Re: [liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?
Hi, Why would anyone bother to change your Twitter image? What do they gain from that? -- Matt Johnson On Sat, Jan 17, 2015 at 9:00 AM, J.M. Porup j...@porup.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/16/15 14:52, Cypher wrote: On 01/15/2015 11:29 AM, carlo von lynX wrote: On Thu, Jan 15, 2015 at 08:49:31AM -0800, Steve Weis wrote: Note you said users will never know if e2e is being used, but as Moxie says we'll be surfacing this into the UI of upgraded clients. There is a systemic legal problem by which neither Facebook, nor Whatsapp, nor Textsecure nor Moxie are in a position to guarantee that whatever is surfaced into the UI actually means what it says. I was under the impression that the government couldn't make you actively lie to someone. For example, if I have a message on my page that says we do not collect any user data and the government makes me collect data on an existing user, that's acceptable. But they could not stop me from changing that sign and force me to lie. I'd assume that would be the case with WhatsApp. Once the visuals are surfaced, each new encrypted connection would be forcing the service to actively tell a lie, which, as I understand it, isn't legal. Of course, IINAL so I don't know. I would like to give a concrete example of commandeering. Something that happened yesterday. I've been saying for a while now that Twitter has been commandeered. There's a great deal of circumstantial evidence pointing this way. I documented my research last March, here: https://medium.com/@toholdaquill/how-the-military-uses-twitter-sock-puppets-to-control-debate-and-suppress-dissent-a4ccba1e6f05 Be sure to read the footnote about @Asher_Wolf. Then yesterday, I logged into Twitter, posted a couple of tweets, and realized that my outgoing tweets had been hacked to include a *different* image than my profile image. The image of a gun: https://twitter.com/toholdaquill/status/556102312494915586 Now, you could argue that someone must have stolen my password and replaced my profile image. But that never happened. My profile photo never changed. Only my outgoing tweets contained a different profile image. To the best of my knowledge, it is not possible for Twitter users to maintain two different profile images at the same time. Additionally, the only operating systems I use are Qubes and Tails. That doesn't make my end points impregnable, but it makes opportunistic hacks rather unlikely. What does this mean? Either: 1) I am a complete liar / fraud / charlatan making this up to annoy everyone (because why?) or 2) Something like this happened: https://firstlook.org/theintercept/2014/02/24/jtrig-manipulation/ Remember? Change their photos on social networking sites Now here's the rub: the Twitter API does not include an optional second profile image parameter. At least not publicly. See: https://dev.twitter.com/rest/reference/post/statuses/update Which means that, at the point of a court order / gun, Twitter has been coerced into putting that parameter into their code, and giving API keys to a thug who works for the FBI / CIA / NSA. And the funny thing? If they were trying to scare me, they failed. All they've done is make me angry. JMP -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJUupUxAAoJEGrDVsHXOmiEufMP/2RUsZG64bYTgTSwPctjtgbC ki8YMuELXs/VeTFDddWIQagikBgaYJxSY3zV/a/wpt0XPZiaIiQFQsLldZORGDFe zN1CVIGtvd7u5WyV3bly34TAoXTlmqipsHXMBv8uqz2MPZe1fWJ1Vda4JIEegPmj 9MUxfD+SfQaiTkIz/JoxfX0mKtSKf3G+yMhqqgkuYaMU2Xkx6q8PMlczKyuXIOCB Ll2lZ2XZR03jUHdnrnCnoYhvhlGyPlrysNvutanIdhW6OdOBSEWC+JnHCh6vCfRZ UwaMiHXcFLgcECP6JtT4xSmF5pD4+uIixWCC79HteVADUqM+Yu9HeAg0mbu9h1S1 RoXmOuPGqaiFHDqcp1EYEj+GrpePaT0ZEC48d+7M0m5BDV5FqiK7VzvyN6zaul93 JPC8M4EvCnCc+cyLvI6ZwY90YQoj9L80/qsBfk0U0uZjGV0KZcig6EBoVl+Y1lHO VJwg+J3fex7y6KkMA+Cu2XCCk30Nt2hO8dy2To0wb0RwPGNBjveNR82bE6KHLOwU niijVg+//aVJQ8oyspJwNvfbosFvHBGCZbCUYVP2cTVrDiEnE/WA7h31FSQ9Rj+g CpGttn9DECOz1rD/uUhF2neH9n7dNj8vC4dLJavzIgwEp6xukAu8d3WIFwmmtt3u hfIVBGXJf43LsL+9B2j7 =IwE5 -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Ubuntu Privacy, malware, Laura Poitras, and cats
Griffin, my question was prompted by your description of a computer with no connections at all; a system that would be pretty useless in my view. A computer that is more or less segregated from the Internet is a different thing. It is much easier to see how such a computer could be useful and worthwhile to lots of people. -- Matt Johnson On Thu, Nov 7, 2013 at 9:57 AM, Griffin Boyce grif...@cryptolab.net wrote: Matt Johnson wrote: You described never attaching USB or an external drive and not copying PDFs. That is mostly in play for computers which have internet access. Typically, the malware deployed is very small and fetches another (more advanced) exploit from an off-site server. If it can't retrieve this file, it waits until it can. Keeping this computer unconnected disrupts this flow. Having it all within a single PDF is problematic because of size (~20ish mb PDF really stands out). I don't think it's a huge deal to have a spare computer that is more or less segregated from the internet, but only you can decide whether it's appropriate. ~Griffin -- Be kind, for everyone you meet is fighting a hard battle. PGP: 0xD9D4CADEE3B67E7AB2C05717E331FD29AE792C97 OTR: sa...@jabber.ccc.de -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Ubuntu Privacy Remix remix?
I fail grasp the utility of such and offline computer. If you keep a computer air gaped as you describe you will not be able to do much with it. What do you want the air gaped computer for? -- Matt Johnson On Wed, Nov 6, 2013 at 9:18 AM, Griffin Boyce grif...@cryptolab.net wrote: anon14...@safe-mail.net wrote: I am really really sorry, but dude, what does **offline** mean to you? Buy a dedicated machine for your offline activities, physically remove the wireless card(s), disable the bluetooth module, and remove all network drivers. If something is fully air-gapped forever, then operating system is virtually irrelevant. There are sufficiently advanced removable-media exploits that can hitch a ride on your USB sticks and external hard drives and even your PDFs. For ~additional~ levels of protection, remove your hard drive entirely and use an easily-discarded operating system like Whonix or even Puppy Linux on a CD. ~Griffin -- Be kind, for everyone you meet is fighting a hard battle. PGP: 0xD9D4CADEE3B67E7AB2C05717E331FD29AE792C97 OTR: sa...@jabber.ccc.de -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Ubuntu Privacy Remix remix?
Sorry Eugen, I am still not getting it. You will author content in isolation, without reference to any information at all? Or perhaps in a library with books on paper? When I author something I constantly refer to other material. Lets say you write something, then burn it to CD and transfer it to a networked system and send it out. Isn't it now subject to traffic analysis and perhaps malware injection? It is only secure if you author it and never move it from the air gaped computer. If you take Griffin's point that connecting a USB stick, or external hard drive is dangerous, and that PDFs are dangerous then I don't think you can do much with that air gaped computer. I am asking a serious question, what are realistic use cases for an air gaped computer? Thanks -- Matt Johnson On Wed, Nov 6, 2013 at 12:32 PM, Eugen Leitl eu...@leitl.org wrote: On Wed, Nov 06, 2013 at 10:54:34AM -0800, Matt Johnson wrote: I fail grasp the utility of such and offline computer. If you keep a You must have nothing to hide, then. Some of us do. computer air gaped as you describe you will not be able to do much with it. Gee, how about authoring content, and encrypting it, and transferring it via sneakernet to your insecure system. That way untrusted network doesn't start at your router, but at your main machine. What do you want the air gaped computer for? Gee, this is exactly the kind of questions which TLAs would love to have answered. But no longer can exfiltrate stealthily. That alone should give you sufficient reason to pay for an air-gapped computer. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Ubuntu Privacy Remix remix?
On Wed, Nov 6, 2013 at 3:56 PM, Jonathan Wilkes jancs...@yahoo.com wrote: On 11/06/2013 04:21 PM, Matt Johnson wrote: Sorry Eugen, I am still not getting it. You will author content in isolation, without reference to any information at all? Or perhaps in a library with books on paper? When I author something I constantly refer to other material. You know most computers come standard with harddrives where you can store documents and stuff. It's kind of like the cloud, except on your own computer and without a requirement to agree to an incomprehensible, probably-evil ToS. Lets say you write something, then burn it to CD and transfer it to a networked system and send it out. Isn't it now subject to traffic analysis and perhaps malware injection? It's not subject to malware injection if it's signed with a Bitcoin key, or a PGP key, etc. It's not necessarily subject to traffic analysis if one distributes it over Tor. But even if the non-air-gapped machine running Tor gets pwned with a zero-day or some other type of attack through the internet, the attacker does not get the Bitcoins/PGP private key, etc., because those things are only found on the air-gapped machine. It is only secure if you author it and never move it from the air gaped computer. See above. Even so, you seem to be ignoring the most important use cases where the reference material is only stored on the air-gapped machine. I'd assume that's how the journalists reporting on the Snowden leaks work. (Or at least they should.) If you take Griffin's point that connecting a USB stick, or external hard drive is dangerous, and that PDFs are dangerous then I don't think you can do much with that air gaped computer. I am asking a serious question, what are realistic use cases for an air gaped computer? Protecting leaked documents and Bitcoin tokens are the two most obvious cases. Essentially any case where you cannot afford for the data to get stolen, but where it's impossible or impractical to use non-digital media like paper. -Jonathan Jonathan, I don't think you are following the whole thread. I understand the value of removing a computer from the network, once you have installed the software you need and put the data you want on it. Griffin suggested never connecting a USB stick, or external drive or copying PDFs to the air gap computer. I have asked how that air gaped computer would be useful. Apparently the point is too subtle. -- Matt Johnson -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Ubuntu Privacy, malware, Laura Poitras, and cats
Griffin, You described never attaching USB or an external drive and not copying PDFs. Of course most other document types can include malware too. What does that leave? Only plain text on a CD? That seems like a tough life. Maybe it is necessary, but you really have to believe. Maybe there are use cases where the hassle of an air gaped computer is worth the considerable effort. The only person I know of who really maintained an air gap was Osama Bin Laden; look how much good that did him. -- Matt Johnson On Wed, Nov 6, 2013 at 5:50 PM, Griffin Boyce grif...@cryptolab.net wrote: Matt Johnson wrote: Griffin suggested never connecting a USB stick, or external drive or copying PDFs to the air gap computer. I have asked how that air-gapped computer would be useful. Apparently the point is too subtle. There are a few aspects to this that I'd like you to consider. Without knowing what the person intends to use it for, I tend to recommend on the far side of caution. Malware that originates from shared offline media *far* predates the modern internet (and my existence, incidentally). It's not that no one should ever connect a USB to an air-gapped computer, but rather weigh their needs/risks. If someone is at a high risk of targeted attack, they may save all of their documents and email (unopened) to a USB or CD and read them only on the air-gapped computer. While that probably sounds like a big hassle (and it is), for someone like Laura Poitras it's absolutely necessary. For a corporate whistleblower, they might use an air-gapped computer to remove metadata before leaking to the New York Times or to an ethical publication like The Guardian. Someone working on a big proposal in a highly-competitive field may produce it only on a wifi-disabled Chromebook. A diplomat might use one to produce official correspondence. A physician or pharmacist might be air-gapped to protect patient privacy. As for PDFs: my running joke is to ask someone if they've seen my paper on PDF malware... which doubles as a good example of PDF malware. Acrobat has javascript enabled by default, and it's surprisingly simple to embed a metasploit payload into an otherwise-normal document. From there I can drop a light executable that is set to retrieve a larger backdoor and install it. At that point, I have control of your computer, and can spread customized malware to your external media and bluetooth drivers. Or just retrieve data. Or turn on your camera. This is not a hypothetical. The realities of the marketplace are such that one's attacker doesn't even need to be a programmer, because it's cheap and easy to purchase customized solutions like this. I have a stalker who, in a different case, is accused of doing this. And this is happening *enough* that it seems like a good scenario to work from. Beyond the realities of activism and journalism and government spying lies the fact that people do shitty things to each other. Everyone has a different risk profile, but if you want absolute privacy you're gonna have to fight for it. One can use TAILS/Whonix and not have to worry as much about the intricacies of their threat model, while still being well-protected. That's why I recommend it. But the person asking for advice already rejected that suggestion. all the best, Griffin (required disclaimer: these are obviously my opinions and not those of my employer, funder, lover, or cat) -- Be kind, for everyone you meet is fighting a hard battle. PGP: 0xD9D4CADEE3B67E7AB2C05717E331FD29AE792C97 OTR: sa...@jabber.ccc.de -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] How Lavabit Melted Down
I read that as Levison being willing to work with law enforcement when they were asking for information on one individual, but not when they wanted a drag net. Levison also said he did not want to give law enforcement access they could reconfigure on their own, without his supervision. That all seems reasonable to me. It may probably makes sense to work with authorities when they do reasonable things, but not when they exceed, or try to exceed, their authority. -- Matt Johnson On Wed, Oct 9, 2013 at 1:52 PM, Tom O winterfi...@gmail.com wrote: He seemed pretty ok with handing over user metadata for a rather small amount of cash though. http://www.theguardian.com/technology/2013/oct/09/lavabit-metadata-log-3500-offer On Thursday, October 10, 2013, Eugen Leitl wrote: http://www.newyorker.com/online/blogs/elements/2013/10/how-lavabit-edward-snowden-email-service-melted-down.html HOW LAVABIT MELTED DOWN POSTED BY MICHAEL PHILLIPS AND MATT BUCHANAN On August 8th, Lavabit, newly famous for being the secure e-mail service used by the National Security Agency whistleblower Edward Snowden, went dark. Its owner and operator, Ladar Levison, replaced its home page with a message: “I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.” Levison could write only that he chose to shut down the company rather than “become complicit in crimes against the American people,” and he promised to “fight for the Constitution in the Fourth Circuit Court of Appeals.” Court-watchers repeatedly checked the Fourth Circuit docket to see whether Levison would follow through. While the Fourth Circuit kept the appeals secret and placed them under seal, observers deduced that Levison’s appeals were the ones numbered 13-4625 and 13-4626. Last week, U.S. District Judge Claude M. Hilton unsealed a hundred and sixty-two pages of previously secret documents related to two District Court orders issued against Lavabit, so that Levison could have a public record of his appeals. These disclosures fall short of the ideal of open justice, but they do give Levison’s ordeal a public shape. They also allow Levison to speak more openly now. This past weekend, in Manhattan’s Bryant Park, his demeanor was steady, if clearly burdened; he is, after all, a man who was forced to destroy the business he had spent most of the past decade building, and who is locked in a legal and philosophical battle against the United States government. Levison wore a white, starched collared shirt with thin gold cufflinks; the afternoon was warm, and sweat, mixed with the gel that fixed his hair in a slightly spiked coiffure, dotted his forehead. He spoke sternly but calmly—his tenor lacked the quiet frenzy of, say, Thomas Drake, the N.S.A. whistleblower, even though most of what he had to say was bad news, if you value electronic privacy or security. He doesn’t use e-mail on his Android smartphone, for instance, because neither the software nor the hardware of any commercial phone can be trusted; carriers and phone makers can push malware onto the device, he said. Yet his views are far from radical. While he opposes the bulk collection of domestic communications, he has no such strong feelings about the N.S.A.’s foreign-surveillance efforts. He is, if anything, disappointed that the U.S. government would spy on its own citizens on such a grand scale, and with such impunity, even though Levison’s decision to build a privacy-oriented e-mail service in the first place, in 2004, was partly in response to the Patriot Act. Part of Lavabit’s mission, before it shut down, was that it would “never sacrifice privacy for profits.” One of its most notable features was that, for paying users, it encrypted e-mail messages and other files stored on its server so that they could not be read by third parties without a user’s password. As the Times reported last week, the unsealed documents reveal that the first chapter of Levison’s “tangle with law enforcement” began in May—well before the first Snowden leak of the N.S.A.’s massive database of call logs broke in June—when an F.B.I. agent left his business card on Levison’s doorstep. On June 10th, the government secured an order from the Eastern District of Virginia. The order, issued under the Stored Communications Act, required Lavabit to turn over to the F.B.I. retrospective information about one account, widely presumed to be that of Snowden. (The name of the target remains redacted, and Levison could not divulge it.) The order directed Lavabit to surrender names and addresses, Internet Protocol and Media Access Control addresses, the volume of each and every data transfer, the duration of every “session,” and the “source and destination” of all communications associated with the account. It also forbade Levison and Lavabit from discussing the matter with anyone. Levison now says
Re: [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption
I would assume the quality of the voice calls would be pretty bad through this kind of setup. How did that work for you? -- Matt Johnson On Fri, Sep 13, 2013 at 9:51 AM, Nathan of Guardian nat...@guardianproject.info wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/2013 05:56 AM, Michael Rogers wrote: The Samsung Galaxy Player (Samsung Galaxy S WiFi in some countries) is essentially an Android phone without a baseband. I believe you can run CyanogenMod on it. So is the Nexus 7 (non-GSM/LTE) version for that matter, though a little big. I've talked about this before, but the use of a MiFi portable network device providing wifi to a tablet/phablet running VoIP software on a clean ROM, provides the best of all worlds - telephony, portability and security. I lived life this way for awhile in New York, using combining the Mifi with known open hotspots in my general daily commute. It worked very well. I know many others, including some on the Guardian Project team, do this as well, as daily practice. You also can generally get 3 tablet devices for the private of 1 smartphone, so you can dispose of them and/or distribute them more widely! +n -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSM0KZAAoJEKgBGD5ps3qpSpQP/R2vRsyD+GMyw4ZmfXnu46uf rMgNKADz7Att1ZNi6Rdt7R45tvTovLcWcqZ2eRNfWembPca9O2ifVLPDGFpp9vhC oV7yzgnEQIswxF2Ex3fg5A8ogFWtZMjbfd8Eo9JsAJfvvP/Z8sfYtJKjnj4D0poH Wi/cWGiPXvofBpz1IyX/8B16211+7rnG9szIV7d3wuUbyMMlLntRE1L0rh92t/tK Kv+ybCmfalh6bd6GSWkFzj4/JwzuArnIi9C0aW5A8Nq53aoNu3JyW3DZNwiP+wuw w0RRvmEEqT3zKDVcgUWeOYI0t4FJcISiFqCZ26xWmCHZ3ZYuHL8HhELX3U/kxa77 EPifPB6paNisbCjDHLkvhdeolzmEol2c6hxdIXCLCcgPLYyKk0AjdsfsU8L+foRq 1io5qOL6dncEBxU+H+utOaCo+QoHE7Rx2pvAyLqKiHHr0PdJqQ5BahGF4aYWzjcU b0C8Iq3frtZkpR09H4Lx5kfB4re6B7fS4gDJe8jmFf7+49g6vmDRj/bfiHygjnxY jXr9HJj5USS6UIe0Ik2Hz/JLsPc7zdGDuxQXHNJmsLa6LffEWfcbVrJT2djk0fV7 74hrkcvNv87wsr50w97d8m/hP43qlVFO8uYIMrB6aCr4srSy6WoQZG9qZ1RwRSKn BtqJsucVFUDBEp1w88Zs =ciN/ -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Naive Question
All of the sneaky signs, email headers and web page badges assume the FBI, or whoever the adversary is are incompetent or inept. That does not see like a safe assumption to me. The only prudent approach is to assume your adversary is intelligent and competent. My guess is that the only defense against NSL's and the like is through policy. I realize that may be blasphemy on this list, but there it is. -- Matt Johnson On Mon, Sep 9, 2013 at 1:26 PM, LISTS li...@robertwgehl.org wrote: What are the legal precedents in terms of wink, wink, nudge, nudge, djaknowhatimean? - Rob Gehl On 09/09/2013 02:24 PM, Shava Nerad wrote: You are awesome,clever, and full of tricks. :) Should I credit you with this? yrs, On Mon, Sep 9, 2013 at 3:40 PM, Case Black casebl...@gmail.com wrote: There's a more subtle variant to this idea... Regularly state (put up a sign) that you HAVE in fact received an NSL...with the public understanding that it must be a lie (there's no law against falsely making such a claim...yet!). When actually served with an NSL, you would now be bound by law to remove any such notification...thereby signaling the event. Regards, Case On Mon, Sep 9, 2013 at 1:24 PM, LISTS li...@robertwgehl.org wrote: I wonder if there's a false analogy here. Hypothetically, the librarian's sign could fall down (maybe the wind blew it over) whereas a notice on a site would have to be removed via coding. There would be little other explanation, even in the case where one does not affirmatively renew the dead man's notice (the countdown that Doctorow suggests in the article). Such an affirmative act might lead a court to believe that one has indeed informed the public about an NSL. - Rob Gehl On 09/09/2013 12:18 PM, Dan Staples wrote: Presumably, if this type of approach became widely adopted, it would be a useful service for an independent group to monitor the status of these notices and periodically publish a report of which companies had removed their notice. On 09/09/2013 12:52 PM, Scott Arciszewski wrote: Forgot the URL: http://www.theguardian.com/technology/2013/sep/09/nsa-sabotage-dead-mans-switch On Mon, Sep 9, 2013 at 12:29 PM, Scott Arciszewski kobrasre...@gmail.com mailto:kobrasre...@gmail.com wrote: Hello, I saw this article on The Guardian[1] and it mentioned a librarian who posted a sign that looked like this: http://www.librarian.net/pics/antipat4.gif and would remove it if visited by the FBI. So a naive question comes to mind: If I operated an internet service, and I posted a thing that says We have not received a request to spy on our users. Watch closely for the removal of this text, what legal risk would be incurred? If the answer is None or Very little, what's stopping people from doing this? Thanks, Scott -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Shava Nerad shav...@gmail.com -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] NYTimes and Guardian on NSA
Hello Shava, You wrote: ...the president essentially struck down posse comitatus in May, they won't know what you are talking about... I don't know what you are talking about either, but I am curious. Could you send a link or two. Thanks -- Matt Johnson On Thu, Sep 5, 2013 at 5:00 PM, Shava Nerad shav...@gmail.com wrote: Part of the tone is also adopted in order to wake the sleeping baby anti-intellectual giants either side of the pond. The smart magazines can publish smart crypto articles, but mass market newspapers have to bring their audiences along, even the Times and Guardian. Very few stories even bother to explain what the NSA does or what its function in government is, which actually rather stuns me, because I find that when I ask the general public that question I find that most of them don't know what the NSA does for the government. Most of them assume it works for the executive branch, but for the DOJ as part of the whole civilian/State/FBI sort of DHS bits, because those lines are so muddied. (And yes, I am conflating Justice and State on purpose there because it's been done in conversation with The (Wo)Man on the Street.). People don't know basic civics. At all. If you tell them they should be upset because the military is conducting domestic surveillance, they look at you like what? East Germany? you say. Stasi? you say. Blank looks. No history. Those who do not learn from history, etc. If you tell them that they should be upset because the president essentially struck down posse comitatus in May, they won't know what you are talking about, but if you say, Basically, if a local SWAT team decides they need backup in some kind of emergency situation and they can't get hold of the governor to call for National Guard? They can call a local military airbase for an airstrike if they want to. Then the people will decide you are cold stoned mad and a total tin hat. Sherman? you say. And if they're from the south, they might go off in a rant, but they still won't relate it to current affairs or do anything. But that is literally what the law says in the US now. That's a bit beyond elementary civics, but it's a bit beyond what the press is reporting on here too. Because the press doesn't really have much literacy in elementary civics or history either. They seem to be drawing mostly on marcom majors these days. This is what the attention economy has done to us. Our culture is a deep, nutrient rich ocean, full of wonders and cthonic monsters that can eat us. And we all surf. Nothing below the surf-ace is important anymore. Yay. SN On Sep 5, 2013 3:31 PM, Richard Brooks r...@acm.org wrote: Latest articles: http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?emc=edit_na_20130905_r=0pagewanted=print http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security I find most of this (if not all) silly. They seem shocked that the NSA does cryptanalysis. It would be nice if the newspapers had people with some knowledge of the domain writing articles. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] FW: NSA Admits: Okay, Okay, There Have Been A Bunch Of Intentional Abuses, Including Spying On Love Interests | Techdirt
Tomasz, you seem to have a dark view of human nature. On the other hand, if this were happening, would we ever find out? -- Matt Johnson On Sun, Aug 25, 2013 at 10:20 AM, Tomasz Rola rto...@ceti.pl wrote: On Sat, 24 Aug 2013, coderman wrote: [...] LOVEINT, as excellent in the mind's eye it may be as focal point for outrage, is clearly just the tip of the ice berg. LOVEINT, excellent cover up for PAEDOINT... Because human nature mixed with NSA makes me expect this, too. Regards, Tomasz Rola -- ** A C programmer asked whether computer had Buddha's nature. ** ** As the answer, master did rm -rif on the programmer's home** ** directory. And then the C programmer became enlightened... ** ** ** ** Tomasz Rola mailto:tomasz_r...@bigfoot.com ** -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] NSA revelations are about capabilities...not intentions
Case, thanks for the info and links. I knew that census data was used to inter the American's of Japanese decent during WW2, but I had not known about the other two instances of abuse. -- Matt Johnson On Wed, Aug 21, 2013 at 6:43 PM, Case Black casebl...@gmail.com wrote: It's instructive to look at the history of America's original surveillance program, its 223 year old US Census program. There are rigorous laws against government abuse of census data[1][2] going back over 200 years. In addition, during each 10-year census period there are earnest advertising campaigns of shameless dis-information assuring American citizens that their census data will remain absolutely confidential and out of reach of all other US Government agencies[3] (worth looking specifically at the 2000 ad campaign image referenced here). Actual history is quite different. At least three times in US history, US Census data has been abused on a massive scale for direct military or police action against US citizens. Each time it was justified by pointing to extraordinary events that demanded its use. In 1864, after General Sherman took Atlanta and destroyed the city of Atlanta, he ordered US Census records for the states he intended to campaign through on his famed March to the Sea to sent by train to his headquarters outside Atlanta. His operational planners sifted through the census records to determine where the richest farms and largest storehouses were located to plan the routing of their Savannah Campaign[4]. Eighty years later in 1942, US Census records were used to identify the residential addresses of all Americans that had declared Japanese (as well as German and Italian) ancestory on their 1940 Census forms. The information was used by FBI and local law enforcement for the round up and placement of over 140,000 people into detention camps of which over 120,000 were US citizens[5][6]. And sixty years later in 2002 came the most recent abuse of US Census data when the Census Bureau handed over information that had been collected about Arab-Americans during the 2000 Census to the FBI and Homeland Security[7]. --- What is clear is that as long as the capabilities to amass data exists, there will be repeated abuses of that data. Furthermore, that abuse will almost always be in the form of repressive military and police actions against that nation's own citizens without regard to laws, constitutions or intentions[8]. We have far more to fear than the terrorists... --- [1] http://www.census.gov/privacy/data_protection/title_13_-_protection_of_confidential_information.html [2] http://voices.washingtonpost.com/federal-eye/2010/03/justice_dept_census_confidenti.html [3] http://files.coloribus.com/files/adsarchive/part_214/2141255/file/census-2000-hispanic-campaign-no-small-75969.jpg [4] http://www.georgiaencyclopedia.org/articles/history-archaeology/shermans-march-sea [5] JR Minkel (March 30, 2007). Confirmed: The U.S. Census Bureau Gave Up Names of Japanese-Americans in WW II. Scientific American [6] Haya El Nasser (March 30, 2007). Papers show Census role in WWII camps. USA Today [7] http://epic.org/privacy/census/foia/ [8] http://www.toad.com/gnu/census.html -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] How Microsoft handed the NSA access to encrypted messages
I found that article disappointing. There was little new information, and more important now new sources. If this is from documents that Snowden released, we should be able to see the documents. -- Matt Johnson On Thu, Jul 11, 2013 at 11:04 AM, Nadim Kobeissi na...@nadim.cc wrote: A brand new scoop by Glenn Greenwald: http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data Microsoft has collaborated closely with US intelligence services to allow users' communications to be intercepted, including helping the National Security Agency to circumvent the company's own encryption, according to top-secret documents obtained by the Guardian. The files provided by Edward Snowden illustrate the scale of co-operation between Silicon Valley and the intelligence agencies over the last three years. They also shed new light on the workings of the top-secret Prism program, which was disclosed by the Guardian and the Washington Post last month. The documents show that: • Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal; • The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail; • The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide; • Microsoft also worked with the FBI's Data Intercept Unit to understand potential issues with a feature in Outlook.com that allows users to create email aliases; • Skype, which was bought by Microsoft in October 2011, worked with intelligence agencies last year to allow Prism to collect video of conversations as well as audio; • Material collected through Prism is routinely shared with the FBI andCIA, with one NSA document describing the program as a team sport. More at the link: http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data NK -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Postal mail monitoring
This NY Times article: http://www.nytimes.com/2013/07/04/us/monitoring-of-snail-mail.html?hp_r=2pagewanted=all reports that the USPS has been keeping images of the outside of mail for years. It is used in criminal investigations and for national security. This is some information about how often it is used in criminal investigations, but no such information about national security use. From the article: Mr. Pickering was targeted by a longtime surveillance system called mail covers, but that is only a forerunner of a vastly more expansive effort, the Mail Isolation Control and Tracking program, in which Postal Service computers photograph the exterior of every piece of paper mail that is processed in the United States — about 160 billion pieces last year. It is not known how long the government saves the images. I thought this might be of interest to this list, especially to anyone who thought they could be safe by not using digital communications. -- Matt Johnson -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Open Solicitation for Concept Notes: Open Technology Fund
The US federal government is huge. Different parts of the government work at cross purposes all the time. -- Matt Johnson On Tue, Jul 2, 2013 at 10:17 AM, Griffin Boyce griffinbo...@gmail.com wrote: Frederick FN Noronha फ्रेड्रिक नोरोन्या *فريدريك نورونيا fredericknoro...@gmail.com wrote: For what? Propping up US foreign policy? FN That's an interesting statement, and I'm not sure it's really reflected in the types of projects that OTF funds[1]. GlobaLeaks doesn't really seem like a tool of US oppression or what-have-you. Neither does Cryptocat, Commotion, Whisper Systems, or any of the others. Though it's worth noting, in the interests of full disclosure, that I work on two of those projects. Caveat lector. ~Griffin [1] https://www.opentechfund.org/projects -- Just another hacker in the City of Spies. #Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de My posts, while frequently amusing, are not representative of the thoughts of my employer. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] a privacy preserving and resilient social network
Encryption meaningfully prevented a wiretap for the first time ever in *2012* (or so we're told, for non-intelligence domestic US wiretaps), and has only ever worked five times. What are you referring to? Do you have a pointer to more information? I am very curious. -- Matt Johnson On Fri, Jun 28, 2013 at 10:13 PM, Eleanor Saitta e...@dymaxion.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2013.06.28 13.14, Jonathan Wilkes wrote: Just curious, Eleanor-- once you implement your bullet-proof privacy- preserving network, how do you plan to make the user experience at all tolerable without automated mirroring like what this developer has written and tested? That's going to depend on the system and the situation. With Briar, we do things that are fairly similar, but we also make a point of taking unlinkability seriously. Research code into social mirroring? Awesome. Protocol design intended for deployment that ignores unlinkability? Not awesome. More specifically, some of this is unrelated to Alireza's proposal -- I'm using it to illustrate the kinds of shifts that we need to undertake in our thinking here. It's not about *this* tool, it's about every tool we build. To that end, I suppose I do owe them a bit of an apology -- really, it's nothing personal about this tool (and certainly not anything about them, although I hope that's obvious). It's all of us and everything that needs to shift. Finally, I should note in passing, I'm not trying to make something bullet-proof. I care about security outcomes, not security theories. What I want to see is our tools reaching the point where we're actually playing the game, because right now, we're not even on the road to the stadium. Encryption meaningfully prevented a wiretap for the first time ever in *2012* (or so we're told, for non-intelligence domestic US wiretaps), and has only ever worked five times. This is pathetic and terrifying. Let's become an actual problem. E. - -- Ideas are my favorite toys. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iF4EAREIAAYFAlHObREACgkQQwkE2RkM0wrI1AD/aSD1R4PCjLVMxJGfY2s1CDLP 0EOaFBGkh3daJdsJ6moA/0DHZM5CoIwHpUN/3O6cx7HdKSmE6VcqxTsnI6+f9kt+ =v8og -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] US wiretap statistics (was re: a privacy preserving and resilient social network)
Well that is good news, thanks for the pointer! Now all we need is for the court to report what cipher and which encryption tools were used... -- Matt Johnson On Fri, Jun 28, 2013 at 10:21 PM, Eleanor Saitta e...@dymaxion.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2013.06.29 01.18, Matt Johnson wrote: Encryption meaningfully prevented a wiretap for the first time ever in *2012* (or so we're told, for non-intelligence domestic US wiretaps), and has only ever worked five times. What are you referring to? Do you have a pointer to more information? I am very curious. http://www.uscourts.gov/Statistics/WiretapReports/wiretap-report-2012.aspx#sa5 E. - -- Ideas are my favorite toys. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iF4EAREIAAYFAlHObssACgkQQwkE2RkM0wpJvgD9FMiYpwatSomo+sCOr2JQxPnU nUC3+yZzHJ1Uyh1+23gA/0tijTIRQnh5kZzIP9Fw6uUm9JiweuRXSv4mHhhPC/Gq =Lw8s -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Euclid Analytics
So do we all need to generate random MAC addresses now? I don't think you can do that on an iPhone though. -- Matt Johnson On Fri, Jun 21, 2013 at 10:06 AM, Daniel Sieradski d...@danielsieradski.com wrote: Has anyone heard about this company Euclid Analytics? Apparently they track individual behavior over WIFI by logging your phone's MAC address and storing info on where you shop and for how long. http://euclidanalytics.com/product/zero/ -- Daniel Sieradski d...@danielsieradski.com http://danielsieradski.com 315.889.1444 Follow me at http://twitter.com/selfagency Public key http://danielsieradski.com/share/ds_public.key -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Euclid Analytics
Mutating IMEI's is interesting. How does that work on phone networks? Can you phone connect with out a recognizable IMEI? Doesn't your IMSI identify you anyway? You can change your SIM, but I don't think you can spoof it, right? -- Matt Johnson On Fri, Jun 21, 2013 at 11:40 AM, Eugen Leitl eu...@leitl.org wrote: On Fri, Jun 21, 2013 at 10:25:21AM -0700, Matt Johnson wrote: So do we all need to generate random MAC addresses now? I don't think you can do that on an iPhone though. MACs are easy, and they're limited-scope, anyway. Much better would be a daemon that mutates your IMEI on a daily, or hourly basis. This would be limited to rooted devices, and alternative firmware (e.g. CM) which already give you root. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Oakland Cryptoparty This Sunday at 1pm
Eugen, I don't think MTA configuration will help the target audience of the cryptoparties. I doubt many of them run their own mail servers. I believe they are targeting end user client machines. Of course you are right that many users will stop using it if it is difficult. The idea of the cryptoparty, as I understand it, it to help those users. This way more people learn how to use cryptography and the the people who write the cryptography software may learn what is difficult for end users. Your dismissive attitude will not help, the cryptoparty might. -- Matt Johnson On Fri, Jun 14, 2013 at 12:56 AM, Eugen Leitl eu...@leitl.org wrote: On Fri, Jun 14, 2013 at 12:11:34AM -0700, William Gillis wrote: Now that everyone knows about the NSA isn't it time you tackled setting up PGP? If it's not transparent, Johny User will eventually drop it. Before you do that, rather enable StartTLS on your mail transport agent (e.g. postfix). And then install email encryption gateways http://www.postfix.org/addon.html#security-gateway https://code.google.com/p/gpg-mailgate/ After you have done that, you can turn to PGP/SMIME for end user MUAs. Are you or friends you know looking to adopt bread and butter encryption tools online and on your phone? Could you use folks to show the way, lend a hand, answer questions, or offer explanations? Drop by Sudoroom (2141 Broadway, Oakland CA) between 1pm and 4:30pm this Sunday the 16th! The NSA leaks provide most folks with a rare impetus to slog though installing and getting up to speed on the basics. If you can merely handle showing random people off the street one-on-one how to download textsecure from google's appstore, you're golden, we want you to come hang with us and potentially save people's lives, certainly their privacy. Think impromptu demonstrations, one-on-one help and informal presentations. https://sudoroom.org/ai1ec_event/digital-security-workshop/?instance_id -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] NSA whistleblower revealed
I have to say going to Hong Kong for free speech and safety seems like a very odd choice to me. What was he thinking? -- Matt On Sun, Jun 9, 2013 at 12:30 PM, Yosem Companys compa...@stanford.edu wrote: Edward Snowden: the whistleblower behind revelations of NSA surveillance http://www.guardian.co.uk/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance The individual responsible for one of the most significant leaks in US political history is Edward Snowden, a 29-year-old former technical assistant for the CIA and current employee of the defence contractor Booz Allen Hamilton. Snowden has been working at the National Security Agency for the last four years as an employee of various outside contractors, including Booz Allen and Dell. The Guardian, after several days of interviews, is revealing his identity at his request. From the moment he decided to disclose numerous top-secret documents to the public, he was determined not to opt for the protection of anonymity. I have no intention of hiding who I am because I know I have done nothing wrong, he said. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] NSA whistleblower revealed
Snowden says he wants asylum in Iceland. Why not go there directly? Going to Hong Kong makes him vulnerable to accusations of working for the PRC. None of that makes sense to me, but what do I know. I will watch, and learn. -- Matt On Sun, Jun 9, 2013 at 3:52 PM, Raven Jiang CX j...@stanford.edu wrote: There is a strong resistance against Chinese strong-arming in Hong Kong, plus I am not sure that it is actually in the interest of the Chinese government to help the US do anything about this. I think you can make a case for why it's a better choice, though it is definitely debatable. On 9 June 2013 15:10, Sheila Parks sheilaruthpa...@comcast.net wrote: I agree with what you say about Hong Kong He does say he would like to end up in Iceland Wonder why he did not go there in the first place Such an immensely brave and honest person Sheila At 06:04 PM 6/9/2013, you wrote: On 06/09/2013 04:43 PM, Matt Johnson wrote: I have to say going to Hong Kong for free speech and safety seems like a very odd choice to me. What was he thinking? Actually, and I think this is pointed out in either the video or an article somewhere, Hong Kong doesn't generally suffer the speech restrictions mainland China does. Sure, they aren't completely free but protests and unpopular political speech happen quite frequently and are generally well tolerated by the government. Still, I have to wonder why he didn't go somewhere like Iceland. To me, that would have been a no-brainer. Anthony -- Anthony Papillion Phone: 1.918.533.9699 SIP: sip:cajuntec...@iptel.org iNum:+883510008360912 XMPP:cypherpun...@jit.si www.cajuntechie.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech Sheila Parks, Ed.D. Founder Center for Hand-Counted Paper Ballots Watertown, MA 02472 617 744 6020 DEMOCRACY IN OUR HANDS www.handcountedpaperballots.org she...@handcountedpaperballots.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] NSA whistleblower revealed
Raven, your analysis is interesting. I wonder why the Chinese would do anything to help him? I cannot see how the publicity would work to the PRC's advantage. I am sure they would work with him if he wanted to sell them docs, but that does not seem to be his game. Of course you are right, he does not have any safe choices now. -- Matt Johnson On Sun, Jun 9, 2013 at 5:41 PM, Nadim Kobeissi na...@nadim.cc wrote: On 2013-06-09, at 8:40 PM, Raven Jiang CX j...@stanford.edu wrote: He did work in the intelligence community so maybe he has a better idea than us. My guess is that asylum in Iceland is ideal if everything worked out, but he doesn't think it is strong enough to resist U.S. pressure. Hong Kong is stable and modern, so he is less likely to be killed or kidnapped by local criminals on CIA payroll, and at the same time the Chinese government is less likely to cooperate with the U.S. than most other stable governments around the world. It's definitely a risky choice, but it's not like there is really any safe ones. I think the gamble boils down to whether China sees more value in trading him off for some other diplomatic concession or keep him safe as a constant reminder of U.S. hypocrisy. Very intelligent analysis there as to why he picked Hong Kong. NK On 9 June 2013 17:17, Matt Johnson railm...@gmail.com wrote: Snowden says he wants asylum in Iceland. Why not go there directly? Going to Hong Kong makes him vulnerable to accusations of working for the PRC. None of that makes sense to me, but what do I know. I will watch, and learn. -- Matt On Sun, Jun 9, 2013 at 3:52 PM, Raven Jiang CX j...@stanford.edu wrote: There is a strong resistance against Chinese strong-arming in Hong Kong, plus I am not sure that it is actually in the interest of the Chinese government to help the US do anything about this. I think you can make a case for why it's a better choice, though it is definitely debatable. On 9 June 2013 15:10, Sheila Parks sheilaruthpa...@comcast.net wrote: I agree with what you say about Hong Kong He does say he would like to end up in Iceland Wonder why he did not go there in the first place Such an immensely brave and honest person Sheila At 06:04 PM 6/9/2013, you wrote: On 06/09/2013 04:43 PM, Matt Johnson wrote: I have to say going to Hong Kong for free speech and safety seems like a very odd choice to me. What was he thinking? Actually, and I think this is pointed out in either the video or an article somewhere, Hong Kong doesn't generally suffer the speech restrictions mainland China does. Sure, they aren't completely free but protests and unpopular political speech happen quite frequently and are generally well tolerated by the government. Still, I have to wonder why he didn't go somewhere like Iceland. To me, that would have been a no-brainer. Anthony -- Anthony Papillion Phone: 1.918.533.9699 SIP: sip:cajuntec...@iptel.org iNum:+883510008360912 XMPP:cypherpun...@jit.si www.cajuntechie.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech Sheila Parks, Ed.D. Founder Center for Hand-Counted Paper Ballots Watertown, MA 02472 617 744 6020 DEMOCRACY IN OUR HANDS www.handcountedpaperballots.org she...@handcountedpaperballots.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] NSA whistleblower revealed
I am not sure if the blow by blow news coverage is of interest to this list, but I thought people might want another piece of info about Snowden. http://bigstory.ap.org/article/hawaii-real-estate-agent-snowden-left-may-1 On Sun, Jun 9, 2013 at 6:44 PM, Matt Johnson railm...@gmail.com wrote: Raven, your analysis is interesting. I wonder why the Chinese would do anything to help him? I cannot see how the publicity would work to the PRC's advantage. I am sure they would work with him if he wanted to sell them docs, but that does not seem to be his game. Of course you are right, he does not have any safe choices now. -- Matt Johnson On Sun, Jun 9, 2013 at 5:41 PM, Nadim Kobeissi na...@nadim.cc wrote: On 2013-06-09, at 8:40 PM, Raven Jiang CX j...@stanford.edu wrote: He did work in the intelligence community so maybe he has a better idea than us. My guess is that asylum in Iceland is ideal if everything worked out, but he doesn't think it is strong enough to resist U.S. pressure. Hong Kong is stable and modern, so he is less likely to be killed or kidnapped by local criminals on CIA payroll, and at the same time the Chinese government is less likely to cooperate with the U.S. than most other stable governments around the world. It's definitely a risky choice, but it's not like there is really any safe ones. I think the gamble boils down to whether China sees more value in trading him off for some other diplomatic concession or keep him safe as a constant reminder of U.S. hypocrisy. Very intelligent analysis there as to why he picked Hong Kong. NK On 9 June 2013 17:17, Matt Johnson railm...@gmail.com wrote: Snowden says he wants asylum in Iceland. Why not go there directly? Going to Hong Kong makes him vulnerable to accusations of working for the PRC. None of that makes sense to me, but what do I know. I will watch, and learn. -- Matt On Sun, Jun 9, 2013 at 3:52 PM, Raven Jiang CX j...@stanford.edu wrote: There is a strong resistance against Chinese strong-arming in Hong Kong, plus I am not sure that it is actually in the interest of the Chinese government to help the US do anything about this. I think you can make a case for why it's a better choice, though it is definitely debatable. On 9 June 2013 15:10, Sheila Parks sheilaruthpa...@comcast.net wrote: I agree with what you say about Hong Kong He does say he would like to end up in Iceland Wonder why he did not go there in the first place Such an immensely brave and honest person Sheila At 06:04 PM 6/9/2013, you wrote: On 06/09/2013 04:43 PM, Matt Johnson wrote: I have to say going to Hong Kong for free speech and safety seems like a very odd choice to me. What was he thinking? Actually, and I think this is pointed out in either the video or an article somewhere, Hong Kong doesn't generally suffer the speech restrictions mainland China does. Sure, they aren't completely free but protests and unpopular political speech happen quite frequently and are generally well tolerated by the government. Still, I have to wonder why he didn't go somewhere like Iceland. To me, that would have been a no-brainer. Anthony -- Anthony Papillion Phone: 1.918.533.9699 SIP: sip:cajuntec...@iptel.org iNum:+883510008360912 XMPP:cypherpun...@jit.si www.cajuntechie.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech Sheila Parks, Ed.D. Founder Center for Hand-Counted Paper Ballots Watertown, MA 02472 617 744 6020 DEMOCRACY IN OUR HANDS www.handcountedpaperballots.org she...@handcountedpaperballots.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password
Re: [liberationtech] Why Metadata Matters
Griffen, your example is flawed. The data being reported by Verizon is call duration, not how long someone is at a particular place. So someone with that data could say that Jane made a call from 16th L, but not how she stayed there after the call ended. -- Matt On Thu, Jun 6, 2013 at 10:44 AM, Griffin Boyce griffinbo...@gmail.com wrote: I see a lot of people wondering why metadata matters. But they don't know *what* you're doing there! So I'll give a short example to illustrate how metadata can be used to not only determine who someone is talking to, but also to invade their privacy and uncover the most intimate details of their life. Jane is at 16th L Street for an hour. Carla is at 16th L Street for four hours. She's had a short visit previously. James is at 16th L Street for twenty minutes. He comes back at the same time every week. Kris is at 16th L Street for ten hours. Rick is at 16th L Street for eight hours every night. Samantha has been there for three days and four hours. 16th L Street is the address of a Planned Parenthood in Washington, DC. Jane is having a physical. Carla is having an abortion. James receives his medication there. By visit time, location, and frequency, he is likely a trans guy. If his appointments were every two weeks, the metadata would indicate that James is a trans woman. Kris is protesting there. Rick works in an office in the same building. Samantha dropped her phone in the Farragut West Metro Station and has been looking for it ever since. And that's just location data. If one calls a physician every day, perhaps they have a major medical problem. If a crime happens on the other side of town, and you suddenly start calling attorneys... did you do it? There are numerous explanations for either of those scenarios, but this kind of metadata in isolation can be used to tell almost any story you want. Stay safe out there. best, Griffin Boyce -- Technical Program Associate, Open Technology Institute #Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech