[liberationtech] Show Me Your Dashboard - Digital Methods Winter School 2015 - Univ. of Amsterdam
SHOW ME YOUR DASHBOARD New Media Monitoring and Data Analytics as Critical Practice Digital Methods Winter School, Data Sprint and Mini-Conference *12-16 January 2015 | Digital Methods Winter School * *Digital Methods Initiative | http://www.digitalmethods.net/ http://www.digitalmethods.net/**Media Studies | University of Amsterdam* *https://wiki.digitalmethods.net/Dmi/WinterSchool2015* https://wiki.digitalmethods.net/Dmi/WinterSchool2015 The Digital Methods Initiative (DMI), Amsterdam, is pleased to announce its 7th annual Winter School, on New Media Monitoring and Data Analytics as Critical Practice. The format is that of a data sprint, with hands-on work on media monitoring with data analytics, and a Mini-conference, where PhD candidates, motivated scholars and advanced graduate students present short papers on digital methods and new media related topics, and receive feedback from the Amsterdam group of DMI researchers and international participants. Participants need not give a paper at the Mini-conference to attend the Winter School. The focus of this year's Winter School is on how online media monitoring is currently done by non-governmental (NGOs) such as treealerts.org, and it seeks to identify practices that could fill in the notion of critical data analytics. For the occasion we have invited academics to present on the state of the art of online media monitoring by focusing on three areas where there is both innovation as well as repurposing of techniques normally associated with marketing, business intelligence and the work of digital agencies: issue discovery and language placement (who's carrying the conversation), engagement and public fund-raising (when do images and other engagement formats ‘work’?) and crisis communication (who is making the calls when there is a breakdown?). At the Winter School social media analysts and communications specialists from NGOs will present on the state of the art of media monitoring, their current analytical needs and what the Internet can continue to add with respect to new data sources as well as monitoring techniques. We will also ask each of the organizations to show us their dashboards. The first day kicks off with Nathaniel Tkacz from the University of Warwick who will talk about Dashboards and Data Signals http://blogs.cim.warwick.ac.uk/dashboard/about-2/, and the desire to control the data deluge. After the the first day of talks as well as dashboard show and tell, the data sprint commences, whereupon the attendees, including analysts, designers and programmers, undertake empirical projects that address the state of the art in NGO online media data analysis. We work on projects that seek to meet the current analytical needs. The week closes with presentations of the outcomes as well as a festive celebration. During the week there is also an evening of talks and a debate with Jimmy Wales http://en.wikipedia.org/wiki/Jimmy_Wales, co-founder of Wikipedia, at the nearby Royal Netherlands Academy of Arts and Science https://www.knaw.nl/en/. The theme of the 2015 Winter School furthers the analytical collaboration between the Digital Methods Initiative and NGO media analysts, including Soenke Lorenzen of Greenpeace International http://www.greenpeace.org. Previously workshop facilitators and collaborators have included representatives from Human Rights Watch http://www.hrw.org/, Association for Progressive Communications https://www.apc.org/, Women on Waves http://www.womenonwaves.org/, Carbon Trade Watch http://www.carbontradewatch.org/, Corporate Observatory Europe http://corporateeurope.org and Fair Phone http://www.fairphone.com/. In preparation for the sprint we also have developed how-to worksheets on New Media Monitoring and Tooling that take as their case studies NGO issue mappings with digital methods. Upon conclusion we aim to compile the Sprint projects from the Winter School, and combine them with the how-to sheets to produce an open access publication on NGO media monitoring. All participants are invited to contribute. Digital Methods Winter School Data Sprint A data sprint is a workshop format for intensive, empirical project work, where analysts, programers, designers and subject matter experts collaborate to output research. This year's data sprint is devoted to new media monitoring with data analytics, and particularly its critical practice. Broadly speaking, media monitoring is understood as the process of reading, watching or listening to the editorial content of media sources on a continuing basis, and then identifying, analyzing and saving materials that contain specific themes, topics, keywords, names, forms or formats. Monitoring the editorial content of news sources including newspapers, magazines, trade journals, TV shows, radio programs and specific websites is by far the most common form of media monitoring, but most organizations increasingly monitor social media online, and its impact on the diffusion of news in all
[liberationtech] FYI: Making Connections to Facebook more Secure
It’s important to us at Facebook to provide methods for people to use our site securely. People connect to Facebook in many different ways, which is why we have implemented HTTPS across our service, and Perfect Forward Secrecy, HSTS, and other technologies which help give people more confidence that they are connected securely to Facebook. That doesn’t mean we can’t improve yet further. Consider Tor: Tor challenges some assumptions of Facebook's security mechanisms - for example its design means that from the perspective of our systems a person who appears to be connecting from Australia at one moment may the next appear to be in Sweden or Canada. In other contexts such behaviour might suggest that a hacked account is being accessed through a “botnet”, but for Tor this is normal. Considerations like these have not always been reflected in Facebook's security infrastructure, which has sometimes led to unnecessary hurdles for people who connect to Facebook using Tor. To make their experience more consistent with our goals of accessibility and security, we have begun an experiment which makes Facebook available directly over Tor network at the following URL: https://facebookcorewwwi.onion/ [ NOTE: link will only work in Tor-enabled browsers ] Facebook Onion Address Facebook's onion address provides a way to access Facebook through Tor without losing the cryptographic protections provided by the Tor cloud. The idea is that the Facebook onion address connects you to Facebook's Core WWW Infrastructure - check the URL again, you'll see what we did there - and it reflects one benefit of accessing Facebook this way: that it provides end-to-end communication, from your browser directly into a Facebook datacentre. We decided to use SSL atop this service due in part to architectural considerations - for example, we use the Tor daemon as a reverse proxy into a load balancer and Facebook traffic requires the protection of SSL over that link. As a result, we have provided an SSL certificate which cites our onion address; this mechanism removes the Tor Browser's “SSL Certificate Warning” for that onion address and increases confidence that this service really is run by Facebook. Issuing an SSL certificate for a Tor implementation is - in the Tor world - a novel solution to attribute ownership of an onion address; other solutions for attribution are ripe for consideration, but we believe that this one provides an appropriate starting point for such discussion. Over time we hope to share some of the lessons that we have learned - and will learn - about scaling and deploying services via the Facebook onion address; we have many ideas and are looking forward to improving this service. A medium-term goal will be to support Facebook's mobile-friendly website via an onion address, although in the meantime we expect the service to be of an evolutionary and slightly flaky nature. We hope that these and other features will be useful to people who wish to use Facebook's onion address. Finally, we would like to extend our thanks to Ms. Runa Sandvik and to Dr. Steven Murdoch of UCL for their kind assistance and generous advice in the development of this project. Alec Muffett is a Software Engineer for Security Infrastructure at Facebook London. SOURCE: https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-secure/1526085754298237 -- PGP: 0xa53963936999cbb6 -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] FYI: Making Connections to Facebook more Secure
I find the interesting part the fact that they got a CA to sign a .onion domain certificate. Is that normal? On Fri, Oct 31, 2014 at 8:39 AM, Nariman Gharib nariman...@gmail.com wrote: It's important to us at Facebook to provide methods for people to use our site securely. People connect to Facebook in many different ways, which is why we have implemented HTTPS across our service, and Perfect Forward Secrecy, HSTS, and other technologies which help give people more confidence that they are connected securely to Facebook. That doesn't mean we can't improve yet further. Consider Tor: Tor challenges some assumptions of Facebook's security mechanisms - for example its design means that from the perspective of our systems a person who appears to be connecting from Australia at one moment may the next appear to be in Sweden or Canada. In other contexts such behaviour might suggest that a hacked account is being accessed through a botnet, but for Tor this is normal. Considerations like these have not always been reflected in Facebook's security infrastructure, which has sometimes led to unnecessary hurdles for people who connect to Facebook using Tor. To make their experience more consistent with our goals of accessibility and security, we have begun an experiment which makes Facebook available directly over Tor network at the following URL: https://facebookcorewwwi.onion/ [ NOTE: link will only work in Tor-enabled browsers ] Facebook Onion Address Facebook's onion address provides a way to access Facebook through Tor without losing the cryptographic protections provided by the Tor cloud. The idea is that the Facebook onion address connects you to Facebook's Core WWW Infrastructure - check the URL again, you'll see what we did there - and it reflects one benefit of accessing Facebook this way: that it provides end-to-end communication, from your browser directly into a Facebook datacentre. We decided to use SSL atop this service due in part to architectural considerations - for example, we use the Tor daemon as a reverse proxy into a load balancer and Facebook traffic requires the protection of SSL over that link. As a result, we have provided an SSL certificate which cites our onion address; this mechanism removes the Tor Browser's SSL Certificate Warning for that onion address and increases confidence that this service really is run by Facebook. Issuing an SSL certificate for a Tor implementation is - in the Tor world - a novel solution to attribute ownership of an onion address; other solutions for attribution are ripe for consideration, but we believe that this one provides an appropriate starting point for such discussion. Over time we hope to share some of the lessons that we have learned - and will learn - about scaling and deploying services via the Facebook onion address; we have many ideas and are looking forward to improving this service. A medium-term goal will be to support Facebook's mobile-friendly website via an onion address, although in the meantime we expect the service to be of an evolutionary and slightly flaky nature. We hope that these and other features will be useful to people who wish to use Facebook's onion address. Finally, we would like to extend our thanks to Ms. Runa Sandvik and to Dr. Steven Murdoch of UCL for their kind assistance and generous advice in the development of this project. Alec Muffett is a Software Engineer for Security Infrastructure at Facebook London. SOURCE: https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-secure/1526085754298237 -- PGP: 0xa53963936999cbb6 -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] FYI: Making Connections to Facebook more Secure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 10/31/2014 09:39 AM, Nariman Gharib wrote: https://facebookcorewwwi.onion/ *** That is an experiment. Tor usage is likely to remain marginal on Facebook. But what if it doesn't? Absorbing the traffic of Facebook users into the Tor network would likely disrupt the assumptions of anonymity of all users: obviously Facebook users would not be anonymous, although their origin would--but it's probably marginal in the way FB identifies its users. When AOL put a server on IRC, suddenly the stable population of IRC Undernet was invaded, like central Chinese by the Han to trump rebellion: one day you're a solid majority, the next day you're a loud minority. Would Facebook account for the increased bandwidth? Would they give a billion dollars contribution to TorServers.net or would they rather setup their own relays? What happens to my anonymity if a major player does lift the anonymity of the majority of users? == hk -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQJ8BAEBCgBmBQJUU5NGXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ3MDM3QTJCNjlFNkMxQzA1NjI4RDUzOEZE OEU3QkQ4MDk0MUM4MjkzAAoJENjnvYCUHIKT4hEQAODxUDAdnJBx007Nn108JVe3 E/dRrcIANtpRQmiJKqKGL6d0AiqJUvy54nKJtw8/EV884uHy9V+S8Qy8UXo4azJq rdogaeJiEieUzX4AFvjEu6Iv8sQVQAqmLWySIZVxD9YBC60H+5sGi3JZ0a01WVh8 FtHYTelqIRkIz1y7/uvwzzxdu/CWBt+B+XYRw2oo04cP59EfVfMvHWYXdWKTg+Ua FlSqZ94KH+3wVWKwqVxNddMSRDEnMa4U8v8C+Fop0fyJqA0rRmbO+3dRu9VcZDoN omBlb2KuMUQcowE3jMnA/zp7wMQg5plJ/ySNMM4BfXGWwfMnksEjuEQ0JwEYHO2U 8xzO7+1pmhUMYaMPkVFc1I5AUWmiSkocbXNdBtjej0oQRiT4bRn1kyQN+Qhrc82f Ol6GCfIHc7AqXYLFeUlx6qM+jzVd9Pzq1C4JsmJ91fMvoaWkt18o76pgX5aYPDDY 04JXZtoWlgVzzshTOSpZ9Mish6cKMX5hw5jCnMSsGlIGEtHG4v8Cl/S5MD8wRSiN OXhdYXbeZjx4US1o64gdjxpum+AuwTMak74ncNZ0EiQC+yXM0VfoKJok+KrZGtWg hFTRZ+puncMAwYceQIeW+zZACW9qIfMtqID/He91nrKFW1mTOyb1at6M6VAzkWCF I04z6fUD5TqS+c8FkNA+ =3h82 -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Facebook available as a Tor hidden service
Facebook is now available as a Tor hidden service at this .onion address: https://facebookcorewwwi.onion/ Blog post is here: https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-secure/1526085754298237 -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] FYI: Making Connections to Facebook more Secure
Facebook is using a wildcard for SSL. The following are a list of domains/hosts the cert provides for. Notice the additional onion addresses Not Critical DNS Name: *.facebook.com DNS Name: facebook.com DNS Name: *.fb.com DNS Name: *.fbsbx.com DNS Name: *.fbcdn.net DNS Name: *.xx.fbcdn.net DNS Name: *.xy.fbcdn.net DNS Name: fb.com DNS Name: facebookcorewwwi.onion DNS Name: fbcdn23dssr3jqnq.onion DNS Name: fbsbx2q4mvcl63pw.onion I'm still wondering how one verifies ownership of a .onion domain? You aren't going to look at the WHOIS record and send an email to the technical contact on file or send an email to postmaster@xxx.onion. Do large companies like FB have a fast track for getting odd requests? On Fri, Oct 31, 2014 at 9:05 AM, AntiTree antit...@gmail.com wrote: I find the interesting part the fact that they got a CA to sign a .onion domain certificate. Is that normal? On Fri, Oct 31, 2014 at 8:39 AM, Nariman Gharib nariman...@gmail.com wrote: It's important to us at Facebook to provide methods for people to use our site securely. People connect to Facebook in many different ways, which is why we have implemented HTTPS across our service, and Perfect Forward Secrecy, HSTS, and other technologies which help give people more confidence that they are connected securely to Facebook. That doesn't mean we can't improve yet further. Consider Tor: Tor challenges some assumptions of Facebook's security mechanisms - for example its design means that from the perspective of our systems a person who appears to be connecting from Australia at one moment may the next appear to be in Sweden or Canada. In other contexts such behaviour might suggest that a hacked account is being accessed through a botnet, but for Tor this is normal. Considerations like these have not always been reflected in Facebook's security infrastructure, which has sometimes led to unnecessary hurdles for people who connect to Facebook using Tor. To make their experience more consistent with our goals of accessibility and security, we have begun an experiment which makes Facebook available directly over Tor network at the following URL: https://facebookcorewwwi.onion/ [ NOTE: link will only work in Tor-enabled browsers ] Facebook Onion Address Facebook's onion address provides a way to access Facebook through Tor without losing the cryptographic protections provided by the Tor cloud. The idea is that the Facebook onion address connects you to Facebook's Core WWW Infrastructure - check the URL again, you'll see what we did there - and it reflects one benefit of accessing Facebook this way: that it provides end-to-end communication, from your browser directly into a Facebook datacentre. We decided to use SSL atop this service due in part to architectural considerations - for example, we use the Tor daemon as a reverse proxy into a load balancer and Facebook traffic requires the protection of SSL over that link. As a result, we have provided an SSL certificate which cites our onion address; this mechanism removes the Tor Browser's SSL Certificate Warning for that onion address and increases confidence that this service really is run by Facebook. Issuing an SSL certificate for a Tor implementation is - in the Tor world - a novel solution to attribute ownership of an onion address; other solutions for attribution are ripe for consideration, but we believe that this one provides an appropriate starting point for such discussion. Over time we hope to share some of the lessons that we have learned - and will learn - about scaling and deploying services via the Facebook onion address; we have many ideas and are looking forward to improving this service. A medium-term goal will be to support Facebook's mobile-friendly website via an onion address, although in the meantime we expect the service to be of an evolutionary and slightly flaky nature. We hope that these and other features will be useful to people who wish to use Facebook's onion address. Finally, we would like to extend our thanks to Ms. Runa Sandvik and to Dr. Steven Murdoch of UCL for their kind assistance and generous advice in the development of this project. Alec Muffett is a Software Engineer for Security Infrastructure at Facebook London. SOURCE: https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-secure/1526085754298237 -- PGP: 0xa53963936999cbb6 -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by
Re: [liberationtech] Facebook available as a Tor hidden service
I tried to login (with a fake account I maintain for just such a purpose). Your account is temporarily locked, it says. I get that; it appears I'm trying to login from a strange location. To proceed, I have to ID pictures of friends. Ok, I say. But the page with friends' photos doesn't load, probably because I have Javascript off (common practice with the Tor Browser). Fail. Let's say people take this seriously -- to do so, they will have to use Javascript, which is a bad move when using Tor. It seems to me that this would just inculcate bad security habits for any would-be Dark Web users. - Rob On 10/31/2014 08:14 AM, Steve Weis wrote: Facebook is now available as a Tor hidden service at this .onion address: https://facebookcorewwwi.onion/ Blog post is here: https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-secure/1526085754298237 -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Facebook available as a Tor hidden service
Hi Rob,You do know TBB's defaults regarding scripts, right? If it's a conundrum with no easy answer for Tor devs, it's a conundrum for Facebook as well. So please do get on Tor Talk list and criticise TBB for having an (advised) yet non-default setting for blocking all scripts. I understand the conundrum, and I agree that there isn't an easy answer, but that default setting in TBB is batshit insane. It is _the_ source of the conundrum. If script-blocking were turned on by default Facebook wouldn't even waste time trying to design a hidden service like this. -Jonathan On Friday, October 31, 2014 12:13 PM, Robert W. Gehl li...@robertwgehl.org wrote: I tried to login (with a fake account I maintain for just such a purpose). Your account is temporarily locked, it says. I get that; it appears I'm trying to login from a strange location. To proceed, I have to ID pictures of friends. Ok, I say. But the page with friends' photos doesn't load, probably because I have Javascript off (common practice with the Tor Browser). Fail. Let's say people take this seriously -- to do so, they will have to use Javascript, which is a bad move when using Tor. It seems to me that this would just inculcate bad security habits for any would-be Dark Web users. - Rob On 10/31/2014 08:14 AM, Steve Weis wrote: Facebook is now available as a Tor hidden service at this .onion address: https://facebookcorewwwi.onion/ Blog post is here: https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-secure/1526085754298237 -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.-- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Facebook available as a Tor hidden service
Hi, Jonathan -- I do know the default, and I did change them to allow for first-party scripts. I agree that TBB's NoScript defaults are really hard to figure out (in comparison to NoScript in vanilla Firefox -- which admittedly is still a complicated setup). However, I assumed that if Facebook wanted to have a hidden service, they'd account for the fact that at the very least third-party JS is a no-no (and many Tor users also don't want to allow any scripts). From what I could tell, the verification system I went to to confirm my ID relied on third party scripts (it looked like Google scripts). It was a system in which I had to identify pictures of friends. No pictures loaded. Moreover, the .onion Facebook will probably always say that the account is locked due to logging in from a strange location, so there will be that issue. In the end, I don't get why FB is doing this, other than to look hip. - Rob On 10/31/2014 11:40 AM, Jonathan Wilkes wrote: Hi Rob, You do know TBB's defaults regarding scripts, right? If it's a conundrum with no easy answer for Tor devs, it's a conundrum for Facebook as well. So please do get on Tor Talk list and criticise TBB for having an (advised) yet non-default setting for blocking all scripts. I understand the conundrum, and I agree that there isn't an easy answer, but that default setting in TBB is batshit insane. It is _the_ source of the conundrum. If script-blocking were turned on by default Facebook wouldn't even waste time trying to design a hidden service like this. -Jonathan On Friday, October 31, 2014 12:13 PM, Robert W. Gehl li...@robertwgehl.org wrote: I tried to login (with a fake account I maintain for just such a purpose). Your account is temporarily locked, it says. I get that; it appears I'm trying to login from a strange location. To proceed, I have to ID pictures of friends. Ok, I say. But the page with friends' photos doesn't load, probably because I have Javascript off (common practice with the Tor Browser). Fail. Let's say people take this seriously -- to do so, they will have to use Javascript, which is a bad move when using Tor. It seems to me that this would just inculcate bad security habits for any would-be Dark Web users. - Rob On 10/31/2014 08:14 AM, Steve Weis wrote: Facebook is now available as a Tor hidden service at this .onion address: https://facebookcorewwwi.onion/ Blog post is here: https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-secure/1526085754298237 -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Facebook available as a Tor hidden service
Tried again, with scripts globally allowed. No change. The images that I am supposed to identify do not load. - Rob On 10/31/2014 11:46 AM, Robert W. Gehl wrote: Hi, Jonathan -- I do know the default, and I did change them to allow for first-party scripts. I agree that TBB's NoScript defaults are really hard to figure out (in comparison to NoScript in vanilla Firefox -- which admittedly is still a complicated setup). However, I assumed that if Facebook wanted to have a hidden service, they'd account for the fact that at the very least third-party JS is a no-no (and many Tor users also don't want to allow any scripts). From what I could tell, the verification system I went to to confirm my ID relied on third party scripts (it looked like Google scripts). It was a system in which I had to identify pictures of friends. No pictures loaded. Moreover, the .onion Facebook will probably always say that the account is locked due to logging in from a strange location, so there will be that issue. In the end, I don't get why FB is doing this, other than to look hip. - Rob On 10/31/2014 11:40 AM, Jonathan Wilkes wrote: Hi Rob, You do know TBB's defaults regarding scripts, right? If it's a conundrum with no easy answer for Tor devs, it's a conundrum for Facebook as well. So please do get on Tor Talk list and criticise TBB for having an (advised) yet non-default setting for blocking all scripts. I understand the conundrum, and I agree that there isn't an easy answer, but that default setting in TBB is batshit insane. It is _the_ source of the conundrum. If script-blocking were turned on by default Facebook wouldn't even waste time trying to design a hidden service like this. -Jonathan On Friday, October 31, 2014 12:13 PM, Robert W. Gehl li...@robertwgehl.org wrote: I tried to login (with a fake account I maintain for just such a purpose). Your account is temporarily locked, it says. I get that; it appears I'm trying to login from a strange location. To proceed, I have to ID pictures of friends. Ok, I say. But the page with friends' photos doesn't load, probably because I have Javascript off (common practice with the Tor Browser). Fail. Let's say people take this seriously -- to do so, they will have to use Javascript, which is a bad move when using Tor. It seems to me that this would just inculcate bad security habits for any would-be Dark Web users. - Rob On 10/31/2014 08:14 AM, Steve Weis wrote: Facebook is now available as a Tor hidden service at this .onion address: https://facebookcorewwwi.onion/ Blog post is here: https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-secure/1526085754298237 -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Facebook available as a Tor hidden service
On Fri, 2014-10-31 at 10:12 -0600, Robert W. Gehl wrote: I tried to login (with a fake account I maintain for just such a purpose). Your account is temporarily locked, it says. I get that; it appears I'm trying to login from a strange location. I've asked some people connected to the project about this and they want to remind everyone that the project is evolutionary and slightly flaky. Also the goal is that we keep the service up and accessible to people coming from Tor but not that we avoid flagging potentially odd user behaviour. Facebook also lets you get past this checkpoint with two-factor authentication. Most of FB's two-factor methods involve a de-anonymizing SMS, but in theory Google Authenticator works totally off-line so can be safely used here. Someone with more familiarity with Authenticator can confirm. -- Mathematics is the supreme nostalgia of our time. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Burkina Faso
Interesting article on events in Burkina Faso and social media: http://www.jeuneafrique.com/Article/ARTJAWEB20141031144747/ -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Facebook available as a Tor hidden service
Hi Rob, I made a scathing criticism of a poor UI decision in the TBB, and it came out the other end of your euphemism carwash as really hard to figure out. I have a very hard time believing you'd be as gracious in describing some aspect of Facebook's UI that (advises) to check some configuration box for enhanced security which isn't default behavior. Furthermore, if users of Facebook ended up getting pwned time and again, I also doubt you'd blame the set of all users who fail to check that optional box. So why is it the hidden service ops' responsibility to refrain from using javascript as a default design decision when the developers of the overlay aren't even willing to do it for TBB? Those ops are users of the Tor overlay, and they are obviously catering to the TBB users who don't disable Javascript. I don't fault you for implicitly distrusting Facebook, but it's even worse to implicitly soften criticism of TBB. If you truly believe that using javascript with Tor is bad, then please imagine that Facebook develops and funds the TBB and direct your criticism and patches to TBB accordingly. -Jonathan On Friday, October 31, 2014 1:47 PM, Robert W. Gehl li...@robertwgehl.org wrote: Hi, Jonathan -- I do know the default, and I did change them to allow for first-party scripts. I agree that TBB's NoScript defaults are really hard to figure out (in comparison to NoScript in vanilla Firefox -- which admittedly is still a complicated setup). However, I assumed that if Facebook wanted to have a hidden service, they'd account for the fact that at the very least third-party JS is a no-no (and many Tor users also don't want to allow any scripts). From what I could tell, the verification system I went to to confirm my ID relied on third party scripts (it looked like Google scripts). It was a system in which I had to identify pictures of friends. No pictures loaded. Moreover, the .onion Facebook will probably always say that the account is locked due to logging in from a strange location, so there will be that issue. In the end, I don't get why FB is doing this, other than to look hip. - Rob On 10/31/2014 11:40 AM, Jonathan Wilkes wrote: Hi Rob, You do know TBB's defaults regarding scripts, right? If it's a conundrum with no easy answer for Tor devs, it's a conundrum for Facebook as well. So please do get on Tor Talk list and criticise TBB for having an (advised) yet non-default setting for blocking all scripts. I understand the conundrum, and I agree that there isn't an easy answer, but that default setting in TBB is batshit insane. It is _the_ source of the conundrum. If script-blocking were turned on by default Facebook wouldn't even waste time trying to design a hidden service like this. -Jonathan On Friday, October 31, 2014 12:13 PM, Robert W. Gehl li...@robertwgehl.org wrote: I tried to login (with a fake account I maintain for just such a purpose). Your account is temporarily locked, it says. I get that; it appears I'm trying to login from a strange location. To proceed, I have to ID pictures of friends. Ok, I say. But the page with friends' photos doesn't load, probably because I have Javascript off (common practice with the Tor Browser). Fail. Let's say people take this seriously -- to do so, they will have to use Javascript, which is a bad move when using Tor. It seems to me that this would just inculcate bad security habits for any would-be Dark Web users. - Rob On 10/31/2014 08:14 AM, Steve Weis wrote: Facebook is now available as a Tor hidden service at this .onion address: https://facebookcorewwwi.onion/ Blog post is here: https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-secure/1526085754298237 -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.-- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Stanford Liberationtech Seminar: Paul Duguid on Info Liberation on Nov6 at 4:30 pm
Information and Liberation Paul DuGuid, UC Berkeley November 6, 2014 4:30 PM - 6:00 PM Wallenberg Hall 450 Serra Mall, Building 160 Stanford, CA 94305-2055 Open to the public. No RSVP required. For more info, contact Kathleen Barcos kbar...@stanford.edu ABSTRACT We are familiar with information technology and with “liberation technology but perhaps still need to ask ourselves to what extent information and liberation make natural partners. This primarily theoretical talk will explore why it is tempting to champion information and its technologies in the cause of liberation, yet why it may also be problematic. SPEAKER BIO Paul Duguid is an adjunct full professor at the School of Information at Berkeley. In recent years he has also held visiting positions at Queen Mary, University of London, Copenhagen Business School, the École Polytechnique in Paris. In the 1990s, he was a consultant to senior management at the Xerox Palo Alto Research Center (PARC). While there he was co-author of The Social Life of Information with John Seely Brown, the director of PARC. Recent work has focused on the multiple conceptions of information and confusions they can give rise to. http://fsi.stanford.edu/events/liberation-technology-seminar-series-tba -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Facebook available as a Tor hidden service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 10/31/2014 10:46 AM, Robert W. Gehl wrote: In the end, I don't get why FB is doing this, other than to look hip. It may raise the hair on the backs of some of our necks, but protestors have been known to find one another and organize actions using Facebook. Facebook setting up a Tor hidden service would not facilitate anonymity (perhaps pseudnonymity, if one were to set up a dedicated FB account) but it would certainly help implement circumvention of traffic or DNS filtering. - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ On the Internet, nobody knows you're a bot. -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJUU/UfAAoJED1np1pUQ8RkxrEP/RF0ZGEaNxXbY0rTdy6/nzXs nIhmvpGRwZlvDTzjKDhNBqJgJhhRSve1ERMZlQAlq+nCTyFoF0roqAHs38H1UcT6 qoNyNP9i9IXjs8gTav8K3BgkTP4VCDplJ1KPE0gbRxqlVwqwPdyfYIEk7y7yf08i GnMrKjZUcN+oy0Hslfpg5EEpQZqcsh3woGTpT4rJeSx65/nyDvcyHVkmSbXSMVZj VuQE9Cj8RLk03m78H8ez2wmNXg00c6oSLkCmvOduPPutxaONYLwMlJL8W/U1LMxO INPfVHGPnyFAkrCA/r2tIgMM8u7aHwAzshZmx9W8DU+QM+lr6YmSzgbPpPACEpvD qLcXIqCGdqHo7hTfLT4FXtE7JRz+ve1jd0+EeV4ebhyObO/EuKOk7E+rnuKQQA1B 96B7dlzf2eB3CKSnxNAAUKR4BZG+Obn71UBp517GuvPfhgaqV3V96gW+78A7Dque /srCnVwSQaBkbt+3qVJkJ0urTmjD+T40QaEr8gbfHPu1W9zoPtQp29BH21Qe20CX +J9v7gsPo5poUlCX8xugvtCcXvYtodoF6yeBiu8J/dj6e/FO5/YVpyycvzd+/5+k ITIfGcd2aB0Fj8lc+n1LOxtwlh70+CFr1nEMM0ljk4+SxGQgLleOWjShshokw10h ivdM6LBrLtgPTOoGliMA =IjSy -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Stanford WTO/Liberationtech: Jenna Burrell on Nov 3rd at 12pm
From: Bobbi Thomason bobb...@stanford.edu Please join us on *Monday, November 3rd* from *12-1:15* for the next WTO Colloquium in *Spilker 232*. *Speaker:* Jenna Burrell, University of California at Berkeley, School of Information *Title:* On the Importance of Price Information to Farmers and Economists *Abstract:* The notion that farmers use mobile phones to acquire market price information has become a kind of shorthand for the potential of this technology to empower rural, low-income populations in the Global South. In this talk, I will touch upon some recent projects I've undertake with collaborators Janaki Srinivasan and Elisa Oreglia that interrogate and complicate this simple formulation. This work considers the translation of ‘market prices’ from neoclassical economic model, to development policy truism, to application in technological system building. Yet, the technological systems that often result, called market information systems or MIS, frequently fail to gain users or affect prices or profits in the ways that have been promised. Our ethnographic work among fishers in Kerala, India, on Lake Victoria in Uganda, and farmers in Northern rural China surfaces counter-narratives about mobile phones (and market price) that could explain why. *Bobbi Thomason* | Stanford University Center for Work, Technology Organization Department of Management Science Engineering 215.510.4856 | bobb...@stanford.edu -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] OpenUp Corporate Data while Protecting Privacy - Open Up?
OPENUP CORPORATE DATA WHILE PROTECTING PRIVACY October 31st, 2014 *Stefaan G. Verhulst* http://thegovlab.org/about/team/stefaan-verhulst/ and *David Sangokoya* http://thegovlab.org/about/team/, The GovLab, New York University Consider a few numbers: By the end of 2014, the number of mobile phone subscriptions http://www.itu.int/net/pressoffice/press_releases/2014/23.aspx worldwide is expected to reach 7 billion, nearly equal to the world’s population. More than 1.82 billion people http://www.statista.com/statistics/278414/number-of-worldwide-social-network-users/communicate on some form of social network, and almost 14 billion sensor-laden everyday objects http://www.emc.com/about/news/press/2014/20140409-01.htm(trucks, health monitors, GPS devices, refrigerators, etc.) are now connected and communicating over the Internet, creating a steady stream of real-time, machine-generated data. Much of the data generated by these devices is today controlled by corporations. These companies are in effect “owners” of terabytes of data and metadata. Companies use this data to aggregate, analyze, and track individual preferences, provide more targeted consumer experiences, and add value to the corporate bottom line. At the same time, even as we witness a rapid “datafication” of the global economy, access to data is emerging as an increasingly critical issue, essential to addressing many of our most important social, economic, and political challenges. While the rise of the Open Data movement has opened up over a million datasets around the world, much of this openness is limited to government (and, to a lesser extent, scientific) data. Access to corporate data remains extremely limited. This is a lost opportunity. If corporate data—in the form of Web clicks, tweets, online purchases, sensor data, call data records, etc.—were made available in a de-identified and aggregated manner, researchers, public interest organizations, and third parties would gain greater insights on patterns and trends that could help inform better policies and lead to greater public good (including combatting Ebola http://www.economist.com/news/leaders/21627623-mobile-phone-records-are-invaluable-tool-combat-ebola-they-should-be-made-available ). Corporate data sharing holds tremendous promise. But its potential—and limitations—are also poorly understood. In what follows, we share early findings of our efforts to map this emerging open data frontier, along with a set of reflections on how to safeguard privacy and other citizen and consumer rights while sharing. Understanding the practice of shared corporate data—and assessing the associated risks—is an essential step in increasing access to socially valuable data held by businesses today. This is a challenge certainly worth exploring during the forthcoming OpenUp conference http://www.openup2014.org/! *Understanding and classifying current corporate data sharing practices* Corporate data sharing remains very much a fledgling field. There has been little rigorous analysis of different ways or impacts of sharing. Nonetheless, our initial mapping of the landscape suggests there have been six main categories of activity—i.e., ways of sharing—to date: *1. Research partnerships,* in which corporations share data with universities and other research organizations. Through partnerships with corporate data providers, several researchers organizations are conducting experiments using de-identification and aggregated samples of consumer datasets and other sources of data to analyze social trends. For instance, Safaricom, one of Kenya’s leading mobile companies, shared a year of de-identified phone data with Harvard researchers to analyze and map how migration patterns contributed to the spread of malaria in Kenya http://www.hsph.harvard.edu/news/press-releases/cell-phone-data-malaria/. *2. Prizes and challenges,* in which companies make data available to qualified applicants—including civil hackers, pro bono data scientists and other expert users—who compete to develop new apps or discover innovative uses for the data. Last year, Spain’s regional bank BBVA hosted a contest http://www.centrodeinnovacionbbva.com/innovachallenge/inicio inviting developers to create applications, services, and content based on anonymous card transaction data. The first prize went to an application called Qkly http://www.centrodeinnovacionbbva.com/en/innovachallenge/michele-trevisiol-oscar-marin-and-alejandro-hernandez, which helps users manage time by estimating what time of day a given site or destination will be most overcrowded (thus helping users, for example, avoid lines). *3. Trusted intermediaries,* where companies share data with a limited number of known partners for analysis, modeling, and other value chain activities. For example, companies from the consumer packaged goods, retail, and over-the-counter health care industries often share data with firms such as Information Resources, Inc. (IRI), a data