Re: [liberationtech] Public Shielded Room Work

2018-10-15 Thread Travis Biehn 
Hey Karl,
Cool.

On Mon, Oct 15, 2018 at 10:01 AM Karl  wrote:

> Thanks so much for your replies.
>
> On 10/14/2018 09:07 PM, grarpamp wrote:
> > Consider utilizing a github / wiki somewhere for this project,
> > People can join together to generate the motivations and goals,
> > outline areas of research, hacking and acquisitions needed,
> > develop workplans, reproducible test setups, progress, results,
> > costs, etc. Perhaps also some form of makerspace later on.
>
> Okay.  I made these:
>
> - gitlab wiki:
> https://gitlab.com/xloem/openemissions/wikis/FAQ-and-Discussion
> - chat: #openemissions:matrix.org on matrix and #openemissions on freenode
> - loomio decision-making group:
> https://www.loomio.org/g/MYQFl2dC/open-emissions
>
> I struggle with organization and would really appreciate any work to
> make things more organized.
>
> If anybody is interested in collaborating actively on this right now,
> chat is most convenient for me at the moment.
>
> On 10/14/18, CANNON  wrote:
> > Any power going into such a room should use a UPS battery to prevent data
> > leakage through power lines/usage.
> > (Would power lines become an antennae for electro-magnetic frequency
> > leakage?) Would a UPS be sufficient enough for
> > security?
>
> Your use of 'UPS' seems a little ambiguous here.  I have been thinking
> of keeping a 12V battery inside the room, and using only DC power.  AC
> power seems like just another source of emissions to track, to me.
>
> My understanding is that filters are placed on lines to prevent any
> but acceptable frequencies being carried on them.  The field of
> electromagnetic compatibility covers this a lot, I think.  Power lines
> completely behave as antennae, and couple nearby signals from one end,
> to the other, by receiving them and then re-radiating them.
>
> Filtered AC power could be plugged straight into the mains, but I
> don't at this time have the experience to trust the filters, and it
> complicates construction of the room to make an additional penetration
> for the wiring.
>
> > And if network connectivity is needed, to prevent network cables from
> being
> > a carrier of EMF leakage, perhaps fiber optic line?
>
> As above, I think sneakernet is the way to go for highest security.
>
> With regard to fiberoptic transmissions, it seems to me the gold
> standard would be open-source transcievers that are shielded to
> decrease the utility of compromising them, and a way to sniff the
> fiber-optic line to verify it does not carry unexpected data.
>

I recently prototyped one of these types of systems, just to prevent EMR
between different security domains, using off-the-shelf components;
PC <-> Arduino <-> MAX232 <-> Fiber Converter <-> Duplicate (apparently
popular for aging SCADA systems, cheaper than BAE Data Diodes - probably
just as good.)

Unidirectional properties are as easy to confirm as leaving a fiber cable
unplugged. Monitoring the fiber itself is probably hard & expensive - but
the signal out of the MAX232s at either end, and going in and out of the
microcontrollers, is easy to inspect using a cheap PC attached Logic
Analyzer (digital domain smuggling between bits) and Oscilloscope (unlikely
analog domain covert channels, which Apple has employed for different
reasons.) I used DSLogic kit paired w/ their fork of sigrok. All very
straightforward.

IF a transmitter was modified to analyze or retransmitting important parts
of EMR over a covert fiber channel, and the receiver was modified to
forward clean RS232 and covertly exfil from the fiber side channel, you
won't catch it with this setup. Interested in whether it's more feasible to
detect side-channels over fiber or verify the transmitters.


> Karl
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing the moderator
> at zakwh...@stanford.edu.
>


-- 
Twitter  | LinkedIn
 | GitHub 
| TravisBiehn.com  | Google Plus

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing the moderator at 
zakwh...@stanford.edu.

Re: [liberationtech] TEXTCOMBINE-REV, A software for combining text files to obtain high-quality pseudo-randomness in practice (replacing an earlier retracted software)

2017-09-07 Thread Travis Biehn 
It seems necessary, now, to hi-light the following caveat from the work;

.. should be noted however that the goal of this software
# is not the generation of bit sequences to compete with those from the
# CSPRNGs, which have theoretical proofs of their nice qualities. Since the
# techniques employed in the present software are all empirical or heuristic in
# nature, any rigorous proofs of qualities would evidently be futile from the
# outset. On the contrary, our main goal is rather humble: It consists in
# providing a practically acceptable, under circumstances fairly convenient and
# even welcome alternative means of obtaining high-quality pseudo-randomness.

You might question why it appears on this list, as software producers here
should be mostly interested in CSPRNGs. Fumbling RNG use in
privacy-oriented software usually leads to 'significant harms.'

-Travis

On Thu, Sep 7, 2017 at 1:33 AM, Cecilia Tanaka 
wrote:

> I know you don't like to be called Professor, but you were being my
> teacher, my professor while I was feeling fear and much pain in the
> hospital.  I thank you very much for sincerely sharing your software with
> us.  Some will hate, some will love, but the point is knowing how many
> efforts, how much time you've spent doing something special for sharing
> with the world.  Thank you very much for it.  I am very proud!  :D
>
> --
> "Don't let anyone rob you of your imagination, your creativity, or your
> curiosity.  It's your place in the world; it's your life.  Go on and do all
> you can with it, and make it the life you want to live."  -  Mae Jemison
>
>
> On Aug 31, 2017 7:01 PM, "mok-kong shen" 
> wrote:
>
>
> An earlier software of mine, TEXTCOMBINE-SP, posted to this group was not
> satisfactory due a bug in a function employed in its design and was
> retracted.
>
> I am posting now its replacement TEXTCOMBINE-REV which has been carefully
> tested and has a fairly good performance IMHO. The following is extracted
> from its
> Prologue:
>
> # What has been achieved by the present software can be tersely summarized
> as
> # follows, assuming the general case where the text files are sufficiently
> # large:
> #
> # (1) The generated byte sequences pass, via design specifications of the
> # software, Maurer's universal test and the autocorrelation test for
> all
> # d in the range [1, 16] as well as the ENT test with an entropy value
> # according to it of at least 7.99 bits per byte. The software is
> namely
> # coded such that it would give up, reporting failure, after a certain
> # specified maximum amount of processing has been done without finding
> # a solution.
> #
> # (2) An extensive expermiment of the present author done on all different
> # combinations, totalling 3060 in number, of 4 source materials (of
> size
> # 600 KB each) taken from 18 different books of English literature
> # downloaded from Project Gutenberg resulted in the following:
> #
> # (a) No case of failure was ever encountered. On the contrary, the
> above
> # mentioned processing limit, which is in terms of rounds of
> certain
> # preprocessing of source materials before they are xor-ed
> together,
> # was by far not being approached in the experiment. For details,
> see
> # Epilogue.
> #
> # (b) The worst case of entropy according to ENT in the experiment was
> # higher than 7.995 bits per byte and the average CPU-time was
> less than
> # 15 sec on author's PC.
>
> The software is available at http://mok-kong-shen.de
>
> M. K. Shen
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated: https://mailman.stanford.edu/m
> ailman/listinfo/liberationtech. Unsubscribe, change to digest, or change
> password by emailing the moderator at zakwh...@stanford.edu.
>
>
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated: https://mailman.stanford.edu/
> mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change
> password by emailing the moderator at zakwh...@stanford.edu.
>



-- 
Twitter  | LinkedIn
 | GitHub 
| TravisBiehn.com  | Google Plus

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing the moderator at 
zakwh...@stanford.edu.

Re: [liberationtech] New messenger to replace Adium and Pidgin

2015-11-01 Thread Travis Biehn 
"It works with all your old contacts."

Oh boy, is that being touted as a feature?

Travis

On Fri, Oct 30, 2015, 6:18 AM carlo von lynX 
wrote:

> Oh, at the last Tor developer meeting I heard that this project
> was looking for a new name since it doesn't make sense to wear
> "Tor" in it as if that was a quality endorsement.
>
> On Thu, Oct 29, 2015 at 03:43:58PM -0400, Kate Krauss wrote:
> > Today, Tor is releasing a beta version of Tor Messenger. Compared to
> > Adium or Pidgin (you can use your jabber address and all your
> > contacts)--it's pretty easy to use and much safer. It's in beta,
>
> Thanks for developing a tool that is less bad than Adium or Pidgin,
> but we should really move away from federation and its terrible
> lack of protection for the social graph.
>
> With Ricochet becoming more widespread as the *real* Tor way
> of doing IM, end-to-end using hidden services, why should an
> old-fashioned OTR/XMPP client/server less secure tool be
> promoted as *THE* Tor Messenger? It's just highly inappropriate.
>
> I had suggested to call it "WAM" as in "Wrong Architecture
> Messenger". Please let me know which more appropriate name I
> can feature on http://secushare.org/comparison as a forth
> best practice recommendation... *after* Ricochet, Tox and
> Retroshare.
>
> Thanks.
>
> Sorry for trolling, but I can't help saying things.
>
>
> --
>   E-mail is public! Talk to me in private using encryption:
>  http://loupsycedyglgamf.onion/LynX/
>   irc://loupsycedyglgamf.onion:67/lynX
>  https://psyced.org:34443/LynX/
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
>
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Searching VPS and Dedicated Servers

2015-09-09 Thread Travis Biehn 
Depending on who/what you're worried about, I'd warn dissidents to avoid
VPSes for anything but anonymous throwaway use.

It's far too easy to 'implant' from dom0 / hypervisor.

Encrypted VPSes can have mounted disks imaged, the RAM imaged for keys or
live implanted for whatever nefarious ends.

Buy a 1u, harden it and use VPSes as reverse proxies.

Travis

On Wed, Sep 9, 2015, 6:12 PM Bill Best  wrote:

> Hi
>
> This company has an ethical hosting policy:
>
> https://ecodissident.net/
>
> Best regards
>
> Bill Best
> --
> Community Media Association
> http://www.commedia.org.uk
> https://twitter.com/community_media
> https://facebook.com/CommunityMediaAssociation
>
> On 9 September 2015 at 01:27, ganesh  wrote:
>
>> Hello everyone,
>>
>> I am starting a social cooperative with a friend to give services to
>> organizations and collectives in Mexico mainly. It's important for us
>> specially in this case to opt for iniatives that have ethical purposes,
>> a respectful ToS and Privacy Terms, that is situated (both the company
>> and the datacenter) in a country which legislaton protects us and that
>> we can encrypt the disk.
>>
>> Any recommendations?
>>
>> Thanks in advance,
>>
>> --
>> Ganesh_
>>
>> --> http://nad-ege.net
>> --> http://lab-interconectividades.net
>> --> http://tallerhackfeminista
>> --> https://hackcoop.com.ar/
>>
>>
>> --
>> Liberationtech is public & archives are searchable on Google. Violations
>> of list guidelines will get you moderated:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>> Unsubscribe, change to digest, or change password by emailing moderator at
>> compa...@stanford.edu.
>>
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Heavily drop packets in VOIP services in Iran

2015-05-04 Thread Travis Biehn 
Nariman,
Did you try ZRTP? Log traffic with wireshark? AFAIK there's no teardown
message for the UDP channel used for voice data, would they not have to
spoof some RTSP teardown message to your client?

Try HTTPS on a non-standard port?

It might be interesting to enable peer to peer transfers of whatever you're
offering in meatspace, such as a utility to auto-format and provision USB
drives / cds with aforementioned tools.

Travis

On Sun, May 3, 2015, 6:12 PM Nariman Gharib  wrote:

> Hi Libtech,
>
> I don't know how many of you guys are following situation in Iran, but
> many people in west are thinking because of President Rouhani, Internet
> censorship situation is getting change and getting better in Iran. but
> nothing happened yet. Yes, you haven't heard anything related to blocking
> apps,popular services or websites but in other hand they are doing 'smart
> filtering' and applying 'drop packet' on some ports and IPs and HTTPs
> protocol.
>
> Today for example, I missed my mother and I tried to talk to her on the
> Viber. every seconds our connection gets dropped. I recorded this event and
> you can see here:
> https://www.youtube.com/watch?v=VR8d4xQyPB0&feature=youtu.be
>
> another person on twitter said that: you can't make a correct call within
> Iran, Just 'Line' is works and that one is stopped working every minutes.
> https://twitter.com/sallar/status/594825884353331202
>
> Then users are suggested him, services like: Skype and Hangout , webex
>
> by the way, between between Feb 3, 2015 – May 3, 2015, I've received more
> than 1m Download requests from Iran for downloading circumvention tools but
> sadly because i stored my files on AWS and amazon is using HTTPs, most of
> times users are having issue to complete the download process. I think it's
> because of drop packet which government applied on Internet. (I'm not
> expert)
>
> I prepared a small report to give you an idea to what's happening.
> https://drive.google.com/file/d/0B0RFLzzTuwqrTnl5REwtSUZLdE0/view?usp=sharing
> This report contain URL+Hits (Requests)+Bandwidth Outbound+
> Complete(Bytes)Transfers (Requests)
>
> Thanks
> N
>
> --
> PGP: 0xa53963936999cbb6
>  --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] CAMRI seminar 28/1: Clint Burnham on Slavoj Žižek and the Internet

2015-01-20 Thread Travis Biehn 
Will a feed be made available?

Thanks,
-Travis

On Tue, Jan 20, 2015 at 5:35 AM, Christian Fuchs 
wrote:

> CAMRI seminar
> Clint Burnham: The Subject Supposed to LOL: Slavoj Žižek and the Event of
> the Internet
> Wed, 28/1, 14:00
> Univ of Westminster
> Harrow Campus
> Room A7.01
>
> Registration is possible by e-mail to christian.fu...@uti.at
>
> http://www.westminster.ac.uk/camri/research-seminars/clint-
> burnham-the-subject-supposed-to-lol-slavoj-iek-and-the-
> event-of-the-internet
>
> Is the Internet an Event? Does it constitute, as Žižek argues an Event
> should, a reframing of our experience, a retroactive re-ordering of
> everything we thought we knew about the social but were afraid to ask
> Facebook?
>
> In this talk Clint Burnham will engage with Žižek’s recent work (Less than
> Nothing, Event, Absolute Recoil) as a way to argue, first, that in order to
> understand the Internet, we need Žižek’s “immaterial materialism,” and, in
> turn, to understand Žižek’s thought and how it circulates today, we need to
> think through digital culture and social media. As regards the Internet,
> then, no cynical disavowal, no Facebook cleanses, no shutting off the wifi:
> les non-dupes errent, or those who distance themselves from social media
> and the like are the most deceived. Next: the Internet’s two bodies:
> digital culture is both the material world of servers, clouds, stacks and
> devices and the virtual or affective world of liking, networking, and the
> mirror stage of the selfie. And here we must confront the “obscene
> underside” of digital culture: not only the trolls, 4chan porn, and
> gamergate bro’s, but also the old fashioned exploitation of labour, be it
> iPhone assembly-line workers at Foxconn, super-exploited “blood coltan”
> miners in the Congo, “like farmers” in India, or social media scrubbers in
> the Phillipines, who ensure your feeds are “clean” of porn, beheadings, and
> other #NSFW matter. These last concerns, then, mean we also have to think
> about what Žižek calls the “undoing of the Event” of the Internet, the
> betrayal of the Internet, its diseventalization.
>
> Clint Burnham teaches in the department of English at Simon Fraser
> University, Vancouver, Canada. He is the author of more than a dozen books
> of criticism, poetry, and fiction, including The Jamesonian Unconscious:
> The Aesthetics of Marxist Theory (1995), The Only Poetry that Matters:
> Reading the Kootenay School of Writing (2011), editor (with Lorna Brown) of
> the public art catalogue Digital Natives (2011), and editor (with Paul
> Budra) of From Text to Txting: New Media in the Classroom (2012). His essay
> “Slavoj Žižek as Internet Philosopher” is in the recent Palgrave collection
> Žižek and Media Studies (eds. Matthew Flisfeder and Louis-Paul Willis), and
> he is currently writing a book on Žižek and digital culture called Does the
> Internet have an Unconscious? In the winter of 2014-15 he is living and
> working in Vienna as part of a residency with the Urban Subjects collective.
>
> Forthcoming talks (open for registration)
>
> Feb 4: Marisol Sandoval - From Corporate to Social Media: Critical
> Perspectives on Corporate Social Responsibility in Media and Communication
> Industries
>
> http://www.westminster.ac.uk/camri/research-seminars/
> marisol-sandoval-from-corporate-to-social-media-critical-perspectives-on-
> corporate-social-responsibility-in-media-and-communication-industries
>
> Feb 11: Justin Lewis - Beyond Consumer Capitalism: A Movie Screening and
> Q&A with Justin Lewis
>
> http://www.westminster.ac.uk/camri/research-seminars/
> justin-lewis-beyond-consumer-capitalism-a-movie-screening-
> and-q-and-a-with-justin-lewis
>
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated: https://mailman.stanford.edu/
> mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change
> password by emailing moderator at compa...@stanford.edu.




-- 
Twitter  | LinkedIn
 | GitHub 
| TravisBiehn.com  | Google Plus

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] IANA Stewardship Transition - WAS: Radical-safest TLDs in 2014

2014-10-14 Thread Travis Biehn 
Survey and ML [soliciting feedback from the general public] for stewardship
transition:
https://www.surveymonkey.com/s/IANA_stewardship
http://lists.arin.net/mailman/listinfo/iana-transition

-Travis

On Tue, Oct 7, 2014 at 5:08 AM, Cathal Garvey 
wrote:

> > Can we further reduce ambiguity by reducing the set to those TLDs
> > recognized by ICANN?
>
> Isn't it more useful to reduce the set to TLDs that the "average user"
> can connect to? That's why I shared the rumours about .onion in Firefox:
> who cares what ICANN thinks, if a large enough userbase can access it
> OOTB without configuration?
>
> By contrast, .onion *today*, along with .i2p and .bit, are all
> configuration-heavy, meaning virtually nobody will actually access or
> use them unless they're already completely dedicated customers. The Silk
> Road managed to pull people in because it was essentially the only place
> to buy drugs "safely" online (along with plenty of other reprehensible
> things), but that's a completely exceptional case.
>
> I'm thinking of benign web services that enrich the world in some way,
> but suffer censorship or legal assault because they disturb the
> status-quo. The next start-up that MPAA want to crush, or the next
> whistleblowing site, or the next transborder social network. Those
> people will need TLDs they can rely on. If .onion goes surprisingly
> mainstream in the near future, that'd be very powerful.
>
> Of course, .onion will remain slow as sin, but for those websites they
> can use .onion with 304 redirects to non-onion TLDs for each visitor; as
> their clearnet TLDs get shut down they can just register new ones and
> 304 redirect to them on the fly for each new visitor; whack-a-mole on a
> grand scale, a total losing battle for the censors. The critical bit is
> that there's one canonical URL for new visitors that will always lead to
> service.
>
> On 06/10/14 21:00, Travis Biehn wrote:
> > Rysiek,
> > Can we further reduce ambiguity by reducing the set to those TLDs
> > recognized by ICANN?
> >
> > I don't think you can 'rely' on any of them, to coderman's point.
> >
> > Your best bet is to enumerate the list of TLD delegated authoritative
> > servers, then recursively send legal threats to each.
> >
> > The one who demonstrates the most impressive apathy may be your winner :)
> >
> > Of course, you may want to follow the concept of pitting two
> noncooperative
> > countries against each other.
> > If the threat to your name isnt specifically tied to a subset of all
> > jurisdictions.. You might have a problem.
> >
> > You might, then, establish a protocol. The hash of the website CNN.com's
> > contents, for instance, may serve as a backup domain.
> >
> > Realistically its really down to finding a cool registrar & TLD pair. TBP
> > may be your best example here.
> >
> > As a final note: if you're worried about these kinds of problems you
> > probably shouldn't be using clearnet.
> >
> > Travis
> > On Oct 5, 2014 6:50 PM, "coderman"  wrote:
> >
> >> On 10/5/14, rysiek  wrote:
> >>> ... which TLD should I choose for a "clearternet"
> >>> version of the website?
> >>
> >>
> >> for present day, "clearnet" version,
> >>  winner is .bit / namecoin.
> >>
> >
>
> --
> Twitter: @onetruecathal, @formabiolabs
> Phone: +353876363185
> Blog: http://indiebiotech.com
> miniLock.io: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM
>



-- 
Twitter <https://twitter.com/tbiehn> | LinkedIn
<http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn>
| TravisBiehn.com <http://www.travisbiehn.com> | Google Plus
<https://plus.google.com/+TravisBiehn>
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] With This Tiny Box, You Can Anonymize Everything You Do Online | WIRED

2014-10-13 Thread Travis Biehn 
+cpunks

Interested in update mechanisms, interdiction resilience, trusted boot, web
/ other interfaces.

These devices just change and expand your threat surface.

Travis
On Oct 13, 2014 12:21 PM, "Yosem Companys"  wrote:

> Today a group of privacy-focused developers plans to launch a Kickstarter
> campaign for Anonabox. The $45 open-source router automatically directs all
> data that connects to it by ethernet or Wifi through the Tor network,
> hiding the user’s IP address and skirting censorship. It’s also small
> enough to hide two in a pack of cigarettes. Anonabox’s tiny size means
> users can carry the device with them anywhere, plugging it into an office
> ethernet cable to do sensitive work or in a cybercafe in China to evade the
> Great Firewall. The result, if Anonabox fulfills its security promises, is
> that it could become significantly easier to anonymize all your traffic
> with Tor—not just Web browsing, but email, instant messaging, filesharing
> and all the other miscellaneous digital exhaust that your computer leaves
> behind online.
>
> “Now all your programs, no matter what you do on your computer, are routed
> over the Tor network,” says August Germar, one of the independent IT
> consultants who spent the last four years developing the Anonabox. He says
> it was built with the intention of making Tor easier to use not just for
> the software’s Western fans, but for those who really need it more
> Internet-repressive regimes. “It was important to us that it be portable
> and small—something you can easily conceal or even throw away if you have
> to get rid of it.”
>
> http://www.wired.com/2014/10/tiny-box-can-anonymize-everything-online/
> h/t @anahi_ayala
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
>
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Espionge.app's lack of plausible deniability (Was: TrueCrypt Alternatives?)

2014-10-06 Thread Travis Biehn 
Greg,
When someone else discovers an issue with your product and you find out
about it - you should be thankful.

They could have just as easily sold the bug silently to the intelligence
community  - or let you otherwise continue to produce insecure software.

In fact "irresponsible disclosure" supposes that this vulnerability was
difficult to uncover. If the vulnerability was particularly easy -for any
threat actor- to uncover then an argument can be made that delaying
disclosure is irresponsible.

Travis
On Oct 6, 2014 11:11 PM, "Greg"  wrote:

> On Oct 6, 2014, at 7:21 PM, Collin Anderson 
> wrote:
>
> Here I attempted to make a professional point that you are purporting to
> offer software to an audience whose needs you do not seem to be able to
> serve. Your seriousness in regard to the obligations that those needs incur
> seems to have only come up to denigrate Steve for having laid bare the
> situation, and in what appears to have been a few minutes worth of research.
>
>
> Irresponsible disclosure is a serious problem, yes.
>
> Are you endorsing irresponsible disclosure...?
>
> No, I kept my trolling to Twitter. Fun was had by many.
>
>
> And you are actually proud of trolling...?
>
> Not sure what's so difficult about asking us to just change the text.
> We're happy to address you concerns. You don't need to troll us to get a
> response, in fact you're more likely to get a better one when you don't
> troll.
>
> Rather than this blasé and hostile attitude, you should have expressed
> some shame for using this community to push your software.
>
>
> Someone wanted to know about truecrypt alternatives, and I here was my
> reply:
>
> *See this list on ArsTechnica's forum:*
>
> *http://arstechnica.com/civis/viewtopic.php?f=21&t=1245367*
> 
>
> *I work for Tao Effect LLC, our software is on that list, and you can read
> about how its plausible deniability compares to TrueCrypt's here (forgive
> this subreddit's insane color scheme):*
>
>
> *http://www.reddit.com/r/security/comments/2b5icu/major_advancements_in_deniable_encryption_arrive/cj24a1n*
> 
>
> *In case anyone on this list wants a license, here's a code for 15%
> off: LIBERATIONTECH*
>
> *There are 10 of them and you can use them on espionageapp.com
> . They expire November 1st.*
>
>
>
> But you haven't. Let us know when Steve's bug has a CVE number.
>
>
> Sure, I can do that for you. :)
>
> I can also change the website's wording for you. Just send us an email
> with how you would prefer we phrase our website's text:
> supp...@taoeffect.com
>
> Kind regards,
> Greg Slepak
>
> --
> Please do not email me anything that you are not comfortable also sharing with
> the NSA.
>
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
>
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Broadcast Anonymous Routing

2014-08-20 Thread Travis Biehn 
OK,
Does anyone want to give me students? I promise to water them and feed them
3 times a day...

Randolph: I2P is better at solving the metadata problem than TOR is...

-Travis


On Wed, Aug 20, 2014 at 12:31 PM, Randolph  wrote:

> yah, take some students and ask them to evaluate, if tor and all these
> ideas have a metadata probem:
> http://en.wikipedia.org/wiki/Graph_theory
>
> 2014-08-20 18:21 GMT+02:00 Travis Biehn :
> > The metadata problem
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
>
>


-- 
Twitter <https://twitter.com/tbiehn> | LinkedIn
<http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn>
| TravisBiehn.com <http://www.travisbiehn.com> | Google Plus
<https://plus.google.com/+TravisBiehn>
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Broadcast Anonymous Routing

2014-08-20 Thread Travis Biehn 
TOR and I2P provide algorithms for anonymizing traffic. My suggestion is
that the approaches they take may be better adapted to the problem of
protecting chat than Echo / Flood / BAR approaches.

So I'm not saying 'pump XMPP through TOR or I2P' but i'm saying
ECHO/AE/Flood might be the wrong approaches - why not derive from
algorithms that I2P / TOR use?

Once key federation is addressed then message encryption itself is very
easy The metadata problem is what ECHO/AE/Flooding/BAR attempts to
address.

-Travis


On Wed, Aug 20, 2014 at 12:14 PM, Randolph  wrote:

> 2014-08-20 16:24 GMT+02:00 Travis Biehn :
> > I'm not sure why Echo / AE would be used in lieu of onion
> > routing... TOR based would show that Bob was transmitting something. I2P
> > would show no metadata about transmission or reception.
> >
> > Am I missing something?
> >
>
> sure, the talk was about encrypted messaging and not a comparison
> about a browsing proxy chain. the chat can be done over any proxy. so
> both could be stuck together and that adds another layer. I think that
> should be analysed in one year further, in case TorChat is based on
> encryption and the endpoint of Tor or I2P is getting only ciphertext.
> Regards.
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
>
>


-- 
Twitter <https://twitter.com/tbiehn> | LinkedIn
<http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn>
| TravisBiehn.com <http://www.travisbiehn.com> | Google Plus
<https://plus.google.com/+TravisBiehn>
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Broadcast Anonymous Routing

2014-08-20 Thread Travis Biehn 
Randolf,
We're in agreement on that. OTR encrypts the message but leaves all the
metadata intact. This is a 'bad thing'.

I read sims.me's messaging app security blurb. It seems that it just uses
end-to-end encryption with AES, public keys are federated by a central
authority.
In this scheme if sims.me gets owned or if their private keys get owned an
adversary can just serve you an incorrect public key for the peer you're
trying to chat with. There are a few other attacks but the important
thing is that key federation is broken under the scheme ;) Sims is also not
doing anything (that they state in the readme) for metadata 'occlusion'
e.g. any network observer can tell that Bob and Alice are definitely
chatting.

I'm not sure why Echo / AE / Flooding would be used in lieu of onion
routing... TOR based would show that Bob was transmitting something. I2P
would show no metadata about transmission or reception.

Am I missing something?

-Travis


On Tue, Aug 19, 2014 at 2:02 PM, Randolph  wrote:

> 2014-08-19 19:26 GMT+02:00 Travis Biehn :
> > because XMPP supports federation along a mix of TLS and
> > plaintext interconnects that OTR is therefore susceptible to a man in the
> > middle attack. This is absolutely correct.. XMPP routers may indeed be
> > compromised.
> >
> > Key federation under the OTR scheme: in order to be confident that the
> > endpoints are chatting to each other through a secure channel they must
> > exchange key fingerprints out of band (then)
> > both endpoints can be reasonably sure that they are communicating over
> > a secure channel - regardless of the maliciousness of the XMPP routers
> that
> > they are connecting through.
> >
> > The problem after key federation and the reason that these protocols
> (BAR,
> > ECHO, A(daptive)ECHO, Clique etc) exist. They are trying to resolve the
> metadata
> > aspect of communication. OTR protects message content but does not make
> any
> > efforts at obscuring metadata
>
>
> Dear Travis,
> both must be done, using strong multi-encryption and hiding in the
> crowd. If XMPP would offer real end to end encryption and not only
> point to point encryption, OTR would be more secure in the phase of an
> initial certificate handshake of a man in the middle attack. Offline
> Messaging and receiving authenticated (which means to block
> non-authenticated messages) and re-newing the encryption key per
> session would be other security topics. The architecture is currently
> an insecure mosaic, so it makes sense to focus on these new securtiy
> protocols and research them too.
> Echocasting or Broadcasting or Flooding, whatever you call the echo
> protocols, could be analysed in regard of either bandwidth and further
> scalability. Bandwidth could only be on a mobile a real problem, so I
> wonder which of the new ideas are mobile ready. Sims.me/security
> (mobile messenger by DHL Logistics) by the way has a similar
> encryption architecture and sets a new standard for XMPP. But it is
> not open source and graph theory is simple here; even for a round
> table graph theory is quite trivial to explore:
> http://en.wikipedia.org/wiki/Graph_theory
> Regards Randolph
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
>
>


-- 
Twitter <https://twitter.com/tbiehn> | LinkedIn
<http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn>
| TravisBiehn.com <http://www.travisbiehn.com> | Google Plus
<https://plus.google.com/+TravisBiehn>
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Broadcast Anonymous Routing

2014-08-19 Thread Travis Biehn 
 isn`t it? Could be interesting to see the Client Gui
> evolving to a real echo chat client and having all the security approaches
> of the echo protocol added, which then is another echo client which would
> be compatible. http://goldbug.sourceforge.net/new.html But why Python
> when a C++ kernel is given? creating a new chat-server software in just
> another language is not required until you do a client as wlel in that
> language, though I wounder if you can't connect a pyhton gui to a
> c++ kernel - as it uses HTTPS.
> Kind Regards Tom
>
> On Wed, Aug 6, 2014 at 3:26 PM,  > wrote:
> >2014-08-18 3:20 GMT+02:00 Travis Biehn :
> > In for more info on ECHO / Spot-On protocols available implementations
> etc.
> >
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
>



-- 
Twitter <https://twitter.com/tbiehn> | LinkedIn
<http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn>
| TravisBiehn.com <http://www.travisbiehn.com> | Google Plus
<https://plus.google.com/+TravisBiehn>
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Broadcast Anonymous Routing

2014-08-17 Thread Travis Biehn 
In for more info on ECHO / Spot-On protocols available implementations etc.


On Sun, Aug 17, 2014 at 2:18 PM, Randolph  wrote:

> Hello George,
>
> thanks for the information, please see http://sf.net/projects/spot-on
> . The Echo has been around for some time:
> http://goldbug.sourceforge.net/img/Echo-grid.png
>
> https://en.wikipedia.org/wiki/Echocast_%28networking%29
>
> The BAR approach requires that the bartender and Alice have some
> common knowledge, instructions. The instructions create a relationship
> between Alice and the bartender. And, if you wish to expand this sort
> of messaging from one bar to multiple bars, you'd need to turn Bob
> into a potential bartender.
> http://de.wikipedia.org/wiki/GoldBug_%28Instant_Messenger%29
>
> The Echo doesn't require relationships between nodes, but it does
> support them, if nodes would like a little more privacy. Maybe you
> want to integrate an echo kernel into your app and gui?
> Kind Regards R.
>
> 2014-08-17 19:31 GMT+02:00 George Chatzisofroniou :
> > Hi everyone,
> >
> > We released a TL;DR guide on broadcast anonymity [1] that i think you'll
> find
> > interesting.
> >
> > Feedback is very welcome,
> >
> > [1]: https://sophron.github.io/BAR/
> >
> > --
> > George Chatzisofroniou
> > --
> > Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
> >
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
>
>


-- 
Twitter  | LinkedIn
 | GitHub 
| TravisBiehn.com  | Google Plus

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Key Federation for OTR Publics

2014-08-17 Thread Travis Biehn 
All,
Anyone aware of efforts at OTR key federation other than:
http://tools.ietf.org/html/draft-wouters-dane-otrfp-01

DANE.. gross.

-Travis

-- 
Twitter  | LinkedIn
 | GitHub 
| TravisBiehn.com  | Google Plus

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Internet Infrastructure Software Database

2014-08-04 Thread Travis Biehn 
Think it might be useful to, like, pin this to an OSI layer?

You're going to be including all sorts of ludicrous stuff, like gcc &
svn/git.

Critical internet software, that's the stuff that makes happy machines
speak transport layer to each other.

That list is already huge without including every httpd and library in the
universe, every compiler and flavor of Unix.

Travis
On Aug 3, 2014 10:50 AM, "Bill Woodcock"  wrote:

>
> Without making any claims as to the value of maintaining such a list, I'll
> point out that I included gcc.
>
> -Bill
>
>
> > On Aug 3, 2014, at 3:06, "danimoth"  wrote:
> >
> >> On 02/08/14 at 07:36am, Rich Kulawiec wrote:
> >> I think this list is a pretty good starting point.  Of course,
> >> having said that, now I want to edit it. ;)
> >
> > IMHO the idea is pretty stupid. The "implementation" also, because
> > nobody mentioned a compiler.. lol, how to waste time
> > --
> > Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
> >
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
>
>
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Internet Infrastructure Software Database

2014-08-02 Thread Travis Biehn 
Starting it on Wikipedia?

BGP.
On Aug 2, 2014 7:36 AM, "Rich Kulawiec"  wrote:

> I think this list is a pretty good starting point.  Of course,
> having said that, now I want to edit it. ;)
>
> On Fri, Aug 01, 2014 at 02:21:12PM -0700, Bill Woodcock wrote:
> > BIND
> > NSD
> add unbound, I think
>
> > Sendmail
> add postfix, exim, courier
> add dovecot, uw-imap and descendants
> add procmail, fetchmail
>
> > Apache/httpd
> move nginx here
> add squid, tomcat
>
> > sshd
> change to OpenSSH
>
> > MySQL
> > PostgreSQL
> add MariaDB, MongoDB, CouchDB
>
> remove the web browsers: they're not infrastructure
>
> > PHP
> > Perl
> add Python
>
> > Operating systems:
> add *BSD, not just because they're used as-is but
> because they're embedded in so many devices
>
> maybe add the Solaris/Illumos/OpenIndiana family
>
> additions:
> stunnel
> OpenNNTP, INN
> subversion, git, maybe other source code control systems
> nagios, zenoss, zabbix, etc.
> snort, nessus, nmap, tcpdump, wireshark
> puppet, chef, spacewalk, etc.
>
> ---rsk
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
>
>
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] when you are using Tor, Twitter will blocked your acc

2014-06-08 Thread Travis Biehn 
If you have a heuristic used to apply additional scrutiny to traffic coming
from certain locations you shouldn't have:
IF it's from a bad source AND it's not in the whitelist of allowed bad
sources...

Treat them as possibly malicious and handle it like risky traffic: Throw
difficult captchas at your users and don't deny login or require password
changes.
Let users turn off logic for IP-based 'hack' attempt detection.

-Travis




On Sun, Jun 8, 2014 at 5:58 PM, Jacob Appelbaum  wrote:

> I've had my twiter account locked half a dozen times (web client,
> using Tails) in the last few weeks. It seems to be some new security
> heuristic where one is still able to login to change the password but
> the account is locked from generating new public (or DM) events.
>
> It is a super annoying "security feature" to say the least.
>
> I think some Twitter security folks are on this list - if so, I'd love
> to discuss the issue in detail. It seems like the issue is when Tor
> circuits rotate. So when I've logged in from say, a US Tor exit node,
> all is fine. After a while, I'll be exiting the Tor network through
> Germany. It appears that say, over the course of a day, I'll jump
> through ten countries. At some point, Twitter decides that this is
> abuse or evidence of hacking or something. It doesn't appear to know
> that I'm using Tor though. So while actually, I'm just consistantly
> using Tor, the GeoIP is constantly rotating. I suspect this is what
> trips the security feature in question.
>
> It would be nice if Twitter was a bit more intelligent about Tor
> usage. I wrote the BulkExitList feature on check.torproject.org for
> Wikipedia. They ironically use it to block edits from Tor. Twitter
> could use that export of data or a similar one to have a list of all
> current (updated per hour with the network consensus) exit nodes and
> then do something better than Wikipedia.
>
> All the best,
> Jacob
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
>



-- 
Twitter  | LinkedIn
 | GitHub 
| TravisBiehn.com  | Google Plus

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] when you are using Tor, Twitter will blocked your acc

2014-06-08 Thread Travis Biehn 
Does enabling 2FA help?

Twitter likely considers some addresses to be 'nasty.' Likely a combo of
automated heuristics based blacklisting, bad actor cidr and ip lists and
manual additions.

Options :
Get twitter to add an exception by way of user accessible setting.

Chain TOR to an unblacklisted Socks proxy.

Users may elect to rent a VPS to use as a trusted environment. Providers
which accept Bitcoin are numerous, as are options for virtual and prepaid
credit cards.

Free shell accounts may also serve as good routers.

Anonymity networks are naturally attractive to people abusing networks and
entities have different maturity when it comes to balancing end user safety
by taking into account activists who want to hide from overlords, other
privacy oriented entities and the imperative to hinder the efforts of
privacy oriented bad actors.
On Jun 7, 2014 5:39 AM, "Nariman Gharib"  wrote:

> Dear Libtech,
>
> Many Tor users inside Iran reported that while they are using Tor/Orbot
> for login into Twitter, Twitter blocked their accounts and forced them to
> change their password. it happened everyday and every time you are login to
> your account.
>
> what solution do you have for solve this problem?
>
>
> Thanks
> Nariman
> @Listentous
>
>
>
> --
> PGP: 084F 95C0 BD1B B15A 129C 90DB A539 6393 6999 CBB6
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
>
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] All Google products are now blocked in China

2014-06-01 Thread Travis Biehn 
So, uhh, how do we implement these protocols without paying you anything?

Travis
On Jun 1, 2014 6:07 PM, "Percy Alpha"  wrote:

> *Google disrupted prior to Tiananmen Anniversary; Mirror sites enable
> uncensored access to information *
>
> Google started to encrypt search by default in China in March and
> currently nearly all users will be redirected to the encrypted version
> automatically. But prior to the anniversary of Tiananmen incident,
> GFW(Great Firewall of China) began to severely disrupt Google search
>  by disrupting TCP
> connections to Google IPs.  The block is indiscriminate as all Google
> services in all countries, encrypted or not, are now blocked in China. This
> blockage includes Google search, images, translate, Gmail and almost all
> other products. In addition, the block covers  Google Hong Kong
>  (China’s version of
> Google), Google.com  and all
> other country specific versions.
>
> We made unblockable mirror sites and Apps  that
> can be accessed without any special tools or configuration. Currently, the
> mirror sites include FreeWeibo
> , our own project that
> collected and publish censored Sina Weibo and its unblockable Android app
> . GFW failed to
> block our iOS app, but Apple voluntarily took it down. China digital times(
> English /Chinese
> ) and Pao-Pao
> , all of which produce
> highly sensitive content but cannot be blocked (of course, all original
> websites are blocked) without causing serious economic damages. Microsoft,
> Amazon, and Github have to be blocked, creating serious problems for
> companies located in China. If our mirror sites are not blocked during this
> year’s June 4th, it's fair to say that our collateral freedom approach
> passes one of the most rigorous tests of censorship and we're on the right
> track to defeating GFW and make information accessible to all.
>
>
> Percy Alpha(PGP )
> GreatFire.org Team
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
>
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Is Google correlating people to their exit nodes every half an hour?

2014-05-12 Thread Travis Biehn 
Maybe not: http://lynx.browser.org/.

On a more serious note - Scandal?

Like ... iOS putting all your footsteps into a file for you scandal?

-Travis


On Mon, May 12, 2014 at 1:18 PM, carlo von lynX  wrote:

> On Mon, May 12, 2014 at 03:12:06PM +0200, Fabian Keil wrote:
> > Please have a look at:
> > http://www.privoxy.org/user-manual/contact.html
>
> pebcak, problem solved.
>
> > A definition of "p0wned by google" would be great, too.
>
> In the case of privoxy it was a joke related to my pebcak.
>
> In the case of Chromium.. well.. you know it
>
> In the case of Mozilla.. I just mention this habit of
> checking "safebrowsing.google.com" every half an hour,
> correlating a user's IP or exit node with her Google cookie.
>
> I know that 0.0001% of the population are aware of being
> spied upon by safebrowsing.google.com and capable of
> turning it off.
>
> And I know there are tons of people who think
> safebrowsing.google.com is an important service that
> Google could in no way make available anonymously
> because.. OMG.. then it wouldn't make money with it!!
>
> And it wouldn't make Uncle Sam satisfied.
>
> (Yes of course "safebrowsing" could be architected
>  in a way that the data is distributed anonymously
>  and in respect of privacy, much like the mirror
>  networks of linux distributions for example)
>
> I presume safebrowsing.google.com isn't the only
> spyware in web browsers, but one of the most efficient
> ones.
>
> Or maybe my personal observation of web browser
> activity patterns are somehow misguided.
> I'm just articulating what I noticed since no-one
> in the community seems to have developed a critical
> opinion regarding that service.
>
> Wikipedia has no "Criticism" box about it. Neither
> does https://wiki.mozilla.org/Phishing_Protection
> in any way question the practice of having the
> browser periodically call "home."
>
> I presume this could be a major scandal, but since
> I'm not a major blogger it's just a little voice
> on a little mailing list.
>
> Maybe some journalist picks it up and researches
> in-depth if my observations are correct?
>
> And I wasn't considering non-free or secondary browsers.
>
> So from this ironically desperate point of view all
> browsers are p0wned.
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
>



-- 
Twitter  |
LinkedIn|
GitHub  |
TravisBiehn.com |
Google Plus 
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Feedback req: Tinfoil SMS

2013-09-30 Thread Travis Biehn 
On Sep 30, 2013 6:02 PM, "Cooper Quintin"  wrote:
>
> I'm curious why you think someone should use this over textsecure?  What
> advantages are you providing?
>
> Have you written any encryption software before this? Encryption is
> notoriously hard to get right and easy to get wrong.  I noticed that you
> have plans to do a security audit on this.  I would not feel comfortable
> using it unless a respected cryptographer has had a chance to take a
> look at it, personally.
>
> Cooper Quintin
> Technology Director - radicalDESIGNS
> PGP Key ID: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA
>
> On 09/30/2013 09:34 AM, A.Chukin wrote:
> > Google Play informs me that this APP is not avaliable in my region.
Hmm
> >
> > 30.09.2013 18:05, Thejesh GN пишет:
> >> https://github.com/tinfoilhat/tinfoil-sms
> >>
> >>
> >>
> >> Thej
> >> --
> >> Thejesh GN | ತೇಜೇಶ್ ಜಿ.ಎನ್
> >> http://thejeshgn.com
> >> GPG ID :  0xBFFC8DD3C06DD6B0
> >>
> >>
> --
> Liberationtech is public & archives are searchable on Google. Violations
of list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe,
change to digest, or change password by emailing moderator at
compa...@stanford.edu.

I see no reason to chill competition with whisper systems offerings.

The stego option is appealing, I'm assuming you'll be trying it with MMS?
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.