Re: [liberationtech] An interview with Snowden and more in Der Spiegel
Hi, What we're seeing in Der Spiegel, The Guardian, Washington Post and other select publications is the birth of new threat models - not just for activists but for all of civil society, parliamentarians, companies and more. This is a threat model that many have known and yet at the same time, there is clearly new stuff. For one - we're seeing confirmations of things that have been denied in public - we're also learning the names of things, which now made public, may be FOIA'ed by name as well as pushing for disclosures. This is where we'll see if America will shine - when the information comes out, will we be able to use our democratic process to turn this disaster around? I'd like to think so - that is why I worked on these pieces - hope is not lost. Though hope alone is not a strategy. I think this may be of interest to people on the list: http://www.spiegel.de/spiegel/index-7028.html http://www.spiegel.de/politik/deutschland/snowden-enthuellung-verbindung-zur-nsa-bringt-bnd-in-erklaerungsnot-a-909884.html http://www.spiegel.de/politik/deutschland/us-lauschangriff-opposition-macht-druck-auf-merkel-a-909871.html For non-German speakers I suggest the following English links: http://www.spiegel.de/international/topic/whistle_blowers/ http://www.spiegel.de/international/world/whistleblower-snowden-claims-german-intelligence-in-bed-with-nsa-a-909904.html http://www.spiegel.de/international/world/edward-snowden-accuses-germany-of-aiding-nsa-in-spying-efforts-a-909847.html http://www.spiegel.de/international/world/snowden-reveals-how-gchq-in-britain-soaks-up-mass-internet-data-a-909852.htmlv My interview with Snowden is available as a leaked pdf on cryptome in German: http://cryptome.org/2013/07/snowden-spiegel-13-0707-en.htm http://cryptome.org/2013/07/snowden-spiegel-13-0707.pdf http://cryptome.org/2013/07/snowden-spiegel-13-0707-2.pdf The English original will be released this week. Last week's article is also very important: http://www.spiegel.de/international/world/secret-documents-nsa-targeted-germany-and-eu-buildings-a-908609.html This is also probably of great interest to people on the list: http://oglobo.globo.com/infograficos/volume-rastreamento-governo-americano/ http://jaraparilla.blogspot.com/2013/07/nsa-surveillance-of-australia-exposed.html http://www.theage.com.au/world/snowden-reveals-australias-links-to-us-spy-web-20130708-2plyg.html Welcome to the Grim Meathook Future, Citizens! Lets turn this ship around! All the best, Jacob -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech Hello list, Jacob, any insight on how the interview took place from a technical point of view? I suppose preventive measures were taken from all parties in order to avoid leaking Snowden identity as it would have put an end to his grand plan, even more as he was still in Hawaii at the time of the interview. How did you/he managed the risk here specially as Snowden knew about the full scope of the NSA monitoring program and you didn't. The only info I have seen on this is Snowden allegedly created new set of PGP keys[1], but it can't have been enough for him. Also, a quote on the cryptome page[2] says The following questions are excerpted from a larger interview that covered numerous topics, many of which are highly technical in nature. Is the full interview available somewhere? If not why? Just curious, thanks. [1] http://cryptome.org/2013/07/snowden-poitras-appelbaum.htm [2] http://cryptome.org/2013/07/snowden-spiegel-13-0707-en.htm -moustache -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
Eugen Leitl: Grimes: How many exploits does your unit have access to? Cyber warrior: Literally tens of thousands -- it's more than that. We have tens of thousands of ready-to-use bugs in single applications, single operating systems. Grimes: Is most of it zero-days? Cyber warrior: It's all zero-days. Literally, if you can name the software or the controller, we have ways to exploit it. There is no software that isn't easily crackable. In the last few years, every publicly known and patched bug makes almost no impact on us. They aren't scratching the surface. Tens of thousands zero-days; that sounds like totally shit. That guy seems to be a script kiddie poser, nothing more. Are there any real hackers that can issue a competent statement to that? Andreas -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
On Wed, Jul 10, 2013 at 11:03:50AM +, Andreas Bader wrote: Tens of thousands zero-days; that sounds like totally shit. That guy seems to be a script kiddie poser, nothing more. Are there any real hackers that can issue a competent statement to that? See http://blog.fefe.de/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Heml.is - The Beautiful Secure Messenger
..on Tue, Jul 09, 2013 at 10:04:43PM +0200, Marcin de Kaminski wrote: I just asked the Heml.is team to join the list. Peter just wrote to me and said: noone said it would be closed source. That's peoples guess. Like, your guess, I guess. He's right. I'm pleased to read I was too hasty to take no mention of openness - and the feature 'unlocking' aspect of the project - to be indication of a proprietary code base. Cheers, Julian 9 jul 2013 kl. 18:52 skrev Julian Oliver jul...@julianoliver.com: Suprised to see Peter Sunde, Leif Högberg Linus Olsson push out their private messaging for Android and iOS as closed-source unlock-ware: https://heml.is/ (Warning: Self-ingratiating video. Fun-guy team shots) Cheers, -- Julian Oliver PGP B6E9FD9A http://julianoliver.com http://criticalengineering.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Julian Oliver PGP B6E9FD9A http://julianoliver.com http://criticalengineering.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Heml.is - The Beautiful Secure Messenger
noone said it would be closed source. That's peoples guess. Like, your guess, I guess. According to their twitter account, the answer is maybe: https://twitter.com/HemlisMessenger/statuses/354927721337470976 Peter Sunde (one of the people behind it) said eventually, but in my experience promises like that tend to be broken: https://twitter.com/brokep/status/354608029242626048 and the feature 'unlocking' aspect of the project - to be indication of a proprietary code base. Frankly I can't see how they could get the feature unlock funding stuff to work well if it's proper open source. As I'd expect people to fork it to remove such antifeatures. It's a pity, as several new funding models have been successful recently which are compatible with free software, but this doesn't look to be one of them. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Heml.is - The Beautiful Secure Messenger
https://whispersystems.org/ already has an open-source secure messaging, voice and more. Has anyone reviewed their code? Does anyone use it? Why not build on top of it? On 10/07/13 14:07, Nick wrote: noone said it would be closed source. That's peoples guess. Like, your guess, I guess. According to their twitter account, the answer is maybe: https://twitter.com/HemlisMessenger/statuses/354927721337470976 Peter Sunde (one of the people behind it) said eventually, but in my experience promises like that tend to be broken: https://twitter.com/brokep/status/354608029242626048 and the feature 'unlocking' aspect of the project - to be indication of a proprietary code base. Frankly I can't see how they could get the feature unlock funding stuff to work well if it's proper open source. As I'd expect people to fork it to remove such antifeatures. It's a pity, as several new funding models have been successful recently which are compatible with free software, but this doesn't look to be one of them. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
Andreas Bader: Eugen Leitl: Grimes: How many exploits does your unit have access to? Cyber warrior: Literally tens of thousands -- it's more than that. We have tens of thousands of ready-to-use bugs in single applications, single operating systems. Grimes: Is most of it zero-days? Cyber warrior: It's all zero-days. Literally, if you can name the software or the controller, we have ways to exploit it. There is no software that isn't easily crackable. In the last few years, every publicly known and patched bug makes almost no impact on us. They aren't scratching the surface. Tens of thousands zero-days; that sounds like totally shit. That guy seems to be a script kiddie poser, nothing more. Are there any real hackers that can issue a competent statement to that? I couldn't disagree more. This sounds consistent with the current arms race and also relates directly to the 0day markets that have been active for many many years. Remember though: buying 0day bugs or exploits for 0day is just one part of a much larger picture. All the best, Jacob -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] vxheaven
For those that know and care, vxheaven is back online. It happened a week ago. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
This may be true, but what is undeniable is that this guy is a bit braggart... I mean, yes, they may have tons of 0days, but in which software? In my aunt's software perhaps... But if government is paying 100k for an iOS 0day [cite needed] what are you telling me... ? I suppose it's a partial truth. gpg --keyserver pgp.mit.edu --search-keys EEE5A447http://pgp.mit.edu:11371/pks/lookup?search=0xEEE5A447op=vindex Date: Wed, 10 Jul 2013 13:43:01 + From: ja...@appelbaum.net To: liberationtech@lists.stanford.edu Subject: Re: [liberationtech] In his own words: Confessions of a cyber warrior Andreas Bader: Eugen Leitl: Grimes: How many exploits does your unit have access to? Cyber warrior: Literally tens of thousands -- it's more than that. We have tens of thousands of ready-to-use bugs in single applications, single operating systems. Grimes: Is most of it zero-days? Cyber warrior: It's all zero-days. Literally, if you can name the software or the controller, we have ways to exploit it. There is no software that isn't easily crackable. In the last few years, every publicly known and patched bug makes almost no impact on us. They aren't scratching the surface. Tens of thousands zero-days; that sounds like totally shit. That guy seems to be a script kiddie poser, nothing more. Are there any real hackers that can issue a competent statement to that? I couldn't disagree more. This sounds consistent with the current arms race and also relates directly to the 0day markets that have been active for many many years. Remember though: buying 0day bugs or exploits for 0day is just one part of a much larger picture. All the best, Jacob -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Heml.is - The Beautiful Secure Messenger
I would point to Texutal* as a model that does this and works, they release their source code -- but you have to compile it yourself. I don't have an IDE on my computer anymore, and probably would be too lazy to go through the hassle of trying to compile their program than to just give them $3 or whatever for the app. *note - I am my own argument against this, I run http://frextualapp.com - a compiled version of textual available freely but mine hasn't been updated in like 6 months, I was trying to keep it up to date but haven't really had time… which is why people should just pay for textual. Plus their app has an update feature which mine does not. On 2013-07-10, at 9:07 AM, Nick wrote: noone said it would be closed source. That's peoples guess. Like, your guess, I guess. According to their twitter account, the answer is maybe: https://twitter.com/HemlisMessenger/statuses/354927721337470976 Peter Sunde (one of the people behind it) said eventually, but in my experience promises like that tend to be broken: https://twitter.com/brokep/status/354608029242626048 and the feature 'unlocking' aspect of the project - to be indication of a proprietary code base. Frankly I can't see how they could get the feature unlock funding stuff to work well if it's proper open source. As I'd expect people to fork it to remove such antifeatures. It's a pity, as several new funding models have been successful recently which are compatible with free software, but this doesn't look to be one of them. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Heml.is - The Beautiful Secure Messenger
Hello Wasabee, I've used TextSecure but I found that it's like sending encrypted SMS, therefore you have the consequent cost associated to it. I don't know if Heml.is will be a kind of secure whatsapp or if it will have the same approach of TextSecure. Correct me if I'm wrong with the SMS stuff. It was what I thought once I received my bill. gpg --keyserver pgp.mit.edu --search-keys EEE5A447http://pgp.mit.edu:11371/pks/lookup?search=0xEEE5A447op=vindex Date: Wed, 10 Jul 2013 14:31:53 +0100 From: wasabe...@gmail.com To: liberationtech@lists.stanford.edu Subject: Re: [liberationtech] Heml.is - The Beautiful Secure Messenger https://whispersystems.org/ already has an open-source secure messaging, voice and more. Has anyone reviewed their code? Does anyone use it? Why not build on top of it? On 10/07/13 14:07, Nick wrote: noone said it would be closed source. That's peoples guess. Like, your guess, I guess. According to their twitter account, the answer is maybe: https://twitter.com/HemlisMessenger/statuses/354927721337470976 Peter Sunde (one of the people behind it) said eventually, but in my experience promises like that tend to be broken: https://twitter.com/brokep/status/354608029242626048 and the feature 'unlocking' aspect of the project - to be indication of a proprietary code base. Frankly I can't see how they could get the feature unlock funding stuff to work well if it's proper open source. As I'd expect people to fork it to remove such antifeatures. It's a pity, as several new funding models have been successful recently which are compatible with free software, but this doesn't look to be one of them. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] FBI ECSU-DITU
Hi, during a web search for the FBI ECSU-DITU unit - the switch between NSA and the cooperating providers, mentioned in the added WaPo slides - i stumbled upon http://electrospaces.blogspot.ro/2013/07/new-insights-into-prism-program.html, where the author expresses his summary or interpretation of PRISM. From there i got http://cryptome.org/2012/08/fbi-spy-letf.pdf, a summary of a Law Enforcement Technical Forum meeting from 2010 with some indirect informations about DITU. Btw. regarding Skype: on p. 5, a Mr. Scott Sheets from Verizon Wireless provided the following detailed information: # SIP Media Gateway (provided by Level 3 (NB: the same as in http://info.publicintelligence.net/US-NSAs/US-NSAs-Level3.pdf?), located in Atlanta, is used when Skype related call is dialed. The SIP Media Gatewat converts the skype call to VoIP, # Data Channel - skype encrypts it using a propriatary algorithm. However, at the request of Verizon, decrypting mechanisms were provided, But, has anybody more informations about ECSU-DITU? -- Katana -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Thank you for choosing cyberpunk dystopia.
https://medium.com/surveillance-state/b804de3b5b in Surveillance State14 min read Thank you for choosing cyberpunk dystopia. encryption, capitalism, and law June has been a pretty surreal month. As the Guardian and the Washington Post continue to publish internal NSA documents in what has become a torrential TOP SECRET/NOFORN early Christmas bonanza, many of us in hacker and activist communities have now seen what we long suspected confirmed: that the government is indiscriminately collecting and storing massive quantities of data, and that the distinction between the “law enforcement” and foreign intelligence use of this data has become increasingly blurred. For people who have family ties in Pakistan or regularly attend Mosque,for those who were a part of Occupy Wall Street, or have participated in the blockade of the KXL Pipeline, the fact that the national security apparatus conducts domestic operations on a racial and political basis is no surprise; it has often been a daily fact of life for years. Yet, being right is obviously not reassuring, and how to turn these revelations into substantive change is far from clear. Unlike in 1976, when the Church Committee was formed to address the abuses of the Nixon era, there is now a broad spectrum of established legal precedent and business practices which make widespread surveillance both legal and profitable. The courts have consistently ruled that when we turn our data over to a third party, we have no reasonable expectation of privacy. Never mind that it is pretty much impossible to communicate online today without handing your information to a third party, whether that is Apple, Facebook, Google, Dropbox, or any email server, for that matter. At the same time, the dominant business model for online services has come to be based on user data exploitation and targeted advertisements. Companies that can’t access their users’ data because it is encrypted deny themselves revenue from targeted ads. Users who have become accustomed to not having to pay to access online services are less likely to buy into a fee-for service business model that might offer them greater privacy. These two aspects of the world we now find ourselves in, the legal architecture supporting surveillance and the profit motive driving private data exploitation, together compose a mutually re-enforcing bulwark defending the state’s panopticon from both passive individual resistance and organized direct attack. All of this is happening in a world where the real-time location tracking of millions of people has become trivial, where commercial facial recognition is becoming ubiquitous, and in which the president reserves the right to murder anyone, at any time, with a flying killer robot. If there are prophets of our time, they are Kafka, Alan Moore, and Phillip K. Dick. The Failed Cypherpunk Insurgency That to defy the surveillance state should be harder today than it was twenty years ago is tragically ironic, since today there are publicly available cryptographic tools that can effectively shield individuals’ communications from interception. Free software such as LUKS, GnuPG, and OTR theoretically allow anyone to secure their hard drive, their email, and their conversations online. For much of the 1990s, there was a fight to make these tools publicly available. Many of the most secure crypto algorithms, such as RSA, were patented and couldn’t be used without first paying a hefty license fee. Cryptography was legally considered to be a type of “munition” by the US government, and anyone who developed software that employed crypto risked being prosecuted in the US for unlawfully trafficking in ordinance. The cypherpunks of the 1990s were committed to spreading cryptography through any means necessary. Phil Zimmermann, who wrote PGP, the free software for encrypting email, successfully circumvented the legal blockade on the export of cryptography by publishing his source code as a book, “PGP Source Code and Internals.” The text was written in machine readable format, so that anyone who purchased a copy of the book would be able to scan in the software, then use it or distribute it themselves. Although he was charged with violating the ban on munitions exports, Zimmermann was able to successfully argue that his book was not software, but first amendment protected speech. The 90s are littered with similar cypherpunk battles; some hackers set off to countries with laws favorable to exporting cryptography, so that they could safely write code and share it with the world. They believed that if encryption was widely available, government surveillance would be impossible, censorship would become a historical relic, and untraceable digital currency would become ubiquitous. Without the ability to monitor citizens or collect tax revenue, governments would fall and the people of the world would build a new society on the ashes of the old. If this sounds grandiose or naive, that’s because it
Re: [liberationtech] In his own words: Confessions of a cyber warrior
On 07/10/2013 04:45 AM, Eugen Leitl wrote: http://www.infoworld.com/print/66 In his own words: Confessions of a cyber warrior By Roger A. Grimes Created 2013-07-09 03:00AM Much of the world is just learning that every major industrialized nation has a state-sponsored cyber army [1] -- though many of the groups, including team USA, have been around for decades. This is an interesting article but it just doesn't quite ring totally true. The guy just seems a bit to script kiddie to be legit. He reminds me a lot of that Iranian hacker who hacked Comodo a while back. Too much bravado to be believable IMHO. Me -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 07/10/2013 08:08 AM, Eugen Leitl wrote: See http://blog.fefe.de/ *** Agreed, that seems to be a PsyOp to scare hackers away from the US State secrets, or hire young kids. Very badly done though. If that super elite guy is so meticulous about keeping his anonymity, and never got caught bypassing security systems, he certainly does not care about remaining anonymous to his employer: how many cyber warriors are there - among 5000, - stationed in Northern Virginia, - a foreigner from a country where Radio Shack operates, - a drop out at 15, - a musician in a hardcore rap/EDM band, - who went to Florida in the last month. C'm'on. If that is not sanctioned by his hierarchy, the smart guy just put himself in trouble (or maybe he wanted to be able to retire earlier). All that is certain about this piece is that Cyber Command hires people looking for money, without ethics, and who prefer toying with great technology rather than caring about the world in which they're supposed to live. Who's the advertising company? == hk -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQIcBAEBCgAGBQJR3YL8AAoJEEgGw2P8GJg9dqsP/iPZ6GPb+N5LKd6i0gudQNnF d97Suuxn54S2ngG9PcRSnb3FVJ60khBSHyVUPWXLlKgCBp35TjafqA/SLhQlWCdx AYHYlRe0suVETDX2+Jjtj3iwrDf0wkXCkfCXizpaRGg/+zX/LGMexnU/djBRlDNk bcwsJu1LOps4LZhzFWm3ZiYb0dNQNyKDjSPdu3EOsEFIZZ+oW5DRY0U+LCpONrA+ BbtOWtmUUN1Z2GF6LJq0g0EAaKRmaDpuapSZmPxfvrwL25886xqCpeWXHk/iG7qa 5+kGdC28eIAx5vxpl9DYe6uL929MdEfImI/Pls6ZLAaYaLJT7tUe53QzQHnutoX7 qP2a+5cCyWQFUo3VI9BV6zr1443Yg1OVqt3Aa8Ua6QaR4f4Yr226W+Dj+XAqcMJ0 sLxRJljs4u1U0pFOKRTP5lUMzYM9saqtabRUwRKlSVIUIFlsTZ8Lgjugd+Tz713j dD2XfKu1RDUi+qzv8xhoJvH4lMxrq4rWObcnOn7Yvpyb8DE707cRbJLz/WyOBzQ9 Byz1vRl2tpw6SkkB18Khw7ZDg8NRssiapzczvH/QojcWSPwEY/uOsKvW0uOLxzBa r2C6OjdQvbpJFFEyRB2ZuWTRaizhMidv+at5vpRHUDVhAOKXgQrqrsouPR1NXryU 5sF2iZ8XtG629vGGnJzw =0kmY -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
Jacob Appelbaum: Andreas Bader: Eugen Leitl: Grimes: How many exploits does your unit have access to? Cyber warrior: Literally tens of thousands -- it's more than that. We have tens of thousands of ready-to-use bugs in single applications, single operating systems. Grimes: Is most of it zero-days? Cyber warrior: It's all zero-days. Literally, if you can name the software or the controller, we have ways to exploit it. There is no software that isn't easily crackable. In the last few years, every publicly known and patched bug makes almost no impact on us. They aren't scratching the surface. Tens of thousands zero-days; that sounds like totally shit. That guy seems to be a script kiddie poser, nothing more. Are there any real hackers that can issue a competent statement to that? I couldn't disagree more. This sounds consistent with the current arms race and also relates directly to the 0day markets that have been active for many many years. Remember though: buying 0day bugs or exploits for 0day is just one part of a much larger picture. I have to agree here with you. The 0day market is booming and we have a very unclear picture as of now on the magnitude of that market. However, there is something weird in this guy statement. With my experience, finding exploitable 0days for known software is not that trivial, it takes time and effort. Now, creating a working exploit (preferably remotely of course) is also very difficult! He goes on stating: I would hack the software and create buffer overflow exploits. I was pretty good at this. There wasn't a piece of software I couldn't break. It's not hard. To be honest, for my self being a person that does security contest for years now (Defcon, iCTF, csaw, etc...) and in security communities, someone speaking like that is a bit of a red flag in terms of deep knowledge of software/OS exploitation (especially OS exploits). 0day development is not an easy business (like he is picturing it). From friends in the reverse engineering field (AV corp.), a *lot* of people are doing that full time in Russia for malware development and word! it takes time, experience and knowledgeable people. In a nutshell, in my opinion, this interview looks more like a guy that wants to flash rather then the real truth. There is SURELY true stuff in there but I doubt seriously the part about the extent of 0day and bugs development. This is just too fishy to be serious... anyway that should not mean we should not take this seriously! Cheers! David All the best, Jacob -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Paper on Google Glass
From: Bruno Fortugno brunofortu...@sympatico.ca I am a student writing a paper on the potential privacy issues caused by Google's upcoming product Google Glass. I was wondering if anyone could advise some good resources for my research. Thanks, Bruno Fortugno -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Resources on electronic voting
Dear all, Sorry to ask such a general question but I need input on the issue of electronic voting. Is there any comprehensive collection of resources or (preferably academic) research already out there? Any other input or links to prior discussions on this list would be most helpful as well. Thanks! Marcin -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Resources on electronic voting
On Wed, Jul 10, 2013 at 12:36 PM, Marcin de Kaminski mar...@dekaminski.se wrote: Sorry to ask such a general question but I need input on the issue of electronic voting. Is there any comprehensive collection of resources or (preferably academic) research already out there? -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Resources on electronic voting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Not sure if it's what you are looking for, but: http://blackboxvoting.org/ http://verifiedvoting.org/ peace, gunner On 07/10/2013 10:55 AM, Nick Daly wrote: On Wed, Jul 10, 2013 at 12:36 PM, Marcin de Kaminski mar...@dekaminski.se wrote: Sorry to ask such a general question but I need input on the issue of electronic voting. Is there any comprehensive collection of resources or (preferably academic) research already out there? -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech - -- Allen Gunn Executive Director, Aspiration +1.415.216.7252 www.aspirationtech.org Aspiration: Better Tools for a Better World Read our Manifesto: http://aspirationtech.org/publications/manifesto Follow us: Facebook: www.facebook.com/aspirationtech Twitter: www.twitter.com/aspirationtech - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJR3aI8AAoJENVj9yFHsyq3t4wH/RoCBbxfRN67tpOYhlT8yKaL mv1xNFrFEeMSg57jBjpJNvOuCV1TAFk1OTEJcZBcVk5f5AZ93pbtophVLswEa8v2 5Wx/sEXZPfsl0cmGuqv5pGg4M2PL15SIEo2CRZrUEuzfh2cKRyuZBQNomviNOsu7 o/10XctD1QUafia2uHizJR2Xc9J6Z5n3UyF7VTGRi8qO47cksorZf7BMcTW2r3I9 QFdSPP5ZeA3n5WWn3FYgA/+Q2I6HdkLk48dNo1WgZKV8wGTrCpocvGkeRPoxgzkl IJ1UCEIjszyPJqZh4zzoVeAyIKE1NLX4AyDsgJK4tuH3RTbW3H5z5Jjr8flsaQ0= =UgdX -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Paper on Google Glass
I think privacy is just a small part of a larger issue when it comes to Google Glass and its future descendants. The large issue is how increasing network connectivity changes what it means to be an individual or to even be human. As our access to the Internet becomes more immediate (from huge desktops to HUD) and persistent, I think we will stop seeing ourselves as individuals and more as a collective. Think of how groupthink works online and then a future where you can never be offline. And when we grow reliant on Glass constantly prompting us with information about the real world, will we still bother to remember things? I feel that there is a natural tendency for those of us who are highly connected (myself included) to offload cognitive functions onto our web-enabled devices. We stop remembering certain information and instead remember what keywords to Google for to retrieve that information. I wonder if hivemind will eventually become literal as technology progresses and more closely binds itself to our mental processes. Sorry for the digression, but that's how I perceive privacy issues when it comes to Google Glass. Much like how karma and upvotes lead to groupthink, greater connectivity and sharing can subject our lives to constant peer approval. I think that wisdom of the crowd only works when individuals in the crowd are not subjected to the same bias. Raven Jiang *Stanford University* *Computer Science* soraven.com http://www.soraven.com/ On 10 July 2013 11:08, Paul Bernal (LAW) paul.ber...@uea.ac.uk wrote: I wrote a blog piece on Glass a month or two back: http://paulbernal.wordpress.com/2013/05/07/google-glass-just-because-you-can/ Here's the text: Google Glass: just because you can… As a bit of a geek, and a some-time game player, it’s hard not to like the look of Google Glass. Sure, it makes you look a little dorky in its current incarnation (even if you’re Sergey Brin, as in the picture below) but people like me are used to looking dorky, and don’t really care that much about it. What it does, however, is cool, and cool in a big way. We get heads-up displays that would have been unimaginable even a few years ago, a chance to feel like Arnie in the Terminator, with the information about everything we can see immediately available. It’s cool – in a dorky, sci-fi kind of way, and for those of us brought up on a diet of SF it’s close to irresistible. And yet, there’s something in the back of my mind – well, OK, pretty close to the front of my mind now – that says that we should be thinking twice about pushing forward with developments like this. Just because we can make something as cool as Google Glass, doesn’t mean that we should make it. There are implications to developments like this, and risks attached to it, both direct and indirect. Risks to the wearer’s privacy First we need to be clear what Google Glass does – and how it’s intended to be used. The idea is that the little camera on the headset essentially ‘sees’ what you see. It then analyses what it can see, and provides the information about what you see – or information related to it. In one of the promotional videos for it, for example, as the wearer looks at a subway station, the Glass alerts the wearer to the fact that there’s a delay on the subway, so he’d better walk. Then he looks at a poster for a concert – it analyses the poster, then links directly to a ticket agency that lets him buy a ticket for the concert. Cool? Sure, but think about what’s going on in the background – because there’s a lot. First of all, and almost without saying, the Google Glass headset is tracking the wearer: what we can ‘geolocation’. It knows exactly where you are, whenever you’re using it. There are implications to that – I’ve written about them before – and this is yet another step towards making geolocation the ‘norm’. The idea is that Google (and others) want to know exactly where you are at all times – and of course that means that others could find out, whether for good purposes or bad. Secondly, it means that Google are able to analyse what you are looking at – and profile you, with huge accuracy, in the real world, the way to a certain extent they already do in the online world. And, again, if Google can profile you, others can get access to that profile – either through legal means or illegal. You might have consented to giving others access, in one of those long Terms and Conditions documents you scrolled down without reading and clicked ‘OK’ to. The government might ask Google for access to your feed, in the course of some investigation or other. A hacker might even hack into your system to take a look… …and this last risk, the risk of hacking, is a very real one. Weaknesses in Google Glass have already surfaced. As the Guardian reported a few days ago: “Augmented reality glasses could be compromised by a hacker who would be able to see and hear everything the
Re: [liberationtech] Resources on electronic voting
Hello: Electronic voting is what I do in Agora Ciudadana :-) [1]. There are different ways to do it. You can go all the way and do Internet voting, like they do in Estonia [2], or you can use electronic voting booths, which can either be like an electronic cashier but for votes, or they might just register digitally the paper votes. Some methods involve advanced homomorphic encryption tools to securely record tally and verify the vote like in Estonia. Other methods just are an electronic voting machine, that aim to reduce human error and tallying time. One very important thing to take into account when doing electronic voting is authentication. In Estonia they have an electronic ID card, so authentication is easy. There's no such thing in USA or UK, for example. You can use electronic voting officially in an election or referendum state/nation-wide, or you can use it for other use cases. For secure Internet voting, you can take a look at Helios [3], libre software and used by a Cryptographers Association, or other proposals that mix paper ballots with cryptography like wombat [4]. If you are interested in the cryptography and are looking for some academic papers, I can tell you that there mainly two cryptographic ways to do elections securely: using homomorphic encryption or mixnets. Take a look at papers like [5] [6] [7]. And there are many more papers on the subject, of course. Finally, here's a talk by ben adida about why electronic voting is so hard [8], which tries to answer what's so hard about running an election and if technology can help. In Agora Voting we're now trying to implement the first secure liquid voting system, because it'll be used in three months by a congressman in Spain. We haven't been lucky finding funds so far though.. Kind regards, -- [1] https://agoravoting.com [2] https://en.wikipedia.org/wiki/Electronic_voting_in_Estonia [3] https://heliosvoting.org [4] http://www.wombat-voting.com/ [5] http://cryptodrm.engr.uconn.edu/adder/acsac.pdf [6] http://www.cs.cornell.edu/andru/papers/civitas-tr.pdf [7] http://heliosvoting.org/wp-content/uploads/2010/08/evtwote10-1.pdf [8] https://air.mozilla.org/wheres-my-vote/ On Wed, Jul 10, 2013 at 7:36 PM, Marcin de Kaminski mar...@dekaminski.se wrote: Dear all, Sorry to ask such a general question but I need input on the issue of electronic voting. Is there any comprehensive collection of resources or (preferably academic) research already out there? Any other input or links to prior discussions on this list would be most helpful as well. Thanks! Marcin -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Eduardo Robles Elvira +34 668 824 393skype: edulix2 http://www.wadobo.comit's not magic, it's wadobo! -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Resources on electronic voting
Hello Marcin: In that case you should definitely contact with Douglas Wikstrom [1], an excellent cryptographer that I happen to have been in contact with, author of the verificatum mixnet [2], which we will use in Agora. Please tell him that it was me (Eduardo from wadobo) that referred you to him and give him a salute on my behalf =) Regards, -- [1] http://www.csc.kth.se/~dog/ [2] http://www.verificatum.org/ On Wed, Jul 10, 2013 at 8:09 PM, Marcin de Kaminski mar...@dekaminski.se wrote: To add some context; Swedish govt currently has a proposal regarding electronic voting, and are looking for comments in it. What I'm looking for is therefor not examples of e-voting solutions but rather comments, research and overall information about how to regard e-voting from a technical perspective. Marcin 10 jul 2013 kl. 20:04 skrev Allen Gunn gun...@aspirationtech.org: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Not sure if it's what you are looking for, but: http://blackboxvoting.org/ http://verifiedvoting.org/ peace, gunner On 07/10/2013 10:55 AM, Nick Daly wrote: On Wed, Jul 10, 2013 at 12:36 PM, Marcin de Kaminski mar...@dekaminski.se wrote: Sorry to ask such a general question but I need input on the issue of electronic voting. Is there any comprehensive collection of resources or (preferably academic) research already out there? -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech - -- Allen Gunn Executive Director, Aspiration +1.415.216.7252 www.aspirationtech.org Aspiration: Better Tools for a Better World Read our Manifesto: http://aspirationtech.org/publications/manifesto Follow us: Facebook: www.facebook.com/aspirationtech Twitter: www.twitter.com/aspirationtech - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJR3aI8AAoJENVj9yFHsyq3t4wH/RoCBbxfRN67tpOYhlT8yKaL mv1xNFrFEeMSg57jBjpJNvOuCV1TAFk1OTEJcZBcVk5f5AZ93pbtophVLswEa8v2 5Wx/sEXZPfsl0cmGuqv5pGg4M2PL15SIEo2CRZrUEuzfh2cKRyuZBQNomviNOsu7 o/10XctD1QUafia2uHizJR2Xc9J6Z5n3UyF7VTGRi8qO47cksorZf7BMcTW2r3I9 QFdSPP5ZeA3n5WWn3FYgA/+Q2I6HdkLk48dNo1WgZKV8wGTrCpocvGkeRPoxgzkl IJ1UCEIjszyPJqZh4zzoVeAyIKE1NLX4AyDsgJK4tuH3RTbW3H5z5Jjr8flsaQ0= =UgdX -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Eduardo Robles Elvira +34 668 824 393skype: edulix2 http://www.wadobo.comit's not magic, it's wadobo! -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Fwd: Paper on Google Glass
Hello: I suppose there are a lot of people thinking already on the privacy issues. I like to think of it in another way. I think it'd be also worth noting that google glass is just one more step in the paradox of making everything more close to the user, so it might be regarded by users as more private, but it's even more connected to google cloud services. Glass augments physical privacy! Current mobile phones have huge screens, people around you can easily see what you're doing. With glass this changes: you have a very small screen close to your eye, and only you will be able to see what's being displayed on it. I didn't try google glass, but I already got confirmation about this two months ago in stackoverflow: http://stackoverflow.com/questions/16035599/can-people-near-you-see-what-youre-seeing-and-hear-what-you-are-hearing-in-goog People will love glass because in the western world we love being detached and isolated from the physical world. Everyone is with their mobile phones when I take the subway, on the bus stop, etc. We love our mobile phones because we are dependent on it. I think this is one of the reasons google glass or in general augmented reality, when it catches up (it might take more than a decade, like it happened with tablets), people will love even more their glasses. Will it become impolite to use google glass as it might be impolite to use a mobile phone when you're with someone else? No doubt problems willl happen, but as adoption grows, it will be normalized and people will adapt to the new situation. If (note the conditional) adoption grows enough, everyone will be using glass so it'll become normal and ok to use glass in situation where currently it's rude or impolite. Also the apps will adapt to be non-intrusive enough, something that google has been stressing from the begining to developers. And yes, all of us will become permanent spies of google+US government. But this is already happening with mobile phones, and no-one is complaining. Right now they can hear everything you hear with your mobile phone, they can snoop all your conversations, know where you are. Google glass will allow to let them see what you see, but that's just one more step in my opinion, when taking the whole picture into account. Regards, On Wed, Jul 10, 2013 at 6:52 PM, Yosem Companys compa...@stanford.edu wrote: From: Bruno Fortugno brunofortu...@sympatico.ca I am a student writing a paper on the potential privacy issues caused by Google's upcoming product Google Glass. I was wondering if anyone could advise some good resources for my research. Thanks, Bruno Fortugno -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Eduardo -- Eduardo Robles Elvira +34 668 824 393skype: edulix2 http://www.wadobo.comit's not magic, it's wadobo! -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Paper on Google Glass
Yes, I agree with all that - ultimately it's about autonomy, in a way. As we become integrated in the system, we lose that autonomy. Sent from my iPhone On 10 Jul 2013, at 19:25, Raven Jiang CX j...@stanford.edumailto:j...@stanford.edu wrote: I think privacy is just a small part of a larger issue when it comes to Google Glass and its future descendants. The large issue is how increasing network connectivity changes what it means to be an individual or to even be human. As our access to the Internet becomes more immediate (from huge desktops to HUD) and persistent, I think we will stop seeing ourselves as individuals and more as a collective. Think of how groupthink works online and then a future where you can never be offline. And when we grow reliant on Glass constantly prompting us with information about the real world, will we still bother to remember things? I feel that there is a natural tendency for those of us who are highly connected (myself included) to offload cognitive functions onto our web-enabled devices. We stop remembering certain information and instead remember what keywords to Google for to retrieve that information. I wonder if hivemind will eventually become literal as technology progresses and more closely binds itself to our mental processes. Sorry for the digression, but that's how I perceive privacy issues when it comes to Google Glass. Much like how karma and upvotes lead to groupthink, greater connectivity and sharing can subject our lives to constant peer approval. I think that wisdom of the crowd only works when individuals in the crowd are not subjected to the same bias. Raven Jiang Stanford University Computer Science soraven.comhttp://www.soraven.com/ On 10 July 2013 11:08, Paul Bernal (LAW) paul.ber...@uea.ac.ukmailto:paul.ber...@uea.ac.uk wrote: I wrote a blog piece on Glass a month or two back: http://paulbernal.wordpress.com/2013/05/07/google-glass-just-because-you-can/ Here's the text: Google Glass: just because you can… As a bit of a geek, and a some-time game player, it’s hard not to like the look of Google Glass. Sure, it makes you look a little dorky in its current incarnation (even if you’re Sergey Brin, as in the picture below) but people like me are used to looking dorky, and don’t really care that much about it. What it does, however, is cool, and cool in a big way. We get heads-up displays that would have been unimaginable even a few years ago, a chance to feel like Arnie in the Terminator, with the information about everything we can see immediately available. It’s cool – in a dorky, sci-fi kind of way, and for those of us brought up on a diet of SF it’s close to irresistible. And yet, there’s something in the back of my mind – well, OK, pretty close to the front of my mind now – that says that we should be thinking twice about pushing forward with developments like this. Just because we can make something as cool as Google Glass, doesn’t mean that we should make it. There are implications to developments like this, and risks attached to it, both direct and indirect. Risks to the wearer’s privacy First we need to be clear what Google Glass does – and how it’s intended to be used. The idea is that the little camera on the headset essentially ‘sees’ what you see. It then analyses what it can see, and provides the information about what you see – or information related to it. In one of the promotional videos for it, for example, as the wearer looks at a subway station, the Glass alerts the wearer to the fact that there’s a delay on the subway, so he’d better walk. Then he looks at a poster for a concert – it analyses the poster, then links directly to a ticket agency that lets him buy a ticket for the concert. Cool? Sure, but think about what’s going on in the background – because there’s a lot. First of all, and almost without saying, the Google Glass headset is tracking the wearer: what we can ‘geolocation’. It knows exactly where you are, whenever you’re using it. There are implications to that – I’ve written about them before – and this is yet another step towards making geolocation the ‘norm’. The idea is that Google (and others) want to know exactly where you are at all times – and of course that means that others could find out, whether for good purposes or bad. Secondly, it means that Google are able to analyse what you are looking at – and profile you, with huge accuracy, in the real world, the way to a certain extent they already do in the online world. And, again, if Google can profile you, others can get access to that profile – either through legal means or illegal. You might have consented to giving others access, in one of those long Terms and Conditions documents you scrolled down without reading and clicked ‘OK’ to. The government might ask Google for access to your feed, in the course of some investigation or other. A hacker might even hack into your system to take a look…
[liberationtech] Corporate spying question
The amazing work of Snowden and Poitras and the discussions on libtech have left us with some questions related to a film we are working on: 1. U.S. intelligence agencies have long worked closely with major multinational corporations from overthrowing governments to scoping out risk. So far in the NSA revelations, we haven't seen anything much about the sharing with old economy multinationals like Exxon or Chevron. Has anyone come across coverage about such connections, especially given the privatization of intelligence services and the fact that some of the private companies working for NSA et al may also be working for corporate clients? 2. Many large companies work closely with the Pinkertons of today, detective agencies skilled in forensics. Many corporations--from meat packers to soft drink companies do opposition research to identify critics and neutralize or intimidate them if possible. Chevron, for example, has employed at least four detective agencies in its effort to defeat the Ecuadoran judgement against the oil company for polluting the Amazon and poisoning local indigenous groups. Chevron is shelling out hundreds of millions of dollars a year in this effort. Is there evidence that anyone has seen of collaboration between such companies and NSA, etc. to stifle dissent in the recent revelations? Our film is about connecting privacy and dissent--focusing on the role of multinationals using discovery, forensics, and other techniques to identify and silence critics. Best, Alan and Deborah Alan Snitow Deborah Kaufman Snitow-Kaufman Productions 2600 Tenth Street #603 Berkeley, CA 94710 510 841-1068 amsni...@igc.org www.snitow-kaufman.org Facebook: Snitow-Kaufman Productions -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Paper on Google Glass
Bruno, Jan Chipchase's piece on Google Glass in All Things D is worth a read: http://allthingsd.com/20130412/you-lookin-at-me-reflections-on-google-glass/ Troy On Wed, Jul 10, 2013 at 8:37 PM, Paul Bernal (LAW) paul.ber...@uea.ac.ukwrote: Yes, I agree with all that - ultimately it's about autonomy, in a way. As we become integrated in the system, we lose that autonomy. Sent from my iPhone On 10 Jul 2013, at 19:25, Raven Jiang CX j...@stanford.edu wrote: I think privacy is just a small part of a larger issue when it comes to Google Glass and its future descendants. The large issue is how increasing network connectivity changes what it means to be an individual or to even be human. As our access to the Internet becomes more immediate (from huge desktops to HUD) and persistent, I think we will stop seeing ourselves as individuals and more as a collective. Think of how groupthink works online and then a future where you can never be offline. And when we grow reliant on Glass constantly prompting us with information about the real world, will we still bother to remember things? I feel that there is a natural tendency for those of us who are highly connected (myself included) to offload cognitive functions onto our web-enabled devices. We stop remembering certain information and instead remember what keywords to Google for to retrieve that information. I wonder if hivemind will eventually become literal as technology progresses and more closely binds itself to our mental processes. Sorry for the digression, but that's how I perceive privacy issues when it comes to Google Glass. Much like how karma and upvotes lead to groupthink, greater connectivity and sharing can subject our lives to constant peer approval. I think that wisdom of the crowd only works when individuals in the crowd are not subjected to the same bias. Raven Jiang *Stanford University* *Computer Science* soraven.com http://www.soraven.com/ On 10 July 2013 11:08, Paul Bernal (LAW) paul.ber...@uea.ac.uk wrote: I wrote a blog piece on Glass a month or two back: http://paulbernal.wordpress.com/2013/05/07/google-glass-just-because-you-can/ Here's the text: Google Glass: just because you can… As a bit of a geek, and a some-time game player, it’s hard not to like the look of Google Glass. Sure, it makes you look a little dorky in its current incarnation (even if you’re Sergey Brin, as in the picture below) but people like me are used to looking dorky, and don’t really care that much about it. What it does, however, is cool, and cool in a big way. We get heads-up displays that would have been unimaginable even a few years ago, a chance to feel like Arnie in the Terminator, with the information about everything we can see immediately available. It’s cool – in a dorky, sci-fi kind of way, and for those of us brought up on a diet of SF it’s close to irresistible. And yet, there’s something in the back of my mind – well, OK, pretty close to the front of my mind now – that says that we should be thinking twice about pushing forward with developments like this. Just because we can make something as cool as Google Glass, doesn’t mean that we should make it. There are implications to developments like this, and risks attached to it, both direct and indirect. Risks to the wearer’s privacy First we need to be clear what Google Glass does – and how it’s intended to be used. The idea is that the little camera on the headset essentially ‘sees’ what you see. It then analyses what it can see, and provides the information about what you see – or information related to it. In one of the promotional videos for it, for example, as the wearer looks at a subway station, the Glass alerts the wearer to the fact that there’s a delay on the subway, so he’d better walk. Then he looks at a poster for a concert – it analyses the poster, then links directly to a ticket agency that lets him buy a ticket for the concert. Cool? Sure, but think about what’s going on in the background – because there’s a lot. First of all, and almost without saying, the Google Glass headset is tracking the wearer: what we can ‘geolocation’. It knows exactly where you are, whenever you’re using it. There are implications to that – I’ve written about them before – and this is yet another step towards making geolocation the ‘norm’. The idea is that Google (and others) want to know exactly where you are at all times – and of course that means that others could find out, whether for good purposes or bad. Secondly, it means that Google are able to analyse what you are looking at – and profile you, with huge accuracy, in the real world, the way to a certain extent they already do in the online world. And, again, if Google can profile you, others can get access to that profile – either through legal means or illegal. You might have consented to giving others access, in one of those long Terms and
[liberationtech] Crowd-Funding Serval Mesh Extender
From: Paul Gardner-Stephen p...@servalproject.org As some of you may already be aware we have been working on what we call the Mesh Extender at the Serval Project. The Mesh Extender is a combined battery powered embedded Linux router and UHF packet radio running the Serval Mesh software (which is all GPL, see github.com/servalproject for the source). It is intended for mobile and truly ad-hoc deployment where the end user just turns it on and uses it. The idea is that it uses the UHF packet radio to mesh over greater distances than is possible with Wi-Fi, the trade-off being lower bandwidth. In general, we find that the UHF packet radio has a range of about 10x that of Wi-Fi when deployed indoors with omni-directional antennae. This means it has a range of about a block in a suburban or urban setting compared with Wi-Fi's range of about one house or apartment. For example testing it in Boston recently we had coverage over much of the MIT campus from a single Mesh Extender in my room at a nearby hotel: http://servalpaul.blogspot.com/2013/05/range-testing-mesh-extenders-in-boston.html http://servalpaul.blogspot.com/2013/05/range-testing-serval-mesh-extender-on.html http://servalpaul.blogspot.com/2013/05/crossing-charles-river-by-mesh-extender.html Extending the range in this way is a critical enabler for the adoption of mesh communications because it removes the need for skilled installation and lowers the required penetration rate from near 100% in a local area if using un-aimed Wi-Fi to below 1%: http://servalpaul.blogspot.com/2013/05/urban-testing-of-mesh-extender-part-1.html http://servalpaul.blogspot.com/2013/05/urban-testing-of-mesh-extender-part-2.html Combined with the always-on end-to-end encryption of voice calls and text messages of the Serval Mesh we think that this device has the potential to play a significant role in enabling distributed, resilient and private communications for people in a wide variety of situations. We also see that the close alignment of what the Freedom Box and Serval Project are trying to achieve means that any device like this that we create could easily be adapted to being both a Mesh Extender and Freedom Box by adapting the included software inventory. The necessity of a portable and trivial to deploy enabler of mesh communications, and the need for this to be completely open, has led us to the current point where we have setup a crowd funding campaign to develop this technology, taking it from the prototype stage and to develop an actual manufacturable product, and do further testing with our humanitarian partners. This is the point that our campaign at igg.me/at/speakfreely will take us to if fully funded. But to realise the full potential of this we not only need to make an attractive manufacturable device, but also to improve the open-source firmware of the packet radios we are using to support true ad-hoc packet radio within the complex regulatory requirements of the ISM 915MHz band, in particular the need to frequency hop which presents interesting technical challenges for a fully distributed mesh that does not rely on GPS timing for synchronisation. Achieving ad-hoc packet radio will require us to not only meet our current funding goal, but stretch it by a factor of two. We are conscious that achieving this will require promoting the campaign far and wide, possibly wider than the Serval team can achieve alone. Therefore it would be tremendously helpful if as many of you as are willing and able would assist us in spreading the word as far and wide as possible. We would love to get slash-dotted and reddited off the net. Repeatedly. So please take a look at our campaign, use the words below if they are helpful, and help us to get the word out, and ultimately let's make effective and private long-range mesh communications not only possible, but practical and easy for the general public so that they can enjoy the resilient backup communications capability that they need to keep connected, no matter what disaster may befall them. Thanks in advance, Dr. Paul Gardner-Stephen Founder, Serval Project. --- Serval crowd-funding Mesh Extenders to make mesh disaster telephony go the next mile http://igg.me/at/speakfreely Serval Project has been working for three years with New Zealand Red Cross on free and open technology, called the Serval Mesh, which can keep mobile phones operating when mobile networks fail, such as during disasters. We now want to take this technology out of the lab and get it into peoples hands. Find out more at http://igg.me/at/speakfreely Twitter: @ServalProject Campaign: http://igg.me/at/speakfreely G+: http://gplus.to/serval Facebook: http://www.facebook.com/servalproject web: http://servalproject.org-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at
Re: [liberationtech] Resources on electronic voting
Ben Adida's thesis Advances in Cryptographic Voting Systems is thorough and well-written: http://electionmathematics.org/em-voting-systems/rivest-student-adida-phd.pdf Some of these ideas are implemented in Helios Voting: http://heliosvoting.org/ https://github.com/benadida/helios-server Note, electronic voting would include non-cryptographic implementations like simple electronic counters. On Wed, Jul 10, 2013 at 10:36 AM, Marcin de Kaminski mar...@dekaminski.sewrote: Dear all, Sorry to ask such a general question but I need input on the issue of electronic voting. Is there any comprehensive collection of resources or (preferably academic) research already out there? Any other input or links to prior discussions on this list would be most helpful as well. Thanks! Marcin -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Heml.is - The Beautiful Secure Messenger
Hemlis have posted the answer to whether they will open source their app: Will it be Open Source? We have all intentions of opening up the source as much as possible for scrutiny and help! What we really want people to understand however, is that Open Source in itself does not guarantee any privacy or safety. It sure helps with transparency, but technology by itself is not enough. The fundamental benefits of Heml.is will be the app together with our backend infrastructure, which is what really makes the system interesting and secure. — https://heml.is/ I'm sort of infamous by now for the fusses I make regarding the importance of open-sourcing security software. I'm pretty sure people are tired of me so I'm going to be quiet. But it's clear to me that Hemlis's answer is not the right answer. NK On 2013-07-10, at 10:29 AM, Albert López newbieswo...@hotmail.com wrote: Hello Wasabee, I've used TextSecure but I found that it's like sending encrypted SMS, therefore you have the consequent cost associated to it. I don't know ifHeml.is will be a kind of secure whatsapp or if it will have the same approach of TextSecure. Correct me if I'm wrong with the SMS stuff. It was what I thought once I received my bill. gpg --keyserver pgp.mit.edu --search-keys EEE5A447 http://pgp.mit.edu:11371/pks/lookup?search=0xEEE5A447op=vindex Date: Wed, 10 Jul 2013 14:31:53 +0100 From: wasabe...@gmail.com To: liberationtech@lists.stanford.edu Subject: Re: [liberationtech] Heml.is - The Beautiful Secure Messenger https://whispersystems.org/ already has an open-source secure messaging, voice and more. Has anyone reviewed their code? Does anyone use it? Why not build on top of it? On 10/07/13 14:07, Nick wrote: noone said it would be closed source. That's peoples guess. Like, your guess, I guess. According to their twitter account, the answer is maybe: https://twitter.com/HemlisMessenger/statuses/354927721337470976 Peter Sunde (one of the people behind it) said eventually, but in my experience promises like that tend to be broken: https://twitter.com/brokep/status/354608029242626048 and the feature 'unlocking' aspect of the project - to be indication of a proprietary code base. Frankly I can't see how they could get the feature unlock funding stuff to work well if it's proper open source. As I'd expect people to fork it to remove such antifeatures. It's a pity, as several new funding models have been successful recently which are compatible with free software, but this doesn't look to be one of them. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Resources on electronic voting
Marcin, ECPR has a significant body of research and case studies on electronic voting. Best, Michael On Jul 10, 2013 8:42 PM, Marcin de Kaminski mar...@dekaminski.se wrote: Dear all, Sorry to ask such a general question but I need input on the issue of electronic voting. Is there any comprehensive collection of resources or (preferably academic) research already out there? Any other input or links to prior discussions on this list would be most helpful as well. Thanks! Marcin -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Heml.is - The Beautiful Secure Messenger
On Wed, Jul 10, 2013 at 9:30 PM, Nadim Kobeissi na...@nadim.cc wrote: Will it be Open Source? We have all intentions of opening up the source as much as possible for scrutiny and help! What we really want people to understand however, is that Open Source in itself does not guarantee any privacy or safety. It sure helps with transparency, but technology by itself is not enough. The fundamental benefits of Heml.is will be the app together with our backend infrastructure, which is what really makes the system interesting and secure. — https://heml.is/ I'm sort of infamous by now for the fusses I make regarding the importance of open-sourcing security software. I'm pretty sure people are tired of me so I'm going to be quiet. But it's clear to me that Hemlis's answer is not the right answer. Hi: Agreed. I won't support heml.is if it's not libre software, as it seems to be the case. They want 100k $ to fund non-free software. That's something I don't think people should support. Regards, -- Eduardo Robles Elvira +34 668 824 393skype: edulix2 http://www.wadobo.comit's not magic, it's wadobo! -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Resources on electronic voting
Do you read French ? :) If so, I can point you to quite a few extremely valuable resources related to e-voting, internet voting and thorough arguments on why FLOSS solutions don't solve all the issues. Best, Rayna Le 10 juil. 2013 20:09, Marcin de Kaminski mar...@dekaminski.se a écrit : To add some context; Swedish govt currently has a proposal regarding electronic voting, and are looking for comments in it. What I'm looking for is therefor not examples of e-voting solutions but rather comments, research and overall information about how to regard e-voting from a technical perspective. Marcin 10 jul 2013 kl. 20:04 skrev Allen Gunn gun...@aspirationtech.org: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Not sure if it's what you are looking for, but: http://blackboxvoting.org/ http://verifiedvoting.org/ peace, gunner On 07/10/2013 10:55 AM, Nick Daly wrote: On Wed, Jul 10, 2013 at 12:36 PM, Marcin de Kaminski mar...@dekaminski.se wrote: Sorry to ask such a general question but I need input on the issue of electronic voting. Is there any comprehensive collection of resources or (preferably academic) research already out there? -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech - -- Allen Gunn Executive Director, Aspiration +1.415.216.7252 www.aspirationtech.org Aspiration: Better Tools for a Better World Read our Manifesto: http://aspirationtech.org/publications/manifesto Follow us: Facebook: www.facebook.com/aspirationtech Twitter: www.twitter.com/aspirationtech - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJR3aI8AAoJENVj9yFHsyq3t4wH/RoCBbxfRN67tpOYhlT8yKaL mv1xNFrFEeMSg57jBjpJNvOuCV1TAFk1OTEJcZBcVk5f5AZ93pbtophVLswEa8v2 5Wx/sEXZPfsl0cmGuqv5pGg4M2PL15SIEo2CRZrUEuzfh2cKRyuZBQNomviNOsu7 o/10XctD1QUafia2uHizJR2Xc9J6Z5n3UyF7VTGRi8qO47cksorZf7BMcTW2r3I9 QFdSPP5ZeA3n5WWn3FYgA/+Q2I6HdkLk48dNo1WgZKV8wGTrCpocvGkeRPoxgzkl IJ1UCEIjszyPJqZh4zzoVeAyIKE1NLX4AyDsgJK4tuH3RTbW3H5z5Jjr8flsaQ0= =UgdX -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Resources on electronic voting
On Wed, Jul 10, 2013 at 9:58 PM, Rayna rayna...@gmail.com wrote: Do you read French ? :) If so, I can point you to quite a few extremely valuable resources related to e-voting, internet voting and thorough arguments on why FLOSS solutions don't solve all the issues. Best, Rayna Actually, just for reference, here is an (obviously not complete) list of academic papers related to e-voting stuff: http://wiki.partidodeinternet.es/index.php?title=VotoElectr%C3%B3nico Regards, -- Eduardo Robles Elvira +34 668 824 393skype: edulix2 http://www.wadobo.comit's not magic, it's wadobo! -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Thank you for choosing cyberpunk dystopia.
Thank you Shava, I so look forward to reading your posts. Spike On 10/07/2013 20:07, Shava Nerad wrote: I have to say, this is why I am proposing we must turn to traditional community organizing, using the net only as a means of totally transparent communications at this point for organizing facilitations. We have a strong history in this country of successful insurgent formal nonviolent social movements. And I am afraid if we do not mobilize the consequences are in fact dystopian. We have two generations essentially detached not only from civic activism but largely from the social contract in general. I feel as though society is inviting renewal or despotism. So, what are we looking at? The vague shadows of a Spanish Civil War? I hope the hell not. Shadows of 1930s Germany is what I hear more often, ducking Godwin, but just reporting. The point is that there is one piece of compassion we might have here: while we are horrified as activists in a democracy in America regarding our government, our government -- our friends and people we see not as friends -- is somewhat justifiably horrified looking over our shoulders at the electorate. Government can not change the electorate in a democracy -- at least, not quickly. That really only works the other way around. Our people do not understand their own government any more. They have been reality engineered into a market-of-votes. Elections here are transmedia, and are game theoried to death. Party platforms are minor lore and backstory. Political principals that actually relate to real world consequences have very little place in electoral politics except as they are adopted as plot elements in the transmedia drama, which often holds no reliance, especially, on facts. If you have felt like every bit of this has been social engineering since about Clinton and Gingrich started influencing their parties, I think you would be right. Both men are very fond of a marketing/game theory chase to the middle. The DLC and the Contract for America both displayed strong ideological platforms while candidates pursued whatever it took to take the unaffiliated vote. So we entered the age where everyone complained that the parties were indistinguishable. For decades. Until that became, in market research, too unpopular. Nearly instantly, our two dominant parties went, in the public perception, from being indistinguishable, from having always been too polarized and unable to work with one another, ever. And, although this made approval ratings of Congress as a whole drop (at 11-17% now but they have no reason to fear consequences), it made approval of your local congresscritters go up -- your own delegation is seen as aggressive, fighting for you, and standing up to bad government. Teflon. And totally unaccountable. We are so fucked. This is the perfect morph of we have always been at war with Eurasia in politics. You have to be carefully taught... This is not an electorate. It's an arena of futbol yahoos who never had a chance to learn what it means to be a citizen of a democracy, drunk on cheap beer and cheering for the guys wearing the right color uniforms, and ready to brawl with the other fans if they lose. This is why, yes they are outraged about Prism -- they have been taught to be outraged because in a neuromarketing sense, it retains their attention quivering at the TV for three minutes through the next series of ads, and they retain more information from those ads and are grateful for their soothing effect, so it makes for greater brand affinity. So as long as Snowdon keeps adrenaline moving as political porn, he will get equal time on CNN, MS-NBC, and FOX News, and as soon as he stops selling stuff, the sleeping giant will roll over and go back to hibernation until next crisis or the Superbowl. Like a light switch, by manufactured consent, the spotlights will go off, go on again perhaps as a footnote if some bad consequences happen to Snowden after the NSA decides enough people don't care any more, then fade, entirely, to black. But it is possible to change things. It takes the ones who are still learning, and that means the young, the geeks, the intellectuals. It takes forming a movement based on principals, so it doesn't rely on one set of people coming up with ideas. It must be nonviolent and coherent with how the current system purports to work (and often that ends up working against the system as a shaming mechanism). I am hoping it will be multipartisan, but I am pretty unabashedly old-line liberal and conservative-friendly -- my attitude is that politics is RvR gaming and beers after, and geeks are good at fighting fair in design meetings. ;) I want to open source politics. It's gotten ikky, and it's getting ikkier, but contrary to popular belief, it isn't inherent on all scales. And it's gotten worse rather than better due to people neglecting the institution. Someone has to clean the loos dammit, or they get
Re: [liberationtech] Thank you for choosing cyberpunk dystopia.
Shava you are like a breath of fresh air after dealing with the so called normal people and government idiocracy. Like Spike, I very much look forward to reading your posts. On Wed, Jul 10, 2013 at 4:13 PM, Spike (Chris Foote) sp...@tenbus.co.ukwrote: Thank you Shava, I so look forward to reading your posts. Spike On 10/07/2013 20:07, Shava Nerad wrote: I have to say, this is why I am proposing we must turn to traditional community organizing, using the net only as a means of totally transparent communications at this point for organizing facilitations. We have a strong history in this country of successful insurgent formal nonviolent social movements. And I am afraid if we do not mobilize the consequences are in fact dystopian. We have two generations essentially detached not only from civic activism but largely from the social contract in general. I feel as though society is inviting renewal or despotism. So, what are we looking at? The vague shadows of a Spanish Civil War? I hope the hell not. Shadows of 1930s Germany is what I hear more often, ducking Godwin, but just reporting. The point is that there is one piece of compassion we might have here: while we are horrified as activists in a democracy in America regarding our government, our government -- our friends and people we see not as friends -- is somewhat justifiably horrified looking over our shoulders at the electorate. Government can not change the electorate in a democracy -- at least, not quickly. That really only works the other way around. Our people do not understand their own government any more. They have been reality engineered into a market-of-votes. Elections here are transmedia, and are game theoried to death. Party platforms are minor lore and backstory. Political principals that actually relate to real world consequences have very little place in electoral politics except as they are adopted as plot elements in the transmedia drama, which often holds no reliance, especially, on facts. If you have felt like every bit of this has been social engineering since about Clinton and Gingrich started influencing their parties, I think you would be right. Both men are very fond of a marketing/game theory chase to the middle. The DLC and the Contract for America both displayed strong ideological platforms while candidates pursued whatever it took to take the unaffiliated vote. So we entered the age where everyone complained that the parties were indistinguishable. For decades. Until that became, in market research, too unpopular. Nearly instantly, our two dominant parties went, in the public perception, from being indistinguishable, from having always been too polarized and unable to work with one another, ever. And, although this made approval ratings of Congress as a whole drop (at 11-17% now but they have no reason to fear consequences), it made approval of your local congresscritters go up -- your own delegation is seen as aggressive, fighting for you, and standing up to bad government. Teflon. And totally unaccountable. We are so fucked. This is the perfect morph of we have always been at war with Eurasia in politics. You have to be carefully taught... This is not an electorate. It's an arena of futbol yahoos who never had a chance to learn what it means to be a citizen of a democracy, drunk on cheap beer and cheering for the guys wearing the right color uniforms, and ready to brawl with the other fans if they lose. This is why, yes they are outraged about Prism -- they have been taught to be outraged because in a neuromarketing sense, it retains their attention quivering at the TV for three minutes through the next series of ads, and they retain more information from those ads and are grateful for their soothing effect, so it makes for greater brand affinity. So as long as Snowdon keeps adrenaline moving as political porn, he will get equal time on CNN, MS-NBC, and FOX News, and as soon as he stops selling stuff, the sleeping giant will roll over and go back to hibernation until next crisis or the Superbowl. Like a light switch, by manufactured consent, the spotlights will go off, go on again perhaps as a footnote if some bad consequences happen to Snowden after the NSA decides enough people don't care any more, then fade, entirely, to black. But it is possible to change things. It takes the ones who are still learning, and that means the young, the geeks, the intellectuals. It takes forming a movement based on principals, so it doesn't rely on one set of people coming up with ideas. It must be nonviolent and coherent with how the current system purports to work (and often that ends up working against the system as a shaming mechanism). I am hoping it will be multipartisan, but I am pretty unabashedly old-line liberal and conservative-friendly -- my attitude is that politics is RvR gaming and beers after, and geeks
Re: [liberationtech] Resources on electronic voting
Please do! My French is a bit... rusty, but I can at least understand main conclusions or gtranslate it. 10 jul 2013 kl. 21:58 skrev Rayna rayna...@gmail.com: Do you read French ? :) If so, I can point you to quite a few extremely valuable resources related to e-voting, internet voting and thorough arguments on why FLOSS solutions don't solve all the issues. Best, Rayna Le 10 juil. 2013 20:09, Marcin de Kaminski mar...@dekaminski.se a écrit : To add some context; Swedish govt currently has a proposal regarding electronic voting, and are looking for comments in it. What I'm looking for is therefor not examples of e-voting solutions but rather comments, research and overall information about how to regard e-voting from a technical perspective. Marcin 10 jul 2013 kl. 20:04 skrev Allen Gunn gun...@aspirationtech.org: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Not sure if it's what you are looking for, but: http://blackboxvoting.org/ http://verifiedvoting.org/ peace, gunner On 07/10/2013 10:55 AM, Nick Daly wrote: On Wed, Jul 10, 2013 at 12:36 PM, Marcin de Kaminski mar...@dekaminski.se wrote: Sorry to ask such a general question but I need input on the issue of electronic voting. Is there any comprehensive collection of resources or (preferably academic) research already out there? -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech - -- Allen Gunn Executive Director, Aspiration +1.415.216.7252 www.aspirationtech.org Aspiration: Better Tools for a Better World Read our Manifesto: http://aspirationtech.org/publications/manifesto Follow us: Facebook: www.facebook.com/aspirationtech Twitter: www.twitter.com/aspirationtech - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJR3aI8AAoJENVj9yFHsyq3t4wH/RoCBbxfRN67tpOYhlT8yKaL mv1xNFrFEeMSg57jBjpJNvOuCV1TAFk1OTEJcZBcVk5f5AZ93pbtophVLswEa8v2 5Wx/sEXZPfsl0cmGuqv5pGg4M2PL15SIEo2CRZrUEuzfh2cKRyuZBQNomviNOsu7 o/10XctD1QUafia2uHizJR2Xc9J6Z5n3UyF7VTGRi8qO47cksorZf7BMcTW2r3I9 QFdSPP5ZeA3n5WWn3FYgA/+Q2I6HdkLk48dNo1WgZKV8wGTrCpocvGkeRPoxgzkl IJ1UCEIjszyPJqZh4zzoVeAyIKE1NLX4AyDsgJK4tuH3RTbW3H5z5Jjr8flsaQ0= =UgdX -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Thank you for choosing cyberpunk dystopia.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Reading through this: I was about it remark that, while sometimes reworded, the thoughts and even sentences were ripped from talks given by Marlenspike and Appelbaum. I was very pleased to have seen the disclaimer at the end of the article. Kudos to give credit where credit's due. - -RJ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJR3dIpAAoJEIPivuCdf/gcvv4IAJCQ+/BkqEE4CxKkRFwukaWx aLc4upB7IBNliZ/J3xqtZn+GGw8GFOjc8UtODuawAOwqamlf6yNK2wxZloIwy0rT P5+8jJsISDS2ei0o9ZzMcevZZk0ae7/qP6YybhmA0v9q2Cttz53VbVwsynuKABu7 C/6tiFn1SfiAMOTXrEMH9uUPPjzZspqC4zVqXnvlgyeVfiK/UFZ4/USMUxBMQNN+ gnA8vlUPS53CG39BW6noTJw4jpNFi57l75nxeCpw8GNfGsnaywbrrTFxpr6RG5hI I0WMMKTdOMTNeY14tLcaZhcd7OMbLCyna91takXbG7fqJZh9hz7338UERrB/HBA= =+XgY -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Cables! (was Re: DecryptoCat)
On Tue, Jul 9, 2013 at 5:10 PM, Nathan of Guardian nat...@guardianproject.info wrote: What is the state of the project, and is there a good primer to get started on developing around it? Hi, you may want to start here: https://github.com/mkdesu/cables/wiki https://github.com/mkdesu/cables/wiki/deployment My interest is primarily in using or porting it to a mobile environment, and not within Liberte Linux itself. That's what I have been meaning to do for quite some time (I even got myself an Android smartphone instead of an old Nokia brick). I actually started Liberté Linux as a safe environment for cables communication (even before developing cables), but got carried away somewhat. -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Thank you for choosing cyberpunk dystopia.
On 2013-07-10 17:43, Eugen Leitl wrote: https://medium.com/surveillance-state/b804de3b5b In a 1928 case before the Supreme Court, Olmstead v.United States, [...] The court ruled with the defendant This is incorrect -- the court ruled against Olmstead, and the opinions quoted in the piece are those of Brandeis, dissenting. Evan -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
On Wed, Jul 10, 2013 at 4:43 PM, Jacob Appelbaum ja...@appelbaum.net wrote: I couldn't disagree more. This sounds consistent with the current arms race and also relates directly to the 0day markets that have been active for many many years. Remember though: buying 0day bugs or exploits for 0day is just one part of a much larger picture. The interview is either a hoax or an exaggerated “hunting story”, for two primary reasons: number of employees, and number of exploits. Militiaries have a huge problem recruiting cyber ops specialists at present, and most of the recruited are not even remotely good. At the moment, the whole of USA has just 4 colleges certified by NSA to teach offensive security (CAE-CO) [1]. USCYBERCOM has “close to 750 employees” [2]. For the level of skill described, all of US military might have, I don't know, 50 senior specialists? Why would this guy work via a staffing company, in a team of 5000, in an unmarked building? What's there to protect by obscuring their work? They need to reside inside some TEMPEST-resistant installation at a military base, especially if they work with classified equipment, etc. The number of 0-days and rate of their production don't make sense either. Unless 0-days are purchased exclusively in order to deny them to the enemy (which doesn't seem to be the case), the exploits wouldn't cost hundreds of thousands of USD each. [1] http://www.nsa.gov/academia/nat_cae_cyber_ops/index.shtml [2] http://abcnews.go.com/Technology/pentagon-cyber-command-unit-recommended-elevated-combatant-status/story?id=16262052 -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
1. The NSA center of excellence program is not really that important. If you look carefully, they are mainly 2 year community colleges located near Army bases that give basic sysadmin training. This is good and necessary, but don't get fooled into thinking that they are training the highly skilled cyber operations people. They are training low level IT support mainly. 2. There is a growing outsourcing of intel and cyber work. You could look at some of the Washington Post articles on the large number of companies and facilities doing classified work. Northern Virginia has more tech workers now than silicon valley. There are lots of SCIFS available for cyber work. 3. 0-days are not bought to deny them to the enemy. They are bought for integration into things like stuxnet. There are a large number of contracting companies with a highly skilled workforce in this domain. There are also other branches of the government with expertise... On 07/10/2013 06:46 PM, Maxim Kammerer wrote: On Wed, Jul 10, 2013 at 4:43 PM, Jacob Appelbaum ja...@appelbaum.net wrote: I couldn't disagree more. This sounds consistent with the current arms race and also relates directly to the 0day markets that have been active for many many years. Remember though: buying 0day bugs or exploits for 0day is just one part of a much larger picture. The interview is either a hoax or an exaggerated “hunting story”, for two primary reasons: number of employees, and number of exploits. Militiaries have a huge problem recruiting cyber ops specialists at present, and most of the recruited are not even remotely good. At the moment, the whole of USA has just 4 colleges certified by NSA to teach offensive security (CAE-CO) [1]. USCYBERCOM has “close to 750 employees” [2]. For the level of skill described, all of US military might have, I don't know, 50 senior specialists? Why would this guy work via a staffing company, in a team of 5000, in an unmarked building? What's there to protect by obscuring their work? They need to reside inside some TEMPEST-resistant installation at a military base, especially if they work with classified equipment, etc. The number of 0-days and rate of their production don't make sense either. Unless 0-days are purchased exclusively in order to deny them to the enemy (which doesn't seem to be the case), the exploits wouldn't cost hundreds of thousands of USD each. [1] http://www.nsa.gov/academia/nat_cae_cyber_ops/index.shtml [2] http://abcnews.go.com/Technology/pentagon-cyber-command-unit-recommended-elevated-combatant-status/story?id=16262052 -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
On 10 July 2013 09:43, Jacob Appelbaum ja...@appelbaum.net wrote: Andreas Bader: Tens of thousands zero-days; that sounds like totally shit. That guy seems to be a script kiddie poser, nothing more. Are there any real hackers that can issue a competent statement to that? I couldn't disagree more. This sounds consistent with the current arms race and also relates directly to the 0day markets that have been active for many many years. Remember though: buying 0day bugs or exploits for 0day is just one part of a much larger picture. I cautiously disagree with Andreas also, but from a different angle. I don't have any insider knowledge obviously. But if the tens of thousands figure included 'soft targets': - OEM Software like printer drivers, graphics drivers, or the preinstalled crud you get when you buy something from Best Buy - Open Office - Realplayer, VLC, and other media players - Lotus Notes - SCADA - eDonkey or whatever the non-bittorrent P2P stuff is today - random non-default installs of servers (who uses X11 on the open internet these days?) ...Then I could see a tens of thousands figure. But if someone said they had more than, say, 250 completely distinct, weaponized exploits for a fully up to date target like Apache, Chrome, Windows 7/8, Apple iOS, IE9 - I would be more skeptical. Only because I think if they were that easy to come by, the price list we know of[0] would be lower. 250 * $100,000 = $25Mil. And while I wouldn't put it past a government to jump at that offer - my gut, which could be wrong, says those types of exploits are rarer. For example: Think 1 poorly-exploited IE 0day is scary? Our feed has 4 reliable ones on Win7. Defenders should be scared of attacks that don't make news.[1]. Four is a lot. But it's not 100, and it's not 10,000. -tom [0] http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/ [1] https://twitter.com/ExodusIntel/status/286731662316937217 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
On Wed, Jul 10, 2013 at 6:46 PM, Maxim Kammerer m...@dee.su wrote: On Wed, Jul 10, 2013 at 4:43 PM, Jacob Appelbaum ja...@appelbaum.net wrote: I couldn't disagree more. This sounds consistent with the current arms race and also relates directly to the 0day markets that have been active for many many years. Remember though: buying 0day bugs or exploits for 0day is just one part of a much larger picture. The interview is either a hoax or an exaggerated “hunting story”, for two primary reasons: number of employees, and number of exploits. Militiaries have a huge problem recruiting cyber ops specialists at present, and most of the recruited are not even remotely good. At the moment, the whole of USA has just 4 colleges certified by NSA to teach offensive security (CAE-CO) [1]. USCYBERCOM has “close to 750 employees” [2]. For the level of skill described, all of US military might have, I don't know, 50 senior specialists? Why would this guy work via a staffing company, in a team of 5000, in an unmarked building? My brother works for CCA. He works for the Office of the Secretary of Defence. He has worked for something having to do with MI since the 60s, and in 1979, a friend at MITRE at the MIT Strategic Games Society who vetted people for what clearances they have told me, Tell me your brother's name/rank and where he's stationed, and I'll tell you his clearances. So, the next weekend, my friend comes back looking a little creeped out, takes me in a corner and says, I've never had this happen before, but when I checked your bro? It said, 'Please establish a need to know; this transaction has been logged.' The last business card I saw for him was when he'd mustered out and was consulting at Quantico, and his card said, in English on one side, and Korean on the other, Master Wargamer. OK, I have to confess, I had title lust. We have interesting holiday dinners not talking about our work. He works at some facility uphill from Provo CO. Maybe it's Prism? I wouldn't know. We don't talk. None of my information is from him. I wouldn't do that to him. I am very careful. However, I do know that if he is like most CCA, Booz Allen, and other such folks with clearances like his he works in very large facilities. They are unremarkable. They are full of secretaries and file clerks and accountants and all the usual sorts of people that you would expect in any big IT company. They all, I imagine, work for big beltway-style consultants, not the military. His daughter does. His wife does. They have top secret clearances, too. They are not arch geeks. I did not see in that story that it said that all 5000 of the people were cyberwarriors. FOUR MILLION PEOPLE in the USA hold top secret clearances. http://www.washingtonpost.com/blogs/worldviews/wp/2013/06/12/top-secret-clearance-holders-so-numerous-they-include-packerscraters/ This is why. You work in one of these unmarked beltway buildings, you have to have a top secret clearance to get by the two levels of gate security to get up the drive to the parking area. They are fully staffed office buildings. As the story reports, they have mailroom staff with top secret clearances to move crates. Cyberwarrior types (even peaceful ones) don't tend to want to do their own paperwork. I think I have reason to know this...:) I wonder if it's wise to pick this story apart in such great detail when the very noir-storytelling flavored piece had so little detail described by the journalist himself? Did the journalist have anything he stated? Was he able to verify anything? No. He could not fact check. He was doing a character study, don't you think, not an investigative piece. Perhaps it was meant to portray a picture of the personality of the cyberwarrior type we are hiring, and an image of how tweaky that life is. Which I believe it succeeded in very well. But as a journalist you can't exactly say, Look how egotistically tweaky this dude is! without jeopardizing further stories, amiright? So perhaps the journalist is giving you as the reader a little credit for reading between the lines, intelligently (that being the root of the word: inter for between, and legens for reading), to figure out what exactly you can draw as credible or not, but the point may be -- omg, this is what we're grabbing for our cream of the crop? Don't shoot the messenger. It's an interesting message if you don't dissect it too finely. yrs, -- Shava Nerad shav...@gmail.com -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
On Thu, Jul 11, 2013 at 2:28 AM, Richard Brooks r...@acm.org wrote: 1. The NSA center of excellence program is not really that important. If you look carefully, they are mainly 2 year community colleges located near Army bases that give basic sysadmin training. This is good and necessary, but don't get fooled into thinking that they are training the highly skilled cyber operations people. They are training low level IT support mainly. I have no illusions wrt. quality of higher education in USA, but these colleges definitely do not aim for “basic sysadmin training”. You can read more about their approach here: [1]. Maybe you are thinking about NSA Information Assurance programs [2], with many participating colleges. [1] http://dx.doi.org/10.1109/MSP.2012.117 [2] http://www.nsa.gov/ia/academic_outreach/nat_cae/institutions.shtml 2. There is a growing outsourcing of intel and cyber work. You could look at some of the Washington Post articles on the large number of companies and facilities doing classified work. Northern Virginia has more tech workers now than silicon valley. There are lots of SCIFS available for cyber work. If I understand correctly, expansion of outsourcing in NSA started post-9/11. The guy in the interview is supposed to have been doing this for much longer. But it's a possibility, sure, although I still find a team of 5000 expert exploit writers hardly a believable figure. 3. 0-days are not bought to deny them to the enemy. They are bought for integration into things like stuxnet. Which had four 0-days. With the outstanding importance assigned to the project, I would expect them to lose count of 0-days stuffed inside if they really had “tens of thousands” of those. -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
On Thu, Jul 11, 2013 at 3:22 AM, Shava Nerad shav...@gmail.com wrote: So perhaps the journalist is giving you as the reader a little credit for reading between the lines, intelligently (that being the root of the word: inter for between, and legens for reading), to figure out what exactly you can draw as credible or not, but the point may be -- omg, this is what we're grabbing for our cream of the crop? The problem is that when you try to read between the lines, the whole story looks like it was sucked out of author's index finger, after reading the Wikipedia article on NSA and viewing a few YouTube videos about hacker communities. He would learn about backdoors in encryption equipment by ordering their manuals? Where from, exactly, would he order such classified material? How would he search for backdoors if all radios since 70's are modularized, and manuals for sensitive equipment certainly wouldn't contain schematics for the modules inside? Does the writer have any idea how rare it is for someone to be really good at both hardware and software hacking? Or how unlikely it is for a high-school dropout to be able to break even the simplest frequency hopping encryption? Etc. -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
On Wed, Jul 10, 2013 at 5:00 PM, Tom Ritter t...@ritter.vg wrote: ... if the tens of thousands figure included 'soft targets': [lots of soft targets...] ...Then I could see a tens of thousands figure. But if someone said they had more than, say, 250 completely distinct, weaponized exploits for a fully up to date target like Apache, Chrome, Windows 7/8, Apple iOS, IE9 - I would be more skeptical. also consider that exploitable vulnerabilities in all of the above (mainly soft, but also other target systems) identified by the large scale, customized fuzzing systems discussed in the interview are just the first stage in a useful, fully weaponized exploit. this piece may describe the collective set of vulnerabilities over time in the best interpretation possible; the implications are still clear: any commercial system you are using is likely exploitable now in multiple ways, and potentially in the future thousands of ways. as an observer, it is most interesting to me to see the evolution of focus of these exploits, and how they are utilized. the rare public glimpses into these efforts are interesting and instructive. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
On Wed, Jul 10, 2013 at 5:58 PM, Maxim Kammerer m...@dee.su wrote: ... He would learn about backdoors in encryption equipment by ordering their manuals? Where from, exactly, would he order such classified material? i'm not defending this individual specifically, but this is not at all unreasonable. consider P25 systems frequently used with null keys [0] - you may not be breaking the encryption, but knowledge of how communications may be encrypted by default is just as effective. ... Does the writer have any idea how rare it is for someone to be really good at both hardware and software hacking? this is not unusual to me. it is like saying do you know how rare it is for someone to be really good at both lock picking and software exploitation? ... not rare. (or perhaps our definitions vary - talented hackers are rare relative to human population ;) Or how unlikely it is for a high-school dropout to be able to break even the simplest frequency hopping encryption? we could craft a list. it would not be short. again: not defending this particular individual but the assertions above are not legitimate. best regards, 0. http://www.crypto.com/papers/p25sec.pdf -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech