Re: [liberationtech] Mapping Hacking Team's Untraceable Spyware
Thank you Ron. Looks like a pretty thorough and important research. On Mon, Feb 17, 2014 at 7:39 AM, Ronald Deibert r.deib...@utoronto.ca wrote: Dear LibTech On behalf of the Citizen Lab I am pleased to announce the second in a series of posts about Hacking Team, authored by Bill Marczak, Claudio Guarnieri, Morgan Marquis-Boire, and John Scott-Railton. The summary is pasted below. Here is the link to the full report: https://citizenlab.org/2014/02/mapping-hacking-teams-untraceable-spyware/ Cheers Ron Mapping Hacking Team's Untraceable Spyware February 17, 2014 Categories: Reports and Briefings, Research News Authors: Bill Marczak, Claudio Guarnieri, Morgan Marquis-Boire, and John Scott-Railton. This post is the second in a series of posts that focus on the global proliferation and use of Hacking Team's RCS spyware, which is sold exclusively to governments. Summary Remote Control System (RCS) is sophisticated computer spyware marketed and sold exclusively to governments by Milan-based Hacking Team.1 Hacking Team was first thrust into the public spotlight in 2012 when RCS was used against award-winning Moroccan media outlet Mamfakinch,2 and United Arab Emirates (UAE) human rights activist Ahmed Mansoor.3 Most recently, Citizen Lab research found that RCS was used to target Ethiopian journalists in the Washington DC area.4 In this post, we map out covert networks of proxy servers used to launder data that RCS exfiltrates from infected computers, through third countries, to an endpoint, which we believe represents the spyware's government operator; this process is designed to obscure the identity of the government conducting the spying. For example, data destined for an endpoint in Mexico appears to be routed through four different proxies, each in a different country. This so-called collection infrastructure appears to be provided by one or more commercial vendors -- perhaps including Hacking Team itself. Hacking Team advertises that their RCS spyware is untraceable to a specific government operator. However, we claim to identify a number of current or former government users of the spyware by pinpointing endpoints, and studying instances of RCS that we have observed. We suspect that agencies of these 21 governments are current or former users of RCS: Azerbaijan, Colombia, Egypt, Ethiopia, Hungary, Italy, Kazakhstan, Korea, Malaysia, Mexico, Morocco, Nigeria, Oman, Panama, Poland, Saudi Arabia, Sudan, Thailand, Turkey, UAE, and Uzbekistan. Nine of these countries receive the lowest ranking, authoritarian, in The Economist's 2012 Democracy Index.5 Additionally, two current users (Egypt and Turkey) have brutally repressed recent protest movements. We also study how governments infect a target with the RCS spyware. We find that this is often through the use of exploits -- code that takes advantage of bugs in popular software. Exploits help to minimize user interaction and awareness when implanting RCS on a target device. We show evidence that a single commercial vendor may have supplied Hacking Team customers with exploits for at least the past two years, and consider this vendor's relationship with French exploit provider VUPEN. Ronald Deibert Director, the Citizen Lab and the Canada Centre for Global Security Studies Munk School of Global Affairs University of Toronto (416) 946-8916 PGP: http://deibert.citizenlab.org/pubkey.txt http://deibert.citizenlab.org/ twitter.com/citizenlab r.deib...@utoronto.ca -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] EFF Resigns from Global Network Initiative
I am sure that was a very hard move by EFF after being part of this group for five years. Corporate members being meddled with in regard to their security practices about their internal privacy and security systems is no way to effectively run any civil society that is hopeful of keeping people safe regarding their human rights. I hope others may also consider making the hard decision to join EFF in leaving this group until they can be more effective. It is scary to think that faith in a group of this nature can no longer be trusted because of government meddling. I think this is an important move. One that highlights just some of the dangers of this meddling. From the article: We know that many within the industry do not like or approve of such government interference, and GNI has, in statements, made it clear that member companies want permission from the US government to engage in greater transparency, EFF's International Director Danny O'Brien and Director for International Freedom of Expression Jillian C. York write in aletter to GNI leadership. However, until serious reforms of the US surveillance programs are in place, we no longer feel comfortable participating in the GNI process when we are not privy to the serious compromises GNI corporate members may be forced to make. Nor do we currently believe that audits of corporate practice, no matter how independent, will uncover the insecurities produced by the US government's—and potentially other governments'—behavior when operating clandestinely in the name of national security. On Thu, Oct 10, 2013 at 4:33 PM, Yosem Companys compa...@stanford.edu wrote: From: pressl...@eff.org Electronic Frontier Foundation Media Release For Immediate Release: Thursday, October 10, 2013 Contact: Jillian C. York Director for International Freedom of Expression Electronic Frontier Foundation jill...@eff.org +1 415 436-9333 x118 EFF Resigns from Global Network Initiative Citing Concerns Over NSA’s Impact on Corporate Members, EFF Leaves Industry Group San Francisco - The Electronic Frontier Foundation (EFF) today withdrew from the Global Network Initiative (GNI), citing a fundamental breakdown in confidence that the group's corporate members are able to speak freely about their own internal privacy and security systems in the wake of the National Security Agency (NSA) surveillance revelations. EFF has been a civil society member of the multi-stakeholder human rights group since GNI was founded in 2008 to advance freedom of expression and privacy in the global information and communication technologies sector. While much has been accomplished in these five years, EFF can no longer sign its name on joint statements knowing now that GNI's corporate members have been blocked from sharing crucial information about how the US government has meddled with these companies' security practices through programs such as PRISM and BULLRUN. We know that many within the industry do not like or approve of such government interference, and GNI has, in statements, made it clear that member companies want permission from the US government to engage in greater transparency, EFF's International Director Danny O'Brien and Director for International Freedom of Expression Jillian C. York write in a letter to GNI leadership. However, until serious reforms of the US surveillance programs are in place, we no longer feel comfortable participating in the GNI process when we are not privy to the serious compromises GNI corporate members may be forced to make. Nor do we currently believe that audits of corporate practice, no matter how independent, will uncover the insecurities produced by the US government's--and potentially other governments'--behavior when operating clandestinely in the name of national security. EFF's involvement with GNI included helping to define its founding principles over two years of negotiations; coordinating opposition to the United Kingdom's Communications Data Bill in 2011; releasing a paper addressing free-speech issues surrounding account deactivation and content removal; and collaborating with fellow members in internal international technical and policy analysis. However, EFF can no longer stand behind the credibility of what had been one of GNI's most significant achievements--third-party privacy and freedom of expression assessments of service providers, including Google, Microsoft and Yahoo. Moving forward, EFF plans to continue to provide guidance to the GNI and engage companies directly, but as an external organization. EFF supports the other organizations and individuals that continue to work within the GNI for the free speech and privacy rights of users worldwide. Although EFF is taking a step back, GNI can still serve an important role as a collaborative project between human rights groups, companies, investors and academics, York said. If the United States
Re: [liberationtech] How Laura Poitras Helped Snowden Spill His Secrets
Wow. It had to be someone. Who would you have had it been? On Wed, Aug 21, 2013 at 3:43 PM, Tony Arcieri basc...@gmail.com wrote: On Wed, Aug 21, 2013 at 5:16 AM, Eugen Leitl eu...@leitl.org wrote: This past January, Laura Poitras received a curious e-mail from an anonymous stranger requesting her public encryption key. For almost two years, Poitras had been working on a documentary about surveillance, and she occasionally received queries from strangers. She replied to this one and sent her public key — allowing him or her to send an encrypted e-mail that only Poitras could open, with her private key Then the NSA MitMed her unauthenticated plaintext email, replacing her public key with theirs, and were able to intercept all of the Snowden emails. Oops! -- Tony Arcieri -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Bradley Manning's sentence: 35 years for exposing us to the truth
tragic. On Wed, Aug 21, 2013 at 11:32 AM, Shelley shel...@misanthropia.info wrote: Outrageous. http://www.theguardian.com/commentisfree/2013/aug/21/bradley-manning-sentence-birgitta-jonsdottir Bradley Manning's sentence: 35 years for exposing us to the truth This was never a fair trial – Obama declared Manning's guilt in advance. But Manning's punishment is an affront to democracy Birgitta Jónsdóttir theguardian.com, Wednesday 21 August 2013 10.29 EDT Jump to comments (…) Link to video: Bradley Manning: 35 years in jail for an outsider who had trouble fitting in – video As of today, Wednesday 21 August 2013, Bradley Manning has served 1,182 days in prison. He should be released with a sentence of time served. Instead, the judge in his court martial at Fort Meade, Maryland has handed down a sentence of 35 years. Of course, a humane, reasonable sentence of time served was never going to happen. This trial has, since day one, been held in a kangaroo court. That is not angry rhetoric; the reason I am forced to frame it in that way is because President Obama made the following statements on record, before the trial even started: President Obama: We're a nation of laws. We don't individually make our own decisions about how the laws operate … He broke the law. Logan Price: Well, you can make the law harder to break, but what he did was tell us the truth. President Obama: Well, what he did was he dumped … Logan Price: But Nixon tried to prosecute Daniel Ellsberg for the same thing and he is a … [hero] President Obama: No, it isn't the same thing … What Ellsberg released wasn't classified in the same way. When the president says that the Ellsberg's material was classified in a different way, he seems to be unaware that there was a higher classification on the documents Ellsberg leaked. A fair trial, then, has never been part of the picture. Despite being a professor in constitutional law, the president as commander-in-chief of the US military – and Manning has been tried in a court martial – declared Manning's guilt pre-emptively. Here is what the Pentagon Papers leaker Daniel Ellsberg had to say about this, in an interview with Amy Goodman at DemocracyNow! in 2011: Well, nearly everything the president has said represents a confusion about the state of the law and his own responsibilities. Everyone is focused, I think, on the fact that his commander-in-chief has virtually given a directed verdict to his subsequent jurors, who will all be his subordinates in deciding the guilt in the trial of Bradley Manning. He's told them already that their commander, on whom their whole career depends, regards him [Manning] as guilty and that they can disagree with that only at their peril. In career terms, it's clearly enough grounds for a dismissal of the charges, just as my trial was dismissed eventually for governmental misconduct. But what people haven't really focused on, I think, is another problematic aspect of what he said. He not only was identifying Bradley Manning as the source of the crime, but he was assuming, without any question, that a crime has been committed. This alone should have been cause for the judge in the case to rethink prosecutors' demand for 60 years in prison. Manning himself has shown throughout the trial both that he is a humanitarian and that he is willing to serve time for his actions. We have to look at his acts in light of his moral compass, not any political agenda. Manning intentions were never to hurt anyone; in fact, his motivation – as was the case for Ellsberg – was to inform the American public about what their government was doing in their name. A defense forensic psychiatrist testified to Manning's motives: Well, Pfc Manning was under the impression that his leaked information was going to really change how the world views the wars in Afghanistan and Iraq, and future wars, actually. This was an attempt to crowdsource an analysis of the war, and it was his opinion that if … through crowdsourcing, enough analysis was done on these documents, which he felt to be very important, that it would lead to a greater good … that society as a whole would come to the conclusion that the war wasn't worth it … that really no wars are worth it. I admit that I share the same hopes that drove Manning to share with the rest of the world the crimes of war he witnessed. I am deeply disappointed that no one has been held accountable for the criminality exposed in the documents for which Manning is standing trial – except him. It shows so clearly that our justice systems are not working as intended to protect the general public and to hold accountable those responsible for unspeakable crimes. I want to thank Bradley Manning for the service he has done for humanity with his courage and compassionate action to inform us, so that we have the means to transform and change our societies for the better. I want to
Re: [liberationtech] How Laura Poitras Helped Snowden Spill His Secrets
--snip-- There's enough heroism to go around. To get a story of this magnitude out requires courage from both sources and journalists. And safety is in no way guaranteed for anyone involved. Plenty of journalists have lost their lives in the course of their job, but the truth is that courage is truly contagious -- journalists know this and hope that follow-on coverage will help protect them from retribution. Silence in the face of wrongdoing is corrosive. It will eat you alive if you let it. =/ --snip-- You got that right! On Wed, Aug 21, 2013 at 5:57 PM, Griffin Boyce griffinbo...@gmail.com wrote: Tom O wrote: So it's now become about the heroism of the journalists and not Snowden and mass govt surveillance. Right. There's enough heroism to go around. To get a story of this magnitude out requires courage from both sources and journalists. And safety is in no way guaranteed for anyone involved. Plenty of journalists have lost their lives in the course of their job, but the truth is that courage is truly contagious -- journalists know this and hope that follow-on coverage will help protect them from retribution. Silence in the face of wrongdoing is corrosive. It will eat you alive if you let it. =/ ~Griffin -- Cypherpunks write code not flame wars. --Jurre van Bergen #Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de My posts, while frequently amusing, are not representative of the thoughts of my employer. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Bradley Manning's sentence: 35 years for exposing us to the truth
agreed. On Wed, Aug 21, 2013 at 6:15 PM, Mike Perry mikepe...@torproject.org wrote: Thus spake Tom O (winterfi...@gmail.com): To be honest, this was probably the best he could have hoped for. He was facing 90. He got 35 with parole after 12. It's shit, but not as shit as the other options. If Snowden gets captured, you can bet he will be getting much much worse. This would be really unfortunate, especially since by any objective measure Snowden has been significantly more careful with what he's allowed to be revealed than Manning was. Thankfully, public opinion also seems to indicate that most people understand this effort on Snowden's part, despite the media circus. Even still, I am not in the Snowden would get a fair trial in the US camp, either. I am also worried by the fact that the lawlessness of the gangster governments that most Western democracies have devolved into has necessitated this whole insurance file business again. Let's hope at least that bit works out better this time, for everyone involved. -- Mike Perry -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] World's Most Private Search Engine?
I have used ixquick.com and startpage.com (both from the same folks) for years. More info here: http://en.wikipedia.org/wiki/Ixquick Ixquick is a metasearch engine based in New York and the Netherlands.[2] Founded by David Bodnick in 1998, Ixquick is owned by Dutch company, Surfboard Holding BV, which acquired the internet company in 2000.[3] On July 7, 2009 Ixquick launched Startpage.com to offer a new service at a URL that is both easier to remember and spell. Startpage.com fetches its results straight from the Google search engine without saving the users' IP addresses or giving any personal user information to Google's servers. I had been using ixquick.com for quite a while when StartPage.com came out and was being promoted by Spy Chips author Katherine Albrecht and CASPIAN advocate. Startpage.com info on how it protects you: https://startpage.com/eng/prism-program-exposed.html Here's the content of that page: --snip-- No PRISM. No Surveillance. No Government Back Doors. You Have our Word on it. Giant US government Internet spying scandal revealed The Washington Post and The Guardian have revealed a US government mass Internet surveillance program code-named PRISM. They report that the NSA and the FBI have been tapping directly into the servers of nine US service providers, including Facebook, Microsoft, Google, Apple, Yahoo, YouTube, AOL and Skype, and began this surveillance program at least seven years ago. (clarifying slides) These revelations are shaking up an international debate. StartPage has always been very outspoken when it comes to protecting people's Privacy and civil liberties. So it won't surprise you that we are a strong opponent of overreaching, unaccountable spy programs like PRISM. In the past, even government surveillance programs that were begun with good intentions have become tools for abuse, for example tracking civil rights and anti-war protesters. Programs like PRISM undermine our Privacy, disrupt faith in governments, and are a danger to the free Internet. StartPage and its sister search engine Ixquick have in their 14-year history never provided a single byte of user data to the US government, or any other government or agency. Not under PRISM, nor under any other program in the US, nor under any program anywhere in the world. Here's how we are different: StartPage does not store any user data. We make this perfectly clear to everyone, including any governmental agencies. We do not record the IP addresses of our users and we don't use tracking cookies, so there is literally no data about you on our servers to access. Since we don't even know who our customers are, we can't share anything with Big Brother. In fact, we've never gotten even a single request from a governmental authority to supply user data in the fourteen years we've been in business. StartPage uses encryption (HTTPS) by default. Encryption prevents snooping. Your searches are encrypted, so others can't tap the Internet connection to snoop what you're searching for. This combination of not storing data together with using strong encryption for the connections is key in protecting your Privacy. Our company is based in The Netherlands, Europe. US jurisdiction does not apply to us, at least not directly. Any request or demand from ANY government (including the US) to deliver user data, will be thoroughly checked by our lawyers, and we will not comply unless the law which actually applies to us would undeniably require it from us. And even in that hypothetical situation, we refer to our first point; we don't even have any user data to give. We will never cooperate with voluntary spying programs like PRISM. StartPage cannot be forced to start spying. Given the strong protection of the Right to Privacy in Europe, European governments cannot just start forcing service providers like us to implement a blanket spying program on their users. And if that ever changed, we would fight this to the end. Privacy. It's not just our policy, it's our mission. Sincerely, Robert E.G. Beens CEO StartPage.com and Ixquick.com --snip-- Hope that helps some Yosem. On Sun, Aug 18, 2013 at 2:18 PM, Yosem Companys compa...@stanford.edu wrote: RT @bytesforall: World's Most Private Search Engine http://ixquick.com/eng/. Anyone evaluated this? #Pakistan #Privacy #NetFreedom #Google @PrivacySurgeon -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] World's Most Private Search Engine?
Yep, talk is cheap. Always has been. But StartPage.com now uses: StartPage and Ixquick Deploy Newest Encryption Standards against Mass Surveillance First search engines to offer TLS 1.1.and 1.2 as well as “Perfect Forward Secrecy” July 19, 2013 12:03 PM Eastern Daylight Time http://eon.businesswire.com/news/eon/20130719005641/en/StartPage/Ixquick/TLS Search Engines Ixquick StartPage Double Up On Security Measures With 2 New Encryption Standards http://searchengineland.com/private-search-enggines-startpage-ixquick-double-down-on-security-measures-with-two-new-encryption-standards-167500 --snip-- On the heels of the US PRISM scandal, private search engines Ixquick and its partner site StartPage are leveraging new encryption methods that offer higher levels of security beyond the standard SSL encryption. With a combined four millions searches daily, Ixquick and StartPage boast they are the first search engines in the world to employ “Perfect Forward Secrecy” (PFS) along with TLS 1.1. and 1.2, creating a more secure network around their search traffic data. “We’re setting the standard for encryption in the post-PRISM world,” claims StartPage developer and privacy expert Dr. Katherine Albrecht. PFS encrypts large amounts of data by using different “per-session” keys for individual data transfers, making it impossible to decrypt a website’s full library of files with a single “private key” as can happen with an SSL encryption. According to the announcement: With SSL alone, if a target website’s “private key” can be obtained once in the future – perhaps through court order, social engineering, attack against the website, or cryptanalysis – that same key can then be used to unlock all other historical traffic of the affected website. For larger Internet services, that could expose the private data of millions of people. PFS offers websites an extra layer of protection, “…even if a site’s private SSL key is compromised, data that was previously transmitted is still safe.” If someone, or an organization, wanted to decrypt files secured via PFS, they would have to decrypt each individual file – a time consuming task when trying to decrypt large quantities of data. StartPage and Ixquick implemented PFS earlier this month in combination with TLS 1.1. and 1.2, an upgraded form of SSL encryption that establishes a secure “tunnel” where search traffic cannot be intercepted. --snip-- On Mon, Aug 19, 2013 at 10:10 AM, Patrick Mylund Nielsen patr...@patrickmylund.com wrote: If we have learned anything from PRISM it's that words are cheap, and not complying is difficult to impossible (without shutting down your business). You should probably be using Tor regardless of which search engine you're using if you're worried about your privacy. On Aug 19, 2013 9:00 AM, LilBambi lilba...@gmail.com wrote: I have used ixquick.com and startpage.com (both from the same folks) for years. More info here: http://en.wikipedia.org/wiki/Ixquick Ixquick is a metasearch engine based in New York and the Netherlands.[2] Founded by David Bodnick in 1998, Ixquick is owned by Dutch company, Surfboard Holding BV, which acquired the internet company in 2000.[3] On July 7, 2009 Ixquick launched Startpage.com to offer a new service at a URL that is both easier to remember and spell. Startpage.com fetches its results straight from the Google search engine without saving the users' IP addresses or giving any personal user information to Google's servers. I had been using ixquick.com for quite a while when StartPage.com came out and was being promoted by Spy Chips author Katherine Albrecht and CASPIAN advocate. Startpage.com info on how it protects you: https://startpage.com/eng/prism-program-exposed.html Here's the content of that page: --snip-- No PRISM. No Surveillance. No Government Back Doors. You Have our Word on it. Giant US government Internet spying scandal revealed The Washington Post and The Guardian have revealed a US government mass Internet surveillance program code-named PRISM. They report that the NSA and the FBI have been tapping directly into the servers of nine US service providers, including Facebook, Microsoft, Google, Apple, Yahoo, YouTube, AOL and Skype, and began this surveillance program at least seven years ago. (clarifying slides) These revelations are shaking up an international debate. StartPage has always been very outspoken when it comes to protecting people's Privacy and civil liberties. So it won't surprise you that we are a strong opponent of overreaching, unaccountable spy programs like PRISM. In the past, even government surveillance programs that were begun with good intentions have become tools for abuse, for example tracking civil rights and anti-war protesters. Programs like PRISM undermine our Privacy, disrupt faith in governments, and are a danger to the free Internet. StartPage and its sister search engine Ixquick have in their 14-year
Re: [liberationtech] [Dewayne-Net] Are Hackers the Next Bogeyman Used to Scare Americans Into Giving Up More Rights?
For many years government has been demonizing hackers. And it has always been very discouraging. There are good and bad in every walk of life, particular bent, and career path. Just as there are good, bad and indifferent among doctors and lawyers, there are good, bad and indifferent among hackers. But the government demonizes ALL hackers. Without hackers, there would be nothing created in this world, including the Internet. I just get disgusted about this mentality... On Thu, Aug 15, 2013 at 2:26 PM, Francisco Ruiz r...@iit.edu wrote: Kyle, Government is always the good guys by definition, here and in Zimbabwue, especially in their literature. The line separating sedition from civil disobedience is usually drawn after the fact. On Thu, Aug 15, 2013 at 1:09 PM, Kyle Maxwell ky...@xwell.org wrote: On Wed, Aug 14, 2013 at 5:18 PM, Bernard Tyers - ei8fdb ei8...@ei8fdb.org wrote: My issue is with - Hacking is bad when people do it. It's ok when the government do it. To play devil's advocate for a moment: isn't that true for a lot of things? The State is, in general, very jealous about its monopoly on things like violence and taxation, and (modulo anarchists, many of whom I love and respect) the majority of people are okay with those things. -- @kylemaxwell -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Francisco Ruiz Associate Professor MMAE department Illinois Institute of Technology PL13lok=WsH3zTgZn8V3hnIqjdbfPus+5YF5n+LBRPuH9USMMp8izPv+hsLoZKv+jaCFMapJFfiA11Q9yJU1K1Wo0TbjXK/=PL13lok get the PassLok privacy app at: http://passlok.com -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] US Feds Threaten to Arrest Lavabit Founder for Shutting Down His Service | Techdirt
Whoa! That is nuts! On Sat, Aug 17, 2013 at 5:43 PM, Yosem Companys compa...@stanford.edu wrote: The saga of Lavabit founder Ladar Levison is getting even more ridiculous, as he explains that the government has threatened him with criminal charges for his decision to shut down the business, rather than agree to some mysterious court order. The feds are apparently arguing that the act of shutting down the business, itself, was a violation of the order. http://www.techdirt.com/articles/20130816/14533924213/feds-threaten-to-arrest-lavabit-founder-shutting-down-his-service.shtml -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Shuttering of Lavabit and Silent Mail Illustrate Potential Effects of a CALEA II
Thanks, much appreciated. On Wed, Aug 14, 2013 at 3:20 PM, Joseph Lorenzo Hall j...@cdt.org wrote: (This gets a big wonky, but I figured many of you would be interested in reading our take. Please do share, forward, critique, etc.) https://www.cdt.org/blogs/joseph-lorenzo-hall/1408shuttering-lavabit-and-silent-mail-illustrate-potential-effects-calea # Shuttering of Lavabit and Silent Mail Illustrate Potential Effects of a CALEA II by Joseph Lorenzo Hall August 14, 2013 With all the news during this “Summer of Snowden,” it can be easy to forget some of the issues that many of us worried about before the unprecedented sunlight cast into the U.S. surveillance apparatus. One of these issues, updates to the Communications Assistance for Law Enforcement Act (CALEA) (“CALEA II”), has resurfaced. With CALEA II, the FBI is pushing to expand to Internet applications the technology mandates of the 1994 CALEA statute, which requires telecommunications companies to design their services to be wiretap-friendly. Last week, two providers of encrypted email service – Lavabit[1] and Silent Circle’s Silent Mail[2] – announced that they were shutting down given the prospect of secret government demands for access. The news raises concerns that the government may be, in effect, achieving the goals of CALEA II without Congress’ approval and, moreover, with a sledgehammer. For the past several years, various law enforcement officials have been pressing for updates to CALEA in order to require a wide variety of online services to be wiretap-capable, a move that CDT has opposed. CDT and others have argued that CALEA II could slow or even block the development of innovative products providing secure communications to businesses and individuals. This past spring, technology experts issued a report[3] on CALEA II, arguing that requiring backdoors into end-point software and devices would make these products vastly less secure. Fast forward to last week: the secure email service Lavabit voluntarily shut down, without notice, based on an undisclosed judicial order that Lavabit founder Ladar Levison said put the privacy of Lavabit’s encrypted email users at risk. “Unfortunately, what’s become clear is that there’s no protections in our current body of law to keep the government from compelling us to provide the information necessary to decrypt those communications in secret,” Levison was quoted[4] as saying. A few hours after Lavabit announced its closure, Phil Zimmermann, the creator of the widely used PGP encryption and co-founder of Silent Circle, announced[5] that Silent Circle had decided to shut down its secure email product too, anticipating judicial demands in the future similar to the order Lavabit received. Secure communications tools are the backbone of modern e-commerce and, increasingly, of a wide range of online interactions. However, Lavabit clearly felt that it had to choose between violating the integrity of its users’ communications or ceasing operations. Likewise, Silent Circle pre-emptively shut its Silent Mail service down in anticipation of having to make a similar choice in the future when facing government demands. The result goes far beyond what Congress provided for even in CALEA I. That statute has a provision explicitly intended to preserve the ability of service providers to offer unbreakable encryption. (“A telecommunications carrier shall not be responsible for decrypting, or ensuring the government's ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.” 47 USC 1002(b)(3) (emphasis added)) CALEA I also explicitly states that it does not authorize “any law enforcement agency or officer to prohibit the adoption of any … service, or feature by any provider of a wire or electronic communication service.” Moreover, CALEA I allows, indeed encourages, companies to disclose the surveillance features they adopt by providing a safe harbor for compliance with “publicly available technical requirements or standards.” What did the government demand and under what authority prompted Lavabit’s shutdown? We don’t know, and that’s part of the problem. The Wiretap Act, which authorizes the government to intercept communications content prospectively in criminal investigations, indicates that a provider of wire or electronic communication service (such as Lavabit) can be compelled to furnish law enforcement with “all information, facilities and technical assistance necessary to accomplish the interception unobtrusively… .” 18 USC 2518(4). The Foreign Intelligence Surveillance Act (FISA), which regulates surveillance in intelligence investigations, likewise requires any person specified in a surveillance order to provide the same assistance (50 USC 1805(2)(B)) and so does the FISA
Re: [liberationtech] Bill Gates on Project Loon vs malaria
That is an excellent point, Michael!! Also, there are many ways to help people. And not everyone has to do the same thing. People help where they can or feel comfortable. Being made to feel they have to try to fit someone else's model is never the best way for folks to do what their hearts lead them to do. Each area has its place. There is a real need for the things that the Gates foundation is doing, and just as much a need for knowledge -- and -- the possible ways of making money online (Entrepreneurship) that could help to raise the bar for some folks in these countries dealing with famine and disease. It may just help them gain back some feeling of control and make strides in overcoming the helplessness of famine and disease. And there is always a place for the many small organizations that also are trying to help in these areas. The need is great. No amount of giving, or types of giving should be poopoo'd unless they are a scam or the percentages are so low getting to the actual cause as to make it useless and makes the donor's money wasted. The big thing to me is that wherever I give, it has to be able to do as much as it can with the money I give. That it mostly goes to the cause itself. On Sat, Aug 10, 2013 at 7:32 AM, Glassman, Michael glassman...@osu.edu wrote: I think it might be important to realize that access to information and famine and disease are not mutually exclusive to each other. For instance if Amartya Sen (the Nobel award winning economist) analysis is right famine is not caused by lack of food but by lack of knowledge about access and location to food - something I believe is much more easily overcome through Internet access perhaps. Dysentery is caused both by lacking access to to potalble water and by not trusting or assimilating methods for water purification (e.g., convincing individuals to use precious resources on boiling water). Even when clinics are built the individuals have a hard time absorbing them into their everyday lives. What Google is doing may do more to help the problems Gates is talking about than one off helicopter drops. Or it may not. But to consider eradication of famine and disease as separate from information seems more destructive than constructive. Michael -- Liberationtech is a public list whose archives are searchable on Google. Persistent violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] EFF presentation at SIGINT
Thanks Greg! Hope to see it when I can get to a place where I have unlimited bandwidth! On Sat, Jul 27, 2013 at 12:47 AM, grarpamp grarp...@gmail.com wrote: Mentioned in the talk, Freedom of the Press Foundation (Jul 2) - Encryption Works: How to Protect Your Privacy in the Age of NSA Surveillance by @micahflee: https://pressfreedomfoundation.org/encryption-works Interesting to see the above 'Encryption works' quote making the rounds. Similarly interesting is this seemingly opposing (yet unattributed) 'Breakthrough' quote from a year ago (search references to the word in the text)... http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] WC3 and DRM
These TPMs are being abused. You should be able to install your Linux on your general purpose computer. Even if Windows and the OEM enable the TPM, you should be given the ability to disable that. And that is not the case in many OEM Windows 8 computers. I dual boot all my computers. I have the right to do that on my own computer. So although I think it 'could' be a good thing to have TPM enabled. In my mind, the TPM is being abused by the OS and computer vendors if they are not enabling you to disable it to install another OS. AND more important, in many cases, they do not allow you to disable it to install your alternative OS as a dual boot, and then re-enable TPM so you have that so-called protection after you install your new OS. I am the computer owner, not them. I should decide and I should be able to still be protected on all my OSes that I manually disable the TPM to install after the installation is completed. I should not have to leave the TPM disabled just because I installed another OS. Have it password protected or something so only the computer owner can enable and disable it. Technical people would know how to do this and generally only technically oriented people would be doing these types of dual boot installations. Just a thought. BTW, I see where Cory has somewhat come around, but not entirely and only due to computer security. On Fri, Jul 26, 2013 at 6:34 PM, Richard Brooks r...@acm.org wrote: Also interestingly explored in Vernor Vinge's Rainbow's End On 07/26/2013 06:18 PM, Steve Weis wrote: DRM technologies have a flip side as privacy-preserving technology. It's all a matter of whose data is being protected and who owns the hardware. We generally think of DRM in cases where the data owner is large company and an individual owns the hardware. In this case, DRM stops you from copying data you paid for from your own device. Now flip the roles. You're the data owner and the large company is the hardware owner; say a cloud computing provider you lease machines from. Those same technologies can prevent that service provider from accessing your private data. Cory Doctrow has come around to this view, as he discusses in his talk The coming civll war over general purpose computing [1]. He's now advocating the use of Trust Platform Modules (TPMs) as a nub of stable certainty which you can use to verify that whatever hardware you are using is faithfully booting your own software. This is a significant departure from viewing TPMs as an anti-consumer technology, which was espoused by groups like Chilling Effects [2]. As Doctrow puts it a victory for the freedom side in the war on general purpose computing would result in computers that let their owners know what was running on them. Some of the very same technologies that enable DRM could help us verify that computers are running what they should be. [1] http://boingboing.net/2012/08/23/civilwar.html [2] http://chillingeffects.org/anticircumvention/weather.cgi?WeatherID=534 On Fri, Jul 26, 2013 at 2:22 PM, Richard Brooks r...@acm.org wrote: Obviously, these issues have been very thoroughly discussed by Corey Doctorow and Larry Lessig. DRM has not proved to be effective at safeguarding intellectual property. It seems to be most effective as a tool in maintaining limited monopolies, since it stops other companies from investing in creating products compatible with existing products. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- === R. R. Brooks Associate Professor Holcombe Department of Electrical and Computer Engineering Clemson University 313-C Riggs Hall PO Box 340915 Clemson, SC 29634-0915 USA Tel. 864-656-0920 Fax. 864-656-5910 email: r...@acm.org web: http://www.clemson.edu/~rrb -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] WC3 and DRM
And as we all know, DRM doesn't keep out or prevent hacking, but it does impede the normal citizen from doing what they want to do with what they buy. Cory Doctorow's DRM Talk at Microsoft is still quite relevant. So much so that I actually placed a copy of it on my blog since 2004: http://bambismusings.wordpress.com/drm-talk/ Which was reprinted from here: http://craphound.com/msftdrm.txt On Thu, Jul 25, 2013 at 1:14 PM, Jonathan Wilkes jancs...@yahoo.com wrote: On 07/25/2013 07:14 AM, Mitar wrote: Hi! Some very good arguments *for* DRM on the web: http://unitscale.com/mb/bomb-in-the-garden/ Sure. It's also _necessarily_ an argument against free software operating systems as well as an argument against general purpose computing. It is both of these things because if you want to make things that have zero marginal cost expensive, you must make it impossible for the user to remove the nuisances that are preventing him/her from copy/pasting. And to do that you must first make it impossible for the user to control their device, (i.e., use their computer). And Jesus said, Control the distribution of the bread and fish and we will have a sustainable business model for the web. -Jonathan Mitar -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Join us for a public hack day on Friday, July 26, 2013 in Munich, Germany.
That is great news. Especially after you read articles like this from May this year: Australian Spies Want To Hack Tor After Realizing It Routes Around Their Surveillance http://www.techdirt.com/articles/20130531/08445823273/australian-spies-admit-data-retention-trivially-easy-to-circumvent-so-now-want-to-break-encrypted-services-like-tor-vpns.shtml Recently I heard a concern about using Tor so this is very good news. On Wed, Jul 24, 2013 at 5:02 PM, Eugen Leitl eu...@leitl.org wrote: https://blog.torproject.org/blog/join-us-tor-hack-day-munich-germany JOIN US - Tor Hack Day, Munich, Germany Posted July 8th, 2013 by kelley in dev meeting hack day Join us for a public hack day on Friday, July 26, 2013 in Munich, Germany. Thank you to our hosts at the Technische Universität München (http://www.tum.de). The agenda and conversations will be determined by you and Tor's team of developers and researchers - so bring your ideas, questions, projects and technical expertise with you! This event is open to the public and free of charge - no RSVP necessary. Friday, July 26, 2013 Start Time: 10:00 am Location: LRZ building, Sminarraum (H.E. 008), Bolzmannstrabe 1, 85748 Garching, Germany. NOTE: the room is to the right of the main entrance. For questions please contact exec...@torproject.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Travellers' mobile phone data seized by police at border
I think this has been going on in the UK and USA for some time now. And I am sure other countries are also doing it, although many might not be considered 'free' nations as the UK and USA boast. On Mon, Jul 15, 2013 at 9:45 AM, Eugen Leitl eu...@leitl.org wrote: (leave your data at home in an encrypted cloud (you cannot be asked to decrypt data not in your possession), treat seized devices as sacrificable due to potential backdoors installed during examination so use cheap disposables when travelling and restock from a known good source) http://www.telegraph.co.uk/technology/10177765/Travellers-mobile-phone-data-seized-by-police-at-border.html Travellers' mobile phone data seized by police at border Thousands of innocent holidaymakers and travellers are having their phones seized and personal data downloaded and stored by the police, The Telegraph can disclose. Tourist using mobile phone at an airport A police officer can stop any passenger at random, scour their phone and download and retain data, even of the individual is then immediately allowed to proceed Photo: ALAMY By Tom Whitehead, and David Barrett9:01PM BST 13 Jul 2013Comments206 Comments Officers use counter-terrorism laws to remove a mobile phone from any passenger they wish coming through UK air, sea and international rail ports and then scour their data. The blanket power is so broad they do not even have to show reasonable suspicion for seizing the device and can retain the information for “as long as is necessary”. Data can include call history, contact books, photos and who the person is texting or emailing, although not the contents of messages. David Anderson QC, the independent reviewer of terrorism laws, is expected to raise concerns over the power in his annual report this week. He will call for proper checks and balances to ensure it is not being abused. It echoes concerns surrounding an almost identical power police can use on the streets of the UK, which is being reviewed by the Information Commissioner. However, in those circumstances police must have grounds for suspicion and the phone can only be seized if the individual is arrested. Mr Anderson said: “Information downloaded from mobile phones seized at ports has been very useful in disrupting terrorists and bringing them to justice. “But ordinary travellers need to know that their private information will not be taken without good reason, or retained by the police for any longer than is necessary.” Up to 60,000 people a year are “stopped and examined” as they enter or return to the UK under powers contained in the Terrorism Act 2000. It is not known how many of those have their phone data taken. Dr Gus Hosein, of the campaign group Privacy International, said: “We are extremely concerned by these intrusive tactics that have been highlighted by the independent terrorism reviewer. “These practices have been taking place under the radar for far too long and if Mr Anderson calls for reform and new safeguards we would be very supportive of that.” He added: “Seizing and downloading your phone data is the modern equivalent of searching your home and office, searching through family albums and business records alike, and identifying all your friends and family, then keeping this information for years. “If you were on the other side of the border, the police would rightly have to apply for warrants and follow strict guidelines. But nowhere in Britain do you have less rights than at the border. “Under law, seizing a mobile phone should be only when the phone is essential to an investigation, and then even certain rules should apply. Without these rules, everyone should be worried.” Under the Act, police or border staff can question and even hold someone while they ascertain whether the individual poses a terrorism risk. But no prior authorization is needed for the person to be stopped and there does not have to be any suspicion. It means a police officer can stop any passenger at random, scour their phone and download and retain data, even of the individual is then immediately allowed to proceed. It has been a grey area as to whether the act specifically allowed for phone data to be downloaded and recorded. But last month, Damian Green, the policing minister, laid an amendment to the anti-social behaviour, crime and policing bill, which is currently going through Parliament. It makes the express provision for the copying and retention of information from a seized item. The ability to potentially retain the data indefinitely could also spark a fresh row over civil liberties similar to the controversy around DNA sample. Laws had to be changed to end the retention of the DNA of innocent people after the European Court of Human Rights ruled in 2008 that keeping them was unlawful. Mr Anderson is expected to stress he is not against the power and that it is a useful tool in the fight
Re: [liberationtech] Thank you for choosing cyberpunk dystopia.
Shava you are like a breath of fresh air after dealing with the so called normal people and government idiocracy. Like Spike, I very much look forward to reading your posts. On Wed, Jul 10, 2013 at 4:13 PM, Spike (Chris Foote) sp...@tenbus.co.ukwrote: Thank you Shava, I so look forward to reading your posts. Spike On 10/07/2013 20:07, Shava Nerad wrote: I have to say, this is why I am proposing we must turn to traditional community organizing, using the net only as a means of totally transparent communications at this point for organizing facilitations. We have a strong history in this country of successful insurgent formal nonviolent social movements. And I am afraid if we do not mobilize the consequences are in fact dystopian. We have two generations essentially detached not only from civic activism but largely from the social contract in general. I feel as though society is inviting renewal or despotism. So, what are we looking at? The vague shadows of a Spanish Civil War? I hope the hell not. Shadows of 1930s Germany is what I hear more often, ducking Godwin, but just reporting. The point is that there is one piece of compassion we might have here: while we are horrified as activists in a democracy in America regarding our government, our government -- our friends and people we see not as friends -- is somewhat justifiably horrified looking over our shoulders at the electorate. Government can not change the electorate in a democracy -- at least, not quickly. That really only works the other way around. Our people do not understand their own government any more. They have been reality engineered into a market-of-votes. Elections here are transmedia, and are game theoried to death. Party platforms are minor lore and backstory. Political principals that actually relate to real world consequences have very little place in electoral politics except as they are adopted as plot elements in the transmedia drama, which often holds no reliance, especially, on facts. If you have felt like every bit of this has been social engineering since about Clinton and Gingrich started influencing their parties, I think you would be right. Both men are very fond of a marketing/game theory chase to the middle. The DLC and the Contract for America both displayed strong ideological platforms while candidates pursued whatever it took to take the unaffiliated vote. So we entered the age where everyone complained that the parties were indistinguishable. For decades. Until that became, in market research, too unpopular. Nearly instantly, our two dominant parties went, in the public perception, from being indistinguishable, from having always been too polarized and unable to work with one another, ever. And, although this made approval ratings of Congress as a whole drop (at 11-17% now but they have no reason to fear consequences), it made approval of your local congresscritters go up -- your own delegation is seen as aggressive, fighting for you, and standing up to bad government. Teflon. And totally unaccountable. We are so fucked. This is the perfect morph of we have always been at war with Eurasia in politics. You have to be carefully taught... This is not an electorate. It's an arena of futbol yahoos who never had a chance to learn what it means to be a citizen of a democracy, drunk on cheap beer and cheering for the guys wearing the right color uniforms, and ready to brawl with the other fans if they lose. This is why, yes they are outraged about Prism -- they have been taught to be outraged because in a neuromarketing sense, it retains their attention quivering at the TV for three minutes through the next series of ads, and they retain more information from those ads and are grateful for their soothing effect, so it makes for greater brand affinity. So as long as Snowdon keeps adrenaline moving as political porn, he will get equal time on CNN, MS-NBC, and FOX News, and as soon as he stops selling stuff, the sleeping giant will roll over and go back to hibernation until next crisis or the Superbowl. Like a light switch, by manufactured consent, the spotlights will go off, go on again perhaps as a footnote if some bad consequences happen to Snowden after the NSA decides enough people don't care any more, then fade, entirely, to black. But it is possible to change things. It takes the ones who are still learning, and that means the young, the geeks, the intellectuals. It takes forming a movement based on principals, so it doesn't rely on one set of people coming up with ideas. It must be nonviolent and coherent with how the current system purports to work (and often that ends up working against the system as a shaming mechanism). I am hoping it will be multipartisan, but I am pretty unabashedly old-line liberal and conservative-friendly -- my attitude is that politics is RvR gaming and beers after, and geeks
Re: [liberationtech] Urgent! Need a reliable public OpenID provider
Glad you were able to find some possible alternatives. I hear ya. I look forward to reading your foaming-at-the-mouth post on this. ;) On Mon, Jul 8, 2013 at 7:46 PM, Uncle Zzzen unclezz...@gmail.com wrote: Per se, they're not a provider, but https://openid.net/get-an-openid/gives ideas where you can join. Some don't work anymore (e.g. google), but thanks for the tip. All affected customers have found new providers and the initial crisis is over (phew), but when I have time I intend to write a foaming-at-the-mouth post about those who killed openid (and thus - anonymous accountability) because they had a better business plan (Booz Allen et al *certainly*had one ;) ) On 7 July 2013 19:49, LilBambi lilba...@gmail.com wrote: Is http://openid.net not good enough? On Sat, Jul 6, 2013 at 9:27 PM, Uncle Zzzen unclezz...@gmail.com wrote: Thanks. Meanwhile, looking for a local plan b solution, I've found an OpenID-provider django project https://github.com/bearstech/OursID on github, and turns out they have a working instance at https://openid.bearstech.com Nevertheless, stackexchange looks like a good option to recommend to customers because it's a well known establishment. On 7 July 2013 05:44, Mitar mmi...@gmail.com wrote: Hi! On Sat, Jul 6, 2013 at 11:21 AM, Uncle Zzzen unclezz...@gmail.com wrote: Is there a reliable public OpenID provider I can tell folks to register to? (riseup? telecomix?) or should I deploy one myself? I am using StackExchange: https://openid.stackexchange.com/ And then delegate it to my custom URL: http://blog.stackoverflow.com/2009/01/using-your-own-url-as-your-openid/ Mitar -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] An interview with Snowden and more in Der Spiegel
Very important information. Thank you Jacob. On Mon, Jul 8, 2013 at 7:55 AM, Jason Gulledge ram...@ramdac.org wrote: As an activist, this is pretty damned frightening: (excerpt from http://cryptome.org/2013/07/snowden-spiegel-13-0707-en.htm) *Question:* What happens if the NSA has a user in its sights? *Snowden:* The target person is completely monitored. An analyst will get a daily report about what has changed in the computer system of the targeted person. There will also be... packages with certain data which the automatic analysis systems have not understood, and so on. The analyst can then decide what he wants to do - the computer of the target person does not belong to them anymore, it then more or less belongs to the U.S. government. This has ominous implications. I worry about the private encryption keys on the computers of people in the sights of the NSA. On Jul 8, 2013, at 1:36 PM, Jacob Appelbaum ja...@appelbaum.net wrote: Hi, What we're seeing in Der Spiegel, The Guardian, Washington Post and other select publications is the birth of new threat models - not just for activists but for all of civil society, parliamentarians, companies and more. This is a threat model that many have known and yet at the same time, there is clearly new stuff. For one - we're seeing confirmations of things that have been denied in public - we're also learning the names of things, which now made public, may be FOIA'ed by name as well as pushing for disclosures. This is where we'll see if America will shine - when the information comes out, will we be able to use our democratic process to turn this disaster around? I'd like to think so - that is why I worked on these pieces - hope is not lost. Though hope alone is not a strategy. I think this may be of interest to people on the list: http://www.spiegel.de/spiegel/index-7028.html http://www.spiegel.de/politik/deutschland/snowden-enthuellung-verbindung-zur-nsa-bringt-bnd-in-erklaerungsnot-a-909884.html http://www.spiegel.de/politik/deutschland/us-lauschangriff-opposition-macht-druck-auf-merkel-a-909871.html For non-German speakers I suggest the following English links: http://www.spiegel.de/international/topic/whistle_blowers/ http://www.spiegel.de/international/world/whistleblower-snowden-claims-german-intelligence-in-bed-with-nsa-a-909904.html http://www.spiegel.de/international/world/edward-snowden-accuses-germany-of-aiding-nsa-in-spying-efforts-a-909847.html http://www.spiegel.de/international/world/snowden-reveals-how-gchq-in-britain-soaks-up-mass-internet-data-a-909852.htmlv My interview with Snowden is available as a leaked pdf on cryptome in German: http://cryptome.org/2013/07/snowden-spiegel-13-0707-en.htm http://cryptome.org/2013/07/snowden-spiegel-13-0707.pdf http://cryptome.org/2013/07/snowden-spiegel-13-0707-2.pdf The English original will be released this week. Last week's article is also very important: http://www.spiegel.de/international/world/secret-documents-nsa-targeted-germany-and-eu-buildings-a-908609.html This is also probably of great interest to people on the list: http://oglobo.globo.com/infograficos/volume-rastreamento-governo-americano/ http://jaraparilla.blogspot.com/2013/07/nsa-surveillance-of-australia-exposed.html http://www.theage.com.au/world/snowden-reveals-australias-links-to-us-spy-web-20130708-2plyg.html Welcome to the Grim Meathook Future, Citizens! Lets turn this ship around! All the best, Jacob -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Urgent! Need a reliable public OpenID provider
Is http://openid.net not good enough? On Sat, Jul 6, 2013 at 9:27 PM, Uncle Zzzen unclezz...@gmail.com wrote: Thanks. Meanwhile, looking for a local plan b solution, I've found an OpenID-provider django project https://github.com/bearstech/OursID on github, and turns out they have a working instance at https://openid.bearstech.com Nevertheless, stackexchange looks like a good option to recommend to customers because it's a well known establishment. On 7 July 2013 05:44, Mitar mmi...@gmail.com wrote: Hi! On Sat, Jul 6, 2013 at 11:21 AM, Uncle Zzzen unclezz...@gmail.com wrote: Is there a reliable public OpenID provider I can tell folks to register to? (riseup? telecomix?) or should I deploy one myself? I am using StackExchange: https://openid.stackexchange.com/ And then delegate it to my custom URL: http://blog.stackoverflow.com/2009/01/using-your-own-url-as-your-openid/ Mitar -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] my op/ed in the SF Bay Guardian
Excellent piece! Thanks for sharing it and I will be sharing this. Great job! On Fri, Jun 21, 2013 at 4:16 AM, Shava Nerad shav...@gmail.com wrote: http://www.sfbg.com/politics/2013/06/20/hackivist%E2%80%99s-call-culture-engagement Pretty much what I've been carrying on about here. ;) yrs, -- Shava Nerad shav...@gmail.com -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Free cryptography I course (courtesy Coursera)
Sounds like a great course! Thanks! On Fri, Jun 14, 2013 at 3:43 AM, Eugen Leitl eu...@leitl.org wrote: https://www.coursera.org/course/crypto?utm_classid=971022utm_notid=5333944utm_linknum=1 Cryptography I Dan Boneh Learn about the inner workings of cryptographic primitives and how to apply this knowledge in real-world applications! Workload: 5-7 hours/week Watch intro video Sessions: Jun 17th 2013 (6 weeks long)Sign Up Mar 25th 2013 (6 weeks long)Sign Up Future sessions Add to Watchlist About the Course Cryptography is an indispensable tool for protecting information in computer systems. This course explains the inner workings of cryptographic primitives and how to correctly use them. Students will learn how to reason about the security of cryptographic constructions and how to apply this knowledge to real-world applications. The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. We will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two or more parties generate a shared secret key. We will cover the relevant number theory and discuss public-key encryption and basic key-exchange. Throughout the course students will be exposed to many exciting open problems in the field. The course will include written homeworks and programming labs. The course is self-contained, however it will be helpful to have a basic understanding of discrete probability theory. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Bambi http://BambisMusings.WordPress.com -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [tt] NSA Prism is motivated in part by fears that environmentally-linked disasters could spur anti-government activism
Thanks for all the great food for thought. So much going on... On Fri, Jun 14, 2013 at 10:24 AM, Eugen Leitl eu...@leitl.org wrote: http://www.guardian.co.uk/environment/earth-insight/2013/jun/14/climate-change-energy-shocks-nsa-prism Pentagon bracing for public dissent over climate and energy shocks NSA Prism is motivated in part by fears that environmentally-linked disasters could spur anti-government activism US domestic surveillance has targeted anti-fracking activists across the country. Photograph: Les Stone/REUTERS Top secret US National Security Agency (NSA) documents disclosed by the Guardian have shocked the world with revelations of a comprehensive US-based surveillance system with direct access to Facebook, Apple, Google, Microsoft and other tech giants. New Zealand court records suggest that data harvested by the NSA's Prism system has been fed into the Five Eyes intelligence alliance whose members also include the UK, Canada, Australia and New Zealand. But why have Western security agencies developed such an unprecedented capacity to spy on their own domestic populations? Since the 2008 economic crash, security agencies have increasingly spied on political activists, especially environmental groups, on behalf of corporate interests. This activity is linked to the last decade of US defence planning, which has been increasingly concerned by the risk of civil unrest at home triggered by catastrophic events linked to climate change, energy shocks or economic crisis - or all three. Just last month, unilateral changes to US military laws formally granted the Pentagon extraordinary powers to intervene in a domestic emergency or civil disturbance: Federal military commanders have the authority, in extraordinary emergency circumstances where prior authorization by the President is impossible and duly constituted local authorities are unable to control the situation, to engage temporarily in activities that are necessary to quell large-scale, unexpected civil disturbances. Other documents show that the extraordinary emergencies the Pentagon is worried about include a range of environmental and related disasters. In 2006, the US National Security Strategy warned that: Environmental destruction, whether caused by human behavior or cataclysmic mega-disasters such as floods, hurricanes, earthquakes, or tsunamis. Problems of this scope may overwhelm the capacity of local authorities to respond, and may even overtax national militaries, requiring a larger international response. Two years later, the Department of Defense's (DoD) Army Modernisation Strategy described the arrival of a new era of persistent conflict due to competition for depleting natural resources and overseas markets fuelling future resource wars over water, food and energy. The report predicted a resurgence of: ... anti-government and radical ideologies that potentially threaten government stability. In the same year, a report by the US Army's Strategic Studies Institute warned that a series of domestic crises could provoke large-scale civil unrest. The path to disruptive domestic shock could include traditional threats such as deployment of WMDs, alongside catastrophic natural and human disasters or pervasive public health emergencies coinciding with unforeseen economic collapse. Such crises could lead to loss of functioning political and legal order leading to purposeful domestic resistance or insurgency... DoD might be forced by circumstances to put its broad resources at the disposal of civil authorities to contain and reverse violent threats to domestic tranquility. Under the most extreme circumstances, this might include use of military force against hostile groups inside the United States. Further, DoD would be, by necessity, an essential enabling hub for the continuity of political authority in a multi-state or nationwide civil conflict or disturbance. That year, the Pentagon had begun developing a 20,000 strong troop force who would be on-hand to respond to domestic catastrophes and civil unrest - the programme was reportedly based on a 2005 homeland security strategy which emphasised preparing for multiple, simultaneous mass casualty incidents. The following year, a US Army-funded RAND Corp study called for a US force presence specifically to deal with civil unrest. Such fears were further solidified in a detailed 2010 study by the US Joint Forces Command - designed to inform joint concept development and experimentation throughout the Department of Defense - setting out the US military's definitive vision for future trends and potential global threats. Climate change, the study said, would lead to increased risk of: ... tsunamis, typhoons, hurricanes, tornadoes, earthquakes and other natural catastrophes... Furthermore, if such a catastrophe occurs within the United States itself - particularly when the nation's economy
Re: [liberationtech] FT: Companies scramble for consumer data (personal data are so cheap... why bother to protect them)
Thanks for passing these articles on Yosem! Much appreciated. On Fri, Jun 14, 2013 at 2:48 PM, Yosem Companys compa...@stanford.eduwrote: From: Toon Vanagt toon.van...@casius.com I stumbled on this FT article with 'volume pricing' for personal data and a convenient estimation tool: http://www.ft.com/cms/s/0/f0b6edc0-d342-11e2-b3ff-00144feab7de.html#axzz2W5QWgUuR Basically, if you're a millionaire, your personal data is worth about $ 0.123 (if you're not, you start at: $ 0.007). The FT has build an interactive data value estimation tool. For example by adding ADHD to my profile I gained a stunning $ 0.200. Consider it extra money for 'salting data set' :) 3 Quick thoughts: The Financial Times will not collect, store or share the data users input into the calculator. Despite this disclaimer I wonder what the FT really does with the harvested data on its web servers or considered the risk of 'leaking logs'? At the end of their 'game', I'm invited to share my private 'data worth' on Twitter, which exposes how much Marketers would pay approximately for your data: and conveniently allows third parties to identify me... When linked with their identifiable FT subscriber profile, there's no need for a tweet to link the results to a person. Check https://twitter.com/search?q=%23FTdataworthsrc=typd - public search result. Great for marketeers. Also has the potential to reverse engineer profiles.. Prices in the article calculator seem very low and suggest that your 'personal data' are not really valuable to companies in a consumer society That is if you're not obese, don't subscribe to a gym, don't own a plane... Due to competition the broker prices are said to trending towards 'worthless'.. Data brokers seem to suggest we should not bother to protect something of so little economic value... Let me know if my reading between the lines is wrong. Does anybody know about a personal data value calculator that is not based on broker volume pricing, but reveals how much companies pay for qualified leads in different industries (mortgage, insurance, cruise travel, fitness, car test drive, hotel booking,...) The outcome of such an 'intent cast valuator' would be much higher and more of an economic incentive to raise awareness of data value. Cheers, @Toon -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Bambi http://BambisMusings.WordPress.com -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] diseconomies of scale
Legal Struggles Over Interception Rules in the United States - EFF https://www.eff.org/pages/legal-struggles-over-interception-rules-united-states On Fri, Jun 14, 2013 at 3:24 PM, Lucas Gonze lucas.go...@gmail.com wrote: It occurs to me that Prism exclusively targets large providers. This suggests that it relies on economies of scale. Which suggests a defense against Prism: use small providers, because there are diseconomies of scale. Thoughts? -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Bambi http://BambisMusings.WordPress.com -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech