Re: [liberationtech] New Yorker debut's Aaron Swartz's 'Strongbox.'
On 05/17/2013 06:02 PM, Kevin Poulsen wrote: That's awesome! But you write that the dot-onion can only be reached from mobile Android devices. What about this? I think Mark meant only as in the only way to fly... or perhaps, the only way to reach the service, or any Tor Hidden Service, from Android. Otherwise, I will make sure we review our language to be more accurate. For instance, instead of Orweb, you can also use Firefox with proxy setting activated, or you can root your device, and use any browser. Our goal with tutorial Mark linked to was to keep it simple, and show as short of path possible from zero to activated. I, personally, have had good experience with Mike Tigas' Onion Browser app on an iPad Touch, and have done a brief review of the source code. The only real issues with it are limitations with how iOS apps can interface with the WebKit browser component. For instance, it has not been able to (in the past at least) disable Javascript from executing, or possibly even from GPS location code being called. All in all, the idea of strong anonymity from any mobile device is far off. The best configuration we can recommend for someone trying to submit content to a service like this is to buy a new clean pre-paid smartphone or wifi-only device, for cash if possible, and keep it separate from your existing communications. Android makes this a lot easier than Apple, since you can sideload apps from alternate app distribution mechanisms like F-Droid, and don't need to link the device to an identity or payment method of any sort. Best, Nathan -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] New Yorker debut's Aaron Swartz's 'Strongbox.'
On 5/18/13 6:12 AM, Griffin Boyce wrote: Kevin Poulsen k...@hacknet.com mailto:k...@hacknet.com wrote: That's awesome! But you write that the dot-onion can only be reached from mobile Android devices. What about this? https://itunes.apple.com/us/app/onion-browser/id519296448?mt=8 An Apple app is not the best option. You could set up your own customized tor2web service and serve the onion that way. It seems more practical long-term, since it can't be blocked by Apple or abused by a developer. We recently introduced the feature of TRANSLATION MODE to setup your own private Tor2web node, to expose with your own private Tor2web server only a single, specific onion host: https://github.com/globaleaks/Tor2web-3.0/wiki/Configuring-Tor2web#translation-mode However that's to be used for specific context where one or more than one actors (public, receiver, whistleblower, admin) of GlobaLeaks (or other WB platform) need to access without strong- anonymity (The tor2web access policy can be configured in a granular way, depending on the uses https://github.com/globaleaks/GlobaLeaks/wiki/Advanced-configuration#tor2web-access-policy) . However the use of Tor2web within a Whistleblowing platform must be used with extreme care, by understanding exactly how it change the threat model within the respect to the anonymity matrix https://docs.google.com/document/d/1niYFyEar1FUmStC03OidYAIfVJf18ErUFwSWCmWBhcA/pub#h.fpje7tqvacyf . -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - https://globaleaks.org - http://tor2web.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] New Yorker debut's Aaron Swartz's 'Strongbox.'
On 5/18/13 12:38 PM, Michael Zeltner wrote: Hmm, interesting. A friend and I have recently discovered an easy Tor configuration hack to do something similar: https://www.cryptoparty.at/tor2tcp Would be interested to hear what you think of that. I haven't delved into why using that instance of Tor for anything else makes it stop accepting connections, but as a bare configuration it's remarkably simple to set up. That's a nice hack! However to make http proxying working properly there's a lot of hackery related to varios header and html tag rewriting. Additionally tor2web does also: - inject a disclaimer header into HEAD (to explain that's a proxy and you are not hosting content. Mandatory to avoid server takedown) - optimize connections to reduce latency (with a connection pool to each destination torhs) Additionally tor2web is faster than torhs direct access because it use a custom version of Tor (Tor2web Mode) that *remove* the anonymity on the client side of the access. In fact a user accessing Tor2web is not anonymous. And it's strongly advised (by the injected disclaimer header) to download TBB and goes directly. -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] New Yorker debut's Aaron Swartz's 'Strongbox.'
On 18 May 13:32, Fabio Pietrosanti (naif) wrote: On 5/18/13 12:38 PM, Michael Zeltner wrote: Hmm, interesting. A friend and I have recently discovered an easy Tor configuration hack to do something similar: https://www.cryptoparty.at/tor2tcp Would be interested to hear what you think of that. I haven't delved into why using that instance of Tor for anything else makes it stop accepting connections, but as a bare configuration it's remarkably simple to set up. That's a nice hack! However to make http proxying working properly there's a lot of hackery related to varios header and html tag rewriting. Sure, I'm familiar with tor2web, I'm even on the mailing list ;) But as far as I can tell, this is because the .onion does not necessarily expect to get a request for https://duskgytldkxiuqc6.tor2web.org/ and not http://duskgytldkxiuqc6.onion/ - but as far as I understand translation mode, it's meant for enabling hidden (web) services to be accessible from for example a regular mobile browser, yes? With the config from above, it's trivial to get the HS to respond to https://exampledomain.org/ (shouldn't be a problem serving the correct SSL certificate from the HS itself, even though I haven't tested) - the magic of adding headers and disclaimers wouldn't be done by tor2web but you'd have to handle that on the hidden service itself ... Which is still easy because you do actually get passed the Host: header enabling distinguishing connections. Additionally tor2web is faster than torhs direct access because it use a custom version of Tor (Tor2web Mode) that *remove* the anonymity on the client side of the access. In fact a user accessing Tor2web is not anonymous. Right, see https://www.cryptoparty.at/tor2tcp#anonymity The connection pooling is cool though, and the part that I have the least understanding of. I'm not advocating this as an alternative to tor2web or even anonymous access to anything, but I guess it's just a more lightweight approach to the translation mode? It only works with one hidden service per public IP anyway. My interest mostly stems from trying to run a SMTP hidden service that also works with SSL on clearnet, giving the public face VPS as few as possible (i.e. no SSL key, no MTA that might even cache messages if the HS isn't responsive) ... But that's enough veering off the original topic for now. Best, Michael -- https://niij.org/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] New Yorker debut's Aaron Swartz's 'Strongbox.'
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/16/2013 01:37 PM, Griffin Boyce wrote: Kevin Poulsen k...@hacknet.com wrote: Shava Nerad shav...@gmail.com wrote: Nadim Kobeissi na...@nadim.cc wrote: Jacob Appelbaum ja...@appelbaum.net wrote: Sarah Lai Stirland: My god, literally *everyone* lurks on libtech. currently sitting with six people who *all* lurk here, Hee hee hee. - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ That which doesn not kill us makes us stranger. --Trevor Goodchild -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlGWZ6oACgkQO9j/K4B7F8HRxwCfS0D/Aj81FvcgUWjBSfv0GX37 +fIAn0vUv82ksAkLHYS/DIBTM8JfTKbR =hOCv -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] New Yorker debut's Aaron Swartz's 'Strongbox.'
Without taking sides on Strongbox, I made an easy interactive tutorial on how to easily access it from a mobile so that journalists can take a peek for themselves: https://guardianproject.info/2013/05/16/strongbox/ -- @mbelinsky | markbelinsky.com | phone: +1-347-466-9327 | skype: markontheline On Fri, May 17, 2013 at 1:23 PM, The Doctor dr...@virtadpt.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/16/2013 01:37 PM, Griffin Boyce wrote: Kevin Poulsen k...@hacknet.com wrote: Shava Nerad shav...@gmail.com wrote: Nadim Kobeissi na...@nadim.cc wrote: Jacob Appelbaum ja...@appelbaum.net wrote: Sarah Lai Stirland: My god, literally *everyone* lurks on libtech. currently sitting with six people who *all* lurk here, Hee hee hee. - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ That which doesn not kill us makes us stranger. --Trevor Goodchild -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlGWZ6oACgkQO9j/K4B7F8HRxwCfS0D/Aj81FvcgUWjBSfv0GX37 +fIAn0vUv82ksAkLHYS/DIBTM8JfTKbR =hOCv -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] New Yorker debut's Aaron Swartz's 'Strongbox.'
That's awesome! But you write that the dot-onion can only be reached from mobile Android devices. What about this? https://itunes.apple.com/us/app/onion-browser/id519296448?mt=8 On Fri, May 17, 2013 at 10:36 AM, Mark Belinsky mark.belin...@gmail.com wrote: Without taking sides on Strongbox, I made an easy interactive tutorial on how to easily access it from a mobile so that journalists can take a peek for themselves: https://guardianproject.info/2013/05/16/strongbox/ -- @mbelinsky | markbelinsky.com | phone: +1-347-466-9327 | skype: markontheline On Fri, May 17, 2013 at 1:23 PM, The Doctor dr...@virtadpt.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/16/2013 01:37 PM, Griffin Boyce wrote: Kevin Poulsen k...@hacknet.com wrote: Shava Nerad shav...@gmail.com wrote: Nadim Kobeissi na...@nadim.cc wrote: Jacob Appelbaum ja...@appelbaum.net wrote: Sarah Lai Stirland: My god, literally *everyone* lurks on libtech. currently sitting with six people who *all* lurk here, Hee hee hee. - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ That which doesn not kill us makes us stranger. --Trevor Goodchild -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlGWZ6oACgkQO9j/K4B7F8HRxwCfS0D/Aj81FvcgUWjBSfv0GX37 +fIAn0vUv82ksAkLHYS/DIBTM8JfTKbR =hOCv -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] New Yorker debut's Aaron Swartz's 'Strongbox.'
Kevin Poulsen k...@hacknet.com wrote: That's awesome! But you write that the dot-onion can only be reached from mobile Android devices. What about this? https://itunes.apple.com/us/app/onion-browser/id519296448?mt=8 An Apple app is not the best option. You could set up your own customized tor2web service and serve the onion that way. It seems more practical long-term, since it can't be blocked by Apple or abused by a developer. best, Griffin -- Technical Program Associate, Open Technology Institute #Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] New Yorker debut's Aaron Swartz's 'Strongbox.'
On 5/16/13 12:05 AM, Eleanor Saitta wrote: Which parts of the Dead Drop architecture do you think are unnecessary for a leaking platform? First of all leaking is not necessarily whistleblowing (it's like cracking vs hacking wording debate :P) . The act of protecting someone identity that speak up within a specific topic (for public interest) can also be whistleblowing or speaking up, depending on the area of (media, activism, corporation, public administration) and security context (risk of retaliation via life threatening vs. legal threatening). If i would had to take actions on DeadDrop i would simplify as follow: - Make everything work only with 1 server - Make everything to be installed with few command lines - Don't use custom-modified-software but only standard one (that you can update with standard linux's packaging procedures) - Find a tradeoff between the need of efficiency and security for the journalist (there may be many different ways) not forcing them to go trough a custom, read-only, secure viewing workstation for all submissions Those actions mostly for the following reasons: - The Secure Viewing Workstation is unrealistic A journalist (or a group of journalist) need to work on received material online and not offline because they need to search databases, browse google and apply investigative techniques to investigate on the topic. And do it in an efficient way, because time is always a scarce resource. Additionally they need, for efficiency purpose, to collaborate on the received material and to do so there are excellent platform for sharing it like http://www.DocumentCloud.org or DMS (document management system) like Alfresco (www.alfresco.com/) that can help extracting text, applying semantic analysis, collaborating on documents. A that kind of process are to be done online . So i really think it's unrealistic to handle dozen or hundreds of submission per month by copying received data offline, decrypting and analyzing it offline trough a different workstation. IMHO in a realistic workflow, at first the journalist evaluate the data received quickly, identifying if it's spam or ham, define how securely he should handle that data, and then will apply appropriate operational security procedure depending on the data received. - Too Many Servers Looking at https://raw.github.com/deaddrop/DeadDropDocs/master/Deployment.jpg we see that there are 4 servers, 1 switch, several dedicated hardware for operational security (external encrypted hard drive) with a quite complex installation procedure https://github.com/deaddrop/DeadDropDocs/blob/master/README.md . This increase the cost and effort required to startup a whistleblowing initiative in terms of hardware, software, services and skill set required. - Too Much Customized Software Looking at the installation procedure there are several customized procedures and software such as using Hardened GRSecurity linux kernel, requiring to manually maintain security update for all kernel release, and manual setup of a Certification Authority (with OpenSSL), requiring manual handling and management of certificate via command line. Anyhow DeadDrop has it's own design, it's cool, is *extremely* paranoid and i like it. I just find it overkill for a general use. -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - https://globaleaks.org - http://tor2web.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] New Yorker debut's Aaron Swartz's 'Strongbox.'
Sarah Lai Stirland: http://www.newyorker.com/online/blogs/newsdesk/2013/05/strongbox-and-aaron-swartz.html http://www.newyorker.com/online/blogs/backissues/2013/05/strongbox-the-new-yorker-investigates.html Kevin Poulsen suggested I open issues on Github and I've been doing so as 'ioerror' for the last few hours: https://github.com/deaddrop/deaddrop/issues https://github.com/deaddrop/DeadDropDocs/issues Looking at the current deployment doesn't impress me much - I think there is a lot of potential though... All the best, Jacob -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] New Yorker debut's Aaron Swartz's 'Strongbox.'
The technical aspects aside, I find the fact that they're using Aaron Swartz as a marketing asset to be morally problematic. :/ NK On Thu, May 16, 2013 at 6:04 AM, Jacob Appelbaum ja...@appelbaum.netwrote: Sarah Lai Stirland: http://www.newyorker.com/online/blogs/newsdesk/2013/05/strongbox-and-aaron-swartz.html http://www.newyorker.com/online/blogs/backissues/2013/05/strongbox-the-new-yorker-investigates.html Kevin Poulsen suggested I open issues on Github and I've been doing so as 'ioerror' for the last few hours: https://github.com/deaddrop/deaddrop/issues https://github.com/deaddrop/DeadDropDocs/issues Looking at the current deployment doesn't impress me much - I think there is a lot of potential though... All the best, Jacob -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] New Yorker debut's Aaron Swartz's 'Strongbox.'
Nadim Kobeissi na...@nadim.cc wrote: The technical aspects aside, I find the fact that they're using Aaron Swartz as a marketing asset to be morally problematic. :/ NK I was originally conflicted by this as well, but... Considering he was the architect of the project and worked on it, and his family/friends seem to be at peace with it... I suspect there's more to this than meets the eye. What happens to our projects when we die? Will anyone really care about them as much as we do? Will they be mired in potential controversy and left unfinished? There are layers and layers of things that need to be considered when something like this happens, and as I don't know personally know anyone involved, I'm just giving people the benefit of the doubt. If every investigative journalist took the time to learn PGP, Strongbox wouldn't have much to offer. It's *completely* possible to encrypt files on a flash drive and mail it to a journalist (or email it using Tor and a throwaway email). This process is not even especially difficult under Windows. The problem is a lack of user education. I haven't taken a look at the code yet, but cobbling together a webmail script, a remailer (even a not-especially-robust one), and the Stanford javascript crypto library would not be a particularly arduous task. It's not trivial, and you'd have to be a coder, but due diligence and selecting file hosts and all of that would be the hardest part of this entire process. best, Griffin -- Technical Program Associate, Open Technology Institute #Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] New Yorker debut's Aaron Swartz's 'Strongbox.'
On Thu, May 16, 2013 at 10:21 AM, Griffin Boyce griffinbo...@gmail.comwrote: Nadim Kobeissi na...@nadim.cc wrote: The technical aspects aside, I find the fact that they're using Aaron Swartz as a marketing asset to be morally problematic. :/ NK I was originally conflicted by this as well, but... Considering he was the architect of the project and worked on it, and his family/friends seem to be at peace with it... I suspect there's more to this than meets the eye. Yes, he was definitely a main developer, but the article trumpets that a bit too much. It's definitely important and valuable, it should definitely be mentioned, but it reminds me of the Silent Circle debacle where everyone trumpeted Silent Circle as unbreakable because Phil Zimmermann was involved. I don't like it when projects are evaluated by virtue of *who* worked on them rather than how good the code is. What happens to our projects when we die? Will anyone really care about them as much as we do? Will they be mired in potential controversy and left unfinished? There are layers and layers of things that need to be considered when something like this happens, and as I don't know personally know anyone involved, I'm just giving people the benefit of the doubt. If every investigative journalist took the time to learn PGP, Strongbox wouldn't have much to offer. It's *completely* possible to encrypt files on a flash drive and mail it to a journalist (or email it using Tor and a throwaway email). This process is not even especially difficult under Windows. The problem is a lack of user education. I haven't taken a look at the code yet, but cobbling together a webmail script, a remailer (even a not-especially-robust one), and the Stanford javascript crypto library would not be a particularly arduous task. It's not trivial, and you'd have to be a coder, but due diligence and selecting file hosts and all of that would be the hardest part of this entire process. The GlobaLeaks project, to my knowledge, is trying to balance open accessibility in a fashion likely more relevant to your preferences. https://globaleaks.org/ best, Griffin -- Technical Program Associate, Open Technology Institute #Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] New Yorker debut's Aaron Swartz's 'Strongbox.'
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2013.05.16 10.45, Fabio Pietrosanti (naif) wrote: On 5/16/13 12:05 AM, Eleanor Saitta wrote: Which parts of the Dead Drop architecture do you think are unnecessary for a leaking platform? First of all leaking is not necessarily whistleblowing (it's like cracking vs hacking wording debate :P) . Well, in this case, the system was designed to receive leaked documents, fairly specifically; I think that's probably a reasonable term here. If i would had to take actions on DeadDrop i would simplify as follow: - Make everything work only with 1 server Why do you think that less compartmentalization will result in a more secure system, if that system is likely to be under active attack by corporate and nation state security forces? A journalist (or a group of journalist) need to work on received material online and not offline because they need to search databases, browse google and apply investigative techniques to investigate on the topic. And do it in an efficient way, because time is always a scarce resource. There is a difference between reading leaked documents and doing investigation. It's perfectly reasonable to have another laptop right next to the viewing workstation, where story notes go, searches are run, less confidential background material is looked at, etc. Additionally they need, for efficiency purpose, to collaborate on the received material and to do so there are excellent platform for sharing it like http://www.DocumentCloud.org or DMS (document management system) like Alfresco (www.alfresco.com/) that can help extracting text, applying semantic analysis, collaborating on documents. This depends on the kind of documents you're talking about, and the kind of story. If you've been given a dump of millions of documents that need to be analyzed in the manner you're talking about, sure. Not all leaks look like that; many don't. In a case like this, it might be a reasonable decision to, having looked at a document dump, move it to a non-airgapped machine where it can be accessed in a collaborative way. However, one might well not want to bring over potentially incriminating records of messages with a source into that environment, and one might wish to ensure that unnecessary metadata had been removed from documents first, again to protect sources. So i really think it's unrealistic to handle dozen or hundreds of submission per month by copying received data offline, decrypting and analyzing it offline trough a different workstation. What do you base your assumptions of submission rate and workload on? IMHO in a realistic workflow, at first the journalist evaluate the data received quickly, identifying if it's spam or ham, define how securely he should handle that data, and then will apply appropriate operational security procedure depending on the data received. If you do this on a non-airgapped machine that's been compromised and you figure out that what you've been handed is serious, it's a bit late, no? Operational security isn't magic sauce you can spread around afterwards. - Too Many Servers Looking at https://raw.github.com/deaddrop/DeadDropDocs/master/Deployment.jpg we see that there are 4 servers, 1 switch, several dedicated hardware for operational security (external encrypted hard drive) with a quite complex installation procedure https://github.com/deaddrop/DeadDropDocs/blob/master/README.md . This increase the cost and effort required to startup a whistleblowing initiative in terms of hardware, software, services and skill set required. ...because this is what's needed, in this architecture. You're talking about analyzing hundreds of submissions a month collaboratively and using large scale document analysis systems, and you're worried about buying a few boxes and hiring a sysadmin? - Too Much Customized Software Looking at the installation procedure there are several customized procedures and software such as using Hardened GRSecurity linux kernel, requiring to manually maintain security update for all kernel release, and manual setup of a Certification Authority (with OpenSSL), requiring manual handling and management of certificate via command line. Well, if folks start shipping properly hardened distributions (and there are some arguments for moving over to tails, for this reason), then this'd be a bit less work. Again, just because it's hard doesn't mean it's not necessary. I just find it overkill for a general use. What's general use? E. - -- Ideas are my favorite toys. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iF4EAREIAAYFAlGU8ScACgkQQwkE2RkM0wqiDAD+KmN7RbtPcvwdI6NvGqFEuOyI ZqzNGf8/PdSikhjDgg0A/2ZO7E4bSrIwF1NX3iBQdChBcJV4T1D+odCCLMq7i67f =HYnk -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at
Re: [liberationtech] New Yorker debut's Aaron Swartz's 'Strongbox.'
I was glad that they marketed it the way they did. Stephen Heymann and Carmen Ortiz have faced no consequences for their prosecutorial zeal. Aaron's Law isn't going anywhere fast, and it would be very easy for the public at large to move on to other things. Any mention of Aaron in the *New Yorker* is a good thing, if we think that Heymann and Ortiz should continue to face pressure. And I think this mention is particularly appropriate because most *New Yorker* readers have only a vague sense that he was some hacker guy who stole some copyrighted things. The article does a nice, respectful job of remembering him. And we shouldn't be forgetting him just yet. You're probably right that there's something a litte morally problematic about using him to market deaddrop software in this way. But in this case I think the moral ledger is weighted pretty heavily in the other direction. Regards, DK On Thu, May 16, 2013 at 10:42 AM, Nadim Kobeissi na...@nadim.cc wrote: On Thu, May 16, 2013 at 10:21 AM, Griffin Boyce griffinbo...@gmail.comwrote: Nadim Kobeissi na...@nadim.cc wrote: The technical aspects aside, I find the fact that they're using Aaron Swartz as a marketing asset to be morally problematic. :/ NK I was originally conflicted by this as well, but... Considering he was the architect of the project and worked on it, and his family/friends seem to be at peace with it... I suspect there's more to this than meets the eye. Yes, he was definitely a main developer, but the article trumpets that a bit too much. It's definitely important and valuable, it should definitely be mentioned, but it reminds me of the Silent Circle debacle where everyone trumpeted Silent Circle as unbreakable because Phil Zimmermann was involved. I don't like it when projects are evaluated by virtue of *who* worked on them rather than how good the code is. What happens to our projects when we die? Will anyone really care about them as much as we do? Will they be mired in potential controversy and left unfinished? There are layers and layers of things that need to be considered when something like this happens, and as I don't know personally know anyone involved, I'm just giving people the benefit of the doubt. If every investigative journalist took the time to learn PGP, Strongbox wouldn't have much to offer. It's *completely* possible to encrypt files on a flash drive and mail it to a journalist (or email it using Tor and a throwaway email). This process is not even especially difficult under Windows. The problem is a lack of user education. I haven't taken a look at the code yet, but cobbling together a webmail script, a remailer (even a not-especially-robust one), and the Stanford javascript crypto library would not be a particularly arduous task. It's not trivial, and you'd have to be a coder, but due diligence and selecting file hosts and all of that would be the hardest part of this entire process. The GlobaLeaks project, to my knowledge, is trying to balance open accessibility in a fashion likely more relevant to your preferences. https://globaleaks.org/ best, Griffin -- Technical Program Associate, Open Technology Institute #Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Dave Karpf, PhD Assistant Professor George Washington University School of Media and Public Affairs www.davidkarpf.com daveka...@gmail.com Author of *The MoveOn Effect: The Unexpected Transformation of American Political Advocacyhttp://www.amazon.com/The-MoveOn-Effect-Unexpected-Transformation/dp/0199898383/ref=pd_rhf_gw_p_t_1 *(Oxford University Press) -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] New Yorker debut's Aaron Swartz's 'Strongbox.'
/snark Why, take the positive spin. Think of it as proving the New Yorker's place in this constellation. They can destroy Aaron Swartz' character in one article and use him now to promote their project without a single qualm. And, they can hire Poulsen who has publically compared Tor and Tor users to terrorists and worse in the pages of their sister publication Wired (once so egregiously that even in this day of op/ed journalism, I got a retraction) to maintain it, since who would understand the architecture and user needs better? This proves, beyond a shadow of a doubt, their journalistic integrity. /end snark Standard disclaimer: haven't spoken for Tor officially since 2007. But gz. This seems special. Of course, I imagine it doesn't make a fig of difference to the average observer, but it's stunning how bold obscurantist things like this I can see make me wonder -- what richness am I just missing in my environment daily for lack of awareness of the foxes that surround me? Yrs, Shava Nerad shav...@gmail.com On May 16, 2013 10:01 AM, Nadim Kobeissi na...@nadim.cc wrote: The technical aspects aside, I find the fact that they're using Aaron Swartz as a marketing asset to be morally problematic. :/ NK On Thu, May 16, 2013 at 6:04 AM, Jacob Appelbaum ja...@appelbaum.netwrote: Sarah Lai Stirland: http://www.newyorker.com/online/blogs/newsdesk/2013/05/strongbox-and-aaron-swartz.html http://www.newyorker.com/online/blogs/backissues/2013/05/strongbox-the-new-yorker-investigates.html Kevin Poulsen suggested I open issues on Github and I've been doing so as 'ioerror' for the last few hours: https://github.com/deaddrop/deaddrop/issues https://github.com/deaddrop/DeadDropDocs/issues Looking at the current deployment doesn't impress me much - I think there is a lot of potential though... All the best, Jacob -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] New Yorker debut's Aaron Swartz's 'Strongbox.'
Shava, are you talking about this? http://www.wired.com/threatlevel/2007/07/cyber-jihadists/ I was glib, to be sure, but I followed up by posting the entirety of your 500 word response to my 200 word post. Also, 2007. On Thu, May 16, 2013 at 8:12 AM, Shava Nerad shav...@gmail.com wrote: /snark Why, take the positive spin. Think of it as proving the New Yorker's place in this constellation. They can destroy Aaron Swartz' character in one article and use him now to promote their project without a single qualm. (once so egregiously that even in this day of op/ed journalism, I got a retraction) to maintain it, since who would understand the architecture and user needs better? This proves, beyond a shadow of a doubt, their journalistic integrity. /end snark Standard disclaimer: haven't spoken for Tor officially since 2007. But gz. This seems special. Of course, I imagine it doesn't make a fig of difference to the average observer, but it's stunning how bold obscurantist things like this I can see make me wonder -- what richness am I just missing in my environment daily for lack of awareness of the foxes that surround me? Yrs, Shava Nerad shav...@gmail.com On May 16, 2013 10:01 AM, Nadim Kobeissi na...@nadim.cc wrote: The technical aspects aside, I find the fact that they're using Aaron Swartz as a marketing asset to be morally problematic. :/ NK On Thu, May 16, 2013 at 6:04 AM, Jacob Appelbaum ja...@appelbaum.net wrote: Sarah Lai Stirland: http://www.newyorker.com/online/blogs/newsdesk/2013/05/strongbox-and-aaron-swartz.html http://www.newyorker.com/online/blogs/backissues/2013/05/strongbox-the-new-yorker-investigates.html Kevin Poulsen suggested I open issues on Github and I've been doing so as 'ioerror' for the last few hours: https://github.com/deaddrop/deaddrop/issues https://github.com/deaddrop/DeadDropDocs/issues Looking at the current deployment doesn't impress me much - I think there is a lot of potential though... All the best, Jacob -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] New Yorker debut's Aaron Swartz's 'Strongbox.'
Kevin Poulsen k...@hacknet.com wrote: Shava Nerad shav...@gmail.com wrote: Nadim Kobeissi na...@nadim.cc wrote: Jacob Appelbaum ja...@appelbaum.net wrote: Sarah Lai Stirland: My god, literally *everyone* lurks on libtech. currently sitting with six people who *all* lurk here, Griffin Boyce -- Technical Program Associate, Open Technology Institute #Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] New Yorker debut's Aaron Swartz's 'Strongbox.'
Dios los cría y ellos se juntan, they say in Spanish! :D Best Regards | Cordiales Saludos | Grato, Andrés L. Pacheco Sanfuentes a...@acm.org +1 (817) 271-9619 On Thu, May 16, 2013 at 12:37 PM, Griffin Boyce griffinbo...@gmail.com wrote: Kevin Poulsen k...@hacknet.com wrote: Shava Nerad shav...@gmail.com wrote: Nadim Kobeissi na...@nadim.cc wrote: Jacob Appelbaum ja...@appelbaum.net wrote: Sarah Lai Stirland: My god, literally *everyone* lurks on libtech. currently sitting with six people who *all* lurk here, Griffin Boyce -- Technical Program Associate, Open Technology Institute #Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] New Yorker debut's Aaron Swartz's 'Strongbox.'
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2013.05.17 00.05, Fabio Pietrosanti (naif) wrote: I like deaddrop uber-paranoid approach. I'm just convinced that's overkill, designed to be excessively scarifying usability efficiency, thus not being suitable for the many uses that we'd love to see starting up their anonymous whistleblowing initiatives. This is a system designed in a Western context for the use of rich-world professional media organizations. Yes, it's not going to be achievable for everyone. Is very important, in my own view, to let an ecosystem of initiatives to start with few or no effort because it's better to have 10.000 diverse, distributed whistleblowing sites rather than few big and complicated ones. What level of risk is it appropriate for organizations to expose their (indirect) users to? What level of risk mitigation do you as a software developer have an obligation to those individuals for? I don't ask this in a flip way. Democratization of access doing things like running a whistleblowing system is great. On the other hand, encouraging people to start doing activities by making things easier when you know people aren't going to be able to properly defend themselves is maybe a bit problematic. Obviously, it's their call, but as a tool-builder, you're not isolated from that decision. This is a question that runs through a lot of our field right now. If you release software that encourages high-risk behavior (like, say, secure communications for activists) but don't do basic due diligence (like getting it audited and fixing the identified issues), this is a problem. If we teach people how to do some secure communications and thus encourage them to talk about risky things online but we know they're not actually going to know enough to stay safe, have we raised awareness, or just put them in danger? That kind of enemy (corporate or nation state security) would attack the organization and the people, not the server (placed in a unknown location behind a Tor Hidden Services). Not necessarily. It's often very expensive for governments in terms of PR for them to come after media organizations directly. Using this example, if the FBI sends a subpoena to the New Yorker for the contents of this system, a bunch of journalists dutifully troop off to jail instead of turning the system over, and the case blows up to the front page of every single newspaper in the country for a week. A corporation has even less recourse -- they likely can't even sue until something has been published, and then often the most they can do is throw a libel suit around. This isn't true in every context, but different avenues of attack always have different kinds of defense. If you constrain your adversary in terms of what actions they can take, that's a victory. Separately, if you're not trying to defend against nation state or corporate security forces, exactly who are receiving leaks on? And if that enemy would attack the servers, it would reasonably do it only after many weeks or months that the incriminated submissions has been done, after the information has been already leaked and published. This makes no sense. Why would they do that? If they don't know about a leak, sure, but that's not always the case, and there are times when an organization might want to just keep an eye on what's going through a server like this. Regarding compartmentalization, that's to be done trough proper system/filesystem/network sandboxing system for efficiency purpose, by using SELinux/Apparmor/Iptables modern systems. Even US NSA abandoned most physical compartmentalization practices by applying logical compartmentalization (see NSA Mobility Package or NSA Trusted Systems as examples). No, they didn't. They offer non-compartmentalized tools for some situations. SIPRNet workstations are airgapped from NIPRNet, etc. VM breakout attacks are a very real thing and the notion that virtual separation is sufficient for compartmentalization when under serious attack is very, very dangerous. Obviously, it should go as read that there are tradeoffs here, and I agree that this design is suitable for specific scenarios, not everywhere. Again, though, why the emphasis on a single machine? I can understand saying that there should be a lower admin bar -- that seems entirely reasonable, but hardware is *cheap*, especially when you're looking at very low throughput use cases. Cheap isn't free, even in the developing world, but a server here can be something as light as a raspberry pi. Humans are the expensive part of any deployment scenario for a system like this. In that scenario if the journalist workstation is compromised also the scope of his investigation is compromised, regardless the secure viewing workstation is secure. If national security forces are listening to journalist workstation, they know what's going on. They know some things, sure. Compromise is not an all or
[liberationtech] New Yorker debut's Aaron Swartz's 'Strongbox.'
http://www.newyorker.com/online/blogs/newsdesk/2013/05/strongbox-and-aaron-swartz.html http://www.newyorker.com/online/blogs/backissues/2013/05/strongbox-the-new-yorker-investigates.html -- Sarah Lai Stirland Senior Writer techPresident Tel: 415-859 9749 Twitter:@LaiStirland http://techpresident.com/blog/76848 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] New Yorker debut's Aaron Swartz's 'Strongbox.'
Hello Sarah: Really interesting! Thanks for the news, I've just proposed to implement the DeadDrop software in our local Pirate Party in Madrid/Spain. Regards, On Wed, May 15, 2013 at 7:17 PM, Sarah Lai Stirland sa...@personaldemocracy.com wrote: http://www.newyorker.com/online/blogs/newsdesk/2013/05/strongbox-and-aaron-swartz.html http://www.newyorker.com/online/blogs/backissues/2013/05/strongbox-the-new-yorker-investigates.html -- Sarah Lai Stirland Senior Writer techPresident Tel: 415-859 9749 Twitter:@LaiStirland http://techpresident.com/blog/76848 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Eduardo -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] New Yorker debut's Aaron Swartz's 'Strongbox.'
Is there a technical write up of the architecture anywhere? On 5/15/2013 1:17 PM, Sarah Lai Stirland wrote: http://www.newyorker.com/online/blogs/newsdesk/2013/05/strongbox-and-aaron-swartz.html http://www.newyorker.com/online/blogs/backissues/2013/05/strongbox-the-new-yorker-investigates.html -- Sarah Lai Stirland Senior Writer techPresident Tel: 415-859 9749 Twitter:@LaiStirland http://techpresident.com/blog/76848 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech *R. Jason Cronk, Esq., CIPP/US* /Privacy Engineering Consultant/, *Enterprivacy Consulting Group* enterprivacy.com * phone: (828) 4RJCESQ * twitter: @privacymaverick.com * blog: http://blog.privacymaverick.com -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech