Re: [liberationtech] Ostel: encrypted phone calls
We've updated the app and the website a bunch this week. We hope that it's even more useful and functional now. Please go to ostel.co and start using our tool for encrypted phone calls. We'd love to hear feedback. Thanks! --* @mbelinsky https://twitter.com/mbelinsky | markbelinsky.comhttps://markbelinsky.com| phone: +1-347-466-9327 | skype: markontheline * On Thu, Jun 6, 2013 at 5:04 AM, Raven Jiang CX j...@stanford.edu wrote: The article mentioned that the order for the dragnet came from the FISA court. Doesn't electronic surveillance of agents that do not belong to foreign entities exceed the legal jurisdiction of the FISA court? On 6 June 2013 00:02, Michael Carbone mich...@accessnow.org wrote: Now is a great time to push OStel further out, as clear evidence that the NSA is scooping up all noncontent cellphone data (including domestic-domestic) is hitting the news: http://www.guardian.co.uk/world/2013/jun/06/nsa-phone-records-verizon-court-order Michael On Jun 5, 2013 6:03 PM, Nathan of Guardian nat...@guardianproject.info wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/05/2013 02:25 PM, Mark Belinsky wrote: When we initially developed ostel.me it used freeswitch but we've moved away from it to allow for better federation. Ostel.co is a new implementation of the open secure telephony network (ostn) standard If you want to track the open-source project behind OStel, you can find on the project tracker[0] and post questions on the guardian-dev list [1]. As Mark mentioned, this is our second go around at creating an Open Secure/Source/Standards Telephony Network [2] service, this time based on the popular+powerful Kamalio [3] SIP server. Soon, we will have all the information posted on how to run your own instance too. We previously documented how to do this with our v1 Freeswitch-based cookbook [4]. After all, we still believe in things like standards, federation and the ability to run your own servers, because, well, that is what the Internet is made of. +n [0] OStel Project Tracker: https://dev.guardianproject.info/projects/ostel [1] Guardian-dev Mailing List: https://lists.mayfirst.org/mailman/admin/guardian-dev [2] OSTN Project Overview: https://guardianproject.info/wiki/OSTN [3] Kamailio: http://www.kamailio.org/w/ [4] DEPRECATED: Run your own OSTN node: https://guardianproject.info/wiki/OSTN_cookbook -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJRr7WdAAoJEKgBGD5ps3qpOswP/RuA6id38QvnUUVxiSpncUxc uwmPo/DtytirKakI+ZZSeAcN0NFTaExIemye/+QLZUBhGr03O3dwG3KlRYt4ztI3 yHk8knWK6CUH3vZqluZdB4dX9EWPET0rh+Makf8Qxhzv7F9zIVMk+2CgoPSex078 MEwXPY7+d7rq3XwwAQHLpjMXxU3J9FXdljRiULr9XyEcTwH7i7T2JzHDx3B9BHE2 5Mqrsaylm9RkkKUuIBLwrOpp8vxGT3Y5qwHQSo0LWIwMi8zm60ScG61eB7xpVmS6 wXrqwb2Gs/ay66yexgJ9A05GYiodE3KDvIUB3Aa9Eu34zzQ0vyS9EGJhKWpEyaqm YsLy9MezpmC3hkVLFHOawoN9BjRivX4KTnyvdPjDV621HoJO5r8qmnbrZKha7jio tNiYLq+bwFabU2DSP4f1k67S2CG0t5IktuLAg2Ckfrg0g3NxfnDT4Q2CANr6h7SC Pryx5+BAebpu4J/Pv1iiBTx7uefrwXYltx2jxF6YoAHnnu6jiJjzvIfAwrvuXNq9 bnsO8TvYFzzPA+i2237WiUvSvOQxjQQQEM4OROJ75VZ9V41ONVy2ndZq8AJmH9dL RhaKJNfr5sXdY3yOSWr3ohUH58hDWR0glaUyt8n6Z47uJVWHJr/whnyAD7YCTvf2 zyJLnld3E5C+/aajioma =NqX3 -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Ostel: encrypted phone calls
When we initially developed ostel.me it used freeswitch but we've moved away from it to allow for better federation. Ostel.co is a new implementation of the open secure telephony network (ostn) standard ~Sent from my mobile. Please excuse any typos or terseness. On Jun 5, 2013 2:19 PM, Pavol Luptak wil...@trip.sk wrote: On Wed, Jun 05, 2013 at 07:12:22PM +0200, KheOps wrote: Hi all, Just came accross that: https://ostel.co/ Open source software for encrypted calls, with a client that apparently runs on a lot of platforms. Anyone ever used/reviewed it already? I used it with my Android SIP clients (CSIPSimple, Acrobits Softphone), It should be completely based on opensource FreeSWITCH http://www.freeswitch.org/ with enabled ZRTP support. CSIPSimple + FreeSWITCH is probably the best opensource ZRTP solution for end-to-end encrypted calls. BTW, what do you think about security of Threema http://threema.ch/en/? Now they have out Android version and it is very user-friendly, unfortunately it's still closed/proprietary software, so I am not sure about security. Pavol -- __ [Pavol Luptak, Nethemba s.r.o.] [http://www.nethemba.com] [tel: +421905400542] -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] New Yorker debut's Aaron Swartz's 'Strongbox.'
Without taking sides on Strongbox, I made an easy interactive tutorial on how to easily access it from a mobile so that journalists can take a peek for themselves: https://guardianproject.info/2013/05/16/strongbox/ -- @mbelinsky | markbelinsky.com | phone: +1-347-466-9327 | skype: markontheline On Fri, May 17, 2013 at 1:23 PM, The Doctor dr...@virtadpt.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/16/2013 01:37 PM, Griffin Boyce wrote: Kevin Poulsen k...@hacknet.com wrote: Shava Nerad shav...@gmail.com wrote: Nadim Kobeissi na...@nadim.cc wrote: Jacob Appelbaum ja...@appelbaum.net wrote: Sarah Lai Stirland: My god, literally *everyone* lurks on libtech. currently sitting with six people who *all* lurk here, Hee hee hee. - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ That which doesn not kill us makes us stranger. --Trevor Goodchild -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlGWZ6oACgkQO9j/K4B7F8HRxwCfS0D/Aj81FvcgUWjBSfv0GX37 +fIAn0vUv82ksAkLHYS/DIBTM8JfTKbR =hOCv -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Satellite phones for Rohingya in Burma
In my work with the Rohingya and research into communications systems in Arakan state in the Western portion of the country, it was notable that there was data coverage spilling over from neighboring Bangladesh and people were using these towers to transmit information across borders. All the best, Mark --* @mbelinsky https://twitter.com/mbelinsky | markbelinsky.comhttps://markbelinsky.com| phone: +1-347-466-9327 | skype: markontheline * On Sun, Mar 17, 2013 at 4:49 PM, ttscanada ttscan...@riseup.net wrote: Very good points, thanks, Jake. We were thinking more of phones since it appears they are more paranoid of cameras than phones, but you have a very good point, phones are more easily controlled. Rethinking. All the best, Heather Marsh @GeorgieBC on Twitter On 13-03-17 1:25 PM, Jacob Appelbaum wrote: ttscanada: Hi Jacob, Yes, exactly to the security issues, which is why we have tried nothing to date, any Rohingya caught with anything like a camera or radio is tortured and killed. Ease of use is also paramount, there is no point risking lives to get a phone in that no one can use. We are unfortunately at final wipeout stage and the people there are agreed that the risk of being killed is 100% with or without phones. I don't know of anything except satellite phones they could use to document. The military is definitely paranoid of cameras, phones and outsiders atm. The situation in every refugee camp outside Burma is also awful, but still not at the stage where it is worth risking lives. We have managed to get some pictures (like of Rakhine flyers announcing the next massacre) but almost nothing out of Sittwe. There is plenty that needs documenting in the surrounding areas though. In any case, they know they will die, they don't want to die without a trace. I am slightly more optimistic that if we get some pictures out some of them won't die at all, we have it from good sources that the government is already very annoyed at the small publicity we have created and worried at the war crimes documentation. The government's official position is that the Rohingya don't actually exist, or if they did they just left. The situation with the Rohingya is heart breaking. :( If it is possible, I would suggest trying to bring cameras like the GoPro: http://gopro.com/ They're not easy or cheap in that part of the world. They are certainly easier to pass on, harder to detect and have a quality that is rarely available to any phone camera. Obviously, any camera is better than no camera for documenting but those are generally weather proofed for serious use. It seems like physical smuggling or geo-caching of the data would be much safer than a sat phone that can be *tracked* and *jammed* simultaneously. At least with geo-caching, one could pass along the coordinates for evidence later and then perhaps at a later date, we will have the evidence stored, found and released. As far as physical smuggling, I suspect that people would need to swallow the media cards or to sew them into clothing. That would allow the cameras to stay in the area but for the data to trickle out. I wish that there was more that I could offer but areas with the Rohingya is very hard to reach. If there is information that you would like to discuss more privately, I welcome contact with GnuPG or with OTR off list. If you are able to get the data to a major city, I think that physical transport *of a copy* will be your best bet for getting the data out quickly. All the best, Jacob -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/**mailman/listinfo/**liberationtechhttps://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/**mailman/listinfo/**liberationtechhttps://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Let's make rooting phones a crime
Good news everyone! It *looks like we made it*. I'd like to share this victory video with you https://www.youtube.com/watch?v=8SEwQRPtUz4feature=youtu.bet=2m13s The White House petitionhttps://petitions.whitehouse.gov/petition/make-unlocking-cell-phones-legal/1g9KhZG7to make unlocking phones legal has surpassed the 100,000 signatures necessaryhttp://thenextweb.com/insider/2013/02/21/petition-to-make-unlocking-phones-legal-again-passes-10-signatures-white-house-is-required-to-respond/for them to issue a statement. It took 26 days to get the first 80,000 signatures and only 2 days to get the last 20,000 we needed. What a great couple days! Thanks to everyone who signed the petition and to those who pointed out that unlocking phones is indeed different than rooting phones. This is one step in the ongoing battle to maintain ownership over the devices we have in our loved ones pockets. Congrats Guardians and libtechers! Best, Mark --* @mbelinsky https://twitter.com/mbelinsky | markbelinsky.comhttps://markbelinsky.com| phone: +1-347-466-9327 | skype: markontheline * On Wed, Feb 20, 2013 at 7:43 PM, Seth David Schoen sch...@eff.org wrote: hwamyeon writes: While I agree that the anti-circumvention provision of the DMCA should be revoked, I don't think we should be tasking the Librarian of Congress to do this for us. The Librarian of Congress's power of exemption is supposed to be specifically in the interest of supporting the mission of the library. Fundamental changes to the DMCA is a political issue that we should be tasking Congress with. I agree that it would be preferable to have a comprehensive fix, like repealing the entirety of §1201. The current law calls for the Librarian of Congress to decide whether persons who are users of a copyrighted work are, or are likely to be in the succeeding 3-year period, adversely affected by the prohibition under subparagraph (A) in their ability to make noninfringing uses under this title of a particular class of copyrighted works. 17 USC §1201(a)(1)(C). So that determination isn't limited to the interest of supporting the mission of the library. -- Seth Schoen sch...@eff.org Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Tragic News: Aaron Swartz commits suicide
In honor of Aaron, I put together this website. I'm selling some commemorative t-shirts with all the proceeds going to his favorite charity. He was truly changing the world and I was lucky to work with him. http://store.markbelinsky.com ~Mark --* @mbelinsky https://twitter.com/mbelinsky | markbelinsky.comhttps://markbelinsky.com| phone: +1-347-466-9327 | skype: markontheline * On Sun, Jan 13, 2013 at 7:34 PM, Joshua Cohen jcohe...@stanford.edu wrote: Reif is a very good person. Sent from my iPhone On Jan 14, 2013, at 7:24 AM, Nadim Kobeissi na...@nadim.cc wrote: It's worth nothing that Reif is new to being MIT President; most of this happened under the reign of Susan Hockfield. NK On Sun, Jan 13, 2013 at 6:20 PM, Kate Krauss ka...@critpath.org wrote: A note from the president of MIT: To the members of the MIT community: Yesterday we received the shocking and terrible news that on Friday in New York, Aaron Swartz, a gifted young man well known and admired by many in the MIT community, took his own life. With this tragedy, his family and his friends suffered an inexpressible loss, and we offer our most profound condolences. Even for those of us who did not know Aaron, the trail of his brief life shines with his brilliant creativity and idealism. Although Aaron had no formal affiliation with MIT, I am writing to you now because he was beloved by many members of our community and because MIT played a role in the legal struggles that began for him in 2011. I want to express very clearly that I and all of us at MIT are extremely saddened by the death of this promising young man who touched the lives of so many. It pains me to think that MIT played any role in a series of events that have ended in tragedy. I will not attempt to summarize here the complex events of the past two years. Now is a time for everyone involved to reflect on their actions, and that includes all of us at MIT. I have asked Professor Hal Abelson to lead a thorough analysis of MIT's involvement from the time that we first perceived unusual activity on our network in fall 2010 up to the present. I have asked that this analysis describe the options MIT had and the decisions MIT made, in order to understand and to learn from the actions MIT took. I will share the report with the MIT community when I receive it. I hope we will all reach out to those members of our community we know who may have been affected by Aaron's death. As always, MIT Medical is available to provide expert counseling, but there is no substitute for personal understanding and support. With sorrow and deep sympathy, L. Rafael Reif VIA -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Google Hangout the new, better skype? Was Re: Skype redux
While Jitsi is fantastically cross-platform, I've not found it to be particularly reliable depending on the operating system and service. I'm glad that Andrew, you've had some successes! I'm curious what combo you were using it with? At Guardian Project we've been investigating the opportunities for secure and encrypted voice and video, as well as working towards developing an open protocol for it, plus determining how it can work on an appropriate client. You can find some of our initial review of available platforms on our wiki https://guardianproject.info/wiki/OSTN or try p2p encrypted voice with ostel.me if you're interested. No video just yet. And group communication... well that's not p2p so not just yet. But Brian, I prefer Google Hangout to Goohke Hangout still. ~Mark --* @mbelinsky https://twitter.com/mbelinsky | markbelinsky.comhttps://markbelinsky.com| phone: +1-347-466-9327 | skype: markontheline * On Fri, Dec 21, 2012 at 3:06 PM, Danny O'Brien dobr...@cpj.org wrote: On Fri, Dec 21, 2012 at 07:26:44PM +0200, Nadim Kobeissi wrote: On Fri, Dec 21, 2012 at 6:56 PM, Nathan of Guardian nat...@guardianproject.info wrote: On 2012-12-21 20:22, Brian Conley wrote: This is a long way of asking, is Goohke Hangout functionally better? Is anything else? Or, how do we get someone to develop a convenient p2p chatting tool that is also pleasurable to use? I personally can't wait for Cryptocat A/V edition! Nadim, hurry up please. :) I hear this a lot — that's a 2014 goal if there ever was one. Somebody was asking why do (at risk) groups use Skype, and it's worth underlining out a couple of reasons, beyond convenient, ubiquitous, multi-platform audio-video chat. * Permanent, multi-user chat rooms. This is what makes Cryptocat such a useful addition: there was a long period where activists didn't have a known alternative to this feature that didn't fail badly (IRC over SSL? Hard to set up, and what if one person doesn't encrypt? etc), especially combined with: * Live audio-visual contact as a form of authentication. The most comprehensible threat for online text conversations is that you're just not talking to the right person/people. I think it's important to bear this in mind because sometimes the discussion around Skype revolves around one-on-one videochat, and that doesn't seem to be the dominant use in my conversations with at-risk users. d. +n -- Unsubscribe, change to digest, or change password at: https:// mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Let's talk about ZRTP
When I presented our Open Source Telephony Network (OSTN) project at HOPE 9http://www.hopenumbernine.net/schedule/a few months ago with Lee, we ran phone calls over the public network and invited people to sniff and check for vulnerabilities. The project is ZRTP and open source and the invite remains open for anyone who wants to help out and test. We've gotten it to work on Blackberry, Symbian, iOS, Android and all variants of desktop OS if you want to try it. More details at https://ostel.me/ All the best, Mark --* @mbelinsky https://twitter.com/mbelinsky | guardianproject.info | phone: +1-347-466-9327 | ostel: 1003 **| pgp: 0xEFBFA7278D8EFFDAhttp://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xEFBFA7278D8EFFDA * On Mon, Dec 3, 2012 at 9:54 AM, Nathan of Guardian nat...@guardianproject.info wrote: Fabio Pietrosanti (naif): Does anyone have tried it? It was a bit flakey when we tested it last year in our work on OSTN/OStel. CSipSimple seemed to be the better choice. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] What I've learned from Cryptocat
In the interest of usability to combat [1) SSL intercept], I'm curious about the benefits/dangers of making the fingerprint of the SSL certificate more accessible to users through visual means. For instance at Guardian Project we've been exploring the ascii art that key fingerprints generate. It's possible to expand that to a website background whose design is generated automatically according to the fingerprint. If the pattern of the background changes then whoops, the certificate may have changed. Of course it's important to note that this too can be spoofed, but it's potentially better than nothing and could be a stopgap until it's indeed spoofed. With HMTL5, it could even be dynamic. I for one agree that Cryptocat is interesting in so far as it allowed for instant chat rooms to easily be created. IMHO it's better than plaintext in certain threat models and how to fix the cert problem should be explored, rather than reinventing the project wholesale. Here's a good write up of a piece of the concept: http://blog.rootshell.be/2008/07/15/ssh-fingerprint-ascii-visualization/ Also, +1 on digital ballistic testing within given threat model parameters ie x state is known for having y capabilities therefore we can assess this technology in z frame. Tossing a couple more cents into the jar, Mark --* @mbelinsky https://twitter.com/mbelinsky | 4hours.wordpress.com | phone: +1-347-466-9327 | skype: markontheline * On Tue, Aug 7, 2012 at 12:13 PM, bou b...@aktivix.org wrote: On 07/08/12 09:25, Luke Allnutt wrote: With Frank's message in mind, do list members have thoughts about the best dumbed-down guide for activists to stay safer online? http://hacktivista.net/hacktionlab/index.php/Tech_tools_for_activists of course nothing is perfect and that booklet is in the process of being seriously updated. I know EFF, MobileActive, and Movements.org have done some good work in this field, but wondered whether there is a consensus on a good short, easy-to-understand document for activists? Luke *fr...@journalistsecurity.net* Sent by: liberationtech-boun...@lists.stanford.edu 08/07/2012 07:19 AM To Moxie Marlinspike mo...@thoughtcrime.org, liberationtech@lists.stanford.edu cc Subject Re: [liberationtech] What I've learned from Cryptocat Hey guys, I appreciate the importance and depth of this discussion. But I also wish to underscore that most of the people who are at risk are not using any tools whether they be CrytoCat, PGP, GChat or others for the simple reason that they either cannot figure them out, or don't have time to figure them out, or both. And I am talking about people at risk in many different nations. No doubt the functional security of tools is an indispensable, essential concern. Ignoring any vulnerabilities is dangerous, indeed. But the usability of the same tools and making them accessible to non-technologists is just as big a concern, in my view. I know you guys think that many such users including Western journalists are simply lazy. But many, if not most of the available tools are simply not intuitive, or not as much as most technologists who already know how to use them seem to think. How many people on this list have spent time asking non-technologists and other users who have tried, but have since given up even trying to use tools like PGP? Or have examined how new users interact with such tools? I have a great deal of respect for this community. But to be honest it seems to me that neither the technologists nor the donors have spent much time asking such questions. If a novice user make a mistake in PGP, for example, it's over. Options are not intuitive if you don't already know them. And if you hit the wrong button, you can end up at a deadend with no guidance how to get back on track. Trust me. I know. And I am not trashing PGP. I know well and fully appreciate it's value and I have used it and continue to use it hostile environments. And I also know that users and only users can make crucial choices during use for their own security. I get that, too. But most digital security tools still do not do a good job of laying out, let alone explaining the options. And I say that with respect for the value of the tools and options themselves. Cryptocat is one of the most user-friendly tools out there, and I think Nadim deserves credit for the effort. Of course, the vulnerabilities must be fixed before anyone should use it in a hostile environment. Although the level of vulnerability might also depend on the nature of the threat in any particular environment. But I also think we need to spend as much time making tools accessible as we do making them secure if we are going to reach the people who really need them. And right now few if any of these tools are having the reach that we all agree is needed. And that is an
Re: [liberationtech] Open Secure Telephony Network (OSTN)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 If you're at HOPE today, I'll be presenting OSTN with Lee at 17:00. Happy to answer any questions there. Anyone else can sign up for the Beta: https://ostel.me You can also install the Android app or the supported apps on Blackberry, iOS, Nokia, Linux, Mac PC, though the wiki details issues on those platforms. https://guardianproject.info/wiki/Ostel https://guardianproject.info/wiki/Ostel You can also create your own OSTN instance. Ours is named Ostel, you can name yours, say, liberationtech. Instructions on that and installing your own Freeswitch server: https://guardianproject.info/2012/05/17/build-your-own-open-secure-telephony-network-some-assembly-required/ https://github.com/lazzarello/chef-twelvetone/tree/master/cookbooks/freeswitch https://github.com/lazzarello/chef-twelvetone/tree/master/cookbooks/freeswitch All the best, Mark - -- @mbelinsky | 4hours.wordpress.com | phone: +1-347-466-9327 | skype: markontheline On 7/15/12 9:52 AM, Nathan of Guardian wrote: On 07/15/2012 09:44 AM, Jacob Appelbaum wrote: Again: Is the source public? Have there been reviews/audits? Jake? :) We've recently put up two posts as part of our overall efforts to self-audit in a very public, transparent manner: A Network Analysis of Encrypted Voice over OSTN https://guardianproject.info/2012/07/05/a-network-analysis-of-encrypted-voice-over-ostn/ Threats and Usability of Secure Voice https://guardianproject.info/2012/07/10/threats-and-usability-of-secure-voice/ You can also find the project wiki here, which includes all the research we did into the various clients, servers, services, etc: https://guardianproject.info/wiki/OSTN As for source code, you can find everything here: https://github.com/guardianproject/OSTel Our full project tracker is also here, if you want to report bugs, comment on features, or otherwise get involved: https://dev.guardianproject.info/projects/ostn/roadmap It must be noted that OSTN is more an exercise in integration, configuration and tuning, than outright software development from scratch. All the pieces existed already to put the stack together (CSipSimple for Android, and Freeswitch server), but they just needed a bit more work on ensuring they worked together in a simple manner. So in summary, eff ya there are audits, notes, code, reports, and basically whatever else we can manage to put out there, in order to build trust with our users and supporters. +n ___ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click yes (once you click above) next to would you like to receive list mail batched in a daily digest? You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAC+2wACgkQIV1Qbrsi8zweIwCeMcpY+dbuKsxW9/vDf7v6gmNr 16wAoPS3vGbnEjU1pfa+DuY4Gxanrggr =dsnR -END PGP SIGNATURE- ___ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click yes (once you click above) next to would you like to receive list mail batched in a daily digest? You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech