Re: [liberationtech] Who Runs Prism...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 That is interesting. Presumably by sheer coincidence, the docs.palantir.com sub-domain is not available, but thanks to Google cache, you can see the two URLs posted in that article here: https://webcache.googleusercontent.com/search?q=cache:VTVVOpHBrTIJ:https://docs.palantir.com/metropolisdev/prism-overview.html+cd=1hl=enct=clnkgl=ukclient=firefox-a https://webcache.googleusercontent.com/search?q=cache:I1elqy0m2_sJ:https://docs.palantir.com/metropolisdev/prism-examples.html+cd=1hl=enct=clnkgl=ukclient=firefox-a On 7 Jun 2013, at 23:40, Peter Lindener wrote: It might be good to elevate this to it's own thread... so I forward it here.. -- Forwarded message -- From: Raven Jiang CX j...@stanford.edu Date: Fri, Jun 7, 2013 at 10:30 AM Subject: Re: [liberationtech] NSA has direct access to tech giants' systems for user data, secret ppt reveals This is just circumstantial speculation but read http://talkingpointsmemo.com/archives/2013/06/is_this_who_runs_prism.php Given Palantir's rapid expansion and aggressive recruitment, I think this guy might be onto something. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRsuM1AAoJENsz1IO7MIrrW/gH/jl8Vq6R2jeoVyJfBAFbZOvZ GKRwZ7JM4z6/iFZjBBB1wtbDHTkx0qAnJyU7yi+AZZszafQmIHZMeeQ1IKUz4W1B m6vB/iEa2f0eamS0VsEceJsMukDbvOl4/Zsupq7yHONm2JbeP6JxBopOdMRxbHrw DjkpdKPn5IQWxY0YECPxOC3fJFV17Ha1oCgrJ5WkbK8rwgTlZTOphHHej8VhlNVc F5elk3Pigjs9Lg7/3wNBFWNPlooOGKJYOqJMQh144u+ejiRTUvwZhTa7/G/LqWB7 YmycNW5zdln9Lvoy0jnM6shFNTievHt/s0w1pS0Y84r901BV7noPeokIYSiHKjM= =0jE+ -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Google Denies PRISM Involvement
(Quoting myself from something I just sent to NANOG in re the same question: are the Cxx people at Google and elsewhere telling the truth?) *puts on evil hat, adjusts for snug fit* Targeting the technical people who actually have their hands on the gear might be the best choice. They don't have the power, wealth and soapbox of the Cxx-level people. They are thus far more easily intimidated into silence. Unlike the Cxx people, they actually spend time in data centers. And by keeping the Cxx people in the dark, their public denials will carry more credibility because they will actually believe they're telling the truth. (When's the last time any of them got their hands dirty crawling pulling out raised floor tiles and running cable?) ---rsk -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Crypho
zooko: On Tue, Mar 26, 2013 at 09:24:13AM +0100, Yiorgis Gozadinos wrote: Assuming there is a point of reference for js code, some published instance of the code, that can be audited and verified by others that it does not leak. The point then becomes: Is the js I am running in my browser the same as the js that everybody else is?. Like you said, it comes down to the trust one can put in the verifier. A first step could be say for instance a browser extension, that compares a hash of the js with a trusted authority. The simplest version of that would be a comparison of a hash with a hash of the code on a repo. Another (better) idea, would be if browser vendors would take up the task (say Mozilla for instance) and act as the trusted authority and built-in verifier. Developers would sign their code and the browser would verify. Finally, I want to think there must be a way for users to broadcast some property of the js they received. Say for example the color of a hash. Then when I see blue when everyone else is seeing pink, I know there is something fishy. There might be a way to even do that in a decentralised way, without having to trust a central authority. Dear Yiorgis: I think this is a promising avenue for investigation. I think the problem is that people like you, authors of user-facing apps, know what the problem is that you want to solve, but you can't solve it without help from someone else, namely the authors of web browsers. With help from the web browser, this problem would be at least partly solvable. There is no reason why this problem is more impossible to solve for apps written in Javascript and executed by a web browser than for apps written in a language like C# and executed by an operating system like Windows. Perhaps the next step is to explain concisely to the makers of web browsers what we want. Ben Laurie has published a related idea: http://www.links.org/?p=1262 Now this is interesting. Had not seen that link before. I wonder how that above 2012 Ben Laurie would get along with this slightly more vintage 2011 Ben Laurie, who discounts not only the hashtree concept, but any attempt to secure it with computation as well: http://www.links.org/?p=1183 The problem is, 2012 Ben Laurie's system is obviously quite easy to censor and manipulate if the adversary has any sort of active traffic capabilities in terms of showing custom extensions of the hash chain (ie malware) to targeted individuals. 2011 Ben Laurie's Efficient Distributed Currency, on the other hand, suggests a Tor-like multiparty signing protocol to avoid these issues: http://www.links.org/files/distributed-currency.pdf But if we assume the worst, the 2011 model Ben Laurie is weak to an adversary such as the NSA that might compromise his datacenter computers (or keys) behind his back. However, 2012 Ben Laurie could detect this compromise by the NSA if it was reasonably hard to add new, fake entries to the hash tree, if clients kept history, and if he had multiple authenticated network perspectives on the hash tree (ie notaries). Can't both Ben Laurie's just get along? ;) To bring us back to Earth: The core problem with the website-as-an-app JS model is that *every* JS code download from the server is not only authenticated only by the abysmal CA trust root, but that insecure/malicious versions of the software can also be easily targeted *specifically* to your account by the webserver (or by the CA mafia) at any time without informing you in any way. But, the really scary situation we now face is that many of us have accounts on app stores capable of delivering updates *right now* that have the same type of targeted capabilities. In fact, in my opinion, all app stores that exist today are just as unsafe for delivering crypto software as website-based solutions are :/. I think I still agree that the takeaway is that it's better to create situations where you only have to do a heavyweight double Ben Laurie PKI+notary+hashtree+PoW all-in-one-check *once* upon initial download, to establish a trust root with the software provider themselves, rather than regularly trusting an intermediary appstore, webserver, and/or CA trust root. Once that initial strong check is done (and you've either run the malware or you haven't), then the software can update using its own strong signature authentication. In the case of paid/proprietary software, proof of purchase from the client should be based upon blind-signatures/ZKPs instead of unique account credentials. But like, really nobody in the world is doing any of this, are they? -- Mike Perry -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Cell phone tracking
Some information yoy may consider to be interesting: 1. It is possible to buy completely anonymous SIM cards (with data roaming that works everywhere in Europe including the UK) in Czech Republic. For 1.2 GB roaming data it costs about 800 Kc (31 €) monthly. I've already activated it for some of my friends who travelled around Europe and wanted to access to the Internet anonymously. 2. It should be possible to change IMEI on the fly (regardless the fact that this is illegal in most countries), I found this STEALTH-PHONE that should be able to do it: http://www.endoacustica.com/details_stealth_phone_en.htm The Stealth Phone is able to change IMEI code in different ways: systematically or manually, using simple procedures. Do you have any experiences with that? 3. There are many ways how to pay for mobile/Internet connection anonymously (e.g. https://en.bitcoin.it/wiki/Contracts#Example_7:_Rapidly-adjusted_.28micro.29payments_to_a_pre-determined_party) There is an evil plan that is probably viable: 1. Come to your 'favourite' parliament with IMSI/IMEI catcher and make a nice list of IMEIs of your 'favourite' politicians. 2. Buy multiple anonymous SIM cards (multiple IMSI). 3. Buy STEALTH-PHONE capable to change IMEI on-the-fly 4. In your STEALTH-PHONE enumerate IMEI frequently of each politician's phone + change frequently your anonymous SIM cards 5. Be free stealthy :-) Regarding two (or more) same IMEI of enabled phones - in one network this can caused a collision - one of them can be blacklisted (the question is if it was your clone or the original:) In the worst case, this can be a nice phone DoS against the system :) But according to this: http://forum.gsmhosting.com/vbb/f131/what-will-happen-if-two-phones-same-imei-run-same-network-3965/ it should work: I test it on two T10 in the same network same room . We can speak with one fone with the other fine. but probably these checks depends on the mobile provider. BTW, if you are attending OHM2013 in Netherlands this year, Karsten Nohl will have there a presentation: SIM card exploitation – by [2]Karsten Nohl The protection pretense of SIM cards is based on the understanding that they have never been exploited. This talk ends this myth of unbreakable SIM cards and illustrates that the cards –like any other computing system– are plagued by implementation and configuration bugs. Pavol On Mon, Jun 03, 2013 at 09:16:54AM -0400, Rich Kulawiec wrote: On Sun, Jun 02, 2013 at 10:16:20PM -0400, Nathan of Guardian wrote: In summary, if the focused threat you need to address is location tracking by carriers/operators, and you live in an area with a decent saturation of open wifi hotspots, I feel there is something you can do about it. Now your adversaries have to work a bit harder (tracking IPs to hotspots, physical surveillance, etc) to build a geo map of your comings and goings. In re this topic, please see this paper: Unique in the Crowd: The privacy bounds of human mobility http://www.nature.com/srep/2013/130325/srep01376/full/srep01376.html Abstract: We study fifteen months of human mobility data for one and a half million individuals and find that human mobility traces are highly unique. In fact, in a dataset where the location of an individual is specified hourly, and with a spatial resolution equal to that given by the carrier's antennas, four spatio-temporal points are enough to uniquely identify 95% of the individuals. We coarsen the data spatially and temporally to find a formula for the uniqueness of human mobility traces given their resolution and the available outside information. This formula shows that the uniqueness of mobility traces decays approximately as the 1/10 power of their resolution. Hence, even coarse datasets provide little anonymity. These findings represent fundamental constraints to an individual's privacy and have important implications for the design of frameworks and institutions dedicated to protect the privacy of individuals. And remember Schneier's maxim: attacks always get better. So the work which these researchers have done (and it appears to me to be fine work) will be extended, refined, improved. ---rsk -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- ___ [wil...@trip.sk] [http://trip.sk/wilder/] [talker: ttt.sk 5678] -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] FW: [IP] Tech Companies Concede to Surveillance Program - NYTimes.com
-Original Message- From: David Farber [mailto:d...@farber.net] Sent: Saturday, June 08, 2013 7:30 AM To: ip Subject: [IP] Tech Companies Concede to Surveillance Program - NYTimes.com http://www.nytimes.com/2013/06/08/technology/tech-companies-bristling-conced e-to-government-surveillance-efforts.html?ref=global-home_r=0pagewanted=al lpagewanted=print Tech Companies Concede to Surveillance Program SAN FRANCISCO - When government officials came to Silicon Valley to demand easier ways for the world's largest Internet companies to turn over user data as part of a secret surveillance program, the companies bristled. In the end, though, many cooperated at least a bit. Twitter declined to make it easier for the government. But other companies were more compliant, according to people briefed on the negotiations. They opened discussions with national security officials about developing technical methods to more efficiently and securely share the personal data of foreign users in response to lawful government requests. And in some cases, they changed their computer systems to do so. The negotiations shed a light on how Internet companies, increasingly at the center of people's personal lives, interact with the spy agencies that look to their vast trove of information - e-mails, videos, online chats, photos and search queries - for intelligence. They illustrate how intricately the government and tech companies work together, and the depth of their behind-the-scenes transactions. The companies that negotiated with the government include Google, which owns YouTube; Microsoft, which owns Hotmail and Skype; Yahoo; Facebook; AOL; Apple; and Paltalk, according to one of the people briefed on the discussions. The companies were legally required to share the data under the Foreign Intelligence Surveillance Act. People briefed on the discussions spoke on the condition of anonymity because they are prohibited by law from discussing the content of FISA requests or even acknowledging their existence. In at least two cases, at Google and Facebook, one of the plans discussed was to build separate, secure portals, like a digital version of the secure physical rooms that have long existed for classified information, in some instances on company servers. Through these online rooms, the government would request data, companies would deposit it and the government would retrieve it, people briefed on the discussions said. The negotiations have continued in recent months, as Martin E. Dempsey, chairman of the Joint Chiefs of Staff, traveled to Silicon Valley to meet with executives including those at Facebook, Microsoft, Google and Intel. Though the official purpose of those meetings was to discuss the future of the Internet, the conversations also touched on how the companies would collaborate with the government in its intelligence-gathering efforts, said a person who attended. While handing over data in response to a legitimate FISA request is a legal requirement, making it easier for the government to get the information is not, which is why Twitter could decline to do so. Details on the discussions help explain the disparity between initial descriptions of the government program and the companies' responses. Each of the nine companies said it had no knowledge of a government program providing officials with access to its servers, and drew a bright line between giving the government wholesale access to its servers to collect user data and giving them specific data in response to individual court orders. Each said it did not provide the government with full, indiscriminate access to its servers. The companies said they do, however, comply with individual court orders, including under FISA. The negotiations, and the technical systems for sharing data with the government, fit in that category because they involve access to data under individual FISA requests. And in some cases, the data is transmitted to the government electronically, using a company's servers. The U.S. government does not have direct access or a 'back door' to the information stored in our data centers, Google's chief executive, Larry Page, and its chief legal officer, David Drummond, said in a statement on Friday. We provide user data to governments only in accordance with the law. Statements from Microsoft, Yahoo, Facebook, Apple, AOL and Paltalk made the same distinction. But instead of adding a back door to their servers, the companies were essentially asked to erect a locked mailbox and give the government the key, people briefed on the negotiations said. Facebook, for instance, built such a system for requesting and sharing the information, they said. The data shared in these ways, the people said, is shared after company lawyers have reviewed the FISA request according to company practice. It is not sent automatically or in bulk, and the government does not have full access to company servers. Instead, they said, it is a more secure
Re: [liberationtech] Google Denies PRISM Involvement
On 7 June 2013 18:51, Travis McCrea m...@travismccrea.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 http://googleblog.blogspot.com/2013/06/what.html I do believe them, but I have no proof to back that up. You would assume they wouldn't make a bold faced lie, they would just not talk about it. It seems, via NYTimes: http://www.nytimes.com/2013/06/08/technology/tech-companies-bristling-concede-to-government-surveillance-efforts.html?_r=0 and a Google employee: https://twitter.com/justinschuh that Prism may be a portal/interface for FISA requests into the companies to speed things up and make things easier for the government and companies. It fits perfectly into the denials the companies are issuing, and it makes logical sense for a company to begrudgingly build such a portal because it would reduce their internal costs for something they're obligated to do legally anyway. Again, this is speculation. You are free to continue to speculate in the opposite direction :) -tom -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Building a encrypted mobile network
Hi Liberation Tech! With the NSA spying scandal in full swing, I've been thinking about what it would take to truly build a secure mobile network. I'm curious to get feedback from those who've given more thought to this than me as I see the problem as primarily twofold: 1. Location issues - they know WHERE you are. 2. Content issues - they know what you say and who you say it to. If the two issues above are the main (only?) issues hindering the creation of a secure network, how could we work around them? Some thoughts: 1. Location is a particularly thorny issue. Presentations at either HOPE or BlackHat demonstrated how easy it is to locate a mobile even if you're not the government with a massive budget and mad technology. Perhaps routing the network connection through Tor may suffice? But I don't think so as something doesn't 'feel' right about that. Thoughts? 2. Content is much easier to protect. My initial thought is to take a stock Android phone, replace the dialer with a SIP client capable of doing ZRTP, and customize the phone to tower communication so that all communication between the two is fully encrypted (and I don't mean the BS GSM encryption). Once the data gets on the network, it would be decrypted and calls would be connected. Content would be protected automatically when the user called ANY SIP device that supported ZRTP. Calls to PTSN would still be wide open. Is this workable in any form or fashion? Am I a complete babbling idiot? Is anyone working on this currently? Your thoughts are most welcomed. Regards, Anthony -- Anthony Papillion Phone: 1.918.533.9699 SIP: sip:cajuntec...@iptel.org iNum:+883510008360912 XMPP:cypherpun...@jit.si www.cajuntechie.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Airline Shutdown Because of Loss of Internet Service?
How are the two concepts related? On Thu, Jun 6, 2013 at 4:42 PM, michael gurstein gurst...@gmail.com wrote: Is this kind of event an argument against net neutrality? M From: liberationtech-boun...@lists.stanford.edu [mailto:liberationtech-boun...@lists.stanford.edu] On Behalf Of Andrés Leopoldo Pacheco Sanfuentes Sent: Thursday, June 06, 2013 6:05 AM To: liberationtech Subject: Re: [liberationtech] Airline Shutdown Because of Loss of Internet Service? One thing that comes to mind right away is that more more companies are replacing private-circuit based WANs by Internet-VPNs, thus, when the Internet is down, their network is down; even more, if they depend on any SaaS (from Salesforce.com for CRM to Maximo for Asset management), or, in general, XaaS (AWS, Rackspace, etc.), for critical business systems, a fast-growing trend, the Internet is their backbone. On Jun 6, 2013 2:45 AM, michael gurstein gurst...@gmail.com wrote: This is probably not a Liberation issue directly but I'm not sure where else to address it... Sunday I was flying (Porter Airlines--small short hop Canadian carrier) from NYC to Ottawa, ON with a plane change in Toronto. When we arrived in Toronto we were informed that because the Internet was down planes were not able to land or depart. The company's service was completely shut down for roughly 4 hours until the Internet service was restored (presumably by their ISP). I understand that other airlines have had similar experiences recently. My question... how exactly is Internet service so intertwined with flight operations that service can function only if the Internet is operational? (And I guess the Liberation angle... if this is now pervasive for all airlines what is the hackable element of all this and where are the points of vulnerability etc.etc.? M -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] [Meta] Mailman to /r/LiberationTech Subreddit bot
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I have been considering establishing a /r/LiberationTech subreddit, and then building a bot which would submit new threads on the website for each new topic that was created here on the mailing list. Pros: Gives people who use reddit, don't like mailing lists, or can't access personal email at work a method to keep up with Liberation Tech discussions. Exposes more people to Liberation Tech as a mailing list, stanford project, and in the concepts which it values. Reddit seems to be pretty pro-awesome, so it isn't sacrificing our soul. Cons: While all messages posted to this mailing list are already public, perhaps some people would not like their posts automatically going to reddit. It wouldn't give the follow up comments (though, I am sure someone more awesome than me could figure out how to do that), so some might argue it would fracture discussions. Before I even considered a project like this, I would want your input. -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCgAGBQJRsz9DAAoJEES9cOv0A0l02RgH/REZBgMkWNc/zyUKLsQ/Glxh OJ1igjp4bjF1sOftoakKqMqf/unTKaw8MXh4b2tEsNqK0ABeI8RNH5FNUEheqQtq f+tyE5XEsOC4EV8MCrr+OFPPTd0Vkeh5O0BVUkpDbNXXdoHHRptHHTlEq7sEb/cO HAH1joRTTXcWcpe+i3HyGhPNzwDyaUMZqnVn06P49p2gNseLldvPJ75lhonW9lPi sjLILGvMRfX8CASxRpXVvPUeFfgESNVKoBZMc7IQIPm/1K7Qv+fZLwPgdFPhHZRV R+hf+VrmrpfZaceGeZD/9StDg5ch4zk4wg+TFY6YMEJxNxtVHz3Hpw2og1MnCxo= =XCc9 -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Secure tools for communications - Is there a wiki ..?
Having an aggregated list, with clear caveats of course, might be helpful given the recent news about the NSA surveillance programs. I know of the following wiki that was setup a while ago to aggregate and list secure voice over IP (VoIP) alternative to skype. Are there others say for email, file sharing/storing, disk encryption, etc http://wiki.ictd.asia/Secure_VoIP_Discussion_and_Tips regards Robert -- R. Guerra Phone/Cell: +1 202-905-2081 Twitter: twitter.com/netfreedom Email: rgue...@privaterra.org On 2013-06-08, at 1:14 PM, Eleanor Saitta wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2013.06.07 10.08, Robert Guerra wrote: The frequent mention of tools for secure communications, leads me to ask - is there an updated wiki that this community (and perhaps others) can maintain. It serve as a resource for not only listing tools, but also a place to aggregate the analysis and comments from security experts If such a list doesn't exist, then I would like to encourage such a resource to be setup. The Open Integrity Index will (in part) do exactly this, coming later this year. E. - -- Ideas are my favorite toys. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iF4EAREIAAYFAlGzZogACgkQQwkE2RkM0wruyAD9EIWdPXvDegJTX+yXcluhYd1s yvyNHwe+iO3SFXQ10aAA/2Pb4Z2I7BlfL0BDtxcHqeC9y15vxZtRQrroP3rD+J2U =3uoO -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Want to shield text, photos from government? Wickr says it has an app for that | SiliconBeat
http://www.siliconbeat.com/2013/06/07/want-to-shield-text-photos-from-government-wickr-says-it-has-an-app-for-that/ The U.S. government has acknowledged — with President Obama saying this morning in San Jose that it’s all in the name of securityhttp://www.mercurynews.com/nation-world/ci_23411831/obama-defends-surveillance-programs-san-jose — that its agencies are spying on Americans’ phone calls and Internet communications in some fashion. There are tech tools that claim they can get around such surveillance, and one of them is Wickr, an app made by a San Francisco startup. Wickr is similar to Snapchathttp://www.siliconbeat.com/2013/02/08/quoted-on-snapchat-wickr-and-erasing-our-digital-tracks/, the popular app that allows users to destroy messages and photos sent on mobile phones after a certain time. But the 1-year-old company’s app is “military grade,” founder Nico Sell said in a phone interview this morning. Sell says Wickr users can “send text messages, videos, documents that self-destruct — all encrypted, and it exceeds NSA top-level encryption on the device before it goes out on network with a key that only you have.” “Very few people in the world can do what we’ve done,” Sell said. She says she has advocated for the annual Defcon hacking conference for more than a decade. The company’s other founders include a team of privacy and security experts, according to a spokeswoman. If the government comes knocking with a subpoena, Wickr could turn over its database, but the information would be “useless,” Sell said, because the company doesn’t collect personal information about its users. It claims to have no call logs or location data. This also means such information is inaccessible to wireless providers, advertisers and other companies that usually collect it. Sell touts Wickr as an alternative to messaging offered by Whatsapp and Skype. Skype, the service owned by Microsoft, has long been thought as secure. But experts quoted by CNNMoneyhttp://money.cnn.com/2013/06/06/technology/security/verizon-call-logs/index.html and others have warned that no tech tool is immune to tracking, and Skype looks to be no exception. Ars Technicahttp://arstechnica.com/security/2013/05/think-your-skype-messages-get-end-to-end-encryption-think-again/ recently reported that Microsoft regularly scans messages. Could Wickr do something similar? “This is a big thing with us. It was a huge requirement that we never collected private information, period,” Sell said. The app is free for iOS users only for now. Sell said an Android version, and voice calling, are due out this summer. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] What happens when the government is allowed to spy on you?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This is a post on reddit*, which the author, 161719, has written for the public domain. Take it as you please, but I feel that it's very eye-opening: I live in a country generally assumed to be a dictatorship. One of the Arab spring countries. I have lived through curfews and have seen the outcomes of the sort of surveillance now being revealed in the US. People here talking about curfews aren't realizing what that actually FEELS like. It isn't about having to go inside, and the practicality of that. It's about creating the feeling that everyone, everything is watching. A few points: 1) the purpose of this surveillance from the governments point of view is to control enemies of the state. Not terrorists. People who are coalescing around ideas that would destabilize the status quo. These could be religious ideas. These could be groups like anon who are too good with tech for the governments liking. It makes it very easy to know who these people are. It also makes it very simple to control these people. Lets say you are a college student and you get in with some people who want to stop farming practices that hurt animals. So you make a plan and go to protest these practices. You get there, and wow, the protest is huge. You never expected this, you were just goofing off. Well now everyone who was there is suspect. Even though you technically had the right to protest, you're now considered a dangerous person. With this tech in place, the government doesn't have to put you in jail. They can do something more sinister. They can just email you a sexy picture you took with a girlfriend. Or they can email you a note saying that they can prove your dad is cheating on his taxes. Or they can threaten to get your dad fired. All you have to do, the email says, is help them catch your friends in the group. You have to report back every week, or you dad might lose his job. So you do. You turn in your friends and even though they try to keep meetings off grid, you're reporting on them to protect your dad. 2) Let's say number one goes on. The country is a weird place now. Really weird. Pretty soon, a movement springs up like occupy, except its bigger this time. People are really serious, and they are saying they want a government without this power. I guess people are realizing that it is a serious deal. You see on the news that tear gas was fired. Your friend calls you, frantic. They're shooting people. Oh my god. you never signed up for this. You say, fuck it. My dad might lose his job but I won't be responsible for anyone dying. That's going too far. You refuse to report anymore. You just stop going to meetings. You stay at home, and try not to watch the news. Three days later, police come to your door and arrest you. They confiscate your computer and phones, and they beat you up a bit. No one can help you so they all just sit quietly. They know if they say anything they're next. This happened in the country I live in. It is not a joke. 3) Its hard to say how long you were in there. What you saw was horrible. Most of the time, you only heard screams. People begging to be killed. Noises you've never heard before. You, you were lucky. You got kicked every day when they threw your moldy food at you, but no one shocked you. No one used sexual violence on you, at least that you remember. There were some times they gave you pills, and you can't say for sure what happened then. To be honest, sometimes the pills were the best part of your day, because at least then you didn't feel anything. You have scars on you from the way you were treated. You learn in prison that torture is now common. But everyone who uploads videos or pictures of this torture is labeled a leaker. Its considered a threat to national security. Pretty soon, a cut you got on your leg is looking really bad. You think it's infected. There were no doctors in prison, and it was so overcrowded, who knows what got in the cut. You go to the doctor, but he refuses to see you. He knows if he does the government can see the records that he treated you. Even you calling his office prompts a visit from the local police. You decide to go home and see your parents. Maybe they can help. This leg is getting really bad. You get to their house. They aren't home. You can't reach them no matter how hard you try. A neighbor pulls you aside, and he quickly tells you they were arrested three weeks ago and haven't been seen since. You vaguely remember mentioning to them on the phone you were going to that protest. Even your little brother isn't there. 4) Is this even really happening? You look at the news. Sports scores. Celebrity news. It's like nothing is wrong. What the hell is going on? A stranger smirks at you reading the paper. You lose it. You shout at him fuck you dude what are you laughing at can't you see I've got a fucking wound on my leg? Sorry, he says. I just didn't know anyone read the news anymore. There haven't
Re: [liberationtech] Want to shield text, photos from government? Wickr says it has an app for that | SiliconBeat
From: Yosem Companys compa...@stanford.edu To: Liberation Technologies liberationtech@lists.stanford.edu Sent: Saturday, June 8, 2013 2:22 PM Subject: [liberationtech] Want to shield text, photos from government? Wickr says it has an app for that | SiliconBeat http://www.siliconbeat.com/2013/06/07/want-to-shield-text-photos-from-government-wickr-says-it-has-an-app-for-that/ foreach secure_app $secure_apps { if {$secure_app eq proprietary} {continue} ... } -Jonathan -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Want to shield text, photos from government? Wickr says it has an app for that | SiliconBeat
Nadim Kobeissi na...@nadim.cc wrote: we're supposed to discuss proprietary software not only as secure, but as military-grade and government-proof. It's kind of ironic that so many apps refer to themselves as military-grade, when the intelligentsia on this list has better security than military intelligence. To be military-grade at this stage is to take a step backward. foreach secure_app $secure_apps { if {$secure_app eq proprietary} {continue} ... } -Jonathan Zing! One of the OHM villages this year is called Noisy Square, with the motto Revolutions don't happen in Silent Circles. ;-) ~Griffin -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Want to shield text, photos from government? Wickr says it has an app for that | SiliconBeat
It's not open-source, therefore it not only *can* be discarded without any further discussion, it MUST be. ---rsk -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Want to shield text, photos from government? Wickr says it has an app for that | SiliconBeat
Can we just not? Wickr's PR is pretty adept at taking advantage of opportunities and Libtech bites every time. http://i.imgur.com/a5KVZzG.png On Sat, Jun 8, 2013 at 10:27 PM, Rich Kulawiec r...@gsp.org wrote: It's not open-source, therefore it not only *can* be discarded without any further discussion, it MUST be. ---rsk -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- *Collin David Anderson* averysmallbird.com | @cda | Washington, D.C. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Russia and PRISM?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello again libtech, First, sorry for replying out of thread again, I have different settings on this email and it shouldn't happen again. Late last year, I heard about a data mining system in use by the Russian authorities called Prizma. Here are some links, and Google Translate is your friend: http://www.forbes.ru/sobytiya/vlast/92590-kak-vlasti-chitayut-vashi-blogi-rassledovanie-forbes http://roem.ru/2012/08/16/prizma52924/ http://www.mlg.ru/solutions/4executives/prizma/ Anyone else want to speak to this? - -Peter Bourgelais Tech Fellow AccessNow.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJRs6epAAoJENkgSO8zvZYx6PcIAIFvz9HqKEIxkQzkwqoHOBZ6 qemV2cTWe92/G7S5nrgdgq16CA/lg1H3iygrwfyJOrI1aXeYYcIHE/OnWr07LOrm YFCNK84KxhTORx+A+6u4G7tBWyZ4n872Hei+GNlw1+aTSbrjfdUPocyAZf2bMCsi vMDBy3CG+cvr+Em/QpylU8J7KFLXXzQAtVKnmJwWfc6SXl+qxu0Cc5VeItwTlzvD 5dC/XYPZ2xeCKbiJBzICQkjL4NSABMIdxemSyARygberDnLUaCTa84iWjD/JhM2+ tIGR3o7YD6gT4Q0UOfqFkRIz1rENB8mwxMjoL9hIdzM2+FtDh9BdOUvU3V5mVS0= =t7Dj -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Want to shield text, photos from government? Wickr says it has an app for that | SiliconBeat
And you know Windows 3.1/NT/2000/XP is used in military for many year! -- Jerzy Łogiewa -- jerz...@interia.eu On Jun 8, 2013, at 5:11 PM, Griffin Boyce wrote: It's kind of ironic that so many apps refer to themselves as military-grade, when the intelligentsia on this list has better security than military intelligence. To be military-grade at this stage is to take a step backward. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Want to shield text, photos from government? Wickr says it has an app for that | SiliconBeat
Jerzy Łogiewa jerz...@interia.eu wrote: And you know Windows 3.1/NT/2000/XP is used in military for many year! After my OHM forensics talk was announced, the CIA (or someone using their IP range) visited my tumblr. They were using XP. This will never not be funny to me. :D ~Griffin [1] http://i.imgur.com/f04gCvP.png [2] My tumblr, like all tumblrs, is a mix of comics, cat pictures, and landscapes with melodramatic captions. -- Just another hacker in the City of Spies. #Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de My posts, while frequently amusing, are not representative of the thoughts of my employer. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Boundless Informant: the NSA's secret tool to track global surveillance data
Oh man, Glenn Greenwald is my hero and a hero to us all. Everyone on this list who was looking for 'some evidence' about global surveillance and previously ignored all other evidence, well, here you go! Revealed: The NSA's powerful tool for cataloguing data – including figures on US collection http://www.guardian.co.uk/world/2013/jun/08/nsa-boundless-informant-global-datamining This screenshot from the program is very web 2.0: http://static.guim.co.uk/sys-images/Guardian/Pix/pictures/2013/6/8/1370715185657/boundless-heatmap-large-001.jpg The NSA is spying on the US and on the rest of the planet. There is no ability to deny this anymore. Anyone who denies it is a complete moron. All the best, Jacob -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Boundless Informant: the NSA's secret tool to track global surveillance data
On 06/08/2013 09:35 PM, Jacob Appelbaum wrote: This screenshot from the program is very web 2.0: http://static.guim.co.uk/sys-images/Guardian/Pix/pictures/2013/6/8/1370715185657/boundless-heatmap-large-001.jpg Just noticed this Map by Ammap.com in the screenshot http://www.ammap.com/ amMap is a robust interactive Javascript/HTML5 maps library Web 2.0 indeed! -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Fwd: Persona and Prism
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 While not as big a player in the identity area as others, below is Mozilla's Identity group response to a question about legal (or otherwise) requests. Begin forwarded message: From: Melvin Carvalho melvincarva...@gmail.com Date: 8 June 2013 15:11:44 GMT+01:00 To: Ben Adida b...@adida.net Cc: dev-ident...@lists.mozilla.org dev-ident...@lists.mozilla.org Subject: Re: Persona and Prism On 7 June 2013 19:43, Ben Adida b...@adida.net wrote: Melvin, Would it be correct to say that Persona would have no option but to comply with operations such as Prism? I will speak very precisely to what I know: Mozilla Persona has not been the target of these kinds of inquiries to date. If we did receive inquiries, we would put them through the same rigorous process we always do to determine whether there is a legal requirement for us to comply. Thanks for getting back. It's good to know Mozilla was not part of this. To be fair I'm sure most people at the other firms did not want to sacrifice user data, but probably felt they had no choice. It's worse that this happened in secret. e.g. facebook's comment was a little scary: *They said: “We will protect you and your information better than any other company in the world.” They say: “When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.” * What's concerning is that if Persona gains in popularity, it may become more of a target. It helps that we've designed the protocol to limit the data we collect (without compromising our use cases, a sweet spot.) I think this is the way to go. I'd still like to see a zero knowledge option, but perhaps that's something for the future. -Ben ___ dev-identity mailing list dev-ident...@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-identity - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRs+AEAAoJENsz1IO7MIrrjTYH+gIR/bxG4r7tU1mCPZF/YBLm mUO91zBMZHMBynwjRYRwRY8K/u37pvNafA8eAYttAnB7EzxDi8GbDO51fQmnov2l tF8NqBzx38Y8+G1OQRj6CacLSCRe7Wad37lDq9Gs6UnkZ7VnckxxvHmBwYBwySc4 0/pK0Kitdi/ifTth2S89EzyoZvcK3j8XQfHugvvO1zJCFq0WXOBeREgj3Y9Ma/ps xxjZ621rLh8nPNNhEGcvxDQObpYuJ+rcn77U1Sw4vvh322wBZeWy+1hVKs/wzsir Y0MdlYNAgTNM81D8AADx/LSUQzAi9uki1xAUfhRG8pQ78IIpEnmoIMggAhyGuOo= =kMbG -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] OSS Devs: Talk about metadata!
I want to encourage all the open source, communication and security software developers on this list to start talking about metadata. 1. Start raising awareness on what metadata is given to your software and how it's handled. 2. Don't limit your privacy policy to content but also clarify what's done with metadata. [Shameless plug] We've already done this at Cryptocat. Our table can serve as a template: https://blog.crypto.cat/2013/06/cryptocat-who-has-your-metadata/ I wonder if we're sort of entering a new era. NK -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] OSS Devs: Talk about metadata!
Nadim Kobeissi na...@nadim.cc wrote: I want to encourage all the open source, communication and security software developers on this list to start talking about metadata. 1. Start raising awareness on what metadata is given to your software and how it's handled. 2. Don't limit your privacy policy to content but also clarify what's done with metadata. It doesn't even have to be that fancy. Translating the privacy legalese into some simple bullet points would help users tremendously. ~Griffin -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Boundless Informant: the NSA's secret tool to track global surveillance data
2013/6/8 Jacob Appelbaum ja...@appelbaum.net Oh man, Glenn Greenwald is my hero and a hero to us all. Do you still believe Glenn's reporting that NSA has direct access to servers of firms including Google, Apple and Facebook? In my view, he misled the world intentionally (the few prism training slides published did not seem to claim this). Glenn is at best a wacky journalist without common sense. His reporting on the Verizon case was good, but I think his credibility bankrupted after the PRISM one. Everyone on this list who was looking for 'some evidence' about global surveillance and previously ignored all other evidence, well, here you go! Revealed: The NSA's powerful tool for cataloguing data – including figures on US collection http://www.guardian.co.uk/world/2013/jun/08/nsa-boundless-informant-global-datamining This screenshot from the program is very web 2.0: http://static.guim.co.uk/sys-images/Guardian/Pix/pictures/2013/6/8/1370715185657/boundless-heatmap-large-001.jpg The NSA is spying on the US and on the rest of the planet. There is no ability to deny this anymore. Anyone who denies it is a complete moron. I don't understand why this evidence is significant in any way. NSA certainly has lots of information, and a web2.0'ish tool is nothing surprising. It's rather moot to state anyone who denies it is a complete moron. It's like the highway patrol keeping my driving record. Again, I'm not rooting for NSA. I think its power need to be limited and it needs more transparency. But I hate using misinformation or hyperbole to achieve that goal. This hurts the credibility of all the pro-privacy groups in general. All the best, Jacob -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Boundless Informant: the NSA's secret tool to track global surveillance data
From the Washington Post, just published: Intelligence community sources said that this description, although inaccurate from a technical perspective, matches the experience of analysts at the NSA. From their workstations anywhere in the world, government employees cleared for PRISM access may task the system and receive results from an Internet company without further interaction with the company's staff. http://www.washingtonpost.com/world/national-security/us-company-officials-internet-surveillance-does-not-indiscriminately-mine-data/2013/06/08/5b3bb234-d07d-11e2-9f1a-1a7cdee20287_print.html On 6/8/13 8:10 PM, x z wrote: 2013/6/8 Jacob Appelbaum ja...@appelbaum.net mailto:ja...@appelbaum.net Oh man, Glenn Greenwald is my hero and a hero to us all. Do you still believe Glenn's reporting that NSA has direct access to servers of firms including Google, Apple and Facebook? In my view, he misled the world intentionally (the few prism training slides published did not seem to claim this). Glenn is at best a wacky journalist without common sense. His reporting on the Verizon case was good, but I think his credibility bankrupted after the PRISM one. Everyone on this list who was looking for 'some evidence' about global surveillance and previously ignored all other evidence, well, here you go! Revealed: The NSA's powerful tool for cataloguing data -- including figures on US collection http://www.guardian.co.uk/world/2013/jun/08/nsa-boundless-informant-global-datamining This screenshot from the program is very web 2.0: http://static.guim.co.uk/sys-images/Guardian/Pix/pictures/2013/6/8/1370715185657/boundless-heatmap-large-001.jpg The NSA is spying on the US and on the rest of the planet. There is no ability to deny this anymore. Anyone who denies it is a complete moron. I don't understand why this evidence is significant in any way. NSA certainly has lots of information, and a web2.0'ish tool is nothing surprising. It's rather moot to state anyone who denies it is a complete moron. It's like the highway patrol keeping my driving record. Again, I'm not rooting for NSA. I think its power need to be limited and it needs more transparency. But I hate using misinformation or hyperbole to achieve that goal. This hurts the credibility of all the pro-privacy groups in general. All the best, Jacob -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu mailto:compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Trevor Timm Activist Electronic Frontier Foundation (415) 436 9333 ex. 104 https://eff.org/join -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Boundless Informant: the NSA's secret tool to track global surveillance data
I guess the question is still, is it just them using the already existing API's or do they have colocated sniffing tools? -Andrew On Jun 9, 2013, at 3:13 PM, Trevor Timm tre...@eff.org wrote: From the Washington Post, just published: Intelligence community sources said that this description, although inaccurate from a technical perspective, matches the experience of analysts at the NSA. From their workstations anywhere in the world, government employees cleared for PRISM access may “task” the system and receive results from an Internet company without further interaction with the company’s staff. http://www.washingtonpost.com/world/national-security/us-company-officials-internet-surveillance-does-not-indiscriminately-mine-data/2013/06/08/5b3bb234-d07d-11e2-9f1a-1a7cdee20287_print.html On 6/8/13 8:10 PM, x z wrote: 2013/6/8 Jacob Appelbaum ja...@appelbaum.net Oh man, Glenn Greenwald is my hero and a hero to us all. Do you still believe Glenn's reporting that NSA has direct access to servers of firms including Google, Apple and Facebook? In my view, he misled the world intentionally (the few prism training slides published did not seem to claim this). Glenn is at best a wacky journalist without common sense. His reporting on the Verizon case was good, but I think his credibility bankrupted after the PRISM one. Everyone on this list who was looking for 'some evidence' about global surveillance and previously ignored all other evidence, well, here you go! Revealed: The NSA's powerful tool for cataloguing data – including figures on US collection http://www.guardian.co.uk/world/2013/jun/08/nsa-boundless-informant-global-datamining This screenshot from the program is very web 2.0: http://static.guim.co.uk/sys-images/Guardian/Pix/pictures/2013/6/8/1370715185657/boundless-heatmap-large-001.jpg The NSA is spying on the US and on the rest of the planet. There is no ability to deny this anymore. Anyone who denies it is a complete moron. I don't understand why this evidence is significant in any way. NSA certainly has lots of information, and a web2.0'ish tool is nothing surprising. It's rather moot to state anyone who denies it is a complete moron. It's like the highway patrol keeping my driving record. Again, I'm not rooting for NSA. I think its power need to be limited and it needs more transparency. But I hate using misinformation or hyperbole to achieve that goal. This hurts the credibility of all the pro-privacy groups in general. All the best, Jacob -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Trevor Timm Activist Electronic Frontier Foundation (415) 436 9333 ex. 104 https://eff.org/join -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech