Case in point: I received an invitation under the names of five separate
organizations I am affiliated with (none of which are OWS related) to
fill this out. It originally said real name required, was changed to
alias after I objected publicly, but the rest still stands.
http://occupywallst.org/media-survey/
All the crypto and Tor in the world isn't going to help with this.
All the best,
Heather
On 12-10-09 1:26 PM, ttscanada wrote:
On 12-10-09 10:41 AM, Jacob Appelbaum wrote:
ttscanada:
On 12-10-09 4:23 AM, Bernard Tyers - ei8fdb wrote:
Sending a PGP encrypted e-mail to you mom, should be as easy as
sending an un-encrypted e-mail to your mom. But the education of
why you should be sending an e-mail encrypted should also be given.
Granted, a valid threat-model should be explained, as a given.
Thank you. I understand that this is a *crypto* party discussion -
but I really hope the end result of this manual focuses on use cases
and threat modeling as well as the technology.
I agree entirely. We need to look at the real uses. We should stop
degrading the hypothetical mom though, the question is about literacy
and to suggest that women are less literate is pretty offensive.
Obviously, it wasn't intended in that way but boy, I've certainly had
someone read me the riot act for saying that exact example.
+1
Some ideas of security rely far more on technical contortions than
real life assessment, the equivalent of entering a crowd wearing a
flame retardant SWAT suit instead of just taking an alley. Secure
anonymity is frequently the dead opposite of security based on trust
networks such as pgp signed emails which depend on a real life
identity being known and completely remove deniability or ease of
frequently switching identities.
I think this is rather bogus. Anonymity, in terms of traffic analysis
resistance, as far as the local network is concerned is not in conflict
with identified services.
Hmm. I was not clear. My point was that I would like to see the
benefits of anonymity pointed out (as opposed to simply privacy) more
often than it is. Of course traffic analysis is a major threat to
anonymity, my concern is in encouraging people to think that they are
somehow safe simply because the content of their emails is encrypted.
We all know that people all over the world are suffering the
consequences of simply pulling attention or association, no proof of
content required. Trust networks are the antithesis of the type of
anonymity required to combat pulling attention.
I regularly sign or encrypt email with GPG that is sent with Thunderbird
(with TorBirdy) via Gmail over Tor. I do this because location anonymity
is important to me and without Tor's anonymity, gmail would know every
location and so too would my location be revealed by the headers in my
email. Additionally, I think this makes it harder to target a specific
MITM flaw in my email client - there were years where you could
downgrade the STARTTLS in some email clients. While a Tor exit node
might be able to do that if the flaw exists, the Tor exit node doesn't
know that I'm me automatically, so selective targeting becomes
significantly harder. Not impossible, of course.
Juts today - I was on a network that blocked chat services and what we
found was that most people didn't notice because their chat was running
over Tor with TLS, a few were going to Tor Hidden Services - only those
that felt they didn't "need anonymity" were impacted. Oh the irony of
thinking of the issue of anonymity as only personal privacy, rather than
the larger issue of traffic analysis, surveillance, filtering and
censorship.
Yes, you are outlining two cases where you are communicating with
people you know as a person known to them. I am suggesting we (as in
large scale movements around the world) need to look more closely at
data driven (as opposed to personality driven) models ... ie if/when
Tribler gets onion routing working and an anonymous entity can drop
data to a hashtag (instead of a person), this is to me a more secure
communication model than one which relies on relationships between
individuals, ie f2f or other. Then we have to deal with voice
amplification and astroturfing issues, but it is the path I would
rather proceed down than the trust networks being advocated by for
instance, OWS which are fairly obviously problematic.
Of course this only applies to some specific instances such as large
scale organizing; as I said, let's look at what is best in each case.
Let's not lose track of the end goal, which is security not just
security tools.
The end goal for me is about social justice and law alone has not and
will not produce social justice in isolation. We also need various
innovations working in concert with policies. We won't have security
without code to back it up - that is what we're seeing all over the
world with the massive expansion of surveillance and censorship. The
people, corporations, and governments running national firewalls were
supposedly doing it for benevolent reasons. As expected from historical
context, they're expanding their power and their impact, to benefit of
powerful stake holders, to keep their position and influence well secured.
Agreed, overcoming the guardian coupd'état is the real end goal.
http://georgiebc.wordpress.com/2012/09/17/individuals-in-society/
All the best,
Heather
All the best,
Jacob
--
Unsubscribe, change to digest, or change password
at:https://mailman.stanford.edu/mailman/listinfo/liberationtech
--
Unsubscribe, change to digest, or change password at:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
--
Unsubscribe, change to digest, or change password at:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
