preconfigured so that activist in Syria can use it to avoid governemnt surveillance. What do you guys think about this project? Reminds me a little bit of FreedomBox (without the hardware). Thoughts? -- Lorenzo Franceschi-Bicchierai Mashable US World Reporter lore...@mashable.com | lorenzo...@gmail.com #: (+1) 917 257 1382 Twitter: @lorenzofb https://www.twitter.com/lorenzoFB Skype: lorenzofb8 Encrypted Phone: (+1) 408 606 9770 OTR: lorenz...@jabber.ccc.de Wickr: lorenzofb www.lorenzofb.com -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] uVirtus Linux, encrypted OS for Syria
quick comments from me.. 1. The press should learn from past experiences. A security tool launched by a featured/cool activist should be a warning sign. Far too many such projects have been launched with disastrous effects. coolness breeds a false sense of security 2. The press should do their homework and engage experts before running a story.. As with any such initiatives - information, if any, that is available on the technical qualifications of the developers, external review, and source of funding can be helpful. 3. We need secure tools that are sustainable, easy to use, that don't betray the users. That's hard and very few developers get it right. 4. Case studies and external review is way more important than hype.. In terms of community engagement, hard engineering work and practical deployment - Martus (by benetech) and Tor (by torproject) are highly recommend and have a great track record. Robert On 2013-09-27, at 10:23 AM, Lorenzo Franceschi -Bicchierai wrote: Dlshad Othman, a Syrian hacker and anti-Assad activist (you might remember him for Stephan Faris' piece on the hackers of Damascus on Businessweek) is launching uVirtus Linux today in DC (see event here: https://www.uvirtus.org/?p=139). uVIrtus Linux, according to the project's site (https://www.uvirtus.org/?page_id=4) is a fully encrypted OS based on Debian that has encryption tools preconfigured so that activist in Syria can use it to avoid governemnt surveillance. What do you guys think about this project? Reminds me a little bit of FreedomBox (without the hardware). Thoughts? -- Lorenzo Franceschi-Bicchierai Mashable US World Reporter lore...@mashable.com | lorenzo...@gmail.com #: (+1) 917 257 1382 Twitter: @lorenzofb Skype: lorenzofb8 Encrypted Phone: (+1) 408 606 9770 OTR: lorenz...@jabber.ccc.de Wickr: lorenzofb www.lorenzofb.com -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] FW: What the IETF is thinking about Prism these days..
On Fri, Sep 27, 2013 at 11:55 AM, michael gurstein gurst...@gmail.com wrote: Title : Prismatic Reflections Author(s) : Brian Carpenter Filename: draft-carpenter-prismatic-reflections-00.txt There is at least one other similar draft: http://www.ietf.org/id/draft-hallambaker-prismproof-req-00.txt -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] uVirtus Linux, encrypted OS for Syria
Lorenzo Franceschi -Bicchierai wrote (27 Sep 2013 14:23:34 GMT) : What do you guys think about this project? It is hard to think about an OS before we can read the source code and try the product, so what follows should be taken with a grain of salt. Apart of the configuration management (with the interesting idea of using obfsproxy without Tor to retrieve a list of VPN servers that are not blocked yet), the networking setup seems to be the usual one-hop proxy that we know is pretty weak as far as anonymity is concerned. That's why adventurous statements such as the secure operating system and offers anonymity through the untraceable VPN connection trigger red warning lights in my head. I hope the user documentation will display the relevant warnings prominently to avoid putting users at risk. Still, with my Tails developer hat on, I can't wait to have a closer look at the result, and I hope we can share some tools and work with the uVirtus team :) Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] NSA seeks privacy/civil liberties officer
I don't think this tells us anything one way or the other. They could be doing it for show (most likely IMHO), or because they want to comply with THEIR vision of privacy civil liberties (also significantly likely), or because they want to do the right thing (so unlikely that I'd rather buy a lottery ticket). The SNR on this is not very promising. :( @kylemaxwell On Thu, Sep 26, 2013 at 12:09 PM, Shava Nerad shav...@gmail.com wrote: This was on the jobs list, but seems to bear comment more generally. *The NSA needs you!* _privacy and civil liberties position_ The NSA Civil Liberties Privacy Officer (CLPO) is conceived as a completely new role, combining the separate responsibilities of NSA's existing Civil Liberties and Privacy (CL/P) protection programs under a single official. … Because they were so efficient at protecting privacy and civil liberties before, they decided they could halve the management hours devoted to it. Or, let's take the cup half full, shall we? This used to be two positions. They came up with an excuse to can those two asshats and install someone new and marginally credible and competent by reformatting the role. I can dream… https://www.nsa.gov/psp/applyonline/EMPLOYEE/HRMS/c/HRS_HRAM.HRS_CE.GBL?Page=HRS_CE_HM_PREAction=ASiteId=1 Some days you really don't know whether to laugh or cry… SN -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Techies--Congress can't hear you
dear lib tech friends, I wrote this piece--out today-- The Bigger Problem Revealed by the NSA Fiasco it looks at the institutional problem of information management and the fact that Congress simply can't deal with complexity...our present challenge with over-surveillance is a case in point... I would argue that our next step is bridging this gap between revolutions and institutions--as it is worsening worldwide. And we need to be there first...the middle will not hold unless we build it with our blueprints... http://weeklywonk.newamerica.net/articles/the-bigger-problem-revealed-by-the-nsa-fiasco/ Thanks for all you do. -- * Thanks, Lorelei Kelly My new website is up!* *www.loreleikelly.net * * * * * Open Technology Institute Smart Congress pilot lead New America Foundation Tweeting @loreleikelly cell: 202-487-7728 -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] uVirtus Linux, encrypted OS for Syria
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 27/09/13 15:23, Lorenzo Franceschi -Bicchierai wrote: Thoughts? The update feature of uVirtus's Sanctuary VPN (OpenVPN obfuscated with obfsproxy) is a bit concerning. The source code has been removed from Github, but judging by the description on the uVirtus site, the client downloads an encrypted list of proxies from an update server. The list is encrypted with a key that's baked into the client. No integrity protection is mentioned. (The choice of encryption algorithm is odd - Password Based Encryption with MD5 and Triple DES. Perhaps that's for compatibility with very old export-restricted versions of Java?) As far as I can tell (again, going by the description on the site), someone with access to a copy of the client could extract the encryption key and forge a list of proxies. The forged list could then be substituted for the real list by intercepting connections to the update server, causing other clients to connect to proxies controlled by the attacker. Cheers, Michael -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJSRcuGAAoJEBEET9GfxSfMPF4H/33xwYjOILGmG0psGHfdubq8 f1ZR9Cr7ghetRyRx1gNvrCxh2xBygSA9fUZA+GXJveZBzc4X95aDjhmQKNtvXdhC zHrymKc6YQo/ijeE2uVpbbiJks+VVoTEqstF/bu6es+j+/SMUNenrzg2z7zkM7IQ eAGS7Y7ge8qkyMT0KEmD2rtpGBaFjyKY5NEf0KjCtcrAoD08hycrvzuN8cYL7IDa g+TLsfgtukMMw976qVrULkC+VrgYvuUOVyVNXO3VFBiTaYpdnb/XCXaK7KwSBF2X aNxqr1+FEt/es9eTd3STAK3zKqf+g+2zq9N2qHYzLnW1dnl1h7E8al36w5RVOsk= =O8FP -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] uVirtus Linux, encrypted OS for Syria
Quick question on the fly, what does this OS add to exiting projects as: Liberté Linux :http://dee.su/liberte or Tails : https://tails.boum.org/ ?? -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] ICANN Whois Privacy/Proxy Abuse Study Findings Webinar Invitation
Thought this might be of interest to those on this list... [http://www.icann.org/images/gradlogo_bow.jpg]http://www.icann.org/ News Alert http://www.icann.org/en/news/announcements/announcement-27sep13-en.htm ICANN Whois Privacy/Proxy Abuse Study Findings Webinar Invitation 27 September 2013 In order to participate, please RSVP via email to the GNSO Secretariat (gnso.secretar...@gnso.icann.orgmailto:gnso.secretar...@gnso.icann.org) to receive the call details. You are invited to participate in a webinar about the recently released Whois Privacy/Proxy Abuse Study, conducted for ICANN by the National Physical Laboratory (NPL) in the United Kingdom. This study has now been published for public comment, and community feedback is being invited in order to assist ICANN with evaluating potential changes to Whois policy and the use of privacy/proxy services. The study was commissioned by the GNSO to help the ICANN community understand the role that privacy and proxy service abuse plays in obscuring the identities of parties engaged in illegal or harmful activities, including phishing, cybersquatting, hosting child abuse sexual images, advanced fee fraud, and the online sale of counterfeit pharmaceuticals. NPL was engaged to analyze domain names across the top five gTLDs - .biz, .com, .info, .net and .org – to measure whether the percentage of privacy/proxy use among domains engaged in illegal or harmful Internet activities is significantly greater than among domain names used for lawful Internet activities. NPL's chief investigator on the study, Dr. Richard Clayton of the University of Cambridge, and ICANN staff will provide a briefing on Tuesday 15 October at 12.00 UTC and 19.00 UTC, summarizing NPL's findings and conclusions based on the data they collected and analyzed. Amongst other topics, Dr. Clayton will discuss: * NPL's methodology for the study and the hypothesis tested; * The different project activities and work packages undertaken for the study; * NPL's statistical analysis of the data sampled for the study, including comparative differences observed by the research team; and * NPL's conclusions based on the results of its analysis. The two sessions are duplicates, scheduled to accommodate different time zones. Each session, scheduled to run for sixty (60) minutes, will be conducted in English only. The meeting will be run in Adobe Connect with a slide presentation along with a dial-in conference bridge for audio. Participants will have the opportunity to ask questions at the end of each session. During the course of the webinar, questions may also be submitted using the chat function of Adobe Connect. If you are not able to participate in either of the live sessions, the recording of the session will be made available shortly after the meeting. The policy staff is always available to answer any questions that you email to policy-st...@icann.orgmailto:policy-st...@icann.org. In order to participate, please RSVP via email to the GNSO Secretariat (gnso.secretar...@gnso.icann.orgmailto:gnso.secretar...@gnso.icann.org) to receive the call details. Please indicate which call you would like to join on Tuesday 15 October – at 12.00 UTC or at 19.00 UTC (to convert those times into your local time, see: http://www.timeanddate.com/worldclock/fixedform.html). We will send you an e-mail reminder before the event with log-in and dial-in details. Please DO NOT RSVP to any other ICANN staff member's e-mail -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Crowdsourcing in Policy-Making: The Impact of Blended Expertise on Law-Making Process
*Crowdsourcing in Policy-Making: The Impact of Blended Expertise on Law-Making Process * *When:* October 3, 2013 / 4:30 p.m. - 6:00 p.m. *Host:* Center for Democracy, Development, and the Rule of LawCDDRL Seminar Series *Featuring:* Tanja Aitamurto, Stanford University *Location:* Wallenberg Hall, 450 Serra Mall, Building 160, Stanford, CA 94305-2055 *More:* Websitehttp://r20.rs6.net/tn.jsp?e=0015E8HU5E8sGA-MRkqyHr7rVtXtCsSDYbsznDEP1klu4KVddtGprajH1aW9JBz-c9QEYetPVnpaViiMCMYvW8tKQxkzFBNJ79aJkhWtDNKZFTVQ0hWYHHnqQBjOAcQIMFXNayD1iJvE1Zn9ADZNPFZiEUJRCaGbeiE0GCebBvQoZqmtnPWAhhTAzxyoeGBAkOZ-V2g65r7o1BfOVSalIWJLhgYPZGz1suEDZAJQFupWJDhdKVYL0v6CsUAtBXHtC7fWzHSKJrbXi8= -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] New Pieces on Google Apple Export Decision on Iran and New Anti-Censorship Tech
Hi, My name is Nima Rassooli. I''m an independent scholar based in California. I have a B.A. in Political Science from the University of California, San Diego and an M.A. in Political Science from San Francisco State University. My current research is on the relationship between digital technology, state power, and cyber-capitalism. I also contribute on IranWire.com. I just joined the lib.tech maling list and i just want to say hi. I have a new series on IranWire that may be of interest to people on the list. My first piece that came last week is on the Google and Apple decisions to export technology to Iran and the larger picture of its implications and the state of technology sanctions and prohibitions in Iran came out. Here is a link. http://iranwire.com/en/projects/2663 It also includes an analysis of other headlines that haven't been reported yet by the media. And a second piece came out today. http://iranwire.com/en/projects/2835 It's on the landscape of anti-censorship technologies used in Iran with a short history of significant developments and up-and coming State Department funded projects. Hope you enjoy the articles. Nima Rassooli Contact: nimarasso...@gmail.com -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.