Re: [liberationtech] Does anyone know a celebrity who feels strongly about privacy issues?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/08/13 21:32, Francisco Ruiz wrote: So, here's my question. Does any one know of a celebrity who cares enough about computer security to be persuaded to take one minute of his/her time to read a hash before a camera? I'd like to second Guido's objection that most people don't know what a hash is, or have the skills or software required to verify one, so this isn't an effective security measure for most people. Even if it were, you'd have to ask the celebrity to read a new hash for every version of the software, and the videos for old versions could be used in a rollback attack. Cheers, Michael -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJSCf5oAAoJEBEET9GfxSfMUB4H/RTrYX1we2t1p9+TeXm21GV2 OWJkZvWLvfDmJqf/utJNoFH4wgLkDvziWrTCqGWbuDlPlmLzNTvGvIZio9i82cUT tja1bnmPr17BDz5Msn8d4/BFdjrV957e1S3P2Tqx8GGaZFAYCi5EX57Q7G2Lvphj 4NDkDOFEfwfQ38azsBNokdUXo5Ek98I2SXv2GG3ac8N1a2HBVpsHr3lqfsZLDTyS LrwM6dPCEWV+kd8+VsOjokKB8y7o9lUjLMmOvMtM4dC9bak8OoDy+fkxWkmMf48v KBRqsPN6rasEmDxGRDtLZN0CAzEMGcmndJDqMY4tV/v9IgnLRScaMJaz8Fsc8cY= =7Qy4 -END PGP SIGNATURE- -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Does anyone know a celebrity who feels strongly about privacy issues?
Maybe the celebrity could read the binary sequence of a compiled program, and the user could take dictation into a simple command line script? On 13 August 2013 10:37, Michael Rogers mich...@briarproject.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/08/13 21:32, Francisco Ruiz wrote: So, here's my question. Does any one know of a celebrity who cares enough about computer security to be persuaded to take one minute of his/her time to read a hash before a camera? I'd like to second Guido's objection that most people don't know what a hash is, or have the skills or software required to verify one, so this isn't an effective security measure for most people. Even if it were, you'd have to ask the celebrity to read a new hash for every version of the software, and the videos for old versions could be used in a rollback attack. Cheers, Michael -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJSCf5oAAoJEBEET9GfxSfMUB4H/RTrYX1we2t1p9+TeXm21GV2 OWJkZvWLvfDmJqf/utJNoFH4wgLkDvziWrTCqGWbuDlPlmLzNTvGvIZio9i82cUT tja1bnmPr17BDz5Msn8d4/BFdjrV957e1S3P2Tqx8GGaZFAYCi5EX57Q7G2Lvphj 4NDkDOFEfwfQ38azsBNokdUXo5Ek98I2SXv2GG3ac8N1a2HBVpsHr3lqfsZLDTyS LrwM6dPCEWV+kd8+VsOjokKB8y7o9lUjLMmOvMtM4dC9bak8OoDy+fkxWkmMf48v KBRqsPN6rasEmDxGRDtLZN0CAzEMGcmndJDqMY4tV/v9IgnLRScaMJaz8Fsc8cY= =7Qy4 -END PGP SIGNATURE- -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Love regards etc David Miller http://www.deadpansincerity.com 07854 880 883 -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Does anyone know a celebrity who feels strongly about privacy issues?
So not sure this is taking the discussion in a direction useful to this list, but a thought-- celebrities are not likely to be available to do something like this -- i.e., a series of readings on youtube videos -- unless the videos were connected to a high-profile campaign, a film/documentary, or run by an organization that they are connected to or doing a favor for (and the favor is usually done through a celebrity that's a friend or their management. And the negotiation of a campaign that incorporates a celebrtiy is complicated and time-consuming, and once done, is difficult to manage. It's not impossible and it's not that celebrities (John Cusack was a great suggestion, by the way) wouldn't be interested in the issue, it's just that it may not be worth the time you'd spend in trying to attract someone. Having said that, if anyone ever did want to attract a celebrity to a high-profile cause, start by inquiring with CAA or the Global Philanthropy Group. Or if you want a simple retweet for profile, most celebrities are pretty obliging with that. Lina On Tue, Aug 13, 2013 at 5:52 AM, David Miller da...@deadpansincerity.comwrote: Maybe the celebrity could read the binary sequence of a compiled program, and the user could take dictation into a simple command line script? On 13 August 2013 10:37, Michael Rogers mich...@briarproject.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/08/13 21:32, Francisco Ruiz wrote: So, here's my question. Does any one know of a celebrity who cares enough about computer security to be persuaded to take one minute of his/her time to read a hash before a camera? I'd like to second Guido's objection that most people don't know what a hash is, or have the skills or software required to verify one, so this isn't an effective security measure for most people. Even if it were, you'd have to ask the celebrity to read a new hash for every version of the software, and the videos for old versions could be used in a rollback attack. Cheers, Michael -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJSCf5oAAoJEBEET9GfxSfMUB4H/RTrYX1we2t1p9+TeXm21GV2 OWJkZvWLvfDmJqf/utJNoFH4wgLkDvziWrTCqGWbuDlPlmLzNTvGvIZio9i82cUT tja1bnmPr17BDz5Msn8d4/BFdjrV957e1S3P2Tqx8GGaZFAYCi5EX57Q7G2Lvphj 4NDkDOFEfwfQ38azsBNokdUXo5Ek98I2SXv2GG3ac8N1a2HBVpsHr3lqfsZLDTyS LrwM6dPCEWV+kd8+VsOjokKB8y7o9lUjLMmOvMtM4dC9bak8OoDy+fkxWkmMf48v KBRqsPN6rasEmDxGRDtLZN0CAzEMGcmndJDqMY4tV/v9IgnLRScaMJaz8Fsc8cY= =7Qy4 -END PGP SIGNATURE- -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Love regards etc David Miller http://www.deadpansincerity.com 07854 880 883 -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Lina Srivastava -- linasrivastava.com | twitter http://twitter.com/lksriv | linkedinhttp://www.linkedin.com/in/linasrivastava -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Does anyone know a celebrity who feels strongly about privacy issues?
Hi Kyle, don't take it so hard. I asked this question so _everybody_ who'd like to try the celebrity video trick would be able to collect a few likely candidates. Likely others will beat me to it. On Mon, Aug 12, 2013 at 7:29 PM, Kyle Maxwell ky...@xwell.org wrote: I didn't know LibTech had become the PassLok development mailing list. On Mon, Aug 12, 2013 at 6:26 PM, Collin Anderson col...@averysmallbird.com wrote: The problem with occasionally looking at Huffington Post is that I'm subjected to such things... Matt Damon: He broke up with me, the Elysium star said. There are a lot of things that I really question, you know: the legality of the drone strikes, and these NSA revelations they’re, you know, it’s like, they’re, you know, Jimmy Carter came out and said we don’t live in a democracy. That’s, that’s a little, that’s a little intense when an ex-president says that. So, you know, he’s got some, some explaining to do, particularly for a constitutional law professor. http://www.huffingtonpost.com/2013/08/09/matt-damon-obama-broke-up-with-me_n_3732426.html?utm_hp_ref=entertainment On Mon, Aug 12, 2013 at 11:44 PM, Yishay Mor yish...@gmail.com wrote: Cory Doctorow - sent from my phone. On Aug 12, 2013 9:33 PM, Francisco Ruiz r...@iit.edu wrote: Quick request. In comments to a recent post, people seemed to agree that publishing a video of someone reading a hash might be a fairly hard-to-hack way to deliver that hash to the public, and thus assure the authenticity of a piece of code, a public key, or whatnot. The problem is that the sample youtube video I linked had yours truly reading the hash, and people naturally objected that I wasn't Justin Bieber and, consequently, weren't too convinced that the video was authentic. Aside from the fact that an adversary might be able to convince Justin Bieber to make a video reading a fake hash (not that I believe Justin doesn't care; it's just a hypothesis), the idea of getting a celebrity for this kind of video has a lot of merit. I'd like to engage one for the next update of my app. So, here's my question. Does any one know of a celebrity who cares enough about computer security to be persuaded to take one minute of his/her time to read a hash before a camera? Thanks a million! -- Francisco Ruiz Associate Professor MMAE department Illinois Institute of Technology PL13lok=WsH3zTgZn8V3hnIqjdbfPus+5YF5n+LBRPuH9USMMp8izPv+hsLoZKv+jaCFMapJFfiA11Q9yJU1K1Wo0TbjXK/=PL13lok get the PassLok privacy app at: http://passlok.com -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Collin David Anderson averysmallbird.com | @cda | Washington, D.C. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- @kylemaxwell -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Francisco Ruiz Associate Professor MMAE department Illinois Institute of Technology PL13lok=WsH3zTgZn8V3hnIqjdbfPus+5YF5n+LBRPuH9USMMp8izPv+hsLoZKv+jaCFMapJFfiA11Q9yJU1K1Wo0TbjXK/=PL13lok get the PassLok privacy app at: http://passlok.com -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Does anyone know a celebrity who feels strongly about privacy issues?
Hi Guido, This looks very interesting, but I have trouble understanding it. Can you give me a sample URL where this is being shown in action? Many thanks. On Mon, Aug 12, 2013 at 4:34 PM, Guido Witmond gu...@witmond.nl wrote: Dear professor Ruiz. The real issue is to create an *easy* way to do hash validation correctly. Reading a hash on youtube is not going to make it. You use HTTPS without DNSSEC and DANE. Please use those first. It solves a lot of your server validation issues. At least it allows your users' browsers to validate code44.com. I repeat: Hashes are for computers, not for people. Plugging my own warez: I believe I've come up with a way to do DNSSEC and DANE in combination with a certificate repository. It allows the browser to validate the authenticity of a server certificate. When validated it can be sure that the javascript found at a page is indeed that what the page-author wanted. Please see: http://eccentric-authentication.org/blog/2013/03/23/Cryptographic-same-origin-policy.html And please ask if anything is unclear. I love to receive comments on where I'm right or wrong. Regards, Guido. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Francisco Ruiz Associate Professor MMAE department Illinois Institute of Technology PL13lok=WsH3zTgZn8V3hnIqjdbfPus+5YF5n+LBRPuH9USMMp8izPv+hsLoZKv+jaCFMapJFfiA11Q9yJU1K1Wo0TbjXK/=PL13lok get the PassLok privacy app at: http://passlok.com -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Does anyone know a celebrity who feels strongly about privacy issues?
Quick request. In comments to a recent post, people seemed to agree that publishing a video of someone reading a hash might be a fairly hard-to-hack way to deliver that hash to the public, and thus assure the authenticity of a piece of code, a public key, or whatnot. The problem is that the sample youtube video I linked had yours truly reading the hash, and people naturally objected that I wasn't Justin Bieber and, consequently, weren't too convinced that the video was authentic. Aside from the fact that an adversary might be able to convince Justin Bieber to make a video reading a fake hash (not that I believe Justin doesn't care; it's just a hypothesis), the idea of getting a celebrity for this kind of video has a lot of merit. I'd like to engage one for the next update of my app. So, here's my question. Does any one know of a celebrity who cares enough about computer security to be persuaded to take one minute of his/her time to read a hash before a camera? Thanks a million! -- Francisco Ruiz Associate Professor MMAE department Illinois Institute of Technology PL13lok=WsH3zTgZn8V3hnIqjdbfPus+5YF5n+LBRPuH9USMMp8izPv+hsLoZKv+jaCFMapJFfiA11Q9yJU1K1Wo0TbjXK/=PL13lok get the PassLok privacy app at: http://passlok.com -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Does anyone know a celebrity who feels strongly about privacy issues?
John Cusack comes to mind - he's on the board of Freedom of the Press Foundation. ~Griffin On 08/12/2013 04:32 PM, Francisco Ruiz wrote: Quick request. In comments to a recent post, people seemed to agree that publishing a video of someone reading a hash might be a fairly hard-to-hack way to deliver that hash to the public, and thus assure the authenticity of a piece of code, a public key, or whatnot. The problem is that the sample youtube video I linked had yours truly reading the hash, and people naturally objected that I wasn't Justin Bieber and, consequently, weren't too convinced that the video was authentic. Aside from the fact that an adversary might be able to convince Justin Bieber to make a video reading a fake hash (not that I believe Justin doesn't care; it's just a hypothesis), the idea of getting a celebrity for this kind of video has a lot of merit. I'd like to engage one for the next update of my app. So, here's my question. Does any one know of a celebrity who cares enough about computer security to be persuaded to take one minute of his/her time to read a hash before a camera? Thanks a million! -- Francisco Ruiz Associate Professor MMAE department Illinois Institute of Technology PL13lok=WsH3zTgZn8V3hnIqjdbfPus+5YF5n+LBRPuH9USMMp8izPv+hsLoZKv+jaCFMapJFfiA11Q9yJU1K1Wo0TbjXK/=PL13lok get the PassLok privacy app at: http://passlok.com -- Cypherpunks write code not flame wars. --Jurre van Bergen #Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de My posts, while frequently amusing, are not representative of the thoughts of my employer. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Does anyone know a celebrity who feels strongly about privacy issues?
Some idle thoughts: Edward Snowden Bradley Manning Julian Assange Gen. Hayden Jacob or Nadim On 08/12/2013 04:32 PM, Francisco Ruiz wrote: Quick request. In comments to a recent post, people seemed to agree that publishing a video of someone reading a hash might be a fairly hard-to-hack way to deliver that hash to the public, and thus assure the authenticity of a piece of code, a public key, or whatnot. The problem is that the sample youtube video I linked had yours truly reading the hash, and people naturally objected that I wasn't Justin Bieber and, consequently, weren't too convinced that the video was authentic. Aside from the fact that an adversary might be able to convince Justin Bieber to make a video reading a fake hash (not that I believe Justin doesn't care; it's just a hypothesis), the idea of getting a celebrity for this kind of video has a lot of merit. I'd like to engage one for the next update of my app. So, here's my question. Does any one know of a celebrity who cares enough about computer security to be persuaded to take one minute of his/her time to read a hash before a camera? Thanks a million! -- Francisco Ruiz Associate Professor MMAE department Illinois Institute of Technology PL13lok=WsH3zTgZn8V3hnIqjdbfPus+5YF5n+LBRPuH9USMMp8izPv+hsLoZKv+jaCFMapJFfiA11Q9yJU1K1Wo0TbjXK/=PL13lok get the PassLok privacy app at: http://passlok.com -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Does anyone know a celebrity who feels strongly about privacy issues?
On 2013-08-12 15:32, Francisco Ruiz wrote: Does any one know of a celebrity who cares enough about computer security to be persuaded to take one minute of his/her time to read a hash before a camera? Hugh Grant has made privacy issues the focus of his Twitter feed. However, he is more focused on for-profit companies (the media) violating people's privacy, at least based on his advocacy. -- Ms. Jayne Cravens MSc Portland, Oregon, USA The web site - http://www.coyotecommunications.com The email - j...@coyotecommunications.com Me on Twitter, other social networks, my blog: http://www.coyotecommunications.com/me/jayneonline.shtml -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Does anyone know a celebrity who feels strongly about privacy issues?
Ashton Kutcher has talked publicly multiple times about the value of privacy, both in his personal life and as an investor. On Aug 12, 2013 4:38 PM, Richard Brooks r...@acm.org wrote: Some idle thoughts: Edward Snowden Bradley Manning Julian Assange Gen. Hayden Jacob or Nadim On 08/12/2013 04:32 PM, Francisco Ruiz wrote: Quick request. In comments to a recent post, people seemed to agree that publishing a video of someone reading a hash might be a fairly hard-to-hack way to deliver that hash to the public, and thus assure the authenticity of a piece of code, a public key, or whatnot. The problem is that the sample youtube video I linked had yours truly reading the hash, and people naturally objected that I wasn't Justin Bieber and, consequently, weren't too convinced that the video was authentic. Aside from the fact that an adversary might be able to convince Justin Bieber to make a video reading a fake hash (not that I believe Justin doesn't care; it's just a hypothesis), the idea of getting a celebrity for this kind of video has a lot of merit. I'd like to engage one for the next update of my app. So, here's my question. Does any one know of a celebrity who cares enough about computer security to be persuaded to take one minute of his/her time to read a hash before a camera? Thanks a million! -- Francisco Ruiz Associate Professor MMAE department Illinois Institute of Technology PL13lok=WsH3zTgZn8V3hnIqjdbfPus+5YF5n+LBRPuH9USMMp8izPv+hsLoZKv+jaCFMapJFfiA11Q9yJU1K1Wo0TbjXK/=PL13lok get the PassLok privacy app at: http://passlok.com -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Does anyone know a celebrity who feels strongly about privacy issues?
On 8/12/13 1:45 PM, Sarah A. Downey wrote: Ashton Kutcher has talked publicly multiple times about the value of privacy, both in his personal life and as an investor. He made some comments today that were sort of unfortunate in that area. http://news.moviefone.com/2013/08/12/ashton-kutcher-steve-jobs-interview/ Thanks, Parker -- Parker Higgins Activist Electronic Frontier Foundation https://eff.org Please note our new address: 815 Eddy Street San Francisco, CA 94109-7701 -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Does anyone know a celebrity who feels strongly about privacy issues?
On 08/12/2013 04:32 PM, Francisco Ruiz wrote: Quick request. In comments to a recent post, people seemed to agree that publishing a video of someone reading a hash might be a fairly hard-to-hack way to deliver that hash to the public, and thus assure the authenticity of a piece of code, a public key, or whatnot. The problem is that the sample youtube video I linked had yours truly reading the hash, and people naturally objected that I wasn't Justin Bieber and, consequently, weren't too convinced that the video was authentic. So, here's my question. Does any one know of a celebrity who cares enough about computer security to be persuaded to take one minute of his/her time to read a hash before a camera? Thanks a million! On 08/12/13 22:41, Richard Brooks wrote: Some idle thoughts: Edward Snowden Bradley Manning Julian Assange Gen. Hayden Jacob or Nadim Dear prof Ruiz, I made the comment about celebrities in jest. I just don't believe that people will validate hashes anyway. But if you manage to convince any of those names to read your hashes, I will certainly use your product. Or never ever, depending on my opinion of the readers' knowledge about computer security. Regards, Guido. PS, I got the name wrong: http://www.classicfm.com/composers/biber/guides/biber-vs-bieber/ -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Does anyone know a celebrity who feels strongly about privacy issues?
Dear professor Ruiz. The real issue is to create an *easy* way to do hash validation correctly. Reading a hash on youtube is not going to make it. You use HTTPS without DNSSEC and DANE. Please use those first. It solves a lot of your server validation issues. At least it allows your users' browsers to validate code44.com. I repeat: Hashes are for computers, not for people. Plugging my own warez: I believe I've come up with a way to do DNSSEC and DANE in combination with a certificate repository. It allows the browser to validate the authenticity of a server certificate. When validated it can be sure that the javascript found at a page is indeed that what the page-author wanted. Please see: http://eccentric-authentication.org/blog/2013/03/23/Cryptographic-same-origin-policy.html And please ask if anything is unclear. I love to receive comments on where I'm right or wrong. Regards, Guido. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Does anyone know a celebrity who feels strongly about privacy issues?
Cory Doctorow - sent from my phone. On Aug 12, 2013 9:33 PM, Francisco Ruiz r...@iit.edu wrote: Quick request. In comments to a recent post, people seemed to agree that publishing a video of someone reading a hash might be a fairly hard-to-hack way to deliver that hash to the public, and thus assure the authenticity of a piece of code, a public key, or whatnot. The problem is that the sample youtube video I linked had yours truly reading the hash, and people naturally objected that I wasn't Justin Bieber and, consequently, weren't too convinced that the video was authentic. Aside from the fact that an adversary might be able to convince Justin Bieber to make a video reading a fake hash (not that I believe Justin doesn't care; it's just a hypothesis), the idea of getting a celebrity for this kind of video has a lot of merit. I'd like to engage one for the next update of my app. So, here's my question. Does any one know of a celebrity who cares enough about computer security to be persuaded to take one minute of his/her time to read a hash before a camera? Thanks a million! -- Francisco Ruiz Associate Professor MMAE department Illinois Institute of Technology PL13lok=WsH3zTgZn8V3hnIqjdbfPus+5YF5n+LBRPuH9USMMp8izPv+hsLoZKv+jaCFMapJFfiA11Q9yJU1K1Wo0TbjXK/=PL13lok get the PassLok privacy app at: http://passlok.com -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Does anyone know a celebrity who feels strongly about privacy issues?
The problem with occasionally looking at Huffington Post is that I'm subjected to such things... Matt Damon: *He broke up with me, the Elysium star said. There are a lot of things that I really question, you know: the legality of the drone strikes, and these NSA revelations they’re, you know, it’s like, they’re, you know, Jimmy Carter came out and said we don’t live in a democracy. That’s, that’s a little, that’s a little intense when an ex-president says that. So, you know, he’s got some, some explaining to do, particularly for a constitutional law professor.* http://www.huffingtonpost.com/2013/08/09/matt-damon-obama-broke-up-with-me_n_3732426.html?utm_hp_ref=entertainment On Mon, Aug 12, 2013 at 11:44 PM, Yishay Mor yish...@gmail.com wrote: Cory Doctorow - sent from my phone. On Aug 12, 2013 9:33 PM, Francisco Ruiz r...@iit.edu wrote: Quick request. In comments to a recent post, people seemed to agree that publishing a video of someone reading a hash might be a fairly hard-to-hack way to deliver that hash to the public, and thus assure the authenticity of a piece of code, a public key, or whatnot. The problem is that the sample youtube video I linked had yours truly reading the hash, and people naturally objected that I wasn't Justin Bieber and, consequently, weren't too convinced that the video was authentic. Aside from the fact that an adversary might be able to convince Justin Bieber to make a video reading a fake hash (not that I believe Justin doesn't care; it's just a hypothesis), the idea of getting a celebrity for this kind of video has a lot of merit. I'd like to engage one for the next update of my app. So, here's my question. Does any one know of a celebrity who cares enough about computer security to be persuaded to take one minute of his/her time to read a hash before a camera? Thanks a million! -- Francisco Ruiz Associate Professor MMAE department Illinois Institute of Technology PL13lok=WsH3zTgZn8V3hnIqjdbfPus+5YF5n+LBRPuH9USMMp8izPv+hsLoZKv+jaCFMapJFfiA11Q9yJU1K1Wo0TbjXK/=PL13lok get the PassLok privacy app at: http://passlok.com -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- *Collin David Anderson* averysmallbird.com | @cda | Washington, D.C. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Does anyone know a celebrity who feels strongly about privacy issues?
I didn't know LibTech had become the PassLok development mailing list. On Mon, Aug 12, 2013 at 6:26 PM, Collin Anderson col...@averysmallbird.com wrote: The problem with occasionally looking at Huffington Post is that I'm subjected to such things... Matt Damon: He broke up with me, the Elysium star said. There are a lot of things that I really question, you know: the legality of the drone strikes, and these NSA revelations they’re, you know, it’s like, they’re, you know, Jimmy Carter came out and said we don’t live in a democracy. That’s, that’s a little, that’s a little intense when an ex-president says that. So, you know, he’s got some, some explaining to do, particularly for a constitutional law professor. http://www.huffingtonpost.com/2013/08/09/matt-damon-obama-broke-up-with-me_n_3732426.html?utm_hp_ref=entertainment On Mon, Aug 12, 2013 at 11:44 PM, Yishay Mor yish...@gmail.com wrote: Cory Doctorow - sent from my phone. On Aug 12, 2013 9:33 PM, Francisco Ruiz r...@iit.edu wrote: Quick request. In comments to a recent post, people seemed to agree that publishing a video of someone reading a hash might be a fairly hard-to-hack way to deliver that hash to the public, and thus assure the authenticity of a piece of code, a public key, or whatnot. The problem is that the sample youtube video I linked had yours truly reading the hash, and people naturally objected that I wasn't Justin Bieber and, consequently, weren't too convinced that the video was authentic. Aside from the fact that an adversary might be able to convince Justin Bieber to make a video reading a fake hash (not that I believe Justin doesn't care; it's just a hypothesis), the idea of getting a celebrity for this kind of video has a lot of merit. I'd like to engage one for the next update of my app. So, here's my question. Does any one know of a celebrity who cares enough about computer security to be persuaded to take one minute of his/her time to read a hash before a camera? Thanks a million! -- Francisco Ruiz Associate Professor MMAE department Illinois Institute of Technology PL13lok=WsH3zTgZn8V3hnIqjdbfPus+5YF5n+LBRPuH9USMMp8izPv+hsLoZKv+jaCFMapJFfiA11Q9yJU1K1Wo0TbjXK/=PL13lok get the PassLok privacy app at: http://passlok.com -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Collin David Anderson averysmallbird.com | @cda | Washington, D.C. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- @kylemaxwell -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Does anyone know a celebrity who feels strongly about privacy issues?
Penn Jilette On Mon, Aug 12, 2013 at 1:32 PM, Francisco Ruiz r...@iit.edu wrote: Quick request. In comments to a recent post, people seemed to agree that publishing a video of someone reading a hash might be a fairly hard-to-hack way to deliver that hash to the public, and thus assure the authenticity of a piece of code, a public key, or whatnot. The problem is that the sample youtube video I linked had yours truly reading the hash, and people naturally objected that I wasn't Justin Bieber and, consequently, weren't too convinced that the video was authentic. Aside from the fact that an adversary might be able to convince Justin Bieber to make a video reading a fake hash (not that I believe Justin doesn't care; it's just a hypothesis), the idea of getting a celebrity for this kind of video has a lot of merit. I'd like to engage one for the next update of my app. So, here's my question. Does any one know of a celebrity who cares enough about computer security to be persuaded to take one minute of his/her time to read a hash before a camera? Thanks a million! -- Francisco Ruiz Associate Professor MMAE department Illinois Institute of Technology PL13lok=WsH3zTgZn8V3hnIqjdbfPus+5YF5n+LBRPuH9USMMp8izPv+hsLoZKv+jaCFMapJFfiA11Q9yJU1K1Wo0TbjXK/=PL13lok get the PassLok privacy app at: http://passlok.com -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Tony Arcieri -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.