Re: [liberationtech] Small size static HTML hosting with no ads and tor friendly

2013-09-10 Thread Moon Jones
On 10.09.2013 21:01, The Doctor wrote: It might be worth examining some static site generators, [...] I'm having something like that in mind. The issue was getting the text plus graphics online. The aversion to advertising is not against the actual advertising. I'm using adblock to kill almo

Re: [liberationtech] Linux distribution on encrypted USB?

2013-09-10 Thread Moon Jones
On 10.09.2013 17:58, Griffin Boyce wrote: I don't think it's particularly feasible without . Something that works currently is using a laptop without a hard drive, a USB with TAILS or Whonix, and another (encrypted) USB with your critical files on it. Yes, Tails seems to be the solution her

Re: [liberationtech] Naive Question

2013-09-10 Thread Hauke Gierow
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Well, you could do it in another way: have a sign somwhere and post a webcam to it, which renews the picture every now an then... many things can happen to this offline signs without codings Hauke -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (

Re: [liberationtech] quid pro quo

2013-09-10 Thread Lucas Gonze
The "other pressure" you mention is just what I was thinking of. On the one hand there is a threat. "Cooperate with NSA or DOD won't consider your bids." On the other hand there is an offer. "Cooperate with NSA and DOD will favor your bids." About the cash payments, operational costs are a small

[liberationtech] iPhone5S Fingerprint and 5th amendment

2013-09-10 Thread Percy Alpha
I know that users can be forced to handover digital card and written down passcode to decrypt data while memorized passcode is mostly safe from subpena and court orders. As iPhone5S uses fingerprint to lock the device, could users be forced to unlock their iPhone5S? As police can legally collect f

Re: [liberationtech] Meet the 'cowboy' in charge of the NSA

2013-09-10 Thread Shelley
Maybe I just don't have the "broken Internets" problem very often, or I don't notice it. I can use important sites such as my email provider's web interface (when I'm not near my regular email client) and my credit union's mobile site without enabling scripts, so there really isn't much I'm going

Re: [liberationtech] Naive Question

2013-09-10 Thread Jon Camfield
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Monday, September 09, 2013 05:09 PM, Jonathan Wilkes wrote: > On 09/09/2013 03:40 PM, Case Black wrote: >> There's a more subtle variant to this idea... [SNIP] > In short I don't think there's a hack for this one, it just > requires old fashioned ac

Re: [liberationtech] Meet the 'cowboy' in charge of the NSA

2013-09-10 Thread Joseph Lorenzo Hall
On 9/9/13 2:55 PM, Al Billings wrote: > I suggest your use of the net is well outside the mainstream, even > amongst security folks. Some of us actually use social networking, for > example, or don't want ugly, half broken websites simply because we fear > a JavaScript zero day. Hi Al, big fan.

Re: [liberationtech] iPhone 5S Fingerprint and Records (Was: iPhone5S and 5th amendment)

2013-09-10 Thread Rodrigo Fernos
I think the most worrisome issue is that, any security vulnerability will make direct personal information available to hackers. In other words, password theft has no direct implciaiton to your persona, in contrast to bodily information of the fingerprint. If hacked, this might be used for ulterior

Re: [liberationtech] iPhone 5S Fingerprint and Records (Was: iPhone5S and 5th amendment)

2013-09-10 Thread Rodrigo Fernos
Interesting suggestion. (Do note that supposedly the device will read 'deep in the epidermis', through various skin layers. This suggests that a life size image of fingerprint might not actually work.) R On Tue, Sep 10, 2013 at 5:54 PM, Scott Elcomb wrote: > Starting a new thread - it's rela

Re: [liberationtech] iPhone 5S Fingerprint and Records (Was: iPhone5S and 5th amendment)

2013-09-10 Thread Andy Isaacson
On Tue, Sep 10, 2013 at 05:54:44PM -0400, Scott Elcomb wrote: > Starting a new thread - it's related but a slightly different topic. > > Despite having several devices with fingerprint scanners, I've never used one. > > With the release of iPhone 5S and all the discussion around it, I'm > curious

Re: [liberationtech] iPhone5S Fingerprint and 5th amendment

2013-09-10 Thread Yosem Companys
Your fingerprints change: http://blog.erratasec.com/2013/09/fingerprints-can-change.html by @ErrataRob On Tue, Sep 10, 2013 at 4:25 PM, John Adams wrote: > Has Apple released specs on the operation of the fingerprint system? I.e. > Can it be configured to use both a pin and a fingerprint? > >

Re: [liberationtech] iPhone5S Fingerprint and 5th amendment

2013-09-10 Thread John Adams
Has Apple released specs on the operation of the fingerprint system? I.e. Can it be configured to use both a pin and a fingerprint? -j On Tue, Sep 10, 2013 at 2:34 PM, Percy Alpha wrote: > I know that users can be forced to handover digital card and written down > passcode to decrypt data whi

Re: [liberationtech] quid pro quo

2013-09-10 Thread Seth Woodworth
It's not legal to pay for preferential treatment from the government, that's bribery. Why would it be illegal for the NSA to pay ATT & Chase? On Tue, Sep 10, 2013 at 3:27 PM, Lucas Gonze wrote: > Let's say major corps like ATT and Chase are doing favors for NSA. Why > would they if not for a

Re: [liberationtech] Meet the 'cowboy' in charge of the NSA

2013-09-10 Thread Al Billings
Clearly not a battle I'm going to "win" in any sense with this audience but, really, the current Internet (for many many reasons) is pretty broken in places (and I don't just mean Facebook) when you turn off JS. We talk about this at work a lot and even amongst my peers with NoScript installed,

Re: [liberationtech] iPhone 5S Fingerprint and Records (Was: iPhone5S and 5th amendment)

2013-09-10 Thread Richard Brooks
Yes. There is a good hack from the CCC where they published the fingerprints of the German Innenminister (equivalent of Attorney General). They also showed how latex fingerprint imprints can fool existing scanners. On 09/10/2013 05:54 PM, Scott Elcomb wrote: > Starting a new thread - it's related

[liberationtech] iPhone 5S Fingerprint and Records (Was: iPhone5S and 5th amendment)

2013-09-10 Thread Scott Elcomb
Starting a new thread - it's related but a slightly different topic. Despite having several devices with fingerprint scanners, I've never used one. With the release of iPhone 5S and all the discussion around it, I'm curious if fingerprints on file with various Law Enforcement agencies could be pr

Re: [liberationtech] quid pro quo

2013-09-10 Thread Don Marti
begin Moritz Bartl quotation of Tue, Sep 10, 2013 at 11:08:18PM +0200: > On 09/10/2013 09:27 PM, Lucas Gonze wrote: > > Let's say major corps like ATT and Chase are doing favors for NSA. Why > > would they if not for a quid pro quo? > > > > And if they are getting favors in return, isn't that ille

Re: [liberationtech] Linux distribution on encrypted USB?

2013-09-10 Thread Griffin Boyce
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/10/2013 08:41 AM, Moon Jones wrote: > A portable distribution on an encrypted stick. > > In the end, I think only an USB hard drive can offer that, because of the way memory locations are handled by flash media. > > But is it feasable to have a

Re: [liberationtech] iPhone 5S Fingerprint and Records (Was: iPhone5S and 5th amendment)

2013-09-10 Thread Bill Woodcock
On Sep 10, 2013, at 2:54 PM, Scott Elcomb wrote: > Starting a new thread - it's related but a slightly different topic. > > Despite having several devices with fingerprint scanners, I've never used one. > > With the release of iPhone 5S and all the discussion around it, I'm > curious if finger

Re: [liberationtech] Small size static HTML hosting with no ads and tor friendly

2013-09-10 Thread The Doctor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/07/2013 08:14 AM, Moon Jones wrote: > I want to do some microsites. All static. HTML plus a few > optimised graphics. A few megabytes each. But I don't want ads. And > it should be done over Tor. It's not about FBI/NSA, but about > having less d

Re: [liberationtech] quid pro quo

2013-09-10 Thread Kyle Maxwell
In general, as has been well documented, the telcos and other firms charge the government for data records. While possibly distasteful ("they're making money off of giving our data to the gov!"), it makes sense from an operational point of view: there are real, concrete costs associated with storin

Re: [liberationtech] quid pro quo

2013-09-10 Thread Lucas Gonze
My thought is that the reported payments to compensate big corps aren't enough to justify the opportunity cost. For example, Room 641A. No doubt NSA is putting some cash in, but the actual revenue is probably 1/1000th the cost to ATT. Renting rooms and taps to governments is not a business ATT wou

Re: [liberationtech] quid pro quo

2013-09-10 Thread Moritz Bartl
On 09/10/2013 09:27 PM, Lucas Gonze wrote: > Let's say major corps like ATT and Chase are doing favors for NSA. Why > would they if not for a quid pro quo? > > And if they are getting favors in return, isn't that illegal? > > I wonder if there is evidence to show what the payback is. http://www.

[liberationtech] quid pro quo

2013-09-10 Thread Lucas Gonze
Let's say major corps like ATT and Chase are doing favors for NSA. Why would they if not for a quid pro quo? And if they are getting favors in return, isn't that illegal? I wonder if there is evidence to show what the payback is. -- Liberationtech is a public list whose archives are searchable o

[liberationtech] Obama's review group on surveillance seeking public comment, including "impact on foreign policy"

2013-09-10 Thread Danny O'Brien
(Apologies if you get this via a few mailing lists. I've tried to spread it widely yet thinly. And of course, feel free to forward yourself, if only so I get less blame for over-forwarding) The newly created Review Group on Intelligence and Communications Technologies is seeking public comment on

[liberationtech] Modulo the usual problems with HTTPS/SSL, anyone have any critiques of this?

2013-09-10 Thread Bill Woodcock
http://www.kickstarter.com/projects/1904431672/trsst-a-distributed-secure-blog-platform-for-the-o -Bill -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford

[liberationtech] Linux distribution on encrypted USB?

2013-09-10 Thread Moon Jones
A portable distribution on an encrypted stick. In the end, I think only an USB hard drive can offer that, because of the way memory locations are handled by flash media. But is it feasable to have a two device solution? Media1 has the /boot but Media2 has the strong key. Media1 boots, prompts

Re: [liberationtech] Naive Question

2013-09-10 Thread A.Cammozzo
On 09/09/2013 11:09 PM, Jonathan Wilkes wrote: > On 09/09/2013 03:40 PM, Case Black wrote: >> There's a more subtle variant to this idea... >> >> Regularly state ("put up a sign") that you HAVE in fact received an >> NSL...with the public understanding that it must be a lie (there's no >> law ag

Re: [liberationtech] Cryptogeddon

2013-09-10 Thread Bernard Tyers - ei8fdb
This sounds a nice idea. There was a similar idea (in its early stages) presented at SOUPS 2013 (Symposium on Usable Privacy and Security) earlier this year. [1] It was called "Device Dash: An Educational Computer Security Game" presented by Era Vuksani. Unfortunately the Era's thesis is not

Re: [liberationtech] Cryptogeddon

2013-09-10 Thread Dan O'Huiginn
I like this concept. I'd particularly love a more basic version of this, perhaps using openbadges to reward people who make it through a game-cum-course that lets them use security-related tools. A perennial problem in security education is getting people enough practical experience. That's parti

Re: [liberationtech] Other distros like Ubuntu Privacy Remix?

2013-09-10 Thread Moon Jones
On 03.09.2013 14:10, Moon Jones wrote: I stumbled upon UPR these last days. It does not work on my machines. But the idea sounds good. Yet I could not find anything like it. Tails comes close, but the network is enabled. I discovered that Trisquel can be used on most (not all!) laptops with su