[liberationtech] Announcing the launch of StoryMaker 2!
Hello all, Some of you may be aware of the StoryMaker application, I'm sure many of you are not. StoryMaker is a tool to help aspiring journalists and activists create compelling stories with only a mobile device. Small World News began development of the application in 2012, in collaboration with the Guardian Project. In addition to providing an introductory curriculum in mobile journalism, and templates for storytelling, StoryMaker allows users to publish stories to YouTube, Flickr, Facebook and Soundcloud, as well as private SSH servers over Tor. The latest version of StoryMaker includes a pin-lock and app hiding functionality. StoryMaker allows users to create and edit their stories without relying on the cloud. Once templates have been downloaded they can be used completely offline. You can read our entire announcement below: We are proud to announce the release of StoryMaker version 2.0 out of Beta! Get it today: Download StoryMaker 2 <https://play.google.com/store/apps/details?id=org.storymaker.app> It has been just over a year since the generous support of StoryMaker Coalition member Free Press Unlimited enabled us to rethink the interface and core functionality of the app in the fall of 2014. StoryMaker was originally imagined as a tool to help anyone learn tomake and share better stories <http://smallworldnews.com/blog/swn-developing-new-mobile-app-with-guardian-project>, with or without internet access. The ongoing support of Free Press Unlimited enables us to release StoryMaker 2.0 today out of beta. The coordinator of Free Press Unlimited's work on StoryMaker, Bethel Tsegaye, had this to say, "We have seen citizen reporters go from amateur storytellers to professional journalists, making professional quality stories. The app enables journalist to report on issues as they happen. With StoryMaker, people realize even more how powerful their smartphones are in getting voices heard." The final release out of beta comes with the inclusion of a Catalog of new content packs. These content packs are separated into three categories: Lessons, Guides, and Templates. StoryMaker Product Manager Steve Wyshywaniuk explains the release of StoryMaker 2.0 this way, “StoryMaker 2 is a step forward for media training. We now have our entire curriculum localized for Persian <http://smallworldnews.com/blog/persian-lesson-pack-available>and Kirundi speakers, as well as the original Arabic curriculum. The ability for users to learn a new concept and practice immediately with an activity will help people learn much faster.” https://youtu.be/n79gkf81z_Q In this video, Steve demonstrates some of the key features newly available in StoryMaker 2.0. The release of StoryMaker 2 coincides with the fifth anniversary of the Egyptian government’s decision to disconnect the internet, virtually cutting off the rest of the world. Applications which depended on the internet to create and share content, or learn new skills could not function. One of our initial goals was to create a tool that anyone could use to learn and create their own stories, regardless of connectivity. We’ll soon be deploying StoryMaker 2 to Cuba <http://smallworldnews.com/blog/connecting-from-cuba>, where internet connectivity is virtually nonexistent. The ability to load content packs from a computer will be key to helping users who are largely offline and receive software largely by manual, offline distribution. Brian Conley, head of training and curriculum at Small World News expressed his excitement at finally releasing the powerful new catalog to the public, “Ever since we tested the theory of putting our training exercises directly into StoryMaker <http://smallworldnews.com/blog/storymaker-path-to-a-better-workshop>, with step-by-step guidance, I’ve been excited to get our guides into the hands of users. This year I’m looking forward to building on our new guides,*Mobile Photo Basics* and *Learn to Make Better Video*, and releasing a lot more.” The StoryMaker Coalition is a collaboration between Small World News, Scal.io, The Guardian Project and Free Press Unlimited to develop and implement theStoryMaker application. The Coalition has trained more than 700 journalists, human rights defenders, and aidworkers working in more than 20 countries. At the time of writing, the StoryMaker app has been downloaded by more than 140,000 users around the world, including journalists, civil society members, and activists. Original post: http://smallworldnews.com/blog/storymaker-2-out-of-beta -- Brian Conley Co-founder, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Securing Email Communications from Facebook offering PGP support
Further, I'll note that you don't have to trust Facebook can't be coerced for encrypted notifications to be useful. You just have to trust that -your enemies- can't coerce them. For many of Facebook's 1.44 billion users, this is probably true. +1 On Jun 1, 2015 3:48 PM, Matt Mackall m...@selenic.com wrote: On Mon, 2015-06-01 at 18:26 -0400, Thomas Delrue wrote: On 06/01/2015 06:19 PM, z...@manian.org wrote: For their notification system, FB is leveraging GPG as an identity provider to say only a person who has a certain private key should be able to reset access credentials for this account. I had not thought of this and I think that this is a good point. I do however question whether this is the purpose of this feature, I think it is more of a side-effect. Nope, it's two distinct features: - enter your public key so it's displayed and downloadable from your public profile - check a separate box to enable encrypted notifications Further, I'll note that you don't have to trust Facebook can't be coerced for encrypted notifications to be useful. You just have to trust that -your enemies- can't coerce them. For many of Facebook's 1.44 billion users, this is probably true. -- Mathematics is the supreme nostalgia of our time. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Burundi
Yep, but they aren't technically offline. Yaga Burundi for example may not be posting regularly on their site, but they are coordinating online and members are posting via twitter and other means. With today's announcement that the President will not seek revenge but only prosecute those involved the coup, individuals are cautiously hopeful, but we'll see what happens next. Also, I don't believe all those social media are still blocked, or perhaps they were unblocked during the coup and reblocked. Brian On Tue, May 19, 2015 at 1:27 AM, Eric S Johnson cra...@oneotaslopes.org wrote: From a Burundi friend: “Bloggers are off line because of their physical security. On police checkpoints they check phones, laptop,... Police monitor what people are writing now. Many well-known bloggers fled the country or are hidden for their security. 4 private media have been burnt and other forced to close! I myself didn't reach Burundi. I am in Kigali. Not imprisonment until now. social media such as Face book, whatsapp, viber are blocked. People use VPN” On May 18, 2015 7:19 AM, Richard Brooks r...@g.clemson.edu mailto:r...@g.clemson.edu wrote: We have noticed that Burundi bloggers are off-line. No doubt related to the President's crack down after the failed coup. Does anyone have any news as to whether this silence is due to: -Internet blackout? -Physical threat/imprisonment? -Fear? -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Brian Conley Co-founder, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Burundi
Five hours ago restrictions on foreign press reported lifted. (per Jerome Delay, who was in Cibitoke at the time. Many independent or non-state media local journalists are in hiding, so whether or not they are still being actively blocked or banned by the government would be hard to judge. On Tue, May 19, 2015 at 10:24 AM, Richard Brooks r...@g.clemson.edu wrote: From an informed acquaintance talking with people on the ground: No local journalists are allowed to cover the demonstrations and foreign journalists have now too been banned from covering demonstrations for their own safety. This isn't a West Africa thing, but we see the same patterns repeating themselves all over Francophone Africa. What is really new, whether in Togo, Burundi or DR Congo is how well the regimes have learnt to effectively block online news sites and social media applications whenever there is an election in the air. On 05/19/2015 01:00 PM, Brian Conley wrote: Yep, but they aren't technically offline. Yaga Burundi for example may not be posting regularly on their site, but they are coordinating online and members are posting via twitter and other means. With today's announcement that the President will not seek revenge but only prosecute those involved the coup, individuals are cautiously hopeful, but we'll see what happens next. Also, I don't believe all those social media are still blocked, or perhaps they were unblocked during the coup and reblocked. Brian On Tue, May 19, 2015 at 1:27 AM, Eric S Johnson cra...@oneotaslopes.org mailto:cra...@oneotaslopes.org wrote: From a Burundi friend: “Bloggers are off line because of their physical security. On police checkpoints they check phones, laptop,... Police monitor what people are writing now. Many well-known bloggers fled the country or are hidden for their security. 4 private media have been burnt and other forced to close! I myself didn't reach Burundi. I am in Kigali. Not imprisonment until now. social media such as Face book, whatsapp, viber are blocked. People use VPN” On May 18, 2015 7:19 AM, Richard Brooks r...@g.clemson.edu mailto:r...@g.clemson.edu mailto:r...@g.clemson.edu mailto:r...@g.clemson.edu wrote: We have noticed that Burundi bloggers are off-line. No doubt related to the President's crack down after the failed coup. Does anyone have any news as to whether this silence is due to: -Internet blackout? -Physical threat/imprisonment? -Fear? -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu mailto:compa...@stanford.edu. -- Brian Conley Co-founder, Small World News http://smallworldnews.tv http://smallworldnews.tv/ m: 646.285.2046 Skype: brianjoelconley -- === R. R. Brooks Professor Holcombe Department of Electrical and Computer Engineering Clemson University 313-C Riggs Hall PO Box 340915 Clemson, SC 29634-0915 USA Tel. 864-656-0920 Fax. 864-656-5910 email: r...@acm.org web: http://www.clemson.edu/~rrb PGP: 48EC1E30 -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Brian Conley Co-founder, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Burundi
The Burundians I am in contact with have not mentioned a new internet issue since blocking of whatsapp and facebook which was easily circumvented with the use of VPNs. I last heard from my colleagues about 8 hours ago. At least one of them was tweeting an hour ago. There is definitely a climate of fear at the moment and a lack of access to basic necessities in communities with large populations of opposition to Nkurunziza. On May 18, 2015 7:19 AM, Richard Brooks r...@g.clemson.edu wrote: We have noticed that Burundi bloggers are off-line. No doubt related to the President's crack down after the failed coup. Does anyone have any news as to whether this silence is due to: -Internet blackout? -Physical threat/imprisonment? -Fear? -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Burundi
That may be so, but Burundians are definitely online, as I noted one whom I know tweeting within the last hour or so. On May 18, 2015 7:22 AM, Jorge SoydelBierzo berci...@soydelbierzo.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Blackout, 4 days ago https://twitter.com/BBCAfrica/status/598458138887585792 El 18/05/15 a las 16:22, Richard Brooks escribió: We have noticed that Burundi bloggers are off-line. No doubt related to the President's crack down after the failed coup. Does anyone have any news as to whether this silence is due to: -Internet blackout? -Physical threat/imprisonment? -Fear? -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQGcBAEBAgAGBQJVWfWoAAoJELfobSJASvIhgvsL/3mNPqaH2Bh/Xhwj+8mFveT0 RN7VVb62gsKS+EB1W5GrxU3UcgHsakjSZzfKZKNjYF0pi+EP3+sreFjUrhWjHtFV yZBRKEHSKPMqiJsGMhDvoDcgTpCJMwFTl3pb4lUBfaB9UKa64uf06NxrI7gU9PxP lkD2JoJjlEmGZdgRhRbhk2gAP8dhvi5xlteJSN6FzA27vFd8qInEyyj7HwlRr5Zp 3wro6FPhdkgfKyYZNpigiApuUcPSkbxtkVW5GyrUQVa7dNY+tTq50R1FLamhw8Ku y/yYYD4KAvzYWzSy7sgKIjcVoikfMj2R0IrWYmEbdir9cN/LfIT9aZZKUqDVf1Vc cBuzg+NarQ2uLYQplf0XHUHanlY87OgSo6OMEPlLjwR4hDDDNUfrShVCaMvlNEIR tqo6l2jdhJDbb5tDDSCaEGvd1RkyRW4KTAJIZvQebCSsJV8l4SjSgrpRUU15HFhW Mv70gFjsnmV2ey5gj3rXRbFXmiK3hS7t8ELH0kmQ6g== =x4Zp -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Whatsapp + textsecure?
Anyone know with certainty whether whatsapp has actually implemented the textsecure encryption? There was big talk about this some months back but I haven't seen ajy update mention it nor is it mentioned in the playstore as a feature. Thanks Brian -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Internet blackouts
My colleagues in Burundi report difficulties with whatsapp and some with facebook, but twitter functioning as expected. On Apr 28, 2015 4:01 PM, Richard Brooks r...@g.clemson.edu wrote: Sources in Togo report an Internet blackout. Probably related to expecting problems after reporting results from the recent election. Sources in Burundi also expecting a blackout as a result of ongoing pro-democracy protests. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Iraq block Social media
I spoke with a colleague today briefly via Facebook. He is in Kirkuk and told me he had serious difficulties finding a connection in the city. I can't speak to technical reasons, but have colleagues there And elsewhere in Iraq with good tech know how. I'm happy to help test and assess if anyone has questions. Brian On Jun 14, 2014 9:32 AM, David Gessel ges...@blackrosetech.com wrote: I have a VPN connection to Iraq 109.224.XXX.XXX ISP: earthlink ltd. communicationsinternet services I tested Facebook, youtube, google, and twitter and all loaded normally. Traceroute showed no anomalies. My Iraqi friends are posting normally on FB at the moment. The responsible ministry would be the CMC, which can be reached at http://www.cmc.iq/en/ or for arabic speakers: http://www.cmc.iq/ar/ Original Message Subject: [liberationtech] Iraq block Social media From: Bahaa Nasr iwpr.leba...@gmail.com To: liberationtech liberationtech@lists.stanford.edu, iwpr.leba...@gmail.com Date: Fri Jun 13 2014 11:22:16 GMT-0700 (Pacific Standard Time) Iraq today blocked Twitter, Google, YouTube, Facebook, and other sites, in response to the uprising of the Islamic State of Iraq and the Levant. The Iraq government ordered the country’s ministry of communications to block the sites “over fears that the Islamic State of Iraq and the Levant (ISIS) was using the outlets to organize their insurgency.” Although other publications report that the cause for the block is unclear. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/ mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] About Telegram
It violates the primary principle many experts here depend on: the most important parts are not open source. I'll echo Natanels comments, no obvious reason not to recommend Chatsecure or TextSecure. What she's telegram have that these don't? Brian On Mar 19, 2014 12:36 PM, sam de silva s...@media.com.au wrote: Hi there, So it's almost a month since this thread died. To me, it looks pretty good and while I am not a mathematician, Telegram looks like a good solution to help improve digital security. But this list has the experts. What's the recommendation? Was there any consensus about Telegram. Thanks and best, Sam. On 22/02/2014, at 1:05 AM, Tony Arcieri basc...@gmail.com wrote: On Friday, February 21, 2014, Maxim Kammerer m...@dee.su wrote: All I see is snobbishness of people who have typical Western fear of steering from authorized engineering approaches. The people are quick to judge some unknown foreign developers incompetent As far as I can tell, you are the only person speaking on this thread who wants to spin it into a discussion of Westerners, xenophobia, etc. I'm talking about math. Telegram is not IND-CCA2 secure. Period. They have some extra sprinkles they claim prevents adaptive chosen ciphertext attacks. They have no formal proof of these claims. Authenticated encryption schemes are IND-CCA2 secure by design. Telegram's scheme is inferior. It's mathematically inferior. Period. It has nothing to do with nationalism. It has everything to do with math. Telegram is an inferior design as compared to the standard designs being used in common practice. -- Tony Arcieri -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Many VPNs and Psiphon are currently blocked in Iran right now
Amin, Do Iranians ever attempt checking the mobile versions of these sites? In my experience even in low bandwidth environments, if you are patient, the mobile sites work much better. Perhaps this is a combination of lack of awareness and lack of patience. I understand Iranian youth and folks only concerned with general internet use may lack patience, but activists journalists and civil society members should be taught practical steps and be encouraged to recognize the internet is not magic, therefore sometimes patience is a necessity. There are such varying responses any the usability of tor and other products inside Iran it seems likely there is a dearth of practical knowledge and an excess of user error. On Feb 22, 2014 11:04 AM, Amin Sabeti aminsab...@gmail.com wrote: Hi, The important point that we must not forget is the first priority for users in Iran is access. It means users would like to check their FB Twitter accounts. Therefore, TOR is not feasible solution for them because they have not high speed internet connection. Cheers, A On 22 February 2014 03:21, Nathan of Guardian nat...@guardianproject.info wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/21/2014 09:54 PM, Nima Fatemi wrote: Nariman Gharib: so if anybody can help me to tell me which these tools in below are safe it would be great. I've double checked that Tor works just fine in Iran. This is for both vanilla (normal Tor Browser Bundle) and Pluggable Transports Bundle (including but not limited to obfsproxy). Android users can use Orbot to access Tor network. I believe we have the necessary tools, what we certainly need here is to educate ppl on how to use it safely. Yes, my question is why Nariman didn't have Orbot on his list in the first place? Perhaps people don't consider Tor to be a VPN, or don't know it is available on Android? - From the Tor metrics site (and as Nima said), there seems to be about 25,000 active Tor sessions per day from Iran, via direct access (not using a bridge): https://metrics.torproject.org/users.html?graph=userstats-relay-countrystart=2013-11-24end=2014-02-22country=irevents=off#userstats-relay-country We receive many emails each day from users in Iran, and it is definitely working for a good number of them. I know that with Google Play Store, Iranian users can search for Orbot, but when they try to download it, it is blocked with a 403 Forbidden error by a filter on the Iranian side. We do however offer direct downloads of our software (see the support link below) Maybe we need to create a version of this tutorial that can be published in Farsi on a site people visit? https://guardianproject.info/howto/browsefreely/ We've also recently created a simple support message that could be sent out, to help people debug issues they might be having access downloads, configuring the software and so on: https://dev.guardianproject.info/projects/support/wiki/Orbot_Auto_Response As for the other solutions, the only one that looks trustworthy is Shadowsocks, though it is just a SOCK5 proxy system, which means it is limited to the amount of proxy server IPs you can setup and host. +n -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTCBfRAAoJEKgBGD5ps3qpnzMP/2r8VC/oAjubz7Tr+Ba8GRwP cdDuhOEIHF5bVIfz6djYqU9UK732OSS6CIBBQ3e+oiOqU3e4moJOjMykqleGG917 tQ+ddXm1EdPmUM8e9vQbHimY5mUhm9qpnPrbkyfC4Gm1ZFr+bUDb/a9rR+BUH97d p4Qos0yiTXorgOv1iDo5KPOjRyIsGt2+jRj+fhaXSqk8Gv/j3a7YurR/E6pjF957 GpyjU4Imog6a3l5dseDaqurkVJp7xR6rgWbDwv7uDBKAc3GvO8a/JTW2BqdRumw/ XvBNLJ8OJm/Iy1QJbF4xwauuBxWSWOrxT9L8ZpYc5blG5MnydQTqtzPD53a7NOSz WWlEHmreriaguXs+K3jS1aryV1GJPaue/s1dVs7WgGB0Us7lMlFxeYwQzDdrbdFk h/gOKXu+Cd9ey+5/bH2BEqzJc3RB4/VzMYZ99fzK7lumrqo3lLexvC4QLwY9kuhd vpbar2VVJ6ofEZ2ZZ3dNCOYsu2G5YJ5k2z2FCXfd1uW0OWD2HOT5VB6CkSbR/tW3 C8dtgPg0uh432JW6/3icuk0GEzfXmaBxg09aHjXzCgt5wWRAjSv83KBdIc3DK1n6 CMe9j2O1rsyK24CoXD89oBb4Jf7HuUGu9A2G+/6T+rNtjYE2Z4wkvTgfqN3beaLh NqoeV9c9aS16Q17r8uNA =pKCP -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Many VPNs and Psiphon are currently blocked in Iran right now
In-line Amin, Do Iranians ever attempt checking the mobile versions of these sites? In my experience even in low bandwidth environments, if you are patient, the mobile sites work much better. Unfortunately, TOR is famous as a slow tool in Iran! I haven't checked with users inside the country about the mobile version. I'll hope it works better than the desktop version. Right, but let's not waste our time on people who don't want to help themselves or check for themselves and only believe rumors. Sure tor works slowly, but as Nathan pointed out, we have hard evidence that Iranians are using Tor: From the Tor metrics site (and as Nima said), there seems to be about 25,000 active Tor sessions per day from Iran, via direct access (not using a bridge): https://metrics.torproject.org/users.html?graph=userstats-relay-countrystart=2013-11-24end=2014-02-22country=irevents=off#userstats-relay-country We receive many emails each day from users in Iran, and it is definitely working for a good number of them. I prefer to believe facts and metrics, because users tend to repeat rumors and often don't understand what they should expect from the technology. Of course I don't intend to suggest we should just ignore uninformed users. What I do suggest is that to work in solidarity we need to have agreed parameters. That means we provide guidelines and we expect people to be willing to try certain things as the process. It also means we have to listen to users and it must be a conversation. Just as we should not tell users you must use this or we won't help you users shouldn't say we won't be bothered to test X because we already know it doesn't work. This is a constant problem in activist spaces. We don't all have to work together, but if we are going to work together we have to agree to parameters. I am very interested in trying to assist Iranians and others to improve their connectivity, but that involves testing and gathering user experience data. It would be great to have some idea who these 25,000 daily connections to your are and what they are doing differently. Perhaps this is a combination of lack of awareness and lack of patience. I understand Iranian youth and folks only concerned with general internet use may lack patience, but activists journalists and civil society members should be taught practical steps and be encouraged to recognize the internet is not magic, therefore sometimes patience is a necessity. There are such varying responses any the usability of tor and other products inside Iran it seems likely there is a dearth of practical knowledge and an excess of user error. Based on my experience, journalists and activists don't care about their security because there are lot of myths that the government can monitor everything and they cannot do anything! Unfortunately, there is lack of knowledge in Iran and cyber activists need to be trained. BTW, general users don't care about security and the important thing for them is access. I thing Nariman talked about general users. Sure, and for 25,000 users apparently Tor works at least some of the time. We need to understand why tor(and other products) work for these individuals why it doesn't work for others. This is the only way we can effectively educate folks and adapt to such constantly changing circumstances. Let's keep talking about this. Cheers, A On Feb 22, 2014 11:04 AM, Amin Sabeti aminsab...@gmail.com wrote: Hi, The important point that we must not forget is the first priority for users in Iran is access. It means users would like to check their FB Twitter accounts. Therefore, TOR is not feasible solution for them because they have not high speed internet connection. Cheers, A On 22 February 2014 03:21, Nathan of Guardian nat...@guardianproject.info wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/21/2014 09:54 PM, Nima Fatemi wrote: Nariman Gharib: so if anybody can help me to tell me which these tools in below are safe it would be great. I've double checked that Tor works just fine in Iran. This is for both vanilla (normal Tor Browser Bundle) and Pluggable Transports Bundle (including but not limited to obfsproxy). Android users can use Orbot to access Tor network. I believe we have the necessary tools, what we certainly need here is to educate ppl on how to use it safely. Yes, my question is why Nariman didn't have Orbot on his list in the first place? Perhaps people don't consider Tor to be a VPN, or don't know it is available on Android? - From the Tor metrics site (and as Nima said), there seems to be about 25,000 active Tor sessions per day from Iran, via direct access (not using a bridge): https://metrics.torproject.org/users.html?graph=userstats-relay-countrystart=2013-11-24end=2014-02-22country=irevents=off#userstats-relay-country We receive many emails each day from users in Iran, and it is definitely working for a good number of them. I know
Re: [liberationtech] Many VPNs and Psiphon are currently blocked in Iran right now
Thanks Collin, my only point is that Tor *does work* inside Iran unless you can dispute those numbers. The only way we can build solutions is with hard evidence not anecdotes about things being slow or as others have bandied about users being only interested in speed or convenience. Clearly Tor does not have the kind of user adoption that Psiphon has, no one is disputing that. Effective and responsible social change takes patience and organizing. We've already seen the effects of this absence in Egypt. We also saw it 35 years ago in Iran and are still experiencing it. Social change takes time and effective organizing. I don't care what the tools are in simply asking for more collaboration and data. On Feb 22, 2014 12:42 PM, Collin Anderson col...@averysmallbird.com wrote: On Sat, Feb 22, 2014 at 2:58 PM, Brian Conley bri...@smallworldnews.tvwrote: Sure, and for 25,000 users apparently Tor works at least some of the time. We need to understand why tor(and other products) work for these individuals why it doesn't work for others. This is the only way we can effectively educate folks and adapt to such constantly changing circumstances. There are 76.42 million people in Iran, half of whom have some Internet access and within that subset at least a quarter circumvent the filtering, by the estimation of the Iranian police chief. That *certainly shady* math implies that the current number of Tor users is something like less than .3% of filter-circumventing users, a fraction of Psiphon's claims of 3 million unique users a week [1]. While I naturally agree with Nima, this will not necessarily scale for long because the government has shown an ability and willingness to shut down unknown traffic streams or suspect SSL connections. It's my understanding that the TCI is now aware of how to disrupt Tor again, but is likely sitting the attack on or still testing it on a small scale. [1] https://asl19.org/cctr/research/ -- *Collin David Anderson* averysmallbird.com | @cda | Washington, D.C. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Many VPNs and Psiphon are currently blocked in Iran right now
Pranesh, Solidarity and voluntary association are exactly about mutual agreements between partners. Aid is about disrespect of your partners believing they are weak and needy or from the other side believing they are bleeding hearts whom you can take advantage of. I'm not talking about top down guidelines I'm talking about mutually agreed and shared principles. My point is that you believe in talking actions based on hard evidence and data you should work with other people who are like-minded. Also I fundamentally disagree that journalists and criminals depend on convenience. I think that is the respite of laziness. But journalists and criminals are professionals. My goal is not to help every citizen who wants to look at cat videos or porn or share pictures of their lunch with their friends. My goal is to have a narrow subset of people that often also have these desires. However I'm only interested in expending my limited time and energy on this earth assisting committed, passionate, collaborative individuals working for social change. That's hard work and a small subset of humanity and I'm OK with that. I am also a father and a husband, so my time is more limited than it used to be and I'm no longer willing to work with anyone/everyone under some misguided belief that we all work together or else. On Feb 22, 2014 4:36 PM, Pranesh Prakash pran...@cis-india.org wrote: Brian Conley bri...@smallworldnews.tv [2014-02-22 14:58:22]: Right, but let's not waste our time on people who don't want to help themselves or check for themselves and only believe rumors. Sure tor works slowly, but as Nathan pointed out, we have hard evidence that Iranians are using Tor: That's actually the attitude that is responsible for far fewer people using security-enhancing technologies than should be. It would serve us well to remember that convenience is paramount for the vast majority of users (including the vast majority of journalists and the vast majority of criminals), whether we'd like to pander to convenience or not. A 2012/2013 study by Robinson + Yu (albeit done on a very small sample) on Chinese Internet users showed that speed was amongst the biggest complaints and was the second most important factor while choosing a circumvention tool: http://www.robinsonyu.com/pdfs/CollateralFreedom.pdf Of course I don't intend to suggest we should just ignore uninformed users. What I do suggest is that to work in solidarity we need to have agreed parameters. That means we provide guidelines and we expect people to be willing to try certain things as the process. Good luck finding people who meet your expectations of top-down guideline-followers. -- Pranesh Prakash Policy Director, Centre for Internet and Society T: +91 80 40926283 | W: http://cis-india.org --- Access to Knowledge Fellow, Information Society Project, Yale Law School M: +1 520 314 7147 | W: http://yaleisp.org PGP ID: 0x1D5C5F07 | Twitter: https://twitter.com/pranesh_prakash -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Seed Grants for Tech Challenge for Atrocity Prevention
I believe it's only open to winners of the tech challenge from last year. On Feb 7, 2014 12:54 AM, Lina Srivastava l...@linasrivastava.com wrote: This might be of interest to some on this list. Lina -- Forwarded message -- From: *NPCC GGIS* g...@npccny.org Date: Wednesday, February 5, 2014 Subject: Seed Grants for Tech Challenge for Atrocity Prevention To: lina.srivast...@gmail.com [image: NPCC logo]http://r20.rs6.net/tn.jsp?f=001EMWUSYBx3BhhhqZ5wJ3KM0oom71O3g1cFuxGZuvVzx-S1NQsw1TmGxHJ1cPi5tF9gBt_ADrH1_NVaAJu5j473mu3ZSlvT5_P-ebRMw1Ol3Xglb7c9ZWvoS2aILed4QXo0xXwEjbnB2u_vYyCWipYhRHVRKlHuzJKDy0mS5IZ0eY=c=bIRYW1ycv7ChZpDlMHTkpNsYp8p4LFpLaCR4k2vn4flpg6ostEC6Zw==ch=Rseb00WfNFz8GzxzwUFtpMxcc89YyTAYj-B4Rgnb7Y9ZJnAGDneJag== - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - *Government Grants Information Service Funding Alert* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - *Grant/Contract Name:* Seed Grants for Tech Challenge for Atrocity Prevention *Deadline: * March 10, 2014 *Funding Amount: *5 awards anticipated. Estimated Total Program Funding: $150,000; Award Ceiling: $50,000 *Eligibility: *qualified U.S. and non-U.S., nonprofit or for-profit non-governmental organizations (NGOs), and international organizations (PIO or IO). *Agency: *U.S. Agency for International Development *Grant ID: *RFA-OAA-14-61 *CFDA#: *98.001 *Summary: *Over the past year, USAID and Humanity United have jointly administered the Tech Challenge for Atrocity Prevention, a prize contest that sought innovative ideas for applying technology to five specific issues related to atrocity prevention. Discrete problems focused on by the Tech Challenge included: how to identify and spotlight intentional or unintentional third party enablers of atrocities; how to better model or forecast the likelihood of atrocity events; how to safely document and transmit evidence of atrocities; how to enable secure communication among and between at-risk communities; and how to better obtain and verify information in hard-to-access areas. The Tech Challenge utilized three different solver platforms (OpenIDEO, InnoCentive and TopCoder) to conduct each of the separate component challenges. Four of the five component challenges were ideation challenges, meaning they solicited ideas rather than prototypes, while one of the challenges sought and tested algorithms. External judges selected the winners for all of the contests. Cash prizes were disbursed to the winners of four of the five challenges via the platforms, usually for 1st, 2nd and 3rd place winners, while the fifth challenge's platform advised against monetary awards for winners. The United States Agency for International Development (USAID) is launching a Seed Grants Program to provide support for implementation of innovative technology applications for broader atrocity prevention or response efforts. *Link: * http://www.grants.gov/web/grants/view-opportunity.html?oppId=250855http://r20.rs6.net/tn.jsp?f=001EMWUSYBx3BhhhqZ5wJ3KM0oom71O3g1cFuxGZuvVzx-S1NQsw1TmG2hA-dBuxJ431xRChN7qy-6dgL_W9hj4tXqib6n4jILn5fKxhwrY1a2ctr3ZVtzRH73c50CR9ZWIn7uxP1FYDb3xQ5CGPv6tse0KbSCCL6vU007_ncYkGJBF8TjJI4gBtxfsHPg0WYm_bmdQIvipuXExYwmoym-YW2YiZD_dK0ZqJshafZjcOYg_KpTfeILWMQ==c=bIRYW1ycv7ChZpDlMHTkpNsYp8p4LFpLaCR4k2vn4flpg6ostEC6Zw==ch=Rseb00WfNFz8GzxzwUFtpMxcc89YyTAYj-B4Rgnb7Y9ZJnAGDneJag== http://visitor.constantcontact.com/do?p=unm=001B0eMsXdjRo76QnxyEAmu8Q%3D%3Dch=d3359130-1d4c-11e3-874d-d4ae5292c973ca=306d728e-1c4f-42fe-ba1b-79baa8cde3e7 http://www.constantcontact.com/index.jsp?cc=news01 This email was sent to lina.srivast...@gmail.com by g...@npccny.org | Update Profile/Email Addresshttp://visitor.constantcontact.com/do?p=oom=001B0eMsXdjRo76QnxyEAmu8Q%3D%3Dch=d3359130-1d4c-11e3-874d-d4ae5292c973ca=306d728e-1c4f-42fe-ba1b-79baa8cde3e7 | Instant removal with SafeUnsubscribehttp://visitor.constantcontact.com/do?p=unm=001B0eMsXdjRo76QnxyEAmu8Q%3D%3Dch=d3359130-1d4c-11e3-874d-d4ae5292c973ca=306d728e-1c4f-42fe-ba1b-79baa8cde3e7(tm) | Privacy Policyhttp://ui.constantcontact.com/roving/CCPrivacyPolicy.jsp . Nonprofit Coordinating Committee of New York | 135 West 36th Street, 15th Floor | New York | NY | 10018-7173 -- Lina Srivastava -- linasrivastava.com | twitter http://twitter.com/lksriv | linkedinhttp://www.linkedin.com/in/linasrivastava -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by
Re: [liberationtech] 31.170.160.0/22 filtered on ATT? (was Re: Website censorship in the US)
snip Brian said in another post that he thought IP blockage sounds fair and asked for response. Well, I've been through IP blocks and they are pure, unmitigated hell -- all kinds of people losing their website visibility and ability to communicate by email because one site was taken over by some moron doing spamming. Restoring the IP is a process because you have to do a bunch of things including detect which of the sites on the server was violating. Try doing that with the server shut off the Internet! I mean...how is the world is *that* fair? I can't see any legitimate reason for an IP block in a democratic society and, trust me, they occur all the time. Not everyone on this list knows about this stuff and I think we should be able to talk about it. No? /snip Alfredo, just to clarify, I did not meant to imply filtering/blocking was fair, where that implies justified or right. I only meant that it seemed understandable why ATT would engage in this behavior, not that we shouldn't actively organize and agitate against it. I also believe we need a high amount of clarity around the specifics of any filtering event to best assess how to proceed. You can see via my @BaghdadBrian account on Twitter that I've taken some steps to try and understand why it's been filtered, unfortunately they didn't get very far. Regards Brian Alfredo - -- Alfredo López Co-Chair, Leadership Committee May First/People Link https://mayfirst.org My Column on: http://thiscantbehappening.net My Blog http://www.alfredolopez.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQIcBAEBAgAGBQJSsgi4AAoJEDWfIjs2VOOXcG4P/RDrXzuX/OsTLIPLlL64P9oC sB3xHhq++2JCZWBWMlL5xURSs3qrJvO5xdWITmHDpWSohOuZV5ep4+xH26Ykn4Oc fXCmeJUiK3nxPFQZqnSADV0zayFscs1gnmMQ9b/8qsRQA5gPZ6YU/V3m2oDOieuf vS8liDGi1Q/Fe0oYQ2iX/LQlpbjzvbG3wahINyycjbHAqTJ1YMjn0qRIPDLhR1J/ 5zapD6JmNvO5DVFrKXrVORCiGTSZiYfIKPWdnn+7st5hROpBIQqovKFlZAfjayCN YP2Xb/v6FewypwOXplgD9svQeYPsW5co66qaKTFECnZ5aQg2C2LXngCCaj0pMAvS Syfmzt93sAgbCEEmGcdQaf+G9Eser1rqYxpkn/gz7Y+15FYD1R26OktPhoLTcqOZ 2DMMfgan1W0SIGykfG/CEWrcb7791QWV80qBQa+euyPsJ1aOaWMKwe5bNELHIeJP EIDO1z3GB8Oe/YD9TgY8UNmtseKH2lvIFcZwsrzSBt6vLu9yaRTDiZUCxmjV573j +B+GPyGkcmvB7z0haRO0z4WQxgX10aogQ3aRRR1tldVEH7YsuqIy2p8FmESBDySs n/jSdL3xFkuKz4TmNWQMSDDcnOBgUkoTPtew7IsC1KbQjFTzvEcQxcB+k14amFW+ mnAFCINVITKl40NI2WWS =13GN -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Website censorship in the US
Sure, it's clear you're not looking for a constructive outcome, just crying foul. I get that. In my experience contacting service providers works wonders. But you have to actually be motivated. I understand now that you mean it is technically censored, ie blocked on some devices. I'm more interested to know what the cause was, and whether it was due to malicious intent. Your initial email starting this thread implies malicious intent, yet you don't seem to have either A. done the research to determine that, nor B. be requesting support from others to understand and resolve the issue. It smacks of ridiculous privilege and a disconnect with the real risks and impact of censorship on people all over the world, folks I work with directly, as do many others on this list. Therefore, yes, it might seem a bit condescending that I responded that way to your somewhat ridiculous post. Of course ISPs censor content, particularly if the site is rightly or wrongly listed as a source of malware. I don't think that is unusual at all. I'm interested in an open and free internet, and reducing improper censorship. For that reason, I've reached out to @ATTCustomerCare on Twitter to request further information. I'd encourage anyone else on this list who is interested to see Liberte unblocked should do the same. On Wed, Dec 18, 2013 at 9:30 AM, Maxim Kammerer m...@dee.su wrote: On Wed, Dec 18, 2013 at 7:08 PM, Brian Conley bri...@smallworldnews.tv wrote: Have you contacted ATT support? Crying censorship is a bit early in this case don't you think? I use “censorship” as a technical term, and it is a fact that ATT censors the hoster's IP block. Also, it is not too early to claim censorship, as the ATT forum link above shows, since the problem persists for a while. I also don't see a reason to contact ATT, as I am not their customer, and evidence points to the company ignoring even the customers. In addition, I must say that I am not particularly moved by some US citizens not being able to access the site, so there is also a lack of motivation. Does the above address your condescending message in sufficient manner? -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Survey on the security of human rights defenders, activists and journalists
Hi Security First, I see from your survey your familiar with a variety of mobile tools. How will your work be different? What qualifies you to provide this kind of information? Also I hope your tools will be open source. I'd very much be interested in speaking further, and seeing how we might collaborate, as this is a field I work a lot in. Regards Brian On Mon, Nov 11, 2013 at 9:27 AM, Security First secfirs...@gmail.comwrote: Hi LiberationTech, We're a small group of human rights defenders based in the UK (we will give a more formal announcement soon!) doing some work to develop mobile tools for the physical security of human rights defenders, activists and journalists. It would be a great help to us while we are still in the early development phase if we could get some feedback from the group about some of the physical security problems they face - to help us prioritise our development work. https://docs.google.com/forms/d/1LRATeUm2hmzIBBYAg8LtMxcx6W6X4Fl1iYF-Lqe0FiM/viewform Also, if there are people in London interested in grabbing a coffee then please do drop us a mail! Many thanks, Security First. www.secfirst.org -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Sometimes crypto can be easy
Perhaps you might provide us insight into your one sentence description? B On Oct 4, 2013 6:50 AM, Nathan of Guardian nat...@guardianproject.info wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am virtually speaking at a conference in Spain later this month, and they asked me to do a test today using Skype. I offered instead that we should use Ostel (https://ostel.co) with Jitsi to do an encrypted video call. I sent one quick email to their techs with a one sentence description about properly setting up the Jit.si proxy settings. A few minutes later, I received a call on my Win7 Jit.si app from an Ostel account that matched their name. We confirmed our ZRTP confirmation codes, and the audio came through just fine. I pressed the video button, and it started right up, with the same ZRTP encryption session activated. So, here is a great story of going from 0 to an encrypted video call between EU and US, with someone I have never met before, and had no idea about their technical capability. A great WIN for a Friday morning.,.. and the next time someone asks you to use Skype, please get them to use OStel (or Redphone, SilentCircle, or anything that is open (err, mostly open) and secure) instead. Don't underestimate your ability to change someone else's behavior in a positive way and give them a new skill in the process. +n -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSTsdoAAoJEKgBGD5ps3qp59AP/2b0VgmWtWhN0sYB2BlqWe+Q Wd8EYeMYUCfPmofnymFNTnXGl8ZxHpSj/fuv+L7awAXsg/Z9vSFHynDuG3CKtkfe aOhUs1HXo/DO57vsotFd+rAsSCLdAWSNtFgGL1U+ZDVIz0jPMl+ryrs5frmJhyga 80/tILrcOihL2UjeLOSfbKILRiQo1x7Q6b24OSQ6XG/A9g+CMveMtZWYGWC08pdX N4ZYw98NPUKnigccCF894eyID4rOls8nz5yIKRGzPjiPZV7uOo2KAynCm0lqNUb7 Tw7lYKoW/Ao09K9UJlNHCmOKBQSSL0qHBmI+ZGuRvZy44znYgt+mikYWw/7WqR6B 93bjvp9SxwNqm4G6ynj9PnmVXAbiSQAUUepdaQiLpdTfXBwebKVE6yUylDzBUaWS zZoyg1BaFbclpRiw8YtbXAM07GCvy8JQEukRtKh6CGqSKZbjqB9FmxHGJyMwAL2G +rLW5vUkfDjPdnNNHUPt9R7QF0KP9h7pxgfObXuhDz+NGnTUCztiTA4dYprRWMyu 7OygC5ajyuWlTWCf88qWBYR0vAcrvZwk6VuG8ssTcJ+Ithwg50FMSBTGMu7uTKDL kfYVrm+CSQGsTJ14c++RHVyuHx96HJfGvjuebDHjhm9Y51o6WzKd4UG6vxsqPqji 7A051dvClfAwgS2ffEpO =mxFW -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] The missing component: Mobile to Web interoperability (in Internet Freedom Technologies)
back in the p2p fad days, So before wide adoption of mobile. What does that have to do with it? There are way more average users on the internet now, and they want different things than you and many geeks want. I can already run a Tor hidden service on a laptop and get connectivity using ssh from just about anywhere using the onion address of the service. I've never tried from a mobile phone (either connecting to a hidden service or running one) but I don't see why that would make it any different. There is a benefit to convenience. It seems you are suggesting that everyone run their own hidden service and connect to each other directly never hitting central servers. Am I really supposed to get my mom to run a hidden service for me to deliver pictures of my daughter? It could happen, by convenience trumps. A great deal more effort must be put into user centric design and marketing. What would the equivalent of this be with WebRTC? Realize that with the hidden service I don't have to care about underlying IP addresses (or changes in them) for either party, and no third party is required to introduce us every time we want to connect. See above. [...] It will be great when someone designs an easy to use p2p functionality for all communications needs, then it will be a tool for everyone. I'm not completely sure, but I don't think that is possible. Exactly, and that's my point. Privacy/security/anonymity are not the be all/end all for average users. Tor has greatly improved the last years but it and many other tools have a long way to go. Some need more focus on marketing and less focus on design, but still. For example: regardless of privacy implications, discoverability on Facebook is a feature. Regardless of privacy implications, suggestions for friends based on the social graph (and updates to it) is a feature. I don't see how one could retain just those two features in a p2p design with privacy in mind. How can users search the entire social graph for that information without [bad actor] being able to? (And if you could figure that out you should use it to bootstrap a cryptocurrency into the hands of well-intentioned people because it's essentially the same problem.) Does GNUnet or another project have an approach to this? That is, equal to or better than the automated results that Facebook provides, which can bootstrap a new user into the network very quickly. It needs to if it wants broad user adoption. It may not, which is fine, I'm definitely not saying everyone has to use a tool for it to have value. I am saying a federated system seems to have better chance of this, and it is my opinion that internet freedom tools should be designed with the goal of brief user adoption. But again, this is based largely on impressions, still hoping for more inputs. Best, Jonathan -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] The missing component: Mobile to Web interoperability (in Internet Freedom Technologies)
On Sep 15, 2013 8:19 PM, Michael Rogers mich...@briarproject.org wrote: On 14/09/13 11:03, Fabio Pietrosanti (naif) wrote: The user have only those two platform, a browser and a mobile phone with downloadable apps. Everything else requiring to install an application over a desktop computer is IMHO destinated to be a total failure. So Skype, AIM and BitTorrent are total failures? Sure, from the perspective of privacy and security, at least re Skype and AIM. If Fabio isn't talking about privacy and security I must have misunderstood his entire post. Cheers, Michael -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJSNfneAAoJEBEET9GfxSfMmW8IAJ9h7Ta2t/m/iBLeWVanJRV3 tI3eiipYY+jlfno/QW13KCsnaRJETDKi5+PXtXZgmuuZ4FeWExyp6mFGON0JwC6o QQ75wDpicd0leUmcQlUagO10Vk+YVXCesGDOto0gP4w3SMrMguTCnT5J8cS0TOgd /PkSkOmFf24fP/U6Qcd9BJkpyVkvrAUdqHslkHfcbXxAeS9UeWwUm0Lgrc+M2R3N YyfXtBBzdkRsZvrwm1fjvOkLInBignd0vGBYOIABxt2D7ovWx0YHVTptnuEp2VMu Cqch6zD8A31dzueikkmDeERY8EOX1sZ0/dYevqdUZDtf32wS8bf1bTgHWWK72JI= =zcw4 -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] The missing component: Mobile to Web interoperability (in Internet Freedom Technologies)
If Fabio isn't talking about privacy and security I must have misunderstood his entire post. Unless I misunderstood, Fabio wasn't claiming that desktop apps are a failure from a privacy or security perspective, but that users won't install them, therefore we must focus on browsers and mobile apps. I gave three counter-examples of popular desktop apps. I wasn't trying to make any claims about their privacy or security, just their popularity. Aha, yes I see that now. Could be. Fabio?? Cheers, Michael -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJSNt5DAAoJEBEET9GfxSfMLrgH/0JlOxaRJdVSnY8EVQddvqqM GNtJHRS3K3dSYyWH0EoHo1fPZoHu6K6HDgJVqF6RUIMhfQZ9Syz9eIfrVCXamyS7 OC44CexMZ+Ncczun30bCIvLlAWYGmSsW5dlPgnRjIhM7treh7YxNJYzByOpD/sDN rk7wYheHQr4fdOPnu07/e3nEYQPxKGhaFwU/zvRItt8JOzQ2Kujr3i1gO/XJI2fv t8y0J8qxlgtdgcngGo5v5Ja5vmq6S1SsYpqZOt6pQQKV9kjKSIAEmg20qL3g/7LH klf+emtyk1irb8poaKtBSsfdxkDKZ2QYJfZ6Hs+fescrmzFUdk8gCIX80BdW9WI= =mC7y -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] The missing component: Mobile to Web interoperability (in Internet Freedom Technologies)
On Sep 15, 2013 2:22 AM, coderman coder...@gmail.com wrote: On Sat, Sep 14, 2013 at 8:12 AM, Lee Azzarello l...@guardianproject.info wrote: We have a federated telephony system... On Sat, Sep 14, 2013 at 10:27 AM, Nathan of Guardian nat...@guardianproject.info wrote: ... A truly free internet = a federated internet in my mind... Why do you consider it a sign that something is broken? back in the p2p fad days, So before wide adoption of mobile. I think you all are discussing apples and oranges in some ways, and potentially huge ideological distinction in others. The Wikipedia definition of federated architecture sounds similar to how you distinguish p2p: https://en.wikipedia.org/wiki/Federated_Architecture the distinction between federated and decentralized became important, and was characterized as (paraphrasing): - federated is distributed hierarchy with a single or few points of ownership and control. federated is focused more around inter-operability, resilience, availability, and robustness of managed services. - decentralization has no single point of ownership or control nor does it imply hierarchy of any sort, instead relying on the cooperation of independent peers. decentralized is focused more around peer trust boundaries, scale free growth, end-to-end anonymity and privacy. It will be great when someone designs an easy to use p2p functionality for all communications needs, then it will be a tool for everyone. For example it will be great if your computer and phone can manage your email in a p2p system to anyone else you want to email, even if they are using gmail, but how will your peer connect to the mail server? How will your p2p phone call someone on the existing telephony network? At that point it ceases to be p2p, no? I'm largely ignorant about the bigger implications of these things at the level of actual functionality/or technical structures. I'm not intending to say you are wrong about this, just expressing how I read this conversation due to my limited knowledge and asking for clarification. To me, naifs email is spot on and accomplishing such would be a huge step forward. I'm just a guy who tries to understand the tech and tech it to other non technical people, so please educate me, so I can educate others without the time to sit on such lists. federated systems are working great! CALEA compliant, one stop shops for BULLRUN. what we need are fully decentralized systems that are even more usable, even more scalable, and even more end-to-end protected with hardware and software we can actually trust. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] NSA-resistant Android application 'burns' sensitive messages
Send your thoughts about Jeremy's ridiculous press release for Silent Text here: https://twitter.com/Jeremy_Kirk On Tue, Sep 3, 2013 at 7:42 PM, Yosem Companys compa...@stanford.eduwrote: http://www.itworld.com/security/371391/nsa-resistant-android-application-burns-sensitive-messages September 03, 2013, 9:55 PM NSA-resistant Android application 'burns' sensitive messages Silent Circle's messaging application ensures only the sender and receiver can view messages and files By Jeremy Kirk, IDG News Service Silent Circle, a company specializing in encrypted communications, released a messaging application for Android devices on Wednesday that encrypts and securely erases messages and files. The application, called Silent Text, lets users specify a time period for which the receiver can view a message before it is erased. It also keep the keys used to encrypt and decrypt content on the user's device, which protects the company from law enforcement requests for the keys. Silent Circle, whose co-founder is encryption expert Phil Zimmerman, abandoned its privacy-focused email service in early August following leaks by former NSA contractor Edward Snowden detailing the U.S. government's vast electronic surveillance efforts. The documents passed by Snowden to The Guardian and The Washington Post newspapers describe a host of programs designed to intercept email and phone metadata in a broad effort aimed at tracking national security threats. The leak also prompted a vigorous privacy debate and interest in how to better shield electronic communications from spying. Silent Circle in Washington, D.C., also offers a subscription service, Silent Phone, an encrypted VoIP (voice over IP) application for secure phone and video calls over Wi-Fi, 3G or 4G LTE over its peer-to-peer network. The Silent Text application generates a new encryption key for each new message. The key is then destroyed so even if your device is examined, there are no keys to be had after the conversation is complete, according to the company's website. Only the sender and receiver can view a message. If it was intercepted in transit, it would be unreadable unless the interloper could obtain the encryption key or use brute-force computing power to decrypt the content. The Burn Notice feature lets the sender set a time for a text, video, voice recording or picture to be erased from the recipient's device. The sender can also recall or destroy previously sent messages. It supports files up to 100 MB. Silent Text's destruction feature is similar to one included in Wickr, a secure encrypted messaging application for iOS. Silent Circle, along with Lavabit -- an email provider believed to have been used by Snowden -- shut down their email services in early August. Lavabit's founder Ladar Levison wrote he was under pressure from the U.S. government but could not describe the legal issues. A short time later, Silent Circle, which said it had not received any subpoenas, also opted to shut down its email service as a pre-emptive move. It said it would focus instead on real-time mobile communications, asserting that the protocols email uses make it vulnerable to snooping. Send news tips and comments to jeremy_k...@idg.com. Follow me on Twitter: @jeremy_kirk © 1994-2013 ITworld. All rights reserved. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] From Snowden's email provider. NSL??? (Recipe for Secure Audio, Video, Chat, File Transfer)
Griffin, make it so!! On Aug 9, 2013 7:31 AM, Griffin Boyce griffinbo...@gmail.com wrote: Fabio Pietrosanti (naif) wrote: If someone want to make this recipie working, i think that the world would appreciate with an easy to be setup, independently run, audio, video, file transfer, chat infrastructure accessible with a web browser . Welp, there goes my weekend. Dangit, naif! ;-) ~Griffin -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] From Snowden's email provider. NSL??? (Recipe for Secure Audio, Video, Chat, File Transfer)
of course!!! Ready and waiting captain! On Aug 9, 2013 10:37 AM, Griffin Boyce griffinbo...@gmail.com wrote: Thanks for volunteering to help me test the service ;3 Brian Conley wrote: Griffin, make it so!! On Aug 9, 2013 7:31 AM, Griffin Boyce griffinbo...@gmail.com mailto:griffinbo...@gmail.com wrote: Fabio Pietrosanti (naif) wrote: If someone want to make this recipie working, i think that the world would appreciate with an easy to be setup, independently run, audio, video, file transfer, chat infrastructure accessible with a web browser . Welp, there goes my weekend. Dangit, naif! ;-) ~Griffin -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Liberationtech is a public list whose archives are searchable on Google. Persistent violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] New CryptoCat bug
To whom it may concern: RATT(Rodents Against Traumatic Tools) and ADDL(Against Dog Defamation League) hereby express serious concern regarding the insensitive nature of the cryptocat interface. RATT members deserve encrypted chat much as others, but the presence of Cat Facts leads to undue trauma and we lobby you to reconsider fixing this bug. ADDL feels your distribution of cat propaganda (facts) is damaging and demeaning to the image of canines and other house pets and urges all members of libtech to boycott said technology until it becomes more tolerant of other domestic animals and house pets. (Please add your organization below if you agree with our petition and forward to your friends and loved ones to stop this specist software from continuing) Signed Members of RATT ADDL CAT(canine advocacy team) MOUSE (Microorganisms Organizing Upward Solidarity for Everyone) BIRD(Beyond Individual Rat Defamation) S:POT (Solidarity:Pets Over Terrorists) On Aug 8, 2013 3:42 AM, Nadim Kobeissi na...@nadim.cc wrote: On 2013-08-08, at 12:25 PM, Jillian C. York jilliancy...@gmail.com wrote: Dear LibTech, I would like to express my concern that the CatFacts function of CryptoCat is not operating. This is a Very Important Function to ensure the physical, mental and spiritual health of cryptocat users and I am deeply, deeply concerned about its inoperability. Jillian, My sincerest excuses regarding this. Cryptocat claims full responsibility for this issue. There was indeed a bug that would limit the number of cat facts displayed per Cryptocat session to a maximum of 2 (two) cat facts. This has already been fixed and is awaiting release in the next version: https://github.com/cryptocat/cryptocat/commit/83af5be7bb575187a404bb56e11f14a1ba866d9f In the meantime, Cryptocat will be deploying a *Cat Care Package* in order to alleviate the shortage of cat media that Cryptocat users may be facing. The Cat Care Package may be accessed here: https://www.youtube.com/watch?v=lAIGb1lfpBw We are currently in the process of writing a meow-dvisory to address the situation. It may take us a mew moments, but I am purr-sonally confident that we will do everything paw-ssible to prevent this situation from cat-apulting into something worse. Thanks very much for your patience and understanding. NK Perhaps some time at the upcoming hackathon should be spent improving this function. Thanks, Jillian -- Note: I am slowly extricating myself from Gmail. Please change your address books to: jilliancy...@riseup.net or jill...@eff.org. US: +1-857-891-4244 | NL: +31-657086088 site: jilliancyork.com | twitter: @jilliancyork We must not be afraid of dreaming the seemingly impossible if we want the seemingly impossible to become a reality - Vaclav Havel -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] going back to Nadim's original question
+1 On Aug 7, 2013 6:25 AM, Jurre drw...@gmail.com wrote: Take this off-list. I don't want a drama libtech community anymore, i'm sick of it. Be professional and excellent to each other or fuck each other over off-list. All the best, Jurre -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] And now for some completely different flame... Chrome + password management
Are they being irresponsible or aren't they? http://mashable.com/2013/08/07/chrome-password-security/?utm_cid=mash-com-fb-main-link That is a serous question in interested to hear a variety of opinions on, both for and against Google's position, OK go! Spoiler alert, I think both players are being jerks and not considering the importance of outreach and how users learn... -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] StoryMaker - opinions
Hi Bill! Thanks for your interest, comments below. snip https://play.google.com/store/apps/details?id=info.guardianproject.mrapp The app is open source (+1) and the developers behind it include Free Press Unlimited, The Guardian Project and Small World News so its provenance is indeed sound. Thanks Bill! We all know its a huge challenge but we are trying hard to achieve it. Nathan has already done a fantastic job explaining the technical details, so I only have a few additional comments, but I'm happy to speak with you directly, or any other member of the list who would like to know more. Firstly we can say that our partners reach approached the problem from a slightly different direction. We at Small World News come from a background working primarily in conflict areas and wanted to find a way to increase the safety of citizen journalists while also improving the impact their content can make by increasing their professionalism and capacity to tell stories. I hope Niels from Free Press Unlimited will chime in, but I can say without their focus on increasing the potential for mobile learning to improve the skills of journalists, the learning and curriculum side of the app would not be what it is. The StoryMaker literature mentions a number of times that the app is to be used for safely reporting and sharing stories and I wonder how this has been substantiated - with particular regard to the fact that it is expected that this app will facilitate free journalism in the (hopefully) emerging democracies of the Middle East: https://www.freepressunlimited.org/en/article/safely-reporting-and-sharing-stories-new-app As Nathan mentioned he has been deeply involved in planning the security functionality, workflow, threat model, etc. Additionally, the system for delivering lessons utilizes SSL certificate pinning to counter MITM attacks and limit the necessity for activists and journalism trainees to carry hard copies and insecure manuals. Eventually this content should exist entirely in an encrypted container. It would be interesting/useful to know how StoryMaker can offer to protect a user's safety or, as no absolute guarantees can ever be made, up to what degree of security can be expected from this app. So far, I have found a short reference to users are able to send data from their smartphone through the Tor network making it difficult to trace. As Nathan has mentioned, there are a number of elements already functioning as part of StoryMaker and by next month we will have a new release that integrates obscuracam functionality and hopefully records content directly in an encrypted fashion. We are also pursuing funding to develop the potential for users to publish to additional platforms over tor via their public API, and including an option for uploading via tor to a private server. StoryMaker looks an excellent app and we are looking at its use by citizen journalists. I hope you like it! So far its being treated and implemented in Iraq, Egypt, Libya, Tunisia, Morocco, and Zimbabwe. We are pursuing some additional opportunities as well, and clearly need to start blogging more regularly about the projects progress. Don't hesitate to get in touch if you have other questions or know individuals who might like further information or support deploying StoryMaker in their projects. Thanks do much for the interest!! Brian Many thanks and best regards Bill -- Community Media Association http://www.commedia.org.uk/ http://twitter.com/community_media Canstream Internet Radio Video http://www.canstream.co.uk/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Iranian Climbers vs. Western Media
Hi Amin, Not to dissuade you from being angry, but to give you some perspective, I live in Oregon and hikers get lost almost daily during the fall, for example. This rarely if ever gets noted on national news, much less international. Though it might seem silly, if President Obama's dog died, it well might make national or even international news, because of the dog's owner. I'm ignorant of Broad Peak, but unless it's particularly tall or dangerous or there is some kind of political statement being made by the climbers (egb3 women activist climbers), there is unfortunately not enough of a dramatic narrative to interest the media. :( Good luck to you and of course the lost climbers! Brian On Jul 21, 2013 3:39 AM, Amin Sabeti aminsab...@gmail.com wrote: Hi guys, Three Iranian climbers has been lost on Broad Peak and none of the Western media hasn't talk about it! The Iranian users on Twitter have tried to trend #IranianClimbers and #BroadPeak to get an attention from media that they've completely boycotted the news. They are so angry because they believe if the Obama's dog was died, all media would talk about but the life of three Iranian people doesn't an important issue. Anyway, you can follow the latest news about this story from here: http://altitudepakistan.blogspot.co.uk/2013/07/broad-peak-new-route-iranian-climbers.html and it would be great, if you circulate the news into your networks. Cheers, Amin -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Ether Rag: Duck Duck Go: Illusion of Privacy
On Jul 14, 2013 12:09 PM, Yosem Companys compa...@stanford.edu wrote: http://etherrag.blogspot.jp/2013/07/duck-duck-go-illusion-of-privacy.html Duck Duck Go: Illusion of Privacy snip In the larger picture, this is the crux of the problem not just for DuckDuckGo, but the internet as a whole. Until and unless agencies like the NSA are forbidden from conducting dragnet collection and analysis of data, there can be no privacy. Privacy is merely an illusion at this point. Perhaps it's silly to make this point on such a list, but I'd clarify that only digital/online privacy is merely an illusion and this is all the more reason to think seriously about what you put online and where/how you access the internet. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Crowd steps up to fund 'NSA-proof' app
If it's not open source we aren't trusting it, so wait and see. On Jul 11, 2013 11:06 PM, Yosem Companys compa...@stanford.edu wrote: http://stream.aljazeera.com/story/201307112159-0022901 Crowd steps up to fund 'NSA-proof' app In just 36 hours, users contributed $100,000 to fund an app designed to get around state spy agencies like the US National Security Agency (NSA). Swedish tech entrepreneurs, including Pirate Bay co-founder Peter Sunde, successfully crowdfunded the planned iOS and Android app named Heml.is, Swedish for secret. The creators claim, We're building a message app where no one can listen in, not even us. The project seeks to provide an alternative to services offered by major tech companies, which they say have been forced to open up their systems and hound out information about their users. [snip] -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle experiences rapid growth in wake of NSA surveillance scandal
password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Help test the new Tor Browser!
Hi Jacob, This is great news, do you know when the new version available for download on torproject.org? Also, I'm not sure how I know whether I'm running 32 or 64 bit OSX 10.6, since it doesn't tell me in the About this Mac. While I can certainly figure that out, I'm not sure how many users will be able to solve this issue, much less be aware it is an issue(I only recently(2 years back?) realized it exists on Windows, much less Mac). Any thoughts about this, besides trial and error? B On Tue, Jun 18, 2013 at 5:24 AM, Masayuki Hatta mha...@gmail.com wrote: Hi, Now the new TBB works nicely for me, and I love it. One regret is UI messages are not translated into Japanese...actually, the messages seems to be already translated( https://www.transifex.com/projects/p/torproject/language/ja/), but somehow it doesn't show up (messages in the installer is translated, btw). Is there anything I can help? Best regards, MH 2013/6/17 Jacob Appelbaum ja...@appelbaum.net Hi, I'm really excited to say that Tor Browser has had some really important changes. Mike Perry has really outdone himself - from deterministic builds that allow us to verify that he is honest to actually having serious usability improvements. I really mean it - the new TBB is actually awesome. It is blazing fast, it no longer has the sometimes confusing Vidalia UI, it is now fast to start, it now has a really nice splash screen, it has a setup wizard - you name it - nearly everything that people found difficult has been removed, replaced or improved. Hooray for Mike Perry and all that helped him! Here is Mike's email: https://lists.torproject.org/pipermail/tor-talk/2013-June/028440.html Here is the place to download it: https://people.torproject.org/~mikeperry/tbb-3.0alpha1-builds/official/ Please test it and please please tell us how we might improve it! All the best, Jacob -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Masayuki Hatta Assistant Professor, Faculty of Economics and Management, Surugadai University, Japan http://about.me/mhatta mha...@gnu.org / mha...@debian.org / mha...@opensource.jp / hatta.masay...@surugadai.ac.jp -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Help test the new Tor Browser!
Thanks Dragana, But wouldn't that mean there is no new browser bundle for recent macs as only 32 is specified at Jacob's link? Brian On Jun 24, 2013 3:18 PM, Dragana Kaurin kau...@openitp.org wrote: On 06/24/2013 02:53 PM, Brian Conley wrote: Hi Jacob, This is great news, do you know when the new version available for download on torproject.org? Also, I'm not sure how I know whether I'm running 32 or 64 bit OSX 10.6, since it doesn't tell me in the About this Mac. What kind of processor do you have? Inter Core 2 Duo, Intel Quad-Core Xeon, or Intel Core i5 and i7 all are 64 bit. While I can certainly figure that out, I'm not sure how many users will be able to solve this issue, much less be aware it is an issue(I only recently(2 years back?) realized it exists on Windows, much less Mac). Any thoughts about this, besides trial and error? B On Tue, Jun 18, 2013 at 5:24 AM, Masayuki Hatta mha...@gmail.com wrote: Hi, Now the new TBB works nicely for me, and I love it. One regret is UI messages are not translated into Japanese...actually, the messages seems to be already translated( https://www.transifex.com/projects/p/torproject/language/ja/), but somehow it doesn't show up (messages in the installer is translated, btw). Is there anything I can help? Best regards, MH 2013/6/17 Jacob Appelbaum ja...@appelbaum.net Hi, I'm really excited to say that Tor Browser has had some really important changes. Mike Perry has really outdone himself - from deterministic builds that allow us to verify that he is honest to actually having serious usability improvements. I really mean it - the new TBB is actually awesome. It is blazing fast, it no longer has the sometimes confusing Vidalia UI, it is now fast to start, it now has a really nice splash screen, it has a setup wizard - you name it - nearly everything that people found difficult has been removed, replaced or improved. Hooray for Mike Perry and all that helped him! Here is Mike's email: https://lists.torproject.org/pipermail/tor-talk/2013-June/028440.html Here is the place to download it: https://people.torproject.org/~mikeperry/tbb-3.0alpha1-builds/official/ Please test it and please please tell us how we might improve it! All the best, Jacob -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Masayuki Hatta Assistant Professor, Faculty of Economics and Management, Surugadai University, Japan http://about.me/mhatta mha...@gnu.org / mha...@debian.org / mha...@opensource.jp / hatta.masay...@surugadai.ac.jp -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Oakland Cryptoparty This Sunday at 1pm
Rich and Ernad, If you could reply to the list about what you come up with I and probably others would be grateful. Unfortunately many who need these tools will not even be aware where to begin looking for hardware. Let us know when you finish the book, and I hope it is short and to the point. ;) Brian Brian On Jun 17, 2013 2:14 PM, Rich Kulawiec r...@gsp.org wrote: On Fri, Jun 14, 2013 at 06:41:12PM +0200, Ernad Halilovic wrote: First of all, thank you for all your valuable input on this list. You're very kind, but my contributions are minor and unimportant. Others have done far more. I wanted to ask you if you have any good resources on getting the hardware ready for a complete move of operations out of the cloud. I'm not sure that I understand the question. (Could be insufficient coffee.) Nearly any hardware will suffice, depending of course on how much of a computational load it's got to carry; I routinely use 10+ year old systems to handle the building block tasks of running an operation: NTP, DNS, SMTP, HTTP, etc. Could you drop me a line off-list and help me understand what it is you're looking for? ---rsk -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Oakland Cryptoparty This Sunday at 1pm
+1 Eleanor. On Jun 14, 2013 6:38 PM, Eleanor Saitta e...@dymaxion.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2013.06.14 18.20, Rich Kulawiec wrote: Now since I have (once again) opened my big mouth, I'll step up as well: if any organizations want to get their email out of the cloud/third parties, contact me off-list. I have a pretty good stash of disused hardware that could be put to work -- better that it be used for good than gathering dust. The issue with this approach is that maintaining infrastructure like this takes an ongoing time commitment by someone who is clueful (and thus at least moderately expensive for broke organizations where everyone's constantly overworked), and that older hardware fails, and keeping enough spares around to get reliability adds cost and complexity again. I'm (definitely) not saying this is a bad idea here, but it's important to understand what the real costs look like for organizations that may not natively have this talent, or where the folks who are supposed to do the work also have other jobs. For instance, in every small org that I've seen that does development and has infrastructure, infrastructure-only hires quickly get absorbed into development work. Running mail as reliably, securely, and conveniently as Google does with GMail is actually hard; this is why it's achieved the popularity it has, not just the cost. I've watched many friends and orgs over the past 9 years decide they just didn't have the time any more. E. - -- Ideas are my favorite toys. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iF4EAREIAAYFAlG7RiIACgkQQwkE2RkM0wpplAD9EofYcu2avh9PSeI6C1jjggUh stkxtMIY8X5T68vyclUA+wQ+HO3a/JINZfKmpignWZMjPBdMhiA0mXT5wDecT9lZ =gkuS -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Oakland Cryptoparty This Sunday at 1pm
Until you become a nuisance, at which point the state just requests cancelation/blocking/surveillance of your single static IP address? I'm asking, because I'm not clueful on this issue and interested to hear more as you and rich are touting this as all being very easy, which seems unlikely... Thanks! Brian On Jun 14, 2013 7:03 PM, Eugen Leitl eu...@leitl.org wrote: On Fri, Jun 14, 2013 at 06:41:12PM +0200, Ernad Halilovic wrote: I wanted to ask you if you have any good resources on getting the hardware ready for a complete move of operations out of the cloud. I'm not Rich (who indeed writes great stuff, thanks!), but I would start with seeing whether you could get a public, static IPv4 address from your Internet Service Provider (this is what I do). If you can't, but have spare rackable hardware I would look into finding a suitable cheap colocation space to host it (this I what I do). If you can't, I'd look into renting physical hardware in a suitable jurisdiction (this is what I used to do). Next step would be a virtual server in a suitable jurisdiction (e.g. we picked Iceland). Further steps would depend on answers to above questions. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Boundless Informant: the NSA's secret tool to track global surveillance data
Hold on... On Jun 11, 2013 12:27 AM, Yosem Companys compa...@stanford.edu wrote: snip The distinction between direct or indirect access is semantic, not substantive, and likely irrelevant to most Americans. snip And then... As I said, a recent NY Times article spoke specifically of the embedding of NSA employees at US tech firms via firms' corporate legal departments, and we know how it happened at ATT, with the employee getting cart blanche to do whatever he wanted at the firm and take as much data as he wanted with no questions asked. highlight we know how it happened at ATT, with the employee getting cart blanche to do whatever he wanted snip That's not substantively different from a FISC finding being issued in each case? *that * is EXACTLY the difference between direct and indirect and it IS substantive. This ATT issue involved an individual being trusted solely to do the right thing. Whether we like it or not, an FISC ruling is a big difference, even if is not public, for the individual being monitored by a stalker ex, for example. Indirect access doesn't make it more acceptable, but direct could and should make it LESS. On Mon, Jun 10, 2013 at 3:09 PM, Jacob Appelbaum ja...@appelbaum.net wrote: x z: @Jacob, I agree with your points regarding American exceptionalism. @Eugen, to prepare for the worst scenario is one thing, to advocate some shady rumor as fact is another. @Rich, those are good movie scripts :-). But it does not work for 9 firms, and hundreds of execs all with diverse values and objectives. @Nadim, when you say we all always 'knew' this was happening, I don't know what this refers to. Is it NSA surveillance, or is it the direct access bit? To me, the crucial point is the *direct access*, and also Guardian's claim of these firms willingly participating in PRISM. I argued that direct access is untrue in my previous email, but none of your replies (except Rich's) are relevant to my arguments. What would you call a FISA API for government agents to query a system and return data on a target? Would you call that direct access or an indirect access? If Google runs the FISA API server, does that make it more or less direct than if the FISA API server is a blackbox run by the NSA? The direct access bit is what made this story sensational. Without this bit, the story would be much less juicy but more true. In the long run, truth gives more power than lies. Washington Post has backed down to reality, for which I applaud their judgment. Guardian has not, and keeps on defending their misinformation and bad reporting, for which I resent deeply. You don't know the truth and you seem to think you do. The story that is important is that Google makes one claim, while the NSA slide makes another. Note that the law doesn't allow Google to even tell the press the whole truth. If Snowden and Greenwald do not mislead the world on 'direct access and just report it rationally, I'd applaud their courage. Now I think Snowden is not more than a self-aggrandizing douche. I'm sorry, did you watch his video interview? On what grounds to you call him a self-aggrandizing douche exactly? I hope internet freedom can advance with accurate awareness, not by public paranoia. You take issue with a very weird semantic bit of the larger story. How does such semantic nitpicking, where you don't actually even know the facts behind your speculations, help advance any cause, anywhere? All the best, Jacob -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Guardian reporter delayed e-mailing NSA source because crypto is a pain
+1 Micah +1 Jillian Anne and Paul. On Jun 12, 2013 7:24 PM, micah mi...@riseup.net wrote: Eleanor Saitta e...@dymaxion.org writes: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2013.06.12 11.54, micah wrote: I'm constantly hearing from people who complain about the UI in things like gnupg. I feel your pain, I do not want to argue that you are wrong. However, I do want to argue that complaining doesn't help to solve the problem. I've asked every single person who has complained about this problem to me recently, have you filed a bug about your issues? and everyone's response is: no. I've done this, and guess what? It works! I filed bugs and had discussions on the gnupg mailing list that have made your experience with that tool a little bit better. There are many ways that I think it can be improved still, don't get me wrong, but the gnupg developers are reasonable people who want to make the software better, and probably have been hearing these complaints for years and years and would welcome a way to make people stop complaining. It seems there are a lot of people out there who have a clear idea of what is good and what is bad UI and are pretty vocal about when something is bad. How about turning that into clear bugs that describe better workflow and UI? You dont have to be a crypto nerd, or a C programmer to make this stuff better and easier to use. Is there any point in filing a bug that says Please have a professional designer re-work all use flows in this system from scratch? (No.) I agree, there is not much point in that. Is there any point in filing a bug that says Please remove features X, Y, Z, Q, R, N, and M because they're too confusing for novice users? (No, especially when X is the entire web of trust.) I somewhat disagree with you on this point. There is a point to filing a bug that says, Please remove the choice of RSA/DSA/Elgamal from the gpg --gen-key process and just automatically use the default unless the user has passed --advanced. It is confusing for a user who is just learning to use the tool to have to make this choice. Filing bugs isn't enough -- it's an entire design effort. I do not think that it is one or the other. Don't throw out the bugs or usability enhancements because you think that the whole thing needs to be redesigned. Individuals may see a thing and think hey, this could be changed, but what's needed is a top-to-bottom redesign, and that does not translate into a simple set of clear bugs. I don't believe that the GPG designers have the resources available to do this design effort as it stands, and it's not just them, it's the entire ecosystem that needs to be involved and work together. I disagree. I've been working with people who have been doing this sort of iterative changes with the software for years and things have gotten better. It is actually not that hard to make significant usability changes without needing to make top-to-bottom changes. For example, here is a bug I filed which coalesces my experiences doing gnupg trainings with different activists and the stumbling blocks that we ran into: https://bugs.g10code.com/gnupg/issue1506?@ok_message=msg%204634%20created%0Aissue%201506%20created@template=item We'd love to see this fixed. If it was this easy, it would have been done years ago. You would be surprised the changes that you can get if you ask for them and describe clearly why they are needed. It helps a lot if you can also clearly describe a better alternative. If you know how to code and have time, then providing a patch will go even further. Although patches are always welcome, they are not required. For a really long time, smart cryptographers have been writing this software, their heads are focused on doing the correct technical thing and that doesn't always translate into an easy experience. They have been doing this so long that they cannot see how this could be any different. It is up to us who aren't so deeply stewed in hashing algorithms and trust metrics, we who work with people who provide us the feedback who can synthesize it and bring that back to those people in who know the code so that they can make it more usable. If we do not do that, it will not happen, ever. No matter how much we complain in places where they will never hear us. My experience has been that software gets better when I point out the problems to the appropriate place that the developers have asked for those things to be put. Sometimes that takes several years, sometimes I get lucky and the change happens in a weekend. It very rarely gets better on its own. You may think that the whole crypto world needs to be thrown out and we need to start again, and you see that as an intractably impossible problem. I see things differently because I've seen annoying things iteratively become usable over time, and I've seen usable
Re: [liberationtech] Cryptocat: Translation Volunteers Needed
Catherine, shut out is an active verb indicating intention, which is very different from not available for which implies the potential to become available, unlike shut out which ones a decision to not provide support. That said Nadim, I do find increasing use of opera in areas of low bandwidth such as Zimbabwe and Libya. It may only be 1% of total users but might be a far larger percent of likely users or users you intend to reach. That said I know nothing about the technical issues and assume u have investigated them. Brian On Jun 11, 2013 2:19 AM, Catherine Roy ecr...@catherine-roy.net wrote: On 10/06/2013 6:18 PM, Nadim Kobeissi wrote: Catherine, Opera is not shut out. It's simply difficult to develop for Opera due to its limited browser extension API. Your email made it sound as if Cryptocat had something against the Opera browser. My email is simply stating that Opera is shut out. How else should I interpret this message : Cryptocat is not available for your browser. See screenshot : http://www.flickr.com/photos/**zazie/9010759541/http://www.flickr.com/photos/zazie/9010759541/ I sent you a message off-list to inquire about this and received no response. We have a ticket open for Opera compatibility in our code base. If you'd like to, you can contribute to Cryptocat for Opera development here: https://github.com/cryptocat/**cryptocat/issues/190https://github.com/cryptocat/cryptocat/issues/190 I am not a developer. Must we all be developers to have a significant influence on these types of issues ? Best regards, Catherine -- Catherine Roy http://www.catherine-roy.net NK On 2013-06-10, at 6:10 PM, Catherine Roy ecr...@catherine-roy.net wrote: Congrats. But, as I asked in a private email to which I got not response, is there any reason why Opera is shut out ? Best, Catherine -- Catherine Roy http://www.catherine-roy.net -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/**mailman/listinfo/**liberationtechhttps://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Boundless Informant: the NSA's secret tool to track global surveillance data
+1 to the tone comments, but my verdict is still out on greenwald, though until I see the lawyers and privacy people talking a big game (not just executives) I would tend to believe there is more than a grain of accuracy. On Jun 9, 2013 6:45 AM, Nadim Kobeissi na...@nadim.cc wrote: Jake, I don't agree with x z (and rather agree with you), but I'm really tired of just how aggressive and rude you always are on Libtech. And it doesn't appear to just be towards me. I'm not the only person who feels like this. Even if you're right, tone your ego knob down already. Be nice. I can barely read through threads anymore. Thank you. NK On 2013-06-09, at 9:15 AM, Jacob Appelbaum ja...@appelbaum.net wrote: x z: 2013/6/8 Jacob Appelbaum ja...@appelbaum.net Oh man, Glenn Greenwald is my hero and a hero to us all. Do you still believe Glenn's reporting that NSA has direct access to servers of firms including Google, Apple and Facebook? Yeah, I think it is clearly a FISA interface or API of some kind. Either that or it is pwnage of the server. Probably one or the other in some cases. In my view, he misled the world intentionally (the few prism training slides published did not seem to claim this). Glenn is at best a wacky journalist without common sense. He just broke the story of the decade, good to know your views on him. His reporting on the Verizon case was good, but I think his credibility bankrupted after the PRISM one. We disagree, obviously. You'll see soon enough and when you're eating crow, I'm sure we'll have another discussion. Everyone on this list who was looking for 'some evidence' about global surveillance and previously ignored all other evidence, well, here you go! Revealed: The NSA's powerful tool for cataloguing data – including figures on US collection http://www.guardian.co.uk/world/2013/jun/08/nsa-boundless-informant-global-datamining This screenshot from the program is very web 2.0: http://static.guim.co.uk/sys-images/Guardian/Pix/pictures/2013/6/8/1370715185657/boundless-heatmap-large-001.jpg The NSA is spying on the US and on the rest of the planet. There is no ability to deny this anymore. Anyone who denies it is a complete moron. I don't understand why this evidence is significant in any way. NSA certainly has lots of information, and a web2.0'ish tool is nothing surprising. It's rather moot to state anyone who denies it is a complete moron. It's like the highway patrol keeping my driving record. Why does it matter if you are surprised? Also, your analogy is tired and boring. This is nothing like a highway patrol. Again, I'm not rooting for NSA. I think its power need to be limited and it needs more transparency. But I hate using misinformation or hyperbole to achieve that goal. This hurts the credibility of all the pro-privacy groups in general. I don't see any misinformation or hyperbole from Glenn. I see contradicting claims between governments and corporations. I also see that he wanted to ensure everyone understood what each side claimed. Note the very carefully worded denials all around. All the best, Jacob -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] NSA whistleblower revealed
Easy answer, plenty of flights to hong kong from Hawaii I would bet, and no layovers in problematic countries. B On Jun 9, 2013 5:04 PM, Anthony Papillion anth...@cajuntechie.org wrote: On 06/09/2013 04:43 PM, Matt Johnson wrote: I have to say going to Hong Kong for free speech and safety seems like a very odd choice to me. What was he thinking? Actually, and I think this is pointed out in either the video or an article somewhere, Hong Kong doesn't generally suffer the speech restrictions mainland China does. Sure, they aren't completely free but protests and unpopular political speech happen quite frequently and are generally well tolerated by the government. Still, I have to wonder why he didn't go somewhere like Iceland. To me, that would have been a no-brainer. Anthony -- Anthony Papillion Phone: 1.918.533.9699 SIP: sip:cajuntec...@iptel.org iNum:+883510008360912 XMPP:cypherpun...@jit.si www.cajuntechie.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Time to ask again: why are you logging?
+1 On Jun 7, 2013 11:57 AM, Anthony Papillion anth...@cajuntechie.org wrote: On 06/07/2013 01:51 PM, micah wrote: The default syslog in Debian, rsyslog just announced that they've added log anonymization capabilities[0]! Almost 12 years now after riseup wrote the initial patches to syslog-ng[1] (a few years ago syslog-ng added this capability, so we no longer needed to carry that patch around) it is nice to see that this has been added to rsyslog! This is an *excellent* post Micah! Thank you for writing it. It really doesn't take a lot to turn off logging when you're setting everything up. Not doing so is just lazy. Thank you for the post! Anthony -- Anthony Papillion Phone: 1.918.533.9699 SIP: sip:cajuntec...@iptel.org iNum:+883510008360912 XMPP:cypherpun...@jit.si www.cajuntechie.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] OpenWatch Releases #OccupyGezi Android Application
Hi Rich, That sounds pretty cool, have you heard of StoryMaker yet? It's an app we have been building at Small World News, in collaboration with the guardian project and scal.io, along with support from free press unlimited and the open tech fund. StoryMaker helps users tell stories not just document events and provides on the job training to improve their skills. It also does enable anonymous publishing via tor through integration with orbot. I wonder if your colleagues in turkey may be interested in using it? https://play.google.com/store/apps/details?id=info.guardianproject.mrapp Let me know if you have questions! Brian On Jun 7, 2013 8:14 PM, Rich Jones r...@anomos.info wrote: We were asked by members of the media in Turkey who have been shut down to release a version of our new streaming media capture applications. In an effort document the history of the struggle and to help show abuses by authorities there, we are pleased to announce the Occupy Gezi android application. Announcement: https://openwatch.net/i/87/openwatch-releases-occupygezi-mobile-application Download: https://play.google.com/store/apps/details?id=org.ale.occupygezi Code: https://github.com/OpenWatch You will be able to see all of the media produced by the apps live as it comes in here: https://openwatch.net/w/occupygezi and we will use the media received to produce additional documentaries and reports. If you've got any feedback, please get at us: t...@openwatch.net Thanks!, Rich Jones OpenWatch = Why Turkey Needs an Independent Free Press - And How OpenWatch Is Helping *Media conglomeration and an ever-worsening press-freedom record have created a void in independent reporting in Turkey, so OpenWatch has released a mobile application for Turkish mobile reporters.* In support of a free press, the right to demonstrate, and the right to use media to document the truth, OpenWatch has released an Occupy Gezi application for Androidhttps://play.google.com/store/apps/details?id=org.ale.occupygezi (with an iPhone version coming out shortly) to allow people on the ground to collaboratively document the history they are making together. Download the application here on the Google Play storehttps://play.google.com/store/apps/details?id=org.ale.occupygezi ! The applications will send videos and photos directly online, where they can be found in the apps and on the web by following the #occupygezihttps://openwatch.net/w/occupygezi hashtag on OpenWatch https://openwatch.net/w/occupygezi, which will show a live feed of media as it is received. We have optimized the application to stream videos and photos to our servers in the fastest way possible, even in low-connectivity environments. We will be producing documentaries and reports using the media created by the Occupy Gezi applications. All media created is Creative Commons, and all of the code is Free and Open Source, and available on our GitHub pagehttp://github.com/openwatch. We have also updated our own open source software with additional Turkish translations. Why?While thousands of demonstrators took over a public space in an unprecedented act of mass political protest, the mainstream Turkish media instead ran documentaries about penguins. This is actually not surprising, as Turkey, which has the most imprisoned journalists of any country according to Reporters Without Borders, has been increasingly restrictive of press freedom in the past few years. As a result, much of the coverage of the events in the Turkish streets was provided by users of social networking services like Twitter. Now, authorities are targeting social media reporters and provocateurs as well: Authorities in Turkey have raided the houses and detained 38 people accused of using social media services to promote insurrection. What now?Going forward, we hope that people will be able to use mobile media to document the truth, the history they are making, and to protect themselves from abusive authorities by capturing and exposing the reality of events. The #OccupyGezi App was built on top of open source software which is being actively developed - there are some bugs, so please report them so that we can fix them. (It is not an app for anonymous reporting, and we do not make any such claims - it is an application simply designed to rapidly capture and redistribute important information which needs to be seen by as many people as possible. In the future, we do intend to build a separate architecture to support anonymous submissions, but we take identity security extremely seriously here, which is why we make no claims about anonymity at the moment.) If you are in Turkey and wish to document your experiences during this struggle, or just want to show your solidarity, use the applicationhttps://play.google.com/store/apps/details?id=org.ale.occupygezi and share your view with the world! -- Too many emails?
[liberationtech] Anyone else getting spammed by Reporters Without Borders press releases?
---If the subject doesn't apply to you, you may just want to delete this-- Subject says it all. Today rwb_...@rsf.org sent me a dozen+ press releases, and I've just noticed in one they cc'ed every receiver in the clear. From a quick perusal many people cc'ed are also on this list. I have no idea why RSF decided to start spamming me with this, and my email request for details to the above address have returned no response. Anyone else had success dealing with this? -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Privacy, data protection questions
Rich, the point is simple, let me put it into a formula: (civility + relevant advice) / length = degree to which people consider your advice My point is that you clearly have a lot of the second piece of this formula, however your lack of the prior piece, and the lack of many people on this list (myself included at times!) leads to us wasting our breath and carpal tunnels, because the degree to which people are likely to consider are advice is inversely proportional to our lack of civility. Your second email is generally much increased in civility, but, frankly, I didn't read all of it. I understand smartphones are a disaster, but I also understand that government surveillance has many of its own critical flaws. The capability to do something technically is not the same as the ability to execute it bureaucratically, socially, or practically. Finally, I do look forward to your advice. I generally read most of your comments on this list as I find them insightful, however in this case, I was struck by your entirely hostile attitude. It's clear you have a chip on your shoulder about this stuff, maybe because you are angry people are getting funding for things you see as stupid or fundamentally flawed, maybe for another reason, quite frankly all i care about is how your attitude impacts my day. Brian On Tue, Mar 26, 2013 at 4:12 PM, Rich Kulawiec r...@gsp.org wrote: On Mon, Mar 25, 2013 at 10:57:10AM -0700, Brian Conley wrote: Mostly I'm taking issue with your nonconstructive demeanor. Clearly you have no idea how I write when I'm being nonconstructive. ;-) Think equal proportions Kingsfield[1], Vader, Snape. Season to taste with HST and Mencken, serve at full boil. I've not seen you take the Guardian Project to task for trying to solve some of the same problems. I've not seen you take Tor project or Whisper Systems to task. (a) There aren't enough hours in the day to provide extensive (security or other) critiques of everything that comes across here. And there are other people whose expertise in certain areas dwarfs mine, so until/unless I close the gap, I'll defer to them. Also I think I should occasionally STFU and listen. So I respond on-list when I feel that I have something useful to say, *usually* (but not always) when I think that has applicability beyond the particular topic-of-the-moment. Hence my comments in re Silent Circle, which are far more about the inherent insecurity of closed source software than about the specifics of Silent Circle itself -- most of which I didn't pay any attention to because I think they're irrelevant. And speaking of applicability beyond the topic-of-the-moment: (b) If you read my message carefully you'll notice that I did in fact explicitly point out that while I was using this particular project as an example, it's by no means the only one facing the exact same issue. Building a secure smartphone app is presently equivalent to trying to put the roof on a house whose foundation is sinking into quicksand and whose main floor is on fire. So what constructive thing could I possibly say? The entire smartphone ecosystem is rotten to the core: the OS vendors care far more about advertising than privacy and security [2]. Well, and they care a lot about paying attorneys so that they can all sue each other. [3] The app markets are loaded with malware, spyware, adware, and crap. And more crap. Also: still more crap. Users will download and run any shiny thing they see, doubly so if it purports to enhance their social experience -- much to the delight of the scammers and spammers running those operations. Telcos are happy to turn user tracking/surveillance/etc. into profit centers. Governments want every scrap of data they can get from carriers and there's now an entire subindustry for software that extracts data from locked phones. D'ya think if I asked them very nicely and politely they'd all stop? *crickets* There is NOTHING constructive to be done here. It's not a fixable situation at the moment or for the forseeable future. The *only* thing to do, as far as I can tell, is to stop pretending it's otherwise and stop laboring under the delusion that smartphone apps have a chance in hell of being secure in mass deployment scenarios. (c) So to re-emphasize the more general point: no smartphone apps, UNLESS you can produce a viable, workable, scalable, defensible plan to keep the phones secure in the field. Otherwise your app, whatever it does, and however nifty it is, is probably going to be undercut from the moment it's installed...or very soon thereafter, as soon as one or two governments your users are annoying decide to deploy countermeasures. (I think it's fair to say that, to a first approximation, the tempo and scale of their response will be proportional to the adoption rate and annoyance level. Thus: the better your app and the more people that use it, the sooner you should
Re: [liberationtech] Privacy, data protection questions
Rich, Mostly I'm taking issue with your nonconstructive demeanor. I've not seen you take the Guardian Project to task for trying to solve some of the same problems. I've not seen you take Tor project or Whisper Systems to task. You have essentially shat on someone's head who is taking a risk by being open and asking for feedback. As this is a LIST that numerous people have mentioned is beneficial to them as a place for discussion one might expect common courtesy to prevail. I know that is not the general tendency on the internet, where trolls abound. Perhaps we could all try to be a bit less trollish, and perhaps more gnomish. I would present Steve Weis' critical, yet cordial response to Crypho on another thread as a good example: Hi Yiorgis. The ways of asserting the authenticity of served [JavaScript] always reduce to trusted code executing on the client. You need to trust whatever is authenticating the served application. You can't get around it. This approach always ends up with either trusting the service or running client-side code. The former is a perfectly fine business model and the standard for almost all web apps, but you can't make the claim that the government and our staff cannot access your data. It's simply not true, and not just because there might be incidental bugs you're working on fixing. It's fundamentally untrue. I appreciate the challenge you are trying to tackle and understand that delivering client-side code across all browsers and platforms is a non-starter for an early startup. If it were an easy problem, we wouldn't be having this discussion. I wish you luck in solving it. Regards, Brian On Mon, Mar 25, 2013 at 5:52 AM, Rich Kulawiec r...@gsp.org wrote: On Fri, Mar 22, 2013 at 04:29:38PM -0700, Brian Conley wrote: Nose to the grindstone Andrew. Use Rich's email to remind you this is hard, but its still worth doing. I've read this multiple times and I still have no idea how your remarks relate to what I wrote in re the (in)security of smartphones, the resulting pervasive malware epidemic and the subsequent serious architectural problems for application developers, including but not limited to this one. (serious architectural problems == you're building on enemy territory, this probably won't end well) Neither coffee nor scotch (both applied liberally) have yielded any enlightenment, so I must now ask: Whiskey Tango Foxtrot, Over? ---rsk -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Crypho
Thanks for this Steve, its a rare breath of fresh air to see someone respond firmly, critically, yet also collegially. +1 for gnomish anti-troll behavior! B On Mon, Mar 25, 2013 at 10:20 AM, Steve Weis stevew...@gmail.com wrote: Hi Yiorgis. The ways of asserting the authenticity of served [JavaScript] always reduce to trusted code executing on the client. You need to trust whatever is authenticating the served application. You can't get around it. This approach always ends up with either trusting the service or running client-side code. The former is a perfectly fine business model and the standard for almost all web apps, but you can't make the claim that the government and our staff cannot access your data. It's simply not true, and not just because there might be incidental bugs you're working on fixing. It's fundamentally untrue. I appreciate the challenge you are trying to tackle and understand that delivering client-side code across all browsers and platforms is a non-starter for an early startup. If it were an easy problem, we wouldn't be having this discussion. I wish you luck in solving it. On Sun, Mar 24, 2013 at 3:08 AM, Yiorgis Gozadinos ggo...@crypho.comwrote: On the technical side, like I said, we will try to address the issue of trusted js by implementing apps as well as explore ways of asserting the authenticity of served js. Open-sourcing the client code will certainly help in auditing. There are other things we put in place to help, CSP, Strict-Transport-Security and X-Frame-Options headers for example or a proper SSL setup. These cannot guarantee of course that we haven't overseen things, but our hope is that gradually we can build trust on our app. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Crypho
Crypho is a team collaboration tool, comparable to Basecamp and Yammer. It provides a real-time persistent team chat, collaborative document editing and file sharing. Unlike comparable tools, all data is encrypted before leaving the browser, with encryption keys held only by the team members. It is impossible for anyone without the keys to decrypt your data. collaborative document editing and file sharing. that's how, no? B On Fri, Mar 22, 2013 at 2:03 PM, Nadim Kobeissi na...@nadim.cc wrote: How is this any different from Cryptocat? NK On Fri, Mar 22, 2013 at 4:59 PM, Cooper Quintin coo...@radicaldesigns.org wrote: I had a chance to try out crypho a couple of weeks ago at a demo they put on at noisebridge. I have some concerns about it, namely the delivery of crypto code over javascript without any sort of verification of it's authenticity (via browser plugin, etc.), since this point has already been discussed to death on this list however, I do not wish to re-open that debate. I managed to find a couple of javascript injection attacks in the beta already, though the developer assures me that they are working on fixing all the bugs right now, still the lack of attention to basic web security at such an early stage is concerning. That aside it seems okay, though I have some worries about side channel attacks and the fact that it hasn't been peer reviewed as far as I can tell yet. It does seem like an interesting project though, with some smart people behind it. I am looking forward to seeing the code once they open source it. Cooper Quintin PGP Key ID: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA On 03/22/2013 01:48 PM, R. Jason Cronk wrote: Anybody know the people who are doing this? http://www.crypho.com/ It's still in beta, so I'm assuming they are working out bugs prior to releasing the code which they say they will do. See http://www.crypho.com/faq.html Is it Open-Source? Yes! We are reviewing the source code for release. It will be available under an OSI approved license in the near future. *R. Jason Cronk, Esq., CIPP/US* /Privacy Engineering Consultant/, *Enterprivacy Consulting Group* enterprivacy.com * phone: (828) 4RJCESQ * twitter: @privacymaverick.com * blog: http://blog.privacymaverick.com -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Privacy, data protection questions
each and every phone of interest and is going to install trackers, spyware, keystroke loggers, and whatever else occurs to them, and you're not going to stop them. At best, you might figure out that this is happening after-the-fact and remediate some of them...until they go back out in the field and get infested again. Lather, rinse, repeat. Not to put too fine a point on it (but I suppose I will anyway): If someone else can run arbitrary code on your computer, it's not YOUR computer any more. [2] The phone may be in a journalist's hand or it may be in a researcher's pocket, but it's not theirs. *Not any more*. Which means that your liberation app, the one that you designed and developed and sweated over, the one that your user is trusting to send and receive sensitive information, the one that's connecting to a backend through umpteen layers of encryption and obfuscation and misdirection and whatever...is now running on the government's phone. ---rsk [1] https://mailman.stanford.edu/pipermail/liberationtech/2013-March/007672.html [2] I'm probably quoting somebody. But I don't know who. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] skype
+1 Yosem, except I take issue with the last point. I don't think its always that superior technical solutions *can't* provide better branding/usability, its that they choose NOT to, or in the past have even demonized anyone who thinks there is value in such things. luckily this is changing! B On Thu, Mar 21, 2013 at 2:36 PM, Yosem Companys compa...@stanford.eduwrote: Rich, that's because you're not thinking like the average non-technical user, who usually does the following: The user hears from a friend that she can make calls for free over Skype. So she clicks on the Skype link. Skype has millions of users, meaning it will be around for a while. The Skype website looks visually attractive, meaning that it must have a lot of developers. More recently, it is owned by Microsoft, which the user trusts for similar reasons. Most large, stable, visually-striking brands can be trusted, the user thinks. She doesn't think for she doesn't know that Microsoft has been attacked a lot. Now, the user installs Skype. She clicks through a few steps, easy enough. That's a low barrier to adoption. Next, the user sees all their family and friends on there. Great, she thinks. Now I can call that friend who told me to install it. After that, the user reads in a news article that Skype is insecure. That sucks, she thinks. But it's not like I do anything confidential on there anyway. Or, perhaps, she thinks, I haven't done anything wrong, so who cares if I'm being watched. I'm glad the government is looking out for those terrorists. To the extent that the user cares about security, now she needs to figure out what's the best secure alternative out there. But notice what happens: There's no large, established competitor that is secure. Those competitors don't have brands. To the extent that the user finds a secure competitor, say because Consumer Reports published an article on it (for the average non-technical user may not know of EFF), then she might click and check it out. She might ask her family and friends. But their family and friends have never heard of it and, even worse, are not on it. I care about my security, she may think. So I will try it anyway. But all the time it gnaws at her that she doesn't know the competitor's name and that she has to take a leap of faith to install it. The company says it's open source. What the heck does that mean? She thinks. What if this company is untrustworthy? What if this company goes under and sells my data? What if... Too many barriers to adoption. We always think, let's make the most private and secure solution, forgetting that users care about many brand attributes that the most superior technical solution can't provide. On Thu, Mar 21, 2013 at 1:05 PM, Rich Kulawiec r...@gsp.org wrote: On Wed, Mar 20, 2013 at 11:17:03PM -0400, Louis Su?rez-Potts wrote: One is tempted to suggest using other than Skype. Alternatives exist, and these are secure, at least according to their claims. As well, Skype's code is not transparent, in the way that other, open source, applications' are. I'm more than tempted: I can't understand why anyone would even consider using Skype. It's closed-source, therefore it must be presumed insecure. Nothing Microsoft says about it can be trusted. There is reason to believe that it's been successfully attacked by third parties. etc. I dunno 'bout y'all, but I think that's enough to blacklist it permanently. Done. Over. Next? ---rsk -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] liberation tech and Congress
Hi Lorelei, You might be surprised to hear this, I certainly was. Apparently Representative Darrell Issa has been pushing a bunch of opensource development around WordPress and potentially other OpenGov applications. Brian On Wed, Mar 20, 2013 at 12:04 PM, Lorelei Kelly loreleike...@gmail.comwrote: hi all, Here at OTI, I'm spearheading an effort to find and cultivate 5-10 Members of the House and Senate so that they will be champions of open technology and other related policy issues. We'd like to make them authoritative and confident to stand up for our priorities by providing them with subject matter expertise and technical knowledge--the idea is to create some key nodes on Capitol Hill that will educate the institution over time. Its not a lobbying effort, but a long term policy education effort. Question: as a foreign policy wonk until recently, I'm not familiar with the scorecards or vote rating guides that might be available on open technology, Internet freedom, privacy, etc. Is anyone doing this? Also, does anybody have any recommendations for our list? The individuals don't have to be techies, though that is a bonus. We'd love to support members who are wonks and thoughtful systems thinkers and reformers in either party. LK -- *Lorelei Kelly http://newamerica.net/user/452* * * * * *check out our SmartCongresshttps://www.newschallenge.org/open/open-government/submission/smartcongress.org/pitch! * *read about Congress' Wicked Problemhttp://newamerica.net/publications/policy/congress_wicked_problem * look at these cool maps about guns and powerhttp://www.theatlantic.com/politics/archive/2013/03/how-groups-like-the-nra-captured-congressand-how-to-take-it-back/273623/in the Atlantic * *Open Technology Institute New America Foundation Tweeting @loreleikelly cell: 202-487-7728 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Satellite phones for Rohingya in Burma
Hi Heather, First of all, I can't echo Jacob's concerns enough. You can find a concise overview of the risks of using satellite phones in a guide I authored last year: http://smallworldnews.tv/guide/ (specifically: http://www.smallworldnews.com/Guide/Guide_SatPhone_English.pdf) If you're still considering using a satellite phone, I would suggest that, with a clearly defined strategy, strong plan for success, and acceptance of the risks, there isn't likely to be a more effective tool for getting verbal or shortform text updates out. However this means you need not only people inside willing to take the risks to call out with updates and news, you also need a guarantee from journalists and news agencies outside that they WILL RUN the reports. Without guarantees that the news will be used/distributed broadly, its certainly not worth the risk. It's true that small cameras taking pictures on microSD cards which are then transported out by hand is SAFER, it may not be more effective. Again, without a complete chain of impact from creation to distribution of the media, nothing will be effective. If your colleagues will be producing video or photo content, I'd be happy to provide some advice/resources to improve their work. I'm happy to speak more, and may be able to put you in touch with some journalists who would be interested in traveling over, and/or using the reports your colleagues might produce. regards Brian On Sun, Mar 17, 2013 at 12:17 PM, ttscanada ttscan...@riseup.net wrote: Hi all, For those that aren't aware, 800,000 Rohingya people in Burma are being cut off from communication as the military and government try to drive them out of the country. Over 100,000 are being starved to death in concentration camps, the rest are driven into boats which neighbouring countries are refusing to allow to land. There have been two large scale massacres as well, one in June, one in October. Our contacts have been saying for weeks there is another massacre planned for the end of March, but even if there weren't, they are living in houses made of straw and plastic bags with no food or medical aid and the rains are coming. This is a full scale genocide supported by the current Burma/Myanmar government. Media and aid groups are blocked and the people are jailed just for having a TV, they have no phones. More information, check out over 100 pages of links here http://topsy.com/s/georgiebc+Rohingya?window=a the #Rohingya tag on Twitter or google. We have a way to hopefully get some journalists in to document war crimes. We need satellite phones for the Rohingya people as well, as many as possible, donated would be great. If anyone has any ideas for a good phone source it would be appreciated. All the best, Heather Marsh @GeorgieBC on Twitter -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Qt TorBrowser
For anyone interested in digging into this discussion, let me suggest a simple Google search to locate the discussion on the tor list. http://www.google.com/search?sourceid=chrome-mobileie=UTF-8q=torbrowser+randolph+tor+cc I'm not sure why its worth creating more noise on this list, but I suspect the discussion will continue ad infinitum as these things are wont to do. It seems: A. Tor Project would like us to realize torbrowser is not a related project to them. Clear. B. Randolph is part of a team developing an alternative to the current Tor browser bundle. He thinks this may be more secure than TBB. Clear. C. Unless we are having a larger discussion about the risks/fallibility of trademark copyright and authorship in a global society, what are we talking about here? (To be clear I'm very interested in discussing C as I have posited some of the same concerns previously regarding our forthcoming StoryMaker. I don't disagree Randolph's behavior is hugely problematic, but I suspect it may be an issue of cultural misunderstanding and/or foolishness more than malicious behavior.) On Mar 17, 2013 10:32 AM, Griffin Boyce griffinbo...@gmail.com wrote: Randolph D. rdohm...@gmail.com wrote: Using another developer's name is uncool this has not been done, it was a placeholder one year ago and replaced, as the developer denied. Between the app naming scheme, the questionable use of a developer name *highly similar *to an official Tor developer, use of a similar logo, and (most importantly) not having updated the codebase in a year, this project raises some serious alarm bells. Even it wasn't intentional, that doesn't mean it isn't a huge mistake. Even if it were audited, I would be hesitant to use or recommend it because it appears to be trying to foster confusion. I'll be honest, I don't really accept the 'placeholder name' excuse, particularly since my impression is that he was the only developer for this project. It would be much better to have a project titled [Name] Browser and specify that it's designed to be compatible with Tor. Not only is it better for Tor, but it will help differentiate your project for users. (Whether it leaks user info remains to be seen, but it's notoriously difficult to make privacy-enhancing software. There are probably ten devs with IDA Pro open right now seeing whether it's full of malware =P). ~Griffin -- What do you think Indians are supposed to look like? What's the real difference between an eagle feather fan and a pink necktie? Not much. ~Sherman Alexie PGP Key etc: https://www.noisebridge.net/wiki/User:Fontaine -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Interesting legal question about copyright happening right now
TV stations likely have a negotiated license or permissions, no? Either way, definitely agree it raises questions as to who is a journalist. Larger news agencies often have huge teams of lawyers that have a say in whether to publish a story or not(or at least help establish the boundaries). But that doesn't determine the legality, simply there to protect against real or imagined threat of litigation. It will be interesting to see how these issues develop in the future with the increasing accessibility of publishing tools On Feb 24, 2013 11:35 AM, Jillian C. York jilliancy...@gmail.com wrote: Considering they sure don't seem to mind when major TV stations film, this is awfully hypocritical and for me, raises questions about who is a journalist... On Sun, Feb 24, 2013 at 8:28 AM, Yosem Companys compa...@stanford.eduwrote: **Is Nascar within its rights as it IS private property. -- US: +1-857-891-4244 | NL: +31-657086088 site: jilliancyork.com http://jilliancyork.com/* | * twitter: @jilliancyork* * We must not be afraid of dreaming the seemingly impossible if we want the seemingly impossible to become a reality - *Vaclav Havel* -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Kenyan election
Thats fantastic news Heather. good luck! After the election, I'd love to speak with you about the multimedia storytelling app we've been developing. I believe it would make a great addition to the ushahidi mapping software, making it easy for users to submit multimedia stories as well as single element reports, etc. cheers Brian On Sat, Feb 23, 2013 at 4:43 AM, Heather Leson hle...@ushahidi.com wrote: Morning, This might be my first post to libtech despite monitoring the list for over a year. Thank you for constantly informing me with diligence, discussion and, sometimes, debate. By way of introduction, I am a mapper and serial volunteer. By day (or night) I work on Community Development at Ushahidi. Brian, thanks for you note. We are in the middle of training and testing Uchaguzi.co.ke. This morning we did a data audit of the live system and access controls. Folks should be testing on the dev link that we are providing. There was a gap. We've cleared up that confusion. We have more training planned. One week to go. You can learn more about the training and verification strategy on our wiki. And, if you like to help out or provide feedback please do contact us. https://wiki.ushahidi.com/display/WIKI/Uchaguzi+-+Kenyan+Elections+2013 Thanks again Heather On Fri, Feb 22, 2013 at 3:32 PM, Brian Conley bri...@smallworldnews.tvwrote: Hey John, Glad to hear it. Seems you have some flawed data already... see: https://uchaguzi.co.ke/reports/view/107 Good luck sorting things and getting the data structured correctly, I hope it has a high usage (ideally a high incidence of voters noting success and safety at the polls!) Brian On Fri, Feb 22, 2013 at 12:15 PM, John Kipp kipp.g...@gmail.com wrote: Give me a call when you are here.I am helping coordinate uchaguzi.www.uchaguzi.co.ke Kipp On Feb 22, 2013 10:24 PM, Warigia Bowman wari...@gmail.com wrote: Hi friends Since I am a little bit crazy, I am flying into Kenya for a week (Mom and hubby are from there) to monitor the use of information technology in the 2013 Presidential election. Please follow me on twitter @warigiabowman Election Day is March 4th! Cheers, Rigia -- Dr. Warigia Bowman Assistant Professor Clinton School of Public Service University of Arkansas wbow...@clintonschool.uasys.edu http://democratizingegypt.blogspot.com - View my research on my SSRN Author page: http://ssrn.com/author=1479660 -- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Heather Leson Director of Community Engagement *Ushahidi* hle...@ushahidi.com www.ushahidi.com @heatherleson -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Kenyan election
Hey John, Glad to hear it. Seems you have some flawed data already... see: https://uchaguzi.co.ke/reports/view/107 Good luck sorting things and getting the data structured correctly, I hope it has a high usage (ideally a high incidence of voters noting success and safety at the polls!) Brian On Fri, Feb 22, 2013 at 12:15 PM, John Kipp kipp.g...@gmail.com wrote: Give me a call when you are here.I am helping coordinate uchaguzi.www.uchaguzi.co.ke Kipp On Feb 22, 2013 10:24 PM, Warigia Bowman wari...@gmail.com wrote: Hi friends Since I am a little bit crazy, I am flying into Kenya for a week (Mom and hubby are from there) to monitor the use of information technology in the 2013 Presidential election. Please follow me on twitter @warigiabowman Election Day is March 4th! Cheers, Rigia -- Dr. Warigia Bowman Assistant Professor Clinton School of Public Service University of Arkansas wbow...@clintonschool.uasys.edu http://democratizingegypt.blogspot.com - View my research on my SSRN Author page: http://ssrn.com/author=1479660 -- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Freeze the memory out of a galaxy nexus?
http://www.forbes.com/sites/andygreenberg/2013/02/14/frost-attack-unlocks-android-phones-data-by-chilling-its-memory-in-a-freezer/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Freeze the memory out of a galaxy nexus?
Thanks Steve, Any idea why the researchers would posit that iOS devices may be less susceptible? Brian On Thu, Feb 21, 2013 at 10:08 AM, Steve Weis stevew...@gmail.com wrote: This is a good illustration how data in use is exposed to physical attacks on most computing devices. An interesting side-note is that Android phones are starting to ship with a hardware security module (HSM), which can be used for crypto operations and key storage. Duo Security is one company that started using the HSM to store credentials: http://siliconangle.com/blog/2013/02/19/simple-to-scale-duo-security-uses-android-hardware-for-its-own-hack-resistance/ I haven't found much about the capabilities of these HSMs. It's not a silver bullet since they may still be key material exposed in memory, but I think it's a positive development. On Thu, Feb 21, 2013 at 7:12 AM, Brian Conley bri...@smallworldnews.tvwrote: http://www.forbes.com/sites/andygreenberg/2013/02/14/frost-attack-unlocks-android-phones-data-by-chilling-its-memory-in-a-freezer/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Freeze the memory out of a galaxy nexus?
hrm, also true for the newest line of google nexus i believe. On Thu, Feb 21, 2013 at 10:37 AM, Parker Higgins par...@eff.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2/21/13 10:32 AM, Brian Conley wrote: Any idea why the researchers would posit that iOS devices may be less susceptible? Not sure if this is what they have in mind, but this particular technique requires a battery pop to get into fastboot mode, which isn't quite as available on iOS devices as these Android ones. On Thu, Feb 21, 2013 at 10:08 AM, Steve Weis stevew...@gmail.com mailto:stevew...@gmail.com wrote: This is a good illustration how data in use is exposed to physical attacks on most computing devices. An interesting side-note is that Android phones are starting to ship with a hardware security module (HSM), which can be used for crypto operations and key storage. Duo Security is one company that started using the HSM to store credentials: http://siliconangle.com/blog/2013/02/19/simple-to-scale-duo-security-uses-android-hardware-for-its-own-hack-resistance/ I haven't found much about the capabilities of these HSMs. It's not a silver bullet since they may still be key material exposed in memory, but I think it's a positive development. - -- Parker Higgins Activist Electronic Frontier Foundation https://eff.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJRJmlPAAoJEJQzX4iaNncJU1UP/jlg5E78XGOYu3KWpRwS6tCM 8eMXPANGvv3CVBhlL8WNe9HsdpyGOJVAvztdUUGiZ40HkYN7KXn/xY7Ar7TSsa8W iwT/jjwbJO7WRkl8gW/MxrQJF8SAIwgzbZ9lJ2745e7MODS6qLyMaha8B/jou1ni OMy7G907qrM4mLiSYdS8vKNJ89kDMMT04iX9phHDRHscBDot7dRhY+bAeBKV6H3W HUG5neWGKrRNW1altAFZWdKEYobQkvC/TWRLbfcr825t+ilJjeXzGw3WFom2mkto nKn1LLG6LTb94TK3x7ev8paecRthkpxPHjFd8aAmsEovvPzmNUr6fN538eII2jTW oARxCDcm8A/i4swoJEBVanFAzYNCs5ADgKYQ1EUtJAhdYDTT5Ml2kfwWUTIeyynW +pFlR+LivnfBl40ursbrYjVIk5Kgu1uY4V4pdY7JIw5JrCqiTMvAFjZrWJGaY4L/ oiMSPb4bmZGMS2J8/VgNR/NF6vapckcN3m1J6jf8jbKsyUojjWCrrfh5D3FTvULM LAeT5ku31eV07MWQQeVIleBGbwQEp6uyY65U2uoieL0DvpRox/FNkZO1XhmcMxkr Tok0QavnNOr0Zt4G/4MyFqPAjR3kh+W+KlGhba5Qzfz6FSj2/7/3CegET5FaV4JT ScwShlIBQwiHzYqIaMpb =jTAu -END PGP SIGNATURE- -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Freeze the memory out of a galaxy nexus?
Always trust Jake to cut right to the bare honest ugly (and depressing!) truth. thanks! B On Thu, Feb 21, 2013 at 10:48 AM, Jacob Appelbaum ja...@appelbaum.netwrote: Brian Conley: hrm, also true for the newest line of google nexus i believe. In any phone where one might be able to open the case, I assume someone will also just be able to tap the bus lines. Thus, the easy route (booting off of a special image) might not be simple but these devices aren't using encrypted bits in DRAM as far as I understand, so it isn't really secure. It is secure like, no one is trying very hard, secure. All the best, Jake -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Chinas Internet?
Photos of the dead sailors, their bodies gagged and blindfolded and some with head wounds suggesting execution-style killings, circulated on China’s Internet. From: http://www.nytimes.com/2013/02/21/world/asia/chinese-plan-to-use-drone-highlights-military-advances.html?_r=0 I know about the GFW of course, but anyone know the exact meaning of nytimes referencing China's Internet as opposed to was circulated in the Internet by Chinese citizens? -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chinas Internet?
Thanks Martin, I was hoping you'd respond. Good point, Nadim. On Feb 20, 2013 8:20 PM, Martin Johnson greatf...@greatfire.org wrote: The majority of Internet users in Mainland China spend 100% of their online time on Chinese websites. Google+, Facebook, YouTube, Twitter, Blogspot and many more (see https://en.greatfire.org) are completely blocked in Mainland China. Most other foreign websites are both considerably slower than domestic ones, and subject to keyword-based blocking of certain URLs. The majority of Internet users outside Mainland China spend 0% of their online time on Chinese websites. This is not just a language issue - there are a lot of Chinese-speaking people outside of Mainland China, and several Chinese websites have English-language interfaces. It's also because they are slow. The Great Firewall slows down traffic in both directions. Concern with censorship may also discourage some users, as seen recently regarding WeChat. In this sense, there is a Chinese Internet or a Chinanet, as opposed to the rest of the Internet. They are not completely cut off from each other, but in practice there is little communication between the two. Unfortunately. Martin Johnson Founder of GreatFire.org | FreeWeibo.com | Unblock.cn.com PGP key https://en.greatfire.org/contact On Thu, Feb 21, 2013 at 11:57 AM, Nadim Kobeissi na...@nadim.cc wrote: Most likely it's bad writing. What they likely meant by China's Internet is China's social network sphere, such as Sina Weibo communities and so on... NK On Wed, Feb 20, 2013 at 10:53 PM, Brian Conley bri...@smallworldnews.tvwrote: Photos of the dead sailors, their bodies gagged and blindfolded and some with head wounds suggesting execution-style killings, circulated on China’s Internet. From: http://www.nytimes.com/2013/02/21/world/asia/chinese-plan-to-use-drone-highlights-military-advances.html?_r=0 I know about the GFW of course, but anyone know the exact meaning of nytimes referencing China's Internet as opposed to was circulated in the Internet by Chinese citizens? -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Cryptography super-group creates unbreakable encryption
Adam, There is a difference between telling someone you should *trust* this software and telling them this software is probably going to work for you because of X Y Z. I feel like you are conflating two different issues. I firmly believe you should *never* just *trust* encryption software that is not open to independent auditing at *any time.* However, we don't live in an open source utopia yet, so yes, we make judgement calls based on what information *is* available to the public. But I think you're making a bit of a tempest in a teapot here. (Yes I realize I am possibly the last person who should be making such comments, though I'm trying to be better about it.) Whether or not code *IS* secure is not the issue. It is whether or not you should *TRUST* code that cannot be *VERIFIED SECURE* and verified *INDEPENDENTLY AT ANY TIME*. You might believe Apple or Google are secure, in fact I would be willing to believe Facebook is doing its damnedest to keep their servers and users data secure, **within their closed paradigms** which may or may not line up with my needs as an individual user at any given time. And I can't engage in informed consent in that process, except where I consent that I do not get to know Corporation X's paradigm. regards Brian PS even crypto-gods are fallible. and that's not a bad thing, its just human nature. On Tue, Feb 19, 2013 at 10:00 AM, Adam Fisk a...@littleshoot.org wrote: On Fri, Feb 15, 2013 at 2:01 PM, Nadim Kobeissi na...@nadim.cc wrote: On Fri, Feb 15, 2013 at 4:35 PM, Adam Fisk af...@bravenewsoftware.org wrote: I'm certainly more confident in the overall security of silent circle in its first release than I was in the overall security of cryptocat. Of course this is true. The first release of Cryptocat was made in early 2011 by me back when I was in my second year of university and only barely beginning to understand proper programming and security practice. It was an experimental product full of holes and by no means secure. The first release of Silent Circle was by a team of superheroes with 25 years of experience in being totally badass. Big difference! That's really my point exactly -- there are many things that determine the security of a piece of software. But when your model is closed-source, you're not participating in reviewable, verifiable security practice and you're negatively affecting the practical cryptography industry as a whole. Look at Cryptocat — it progressed from a toy into a real product that I'm proud of, and that fully passed a security audit with a 100/100 score just last week ( https://blog.crypto.cat/2013/02/cryptocat-passes-security-audit-with-flying-colors/ ) after two years of hard work, restructuring and redesigning the whole thing, and getting alternatively beaten up and helped by experts in the field.— This would have *never* happened had we not been open source from the beginning. Sure. Again, I believe that open source is a beneficial license for security, but we have to keep in mind that it's a means to an end -- secure code -- and that it's not the only means. I think you were beaten up unfairly under the circumstances for cryptocat 1, and I similarly think we're beating up Silent Circle unfairly. Being open source is a painful but necessary process. It invites criticism, bone-breaking and having to admit bad design, apologize for your mistakes and work hard on fixing them. But only through that process you create something great that benefits the security community by offering opportunities to learn. Sure, Silent Circle started off as a good product, but by being closed-source they disregard the proper practice of what makes this industry progress in terms of engineering, and they cast a shadow of uncertainty and closed progress upon themselves, too. There are just so many aspects that go into software licensing that I just don't draw that same line. If the goal is secure code, I again think the key is having an adequate number of capable people analyzing and dissecting that code on a constant basis. That can mean closed source code audits, and it can mean having a full time security team analyzing and improving the code at all times (Google, Facebook, many others) regardless of the software license. Open source is awesome, and I believe in it wholeheartedly, but I don't think if an organization doesn't open source their code they're automatically crazy and kicked out of the club. -a -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Cryptography super-group creates unbreakable encryption
Well so we've learned a few things: 1. The limits of completely open/anonymous spaces 2. Why anarchists operate in affinity groups and not everyone has equal right hooray! 3. Someone is obviously threatened by nadim(be proud not frustrated Nadim!) 4. People are still utter douchebags. I'm looking at you unnamed. Thanks Ali. Sent from my iPad On Feb 13, 2013, at 22:26, Ali-Reza Anghaie a...@packetknife.com wrote: Before the pad was ruined we also found out that: - TiViPhone seems to be part of Silent Circle, (c) and all.. the lead developers are listed on SC's founding page. - Likewise the libraries notes, except PolarSSL, also seem to be develop led by people now working for Silent Circle. - Nadim admittingly jumped the gun on snprintf() issue - We can't verify the libraries used or any of the code against the binary builds Etc. So the skewering was premature. The pad, with other commentary, before it was ruined is DLable at http://pastebit.com/pastie/12001 .. the revision history slider still works but who knows how long as someone is mercilessly trolling Nadim through it now. -Ali On Wed, Feb 13, 2013 at 11:51 PM, Nadim Kobeissi na...@nadim.cc wrote: So to recap: It hasn't been a few hours since Silent Circle released *some* of their source code, and we already know that: Silent Circle isn't in built to be a secure communications platform, but is simply a rebranding of TiviPhone, a latvian-made VoIP software, with added encryption libraries, The encryption libraries are themselves not developed by Silent Circle, but are third party libraries, The third party librares are in some cases outdated, even in the face of security advisories, There's a good possibility of a buffer overflow being there somewhere, with over 40 uses of snprintf(). I know what I'm doing this weekend! :D NK On Wed, Feb 13, 2013 at 11:33 PM, Nathan of Guardian nat...@guardianproject.info wrote: Fabio Pietrosanti (naif): Here some notes i collected with a quick review of the source code: I can see the headlines now... Cryptography super-group more like a cover band Cryptography Boy Band covers Latvian super-group Cryptography super-group? More like Milli Vanilli! or perhaps simply: SilentCircle's premiere product was outsourced, and based on out-of-date security libraries with known bugs Finally, just to be clear, I have nothing against re-using code, especially open-source projects that are complimentary. This is exactly what we have done for our work on OSTN/OStel. I do have a problem with people representing software they license from someone else as their own brilliant, weaved-by-the-gods invention. +n -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
A good alternative for what use cases? The problem I find with flat statements such as something like that would be a good alternative to ChromeOS for activists is that it fails to address what uses its providing a good alternative for. IE you fail to demonstrate the threat model based on real use cases. Which is not to say you are wrong, I simply want to ask for clarification as to your intended meaning. eg: Would it be a good alternative for activists already using Google Apps (as Nathan at the beginning of this thread suggested Chromebooks might be?)? Would it be a good alternative for media activists who need to be able to edit video and photo content of actions or documentation of human rights violations? Would it be a good alternative for activists who intend to disseminate updates, reports, and propaganda via Facebook and other social networks? I certainly have no idea. These are serious questions, not intended to be sarcastic or confrontational. I'd really like to know for what real-world uses its deemed this or any other super small OS would be good solutions for activists. Certainly for hacktivists, hackers, and users only engaged in online communications I'm sure these are great solutions, but I hope you can detail more how a DSL or Liberte Linux provide good solutions to the multifaceted needs/use cases of activists. best Brian On Tue, Feb 12, 2013 at 5:05 AM, Andreas Bader noergelpi...@hotmail.dewrote: On 02/12/2013 01:42 PM, Maxim Kammerer wrote: On Tue, Feb 12, 2013 at 10:01 AM, Andreas Bader noergelpi...@hotmail.de wrote: So why not create a own OS that is really small because of its security? http://dee.su/liberte-build Thanks, something like that would be a good alternative to ChromeOS for activists. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Would like to change my email id
Buddha, please use the links at the end of any lib tech mail to change your settings. Sent from my iPad On Feb 11, 2013, at 9:07, Buddhadeb Halder buddhadeb.hal...@unibo.it wrote: Hi, I would like to chnage my email id for this group. Could you please ammend my email id to bhalder...@gmail.com . I do not want to receive mail on this id i.e. buddhadeb.hal...@unibo.it Please do the needful, Regards, Buddha Buddhadeb Halder PhD Research Fellow (Erasmus Mundus) LAST-JD Programme (http://www.last-jd.eu/) C.I.R.S.F.I.D. http://www.cirsfid.unibo.it/ Palazzo Dal Monte Gaudenzi - Via Galliera, 3 I - 40121 BOLOGNA (ITALY) E-mail: buddhadeb.hal...@unibo.it From: liberationtech-boun...@lists.stanford.edu [liberationtech-boun...@lists.stanford.edu] on behalf of liberationt...@lewman.us [liberationt...@lewman.us] Sent: 11 February 2013 15:22 To: liberationtech Subject: Re: [liberationtech] Happy Creepy February! On Sun, Feb 10, 2013 at 01:47:18PM -0600, nick.m.d...@gmail.com wrote 1.8K bytes in 0 lines about: : Thanks to investigative work by the Guardian, we can tell just how many : steps back online privacy's taken this year. It's unfortunate: : : http://www.guardian.co.uk/world/2013/feb/10/software-tracks-social-media-defence Not too much investigative work in my opinion. This Guardian article reads like a press release for Raytheon, announcing their new product. http://bits.blogs.nytimes.com/2011/08/02/pentagon-seeks-social-networking-experts/ and https://www.fbo.gov/index?s=opportunitymode=formid=972cbc835c3702e9758aedcf032fb4ectab=core_cview=1 My guess is this video is a demo made for the DARPA BAA. And what did you expect? People put their lives online and share everything, of course someone is going to record and collate it all. And these same people will get the bright idea to predict the future with suspect data. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Good examples of software documentation?
Hi Adrelanos, At SWN we have been writing a lot of documentation, training, and other materials in the last 18 months, including a soon-to-be published 40,000 word curriculum in journalism, mobile safety, and multimedia production. What I find works best are: 1. active voice sentences whenever possible. 2. eliminate any extraneous parts of speech, for example had and that are often well over used 3. never use 10 words where 5 words will be sufficient. 3v2. use the least words possible. :) 4. use images and screenshots when exact settings are necessary 5. what griffin said. On Mon, Feb 11, 2013 at 9:32 AM, adrelanos adrela...@riseup.net wrote: danimoth: On 11/02/13 at 10:20am, adrelanos wrote: Hi, since I want to write good documentation for my own project, I thought it may be worth checking how other projects did. Which project/documentation do you personally enjoy? Bonus points for anonymity/privacy/security related projects. It depends by the nature of the project. Anonymity. Whonix. Introduced earlier on this list. http://whonix.sf.net/ Are you targeting developers? No. Users. If yes, look at the best documentation for developers in the world: the one about the Qt toolkit. [1] http://qt-project.org/doc/qt-4.8/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Cryptography super-group creates unbreakable encryption
by Gods, but this is just quite plainly unfair. If someone repeatedly claims, towards activists, to have developed unbreakable encryption, markets it closed-source for money, and receives nothing but nods of recognition and applause from the press and even from *security experts* (?!) then something is seriously wrong! No one should be allowed to commit these wrongs, not even Silent Circle. I feel like I'm fighting for our own sanity here. Look at what you're allowing to happen! NK On Thu, Feb 7, 2013 at 10:15 AM, Nadim Kobeissi na...@nadim.cc wrote: On Thu, Feb 7, 2013 at 4:11 AM, Christopher Soghoian ch...@soghoian.netwrote: It is clear that you seem to have developed a foaming-in-the-mouth, irrational hate of Silent Circle. As such, anyone who fails to denounce Phil Zimmermann as the great Satan is, in your eyes, some kind of corrupt shill. Chris, You have repeatedly stood up asking VoIP software to be more transparent about their encryption. You have repeatedly stood up when the media overblew coverage into hype. However, Silent Circle remains *the only case* where you remain mentioned regularly in articles on the company, where you make a point to completely ignore that they are posting everywhere on their social media that they are developing unbreakable encryption, and marketing it, closed-source, towardsactivists. When I confront you about this, you publicly accuse me of soliciting a hit piece (!!) against Silent Circle. That is what I have a problem with: A huge, clear, obvious double standard strictly made available for Silent Circle. I proudly stand by every single statement quoted in that Verge story. Chris On Wed, Feb 6, 2013 at 8:56 PM, Nadim Kobeissi na...@nadim.cc wrote: Chris Soghoian gives Silent Circle's unbreakable encryption an entire article's worth of lip service here, it must be really unbreakable: http://www.theverge.com/2013/2/6/3950664/phil-zimmermann-wants-to-save-you-from-your-phone NK On Wed, Feb 6, 2013 at 10:49 PM, Brian Conley bri...@smallworldnews.tvwrote: I heard they have a super secret crypto clubhouse in the belly of an extinct volcano. Other rumors suggest they built their lab in the liberated tunnels beneath bin ladens secret lair in Pakistan... Sent from my iPad On Feb 6, 2013, at 19:42, Nadim Kobeissi na...@nadim.cc wrote: Actual headline. http://www.extremetech.com/mobile/147714-cryptography-super-group-creates-unbreakable-encryption-designed-for-mass-market NK -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- US: +1-857-891-4244 | NL: +31-657086088 site: jilliancyork.com http://jilliancyork.com/* | * twitter: @jilliancyork* * We must not be afraid of dreaming the seemingly impossible if we want the seemingly impossible to become a reality - *Vaclav Havel* -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
On Wed, Feb 6, 2013 at 2:16 PM, Jacob Appelbaum ja...@appelbaum.net wrote: Brian Conley: Micah, Perhaps you can tell us the secret to convince all family members and colleagues to become Linux hackers able to be completely self-sufficient managing their own upgrades and modifications indefinitely? Stop supporting the use of non-free software? We're all part of the problem when we help people to be less free and to use proprietary software or proprietary services. This is both an education and a problem with enabling. We all suffer from it, I think. What's funny about this, is that you appear to think I disagree with you on this. My point is, if *YOU* (any you out there of the many yous on this here libtech list) want to advise someone who is at risk to use free software, YOU should take responsibility for stewarding them through the process and making sure they know enough not to get themselves into trouble. When we encourage people to say, buy a Macbook or a Chromebook because we're happy to support it over say, Windows, we're making things worse. Largely because the choice is actually between Free Software and proprietary software or free software on devices where we're not actually able to exercise all of our freedoms. I don't know a great deal about Linux. I know enough to know that smart people I know seem to think it is better for a variety of reasons from a security standpoint. Unfortunately where it is *not* better is for people engaged in multimedia. It would be great if someone would support the development of better linux-based multimedia tools. I'm not that person. Oh, except for the last year I've been working with the good folks at the Guardian Project and others on a secure-by-design multimedia reporting app based in Android, and a large portion of our relatively meager funding has been directed at UI/UX design and graphics and content in the training portion. Thus, when we aren't helping people to get off of the non-free platforms or to reduce our dependency on non-free software, we're basically not doing a great job at educating people that we care about and otherwise wish to support. When we pass the buck, we're enabling them with harmful, sometimes seriously so, solutions. See above. I am certainly doing a lot more than I used to be doing in this realm. I hope you're not trying to suggest that I am passing the buck. My point is that if knowledgeable individuals are not willing to spend the time to assist less knowledgeable people to get the first leg up in the much-less-than-obvious world of FOSS/FLOSS/Whatever, then they are just as responsible for security risks and endangerment as people who ignorantly recommend windows, mac, etc because as you put it When we encourage people to say, buy a Macbook or a Chromebook because we're happy to support it over say, Windows, we're making things worse. Again, just as I still haven't heard a strong argument why google hangout is as bad or worse than Skype, I don't yet see good arguments why Chromebook is such a bad option for many use cases. In fact, I don't see why a lot of mobile devices that are wifi only might be such bad options. However, don't worry, I won't be advocating for you to use a windows mobile or apple tablet anytime soon. Otherwise what is your point? This essay seems like a longer version of what Micah has expressed: http://www.gnu.org/philosophy/free-sw.html http://www.gnu.org/philosophy/right-to-read.html I also suggest reading these two essays by RMS: http://www.gnu.org/philosophy/shouldbefree.html http://www.gnu.org/philosophy/when_free_software_isnt_practically_better.html I will definitely read up, though by pointing me in this direction, you open yourself up to replying to relevant and serious clarification questions as follow up. (the Gunner clause ;) ) He is also talking about how the threats to a user might include Google itself (eg: my legal cases!) or perhaps even the network you're using (hint: ChromeOS has no way to protect you against such an attacker, so no, it isn't safe to use everywhere or perhaps anywhere depending on your trust of the local network). Again, depending on your threat model. Who said everywhere or anywhere for everyone? It seems like you are being needlessly confrontational or outright ignoring the quite reasonable counter arguments to various linux OSes,Ubuntu/gentoo/ etc etc being made here. Most of arguments I've heard here boil down to privileged wealthy people complaining that learning and mutual aid or solidarity is simply too hard. The worst is when people who train people in risky situations make those kinds of statements. LOL. I'm, frankly, quite offended if you are indeed suggesting that I am making those statements. Also, remember that I'm currently involved in developing what is probably the first FOSS(FLOSS?) tool for mobile multimedia reporting that is built on secure-by-design
Re: [liberationtech] Chromebooks for Risky Situations?
snip My point was for something off the shelf, I know of nothing better and as far as it goes... I'd say it's a step up for a lot people who should be using more secure IT technologies and methods than they are (such as some journalists), and they can take that step with minimal investment in time and energy and a chromebook will meet their needs. I'd suggest users have no hard disk and boot off of a Tails USB disk. Now we've reduced the attack surface to the BIOS/EFI layer - something that I suspect is pretty crappy all across the board. snip I would love to be a fly on the wall of the IDF customs agent you have to explain this to. I see no OPSEC problem whatsoever in travelling with a laptop that has no hard disk. I cannot imagine any customs agent or other two-bit security bureaucrat having a problem with that. // See what I just did there? I attacked the specific *text* of your response, rather than what I believe to be true about you. I assume you'd not ever recommend that interpretation of your words to someone, so how does it help dialogue/discussion/liberation for me to engage in that line of reasoning? Brian -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Pressure Increases On Silent Circle To Release Application Source Code
LOL! At least it implies that one of Silent Circle's customers or their consultants may support open sourcing the code. On Feb 6, 2013 8:09 AM, Nathan of Guardian nat...@guardianproject.info wrote: On 02/06/2013 10:06 PM, Nadim Kobeissi wrote: http://www.forbes.com/sites/jonmatonis/2013/02/06/pressure-increases-on-silent-circle-to-release-application-source-code/ [Disclosure: Author is consultant for a Silent Circle reseller based in Japan.] That is one of the strangest disclosures I have ever seen. +n -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
Andreas, Plenty of Syrians do have internet access, and use it on a regular basis. Also, lack of appropriateness for one use-case doesn't necessitate lack of appropriateness across the board. Linux is a great solution for many use cases, but as has been elaborated, quite a terrible one for many others. Brian On Wed, Feb 6, 2013 at 7:44 AM, Andreas Bader noergelpi...@hotmail.dewrote: On 02/06/2013 04:24 PM, Tom Ritter wrote: Nadim, I'm with you. I'm not sure it's the perfect solution for everyone, but like Nathan said, if you already trust Google, I think it's a good option. On 6 February 2013 07:12, Andreas Bader noergelpi...@hotmail.de wrote: Why don't you use an old thinkpad or something with Linux, you have the same price like a Chromebook but more control over the system. And you don't depend on the 3G and Wifi net. We started with the notion of Linux, and we were attracted to Chromebooks for a bunch of reasons. Going back to Linux loses all the things we were attracted to. - ChromeOS's attack surface is infinitely smaller than with Linux - The architecture of ChromeOS is different from Linux - process separation through SOP, as opposed to no process separation at all - ChromeOS was *designed* to have you logout, and hand the device over to someone else to login, and get no access to your stuff. Extreme Hardware attacks aside, it works pretty well. - ChromeOS's update mechanism is automatic, transparent, and basically foolproof. Having bricked Ubuntu and Gentoo systems, the same is not true of Linux. - Verified Boot, automatic FDE, tamper-resistant hardware Something I'm curious about is, if any less-popular device became popular amoung the activist community - would the government view is as an indicator of interest? Just like they block Tor, would they block Chromebooks? It'd have to get pretty darn popular first though. -tom -- But you can't use it for political activists e.g. in Syria because of its dependence on the internet connection. This fact is authoritative. For Europe and USA and so on it might be a good solution. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
What Android OS are you using, Ali? It's a snap with Google Nexus running 4.0. Perhaps its an OS version or carrier-rolled OS that is the problem? Brian On Wed, Feb 6, 2013 at 12:26 PM, Ali-Reza Anghaie a...@packetknife.comwrote: I'm glad people have had luck with tethering their Android phones internationally. I've had absolutely zero - I'll have to give it another run with a locally renter provider I suppose. Anyone try in the UAE recently? Provider, hardware? Egypt? Curious. -Ali On Feb 6, 2013 3:19 PM, Griffin Boyce griffinbo...@gmail.com wrote: On Wed, Feb 6, 2013 at 1:28 AM, Nathan of Guardian nat...@guardianproject.info wrote: On 02/06/2013 01:22 PM, Ali-Reza Anghaie wrote: How can projects like Privly play into it? Carrying a Tor Router along with you or building one on-site. None of the operational matters will ever be squarely addressed by one platform but it all can be decision-treed out nicely. You could also use Orbot with wifi-tether on Android phone. It can transparent proxy all the wifi hotspot traffic over Tor. Using an android phone as a tether seems much more normal and fits the profile of an international traveler. Carrying a router around might not be the best option for staying low-profile. I like Chrome OS but am addicted to Pidgin with OTR. It's really the only thing keeping me from trying out a Chromebook. (Even Photoshop is available 'in the cloud'). If you need to install a few programs locally but like the overall idea and features, JoliOS looks to be a good option: http://www.jolicloud.com/jolios Somewhat off-topic: I reject the idea that because something isn't right for Syrians, that it's not useful. There is an incredible spectrum of threat models to consider. And usability is a factor. It's worth considering that state-sponsored Windows spyware is a major problem. But people still use it because the realistic alternative is more difficult to use (even Ubuntu has a sharp learning curve). Best, Griffin Boyce -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
Micah, Perhaps you can tell us the secret to convince all family members and colleagues to become Linux hackers able to be completely self-sufficient managing their own upgrades and modifications indefinitely? Otherwise what is your point? It seems like you are being needlessly confrontational or outright ignoring the quite reasonable counter arguments to various linux OSes,Ubuntu/gentoo/ etc etc being made here. On Feb 6, 2013 7:09 PM, micah anderson mi...@riseup.net wrote: Andy Isaacson a...@hexapodia.org writes: On Wed, Feb 06, 2013 at 10:52:23AM -0500, micah anderson wrote: - ChromeOS's update mechanism is automatic, transparent, and basically foolproof. Having bricked Ubuntu and Gentoo systems, the same is not true of Linux. I would be surprised if you actually 'bricked' these systems, since neither operating system you mention involves a procedure that has the risk of bricking a device. I suspect this is hyperbole? I've had dist-upgrade (or the GUI equivalent) make an Ubuntu system unbootable and unrecoverable without recourse to a rescue-image and deep magic grub hacking, etc. That counts as bricked when the easiest course of action is to simply reinstall the OS from scratch. It's not bricked in the sense that an Android install gone awry can require specialized hardware (JTAG dongle etc) and crypto keys to fix, but it's equivalent from a user's point of view. I understand where you are going with this, but when it comes to terminology, I think it serves to confuse the issue to misuse the term 'brick'. You cannot, as you say, simply reinstall the OS from scratch on a device that has been bricked. I can't wait for the day when Google accidentally pushes an update out that actually bricks their devices, because when that happens, there is no way to simply reinstall the OS from scratch. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Cryptography super-group creates unbreakable encryption
C'mon Nadim, that's a bit of a cheap shot, no? Do you disagree fundamentally with anything he said there? Brian On Feb 6, 2013, at 19:56, Nadim Kobeissi na...@nadim.cc wrote: Chris Soghoian gives Silent Circle's unbreakable encryption an entire article's worth of lip service here, it must be really unbreakable: http://www.theverge.com/2013/2/6/3950664/phil-zimmermann-wants-to-save-you-from-your-phone NK On Wed, Feb 6, 2013 at 10:49 PM, Brian Conley bri...@smallworldnews.tv wrote: I heard they have a super secret crypto clubhouse in the belly of an extinct volcano. Other rumors suggest they built their lab in the liberated tunnels beneath bin ladens secret lair in Pakistan... Sent from my iPad On Feb 6, 2013, at 19:42, Nadim Kobeissi na...@nadim.cc wrote: Actual headline. http://www.extremetech.com/mobile/147714-cryptography-super-group-creates-unbreakable-encryption-designed-for-mass-market NK -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Wickr app aims to safeguard online privacy
My impression is that this could work in any system that delivers encrypted messages to a third-party non SMS client. In fact, it could work in an SMS client as well, though an encrypted version of the message would of course be stored by the mobile service provider. As Jacob says its certainly not fool-proof, but where we are talking about fools specifically, it would avoid this problem: Joe, Billy, and Susan are all planning a super secret action to disrupt Authoritarianistan's hosting of the olympics. They all agree to use SuperSecretMessageSender™ to communicate in super secret mode. Unfortunately Billy is kind of an ass, and despite repeated discussions and collective agreement, he failed to delete his messages upon reading. When Authoritarianistan state operatives detained Billy, they tortured him to release his passwords, and then read messages from Joe, Susan, and Billy's mom, all of whom were detained and have not been heard from since. In this case, self-destruct would potentially save Joe and Susan from the fool Billy's lazy security culture. Certainly this is not a be all and and all, but does seem like a potentially valuable feature based on my own broad observation of fools amongst many activist and journalist groups. Brian On Tue, Feb 5, 2013 at 11:11 AM, Jacob Appelbaum ja...@appelbaum.netwrote: Brian Conley: Apparently Silent Circle is also proposing such a feature now. Such a feature makes sense when we consider the pervasive world of targeted attacks. If you compromise say, my email client today, you may get years of email. If you compromise my Pond client today, you get a weeks worth of messages. Such a feature is something I think is useful and I agreed to it when I started using Pond. It is a kind of forward secrecy that understands that attackers sometimes win but you'd like them to not win everything for all time. Seems rather reasonable, really. Hardly malware but hardly perfect. All the best, Jake -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Wickr app aims to safeguard online privacy
Just to clarify, are you suggesting such a feature would put the users at *greater* threat? in my experience simply using CryptoTool™ puts you at risk of interrogation, torture, prison in certain countries. It seems that such a feature would mitigate. On the other hand, it seems like splitting hairs, until research is done, to suggest such a feature would be better than simply keeping all messages encrypted at rest. Once we are talking about rubber hose decryption methods, I think we've kind of already lost, no? B On Tue, Feb 5, 2013 at 12:46 PM, Nadim Kobeissi na...@nadim.cc wrote: NK On Tue, Feb 5, 2013 at 3:06 PM, Brian Conley bri...@smallworldnews.tvwrote: In this case, self-destruct would potentially save Joe and Susan from the fool Billy's lazy security culture. In this kind of scenario, adding a self-destruct feature would definitely be useful in preventing communications from leaking through certain vectors after the messages have served their purpose. However, they also shift the threat. If Authoritarianstan police know that CryptoToolX deletes messages after a while, they are likely to feel more justified in further interrogating the suspect, knowing that if the messages aren't there now, it's likely that they were there earlier. It's hard to discuss those features not because they aren't cool and useful (they are!) but because they make it difficult to maintain a sense of priority. Measuring how a feature will help, how it'll change the threat and whether it will eclipse attention from greater threats and concerns is kind of trick AFAICT. Certainly this is not a be all and and all, but does seem like a potentially valuable feature based on my own broad observation of fools amongst many activist and journalist groups. Brian On Tue, Feb 5, 2013 at 11:11 AM, Jacob Appelbaum ja...@appelbaum.netwrote: Brian Conley: Apparently Silent Circle is also proposing such a feature now. Such a feature makes sense when we consider the pervasive world of targeted attacks. If you compromise say, my email client today, you may get years of email. If you compromise my Pond client today, you get a weeks worth of messages. Such a feature is something I think is useful and I agreed to it when I started using Pond. It is a kind of forward secrecy that understands that attackers sometimes win but you'd like them to not win everything for all time. Seems rather reasonable, really. Hardly malware but hardly perfect. All the best, Jake -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Sharing children's lives online?
Hi all, Perhaps this is not the right forum, but I happen to believe it is. If we care to discuss liberation tech, we ought to discuss the liberation of those who have little or no capacity to choose for themselves, yes? What's concerning me today is a decision by my daughter's preschool. They blog daily with photos and narrative stories about the kids day st school. Previously, though technically public the blog was not indexed and very difficult(impossible?) to find without the direct link. At the beginning of this year they overhauled the site and are publishing the blog in its entirety attached directly to the preschool. That this change was done without discussion or consent of parents strikes me as greatly concerning. As many of you know, I'm generally one of the people saying that too often libtech activists are a bit excessive in their response to the forward progress of technology and social media. Am I out of bounds here? Is this kind of daily blogging of a preschoolers life not a bit frightening? Any advice from other colleagues, parents or otherwise, would be greatly appreciated. Though I might have answers for activists and civilians threatened with death or worse, this situation leaves me at a loss as to how I should respond. Regards Brian -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Draft checklist for choosing tools
Hi Bob, Thanks for this. Can you clarify whether you intend technical or nontechnical people to use it? There is certainly a need for nontechnical people to have access to such a list. However, I don't believe, in your current text, that this checklist will be accessible to nontechnical users. I would be happy to work with you on editing a final version for nontechnical users. I find two common issues with guides and other documents of this nature is a tendency toward comprehensiveness and excessive text. What most users need is specificity and clarity about the issues they face. I look forward to discussing further! B On Jan 3, 2013 9:20 PM, bobal...@lavabit.com wrote: Thank you all for the suggestions and comments. Revisions and additions will be made with appropriate attribution. With reference to the applicability of a checklist, are there any free/accessible and discreet services that assist with tool selection? That's a useful checklist, thanks. Are you posting it anywhere (I mean, on a wiki or web page, besides this mailing list)? Do you (or anyone else) have any suggestions? The feedback has been great and others could benefit from the list of things to consider. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Lune: My new project
Cool Nadim! Have you seen poetica.com (poeti.ca) yet? Perhaps there could be some crossover. On Jan 2, 2013 11:44 AM, Nadim Kobeissi na...@nadim.cc wrote: Dear LibTech, I hope this won't be considered spam, but I would like to announce my new major project, Lune: http://lune.lu I hope coders on this list will find it useful in the very near future! NK -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Skype redux
You should also include Guardian's projects: Gibberbot Ostel/ostn no? That said, thus far, neither redphone nor those over listed rivals skype or Google hangouts quality of transmission. This is not meant to detract from them, its more a question, is a revenue based model the only option to ensure high enough quality to attract users and grow? If not, what else can be done to increase the quality of these tools and ensure ongoing responsiveness to a user base that will demand more and better features in future? On Dec 22, 2012 2:43 AM, Nadim Kobeissi na...@nadim.cc wrote: Skype is not only dangerous from a security by policy perspective, but is also dangerous from a security by design perspective — whereas they promise that conversations are encrypted, due to their closed-source nature this encryption cannot be studied or verified. There are certain other projects have unverifiable encryption claims (no security by design,) but that go uncriticized due to good security by policy. One of those projects has so far also avoided criticism, even though it advocates itself as a secure Skype alternative *marketed especially at activists in dangerous situations*, due to its creators being good personal friends of many of the main critics in the security community. That being said, there still does remain a few projects that offer Skype-like functionality with *both* security by design and security by policy: Jitsi: https://jitsi.org/ Lumicall: http://www.lumicall.org/ RedPhone: http://www.whispersys.com/ NK On Sat, Dec 22, 2012 at 4:42 AM, Christopher Soghoian ch...@soghoian.netwrote: Jake, The section of Skype's privacy policy that describes (with no real detail) the assistance they provide to law enforcement agencies is exactly the same text that was present before Microsoft bought the company. (See, for example: http://web.archive.org/web/20100701074213/http://www.skype.com/intl/en-us/legal/privacy/general/ ) I am just as skeptical of Skype's security as anyone else on this list. This lack of trust pre-dates the purchase by Microsoft. I've tried, and failed over the years to get any data at all about Skype and law enforcement surveillance from the company. I have better relationship with Microsoft, who are surprisingly open with me when discussing privacy and surveillance issues relating to hotmail/live/outlook and Bing. Unfortunately, I've not been able to learn anything from my existing contacts at Microsoft about Skype. That part of the company seems to be continuing their long practice of secrecy regarding surveillance issues. Regards, Chris On Fri, Dec 21, 2012 at 2:49 AM, Jacob Appelbaum ja...@appelbaum.netwrote: Hi, In light of the recent thread on journalism, I wanted to share this link about Skype: https://en.greatfire.org/blog/2012/dec/china-listening-skype-microsoft-assumes-you-approve With 250 million monthly connected users, Skype is one of the most popular services for making phone calls as well as chatting over the Internet. If you have friends, family or business contacts abroad, chances are you are using Skype to keep in contact. Having said that, you are probably not aware that all your phone calls and text chats can be monitored by the censorship authorities in China. And if you are aware, chances are that you do not consent to such surveillence. Microsoft, however, assumes that you do consent, as expressed in their Privacy Policy: Skype, Skype's local partner, or the operator or company facilitating your communication may provide personal data, communications content and/or traffic data to an appropriate judicial, law enforcement or government authority lawfully requesting such information. Skype will provide reasonable assistance and information to fulfill this request and you hereby consent to such disclosure. All the best, Jacob -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Google Hangout the new, better skype? Was Re: Skype redux
So I guess the question is, is there a more/similarly convenient video/audio chatting tool that can be advocated as a standard? Skype is a problem, hands down. But people will continue to use it, particularly in situations they see as nonthreatening (rightly and wrongly) because it is convenient and maintains weight in the marketplace. This is a long way of asking, is Goohke Hangout functionally better? Is anything else? Or, how do we get someone to develop a convenient p2p chatting tool that is also pleasurable to use? B On Dec 21, 2012 6:07 AM, Jacob Appelbaum ja...@appelbaum.net wrote: Hi, In light of the recent thread on journalism, I wanted to share this link about Skype: https://en.greatfire.org/blog/2012/dec/china-listening-skype-microsoft-assumes-you-approve With 250 million monthly connected users, Skype is one of the most popular services for making phone calls as well as chatting over the Internet. If you have friends, family or business contacts abroad, chances are you are using Skype to keep in contact. Having said that, you are probably not aware that all your phone calls and text chats can be monitored by the censorship authorities in China. And if you are aware, chances are that you do not consent to such surveillence. Microsoft, however, assumes that you do consent, as expressed in their Privacy Policy: Skype, Skype's local partner, or the operator or company facilitating your communication may provide personal data, communications content and/or traffic data to an appropriate judicial, law enforcement or government authority lawfully requesting such information. Skype will provide reasonable assistance and information to fulfill this request and you hereby consent to such disclosure. All the best, Jacob -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Google Hangout the new, better skype? Was Re: Skype redux
On Dec 21, 2012 2:24 PM, KheOps khe...@ceops.eu wrote: Hi everyone :) Le 21/12/2012 17:29, liberationt...@lewman.us a écrit : On Fri, 21 Dec 2012 06:52:35 -0800 Brian Conley bri...@smallworldnews.tv wrote: So I guess the question is, is there a more/similarly convenient video/audio chatting tool that can be advocated as a standard? Here's a single data point, extrapolate at your peril, I use Jitsi, https://jitsi.org/. We have tried to push Jitsi forward as a replacement to Skype, notably with Syrian people. In the first tries we did, it appeared really not easy to use from Syria, mainly because of the poor bandwidth there which seemed to prevent video calls to work correctly and NAT issues. This is exactly the reason to use Google hangout. I have been traveling in the MENA region the last few weeks, often relying on a local 3g connection to maintain daily contact with my family. As I was paying per mb/GB of data, I kept a close eye on the transfer. Its completely unscientific, but Google hangout seems to use a fraction of the bandwidth as skype (1/10th?!) So there is a serious discussion to have here, no? If gmail is acceptable for anyone not concerned with US government or allies as an adversary, why not Google hangout? B We however haven't had time to dig more in Jitsi settings, and I wonder if someone had a good URL for documentation/tutorial? Thank you :) KheOps -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Google Hangout the new, better skype? Was Re: Skype redux
Thanks Jacob, How do you consider Adams concerns about Jitsi? Brian On Dec 21, 2012 8:24 PM, Jacob Appelbaum ja...@appelbaum.net wrote: Brian Conley: So I guess the question is, is there a more/similarly convenient video/audio chatting tool that can be advocated as a standard? Jitsi? Skype is a problem, hands down. But people will continue to use it, particularly in situations they see as nonthreatening (rightly and wrongly) because it is convenient and maintains weight in the marketplace. People will continue to use it as long as this community and others accepts it as a reasonable tool. It isn't a reasonable tool and we should warn people not to use it. We should rather encourage them to use open and standard protocol, as well as to use FLOSS implementations. This is a long way of asking, is Goohke Hangout functionally better? Is anything else? Or, how do we get someone to develop a convenient p2p chatting tool that is also pleasurable to use? Jitsi is likely better for a lot of stuff. It is written in Java (yay no programmer introduced buffer overflows, boo java, boo java), it has OTR for chatting and ZRTP for VoIP calls. It does this with standard jabber/xmpp accounts. Users can download it over HTTPS and I believe the cert may be pinned now in Google Chrome. It isn't perfect but if I had to choose between it and Skype, I guess I'd not have a lot of trouble making the choice of using Jitsi. All the best, Jake B On Dec 21, 2012 6:07 AM, Jacob Appelbaum ja...@appelbaum.net wrote: Hi, In light of the recent thread on journalism, I wanted to share this link about Skype: https://en.greatfire.org/blog/2012/dec/china-listening-skype-microsoft-assumes-you-approve With 250 million monthly connected users, Skype is one of the most popular services for making phone calls as well as chatting over the Internet. If you have friends, family or business contacts abroad, chances are you are using Skype to keep in contact. Having said that, you are probably not aware that all your phone calls and text chats can be monitored by the censorship authorities in China. And if you are aware, chances are that you do not consent to such surveillence. Microsoft, however, assumes that you do consent, as expressed in their Privacy Policy: Skype, Skype's local partner, or the operator or company facilitating your communication may provide personal data, communications content and/or traffic data to an appropriate judicial, law enforcement or government authority lawfully requesting such information. Skype will provide reasonable assistance and information to fulfill this request and you hereby consent to such disclosure. All the best, Jacob -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Forbes recommends tools for journalists
+1 to danny and nathan. I'd also like to note a small detail the author missed. Robert King, the photographer who took the McAfee pic, is the same photographer who was recently in Syria for vice. Let's hope he didn't make the same mistake there. Brian On Dec 17, 2012 9:14 PM, Danny O'Brien dobr...@cpj.org wrote: On Mon, Dec 17, 2012 at 10:49:33AM -0700, frank@journalistsecurity.netwrote: If anyone here has any thoughts about the tools recommended in this Forbes piece, please speak up. The piece gets specific with recommendations form Ashkan Soltani, a technologist who I do not think is on this list, about half way down. Again, any thoughts would be welcome. Thank you! Frank The reference to Glenn's Create your own SSL certiiate article is weird; what he talks about in that Ars Technica piece not a replacement for a VPN by any means, and I think the reference would just confuse anyone who was not technical. I think these days you have to tie Forbes' (good) advice not to save everything with an encouragement to use full disk encryption. We're in an awkward space right now where we can't fully guarantee that data gets deleted off a modern flash (SSD) drive, even with previously strong deletion tools. And forensics software is good enough to pick up a lot of local clues about what you've used your own computer for, even if you think you've turned off all logs and removed the saving of sensitive data. Minimize what you record, but also encrypt. I'd be cautious about explicitly recommending Word's encryption as they do -- if you save encrypted docs in 97/2000 mode, they're instantly breakable, and there are dedicated tools out there to break later versions. I don't know whether they exploit later weaknesses, or are just fancy password crackers. http://www.elcomsoft.com/aopr.html?r1=Openwall Usual provisos about Skype (and Silent Circle to a certain extent). It's *really* hard to permanently recommend particular products, without at least making the statement Keep an eye for news that the tools you use are vulnerable, and keep the software updated. We really need to stop making this exclusively about the tools, and make it more about the practices, and tools that can reinforce those practices. This article isn't that bad at all about that -- but you want to be able to get people to a point where they can tell themselves whether a package looks like snake oil or not. d. http://www.forbes.com/sites/kashmirhill/2012/12/07/dear-journalists-at-vice-and-elsewhere-here-are-some-simple-ways-not-to-get-your-source-arrested/ TECH | 12/07/2012 @ 1:33PM |24,858 views Dear Journalists at Vice and Elsewhere, Here Are Some Simple Ways Not To Get Your Source Arrested You forgot to scrub the metadata, suckers. Computer security millionaire John McAfee’s surreal flight from Belizean law enforcement came to an end this week when he was detained (and then hospitalized) in Guatemala, as has been widely reported. A piece of the story that hasn’t been included in much of the reporting is how authorities figured out that McAfee — who was wanted for questioning in the shooting death of his neighbor — had fled Belize for Guatemala. McAfee’s location was exposed after he agreed to let two reporters from Vice Magazine tag along with him. Proud to finally be in the thick of a story rife with vices — drugs, murder, prostitutes, guns, vicious dogs, a fugitive millionaire and his inappropriately young girlfriend — they proudly posted an iPhone photo to their blog of Vice editor-in-chief Rocco Castoro standing with the source of the mayhem in front of a jungly background, saying, “We are with John McAfee right now, suckers.” With that posting, they went from chroniclers of vices to inadvertent narcs. They left the metadata in the photo, revealing McAfee’s exact location, down to latitude and longitude. McAfee tried to claim he’d manipulated the data — a claim that Vice photographer backed up on Facebook in a posting he’s since deleted — but then capitulated, hired a lawyer, and tried to claim asylum in Guatemala. Guatemalan authorities instead detained McAfee for entering the country illegally. All of which was dutifully reported by the Vice reporters, with no mention of their screw-up. Mat Honan at Wired excoriated Vice for its role in events: This was deeply stupid. People have been pointing out the dangers of inadvertently leaving GPS tags in cellphone pictures for years and years. Vice is the same publication that regularly drops in on revolutions and all manner of criminals. They should have known better. And they have the resources to do it better. Vice is a $100 million operation. Then, it followed up this egregiously stupid action with a far worse one. Vice photographer Robert King apparently lied on his Facebook page and Twitter in order to protect McAfee. Like McAfee, he claimed that the
Re: [liberationtech] Forbes recommends tools for journalists
Its SSD so its still not a secure wipe, no? On Dec 18, 2012 12:26 AM, Eric S Johnson cra...@oneotaslopes.org wrote: Secure deletion is a problem we could solve in software, by encrypting the data and then destroying the key to render the data unrecoverable, *if* we had a few bytes of persistent, erasable storage in which to store the key. (Storing the key on the SSD itself doesn't work, because then we can't securely delete the key.) I'm not aware of any suitable storage on current smartphones or personal computers Isn't this exactly how the iOS (v4+) can be remotely wiped in a couple seconds? Everything's encrypted, so deleting the key ... Or are we saying the iOS's storage of the key is insecure? Best, Eric -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Where can I find the Twitter censorship handbook?
John, So am I mistaken that Twitter blocks (and by blocks I mean does not allow to be visible) certain content in certain countries, in accordance with local regulation? I'm not saying its right or wrong, but unless I'm mistaken about this, its a bit melodramatic to get on your high horse about the lack if censorship or mediation of tweets, which, if twitter filters tweets based on location is just prima facie untrue. I happen to completely understand why twitter does this and believe the ability to change your set location in order to avoid the filtering is a good workaround. That said, no need to be rude, dramatic, or misleading. Brian On Dec 15, 2012 4:38 AM, John Adams j...@retina.net wrote: I work there. Read the damn TOS. Twitter -does not- censor or meditate content. https://support.twitter.com/articles/15794-abusive-behavior and https://support.twitter.com/articles/18311-the-twitter-rules It's a serious affront to all the work we've done to enable people to freely communicate, and the number of times that we've gone to bat for users, to make posts like these. -john On Fri, Dec 14, 2012 at 6:36 PM, Griffin Boyce griffinbo...@gmail.comwrote: Have you tried contacting twitter support directly? In the first instance, it's likely that you were reported by someone who saw it and took offense to it. As for having tweets reported for spam, it could have been a competitor (and that type of reporting is easy to automate). But the Twitter spam algorithm could also have interpreted the [short tweet length + link + popular hashtag] as being spam. From a merchant perspective, we kind of operate at her majesty's pleasure. By that I mean that social networks make the rules, enforce them (or not), and our only real recourse is to move to another, less populated social network. I'd recommend talking to twitter support before totally writing it off, but you might not get a resolution for the reasons mentioned above. Best, Griffin Boyce @abditum On Fri, Dec 14, 2012 at 8:42 PM, Uncle Zzzen unclezz...@gmail.comwrote: Warning for the politically-correct: this message contains the N-word. I believe it is in context :) -- I believe that usability is a security concern; systems that do not pay close attention to the human interaction factors involved risk failing to provide security by failing to attract users. ~Len Sassaman PGP Key etc: https://www.noisebridge.net/wiki/User:Fontaine -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Announcing finalists (and soon winners) for the Access Tech Innovation Prize
Thanks all, speaking for Small World News, I'd like to say we have been excited and honored to work with the Guardian Project, as well as our other partners in the development of StoryMaker, Free Press Unlimited and Radio Free Asia, without whom it wouldn't be possible. We look forward to hearing whom among this group if exceptional finalists is chosen. I wish I could be in New York next week, but we are currently in Cairo and will be in Iraq working on testing and implementation of the alpha version. We will be making a more public announcement soon about the project. Feel free to email me privately if you'd like to know more. Brian On Dec 6, 2012 10:09 PM, Brian Duggan bcdu...@gmail.com wrote: Thanks, Gustaf! A quick note: Flashproxy was started and is maintained by David Fiefield at Stanford University. The Open Technology Institute developed a proof of concept that demonstrated that Flashproxy could be easily distributed through a Facebook application. OTI's application was strictly to fully develop the Facebook application, and David was supportive of our application. We at OTI couldn't come up with a decent name for the Facebook application. Just wanted to clarify that David, not OTI, is the primary driver behind Flashproxy :) Brian Duggan Technologist Open Technology Institute On Thu, Dec 6, 2012 at 1:45 PM, Gustaf Björksten gus...@accessnow.orgwrote: Hi everybody, The finalists of the Access Technology Innovation Prize have been announced. The projects selected by the judges as finalists are: Blackout Resilience Award: Briar, Linux en Caja + BogotaMesh + RedPaTodos + Hackbo, Project Byzantium, RePress - Greenhost Making Crypto Easy: Enigmail, GPG Clipboard - Open Technology Institute, HTTPS Everywhere - Electronic Frontier Foundation, LEAP Encryption Access Project Freedom of Expression Award (Golden Jellybean 1): Free Network Foundation, Initiative for China + Tahrir Project, Open Observatory for Network Interference (OONI), Project Gulliver - Greenhost, Storymaker - Small World News and Guardian Project Grassroots Technology Award (Golden Jellybean 2): Flashproxy - Open Technology Institute, Haroon Rashid Shah, Interactive Voice Response-Based Market Information System - Marye, Mengistu Miskir, Maletsabisa Molapo, Reticle - Malice Afterthought Facebook Award: Map Kibera Trust, BigWebNoise, Seven Sisters, Social Media for Democracy For further information on the projects please follow the link below: https://www.accessnow.org/blog/2012/12/04/announcing-the-access-tech-innovation-prize-finalists The winners will be announced this Monday 10th December at an awards party in New York City. All welcome to attend (please RSVP to r...@accessnow.org). The official invitation for the awards ceremony and party can be found at the following location: https://www.accessnow.org/TIP-awards All the very best, -- Gustaf Björksten Technology Director Access https://www.accessnow.org GPG ID: 0xFEB3D12A GPG Fingerprint: C10F FC31 B92A 3A32 40A0 1A72 43AC A427 FEB3 D12A -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Announcing finalists (and soon winners) for the Access Tech Innovation Prize
+1 On Dec 7, 2012 12:12 AM, Brian Duggan bcdu...@gmail.com wrote: We also want to say thanks to Access and their hard work on a prize competition that produced and will support such great projects. Access chose a fantastic group of finalists and we wish the best of luck to everyone in the awards ceremony. Brian On Thu, Dec 6, 2012 at 3:08 PM, Brian Duggan bcdu...@gmail.com wrote: Thanks, Gustaf! A quick note: Flashproxy was started and is maintained by David Fiefield at Stanford University. The Open Technology Institute developed a proof of concept that demonstrated that Flashproxy could be easily distributed through a Facebook application. OTI's application was strictly to fully develop the Facebook application, and David was supportive of our application. We at OTI couldn't come up with a decent name for the Facebook application. Just wanted to clarify that David, not OTI, is the primary driver behind Flashproxy :) Brian Duggan Technologist Open Technology Institute On Thu, Dec 6, 2012 at 1:45 PM, Gustaf Björksten gus...@accessnow.orgwrote: Hi everybody, The finalists of the Access Technology Innovation Prize have been announced. The projects selected by the judges as finalists are: Blackout Resilience Award: Briar, Linux en Caja + BogotaMesh + RedPaTodos + Hackbo, Project Byzantium, RePress - Greenhost Making Crypto Easy: Enigmail, GPG Clipboard - Open Technology Institute, HTTPS Everywhere - Electronic Frontier Foundation, LEAP Encryption Access Project Freedom of Expression Award (Golden Jellybean 1): Free Network Foundation, Initiative for China + Tahrir Project, Open Observatory for Network Interference (OONI), Project Gulliver - Greenhost, Storymaker - Small World News and Guardian Project Grassroots Technology Award (Golden Jellybean 2): Flashproxy - Open Technology Institute, Haroon Rashid Shah, Interactive Voice Response-Based Market Information System - Marye, Mengistu Miskir, Maletsabisa Molapo, Reticle - Malice Afterthought Facebook Award: Map Kibera Trust, BigWebNoise, Seven Sisters, Social Media for Democracy For further information on the projects please follow the link below: https://www.accessnow.org/blog/2012/12/04/announcing-the-access-tech-innovation-prize-finalists The winners will be announced this Monday 10th December at an awards party in New York City. All welcome to attend (please RSVP to r...@accessnow.org). The official invitation for the awards ceremony and party can be found at the following location: https://www.accessnow.org/TIP-awards All the very best, -- Gustaf Björksten Technology Director Access https://www.accessnow.org GPG ID: 0xFEB3D12A GPG Fingerprint: C10F FC31 B92A 3A32 40A0 1A72 43AC A427 FEB3 D12A -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Verification of Speak2Tweet Locales?
Ben, I've just emailed you some details and a connection with the guys st Google originally behind the service. Brian On Nov 30, 2012 11:02 AM, Ben Connors benjconn...@gmail.com wrote: Hi All, Washington Post Journalist here with a verification question. We're looking to do a little blogging on Speak 2 Tweet and Syria, but we want at least some layer of proof that the calls are coming from within the country. I'm fairly tech savvy but at a loss, as to how/whether that can be done. Would appreciate your help amplifying these voices. Best, Ben Connors @bcatdc 202.213.0674 Video Innovation Editor | Washington Post Formerly Creative Strategist | The Stream , Al Jazeera English -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Syrian Internet Is Off The Air
Has there been any discussion of the fact that Tata communications is an Indian company? What's India's stance on the Syrian conflict? It was an interesting detail to me to note that an Indian global telecom is such a key player here. Id not noticed that previously. On Nov 29, 2012 1:23 PM, Andrew Lewis m...@andrewlew.is wrote: From what I remember those networks were never really in use, or at least firewalled from outside the country. -Andrew On Nov 30, 2012, at 10:16 AM, Karin Kosina ky...@kyrah.net wrote: Now, there are a few Syrian networks that are still connected to the Internet, still reachable by traceroutes, and indeed still hosting Syrian content. These are five networks that use Syrian-registered IP space, but the originator of the routes is actually Tata Communications. Is any of you actually able to reach any of those networks? They appear to be unreachable to me. kyrah -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Libya Telecom blocks Facebook?
Apparently Libya Telecom (LTT) may have just blocked Facebook. I'm working on gathering additional details/confirming. Anyone else heard something *specific*? -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley public key: http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCEEF938A1DBDD587http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE827FACCB139C9F0 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Libya Telecom blocks Facebook?
Apologies all, seems to be a widespread disruption: http://downrightnow.com/facebook However I can verify it is not blocking all Libyan connections to facebook, as I'm talking with individuals in Tripoli and Ajdabiya at the moment. On Tue, Nov 27, 2012 at 12:49 PM, Brian Conley bri...@smallworldnews.tvwrote: Apparently Libya Telecom (LTT) may have just blocked Facebook. I'm working on gathering additional details/confirming. Anyone else heard something *specific*? -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley public key: http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCEEF938A1DBDD587http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE827FACCB139C9F0 -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley public key: http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCEEF938A1DBDD587http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE827FACCB139C9F0 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Libya Telecom blocks Facebook?
A geek in Libya says: Ok 3 people said it isnt working and theyre all using wimax 1:19pm Ok, the server that hosts the actual pages isnt working, but all the back end (database side of things) is working. Mobile apps apear to be working fine to some degree B On Tue, Nov 27, 2012 at 1:16 PM, Joss Wright joss-liberationt...@pseudonymity.net wrote: On Tue, Nov 27, 2012 at 12:49:19PM -0800, Brian Conley wrote: Apparently Libya Telecom (LTT) may have just blocked Facebook. I'm working on gathering additional details/confirming. Anyone else heard something *specific*? Not necessarily useful information, but for reference I just queried their DNS servers (as listed here: http://www.ltt.ly/en/support/qna/index.php?c=29 ) and got a valid IP mapping for facebook. So if they are blocking it's doesn't seem to be at the DNS level. Joss -- Joss Wright | @JossWright http://www.pseudonymity.net -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley public key: http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCEEF938A1DBDD587http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE827FACCB139C9F0 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Saudi Arabia implements electronic tracking system for women
I would be interested to know whether this system involves any automated tracking, such as a database of SIMs that are updated by default via SMS when the relevant women's SIM passes immigration, etc. It seems likely it is simply a database registry, cross referencing contact information of male guardians with the respective woman being monitored. In effect this means the men may also be tracked, at least their phones are registered in a central database. It seems the practicalities around how such a system functions may be an effective way to organize Saudi men around a campaign? I guess it depends whether, culturally, such a database of male SIMs is considered an unacceptable invasion of privacy. Thanks for the heads up! On Nov 22, 2012 12:28 PM, Mohammad Shublaq m...@riseup.net wrote: http://www.rawstory.com/rs/2012/11/22/saudi-arabia-implements-electronic-tracking-system-for-womenhttp://www.rawstory.com/rs/2012/11/22/saudi-arabia-implements-electronic-tracking-system-for-women/?utm_source=twitterfeedutm_medium=twitter RIYADH — Denied the right to travel without consent from their male guardians and banned from driving, women in Saudi Arabia are now monitored by an electronic system that tracks any cross-border movements. Since last week, Saudi women’s male guardians began receiving text messages on their phones informing them when women under their custody leave the country, even if they are travelling together. Manal al-Sherif, who became the symbol of a campaign launched last year urging Saudi women to defy a driving ban, began spreading the information on Twitter, after she was alerted by a couple. The husband, who was travelling with his wife, received a text message from the immigration authorities informing him that his wife had left the international airport in Riyadh. “The authorities are using technology to monitor women,” said columnist Badriya al-Bishr, who criticised the “state of slavery under which women are held” in the ultra-conservative kingdom. Women are not allowed to leave the kingdom without permission from their male guardian, who must give his consent by signing what is known as the “yellow sheet” at the airport or border. The move by the Saudi authorities was swiftly condemned on social network Twitter — a rare bubble of freedom for millions in the kingdom — with critics mocking the decision. “Hello Taliban, herewith some tips from the Saudi e-government!” read one post. “Why don’t you cuff your women with tracking ankle bracelets too?” wrote Israa. “Why don’t we just install a microchip into our women to track them around?” joked another. “If I need an SMS to let me know my wife is leaving Saudi Arabia, then I’m either married to the wrong woman or need a psychiatrist,” tweeted Hisham. “This is technology used to serve backwardness in order to keep women imprisoned,” said Bishr, the columnist. “It would have been better for the government to busy itself with finding a solution for women subjected to domestic violence” than track their movements into and out of the country. Saudi Arabia applies a strict interpretation of sharia, or Islamic law, and is the only country in the world where women are not allowed to drive. In June 2011, female activists launched a campaign to defy the ban, with many arrested for doing so and forced to sign a pledge they will never drive again. No law specifically forbids women in Saudi Arabia from driving, but the interior minister formally banned them after 47 women were arrested and punished after demonstrating in cars in November 1990. Last year, King Abdullah — a cautious reformer — granted women the right to vote and run in the 2015 municipal elections, a historic first for the country. In January, the 89-year-old monarch appointed Sheikh Abdullatif Abdel Aziz al-Sheikh, a moderate, to head the notorious religious police commission, which enforces the kingdom’s severe version of sharia law. Following his appointment, Sheikh banned members of the commission from harassing Saudi women over their behaviour and attire, raising hopes a more lenient force will ease draconian social constraints in the country. But the kingdom’s “religious establishment” is still to blame for the discrimination of women in Saudi Arabia, says liberal activist Suad Shemmari. “Saudi women are treated as minors throughout their lives even if they hold high positions,” said Shemmari, who believes “there can never be reform in the kingdom without changing the status of women and treating them” as equals to men. But that seems a very long way off. The kingdom enforces strict rules governing mixing between the sexes, while women are forced to wear a veil and a black cloak, or abaya, that covers them from head to toe except for their hands and faces. The many restrictions on women have led to high rates of female unemployment, officially estimated at around 30 percent. In October,
[liberationtech] Comments on Internews new information security guide
Hi all, I have recently seen Internews' new internet security guide. http://www.internews.org/our-stories/project-updates/speaksafe-new-toolkit-safer-online-and-mobile-practices-media I wonder if anyone else on the list has seen it, or whether anyone knows who authored it? I'd very much like to speak with them, as I'm quite concerned about a number of items in the guide. The most noteworthy being that Internews seems to have proclaimed Skype a completely acceptable technology, with no evidence of its encryption being broken. I'm not sure this is false, since backdoors don't need to break encryption in order to function, but, well... I will be reading through the guide at length in coming days and invite Internews to contact me publicly or privately regarding the content. Look forward to comments from the list. Brian -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] SOPA Supporter Considered for Sec. of State
Nadim, internet freedom isn't the only issue we should act on, is it? On Nov 12, 2012 11:03 PM, Nadim Kobeissi na...@nadim.cc wrote: Promoting the business interests of his district at the expense of Internet freedom...? NK On Tue, Nov 13, 2012 at 12:56 AM, Collin Anderson col...@averysmallbird.com wrote: Howard Berman has had a long tenure in Congress that is worth a deeper evaluation than solely SOPA/ACTA, spanning legislation such as the Anti-Boycott Act, the infamous Berman Amendment (1988 Omnibus Trade and Competitiveness Act), NAFTA, False Claims Act, et al. Whether or not Berman would actually be an appropriate choice for Secretary of State, evaluating his merits should not be done in as shallow a manner as promoting the business interests of his district, Hollywood -- which is pretty appropriate for an agent model of representation. -- Collin Anderson Sent with Sparrow http://www.sparrowmailapp.com/?sig On Monday, November 12, 2012 at 3:39 PM, Nadim Kobeissi wrote: The Los Angeles Times is reporting that Congressman Howard Berman is being considered as the replacement for Hillary Clinton when she steps down as Secretary of State in coming weeks: http://www.latimes.com/news/politics/la-pn-berman-secretary-of-state-clinton-20121107,0,963486.story Berman was a lead supporter of SOPA. His position as Secretary of State could be a disaster. I urge you to sign the petition against this nonsense: http://act.demandprogress.org/letter/sos_berman/?akid=1847.98995.P8lsnVrd=1t=2 NK -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
