[liberationtech] BBC: Izmir police arrested 25 people for tweeting misinformation.
http://www.bbc.co.uk/news/world-europe-22776946 Also in Izmir, state-run Anatolia news agency reported that police had arrested 25 people for tweeting misinformation. An official from the opposition Republican People's Party (CHP), Ali Engin, told Anatolia they were being held for calling on people to protest. Prime Minister Recep Tayyip Erdogan said on Sunday that Twitter was a menace being used to spread lies. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Anonymous Group Moderation?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 27/05/13 20:37, Bruce Potter at IRF wrote: I have a friend working in a politically volatile environment overseas environment who's interested in taking over a public e-mail group/listserv as a public participation service. The friend is based in the US, but the focus of the listserv is in a country where courts have held group moderators responsible for the content of various sorts of forums and discussion groups -- even if messages themselves are not moderated. Because my friend would prefer to avoid litigation, and perhaps limits on his future international travel, he's looking for simple options that would allow him to set up a group anonymously. Can that be done? Hi Bruce, One option would be to set up an anonymous Google account and use it to create a Google Group. To set up the anonymous account you'll need a burner phone with a prepaid SIM, which will be used to receive a confirmation code via SMS. The phone and SIM should be bought anonymously with cash, ideally from busy locations. A second-hand phone is less likely to be tracable to the place you bought it than a new phone. The phone should only be switched on while setting up the Google account; once you've received the confirmation code, switch off the phone and dispose of the phone and SIM card. The phone company will know the location at which the SMS was received, so it's best to receive it in a busy location. The anonymous Google account should be created and accessed via Tor - if you *ever* access the account without going through Tor, your anonymity will be lost. Don't visit any sites connected to your real identity during a Tor session in which you access the anonymous account. Another option would be to set up an anonymous Yahoo account and use it to create a Yahoo Group. At present, in the UK at least, you don't need a valid phone number to create a Yahoo account, so you can skip all the cloak and dagger stuff with the burner phone - just use Tor to create an anonymous Yahoo account and give a fake phone number along with the other fake contact details. As with Google, the fake Yahoo account must *always* be accessed via Tor, and you shouldn't visit any sites connected to your real identity during a Tor session in which you access the anonymous account. Hope this helps - I'd be interested to know how your friend gets on. Cheers, Michael -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJRryh1AAoJEBEET9GfxSfMlnoH/inp3MqVe5IG8ga64tmOmvVj fb0ucZM7UEI+GSoqPkQnBcPmTkRnHtgeykLFcfS6uJvyziEM3C7qlygupvUWEeUj +JPoDEv5ZOFHmL2LK6jZReZpatjHotASz7R4ibPCtgGPvTjwm+lwsMi+rS/i9jEK jXuPpMjRHUY/IFf1piTBzbpoRaWxMdsdFXhBv1VTCUsPl065MZSsgiUSacJH34in waPUBY4zc0JvuVAWbvreDQyBkMIn2JATLJe+2tTlgRTpd5Ut5nSjHa/DFP0rjMGH 3RU6B+kxBo2Lt6fv/GD9LYYJvnLHVjrjlpSP/uwcieXsi9KWOKVqFOeYm+a7Y2U= =/+ec -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] BBC: Izmir police arrested 25 people for tweeting misinformation.
michael gurstein gurst...@gmail.com writes: http://www.bbc.co.uk/news/world-europe-22776946 Also in Izmir, state-run Anatolia news agency reported that police had arrested 25 people for tweeting misinformation. An official from the opposition Republican People's Party (CHP), Ali Engin, told Anatolia they were being held for calling on people to protest. Prime Minister Recep Tayyip Erdogan said on Sunday that Twitter was a menace being used to spread lies. It is frightening to hear about arrests in turkey because of twitter. How were they identified? More importantly, the announcement comes from the state-run news. One should take any state-run news with a grain of salt. Perhaps this was done to scare people away from using social media. If that is the real truth, then the state-run media is the one spreading misinformation, which would be ironic which perhaps belies the truth. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] BBC: Izmir police arrested 25 people for tweeting misinformation.
In Turkey, in order to have an Internet-enabled phone, one must provide citizen ID. So, it's not that complicated to identify people after all... My 2 cents, 2013/6/5 micah mi...@riseup.net michael gurstein gurst...@gmail.com writes: http://www.bbc.co.uk/news/world-europe-22776946 Also in Izmir, state-run Anatolia news agency reported that police had arrested 25 people for tweeting misinformation. An official from the opposition Republican People's Party (CHP), Ali Engin, told Anatolia they were being held for calling on people to protest. Prime Minister Recep Tayyip Erdogan said on Sunday that Twitter was a menace being used to spread lies. It is frightening to hear about arrests in turkey because of twitter. How were they identified? More importantly, the announcement comes from the state-run news. One should take any state-run news with a grain of salt. Perhaps this was done to scare people away from using social media. If that is the real truth, then the state-run media is the one spreading misinformation, which would be ironic which perhaps belies the truth. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Change l'ordre du monde plutôt que tes désirs. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Ostel: encrypted phone calls
Hi all, Just came accross that: https://ostel.co/ Open source software for encrypted calls, with a client that apparently runs on a lot of platforms. Anyone ever used/reviewed it already? Cheers, KheOps -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Ostel: encrypted phone calls
When we initially developed ostel.me it used freeswitch but we've moved away from it to allow for better federation. Ostel.co is a new implementation of the open secure telephony network (ostn) standard ~Sent from my mobile. Please excuse any typos or terseness. On Jun 5, 2013 2:19 PM, Pavol Luptak wil...@trip.sk wrote: On Wed, Jun 05, 2013 at 07:12:22PM +0200, KheOps wrote: Hi all, Just came accross that: https://ostel.co/ Open source software for encrypted calls, with a client that apparently runs on a lot of platforms. Anyone ever used/reviewed it already? I used it with my Android SIP clients (CSIPSimple, Acrobits Softphone), It should be completely based on opensource FreeSWITCH http://www.freeswitch.org/ with enabled ZRTP support. CSIPSimple + FreeSWITCH is probably the best opensource ZRTP solution for end-to-end encrypted calls. BTW, what do you think about security of Threema http://threema.ch/en/? Now they have out Android version and it is very user-friendly, unfortunately it's still closed/proprietary software, so I am not sure about security. Pavol -- __ [Pavol Luptak, Nethemba s.r.o.] [http://www.nethemba.com] [tel: +421905400542] -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Cryptocat Seeking Estonian, Tibetan, Uighur and Latvian Translations
Dear LibTech, We're on the verge of releasing a major update to Cryptocat, but we still need four translations finished. All four translations are very much complete but only lack one or two sentences each. You can contribute towards the translations here: Estonian: https://www.transifex.com/projects/p/Cryptocat/language/et/ Tibetan: https://www.transifex.com/projects/p/Cryptocat/language/bo/ Uighur: https://www.transifex.com/projects/p/Cryptocat/language/ug/ Latvian: https://www.transifex.com/projects/p/Cryptocat/language/lv/ Your help with this is immensely appreciated. Thank you, NK -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Network surveillance
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Richard, Without going into too much details can you explain why they think its Chinese or Israeli? Or what country they are talking about? Also why they think there is network surveillance equipment there at all? What type of data re you looking for? Specific to the country or general sales of this horrible technology? A good starting point which is accessible (in terms on not being overly technical) would be Privacy International's Big Brother Inc website. [1] Also useful is the Spyfiles cache of brochures from surveillance companies which contains a lot of information gathered by someone who gained access to an ISS world (Intelligence Support Systems conference. [2] Also useful for background information on these companies and the countries they sell to is BuggedPlanet. [3] With regards network surveillance equipment being Israeli or Chinese, you can add to that list UK, French, German, American, Italian, to name a few countries. I hope that helps. Bernard [1] https://www.privacyinternational.org/projects/big-brother-inc [2] http://wikileaks.org/the-spyfiles.html [3] http://buggedplanet.info/index.php?title=Main_Page On 5 Jun 2013, at 22:07, Richard Brooks wrote: Just talked with a lot of people who think network surveillance equipment in their countries are being bought from either Israelis or Chinese. It seems that they are competing for market share. Was not aware of Israeli companies working in this space. Would be interested if anyone had more data. Thanks, -Richard -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRr60VAAoJENsz1IO7MIrrHe8IAKS6kvuPWlMXyEpgEVDEM8mh HtqH1lqgcAIe86VWX4ELQBaeVwcMB+oCrz+SRHtsai9iVbIqiQfZc6LfV32Y77pR O6D9T/u5BqInZmT8P/GCW8OyGrzgEDTopMNunejRY0gTUN3hxMOH1kMLQdrbpDt9 moRznvJ4yYtAc78da3H+MjCqbylJmNzEJjl8X0Zcm3kELgtV1h8yo8DbyZzFvmLF GsBPrQf/DQRY5lJVYUYE3bKvUxL4V+GMNLXSRemdCWpVOJoftsKiv9q0xFuYQqD+ 5Kha951cbqVwYS6vpQWCPaXkkyzBPqJvnt0MRDFVfE+5rzi60pgS7eGPqPyC1WE= =A1jJ -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Twitter Underground Market Research - pdf
On Tue, Jun 04, 2013 at 06:44:37PM +0100, Bernard Tyers - ei8fdb wrote: I wonder if there is any connection between these merchants and botnets? Botnet owners or spammers would seem like a great source of valid IDs. Let me introduce a term you might/might not have heard before in other contexts to this conversation: abuse magnet. An abuse magnet is a service whose operators either (a) did not anticipate the ways in which it would be abused and architect to defeat them or (b) did anticipate them, but simply didn't care to spend the time and money necessary. In both cases the operators have thus neatly shifted the burden of damage control (in terms of effort, money, etc.) onto the entire rest of the Internet. Given that in nearly all such instances, the entire rest of the Internet takes no action (or even realizes that this has happened) this is usually an extremely cost-effective, low-risk strategy. Scummy, but cost-effective and low-risk. [1] An example of this would be Yahoo's email service. After Yahoo made the decision some years ago to fire/layoff/disband its abuse team, it wasn't long until spammers, phishers, scammers, etc. realized that they could move in and take over the place. And they did. Why not? As a result, outbound abuse from Yahoo's email service is chronic and pervasive. So is abuse support using it, i.e., it's quite popular as a location for phisher dropboxes, it's frequently used to register spammer/phisher/typosquatter/etc. domains, and so on. Anyway, I don't particularly mean to pound on Yahoo -- although they certainly deserve it. My more general point is that there are entire classes of abuse magnets out there which are either overrun by abusers or in the process of being so. To name a few: - freemail services - URL shorteners - social networks - cheap domains It's therefore not at all surprising to see abusers such as phishers, spammers and botnet operators utilizing these in combination: they're zero/low-cost resources, they're available in abundance, they have non-existent or wholly dysfunctional abuse desks [2], and there are few, if any, consequences for engaging in massive abuse. [3] And I do mean massive: for example, I wouldn't be surprised at all if someone put proof on the table that 90% of all freemail accounts or 90% of Twitter accounts are owned by abusers. I'm not saying that's true, because I can't prove it's true: I'm just saying that I wouldn't even raise an eyebrow if someone else proved it to me, because it seems quite reasonable. The same will eventually be true (if it isn't already) on social networks because there's no reason for it not to be, and every reason for abusers to make it so. Besides: who's going to stop them? Certainly not service operators who want to tell their venture capitalists/shareholders that they have 5.7 bajillion users...even if they really do know that 5.1 bajillion of those are bogus. What, *exactly*, is their motivation to do something about that? (And besides, there is substantial evidence supporting the proposition that some of them ARE the abusers.) And all of this is before we get to the problem of hijacked accounts, i.e., those which were opened by real live legitimate users but don't belong to them any more. (In the case of freemail providers, this is already epidemic. And getting worse.) The fix for this mess is to think about the potential for abuse while ideas are still at the back-of-the-envelope or scribbled-on-a-whiteboard stage. But few people do that, and as a result they create architectures that are difficult to defend from abuse in production even if they *want* to do so. It almost never seems to occur to them, at that early stage, that their shiny new creation may have uses other than the ones they envision for it. It's a poor atom blaster that won't point both ways. --- Isaac Asimov, Foundation One more point: operations that are this incompetent and negligent cannot possibly provide any real assurance of security and privacy to their users, because their putative operators are no longer in full control of them. Not really. Oh, they can make noises about doing so, and they can pretend that they're doing so...but they can't. ---rsk [1] One of the most profound, useful, cogent statements on this point comes from Paul Vixie via the NANOG mailing list: If you give people the means to hurt you, and they do it, and you take no action except to continue giving them the means to hurt you, and they take no action except to keep hurting you, then one of the ways you can describe the situation is it isn't scaling well. This explains, in one sentence, precisely why we have a spam problem in 2013, thirty years after the fix for it was completely understood. [2] One baseline test of this is to find out whether mail to the RFC-2142 stipulated address abuse@[domain] is handled properly. Responsible,
Re: [liberationtech] Network surveillance
I've heard that a lot (especially it's the Chinese) but found very little evidence to support such allegations. In Addis last fall, was told by a source with some inside information that the Ethiopian state's cybersurveillance software came from Israel. The pictures which rebels shot of the Libyan cybersurveillance center's equipment (after the Gaddafi government fell) identified it as having been delivered as part of a (Chinese) ZTE contract. It does seem reasonable to suppose almost any cybersurveillance system is based on high-speed routers, which almost by definition came from one of a very small number of suppliers (Cisco, ZTE, Huawei?). It would be a super-good thing to gather evidence about such allegations--if you can ask people who say it's the Chinese what data they have ... -Original Message- From: liberationtech-boun...@lists.stanford.edu [mailto:liberationtech- boun...@lists.stanford.edu] On Behalf Of Richard Brooks Sent: 06 June 2013 5.07 To: liberationtech@lists.stanford.edu Subject: [liberationtech] Network surveillance Just talked with a lot of people who think network surveillance equipment in their countries are being bought from either Israelis or Chinese. It seems that they are competing for market share. Was not aware of Israeli companies working in this space. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Network surveillance
Syria uses homegrown forks of squid, bluecoat, brocade, and has at least solicited for Hauwei solutions, all at the carrier level, based on directives passed down from the telecoms/security ministries. I know that the big ISPs have explicit back doors in their firewalls installed so that the monitoring center has access. They also seem to have military security folks that are assigned ISP provided equipment and access at undisclosed locations. As for the monitoring center, no one has any insight except for the Area SpA stuff awhile back. It seems to be mostly a manual affair in the early part of the uprising, but do know that subscriber billing records and IP assignments are copied up to then from at least one ISP. Another ISP logs all email, but didn't seem to do much with it, except maybe spy on its rivals.(As an aside if your doing business in Syria, don't send confidential info through any in country email servers, the upstream providers seem to monitor it) Other then that most efforts seem to use the SEA with targeted viruses, and then the use of secret police to coerce more info through the application of more traditional efforts. That's Syria in a nutshell. As for other countries, I believe that some in this list has elaborated before that many ex Soviet States and Regions use Russian equipment, and that should be in the archives. Andrew On Jun 6, 2013, at 10:38 AM, Eric S Johnson cra...@oneotaslopes.org wrote: I've heard that a lot (especially it's the Chinese) but found very little evidence to support such allegations. In Addis last fall, was told by a source with some inside information that the Ethiopian state's cybersurveillance software came from Israel. The pictures which rebels shot of the Libyan cybersurveillance center's equipment (after the Gaddafi government fell) identified it as having been delivered as part of a (Chinese) ZTE contract. It does seem reasonable to suppose almost any cybersurveillance system is based on high-speed routers, which almost by definition came from one of a very small number of suppliers (Cisco, ZTE, Huawei?). It would be a super-good thing to gather evidence about such allegations--if you can ask people who say it's the Chinese what data they have ... -Original Message- From: liberationtech-boun...@lists.stanford.edu [mailto:liberationtech- boun...@lists.stanford.edu] On Behalf Of Richard Brooks Sent: 06 June 2013 5.07 To: liberationtech@lists.stanford.edu Subject: [liberationtech] Network surveillance Just talked with a lot of people who think network surveillance equipment in their countries are being bought from either Israelis or Chinese. It seems that they are competing for market share. Was not aware of Israeli companies working in this space. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Network Surveillance (comment on Andrew L's post)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Libtech, To speak to Andrews' comment about ex-Soviet states, pleased find the link below to the report we are releasing on the presence of Russian surveillance tech in four Central Asian states (Kazakhstan, Uzbekistan, Tajikistan, and Turkmenistan). It's a good round-up of what's public so far and adds one or two things that I don't believe you'll find publicly stated. https://s3.amazonaws.com/access.3cdn.net/279b95d57718f05046_8sm6ivg69.pdf (in Russian) https://s3.amazonaws.com/access.3cdn.net/8e3dfc9420f77e47b4_atm6befkg.pdf - -Peter Bourgelais Tech Fellow AccessNow.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJRsAYKAAoJENpIIVd6vOvH77kH/RU4e0vchu/fkoF4P+JV4Bfr ybmHQEE9jOg2RwuPYGqmQxYZeYcWiFgQ7eyDd/8TSSkMs2uquwn7+0FNJvSB7al7 h401M+buyDOgH8F3rOPykU79SLqVBvTL69tjvgZAe6WHmn+JOWIKBfuGiGwOB4Ps W3sOFqeDjgyyZvk5gmeaJTAzPuEVd5YqmKRI8wuEcDcSiyImCTeJhCbBJ7jbhQaC w49yckQDJetz6AFIR2AIktFwPHAvc9ZX5eSTi8v2DLiTOOheCkPst3hAmL0X+VcQ aX8KQuWyNGWMeE8BPVGf696Ct8XqL/Tkr99T7d/pRq+G5IWz38yYjjA3rVNCIrA= =kT11 -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Twitter Underground Market Research - pdf
On Wed, Jun 05, 2013 at 06:33:16PM -0400, Rich Kulawiec wrote: One more point: operations that are this incompetent and negligent cannot possibly provide any real assurance of security and privacy to their users, because their putative operators are no longer in full control of them. Not really. Oh, they can make noises about doing so, and they can pretend that they're doing so...but they can't. ---rsk [1] One of the most profound, useful, cogent statements on this point comes from Paul Vixie via the NANOG mailing list: If you give people the means to hurt you, and they do it, and you take no action except to continue giving them the means to hurt you, and they take no action except to keep hurting you, then one of the ways you can describe the situation is it isn't scaling well. This explains, in one sentence, precisely why we have a spam problem in 2013, thirty years after the fix for it was completely understood. [2] One baseline test of this is to find out whether mail to the RFC-2142 stipulated address abuse@[domain] is handled properly. Responsible, professional operations route traffic sent to that address to a person or a team (depending on operation size/scope) who are ready and able to immediately investigate incidents and make the abuse stop. Irresponsible/abuse magnet operations route it to autoresponders and/or incompetent people, or blackhole it, or forward it to the abusers (yes, really) or simply don't support the address. This is a really deeply interesting assertion. You seem to imagine a bright line of abuse that is agreed on by all parties, with a policy that can be implemented by thoughtful operators to make the abuse stop. I submit that that is not the real world, in many different dimensions. I operate a large Tor exit node. My provider has an abuse helpdesk which gets quite a large number of complaints due to attackers using Tor to log into freemail accounts (over SSL) where the freemail provider includes the IP of the HTTPS client in the Received (or similar) headers of their outbound spam. How is my transit provider, or myself as a Tor exit node operator, supposed to take action to stop this abuse? Even if I could, I'm certainly not going to prevent people from logging into their webmail over HTTPS over Tor. My provider notifies me when an abuse complaint is filed against my Tor exit IP address. Is my provider committing the sin you enumerated above, of forward[ing the abuse complaint] to the abuser? If I were running a shady business on this machine rather than a Tor exit node (which distinction is, apparently, lost on some folks), then I suspect you'd answer yes. The abuse complaints are sometimes very questionable, resulting in signficant load on the (expensive) person or team who is ready and able to immediately investigate at very low cost to the complainer. -andy -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
