Re: [liberationtech] Internet is designed for surveillance
On Wed, Jun 26, 2013 at 09:03:43AM -0700, Yosem Companys wrote: Where is the effort honor the Internet paradigm and move away from the presumption of hierarchy to a distributed approach that doesn’t assume that we must declare our intent merely to exchange bits? At very least we should move beyond having rent-seekers in the path. In terms of credible efforts, I'm only aware of cjdns at the moment. Further pointers welcome. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] nettime Leonid Bershidsky: U.S. Surveillance Is Not Aimed at Terrorists (Bloomberg)
that, the governments efforts are much more dangerous to civil liberties than they are to al-Qaeda and other organizations like it. (Leonid Bershidsky is an editor and novelist based in Moscow. The opinions expressed are his own.) To contact the writer of this article: Leonid Bershidsky at bershid...@gmail.com. To contact the editor responsible for this article: Mark Whitehouse at mwhitehou...@bloomberg.net. # distributed via nettime: no commercial use without permission # nettime is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: http://mx.kein.org/mailman/listinfo/nettime-l # archive: http://www.nettime.org contact: nett...@kein.org - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM
On Mon, Jun 24, 2013 at 04:28:11PM -0700, coderman wrote: On Mon, Jun 24, 2013 at 4:17 PM, Nadim Kobeissi na...@nadim.cc wrote: ... If you want to focus your ire on something, go take a look at how DEFCON and BlackHat are inviting NSA Director Keith Alexander to give the keynote! they bring great exploit kit; make yourself a target and get world class auditing for free... So the feds are part of the hostile environment? It's not just the attendees? It appears unlikely, since there will be a heavy catch haul in all the honeypots. It would be telling. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM
On Mon, Jun 24, 2013 at 09:08:59PM -0300, hellekin wrote: They are ramping such a system up but it isn't in place yet, remember, they are firing 600 people in the following years. *** I guess you mean: outsourcing to the private sector. The budgets in general will shrink a lot in the coming years, whether black, or not. There's only that much parasite load a given host can bear, especially if energy intake is going down. It might be well the last big splurge in sigint, and they will have to let many analysts go. The data might be still collected, for a while, before the number of tap points goes down to attrition, but less and less can be made from it. Perhaps we're witnessing Peak Spook. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Security over SONET/SDH
- Forwarded message from s...@wwcandt.com - Date: Tue, 25 Jun 2013 07:56:38 -0400 (EDT) From: s...@wwcandt.com To: Glen Turner g...@gdt.id.au Cc: na...@nanog.org Subject: Re: Security over SONET/SDH User-Agent: SquirrelMail/1.4.8-21.el5.centos Reply-To: s...@wwcandt.com Even if your crypto is good enough end to end CALEA will require you to hand over the keys and/or put in a backdoor if you have a US nexus. From Wikipedia http://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act USA telecommunications providers must install new hardware or software, as well as modify old equipment, so that it doesn't interfere with the ability of a law enforcement agency (LEA) to perform real-time surveillance of any telephone or Internet traffic. Modern voice switches now have this capability built in, yet Internet equipment almost always requires some kind of intelligent Deep Packet Inspection probe to get the job done. In both cases, the intercept-function must single out a subscriber named in a warrant for intercept and then immediately send some (headers-only) or all (full content) of the intercepted data to an LEA. The LEA will then process this data with analysis software that is specialized towards criminal investigations. All traditional voice switches on the U.S. market today have the CALEA intercept feature built in. The IP-based soft switches typically do not contain a built-in CALEA intercept feature; and other IP-transport elements (routers, switches, access multiplexers) almost always delegate the CALEA function to elements dedicated to inspecting and intercepting traffic. In such cases, hardware taps or switch/router mirror-ports are employed to deliver copies of all of a network's data to dedicated IP probes. Probes can either send directly to the LEA according to the industry standard delivery formats (c.f. ATIS T1.IAS, T1.678v2, et al.); or they can deliver to an intermediate element called a mediation device, where the mediation device does the formatting and communication of the data to the LEA. A probe that can send the correctly formatted data to the LEA is called a self-contained probe. In order to be compliant, IP-based service providers (Broadband, Cable, VoIP) must choose either a self-contained probe (such as made by IPFabrics), or a dumb probe component plus a mediation device (such as made by Verint, or they must implement the delivery of correctly formatted for a named subscriber's data on their own. Link encryption isn't to protect the contents of the user's communication. There is no reason for users to trust their ISP more than a national institution full of people vetted to the highest level. What link encryption gets the user is protection from traffic analysis from parties other than the ISP. You've seen in the NSA documents how highly they regard this traffic analysis. I'd fully expect the NSA to collect it by other means. -glen -- Glen Turner http://www.gdt.id.au/~gdt/ - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] hey, sounds familiar
“People who radicalise under the influence of jihadist websites often go through a number of stages,” the Dutch report said. “Their virtual activities increasingly shift to the invisible Web, their security awareness increases and their activities become more conspiratorial.” http://www.bloomberg.com/news/2013-06-23/u-s-surveillance-is-not-aimed-at-terrorists.html U.S. Surveillance Is Not Aimed at Terrorists By Leonid Bershidsky Jun 24, 2013 12:00 AM GMT+0200 The debate over the U.S. government’s monitoring of digital communications suggests that Americans are willing to allow it as long as it is genuinely targeted at terrorists. What they fail to realize is that the surveillance systems are best suited for gathering information on law-abiding citizens. People concerned with online privacy tend to calm down when told that the government can record their calls or read their e-mail only under special circumstances and with proper court orders. The assumption is that they have nothing to worry about unless they are terrorists or correspond with the wrong people. The infrastructure set up by the National Security Agency, however, may only be good for gathering information on the stupidest, lowest-ranking of terrorists. The Prism surveillance program focuses on access to the servers of America’s largest Internet companies, which support such popular services as Skype, Gmail and iCloud. These are not the services that truly dangerous elements typically use. Read More: Leonid Bershidsky on Snowden's Moscow Layover In a January 2012 report titled “Jihadism on the Web: A Breeding Ground for Jihad in the Modern Age,” the Dutch General Intelligence and Security Service drew a convincing picture of an Islamist Web underground centered around “core forums.” These websites are part of the Deep Web, or Undernet, the multitude of online resources not indexed by commonly used search engines. No Data The Netherlands’ security service, which couldn’t find recent data on the size of the Undernet, cited a 2003 study from the University of California at Berkeley as the “latest available scientific assessment.” The study found that just 0.2 percent of the Internet could be searched. The rest remained inscrutable and has probably grown since. In 2010, Google Inc. said it had indexed just 0.004 percent of the information on the Internet. Websites aimed at attracting traffic do their best to get noticed, paying to tailor their content to the real or perceived requirements of search engines such as Google. Terrorists have no such ambitions. They prefer to lurk in the dark recesses of the Undernet. “People who radicalise under the influence of jihadist websites often go through a number of stages,” the Dutch report said. “Their virtual activities increasingly shift to the invisible Web, their security awareness increases and their activities become more conspiratorial.” Radicals who initially stand out on the “surface” Web quickly meet people, online or offline, who drag them deeper into the Web underground. “For many, finally finding the jihadist core forums feels like a warm bath after their virtual wanderings,” the report said. When information filters to the surface Web from the core forums, it’s often by accident. Organizations such as al-Qaeda use the forums to distribute propaganda videos, which careless participants or their friends might post on social networks or YouTube. Communication on the core forums is often encrypted. In 2012, a French court found nuclear physicist Adlene Hicheur guilty of, among other things, conspiring to commit an act of terror for distributing and using software called Asrar al-Mujahideen, or Mujahideen Secrets. The program employed various cutting-edge encryption methods, including variable stealth ciphers and RSA 2,048-bit keys. The NSA’s Prism, according to a classified PowerPoint presentation published by the Guardian, provides access to the systems of Microsoft Corp. (and therefore Skype), Facebook Inc., Google, Apple Inc. and other U.S. Internet giants. Either these companies have provided “master keys” to decrypt their traffic - - which they deny -- or the NSA has somehow found other means. Traditional Means Even complete access to these servers brings U.S. authorities no closer to the core forums. These must be infiltrated by more traditional intelligence means, such as using agents posing as jihadists or by informants within terrorist organizations. Similarly, monitoring phone calls is hardly the way to catch terrorists. They’re generally not dumb enough to use Verizon. Granted, Russia’s special services managed to kill Chechen separatist leader Dzhokhar Dudayev with a missile that homed in on his satellite-phone signal. That was in 1996. Modern-day terrorists are generally more aware of the available technology. At best, the recent revelations concerning Prism and telephone surveillance might deter potential recruits to terrorist causes from using the most visible
[liberationtech] Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]
- Forwarded message from Leo Bicknell bickn...@ufp.org - Date: Tue, 25 Jun 2013 08:15:14 -0500 From: Leo Bicknell bickn...@ufp.org To: Phil Fagan philfa...@gmail.com Cc: NANOG na...@nanog.org Subject: Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH] X-Mailer: Apple Mail (2.1508) On Jun 25, 2013, at 7:38 AM, Phil Fagan philfa...@gmail.com wrote: Are these private links or customer links? Why encrypt at that layer? I'm looking for the niche usecase. I was reading an article about the UK tapping undersea cables (http://www.guardian.co.uk/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa) and thought back to my time at AboveNet and dealing with undersea cables. My initial reaction was doubt, there are thousands of users on the cables, ISP's and non-ISP's, and working with all of them to split off the data would be insanely complicated. Then I read some more articles that included quotes like: Interceptors have been placed on around 200 fibre optic cables where they come ashore. This appears to have been done with the secret co-operation (http://www.wired.co.uk/news/archive/2013-06/24/gchq-tempora-101) Which made me immediately realize it would be far simpler to strong arm the cable operators to split off all channels before connecting them to the customer. If done early enough they could all be split off as 10G channels, even if they are later muxed down to lower speeds reducing the number of handoffs to the spy apparatus. Very few ISP's ever go to the landing stations, typically the cable operators provide cross connects to a small number of backhaul providers. That makes a much smaller number of people who might ever notice the splitters and taps, and makes it totally transparent to the ISP. But the big question is, does this happen? I'm sure some people on this list have been to cable landing stations and looked around. I'm not sure if any of them will comment. If it does, it answers Phil's question. An ISP encrypting such a link end to end foils the spy apparatus for their customers, protecting their privacy. The US for example has laws that provide greater authority to tap foreign communications than domestic, so even though the domestic links may not be encrypted that may still pose a decent roadblock to siphoning off traffic. Who's going to be the first ISP that advertises they encrypt their links that leave the country? :) -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]
- Forwarded message from Christopher Morrow morrowc.li...@gmail.com - Date: Tue, 25 Jun 2013 10:38:30 -0400 From: Christopher Morrow morrowc.li...@gmail.com To: Dobbins, Roland rdobb...@arbor.net Cc: NANOG list na...@nanog.org Subject: Re: Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH] On Tue, Jun 25, 2013 at 10:23 AM, Dobbins, Roland rdobb...@arbor.net wrote: On Jun 25, 2013, at 8:15 PM, Leo Bicknell wrote: Which made me immediately realize it would be far simpler to strong arm the cable operators to split off all channels before connecting them to the customer. It's potentially a lot simpler than that: http://en.wikipedia.org/wiki/Operation_Ivy_Bells this involved, I think, just intuiting signals from the nearfield effects of the cable, no? 'drop a large sensor ontop-of/next-to the cable, win!' http://defensetech.org/2005/02/21/jimmy-carter-super-spy/ this I thought included the capabilities to drag the fiber/line into the hull for 'work' to be done... I'd note that introducing signal loss on the longhaul fiber seems 'risky', you'd have to know (and this isn't hard I bet) the tolerances of the link in question and have a way to stay inside those tolerances and not introduce new splice-points/junctions/etc and be careful for the undersea cable power (electric) requirements as well. fun stuff! and yea, why not just work with the landindstation operators to use the existing monitoring ports they use? (or get a copy of the monitor ports) -chris - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]
- Forwarded message from Måns Nilsson mansa...@besserwisser.org - Date: Tue, 25 Jun 2013 16:53:32 +0200 From: Måns Nilsson mansa...@besserwisser.org To: Christopher Morrow morrowc.li...@gmail.com Cc: NANOG list na...@nanog.org Subject: Re: Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH] User-Agent: Mutt/1.5.20 (2009-06-14) Subject: Re: Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH] Date: Tue, Jun 25, 2013 at 10:38:30AM -0400 Quoting Christopher Morrow (morrowc.li...@gmail.com): It's potentially a lot simpler than that: http://en.wikipedia.org/wiki/Operation_Ivy_Bells this involved, I think, just intuiting signals from the nearfield effects of the cable, no? 'drop a large sensor ontop-of/next-to the cable, win!' IVY BELLS (USN is / was an ALL-CAPS org, right?) was a copper era project, and it did use EMI tapping (TEMPEST) to get to the traffic without tampering with the cable. Having gotten that cleared, I'd argue that if you're on speaking terms with the cable operator, it is much easier to use a full-spectrum monitor port on the WDM system. -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE +46 705 989668 Your CHEEKS sit like twin NECTARINES above a MOUTH that knows no BOUNDS -- - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]
- Forwarded message from Dobbins, Roland rdobb...@arbor.net - Date: Tue, 25 Jun 2013 14:55:23 + From: Dobbins, Roland rdobb...@arbor.net To: NANOG list na...@nanog.org Subject: Re: Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH] On Jun 25, 2013, at 9:38 PM, Christopher Morrow wrote: this I thought included the capabilities to drag the fiber/line into the hull for 'work' to be done... I'd note that introducing signal loss on the longhaul fiber seems 'risky', you'd have to know (and this isn't hard I bet) the tolerances of the link in question and have a way to stay inside those tolerances and not introduce new splice-points/junctions/etc and be careful for the undersea cable power (electric) requirements as well. Kind of makes one think about the spate of high-profile submarine cable breaks over the past couple of years in a different light, doesn't it? ; and yea, why not just work with the landindstation operators to use the existing monitoring ports they use? (or get a copy of the monitor ports) Operational security in the original meaning of the term (i.e., what people don't know about, they can't talk to reporters from the Guardian about). --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Luck is the residue of opportunity and design. -- John Milton - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Secrecy News -- 06/25/13
. Derivative classification, or the application of previous classification decisions to new documents, increased by 3% to a new high of more than 95 million classification actions. (One would have expected the Fundamental Classification Guidance Review to have had greater impact on derivative classification -- since it is based on the newly reviewed guidance -- than it did on original classification, but that's not what happened.) The declassification process remains slow, cumbersome and predicated on an absolute risk avoidance standard that is simply unworkable. Incredibly, the President's directive to process the backlog of 25 year old historically valuable document for declassification and public release by December 2013 will apparently not be achieved, although the new ISOO report somehow neglects to mention this. Nor has the problem of overclassification been solved. Many classification decisions are still excluded from critical scrutiny and instances of overclassification are not hard to find. For example, the ISOO annual report states that although most agencies' information security costs are public information, the estimated costs of security incurred by intelligence agencies are nevertheless classified, as in the past, in accordance with Intelligence Community classification guidance. It's hard to believe that any impartial observer would agree that these cost estimates are properly classified and that their disclosure would cause damage to national security. (ISOO notes that the suppressed cost estimate is approximately 20% of the overall government total.) Speaking of costs, the total cost of classification-related activities was $9.77 billion in 2012, ISOO noted. Though this figure remains historically high, it is over a billion dollars less than the year before. In fact, it represents the first annual reduction in secrecy-related expenditures ever reported by ISOO. ___ Secrecy News is written by Steven Aftergood and published by the Federation of American Scientists. The Secrecy News Blog is at: http://www.fas.org/blog/secrecy/ To SUBSCRIBE to Secrecy News, go to: http://blogs.fas.org/secrecy/subscribe/ To UNSUBSCRIBE, go to http://blogs.fas.org/secrecy/unsubscribe/ OR email your request to safterg...@fas.org Secrecy News is archived at: http://www.fas.org/sgp/news/secrecy/index.html Support the FAS Project on Government Secrecy with a donation: https://members.fas.org/donate ___ Steven Aftergood Project on Government Secrecy Federation of American Scientists web:www.fas.org/sgp/index.html email: safterg...@fas.org voice: (202) 454-4691 twitter: @saftergood - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] NSA wiretapping without a warrant
http://www.guardian.co.uk/world/2013/jun/20/fisa-court-nsa-without-warrant Revealed: the top secret rules that allow NSA to use US data without a warrant Fisa court submissions show broad scope of procedures governing NSA's surveillance of Americans' communication • Document one: procedures used by NSA to target non-US persons • Document two: procedures used by NSA to minimise data collected from US persons Glenn Greenwald and James Ball guardian.co.uk, Thursday 20 June 2013 19.34 BST Jump to comments (1045) The documents show that discretion as to who is actually targeted lies directly with the NSA's analysts. Photograph: Martin Rogers/Workbook Stock/Getty Top secret documents submitted to the court that oversees surveillance by US intelligence agencies show the judges have signed off on broad orders which allow the NSA to make use of information inadvertently collected from domestic US communications without a warrant. The Guardian is publishing in full two documents submitted to the secret Foreign Intelligence Surveillance Court (known as the Fisa court), signed by Attorney General Eric Holder and stamped 29 July 2009. They detail the procedures the NSA is required to follow to target non-US persons under its foreign intelligence powers and what the agency does to minimize data collected on US citizens and residents in the course of that surveillance. The documents show that even under authorities governing the collection of foreign intelligence from foreign targets, US communications can still be collected, retained and used. The procedures cover only part of the NSA's surveillance of domestic US communications. The bulk collection of domestic call records, as first revealed by the Guardian earlier this month, takes place under rolling court orders issued on the basis of a legal interpretation of a different authority, section 215 of the Patriot Act. The Fisa court's oversight role has been referenced many times by Barack Obama and senior intelligence officials as they have sought to reassure the public about surveillance, but the procedures approved by the court have never before been publicly disclosed. The top secret documents published today detail the circumstances in which data collected on US persons under the foreign intelligence authority must be destroyed, extensive steps analysts must take to try to check targets are outside the US, and reveals how US call records are used to help remove US citizens and residents from data collection. However, alongside those provisions, the Fisa court-approved policies allow the NSA to: • Keep data that could potentially contain details of US persons for up to five years; • Retain and make use of inadvertently acquired domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity; • Preserve foreign intelligence information contained within attorney-client communications; • Access the content of communications gathered from U.S. based machine[s] or phone numbers in order to establish if targets are located in the US, for the purposes of ceasing further surveillance. The broad scope of the court orders, and the nature of the procedures set out in the documents, appear to clash with assurances from President Obama and senior intelligence officials that the NSA could not access Americans' call or email information without warrants. The documents also show that discretion as to who is actually targeted under the NSA's foreign surveillance powers lies directly with its own analysts, without recourse to courts or superiors – though a percentage of targeting decisions are reviewed by internal audit teams on a regular basis. Since the Guardian first revealed the extent of the NSA's collection of US communications, there have been repeated calls for the legal basis of the programs to be released. On Thursday, two US congressmen introduced a bill compelling the Obama administration to declassify the secret legal justifications for NSA surveillance. The disclosure bill, sponsored by Adam Schiff, a California Democrat, and Todd Rokita, an Indiana Republican, is a complement to one proposed in the Senate last week. It would increase the transparency of the Fisa Court and the state of the law in this area, Schiff told the Guardian. It would give the public a better understanding of the safeguards, as well as the scope of these programs. Section 702 of the Fisa Amendments Act (FAA), which was renewed for five years last December, is the authority under which the NSA is allowed to collect large-scale data, including foreign communications and also communications between the US and other countries, provided the target is overseas. FAA warrants are issued by the Fisa court for up to 12 months at a time, and authorise the collection of bulk information – some of which can include communications of
Re: [liberationtech] [ZS] ZS encryption standards
- Forwarded message from Bryce Lynch virtualad...@gmail.com - Date: Thu, 20 Jun 2013 14:07:50 -0400 From: Bryce Lynch virtualad...@gmail.com To: doctrinez...@googlegroups.com Subject: Re: [ZS] ZS encryption standards Reply-To: doctrinez...@googlegroups.com On Thu, Jun 20, 2013 at 1:58 PM, Mark Nuzzolilo II nuzz...@gmail.comwrote: I thought you were talking about Pidgin, but this is BitMessage. Sorry. We thought you meant BitMessage. Guess I need to bump the rewrite of the grammar parser up a few priority levels (after milestone three hits the Net). These will be of interest to you: http://pidgin.im/pipermail/devel/2013-February/011140.html https://micahflee.com/2013/02/using-gajim-instead-of-pidgin-for-more-secure-otr-chat/ https://trac.torproject.org/projects/tor/ticket/1676 http://pidgin.10357.n7.nabble.com/OTR-and-general-security-stuff-td124853.html -- The Doctor [412/724/301/703] [ZS] https://drwho.virtadpt.net/ I am everywhere. -- -- Zero State mailing list: http://groups.google.com/group/DoctrineZero --- You received this message because you are subscribed to the Google Groups Doctrine Zero group. To unsubscribe from this group and stop receiving emails from it, send an email to doctrinezero+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] NSA is very likely storing all encrypted communications it is intercepting
http://www.forbes.com/sites/andygreenberg/2013/06/20/leaked-nsa-doc-says-it-can-collect-and-keep-your-encrypted-data-as-long-as-it-takes-to-crack-it/ Leaked NSA Doc Says It Can Collect And Keep Your Encrypted Data As Long As It Takes To Crack It If you use privacy tools, according to the apparent logic of the National Security Agency, it doesn’t much matter if you’re a foreigner or an American: Your communications are subject to an extra dose of surveillance. Since 29-year-old systems administrator Edward Snowden began leaking secret documentation of the NSA’s broad surveillance programs, the agency has reassured Americans that it doesn’t indiscriminately collect their data without a warrant, and that what it does collect is deleted after five years. But according to a document signed by U.S. Attorney General Eric Holder and published Thursday by the Guardian, it seems the NSA is allowed to make ambiguous exceptions for a laundry list of data it gathers from Internet and phone companies. One of those exceptions applies specifically to encrypted information, allowing it to gather the data regardless of its U.S. or foreign origin and to hold it for as long as it takes to crack the data’s privacy protections. The agency can collect and indefinitely keep any information gathered for “cryptanalytic, traffic analysis, or signal exploitation purposes,” according to the leaked “minimization procedures” meant to restrict NSA surveillance of Americans. ”Such communications can be retained for a period sufficient to allow thorough exploitation and to permit access to data that are, or are reasonably believed likely to become, relevant to a future foreign intelligence requirement,” the procedures read. And one measure of that data’s relevance to foreign intelligence? The simple fact that the data is encrypted and that the NSA wants to crack it may be enough to let the agency keep it indefinitely. “In the context of cryptanalytic effort, maintenance of technical data bases requires retention of all communications that are enciphered or reasonably believed to contain secret meaning,” the criteria for the exception reads. “Sufficient duration [for retaining the data] may consist of any period of time during which encrypted material is subject to, or of use in, cryptanalysis.” That encryption exception is just one of many outlined in the document, which also allows NSA to give the FBI and other law enforcement any data from an American if it contains “significant foreign intelligence” information or information about a crime that has been or is about to be committed. Americans’ data can also be held if it’s “involved in the unauthorized disclosure of national security information” or necessary to “assess a communications security vulnerability.” Other “inadvertently acquired” data on Americans can be retained up to five years before being deleted. “Basically we’re in a situation where, if the NSA’s filters for distinguishing between domestic and foreign information stink, it gives them carte blanche to review those communications for evidence of crimes that are unrelated to espionage and terrorism,” says Kevin Bankston, a director of the Free Expression Project at the Center For Democracy and Technology. “If they don’t know where you are, they assume you’re not a US person. The default is that your communicatons are unprotected.” All of those exceptions seem to counter recent statements made by NSA and FBI officials who have argued that any collection of Americans’ data they perform is strictly limited by the Foreign Intelligence Surveillance Act (FISA) Court, a special judiciary body assigned to oversea the National Security Agency. “We get great oversight by all branches of government,” NSA director Alexander said in an on-stage interview at the Aspen Institute last year. “You know I must have been bad when I was a kid. We get supervised by the Defense Departmnet, the Justice Department the White House, by Congress… and by the [FISA] Court. So all branches of government can see that what we’re doing is correct.” But the latest leaked document bolsters a claim made by Edward Snowden, the 29-year-old Booz Allen contractor who has leaked a series of top secret NSA documents to the media after taking refuge in Hong Kong. In a live QA with the public Monday he argued that NSA analysts often make independent decisions about surveillance of Americans not subject to judicial review. “The reality is that…Americans’ communications are collected and viewed on a daily basis on the certification of an analyst rather than a warrant,” Snowden wrote. “They excuse this as ‘incidental’ collection, but at the end of the day, someone at NSA still has the content of your communications.” However, the leaked document doesn’t exactly paint Snowden’s picture of a random NSA analyst determining who is surveilled. The guidelines do state that exceptions have to be “specifically” approved by the “Director (or Acting Director) of
Re: [liberationtech] to encrypt or not to encrypt?
On Fri, Jun 21, 2013 at 06:51:11PM +0200, phryk wrote: On Fri, 21 Jun 2013 11:55:57 -0400 Nadim Kobeissi na...@nadim.cc wrote: The solution to this is to make encryption more and more widely used. By increasing the number of people with access to encryption technology for their communications, we dilute this threat. My thought exactly, just encrypt ALL THE THINGS and let those people deal with humungous amounts of data, most of which will be completely useless even if decrypted. You want it to happen, you get opportunistic encryption to happen on as a low level as possible, on as many devices as possible. Target consumer routers which run Linux or Freedombox-like devices. Sooner or later it will move to Android, other mobiles and desktops. Put it into the application layer. Want an actionable? Figure out how to implement BTNS straight from the RFC. Nobody seems to have bothered, so far. A CS student with basic crypto background could do it. If you have working code, even crappy working code, we have a really good chance to take it from there. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Euclid Analytics
On Fri, Jun 21, 2013 at 10:25:21AM -0700, Matt Johnson wrote: So do we all need to generate random MAC addresses now? I don't think you can do that on an iPhone though. MACs are easy, and they're limited-scope, anyway. Much better would be a daemon that mutates your IMEI on a daily, or hourly basis. This would be limited to rooted devices, and alternative firmware (e.g. CM) which already give you root. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] we don't need no steenkin PRISM
http://timesofindia.indiatimes.com/tech/enterprise-it/security/India-sets-up-nationwide-snooping-programme-to-tap-your-emails-phones/articleshow/20678562.cms India sets up nationwide snooping programme to tap your emails, phones Reuters | Jun 20, 2013, 12.32 PM IST India has launched a wide-ranging surveillance program that will give its security agencies and even income tax officials the ability to tap directly into e-mails and phone calls. Hackers try to break into NIC serversStudy reveals data breach costs for Indian companiesMalicious or criminal attacks cause 37% of data breaches NEW DELHI: India has launched a wide-ranging surveillance program that will give its security agencies and even income tax officials the ability to tap directly into e-mails and phone calls without oversight by courts or parliament, several sources said. The expanded surveillance in the world's most populous democracy, which the government says will help safeguard national security, has alarmed privacy advocates at a time when allegations of massive US digital snooping beyond American shores has set off a global furor. If India doesn't want to look like an authoritarian regime, it needs to be transparent about who will be authorized to collect data, what data will be collected, how it will be used, and how the right to privacy will be protected, said Cynthia Wong, an Internet researcher at New York-based Human Rights Watch. The Central Monitoring System (CMS) was announced in 2011 but there has been no public debate and the government has said little about how it will work or how it will ensure that the system is not abused. The government started to quietly roll the system out state by state in April this year, according to government officials. Eventually it will be able to target any of India's 900 million landline and mobile phone subscribers and 120 million Internet users. Interior ministry spokesman KS Dhatwalia said he did not have details of CMS and therefore could not comment on the privacy concerns. A spokeswoman for the telecommunications ministry, which will oversee CMS, did not respond to queries. Indian officials said making details of the project public would limit its effectiveness as a clandestine intelligence-gathering tool. Security of the country is very important. All countries have these surveillance programs, said a senior telecommunications ministry official, defending the need for a large-scale eavesdropping system like CMS. You can see terrorists getting caught, you see crimes being stopped. You need surveillance. This is to protect you and your country, said the official, who is directly involved in setting up the project. He did not want to be identified because of the sensitivity of the subject. No independent oversight The new system will allow the government to listen to and tape phone conversations, read e-mails and text messages, monitor posts on Facebook, Twitter or LinkedIn and track searches on Google of selected targets, according to interviews with two other officials involved in setting up the new surveillance program, human rights activists and cyber experts. In 2012, India sent in 4,750 requests to Google for user data, the highest in the world after the United States. Security agencies will no longer need to seek a court order for surveillance or depend, as they do now, on internet or telephone service providers to give them the data, the government officials said. Government intercept data servers are being built on the premises of private telecommunications firms. These will allow the government to tap into communications at will without telling the service providers, according to the officials and public documents. The top bureaucrat in the federal interior ministry and his state-level deputies will have the power to approve requests for surveillance of specific phone numbers, e-mails or social media accounts, the government officials said. While it is not unusual for governments to have equipment at telecommunication companies and service providers, they are usually required to submit warrants or be subject to other forms of independent oversight. Bypassing courts is really very dangerous and can be easily misused, said Pawan Sinha, who teaches human rights at Delhi University. In most countries in Europe and in the United States, security agencies were obliged to seek court approval or had to function with legal oversight, he said. The senior telecommunications ministry official dismissed suggestions that India's system could be open to abuse. The home secretary has to have some substantial intelligence input to approve any kind of call tapping or call monitoring. He is not going to randomly decide to tape anybody's phone calls, he said. If at all the government reads your e-mails, or taps your phone, that will be done for a good reason. It is not invading your privacy, it is protecting you and your country, he said. The government has arrested people
[liberationtech] Deterministic builds and software trust [was: Help test Tor Browser!]
- Forwarded message from Mike Perry mikepe...@torproject.org - Date: Tue, 18 Jun 2013 20:54:30 -0700 From: Mike Perry mikepe...@torproject.org To: liberationtech liberationtech@lists.stanford.edu Subject: [liberationtech] Deterministic builds and software trust [was: Help test Tor Browser!] Reply-To: liberationtech liberationtech@lists.stanford.edu Jacob Appelbaum: Hi, I'm really excited to say that Tor Browser has had some really important changes. Mike Perry has really outdone himself - from deterministic builds that allow us to verify that he is honest to actually having serious usability improvements. First, thanks for the praise, Jake! But: I've been meaning to clarify this honesty point for a few days now, and Cooper's similar statement in another thread about security being all about trust reminded me of it. I actually disagree with the underlying assumptions of both points. I didn't spend six agonizing weeks (and counting) getting deterministic builds to work for Tor Browser to prove that I was honest or trustworthy. I did it because I don't believe that software development models based on single party trust can actually be secure against serious adversaries anymore, given the current trends in computer security and cyberwar. For the past several years, we've been seeing a steady increase in the weaponization, stockpiling, and the use of exploits by multiple governments, and by multiple *areas* of multiple governments. This includes weaponized exploits specifically designed to bridge the air gap, by attacking software/hardware USB stacks, disconnected Bluetooth interfaces, disconnected Wifi interfaces, etc. Even if these exploits themselves don't leak (ha!), the fact that they are known to exist means that other parties can begin looking for them. In this brave new world, without the benefit of anonymity to protect oneself from such targeted attacks, I don't believe it is possible to keep a software-based GPG key secure anymore, nor do I believe it is possible to keep even an offline build machine secure from malware injection anymore, especially against the types of adversaries that Tor has to contend with. This means that software development has to evolve beyond the simple models of Trust my gpg-signed apt archive from my trusted build machine, or even projects like Debian going to end up distributing state-sponsored malware in short order. This is where deterministic builds come in: any individual can use our anonymity network to download our source code, verify it against public signed, audited, and mirrored git repositories, and reproduce our builds exactly, without being subject to such targeted attacks. If they notice any differences, they can alert the public builders/signers, hopefully using a pseudonym or our anonymous trac account. This also will eventually allow us to create a number of auxiliary authentication mechanisms for our packages, beyond just trusting the offline build machine and the gpg key integrity. I believe it is important for Tor to set an example on this point, and I hope that the Linux distributions will follow in making deterministic packaging the norm. (Don't despair: it probably won't take 6 weeks per package. Firefox is just a bitch). Otherwise, I really don't think we'll have working computers left in 5-10 years from now :/. I hope to write a longer blog post about this topic on the Tor Blog in the next couple weeks, discussing the dangers of exploit weaponization and the threats it poses to software engineering and software distribution. I'm still mulling over the exact focus and if I should split the two ideas apart, or combine them into one post... Ideas and comments welcome! -- Mike Perry -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] diseconomies of scale
On Mon, Jun 17, 2013 at 02:35:36PM -0400, The Doctor wrote: There is a problem with that: Traffic to and from small providers has to traverse the networks of the tier-II and tier-I providers to go any appreciable distance. We already know that at least some of the peering points are backdoored - Naurus hardware, if I recall IIRC Narus is an FPGA box capable of up to layer 7 passive (maybe active attacks?) sniffing at wire speed (up to TBit/s?). Someone correct me if I remembered wrongly. Notice that at least one leg of your message was protected against passive sniffing by StartTLS: Received: from smtp.stanford.edu (smtp1.Stanford.EDU [171.67.219.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by leitl.org (Postfix) with ESMTPS id 773E55443CC for eu...@leitl.org; Mon, 17 Jun 2013 20:35:45 +0200 (CEST) In case of self-signed certs which secret key was never leaked, according to publicly available inforformation (shops like NSA are definitely somewhat, possibly considerably ahead of nonclassified cryptography state of the art) you need an active (man in the middle) attack to disrupt the session, and get at the message cleartext. Mail transport agents (MTAs, e.g. postfix) can be configured to strictly enforce StartTLS message delivery. correctly. So, even if someone sets up a status.net instance that, let's say for example a subset of this mailing list starts using instead of Twitter because it's smaller, all of that traffic is still probably going to pass through a location that's snaffling copies of every packet. It might not see every bit of traffic to and from that site, but enough traffic might be picked up to get an idea of what's happening there and whether or not a closer look is warranted. Obviously a mailing list is not about keeping secrets. But if an increasing fraction of all network traffic goes dark to passive sniffing this presents a considerable challenge to a global adversary. MITM is expensive, and can be detected (and thus protected against) with finite effort. It is we who make things unnecessarily easy. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] NYT: Obama’s German Storm
On Mon, Jun 17, 2013 at 10:40:23PM +0200, fukami wrote: Hi, it's not the first time I hear or read this from Americans: Many people already gave up discussions about data protection a long time ago. So there seems a lot of hope that Europeans and especially the Germans with their learnings from history of surveillance and strong view on privacy can help fix Americas lost balance. But to be true: I actually don't think that our stupid politicians are really the right people for this (and I also think that the US administration give a f*** what Europeans think or demand). You're falling for bad PR. Particularly Germany does not have full souvereignity, and it specifically shows in it being #6 on the top telecommunication surveillance lists. Rest of the EU is not much different. De facto they're vassals to the US, as long the empire is still functional they'll remain that. Do not look that your politicians tell you (not that they represent you, anyway), and rather judge them by their actions. Look back into the past couple decades, there's your answer already. Notice this list is called liberation technology, not liberation politics. There's a probably reason for that. Still, if the pressure will last longer than the usual couple of days, there is a real change to get some interesting regulations on EU level that could badly influence US internet businesses in Europe - for good in terms of better general data protection for all of us. http://www.nytimes.com/2013/06/18/opinion/global/roger-cohen-obamas-german-storm.html -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Interesting QA
On Tue, Jun 18, 2013 at 12:18:38PM +0300, Michael Azarkevich wrote: Why settle for strong enough? Use the strongest options you have at your disposal. One-time pads are provably strong if done right, but come with considerable usability disadvantages (but are potentially worth it if people's lives are on the line). Moreover, the point was that available encryption is sufficiently strong so that it's being worked around in practice. These are not the droids you're looking for. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Jim Bamford's comments all in one place
http://www.reddit.com/user/JimBamford In case you haven't read his books, go read his books. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] security aspects of OpenQwaq
- Forwarded message from Ron Teitelbaum r...@3dicc.com - Date: Tue, 18 Jun 2013 11:45:07 -0400 From: Ron Teitelbaum r...@3dicc.com To: openq...@googlegroups.com Cc: t...@ritter.vg Subject: RE: [liberationtech] security aspects of OpenQwaq X-Mailer: Microsoft Outlook 14.0 Reply-To: openq...@googlegroups.com Hi Tom, See responses inline below. - Forwarded message from Tom Ritter mailto:t...@ritter.vg t...@ritter.vg - Date: Tue, 18 Jun 2013 09:28:05 -0400 From: Tom Ritter mailto:t...@ritter.vg t...@ritter.vg To: liberationtech mailto:liberationtech@lists.stanford.edu liberationtech@lists.stanford.edu Cc: mailto:zs-...@googlegroups.com zs-...@googlegroups.com, mailto:cypherpu...@al-qaeda.net cypherpu...@al-qaeda.net mailto:cypherpu...@al-qaeda.net cypherpu...@al-qaeda.net, mailto:i...@postbiota.org i...@postbiota.org Subject: Re: [liberationtech] security aspects of OpenQwaq Reply-To: liberationtech mailto:liberationtech@lists.stanford.edu liberationtech@lists.stanford.edu The claim of end to end encryption give me pause, although I'm also not clear on the differences between the products and which claim applies to which. Do they claim the other end is them the provider, or the other user? It gives me pause because 1) They say they use SSL with CA certs. But if Joe the user is an end, how do they give him a public CA cert? TerfT uses SSL much like a web site. Each person connects to a server that is protected using a 3D ICC certificate. The clients are only clients to that connection they are not considered SSL servers. This is the model that most people trust for financial transactions. The issue here is that the client needs to ensure that the DNS is correct. This is not as easy as one might think. There are a number of virus' out there whose sole purpose is to change your DNS settings to forward all of your traffic to a compromised server so that they can track or hack your connections. The other issue is that the certificate needs to be verified. Since we control the software installed on the client we ensure that the certificate is verified. I had not considered doing a DSN verification but it's a good idea, I suppose that I could do a verification much like SSH and give a warning that something changed to prevent DSN subversion, but there are cases where we change servers so we would have to balance ease of use with security. I'll spend some time thinking about it and add DNS subversion to our attack tree so that we don't forget about the problem. 2) Multiparty end to end encryption is... mpOTR (to some extent, it probably doesn't have PFS or repudiation). That's a hard problem. Not saying they couldn't have solved it or made good progress on it, but I am saying I think every cryptographer in this space would be extremely interesting looking at the protocol. This problem is solved by the server component. We handle multiple connections using replicated instructions, but each person is authenticating using a separate connection to a secure server. Users do not connect to other users. (I also don't care for the smaller trend of Free but insecure or pay us for secure!) Sorry but we don't do free. J I didn't say OpenQwaq was insecure. It is not. I consider the threat of MITM rare and the impact for must users negligible. What I said was that we improved the security at 3D ICC. I also said that security can be improved but that was targeted at people interested in running TerfT on SIPRNet or NIPRNet. This is for military users not corporate or casual users. -tom On Jun 17, 2013 10:46 AM, Eugen Leitl mailto:eu...@leitl.org eu...@leitl.org wrote: OpenQwaq is potentially a useful tool for collaboration, especially multimedia (webcam streaming to avatar face, audio (best with USB headset) with ability to instantiate rooms) -- I've seen it scale to groups or 50+ partipants. Collaborative editing is available. We just had a 60 person meeting for the US Army. It was a General briefing. The users were located around the world. We used webcams and video and the meeting went extremely well. All the best, Ron Teitelbaum Head Of Engineering 3d Immersive Collaboration Consulting r...@3dicc.com Follow Me On Twitter: @RonTeitelbaum https://twitter.com/RonTeitelbaum www.3dicc.com http://www.3dicc.com/ 3d ICC on G+ https://plus.google.com/u/0/b/108936249366287171125/108936249366287171125/p osts Disclosure: no commercial relation to 3D ICC, just a happy user of their hosted services. - Forwarded message from Ron Teitelbaum mailto:r...@3dicc.com r...@3dicc.com - Date: Mon, 17 Jun 2013 10:34:41 -0400 From: Ron Teitelbaum mailto:r...@3dicc.com r...@3dicc.com To: mailto:openq...@googlegroups.com openq...@googlegroups.com Subject: RE: security aspects of OpenQwaq X-Mailer
Re: [liberationtech] [tp] NSA flag terms
, interception, COCOT, rhost, rhosts, SETA, Amherst, Broadside, Capricorn, Gamma, Gorizont, Guppy, Ionosphere, Mole, Keyhole, Kilderkin, Artichoke, Badger, Cornflower, Daisy, Egret, Iris, Hollyhock, Jasmine, Juile, Vinnell, B.D.M.,Sphinx, Stephanie, Reflection, Spoke, Talent, Trump, FX, FXR, IMF, POCSAG, Covert Video, Intiso, r00t, lock picking, Beyond Hope, csystems, passwd, 2600 Magazine, Competitor, EO, Chan, Alouette,executive, Event Security, Mace, Cap-Stun, stakeout, ninja, ASIS, ISA, EOD, Oscor, Merlin, NTT, SL-1, Rolm, TIE, Tie-fighter, PBX, SLI, NTT, MSCJ, MIT, 69, RIT, Time, MSEE, Cable Wireless, CSE, Embassy, ETA, Porno, Fax, finks, Fax encryption, white noise, pink noise, CRA, M.P.R.I., top secret, Mossberg, 50BMG, Macintosh Security, Macintosh Internet Security, Macintosh Firewalls, Unix Security, VIP Protection, SIG, sweep, Medco, TRD, TDR, sweeping, TELINT, Audiotel, Harvard, 1080H, SWS, Asset, Satellite imagery, force, Cypherpunks, Coderpunks, TRW, remailers, replay, redheads, RX-7, explicit, FLAME, Pornstars, AVN, Playboy, Anonymous, Sex, chaining, codes, Nuclear, 20, subversives, SLIP, toad, fish, data havens, unix, c, a, b, d, the, Elvis, quiche, DES, 1*, NATIA, NATOA, sneakers, counterintelligence, industrial espionage, PI, TSCI, industrial intelligence, H.N.P., Juiliett Class Submarine, Locks, loch, Ingram Mac-10, sigvoice, ssa, E.O.D., SEMTEX, penrep, racal, OTP, OSS, Blowpipe, CCS, GSA, Kilo Class, squib, primacord, RSP, Becker, Nerd, fangs, Austin, Comirex, GPMG, Speakeasy, humint, GEODSS, SORO, M5, ANC, zone, SBI, DSS, S.A.I.C., Minox, Keyhole, SAR, Rand Corporation, Wackenhutt, EO, Wackendude, mol, Hillal, GGL, CTU, botux, Virii, CCC, Blacklisted 411, Internet Underground, XS4ALL, Retinal Fetish, Fetish, Yobie, CTP, CATO, Phon-e, Chicago Posse, l0ck, spook keywords, PLA, TDYC, W3, CUD, CdC, Weekly World News, Zen, World Domination, Dead, GRU, M72750, Salsa, 7, Blowfish, Gorelick, Glock, Ft. Meade, press-release, Indigo, wire transfer, e-cash, Bubba the Love Sponge, Digicash, zip, SWAT, Ortega, PPP, crypto-anarchy, ATT, SGI, SUN, MCI, Blacknet, Middleman, KLM, Blackbird, plutonium, Texas, jihad, SDI, Uzi, Fort Meade, supercomputer, bullion, 3, Blackmednet, Propaganda, ABC, Satellite phones, Planet-1, cryptanalysis, nuclear, FBI, Panama, fissionable, Sears Tower, NORAD, Delta Force, SEAL, virtual, Dolch, secure shell, screws, Black-Ops, Area51, SABC, basement, data-haven, black-bag, TEMPSET, Goodwin, rebels, ID, MD5, IDEA, garbage, market, beef, Stego, unclassified, utopia, orthodox, Alica, SHA, Global, gorilla, Bob, Pseudonyms, MITM, grey Data, VLSI, mega, Leitrim, Yakima, Sugar Grove, Cowboy, Gist, 8182, Gatt, Platform, 1911, Geraldton, UKUSA, veggie, 3848, Morwenstow, Consul, Oratory, Pine Gap, Menwith, Mantis, DSD, BVD, 1984, Flintlock, cybercash, government, hate, speedbump, illuminati, president, freedom, cocaine, $, Roswell, ESN, COS, E.T., credit card, b9, fraud, assasinate, virus, anarchy, rogue, mailbomb, 888, Chelsea, 1997, Whitewater, MOD, York, plutonium, William Gates, clone, BATF, SGDN, Nike, Atlas, Delta, TWA, Kiwi, PGP 2.6.2., PGP 5.0i, PGP 5.1, siliconpimp, Lynch, 414, Face, Pixar, IRIDF, eternity server, Skytel, Yukon, Templeton, LUK, Cohiba, Soros, Standford, niche, 51, HK, USP, ^, sardine, bank, EUB, USP, PCS, NRO, Red Cell, Glock 26, snuffle, Patel, package, ISI, INR, INS, IRS, GRU, RUOP, GSS, NSP, SRI, Ronco, Armani, BOSS, Chobetsu, FBIS, BND, SISDE, FSB, BfV, IB, froglegs, JITEM, SADF, advise, TUSA, HoHoCon, SISMI, FIS, MSW, Spyderco, UOP, SSCI, NIMA, MOIS, SVR, SIN, advisors, SAP, OAU, PFS, Aladdin, chameleon man, Hutsul, CESID, Bess, rail gun, Peering, 17, 312, NB, CBM, CTP, Sardine, SBIRS, SGDN, ADIU, DEADBEEF, IDP, IDF, Halibut, SONANGOL, Flu, , Loin, PGP 5.53, EGG, AIEWS, AMW, WORM, MP5K-SD, 1071, WINGS, cdi, DynCorp, UXO, Ti, THAAD, package, chosen, PRIME, SURVIAC - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] [tt] WaPo: NSA-proof encryption exists. Why doesn't anyone use it?
would also make it difficult for Google to make money on the service, since it couldn't use the content of messages to target ads. =NH: Instead you need applications on you computer that read files you permit it to read and then have that program run automated google searches for you and report the results to you. If you don't permit your app to read a file by checking the file to block it , then you keep that out of the hands of the private vendors and the government NH// ===NH: Provided you have a fire wall or work off line while your file is in the unencrypted state . Perhaps two physically separate computers [...] one on line one off . Transfer the encrypted file to the off line one ,, un encrypt let your search robot app see what of what files you will then send that portion back to the on line computer via a thumb drive or optical disk . but then you have to be sure you get a clean erase when you are done and want to reuse it , or you simply archive the optical disk transfers to have a secure memory of what you did search for on line. ===NH// P. K. Carlisle LLC 3:54 AM GMT+ One thing that I might do if I worked for the NSA's version of the Department of Dirty Tricks: I would have long ago infected every installer of PGP on every server that I could reach, anywhere in the world (which is a lot of them) to automatically put every computer which installs PGP into the NSA's surveillance net. It is not hard to do when you consider that the NSA interfaces with major software vendors so that a virus NSA created would be sure to stay out of commercial virus scanner definition databases. Also, Stuxnet remained unidentified for a long time even without the cooperation of software security vendors. verdhello 7:39 AM GMT+ Maybe encryption is an overly passive way of dealing with those pesky spy agencies (in the USA and elsewhere). A more proactive approach would be to tackle the agencies head-on. For those who have a mind to, it might involve flooding the internet with emails containing those key words that spy agencies are so drawn to. Words like 'bomb', 'attack', 'terror', etc., etc. It would, of course, require many hundreds of thousands of such emails, but it could be possible given the right political climate - a mass movement of protesters motivated by a major political cause. The effect would be to tie up a spy agency's detection capabilities for a long time. Whether this is technically possible, however, is less important than the realisation that individual citizens are pretty much powerless against the technological intrusiveness of spy agencies. But hundreds of thousands of citizens acting in concert would be a power to reckon with. The internet is a two-way street - and the game can be changed. It has always been citizens versus government. Ogredaddy 1:53 AM GMT+ Face it people, The Patriot Act, along with tweaks and expansions to The Patriot Act, are about as close as the government can get to implementing A General State of Martial Law... with out, you know. really actually, coming out..and...just.SAYING IT! Serega1 6/15/2013 10:39 PM GMT+ Why doesn't everybody use NSA-proof encryption? They don't need it. Snowden did. Technology can protect people from government spying, but they must do their part. Like cars, planes, guns or any other tools end-to-end encryption doesn't work well if people don't understand it. Few people are like Kardashians - most want their private life to be private even if they don't go to the extremes about it. Government snooping does no physical damage, but it's pretty irritating like a nagging wife protecting her marriage. Like ziggyzap 6/15/2013 10:38 PM GMT+ Instead of fooling around with encryption and other methodsl, the best way to deal with NSA snooping is to completely overload the resources of the spies and drive them crazy. Every email should contain a provocative phrase that will trigger an alert at NSA and CIA, such as Kill The President or Nuke The White House or Suicide Bomber Mohammed Farouk Is Going to Blow Up The Golden Gate Bridge and other similar phrases. That will have the NSA weenies being snowed under with emails from everybody and trying to figure out whether any of them are real or not. The same goes for Facebook and Twitter. Users should just tweet the same sort of provocative phrases or paste them on their Facebook walls. Then if they get a visit from the CIA they can tell those jerks that that if they had not been reading their personal mail, then they wouldn't be wasting their time like this. You can beat this intrusiveness by making their lives a complete misery by overloading and hopefully crashing their systems while fooling with their minds. ___ tt mailing list t...@postbiota.org http://postbiota.org/mailman/listinfo/tt - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org
Re: [liberationtech] Oakland Cryptoparty This Sunday at 1pm
On Mon, Jun 17, 2013 at 06:05:47AM -0700, Brian Conley wrote: Until you become a nuisance, at which point the state just requests cancelation/blocking/surveillance of your single static IP address? There are alternative ways to circumvent that (e.g. look at Retroshare, which does not need installations on a server, but will not support email to users outside of the Retroshare network). But, we were talking about good old email. I'm asking, because I'm not clueful on this issue and interested to hear more as you and rich are touting this as all being very easy, which seems unlikely... It depends on whether there are technical users in your organisation, or you can get outside support. I think there would be value in creating a support portal where vetted volunteers would be matched to end users and organisations looking for support. I notice I did not receive answers to my questions yet, so there's little point in digging into all possible branches. (One scenario: in case of end user hosted email, I personally would look into a cheap VMWare box (e.g. HP Microserver, booting free ESXi from the internal USB stick) and deploy a virtual image, e.g. Zimbra -- perhaps someone should look into packaging http://www.zimbra.com/downloads/os-downloads.html into a free VMWare appliance that is easy to deploy even for novice users -- yes, this still will need support, but much less so). Thanks! Brian On Jun 14, 2013 7:03 PM, Eugen Leitl eu...@leitl.org wrote: On Fri, Jun 14, 2013 at 06:41:12PM +0200, Ernad Halilovic wrote: I wanted to ask you if you have any good resources on getting the hardware ready for a complete move of operations out of the cloud. I'm not Rich (who indeed writes great stuff, thanks!), but I would start with seeing whether you could get a public, static IPv4 address from your Internet Service Provider (this is what I do). If you can't, but have spare rackable hardware I would look into finding a suitable cheap colocation space to host it (this I what I do). If you can't, I'd look into renting physical hardware in a suitable jurisdiction (this is what I used to do). Next step would be a virtual server in a suitable jurisdiction (e.g. we picked Iceland). Further steps would depend on answers to above questions. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] security aspects of OpenQwaq
OpenQwaq is potentially a useful tool for collaboration, especially multimedia (webcam streaming to avatar face, audio (best with USB headset) with ability to instantiate rooms) -- I've seen it scale to groups or 50+ partipants. Collaborative editing is available. Disclosure: no commercial relation to 3D ICC, just a happy user of their hosted services. - Forwarded message from Ron Teitelbaum r...@3dicc.com - Date: Mon, 17 Jun 2013 10:34:41 -0400 From: Ron Teitelbaum r...@3dicc.com To: openq...@googlegroups.com Subject: RE: security aspects of OpenQwaq X-Mailer: Microsoft Outlook 14.0 Reply-To: openq...@googlegroups.com Hi Eugen, OpenQwaq uses ARC4 for encryption. All data end to end is encrypted over a single port connection. 3D ICC's Immersive Terf T uses SSL for encryption. It's basically the same model but we've improved it for, security, performance and reliability. All encrypted traffic is susceptible to MITM. SSL helps this considerably by using public certificate authorities to verify the certificates. The trick is to ensure that your DNS is accurate and that all certificates are verified. The open source version of OpenQwaq on the other hand is encrypted without certificates. In either case MITM would leave some significant performance foot prints (this could be improved using hardware) and it would take some engineering to understand our overlay network protocols to make the data useful for an attacker. Are you safe from hackers? Yes I would say that MITM is very unlikey for both OpenQwaq and TerfT. Are you safe from Governments? No. Unlimited access to resources and direct internet filtering could in theory attack the connection using MITM by subverting DNS, using hardware proxies, and forwarding to the server. How safe is it? We have been reviewed by the Federal Reserve Bank in New York and were allowed to have our software installed internally. We have been used by every branch of the military (except the Marines, why I have no idea, except maybe because the Navy used it). We have had significant pentration testing done by some of the largest financial institutions and corporations in the world and have passed. I would say that this puts us in the upper categories of safeness but still below top secret grade*. Hope that helps. All the best, Ron Teitelbaum Head Of Engineering 3d Immersive Collaboration Consulting mailto:r...@3dicc.com r...@3dicc.com Follow Me On Twitter: https://twitter.com/RonTeitelbaum @RonTeitelbaum http://www.3dicc.com/ www.3dicc.com https://plus.google.com/u/0/b/108936249366287171125/108936249366287171125/p osts 3d ICC on G+ * if your organization is interested sponsoring an improvement to our level of our security, 3D ICC is ready, willing and able to improve our security using Common Criteria and Military Information Assurance standards. We can use data centers with certifications in SSAE16 SOC-1 Type II, Federal Information Security Management Act (FISMA), DoD Information Assurance Certification and Accreditation Process (DIACAP). We would be very happy to work with you and your organization to meet your security needs. For more information contact us at i...@3dicc.com. -Original Message- From: openq...@googlegroups.com [mailto:openq...@googlegroups.com] On Behalf Of Eugen Leitl Sent: Monday, June 17, 2013 9:11 AM To: openq...@googlegroups.com Subject: security aspects of OpenQwaq What's the security model of OpenQwaq? How secure is the communication model against passive sniffing? Active traffic manipulation (MITM)? -- You received this message because you are subscribed to the Google Groups OpenQwaq Forum group. To unsubscribe from this group and stop receiving emails from it, send an email to mailto:openqwaq+unsubscr...@googlegroups.com openqwaq+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups OpenQwaq Forum group. To unsubscribe from this group and stop receiving emails from it, send an email to openqwaq+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] How to defend against attacks on chips?
On Mon, Jun 17, 2013 at 08:16:54AM -0700, Andy Isaacson wrote: It's true that in the limit, we can never be sure that a given piece of hardware contains no trojans. However, there are many ways that a trojan could be implemented which could be found with available techniques. It would be extremely enlightening to find one such and publicize it. The next-best thing next to true open hardware with fully verified toolchain is http://en.wikipedia.org/wiki/Lemote which rms happens to use, or used to use. Netbook computers[edit] Yeeloong The Yeeloong netbook computer is intended to be built on free software from the BIOS upwards, and for this reason is used and recommended by Richard Stallman as of January 23, 2010[4] and September 2008.[5] For lower values of professional paranoia (and easier availability) you could probably pick a http://www.coreboot.org/Welcome_to_coreboot supported VIA board with a VIA C7 (with a hardware RNG that is a lot more trustable than Intel's, and also some crypto primitives support) and put FreeBSD or OpenBSD on it. Extra paranoid would keep secrets in an USB dongle (e.g. one from http://shop.kernelconcepts.de/index.php?cPath=1_26 ) Sun released OpenSPARC as source, but unfortunately forgot the crypto primitives. There are some options on http://opencores.org/projects which could eventually result into something deliverable to your FPGA core. So while I agree with your statement that we can never be completely sure, nevertheless building tools and trying them out is a valuable field of study. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Blocking TCP flows?
- Forwarded message from Phil Fagan philfa...@gmail.com - Date: Fri, 14 Jun 2013 13:34:16 -0600 From: Phil Fagan philfa...@gmail.com To: Eric Wustrow ew...@umich.edu Cc: NANOG list na...@nanog.org Subject: Re: Blocking TCP flows? I think we just discussed this over in the huawei list ;-) This is pretty awesome! On Fri, Jun 14, 2013 at 12:30 PM, Eric Wustrow ew...@umich.edu wrote: Oddly enough, anticensorship. We use similar technology as the censors (DPI, flow blocking), but use our system in a non-censoring country's ISP to detect secret tags in connections from censored countries, and serve as a proxy for them. Once we detect a flow with a secret tag passing through the ISP, we block the real flow, and start spoofing half of the connection. We use this covert channel to communicate to the client and act as a proxy. To the censor, this looks like a normal connection to some innocuous, unrelated (and unblocked) website. The obvious difficulty is convincing ISPs to deploy such a proxy. More details can be found at https://telex.cc/ On Fri, Jun 14, 2013 at 3:15 AM, Dobbins, Roland rdobb...@arbor.net wrote: On Jun 14, 2013, at 2:32 AM, Eric Wustrow wrote: I'm looking for a way to block individual TCP flows (5-tuple) on a 1-10 gbps link, with new blocked flows being dropped within a millisecond or so of being added. What's the actual application for this mechanism? --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Luck is the residue of opportunity and design. -- John Milton -- Phil Fagan Denver, CO 970-480-7618 - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] huawei
- Forwarded message from Michael Thomas m...@mtcc.com - Date: Fri, 14 Jun 2013 18:09:40 -0700 From: Michael Thomas m...@mtcc.com To: Scott Helms khe...@zcorum.com Cc: NANOG na...@nanog.org Subject: Re: huawei User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.22) Gecko/20090605 Thunderbird/2.0.0.22 Mnenhy/0.7.5.0 On 06/14/2013 05:34 PM, Scott Helms wrote: Is it possible? Yes, but it's not feasible because the data rate would be too low. That's what I'm trying to get across. There are lots things that can be done but many of those are not useful. I could encode communications in fireworks displays, but that's not effective for any sort of communication system. You're really hung up on bit rate, and you really shouldn't. Back in the days before gigabit pipes, tapping out morse was considered a data rate beyond belief. Ships used flags and signaling lights well into the second world war at least. The higher the value of the information, the lower the bit rate you need to transmit it (I think this might formally be information entropy, but I'm not certain). You might think that there is nothing of particularly high value to be had within the confines of what a (compromised) router can produce, but I'd say prepare to be surprised. I'm not much of a military guy, but some of the stuff they dream up makes you go how on earth did you think that up?. And that's just the unclassified widely known stuff. Part of the issue when you say it could be done cheaper somewhere else presupposes we know the economics of what they're trying to do. We don't, so we should assume that routers just like everything else are a target, and that you almost certainly won't notice it if they are. Mike - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [tt] NSA Prism is motivated in part by fears that environmentally-linked disasters could spur anti-government activism
On Sat, Jun 15, 2013 at 03:10:36AM +0200, Moritz Bartl wrote: On 15.06.2013 02:18, Guido Witmond wrote: The original analysis read to me: We face severe problems that might lead to civil unrest. We need more population control, whatever the price. Now we also have civil unrest due to the population control. We need even more funds. How does population control come into this, and what do you mean by it? Identify potential troublemakers well before the fact, and shortlist them for realtime tracing and total telco tap so that you can see what is brewing, and how to remove them from circulation, if required. Identify patterns of trouble early, in realtime. None of it is specific to the US, Germany is doing it as well. Specificially you should assume you're a target of lawful (or less lawful) telecommunication intercept. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] huawei
- Forwarded message from Scott Helms khe...@zcorum.com - Date: Sat, 15 Jun 2013 07:44:32 -0400 From: Scott Helms khe...@zcorum.com To: Eugen Leitl eu...@leitl.org Cc: NANOG na...@nanog.org Subject: Re: huawei With the CPU and RAM available in a router that has to actually continue functioning at the same time? Exactly how much data through put would you consider to be usable in this scenario? Again, my point is not that its impossible but that all these things are impractical AND there are easier/faster/cheaper ways of capturing traffic. There are also easier/faster/cheaper ways of disrupting traffic. Routers in the core are great places to execute a targeted man in the middle attack. They're great places to disrupt traffic by behaving erratically, intentionally mangling dynamic routing protocols, or by simply going dark. They're terrible places for gathering non-targeted information because the amount of data flowing through them means that that the likelihood of any give packet having any value is very very low. If the goal includes stealing data then leveraging edge routing is much more realistic and leveraging PCs is several orders of magnitude better because there is much more available horsepower and its much easier to make a PC passively listen for interesting data on its own. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Sat, Jun 15, 2013 at 4:12 AM, Eugen Leitl eu...@leitl.org wrote: On Fri, Jun 14, 2013 at 07:51:22PM -0400, Scott Helms wrote: Really? In a completely controlled network then yes, but not in a production system. There is far too much random noise and actual latency for that to be feasible. The coding used for the stegano side channel can be made quite robust, see watermarking. - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Free cryptography I course (courtesy Coursera)
https://www.coursera.org/course/crypto?utm_classid=971022utm_notid=5333944utm_linknum=1 Cryptography I Dan Boneh Learn about the inner workings of cryptographic primitives and how to apply this knowledge in real-world applications! Workload: 5-7 hours/week Watch intro video Sessions: Jun 17th 2013 (6 weeks long)Sign Up Mar 25th 2013 (6 weeks long)Sign Up Future sessions Add to Watchlist About the Course Cryptography is an indispensable tool for protecting information in computer systems. This course explains the inner workings of cryptographic primitives and how to correctly use them. Students will learn how to reason about the security of cryptographic constructions and how to apply this knowledge to real-world applications. The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. We will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two or more parties generate a shared secret key. We will cover the relevant number theory and discuss public-key encryption and basic key-exchange. Throughout the course students will be exposed to many exciting open problems in the field. The course will include written homeworks and programming labs. The course is self-contained, however it will be helpful to have a basic understanding of discrete probability theory. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Oakland Cryptoparty This Sunday at 1pm
On Fri, Jun 14, 2013 at 12:11:34AM -0700, William Gillis wrote: Now that everyone knows about the NSA isn't it time you tackled setting up PGP? If it's not transparent, Johny User will eventually drop it. Before you do that, rather enable StartTLS on your mail transport agent (e.g. postfix). And then install email encryption gateways http://www.postfix.org/addon.html#security-gateway https://code.google.com/p/gpg-mailgate/ After you have done that, you can turn to PGP/SMIME for end user MUAs. Are you or friends you know looking to adopt bread and butter encryption tools online and on your phone? Could you use folks to show the way, lend a hand, answer questions, or offer explanations? Drop by Sudoroom (2141 Broadway, Oakland CA) between 1pm and 4:30pm this Sunday the 16th! The NSA leaks provide most folks with a rare impetus to slog though installing and getting up to speed on the basics. If you can merely handle showing random people off the street one-on-one how to download textsecure from google's appstore, you're golden, we want you to come hang with us and potentially save people's lives, certainly their privacy. Think impromptu demonstrations, one-on-one help and informal presentations. https://sudoroom.org/ai1ec_event/digital-security-workshop/?instance_id -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] U.S. Agencies Said to Swap Data With Thousands of Firms
http://www.bloomberg.com/news/2013-06-14/u-s-agencies-said-to-swap-data-with-thousands-of-firms.html U.S. Agencies Said to Swap Data With Thousands of Firms By Michael Riley - Jun 14, 2013 4:44 AM GMT+0200 Thousands of technology, finance and manufacturing companies are working closely with U.S. national security agencies, providing sensitive information and in return receiving benefits that include access to classified intelligence, four people familiar with the process said. These programs, whose participants are known as trusted partners, extend far beyond what was revealed by Edward Snowden, a computer technician who did work for the National Security Agency. The role of private companies has come under intense scrutiny since his disclosure this month that the NSA is collecting millions of U.S. residents’ telephone records and the computer communications of foreigners from Google Inc (GOOG). and other Internet companies under court order. Microsoft Corp., the world’s largest software company, provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix, according to two people familiar with the process. Photographer: Scott Eells/Bloomberg June 14 (Bloomberg) -- Ronny Tong, a member of the Hong Kong Legislative Council and a practicing barrister, talks about Edward Snowden, the former national security contractor who has admitted leaked details of a U.S. electronic surveillance program. He speaks with Rishaad Salamat on Bloomberg Television's On the Move. (Source: Bloomberg) In addition to private communications, information about equipment specifications and data needed for the Internet to work -- much of which isn’t subject to oversight because it doesn’t involve private communications -- is valuable to intelligence, U.S. law-enforcement officials and the military. Photographer: Jacob Kepler/Bloomberg Larry Page, chief executive officer of Google Inc., said in a blog posting June 7 that he hadn’t heard of a program called Prism until after Edward Snowden’s disclosures and that the company didn’t allow the U.S. government direct access to its servers or some back-door to its data centers. Photographer: Robert Galbraith/Pool via Bloomberg Many of these same Internet and telecommunications companies voluntarily provide U.S. intelligence organizations with additional data, such as equipment specifications, that don’t involve private communications of their customers, the four people said. Makers of hardware and software, banks, Internet security providers, satellite telecommunications companies and many other companies also participate in the government programs. In some cases, the information gathered may be used not just to defend the nation but to help infiltrate computers of its adversaries. Along with the NSA, the Central Intelligence Agency (0112917D), the Federal Bureau of Investigation and branches of the U.S. military have agreements with such companies to gather data that might seem innocuous but could be highly useful in the hands of U.S. intelligence or cyber warfare units, according to the people, who have either worked for the government or are in companies that have these accords. Microsoft Bugs Microsoft Corp. (MSFT), the world’s largest software company, provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix, according to two people familiar with the process. That information can be used to protect government computers and to access the computers of terrorists or military foes. Redmond, Washington-based Microsoft (MSFT) and other software or Internet security companies have been aware that this type of early alert allowed the U.S. to exploit vulnerabilities in software sold to foreign governments, according to two U.S. officials. Microsoft doesn’t ask and can’t be told how the government uses such tip-offs, said the officials, who asked not to be identified because the matter is confidential. Frank Shaw, a spokesman for Microsoft, said those releases occur in cooperation with multiple agencies and are designed to be give government “an early start” on risk assessment and mitigation. Willing Cooperation Some U.S. telecommunications companies willingly provide intelligence agencies with access to facilities and data offshore that would require a judge’s order if it were done in the U.S., one of the four people said. In these cases, no oversight is necessary under the Foreign Intelligence Surveillance Act, and companies are providing the information voluntarily. The extensive cooperation between commercial companies and intelligence agencies is legal and reaches deeply into many aspects of everyday life, though little of it is scrutinized by more than a small number of lawyers, company leaders and spies. Company executives are motivated by a desire to help the national defense as well as to help their own companies, said the people, who are familiar
Re: [liberationtech] Secure and Cheap Provider in Sweden or Iceland?
On Thu, Jun 13, 2013 at 02:51:05PM -0400, Lorenzo Franceschi Bicchierai wrote: Hey guys, In lieu of the recent NSA leaks, I'm going to transfer my website to a new provider in either Sweden or Iceland (because well, you never know). Griffin Boyce suggested I use moln.is, do you guys have any other 1984.is is another option. suggestion? Any other kind of advice? We need something like Tahoe LAFS as a backend that scales, and has a way to find your content without resorting to DNS centralism. The only way to avoid censorship and surveillance long-term is to access something that starts with localhost, a weird port, and has a longish cryptohash postfixed (perhaps prettified with a P2P name resolution, or foundable with a distributed P2P search engine indexing that particular darknet). It's a hard problem, but not unsolvable one. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] [tt] NSA Prism is motivated in part by fears that environmentally-linked disasters could spur anti-government activism
http://www.guardian.co.uk/environment/earth-insight/2013/jun/14/climate-change-energy-shocks-nsa-prism Pentagon bracing for public dissent over climate and energy shocks NSA Prism is motivated in part by fears that environmentally-linked disasters could spur anti-government activism US domestic surveillance has targeted anti-fracking activists across the country. Photograph: Les Stone/REUTERS Top secret US National Security Agency (NSA) documents disclosed by the Guardian have shocked the world with revelations of a comprehensive US-based surveillance system with direct access to Facebook, Apple, Google, Microsoft and other tech giants. New Zealand court records suggest that data harvested by the NSA's Prism system has been fed into the Five Eyes intelligence alliance whose members also include the UK, Canada, Australia and New Zealand. But why have Western security agencies developed such an unprecedented capacity to spy on their own domestic populations? Since the 2008 economic crash, security agencies have increasingly spied on political activists, especially environmental groups, on behalf of corporate interests. This activity is linked to the last decade of US defence planning, which has been increasingly concerned by the risk of civil unrest at home triggered by catastrophic events linked to climate change, energy shocks or economic crisis - or all three. Just last month, unilateral changes to US military laws formally granted the Pentagon extraordinary powers to intervene in a domestic emergency or civil disturbance: Federal military commanders have the authority, in extraordinary emergency circumstances where prior authorization by the President is impossible and duly constituted local authorities are unable to control the situation, to engage temporarily in activities that are necessary to quell large-scale, unexpected civil disturbances. Other documents show that the extraordinary emergencies the Pentagon is worried about include a range of environmental and related disasters. In 2006, the US National Security Strategy warned that: Environmental destruction, whether caused by human behavior or cataclysmic mega-disasters such as floods, hurricanes, earthquakes, or tsunamis. Problems of this scope may overwhelm the capacity of local authorities to respond, and may even overtax national militaries, requiring a larger international response. Two years later, the Department of Defense's (DoD) Army Modernisation Strategy described the arrival of a new era of persistent conflict due to competition for depleting natural resources and overseas markets fuelling future resource wars over water, food and energy. The report predicted a resurgence of: ... anti-government and radical ideologies that potentially threaten government stability. In the same year, a report by the US Army's Strategic Studies Institute warned that a series of domestic crises could provoke large-scale civil unrest. The path to disruptive domestic shock could include traditional threats such as deployment of WMDs, alongside catastrophic natural and human disasters or pervasive public health emergencies coinciding with unforeseen economic collapse. Such crises could lead to loss of functioning political and legal order leading to purposeful domestic resistance or insurgency... DoD might be forced by circumstances to put its broad resources at the disposal of civil authorities to contain and reverse violent threats to domestic tranquility. Under the most extreme circumstances, this might include use of military force against hostile groups inside the United States. Further, DoD would be, by necessity, an essential enabling hub for the continuity of political authority in a multi-state or nationwide civil conflict or disturbance. That year, the Pentagon had begun developing a 20,000 strong troop force who would be on-hand to respond to domestic catastrophes and civil unrest - the programme was reportedly based on a 2005 homeland security strategy which emphasised preparing for multiple, simultaneous mass casualty incidents. The following year, a US Army-funded RAND Corp study called for a US force presence specifically to deal with civil unrest. Such fears were further solidified in a detailed 2010 study by the US Joint Forces Command - designed to inform joint concept development and experimentation throughout the Department of Defense - setting out the US military's definitive vision for future trends and potential global threats. Climate change, the study said, would lead to increased risk of: ... tsunamis, typhoons, hurricanes, tornadoes, earthquakes and other natural catastrophes... Furthermore, if such a catastrophe occurs within the United States itself - particularly when the nation's economy is in a fragile state or where US military bases or key civilian infrastructure are broadly affected - the damage to US security could be considerable. The study also warned of a possible shortfall in global oil output by
Re: [liberationtech] Oakland Cryptoparty This Sunday at 1pm
On Fri, Jun 14, 2013 at 08:04:24AM -0700, Matt Johnson wrote: Eugen, I don't think MTA configuration will help the target audience of the cryptoparties. I doubt many of them run their own mail servers. Relying on your ISP-issued relay or your mail provider's SMTP provides a convenient one-stop shop for information collection. It is definitely possible and desirable for small organisations and groups of users to run their own SMTP servers, and potentially also IMAP servers. All it takes is a static IP address which is not on the usual blacklists. We must get users out of the cloud. I believe they are targeting end user client machines. Of course you are right that many users will stop using it if it is difficult. The idea of the cryptoparty, as I understand it, it to help those users. This way more people learn how to use cryptography and the the people who write the cryptography software may learn what is difficult for end users. Your dismissive attitude will not help, the cryptoparty might. My or your attitude will not change the fact that use of GNUPG in MUA will not happen on a large scale. Nor will any amount of cryptoparties. Even the developers of GNUPG are of the opinion, which why they've been pushing towards STEED http://g10code.com/steed.html which obviously has one giant cloven hoof speaking against it: DNS. Now, they have *two* problems, not one. StartTLS already secures order of magnitude more traffic than PGP in MUAs or PGP gateways ever will (look into this message's rich headers, chances are, you're already secure along some part of transport way without being even aware of it). And of course it's fully compaptible with VPNs, or GNUPG or whatever have you. -- Matt Johnson On Fri, Jun 14, 2013 at 12:56 AM, Eugen Leitl eu...@leitl.org wrote: On Fri, Jun 14, 2013 at 12:11:34AM -0700, William Gillis wrote: Now that everyone knows about the NSA isn't it time you tackled setting up PGP? If it's not transparent, Johny User will eventually drop it. Before you do that, rather enable StartTLS on your mail transport agent (e.g. postfix). And then install email encryption gateways http://www.postfix.org/addon.html#security-gateway https://code.google.com/p/gpg-mailgate/ After you have done that, you can turn to PGP/SMIME for end user MUAs. Are you or friends you know looking to adopt bread and butter encryption tools online and on your phone? Could you use folks to show the way, lend a hand, answer questions, or offer explanations? Drop by Sudoroom (2141 Broadway, Oakland CA) between 1pm and 4:30pm this Sunday the 16th! The NSA leaks provide most folks with a rare impetus to slog though installing and getting up to speed on the basics. If you can merely handle showing random people off the street one-on-one how to download textsecure from google's appstore, you're golden, we want you to come hang with us and potentially save people's lives, certainly their privacy. Think impromptu demonstrations, one-on-one help and informal presentations. https://sudoroom.org/ai1ec_event/digital-security-workshop/?instance_id -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Secure and Cheap Provider in Sweden or Iceland?
On Fri, Jun 14, 2013 at 01:32:14PM -0400, Griffin Boyce wrote: The Doctor dr...@virtadpt.net wrote: 1984.is have been very helpful to colleagues of mine. The boxen over there are said to be very stable. The only downside with 1984 is they require you to order an annual subscription, rather than monthly. Are you sure about that? Ours can be canceled monthly. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [Freedombox-discuss] BTNS on Freedombox
Any Debian developers listening? - Forwarded message from Jonas Smedegaard d...@jones.dk - Date: Thu, 13 Jun 2013 01:28:18 +0200 From: Jonas Smedegaard d...@jones.dk To: Eugen Leitl eu...@leitl.org, freedombox-disc...@lists.alioth.debian.org Subject: Re: [Freedombox-discuss] BTNS on Freedombox User-Agent: alot/0.3.4 Quoting Eugen Leitl (2013-06-12 20:47:07) On Wed, Jun 12, 2013 at 07:48:30PM +0200, Jonas Smedegaard wrote: Quoting Eugen Leitl (2013-06-12 17:46:54) Do you see why IPv4/IPv6 BTNS wouldn't be a good out-of-the box feature for the Freedombox? Uhm, could you please elaborate a bit on that? Bitch That Need Slappin' and Toolbar Control and Button Styles are some of the options coming up when I try figure out the meaning of that acronym. Oh, right. I always thought that acronym was rather unfortunate. It's Better Than Nothing Security, http://tools.ietf.org/html/rfc5386 an opportunistic encryption IPsec mode that omits authentication, and hence the whole PKI/DNS key publishing overhead. The result is resistant to passive taps, but not active (MITM) traffic tampering on the wire (which is great, since latter is expensive, and forces you to show your hand, and hence is detectable in principle, which ups the stakes in the game). There are already some implementations, albeit labeled experimental. It could be a low-work way to make a lot of traffic go dark, and annoy some professionals. Thanks for clarifying. Sounds cool, but also sounds like something that needs maturing. FreedomBox is a server engineered by us geeks to be owned fully by non-geeks, and therefore have *no* system administrator. That means there is even less room for failure than the servers we run ourselves. I strongly believe that any and all pieces that we put into FreedomBox should already be in common use among geeks. Eat our own dog food, so to speak. To me that means we can *only* include in FreedomBox what is in Debian. So way forward for this is to get it into Debian. If it is patches to kernel drivers then work with Linux upstream to get the code into mainline branch, as it is highly unlikely that the Debian kernel team will be convinced to take the burden of maintaining it on their own. If it is patches to ipsec or another independent tool then file bugreports against the relevant package if/when mature enough for production use. Parallel to that, it might make sense already now to jot it onto one of the wiki pages for FreedomBox, for tracking its progress. But beware that FreedomBox wiki pages is *not* progress, only monitoring - always need action elsewhere to be of use. Hope that helps, - Jonas -- * Jonas Smedegaard - idealist Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Guardian reporter delayed e-mailing NSA source because crypto is a pain
On Wed, Jun 12, 2013 at 06:15:30AM -0400, Sheila Parks wrote: Why not use her instead of his? Using his in 2013 is, indeed, misogyny List moderator, please control this before it completely goes out of hand. People are trying to get work done here, and this is not helping. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [cryptography] New Anonymity Network for Short Messages
- Forwarded message from James A. Donald jam...@echeque.com - Date: Wed, 12 Jun 2013 15:45:16 +1000 From: James A. Donald jam...@echeque.com To: cryptogra...@randombit.net Subject: Re: [cryptography] [liberationtech] New Anonymity Network for Short Messages User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20130509 Thunderbird/17.0.6 Reply-To: jam...@echeque.com On 2013-06-12 1:09 PM, Peter Gutmann wrote: Eugen Leitl eu...@leitl.org either writes or quotes: - Forwarded message from Sean Cassidy sean.a.cass...@gmail.com - - Any specific reason you picked CTR? CTR is widely recommended. Cryptography Engineering specifically recommends it. Who recommends it (apart from CE?). I've seen it warned about in a number of places, and I recommend (strongly) against it in my (still in-progress) book. It's the most dangerous encryption mode since RC4. More specifically, it's RC4 all over again. There's a reason why that was dropped almost everywhere, for example the SDL explicitly bans it, and there's even a Visual Studio tool that scans your code and complains about its use. I don't see this. The problem, as with RC4, is if you re-use your counter. Is there any encryption mode that works if you use it wrong? ___ cryptography mailing list cryptogra...@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [cryptography] New Anonymity Network for Short Messages
- Forwarded message from Wasa wasabe...@gmail.com - Date: Wed, 12 Jun 2013 15:32:02 +0100 From: Wasa wasabe...@gmail.com To: cryptogra...@randombit.net Subject: Re: [cryptography] [liberationtech] New Anonymity Network for Short Messages User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130510 Thunderbird/17.0.6 On 12/06/13 07:27, Eugen Leitl wrote: Additionally to this, CTR allows bit-level maleability of the cleartext: a bit flipped in a CTR cipherstream translates into a bit flipped in the cleartext. all encryption modes usually provide confidentiality BUT NOT integrity. They have been designed to be CPA secure; not CCA secure. That's why u usually use a MAC along with it... it has nothing to do with CTR... The mode that provides both is CGM In fact, if there are regions of known cleartext (such as zeroes) the adversary can do things like encode the originating IP in the cleartext simply by XORing it into the cipherstream. in CBC if u select the IV incorrectly u also leak info. CBC is only CPA secure IFF the IVs are unpredictable. This property can cause problems if you perform any operations before checking the MAC (like evaluating a weak CRC to decide to forward the message or not). This is also irrelevant. it's got nothing to do with CTR or other modes of encryption; this is all about how u perform authenticated encryption: u should do encrypt-then-mac rather than something else. if u want simple primitives to work with; u can have a look at http://nacl.cr.yp.to/ : implemented by cryptographers. ___ cryptography mailing list cryptogra...@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [ipv6hackers] opportunistic encryption in IPv6
- Forwarded message from Tim tim-secur...@sentinelchicken.org - Date: Wed, 12 Jun 2013 09:34:11 -0700 From: Tim tim-secur...@sentinelchicken.org To: IPv6 Hackers Mailing List ipv6hack...@lists.si6networks.com Subject: Re: [ipv6hackers] opportunistic encryption in IPv6 User-Agent: Mutt/1.5.20 (2009-06-14) Reply-To: IPv6 Hackers Mailing List ipv6hack...@lists.si6networks.com Hi guys, Long time lurker, seldom poster. I've read through this whole thread to date and just want to make a couple of comments. I'm reasonably sure that there is a potentially huge demand for passive attack protection for end users and enterprises. If this could be package-ready for Linux or FreeBSD then eventual deployment numbers could be considerable. Here, I just don't understand the logic. To me, encrypting without authenticating buys you absolutely nothing, except to burn CPU cycles and contribute to global warming. In the *vast* majority of networking technology we use, modifying data in transit is just as easy as passively reading data in transit, within a constant factor. (That is, in a big-O sense, these are the same difficulty.) S many different attempts at creating encryption protocols have utterly failed, and in most cases, it is because the designers have put the cart before the horse. They've started with the easy encryption problem rather than addressing the hard authentication problem. Indeed, you may be able to convince the world at some point to adopt opportunisitic encryption without authentication, since so many people don't understand that it doesn't buy you anything. But then they'll be shocked when the first guy writes and releases a MitM tool for it. Now, does this mean authentication is a black-and-white matter? No. Currently the whole world relies on SSL/TLS's PKI, which has been shown to be quite weak, especially in the face of government meddling. The ways in which SSL/TLS is used adds more weaknesses. But at some level, we get by. It is ok, to have weak authentication so long as you have a way to gradually build the trust of an entity's identity from that. As an aside: the idea embodied in CGAs is a powerful one: By making my address my key (signature), I'm implicitly binding my key to my protocol. However, CGAs address this problem at network layer, not at the human layer. So all it takes to bypass it is to MitM the protocol that hands out addresses for hosts. However, as a building block, it could be useful. Also, for those who aren't familiar with it, I strongly urge you to read up on Identity Based Encryption, where any string can be a public key, within a predefined authentication realm. Regarding the earlier comparison of different PKIs, I think we need something that merges some of the concepts of webs of trust with what we're using right now in the TLS PKI. Let me throw out an outline of what I think would work better and has a chance at adoption: - Certificates can be signed by multiple CAs. The number and quality of signatures determines the level of trust of a certificate. - The act of communicating with a node causes their key (or CA's key) to be signed and that signature to be published automatically. The logic is, if you trusted a node's identity once, then you should share the knowledge of that trust. This publishing process needs to be anonymized somehow. There needs to be incentives for publishing (think bitcoin). - Not everyone is a CA. Perhaps each major organization would act as a CA and sign certificates of other CAs. Users would leverage their org's trust network and not need to deal with signing at and endpoint level, though their own org would be aware of transactions with new external entities and autosign as necessary. Many of these ideas have obviously been proposed before and my outline is very generic, but meant as a starting point for discussion. Also, I realize that I've veered away from IPv6 specifically, but I think any discussion of authentication needs to start with people, not protocols, and then trickle down to the protocol level, not the other way around. Cheers, tim ___ Ipv6hackers mailing list ipv6hack...@lists.si6networks.com http://lists.si6networks.com/listinfo/ipv6hackers - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [cryptography] [ipv6hackers] opportunistic encryption in IPv6
- Forwarded message from Will Yager will.ya...@gmail.com - Date: Wed, 12 Jun 2013 11:08:27 -0500 From: Will Yager will.ya...@gmail.com To: cryptogra...@randombit.net Subject: Re: [cryptography] [ipv6hackers] opportunistic encryption in IPv6 X-Mailer: iPhone Mail (10B146) The process of randomly generating and calculating a public key for every brute-force attempt will slow the process considerably. However, for further key stretching, perhaps many iterations of SHA-* et al. is not the best option. Since web servers may be processing thousands of new connections per second, thousands of iterations of SHA and co. per connection may be prohibitively time-intensive for servers to implement. At the same time, attackers with GPUs/FPGAs/ASICs will have an advantage of several orders of magnitude. Perhaps in this case, it would be wise to leverage a universally slow algorithm like Scrypt. It's not more difficult to implement than SHA et al. but it's slower to brute-force with dedicated crypto hardware. On Jun 12, 2013, at 5:21, Eugen Leitl eu...@leitl.org wrote: - Forwarded message from Jim Small jim.sm...@cdw.com - Date: Wed, 12 Jun 2013 03:31:10 + From: Jim Small jim.sm...@cdw.com To: IPv6 Hackers Mailing List ipv6hack...@lists.si6networks.com Subject: Re: [ipv6hackers] opportunistic encryption in IPv6 Reply-To: IPv6 Hackers Mailing List ipv6hack...@lists.si6networks.com Here's an interesting question more relevant to the list and the paper though - are IPv6 CGAs useful? It seems like SeND is dead. But does anyone on the list think that CGAs could provide a useful competitive advantage for IPv6 over IPv4? Are these a useful building block? I believe CGAs solves PKI problem entirely. If using CGAs one does not need any PKI or CA certificate at all. True as long as you don't need authentication. But I have to concede, the whole point of OE is just to encrypt the traffic. Each node having CGA can give self signed certificate. The certificate is used only to extract public key (PK), modifier, collision counter and any extension fields. Extracted information can be used to verify that host address is valid CGA with the given public key. Next step is symmetric key negotiation. If during key negotiation messages are encrypted with the specified public key then only node having the corresponding private key can decrypt key negotiation messages. This step ensures that MITM is not possible if you are using CGA generated not from your own public/private key pair. If you use your own public/private keys then you no longer can easily choose your address. If using CGA+IPSEC then IKE daemon can do the key negotiation part when given authenticated public key. In SEND PKI is used only to protect from rogue routers. Only certificates signed by the CA should be able to send router advertisements. TLDR: For address authentication (protection against MITM) when using CGA no PKI is needed. Per RFC 3972, CGAs are not certified. I read the RFC as assuming a strong hash and secure private key, once someone uses a CGA someone else can't hijack/impersonate that address. So they are great for unauthenticated encryption. CGAs is holy grail for opportunistic encryption. Node can immediately start using opportunistic encryption by generating self signed certificate and CGA. One thing I wonder about is a 64 bit hash is pretty small - I wonder if that is sufficiently complex to provide security for the coming decade+? When generating CGA you can choose security level which allows to slow down brute force attacks (search for modifiers which would generate specific CGA address). Security level is encoded in the first three bits of the address. Because of that CGAs with lower security does not overlap with stronger CGAs. True, but I wonder how well this fairs against modern massive parallel GPU crackers. SHA-1 is a weak hash. Would be nice to see an update using SHA-2/SHA-3 and to mandate longer key lengths - say = 2048 bits. Otherwise doesn't it seem like we're going down the WEP path again? Still - it's a great point, CGAs do seem well suited for OE if you can live with the limitations. Is there anything that currently supports this? I'm wondering how much IPv6 market value this has... --Jim ___ Ipv6hackers mailing list ipv6hack...@lists.si6networks.com http://lists.si6networks.com/listinfo/ipv6hackers - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 ___ cryptography mailing list cryptogra...@randombit.net http://lists.randombit.net/mailman/listinfo
Re: [liberationtech] nettime dark days
- Forwarded message from Eric Beck ersatz...@gmail.com - Date: Wed, 12 Jun 2013 10:41:48 -0500 From: Eric Beck ersatz...@gmail.com To: nettim...@kein.org Subject: Re: nettime dark days On Wednesday, June 12, 2013, Keith Hart wrote: European governments are challenging the Obama administration, If this is your bulwark against the dark days, I'd consider embracing despair. The European states might talk a good game--like they did before the second Iraq war--but both the demands of conjunctural geopolitics and the dynamics of statecraft would seem to dictate that they are much more likely to go along to get along, after registering their pro forma dissents. This paragraph from a Der Spiegel article on US data retrieval and storage indicates why: The NSA is a useful partner for German authorities. The director of the NSA, four-star General Keith Alexander, regularly receives delegations from Germany at his headquarters at Fort Meade. These meetings are generally constructive, in part because the pecking order is clear: The NSA nearly always knows much more, while the Germans act as assistants. the response within the US will be heavier. So far, not really. The polls released indicate that USers are mostly okay with what the NSA has done, or what's been revealed of it so far. More relevantly, the impulse among those who were potentially part of the heavy response has been to protect the Democratic president and slander Snowden/Greenwald. That in itself is bad enough, but that it's been carried out in ways that hew closely to ideas about criminal subjectivity (if you have nothing to hide, you don't need to worry) and the sanctity of the nation (Snowden is a traitor!) suggests that the circle drawn around the sovereign is pretty tight and fierce. Is it better not to know that to know the extent of the surveillance state? Of course, with the provisos that the leaks don't reveal the extent and that knowledge is not the same as escape. It's also possible that such knowledge has a chilling effect. The Panopticon set up the technology for complete surveillance, but part of its rationale was that prisoners never really knew when they were being watched, creating a sort of self-management and -regulation among them. Once in awhile, it's effective for the spied-upon to be reminded they are being spied upon. None of this is meant to predict the future (though I feel sure the first two points I made here will continue to be true), but to question landing on the side of either optimism or despair. It gives them too much credit to declare ahead of time that change is dependent on crisis *or* plenitude. # distributed via nettime: no commercial use without permission # nettime is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: http://mx.kein.org/mailman/listinfo/nettime-l # archive: http://www.nettime.org contact: nett...@kein.org - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Boundless Informant: the NSA's secret tool to track global surveillance data
On Mon, Jun 10, 2013 at 10:27:33PM +0200, Guido Witmond wrote: The big deal is that now it's become impossible to believe the lies, and that you [Americans] are forced to accept the truth. Reality check: https://twitter.com/_nothingtohide http://www.people-press.org/2013/06/10/majority-views-nsa-phone-tracking-as-acceptable-anti-terror-tactic/ No further questions, your honor. And truth hurts! Especially when you want to believe the lies. Wanting to believe is easier than facing the truth, even when deep in your heart you've known the truth for a long time. Now is the time to come clear with your conscience, end this abusive relationship and kick the abusive partner out of your life. (ie: repeal the unjust laws.) Realistically, we should be thankful for this brief flash of interest (already waning) and use it to reignite interest in stalled projects. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] PRISM: NSA/FBI Internet data mining project
- Forwarded message from Scott Weeks sur...@mauigateway.com - Date: Mon, 10 Jun 2013 16:36:32 -0700 From: Scott Weeks sur...@mauigateway.com To: na...@nanog.org Subject: RE: PRISM: NSA/FBI Internet data mining project Reply-To: sur...@mauigateway.com Funny, sort of. The guy was residing in Hawaii. Apologies for the long URLs... Report: NSA contract worker is surveillance source: http://thegardenisland.com/news/state-and-regional/report-nsa-contract-worker-is-surveillance-source/article_2a88ec60-f99c-54a7-8c13-13f6852ccca6.html Hawaii real estate agent: Snowden left on May 1: http://thegardenisland.com/news/state-and-regional/hawaii-real-estate-agent-snowden-left-on-may/article_099ec0db-a823-56a0-8471-af8d7ef16e1b.html funny as well! NSA claims know-how to ensure no illegal spying: http://thegardenisland.com/news/state-and-regional/nsa-claims-know-how-to-ensure-no-illegal-spying/article_ec623964-d23a-53c6-aeb0-14bf325a7f3c.html scott - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [ipv6hackers] opportunistic encryption in IPv6
- Forwarded message from Jim Small jim.sm...@cdw.com - Date: Tue, 11 Jun 2013 01:02:54 + From: Jim Small jim.sm...@cdw.com To: IPv6 Hackers Mailing List ipv6hack...@lists.si6networks.com Subject: Re: [ipv6hackers] opportunistic encryption in IPv6 Reply-To: IPv6 Hackers Mailing List ipv6hack...@lists.si6networks.com Hi Owen, The fundamental challenge for encryption is key distribution and management: * How do I authenticate the intended recipient(s)? This is a traditional challenge with many traditional solutions, all of which have tradeoffs, especially in M2M communications. * How do I distribute a key without letting anyone except the intended recipient(s) get it? DH pretty well solves this, no? Yes and no. DH is a good answer, but IKE/IPsec still requires pre-shared keys or RSA key pairs to start with. So I think there would be some value in a keying system that allows some kind of controlled federation without having to depend on pre-shared keys, PKI, or DNSSec. * How do I manage the key to periodically change it while keeping it confidential? Again, DH with PFS makes this a solved problem AFAIK. True - but only after the initial hurdle of having a pre-shared key or RSA key pair. * How do I notify the recipient if the key was compromised or is otherwise invalid? This doesn't seem all that hard so long as a rekey instruction is built into the protocol. I believe that's already the case with IPSEC SAs, no? Well - if we take DH, it's true once we've established a connection. What about if we haven't? Really the question I'm asking - if we have two independent parties, how do they validate each other without a trusted 3rd party? Current options: * pre-shared keys (but not scalable and keys tend to be weak to make it easy to share - keys are rarely if ever rotated) * PKI - good but complex and as Moxie Marlinspike has demonstrated with others many flaws, abused by governments * DNSSec - interesting one to watch but not really ready for wide spread use yet, needs greater adoption * Manual/3rd party CA - possible if one party trusts the other or in a service provider scenario Did I miss any viable wide spread options? I know there are lots of theoretical ones but I'm talking about significantly deployed ones - say used by at least 1 million parties. Vs. this paper, I think that opportunistic IPSEC, ala Micr0$0ft's direct- connect or whatever they call it product is quite a bit more viable. It depends on AD as a PKI distribution mechanism for authentication. DirectAccess is neat - but it's not exactly a break through. DA is just a service based (aka UNIX/Linux daemon) IPv6 IPsec VPN with good provisioning and automatic IPv4 tunneling. It's essentially a nice packaging of certificate-based IPsec leveraging Windows Active Directory provisioning. There are some good ideas in this paper. I just think there are some things missing - at least from my cursory reading of it. --Jim ___ Ipv6hackers mailing list ipv6hack...@lists.si6networks.com http://lists.si6networks.com/listinfo/ipv6hackers - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [ipv6hackers] opportunistic encryption in IPv6
- Forwarded message from Mark Smith markzzzsm...@yahoo.com.au - Date: Mon, 10 Jun 2013 21:10:06 -0700 (PDT) From: Mark Smith markzzzsm...@yahoo.com.au To: IPv6 Hackers Mailing List ipv6hack...@lists.si6networks.com Subject: Re: [ipv6hackers] opportunistic encryption in IPv6 X-Mailer: YahooMailWebService/0.8.146.552 Reply-To: IPv6 Hackers Mailing List ipv6hack...@lists.si6networks.com - Original Message - From: Jim Small jim.sm...@cdw.com To: IPv6 Hackers Mailing List ipv6hack...@lists.si6networks.com Cc: Sent: Tuesday, 11 June 2013 11:02 AM Subject: Re: [ipv6hackers] opportunistic encryption in IPv6 Hi Owen, The fundamental challenge for encryption is key distribution and management: * How do I authenticate the intended recipient(s)? This is a traditional challenge with many traditional solutions, all of which have tradeoffs, especially in M2M communications. * How do I distribute a key without letting anyone except the intended recipient(s) get it? DH pretty well solves this, no? Yes and no. DH is a good answer, but IKE/IPsec still requires pre-shared keys or RSA key pairs to start with. Don't think so anymore. Better-Than-Nothing Security: An Unauthenticated Mode of IPsec http://tools.ietf.org/html/rfc5386 Don't know if there are any implementations available. ___ Ipv6hackers mailing list ipv6hack...@lists.si6networks.com http://lists.si6networks.com/listinfo/ipv6hackers - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [ipv6hackers] opportunistic encryption in IPv6
This thread is ending, so I will limit further distribution, explicitly removing libtech. - Forwarded message from Jim Small jim.sm...@cdw.com - Date: Tue, 11 Jun 2013 04:27:33 + From: Jim Small jim.sm...@cdw.com To: IPv6 Hackers Mailing List ipv6hack...@lists.si6networks.com Subject: Re: [ipv6hackers] opportunistic encryption in IPv6 Reply-To: IPv6 Hackers Mailing List ipv6hack...@lists.si6networks.com Hi Mark, The fundamental challenge for encryption is key distribution and management: * How do I authenticate the intended recipient(s)? * How do I distribute a key without letting anyone except the intended recipient(s) get it? DH pretty well solves this, no? Yes and no. DH is a good answer, but IKE/IPsec still requires pre-shared keys or RSA key pairs to start with. Don't think so anymore. Better-Than-Nothing Security: An Unauthenticated Mode of IPsec http://tools.ietf.org/html/rfc5386 Thanks - I was not aware of that. So BTNS is interesting - but it doesn't solve the above problems. Per the RFC, BTNS doesn't authenticate peers. It would seem that secure key distribution (maintain confidentiality, integrity, and authentication) remains a vexing problem. Here's an interesting question more relevant to the list and the paper though - are IPv6 CGAs useful? It seems like SeND is dead. But does anyone on the list think that CGAs could provide a useful competitive advantage for IPv6 over IPv4? Are these a useful building block? One thing I wonder about is a 64 bit hash is pretty small - I wonder if that is sufficiently complex to provide security for the coming decade+? PKI CAs using SCEP for enrollment/management work pretty well. If you could get a key pair from DHCP or as a function of using a directory service, use it to generate a CGA, and then use that just for authentication it would already be fantastic. Just being confident that an address is authentic and not spoofed is a huge improvement over the current state for Internet security. Thoughts? --Jim ___ Ipv6hackers mailing list ipv6hack...@lists.si6networks.com http://lists.si6networks.com/listinfo/ipv6hackers - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [cryptopolitics] [cryptography] skype backdoor confirmation
- Forwarded message from Adam Back a...@cypherspace.org - Date: Tue, 11 Jun 2013 19:28:44 +0200 From: Adam Back a...@cypherspace.org To: Ethan Heilman eth...@gmail.com Cc: Crypto discussion list cryptogra...@randombit.net, New Cpunks List cryptopolit...@randombit.net Subject: Re: [cryptopolitics] [cryptography] skype backdoor confirmation User-Agent: Mutt/1.5.21 (2010-09-15) Reply-To: New Cpunks List cryptopolit...@randombit.net (I set the reply to to the cryptopolitics/new cypherpunk list). It seems skype via PRISM/NSA api or intermediate server complying with a FISA order they probably couldnt talk about if they wanted to, is recording pretty much everything in skype channels, maybe narrowed only by bandwidth. It doesnt seem that US citizens are particularly safe either, though not being from the US I'm even less than 51% assured anyway. Great and 100% full-on analysis for the rest of the world. In fact it seems what is really going on is they record everything to preserve ability for retro-active analysis, US non-US. According to EFF in NSA terminology data isnt collected until its pulled from the NSA data farm and analysed in some way. Obvioulsy to other readers of the English language, collected is when it hits the disk in NSA's Utah exabyte disk farm. So the 51% assurance I would think is actually that they havent yet analysed your data (for US users), not that they didnt record it. Curiously many journalists and commentators seem to be suffering from repeated extremely naive failure to parse PR-speak. They need to read more from Binney and re-listen to Snowden. You cant expect to reverse engineer the architecture of something from a PR expert who is intentionally lying to you. (Lying is defined as an intent to mislead, and they lied to everyone including the authors of the Patriot act, congress, the oversight committees, etc. Clapper calls it (actual TV interview quote) least untruthful manner ie he didnt say anything directly untrue during his previous successful attempts to mislead congress in congressional hearings.) Anyway a small tidbit related to the pre-prism discussion of skype suspected backdooring (and probably thats pretty much conclusive given the PRISM disclosures): This article says skype had handed over web browsing information: http://www.guardian.co.uk/technology/2013/jun/11/uk-intelligence-requests-microsoft-data But more than 7,000 British requests resulted in data being shared, including names, addresses and browsing history showing a list of websites visited by a Microsoft customer So given the context being skype, I am thinking that we're just checking for malware URL uploading is actually recorded and subject to supoena for normal law enforcement, and mass storage/retro-active analysis by law enforcement. Probabl along with the rest of the IM stream. Back to the PRISM saga, I think the NSA and echelon partners have overstepped the mark massively and built a MONSTROSITY that may eventually bring down democracy. Its probably more fragile than people think; some european democracies are relatively young, and civil unrest and dangerous political voices seem to gain in times of extreme economic and political stress as in greece (golden dawn neo-nazis). No doubt the prime PRISM motivations were profit (defense contractors with big lobbing influence in the post 9-11 world) plus a bit of national security, chasing the odd bad guy. But for proportionality in cost (the number of people killed by terrorists is a tiny tiny risk for western countries), and erosion of civil liberties (4th amendment to americans) this is an outrage. Many people died historically fighting to rid the world of such facist governments. We should not glibly build the means of democracies downfall. The most dangerous aspect is the secerecy - not only do they want to collect the biggest dossier on everyone ever, they want to do it in secret, with secret courts, secret legal interpretations, and gag orders on those in industry forced to participate. Secret laws are not hallmarks of a democratic process. Adam On Thu, Jun 06, 2013 at 06:23:16PM -0400, Ethan Heilman wrote: From the new Washington Post Article According to a separate Users Guide for PRISM Skype Collection, that service can be monitored for audio when one end of the call is a conventional telephone and for any combination of audio, video, chat, and file transfers when Skype users connect by computer alone. Googles offerings include Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms. ___ cryptopolitics mailing list cryptopolit...@randombit.net http://lists.randombit.net/mailman/listinfo/cryptopolitics - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100
[liberationtech] opportunistic encryption with IPv6
Native IPv6 deployment is on an exponential track http://www.google.com/ipv6/statistics.html Unlike IPv4, IPv6 has had encryption as part of the specs, but no opportunistic ways to set up an encrypted session. There have been efforts like http://www.inrialpes.fr/planete/people/chneuman/OE.html which did not suffer from scaling issues of http://en.wikipedia.org/wiki/FreeS/WAN (no need for additional high threshold of entry technologies like DNS or PKI) yet never achieved critical mass. In the light of recent IPv6 growth there is obviously considerable value in *working* IPv6 opportunistic session setups in open source operating systems (Linux, *BSD) as it would require active attacks to listen on a connection (which are expensive and detectable in principle) instead of passive and hence undetectable traffic interception of cleartext. Perhaps such a project would be of interest to some parties on this list. P.S. A darknet-like approach which also uses IPv6 (but can tunnel over IPv4) is http://en.wikipedia.org/wiki/Cjdns -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Top secret PRISM program claims direct access to servers of firms including Google, Facebook and Apple
http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-data NSA taps in to internet giants' systems to mine user data, secret files reveal • Top secret PRISM program claims direct access to servers of firms including Google, Facebook and Apple • Companies deny any knowledge of program in operation since 2007 Glenn Greenwald and Ewen MacAskill The Guardian, Thursday 6 June 2013 23.05 BST A slide depicting the top-secret PRISM program The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian. The NSA access is part of a previously undisclosed program called PRISM, which allows officials to collect material including search history, the content of emails, file transfers and live chats, the document says. The Guardian has verified the authenticity of the document, a 41-slide PowerPoint presentation – classified as top secret with no distribution to foreign allies – which was apparently used to train intelligence operatives on the capabilities of the program. The document claims collection directly from the servers of major US service providers. Although the presentation claims the program is run with the assistance of the companies, all those who responded to a Guardian request for comment on Thursday denied knowledge of any such program. In a statement, Google said: Google cares deeply about the security of our users' data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government 'back door' into our systems, but Google does not have a back door for the government to access private user data. Several senior tech executives insisted that they had no knowledge of PRISM or of any similar scheme. They said they would never have been involved in such a program. If they are doing this, they are doing it without our knowledge, one said. An Apple spokesman said it had never heard of PRISM. The NSA access was enabled by changes to US surveillance law introduced under President Bush and renewed under Obama in December 2012. The program facilitates extensive, in-depth surveillance on live communications and stored information. The law allows for the targeting of any customers of participating firms who live outside the US, or those Americans whose communications include people outside the US. It also opens the possibility of communications made entirely within the US being collected without warrants. Disclosure of the PRISM program follows a leak to the Guardian on Wednesday of a top-secret court order compelling telecoms provider Verizon to turn over the telephone records of millions of US customers. The participation of the internet companies in PRISM will add to the debate, ignited by the Verizon revelation, about the scale of surveillance by the intelligence services. Unlike the collection of those call records, this surveillance can include the content of communications and not just the metadata. Some of the world's largest internet brands are claimed to be part of the information-sharing program since its introduction in 2007. Microsoft – which is currently running an advertising campaign with the slogan Your privacy is our priority – was the first, with collection beginning in December 2007. It was followed by Yahoo in 2008; Google, Facebook and PalTalk in 2009; YouTube in 2010; Skype and AOL in 2011; and finally Apple, which joined the program in 2012. The program is continuing to expand, with other providers due to come online. Collectively, the companies cover the vast majority of online email, search, video and communications networks. The extent and nature of the data collected from each company varies. Companies are legally obliged to comply with requests for users' communications under US law, but the PRISM program allows the intelligence services direct access to the companies' servers. The NSA document notes the operations have assistance of communications providers in the US. The revelation also supports concerns raised by several US senators during the renewal of the Fisa Amendments Act in December 2012, who warned about the scale of surveillance the law might enable, and shortcomings in the safeguards it introduces. When the FAA was first enacted, defenders of the statute argued that a significant check on abuse would be the NSA's inability to obtain electronic communications without the consent of the telecom and internet companies that control the data. But the PRISM program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies' servers. A chart prepared by the NSA, contained within the top-secret document obtained by the Guardian, underscores the breadth of the data it is able to obtain: email, video and voice chat, videos, photos,
Re: [liberationtech] NSA has direct access to tech giants' systems for user data, secret ppt reveals
On Fri, Jun 07, 2013 at 12:32:10PM +1200, Andrew Lewis wrote: PRISM isn't really even that illegal, as long as they discard communications considered to be American. So, as long as every TLA world wide does, and they all share the information, everything is all right? Not so fast. The NSA has been listening to radio signals from all over the world for years, from military bases strategically positioned to pickup radio signals of interest, amongst other types of communication data. This is really just the extension of similar ideas, to a new form of communications, the novel part of the whole thing is that it leverages the fact that so many tech companies are located in the US and that a ton of the internet backbone is run through America. Why does the NSA operate these dedicated fiber splice subs, you think? -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] PRISM: NSA/FBI Internet data mining project
- Forwarded message from Leo Bicknell bickn...@ufp.org - Date: Thu, 6 Jun 2013 20:28:18 -0500 From: Leo Bicknell bickn...@ufp.org To: jim deleskie deles...@gmail.com Cc: goe...@anime.net, NANOG na...@nanog.org Subject: Re: PRISM: NSA/FBI Internet data mining project X-Mailer: Apple Mail (2.1508) On Jun 6, 2013, at 8:06 PM, jim deleskie deles...@gmail.com wrote: Knowing its going on, knowing nothing online is secret != OK with it, it mealy understand the way things are. While there's a whole political aspect of electing people who pass better laws, NANOG is not a political action forum. However many of the people on NANOG are in positions to affect positive change at their respective employers. - Implement HTTPS for all services. - Implement PGP for e-mail. - Implement S/MIME for e-mail. - Build cloud services that encrypt on the client machine, using a key that is only kept on the client machine. - Create better UI frameworks for managing keys and identities. - Align data retention policies with the law. - Scrutinize and reject defective government legal requests. - When allowed by law, charge law enforcement for access to data. - Lobby for more sane laws applied to your area of business. The high tech industry has often made the government's job easy, not by intention but by laziness. Keeping your customer's data secure should be a proud marketing point. -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Stop promoting Skype
On Fri, Jun 07, 2013 at 08:32:36AM -0400, Rich Kulawiec wrote: These revelations constitute an existence proof that the number of backdoors in various services is nonzero. There's no reason to believe that this nonzero value is 1. It is prudent to believe that the value is exactly one. This particular disclosure is a merely another data point. We didn't need it in order to assume the value is exactly one. After, if the NSA could backdoor them (with or without their cooperation) then why couldn't MI6? Or Mossad? Or some other entity, which may or We expect that each intelligence agency attempts to tap and monitor according to their abilities and budget. It's obvious that UKUSA members are special in the extent of space they monitor and the budget they command, and how many vassals they've browbeat into co-operation (e.g. almost the entire Europe is basically a puppet regime with no sovereignity in key matters). may not be a national intelligence service? Why, we must assume that everything that goes over the wire will be analyzed in realtime, and a fair fraction (in some cases, all of it) will be stored indefinitely, and data-mined. We also know that the CA trust model is broken, so unless you roll your own certs all that traffic is only a few computations away from being cleartext. There's also no reason to believe that this practice is limited to the US. Of course not. It's funny how USians always think it's everything always just about them. There are 7 gigamonkeys on this planet. Tracking 7 Gentities in realtime is not that hard of a job. Does anyone think that intelligence services are not doing their job? -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] NSA has direct access to tech giants' systems for user data, secret ppt reveals
On Thu, Jun 06, 2013 at 09:23:03PM -0700, x z wrote: What surprised me is how Guardian and Washington Post cover this story. The Power Point slides looks laughable to me. Maybe I should interpret direct access to servers of firms as like when I'm typing this email I am also having *a direct access* to Gmail's servers. It's a little more direct than that. Approaches like http://en.wikipedia.org/wiki/Room_641A are really rather expensive, so it makes sense to move the intercept capabilities to the providers themselves, on a need-to-know basis, and serve them with a gagging order. If you think this is a laughing matter, you have a pretty strange sense of humor. This either a ploy by some pro-privacy extremist or a prank by somebody who's tired of these hyperbole privacy outcries. You must realize that placating pabulum doesn't really fly here, so I would reexamine why you are reading this list. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Stop promoting Skype
On Fri, Jun 07, 2013 at 09:15:32AM -0400, Rich Kulawiec wrote: Mine is something like this: if one day, the folks from the NSA showed up at X's door with a van full of equipment and asked nicely if they could please bring it in, then why wouldn't their counterparts in every other country do the same to X's sites there? And since X wants to do business in those countries, why would it say no? Why, I believe this is exactly how it goes down, your honor. And UKUSA is effectively one compartment, and there are probably looser co-operation programs existing in other countries. If on the other hand this was done by the NSA without X's knowledge, then their counterparts in other countries could try that approach as well. I expect that they're collecting data everywhere they can, some of which doesn't require cooperation (tapping submarine fiber) and some requires partial cooperation (central tap facilities at Tier 1 and 2) but also forcing major operators under strict secrecy (need-to-know limited to few individuals, some of them arguably also intelligence officers) and unmder gagging orders so that officially disclosing the information would bear severe penalties, and leaking would be risky since the numbers of possible whistleblowers is very low. So would you mind explaining yours? (My apologies if it's completely obvious and I'm just being dense.) I doubt you are, we're probably in violent agreement without realizing it. And a side point/adjunct to this: so far, I haven't noticed Amazon or Rackspace or Softlayer or similar on these lists. (Again, maybe more coffee is badly needed.) I can't believe for a moment that the NSA overlooked any of the major cloud computing providers. I would also expect that anyone relevant would be on that list. I would be very interested to know how the intercept and processing is happening in so-called friendly countries, which do not have the technical wherewithal and expertise to conduct the intercepts themselves. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] PRISM: NSA/FBI Internet data mining project
- Forwarded message from Mark Seiden m...@seiden.com - Date: Thu, 6 Jun 2013 22:57:07 -0700 From: Mark Seiden m...@seiden.com To: jamie rishaw j...@arpa.com Cc: goe...@anime.net, NANOG na...@nanog.org Subject: Re: PRISM: NSA/FBI Internet data mining project X-Mailer: Apple Mail (2.1508) On Jun 6, 2013, at 10:25 PM, jamie rishaw j...@arpa.com wrote: tinfoilhat Just wait until we find out dark and lit private fiber is getting vampired. /tinfoilhat well, that's exactly and the only thing what would not surprise me, given the eff suit and mark klein's testimony about room 421a full of narus taps. mark klein is an utterly convincing and credible guy on this subject of tapping transit traffic. but the ability to assemble intelligence out of taps on providers' internal connections would require reverse engineering the ever changing protocols of all of those providers. and at least at one of the providers named, where i worked on security and abuse, it was hard for us, ourselves, to quickly mash up data from various internal services and lines of business that were almost completely siloed -- data typically wasn't exposed widely and stayed within a particular server or data center absent a logged in session by the user. were these guys scraping the screens of non-ssl sessions of interest in real time? with asymmetric routing, it's hard to reassemble both sides of a conversation, say in IM. one side might come in via a vip and the other side go out through the default route, shortest path. only *on* a specific internal server might you see the entire conversation. typically only the engineers who worked on that application would log on or even know what to look for. and also, only $20m/year? in my experience, the govt cannot do anything like this addressing even a single provider for that little money. and pretty much denials all around. so at the moment, i don't believe it. (and i hope it's not true, or i might have to leave this industry in utter disgust because i didn't notice this going on in about 8 years at that provider and it was utterly contrary to the expressed culture. take up beekeeping, or alcohol, or something.). -- Jamie Rishaw // .com.arpa@j - reverse it. ish. arpa / arpa labs - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Stop promoting Skype
On Fri, Jun 07, 2013 at 10:18:25AM -0400, Griffin Boyce wrote: I'll keep that in mind the next time someone from Tor promotes Riseup ;-) But seriously, average users need to have basic services that are (unfortunately) run by third parties. At a minimum, diversification of services used. If every activist uses Riseup or May First, those services become just as high a priority for warrants as Gmail or Hotmail. If you have your own domain, that's awesome. This is not a If your system is tied to a DNS FQDN resolution for operability, your system should not be tied to a DNS FQDN resolution. You'll notice that systems like Tor, i2p, Bitmessage or cjdns all do not rely on DNS resolution (which is centralist, seizable, a source of potential leaks, etc). realistic expectation for most people -- either because they lack the knowledge to install and upkeep their hosting, class stratification, or complete absence of time to do it. This is exactly what the Freedombox project is trying to address. What would be fantastic is if more people who *did* have the knowledge/money took the time to set up their own accounts on their own domains. And if you're a developer or an advanced user, help others do it too! It's far better to have a domain for your group of friends than have everyone use riseup/gmail/etc. If you want gmail-like features, there are lots of open-source avenues, like MailPile [1]. I'm also going to go against the grain and say that most services don't *need* to be integrated with each other. ~Griffin [1] https://github.com/pagekite/Mailpile -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Stop promoting Skype
On Fri, Jun 07, 2013 at 04:28:31PM +0200, M. Fioretti wrote: BTW, since I'm getting offlist questions about this: in case you were thinking what you want is the FreedomBox, NO, what I'm talking about is NOT the FreedomBox. What I'm suggesting is compatible with the FreedomBox, but it's something else, much more concrete. See the details in the comments to that same post. Your model of what FBX is trying to achieve is faulty. I suggest you connect with the community at http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss and see how you can contribute. As to much more concrete, there's the 0.1 image out http://freedomboxfoundation.org/ I am pleased to announce our first FreedomBox software release. The FreedomBox 0.1 image is available here (.torrent) (sha512sum: 867f5bf462102daef82a34165017b9e67ed8e09116fe46edd67730541bbfb731083850ab5e28ee40bdbc5054cb64e4d0e46a201797f27e0b8f0d2881ef083b40). This 0.1 version is primarily a developer release, which means that it focuses on architecture and infrastructure rather than finish work. The exception to this is privoxy-freedombox, the web proxy discussed in previous updates, which people can begin using right now to make their web browsing more secure and private and which will very soon be available on non-FreedomBox systems. More information on that tool at the end of this post. What have we accomplished? This first release completes a number of important milestones for the project. Full hardware support in Debian A big part of the vision for the FreedomBox project revolves around the Boxs, tiny plug servers that are capable of running full size computing loads cheaply and with little use of electricity. In many respects these are wireless routers given the brains of a smart phone. If you want to change the software on a router or smart phone today you normally need to worry about bootloader images, custom roms, and a whole collection of specialized build and install tools. We wanted to the FreedomBox to move beyond this fragmented environment and, with the help of some embedded device experts, we have managed to make our development hardware into a fully supported Debian platform. That means that anyone with a device can install Debian on it just like a laptop or desktop computer. This support is very important for ensuring that the work we do on the FreedomBox is as portable and reusable as possible. Basic software tools selected There is a lot of great free software out there to choose from and we put a lot of thought into which elements would be included in our basic tool kit. This includes the user interface system plinth that I outlined in a recent kickstarter update as well as basic cryptography tools like gpg and a one named monkeysphere that leverages gpg as an authentication tool. All of these are now bundled together and installed on the release image. This common working environment will simplify development going forward. Box-to-box communication design Some goals of the FreedomBox can be accomplished with one user and one FreedomBox but many, like helping someone route around repressive government firewalls, will require groups of people and groups of boxes working together. One of our greatest architectural challenges has been finding a way for boxes to communicate securely without so slowing down or breaking network access as to make the system unpleasant to use. We have now outlined and built the first version of our proposed solution: Freedom-buddy. Freedom-buddy uses the world class TOR network so that boxes can find each other regardless of location or restrictive firewall and then allows the boxes to negotiate secure direct connections to each other for actually sending large or time sensitive data. We believe this blended approach will be most effective at improving the security and usability of personal-server communications and all the services we plan to build into those servers. Web cleaning Our first service, a piece of software you can use today to start making your web browsing more secure and private, is called privoxy-freedombox. This software combines the functionality of the Adblock Plus ad blocker, the Easy Privacy filtering list, and the (HTTPS Everywhere](https://www.eff.org/https-everywhere) website redirection plugin into a single piece of software to run on your FreedomBox. Combining these different plugins into software for your FreedomBox means that you can use them with almost any browser or mobile device using a standard web proxy connection. Because of our focus on building the FreedomBox as part of Debian this software will soon be available to anyone running a Debian system regardless of whether you are using our target DreamPlug hardware, a laptop, or a large rack server somewhere. As you read this packages should already be available in the Raspbian repositories, which is the optimized version of Debian used on the Raspberry P i
Re: [liberationtech] PRISM: NSA/FBI Internet data mining project
on provider traffic for only $238K/month? More later--and remember, this is purely my own rampant speculation, I'm not speaking for anyone, on behalf of anyone, or even remotely authorized or acknowledged by any entity on this rambling, so please don't go quoting this anywhere else, it'll make you look foolish, and probably get me in trouble anyhow. :( Matt - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] How the U.S. Government Hacks the World
http://www.businessweek.com/articles/2013-05-23/how-the-u-dot-s-dot-government-hacks-the-world#r=tec-st How the U.S. Government Hacks the World By Michael Riley on May 23, 2013 http://www.businessweek.com/articles/2013-05-23/how-the-u-dot-s-dot-government-hacks-the-world Obscured by trees and grassy berms, the campus of the National Security Agency sits 15 miles north of Washington’s traffic-clogged Beltway, its 6 million square feet of blast-resistant buildings punctuated by clusters of satellite dishes. Created in 1952 to intercept radio and other electronic transmissions—known as signals intelligence—the NSA now focuses much of its espionage resources on stealing what spies euphemistically call “electronic data at rest.” These are the secrets that lay inside the computer networks and hard drives of terrorists, rogue nations, and even nominally friendly governments. When President Obama receives his daily intelligence briefing, most of the information comes from government cyberspies, says Mike McConnell, director of national intelligence under President George W. Bush. “It’s at least 75 percent, and going up,” he says. The key role NSA hackers play in intelligence gathering makes it difficult for Washington to pressure other nations—China in particular—to stop hacking U.S. companies to mine their databanks for product details and trade secrets. In recent months the Obama administration has tried to shame China by publicly calling attention to its cyber-espionage program, which has targeted numerous companies, including Google (GOOG), Yahoo! (YHOO), and Intel (INTC), to steal source code and other secrets. This spring, U.S. Treasury Secretary Jacob Lew and General Martin Dempsey, chairman of the Joint Chiefs of Staff, traveled to Beijing to press Chinese officials about the hacking. National Security Advisor Thomas Donilon is scheduled to visit China on May 26. Illustration by James Dawe; Getty Images (18) The Chinese response, essentially: Look who’s talking. “You go in there, you sit across from your counterpart and say, ‘You spy, we spy, but you just steal the wrong stuff.’ That’s a hard conversation,” says Michael Hayden, who headed the NSA, and later the CIA, under Bush. “States spying on states, I got that,” says Hayden, now a principal at the Chertoff Group, a Washington security consulting firm. “But this isn’t that competition. This is a nation-state attempting espionage on private corporations. That is not an even playing field.” The tension between the two nations escalated in May, when a Pentagon report to Congress for the first time officially linked China’s government directly to the hacking of U.S. defense contractors. It revealed that U.S. intelligence had been tracking a vast hacking bureaucracy adept at stealing technology from American companies. China’s leaders have long denied being behind the hacks. An article about the Pentagon report in the official People’s Daily newspaper called the U.S. the “real hacking empire.” The U.S. government doesn’t deny that it engages in cyber espionage. “You’re not waiting for someone to decide to turn information into electrons and photons and send it,” says Hayden. “You’re commuting to where the information is stored and extracting the information from the adversaries’ network. We are the best at doing it. Period.” The U.S. position is that some kinds of hacking are more acceptable than others—and the kind the NSA does is in keeping with unofficial, unspoken rules going back to the Cold War about what secrets are OK for one country to steal from another. “China is doing stuff you’re not supposed to do,” says Jacob Olcott, a principal at Good Harbor Security Risk Management, a Washington firm that advises hacked companies. The men and women who hack for the NSA belong to a secretive unit known as Tailored Access Operations. It gathers vast amounts of intelligence on terrorist financial networks, international money-laundering and drug operations, the readiness of foreign militaries, even the internal political squabbles of potential adversaries, according to two former U.S. government security officials, who asked not to be named when discussing foreign intelligence gathering. For years, the NSA wouldn’t acknowledge TAO’s existence. A Pentagon official who also asked not to be named confirmed that TAO conducts cyber espionage, or what the Department of Defense calls “computer network exploitation,” but emphasized that it doesn’t target technology, trade, or financial secrets. The official says the number of people who work for TAO is classified. NSA spokeswoman Vaneé Vines would not answer questions about the unit. The two former security officials agreed to describe the operation and its activities without divulging which governments or entities it targets. According to the former officials, U.S. cyberspies, most from military units who’ve received specialized training, sit at consoles running sophisticated hacking software, which
Re: [liberationtech] Cell phone tracking
On Fri, May 24, 2013 at 02:19:05PM -0700, Seth David Schoen wrote: I'm curious whether people in some countries have had success using wifi-only phones, including to make and receive calls by VoIP. There are ways that wifi can be more private in some ways in some situations compared to the GSM network, but it's also much, much less ubiquitous. There might be use cases for using end-to-end encrypting VoIP phones on Mifi over 3G/4G (assuming you can penetrate the double NAT), as here both security compartments are separate. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Cell phone tracking
On Fri, May 24, 2013 at 12:56:32PM -0700, Yosem Companys wrote: From: Dan Gillmor d...@gillmor.com Given the vanishingly small likelihood that companies or governments will do anything about cell phone tracking, I'm interested in what countermeasures we can take individually. The obvious one is to turn off GPS except on rare occasions. I'll be discussing all this in an upcoming book, and in my Guardian column soon. So I'd welcome ideas. Pull out the battery. That's the only thing that's guaranteed to work. Even with GPS switched off you can be triangulated by base stations by receiving a silent text. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Frei PiratenPartei
On Thu, May 16, 2013 at 10:18:09PM +, andreas.ba...@nachtpult.de wrote: I am a Member of the Piraten in Germany. Let me answer with a question. Do you really think a party like that has a chance in the USA? Failure is default if you never try. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Attorney General: Tourists’ Emails Can be Searched at Israel’s Borders
http://www.acri.org.il/en/2013/04/24/ag-tourists-israel-emails/ Attorney General: Tourists’ Emails Can be Searched at Israel’s Borders Update:April 24, 2013 Photo by Tal Dahan In response to an inquiry from ACRI regarding reports of authorities requiring access to tourists’ email accounts before allowing them into the country, the Attorney General’s office has confirmed its approval of the practice. Attorney Lila Margalit, Director of Human Rights in the Criminal Process Program at the Association for Civil Rights in Israel (ACRI) wrote a letter to Attorney General Yehuda Weinstein in June 2012, following reports in the news and in social media of foreign nationals visiting Israel being asked by the GSS (“Shin Bet”) for access to their personal email accounts during interrogations in Ben Gurion Airport. According to media reports at the time, a visitor who refused was denied entry, as was a visitor who complied. In a response dated April 24, 2013, the Attorney General’s office confirmed this practice, asserting that such searches are made in exceptional cases where “relevant suspicious signs” are observed, and that they are conducted with the foreign national’s “consent”. However, the Attorney General’s office also noted that while a tourist may refuse such a search, “it will be made clear to him that his refusal will be taken into consideration along with other relevant factors, in deciding whether to allow him entry to Israel.” ACRI Attorney Lila Margalit said in response: “A tourist who has just spent thousands of dollars to travel to Israel, only to be interrogated at the airport by Shin Bet agents and told to grant access to their email account, is in no position to give free and informed consent. Such “consent”, given under threat of deportation, cannot serve as a basis for such a drastic invasion of privacy. In today’s world, access to a person’s email account is akin to access to their innermost thoughts and personal lives. Allowing security agents to take such invasive measures at their own discretion and on the basis of such flimsy “consent” is not befitting of a democracy.” Related Links Invasive Email Searches in Airports Contradict Israeli Law http://www.acri.org.il/en/2012/06/06/email-searches-in-airports/ Invasive Email Searches in Airports Contradict Israeli Law Update:June 6, 2012 Ben-Gurion Airport, photo by Beny Shlevich, CC-by-SA Following recent reports, the Association for Civil Rights in Israel (ACRI) emphasizes that the demand made by the Israeli GSS to internationals visiting Israel, that they provide their email account password to security authorities, contradicts Israeli law. The law outlines severe restrictions regarding the circumstances under which this can be done, and even conditions it on a judicial order. According to recent reports in the news and in social media, foreign nationals visiting Israel have been asked by the GSS (“Shin Bet”), during interrogations in Ben Gurion Airport, to access their personal email or Facebook accounts so that the interrogators can retrieve information relating to their planned visits. A few visitors were then denied entry. See for example coverage on Haaretz in English and the Associated Press. According to these reports, the GSS claims that the actions taken by the agents during questioning were within the organization’s authority according to Israeli law. However, the Association for Civil Rights in Israel (ACRI) states that, contrary to this claim, this is an illegal practice. “Invading a computer or an email account constitutes a grave violation of privacy and dignity,” says ACRI attorney Lila Margalit. “Therefore, Israeli law contains strict provisions regarding the circumstances under which this can be done – and even conditions it on a judicial order. The demand made to internationals visiting Israel, that they provide their email account password to security authorities sounds like something that could be expected in totalitarian regimes.” -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Secure, inexpensive hosting of activist sites
On Sun, Apr 21, 2013 at 09:26:05PM -0400, micah wrote: Can't rely on them to be there for what exactly? Just being there and responsive for the entire duration you need them. Where is the liberatory technological element to recommending commercial The liberatory technological element is to use distributed services not linkable to a certain specific server or location. You're welcome. services when they are more than happy when the shit hits it to bend over backwards for law enforcement without bothering even questioning if Have you ever heard of bullet proof hosting? Do you think that snowshoe spammer and carder and malware hosters care a damn thing about the content they host? the request is even legal because that would cut into their profits? I Very simple: they do not care whether it's legal. Their business model is that they don't care, as long as the account gets paid. have to say I agree with ilf, this is pretty depressing for this list. You'll get used to it. I did. How can anyone in good conscience recommend to activists commercial services whose primary goal is to optimize for the bottom line? You How can anyone engage in strawmen of such appalling quality? realize that when the shit hits it you can rely on them to not waste any of their money fighting for you. Not that it matters, because they are already deupitized data collection points for the police, building into their money-making schemes keeping as much logs as they possibily can to maximize profits from various advertising and surveillance efforts. And really, Cloudflare? Comon. After their willingness to roll over on What about Cloudflare? Can't recall mentioning them. the subpoena for Barret Brown and prentend that they were the internet's saviors by making up that whole thing about how they saved the internet from the biggest DDOS ever? This is an amazing statement: free is distinctly unaffordable -- what meaning of free are you using here? There are other things that I'd Free, as in free beer. pay *more* money for if it meant the kind of free that I'm thinking of was in play... But this is 'liberationtech', right? Is the only thing you are concerned about is being liberated from your money when doing tech things? The cognitive dissonance here is deafening. How would you know? -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Secure, inexpensive hosting of activist sites
On Thu, Apr 18, 2013 at 08:50:22PM +, Andreas Bader wrote: Hetzner Germany is pretty good. We use it since years and never had problems with it. Hetzner is good and cheap (though no longer that cheap) but they'll drop you like a hot potato in case of ever the slightest problems. I would definitely advise against considering Hetzner a freedom-minded hosts. For a current project (Zero State) we're using http://1984.is/ ( https://www.1984hosting.com/ for non-Islenska UI). -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Secure, inexpensive hosting of activist sites
On Sun, Apr 21, 2013 at 03:07:35PM +0200, ilf wrote: I can't believe this bullshit thread recommending *only* commercial services. Look, free is distinctly unaffordable. If you need a dedicated box somebody has got to pay for the hosting and remote hands. Activists donating own resources are quite nice and cool (heck, been there, done that) but ultimatively you can't rely on them to be there if the shit hits it. How about checking out this list? https://we.riseup.net/riseuphelp+en/radical-servers -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Human Breath Analysis May Support the Existence of Individual Metabolic Phenotypes
http://www.plosone.org/article/info%3Adoi%2F10.1371%2Fjournal.pone.0059909 Abstract The metabolic phenotype varies widely due to external factors such as diet and gut microbiome composition, among others. Despite these temporal fluctuations, urine metabolite profiling studies have suggested that there are highly individual phenotypes that persist over extended periods of time. This hypothesis was tested by analyzing the exhaled breath of a group of subjects during nine days by mass spectrometry. Consistent with previous metabolomic studies based on urine, we conclude that individual signatures of breath composition exist. The confirmation of the existence of stable and specific breathprints may contribute to strengthen the inclusion of breath as a biofluid of choice in metabolomic studies. In addition, the fact that the method is rapid and totally non-invasive, yet individualized profiles can be tracked, makes it an appealing approach. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] [CCM-L] Scientific Articles Accepted (Personal Checks, Too)-nytimes
on Beall’s list, Srinubabu Gedela, the director of the Omics Group, has about 250 journals and charges authors as much as $2,700 per paper. Dr. Gedela, who lists a Ph.D. from Andhra University in India, says on his Web site http://srinubabu.com/ that he “learnt to devise wonders in biotechnology.” Another Beall’s list publisher, Dove Press, says on its Web site, “There are no limits on the number or size of the papers we can publish.” Open-access publishers say that the papers they publish are reviewed and that their businesses are legitimate and ethical. “There is no compromise on quality review policy,” Dr. Gedela wrote in an e-mail. “Our team’s hard work and dedicated services to the scientific community will answer all the baseless and defamatory comments that have been made about Omics.” But some academics say many of these journals’ methods are little different from spam e-mails offering business deals that are too good to be true. Paulino Martínez, a doctor in Ceyala, Mexico, said he was gullible enough to send two articles in response to an e-mail invitation he received last year from The Journal of Clinical Case Reports. They were accepted. Then came a bill saying he owed $2,900. He was shocked, having had no idea there was a fee for publishing. He asked to withdraw the papers, but they were published anyway. “I am a doctor in a hospital in the province of Mexico, and I don’t have the amount they requested,” Dr. Martínez said. The journal offered to reduce his bill to $2,600. Finally, after a year and many e-mails and a phone call, the journal forgave the money it claimed he owed. Some professors listed on the Web sites of journals on Beall’s list, and the associated conferences, say they made a big mistake getting involved with the journals and cannot seem to escape them. Thomas Price, an associate professor of reproductive endocrinology and fertility at the Duke University School of Medicine, agreed to be on the editorial board of The Journal of Gynecology Obstetrics because he saw the name of a well-respected academic expert on its Web site and wanted to support open-access journals. He was surprised, though, when the journal repeatedly asked him to recruit authors and submit his own papers. Mainstream journals do not do this because researchers ordinarily want to publish their papers in the best journal that will accept them. Dr. Price, appalled by the request, refused and asked repeatedly over three years to be removed from the journal’s editorial board. But his name was still there. “They just don’t pay any attention,” Dr. Price said. About two years ago, James White, a plant pathologist at Rutgers, accepted an invitation to serve on the editorial board of a new journal, Plant Pathology Microbiology, not realizing the nature of the journal. Meanwhile, his name, photograph and résumé were on the journal’s Web site. Then he learned that he was listed as an organizer and speaker on a Web site advertising Entomology-2013. “I am not even an entomologist,” he said. He thinks the publisher of the plant journal, which also sponsored the entomology conference, — just pasted his name, photograph and résumé onto the conference Web site. At this point, he said, outraged that the conference and journal were “using a person’s credentials to rip off other unaware scientists,” Dr. White asked that his name be removed from the journal and the conference. Weeks went by and nothing happened, he said. Last Monday, in response to this reporter’s e-mail to the conference organizers, Jessica Lincy, who said only that she was a conference member, wrote to explain that the conference had “technical problems” removing Dr. White’s name. On Tuesday, his name was gone. But it remained on the Web site of the journal. Dr. Gedela, the publisher of the journals and sponsor of the conference, said in an e-mail on Thursday that Dr. Price and Dr. White’s names remained on the Web sites “because of communication gap between the EB member and the editorial assistant,” referring to editorial board members. * *That day, their names were gone from the journals’http://www.omicsonline.org/editorialboardGynecology.php Web sites http://www.omicsonline.org/EditorialboardJPPM.php. “I really should have known better,” Dr. White said of his editorial board membership, adding that he did not fully realize how the publishing world had changed. “It seems like the Wild West now.” -- Rangraj Setlur Anaesthesiologist and Intensivist,Indian Army ___ CCM-L mailing list cc...@list.pitt.edu https://list.pitt.edu/mailman/listinfo/ccm-l - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE -- Too many emails? Unsubscribe, change to digest, or change password
Re: [liberationtech] suggestions for a remote wipe software for Windows?
On Wed, Apr 03, 2013 at 11:51:11AM -0700, Katy P wrote: What is easier for a lay person and least susceptible to a smart thief? You didn't mention your operating system, but in terms of least pain I would go with http://www.truecrypt.org/downloads and encrypt the whole drive. Make sure your password has enough length and entropy so that it can't be brute-forced. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] SUBSCRIPTION
On Tue, Apr 02, 2013 at 06:45:37PM +0100, Bernard Tyers - ei8fdb wrote: Suggestion 1: Can we trial putting the UNSUBSCRIBE footer (that part of the e-mail that no-one reads) at the top of the e-mail so everyone sees it? No, because then *everybody* has to see it. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] SUBSCRIPTION
On Wed, Apr 03, 2013 at 10:33:17AM -0400, Joseph Lorenzo Hall wrote: Top-posting is definitely worse. Don't do it. A very minor point that isn't especially relevant to libtech, I suspect: I work with a number of blind advocates and top-posting makes their lives much, much easier (since scrolling for them can be quite difficult). So, this is How do they deal with context? Do they use threading MUAs? What kind of infrastructure they use? Way back it was a braille line and emacs, but I presume that's no longer true. just to point out an exception to the tendency to always favor top-posting... however I have seen indications thy we have libtech members who use screen readers. best, Joe -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] suggestions for a remote wipe software for Windows?
On Wed, Apr 03, 2013 at 11:16:08AM -0700, Katy P wrote: If my laptop was stolen, for example, some website or something that I (or someone else) could log into and delete the contents of the laptop's hard drive. Or you could use an encrypting filesystem, which requires a password on boot, and whenever the notebook wakes up. That way, the thief would only be able to steal your hardware, not your data. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Vote results on Reply to Question
On Wed, Mar 27, 2013 at 10:37:50PM -0500, Andrés Leopoldo Pacheco Sanfuentes wrote: The beauty of democracy! :-) Failure, actually. It shows that democratic decisions tend to produce technically suboptimal results. That the whole list was spammed with voting traffic just adds insult to injury -- Dunning-Kruger in action. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] alexandria cable cutters?
- Forwarded message from Randy Bush ra...@psg.com - From: Randy Bush ra...@psg.com Date: Thu, 28 Mar 2013 15:46:25 +0900 To: North American Network Operators' Group na...@nanog.org Subject: alexandria cable cutters? User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI) nyt reports capture of scuba divers attempting to cut telecom egypt undersea fiber. http://www.nytimes.com/aponline/2013/03/27/world/middleeast/ap-ml-egypt-internet.html randy - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Unique in the Crowd: The privacy bounds of human mobility
(full text available on site) http://www.nature.com/srep/2013/130325/srep01376/full/srep01376.html Unique in the Crowd: The privacy bounds of human mobility Yves-Alexandre de Montjoye, César A. Hidalgo, Michel Verleysen Vincent D. Blondel Scientific Reports 3, Article number: 1376 doi:10.1038/srep01376 Received 01 October 2012 Accepted 04 February 2013 Published 25 March 2013 We study fifteen months of human mobility data for one and a half million individuals and find that human mobility traces are highly unique. In fact, in a dataset where the location of an individual is specified hourly, and with a spatial resolution equal to that given by the carrier's antennas, four spatio-temporal points are enough to uniquely identify 95% of the individuals. We coarsen the data spatially and temporally to find a formula for the uniqueness of human mobility traces given their resolution and the available outside information. This formula shows that the uniqueness of mobility traces decays approximately as the 1/10 power of their resolution. Hence, even coarse datasets provide little anonymity. These findings represent fundamental constraints to an individual's privacy and have important implications for the design of frameworks and institutions dedicated to protect the privacy of individuals. Subject terms: Applied mathematicsComputational scienceStatisticsApplied physics -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] [tt] Neuroimaging 'biomarker' linked to rearrest after incarceration.
http://www.nature.com/news/brain-scans-predict-which-criminals-are-more-likely-to-reoffend-1.12672 Brain scans predict which criminals are more likely to reoffend Neuroimaging 'biomarker' linked to rearrest after incarceration. Regina Nuzzo 25 March 2013 Activity in a particular region of the cortex could tell whether a convict is likely to get in trouble again. DOUG MENUEZ/GETTY In a twist that evokes the dystopian science fiction of writer Philip K. Dick, neuroscientists have found a way to predict whether convicted felons are likely to commit crimes again from looking at their brain scans. Convicts showing low activity in a brain region associated with decision-making and action are more likely to be arrested again, and sooner. Kent Kiehl, a neuroscientist at the non-profit Mind Research Network in Albuquerque, New Mexico, and his collaborators studied a group of 96 male prisoners just before their release. The researchers used functional magnetic resonance imaging (fMRI) to scan the prisoners’ brains during computer tasks in which subjects had to make quick decisions and inhibit impulsive reactions. The scans focused on activity in a section of the anterior cingulate cortex (ACC), a small region in the front of the brain involved in motor control and executive functioning. The researchers then followed the ex-convicts for four years to see how they fared. Among the subjects of the study, men who had lower ACC activity during the quick-decision tasks were more likely to be arrested again after getting out of prison, even after the researchers accounted for other risk factors such as age, drug and alcohol abuse and psychopathic traits. Men who were in the lower half of the ACC activity ranking had a 2.6-fold higher rate of rearrest for all crimes and a 4.3-fold higher rate for nonviolent crimes. The results are published today in the Proceedings of the National Academy of Sciences1. There is growing interest in using neuroimaging to predict specific behaviour, says Tor Wager, a neuroscientist at the University of Colorado in Boulder. He says that studies such as this one, which tie brain imaging to concrete clinical outcomes, “provide a new and so far very promising way” to find patterns of brain activity that have broader implications for society. But the authors themselves stress that much more work is needed to prove that the technique is reliable and consistent, and that it is likely to flag only the truly high-risk felons and leave the low-risk ones alone. “This isn't ready for prime time,” says Kiehl. Wager adds that the part of the ACC examined in this study “is one of the most frequently activated areas in the human brain across all kinds of tasks and psychological states”. Low ACC activity could have a variety of causes — impulsivity, caffeine use, vascular health, low motivation or better neural efficiency — and not all of these are necessarily related to criminal behaviour. Crime prediction was the subject of Dick's 1956 short story “The Minority Report” (adapted for the silver screen by Steven Spielberg in 2002), which highlighted the thorny ethics of arresting people for crimes they had yet to commit. Brain scans are of course a far cry from the clairvoyants featured in that science-fiction story. But even if the science turns out to be reliable, the legal and social implications remain to be explored, the authors warn. Perhaps the most appropriate use for neurobiological markers would be for helping to make low-stakes decisions, such as which rehabilitation treatment to assign a prisoner, rather than high-stakes ones such as sentencing or releasing on parole. “A treatment of [these clinical neuroimaging studies] that is either too glibly enthusiastic or over-critical,” Wager says, “will be damaging for this emerging science in the long run.” Nature doi:10.1038/nature.2013.12672 References Aharoni, E. et al. Proc. Natl Acad. Sci. USA http://dx.doi.org/10.1073/pnas.1219302110 (2013). Yarkoni, T., Poldrack, R. A., Nichols, T. E., Van Essen, D. C. Wager, T. D. Nature Methods 8, 665–670 (2011). ___ tt mailing list t...@postbiota.org http://postbiota.org/mailman/listinfo/tt -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] [hackerspaces] Byzantium Linux v0.3a is out!
/K4B7F8Fs4ACdH0Uk9NjQvzMaV+fvuLxDwRwY bLcAoMSVALO+m12AyK4Zz0SOddn++Ibt =XdgM -END PGP SIGNATURE- ___ Discuss mailing list disc...@lists.hackerspaces.org http://lists.hackerspaces.org/mailman/listinfo/discuss - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Bitmessage is a P2P communications protocol used to send encrypted messages to another person or to many subscribers.
https://bitmessage.org/wiki/Main_Page Bitmessage Bitmessage is a P2P communications protocol used to send encrypted messages to another person or to many subscribers. It is decentralized and trustless, meaning that you need-not inherently trust any entities like root certificate authorities. It uses strong authentication which means that the sender of a message cannot be spoofed, and it aims to hide non-content data, like the sender and receiver of messages, from passive eavesdroppers like those running warrantless wiretapping programs. If Bitmessage is completely new to you, you may wish to start by reading the whitepaper. Download An open source client is available for free under the very liberal MIT license. For screenshots and a description of the client, see this CryptoJunky article: Setting Up And Using Bitmessage. Download for Windows If you are looking for someone to message, visit the forum or send me a greeting. Here is my address: BM-BcJFNZDyzQKXCVJZtBJGqoon2f7GKo6s Source code You may view the Python source code on Github. Bitmessage requires PyQt and OpenSSL. Step-by-step instructions on how to run the source code on Windows or Linux is available here. Bitmessage should run on any OS though it is only lightly tested on OSX. The start-on-boot and minimize-to-tray features are only implemented for Windows thus far. Security audit needed Bitmessage is in need of an independent audit to verify its security. If you are a researcher capable of reviewing the source code, please email the lead developer or send a bitmessage to the address above. You will be helping to create a great privacy option for people everywhere! Forum Visit or subscribe to the Bitmessage subreddit. A community-based forum for questions, feedback, and discussion is also available at Bitmessage.org/forum. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Microsoft Releases 2012 Law Enforcement Requests Report
On Fri, Mar 22, 2013 at 12:08:42PM -0400, Nadim Kobeissi wrote: Regarding SSL, hasn't Skype claimed in the past that the conversations are encrypted client-to-client, as in, even from Microsoft or Skype itself? Why is it relevant what they claimed? You can't check it, so why spend any time on guessing, while you could be running a system where you would *know for sure*. If I'm right and my memory serves well, then it's striking that they only mentioned SSL in this report. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Can HAM radio be used for communication between health workers in rural areas with no cell connectivity?
On Wed, Mar 06, 2013 at 09:36:41PM +, Bernard Tyers - ei8fdb wrote: I have one answer: Amateur radio. Forget mobile phone networks. Amateur radio is cheap, very durable and will provide you with the functions you need, and if you can get access to amateur radio operators in your country, you may have free support for the life of your project! Hams need to be registered, may only communicate with other hams (i.e. may not give access to third parties, and especially pass traffic of third parites) and may not pass encrypted traffic. You might get away with end to end encryption at application layer, but this would be only tolerated at best. The whole ham culture and liberation technologies do not really mix. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] NYT covers China cyberthreat
- -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Internships available at leading Palo Alto tech startup
On Thu, Feb 21, 2013 at 06:43:38PM -0800, Hamdan Azhar wrote: Please forward widely! Please not. This is spam. --- INTERNSHIPS AVAILABLE AT LEADING SILICON VALLEY STARTUP GraphScience - a Palo Alto based venture-backed startup focusing on predictive behavioral analytics in social networks - is offering internships for college students and recent graduates. Interns will play a valuable role in building the leading social advertising platform on Facebook. Our clients are major Fortune 500 retailers and we're looking for quirky, creative, self-motivated individuals who would thrive in a fast-paced environment. Internships are unpaid and last for at least 3 months. Interested? Email us your resume, your favorite ice cream flavor, and the name of the last book you read. CONTACT: Hamdan Azhar, Lead Data Scientist, ham...@graphscience.com -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] About private networks (Was Re: NYT covers China cyberthreat)
On Thu, Feb 21, 2013 at 08:53:36PM -0600, Charles Zeitler wrote: On Thu, Feb 21, 2013 at 8:10 AM, Eugen Leitl eu...@leitl.org wrote: On Wed, Feb 20, 2013 at 09:03:06PM -0600, Charles Zeitler wrote: http://en.wikipedia.org/wiki/Quantum_cryptography Doesn't really work. Essentially, this is expensive snake oil. so, it's been tried, eh? can you post a link? QC brand of expensive snake oil has found a niche in finance. It is of course neat basic research, like quantum teleportation, and such, of potential use to quantum computers (which by itself, so far look remarkably useless as well). Why it's nonsolving a nonproblem, see http://www.schneier.com/blog/archives/2012/09/quantum_cryptog_2.html Google is your friend for further research. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] About private networks (Was Re: NYT covers China cyberthreat)
On Wed, Feb 20, 2013 at 09:03:06PM -0600, Charles Zeitler wrote: http://en.wikipedia.org/wiki/Quantum_cryptography Doesn't really work. Essentially, this is expensive snake oil. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
On Tue, Feb 12, 2013 at 09:01:37AM +0100, Andreas Bader wrote: So why not create a own OS that is really small because of its security? Chrome OS is small because it's cheap. If you were right then Android was the most secure system. Aren't there any Android viruses? RedHat seems to have less security holes than Chrome OS. http://ertos.nicta.com.au/research/l4.verified/ The L4.verified project A Formally Correct Operating System Kernel In current software practice it is widely accepted that software will always have problems and that we will just have to live with the fact that it may crash at the worst possible moment: You might be on a deadline. Or, much scarier, you might be on a plane and there's a problem with the board computer. Now think what we constantly want from software: more features, better performance, cheaper prices. And we want it everywhere: in mobile phones, cars, planes, critical infrastructure, defense systems. What do we get? Mobile phones that can be hacked by SMS. Cars that have more software problems than mechanical ones. Planes where computer problems have lead to serious incidents. Computer viruses spreading through critical infrastructure control systems and defense systems. And we think See, it happens to everybody. It does not have to be that way. Imagine your company is commissioning a new vending software. Imagine you write down in a contract precisely what the software is supposed to do. And then — it does. Always. And the developers can prove it to you — with an actual mathematical machine-checked proof. Of course, the issue of software security and reliability is bigger than just the software itself and involves more than developers making implementation mistakes. In the contract, you might have said something you didn't mean (if you are in a relationship, you might have come across that problem). Or you might have meant something you didn't say and the proof is therefore based on assumptions that don't apply to your situation. Or you haven't thought of everything you need (ever went shopping?). In these cases, there will still be problems, but at least you know where the problem is not: with the developers. Eliminating the whole issue of implementation mistakes would be a huge step towards more reliable and more secure systems. Sounds like science fiction? The L4.verified project demonstrates that such contracts and proofs can be done for real-world software. Software of limited size, but real and critical. We chose an operating system kernel to demonstrate this: seL4. It is a small, 3rd generation high-performance microkernel with about 8,700 lines of C code. Such microkernels are the critical core component of modern embedded systems architectures. They are the piece of software that has the most privileged access to hardware and regulates access to that hardware for the rest of the system. If you have a modern smart-phone, your phone might be running a microkernel quite similar to seL4: OKL4 from Open Kernel Labs. We prove that seL4 implements its contract: an abstract, mathematical specification of what it is supposed to do. Current status: completed successfully. Availablility Binaries of seL4 on ARM and x86 architectures are available for academic research and education use. The release additionally contains the seL4 formal specification, user-level libraries and sample code, and a para-virtualised Linux (x86) Click here to download seL4 More information: What we prove and what we assume (high level, some technical background assumed) Statistics (sizes, numbers, lines of code) Questions and answers (high-level, some technical background assumed) Verification approach (for technical audience) Scientific publications (for experts) Acknowledgements and team What does a formal proof look like? [pdf] Contact For further information, please contact Gerwin Klein (project leader): gerwin.klein(at)nicta.com.au -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] nettime Copy Paste in Brussels
in tabling amendments. # distributed via nettime: no commercial use without permission # nettime is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: http://mx.kein.org/mailman/listinfo/nettime-l # archive: http://www.nettime.org contact: nett...@kein.org - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
On Wed, Feb 13, 2013 at 05:22:39PM +0700, Uncle Zzzen wrote: Even if the average activist could master mutt (I use it regularly, and still feel like a noob :) ), it only applies to devices that have a keyboard. We've used to have chording keyboards like http://www.youtube.com/watch?v=k-zThJX920w back in 1990s. Depending on whether Google glass begets useful hardware, musings like http://eugen.leitl.org/tt/msg21433.html might become relevant again. If we're talking about phones and tablets (not many people carry a notebook in a demonstration, when they witness violence, etc.), GUI is not a nicety. GUI should be as streamlined as possible, and this means html-based (like Mozilla's B2G), but it's not easy to minimize the attack surface: -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [cryptography] Meet the groundbreaking new encryption app set to revolutionize privacy...
- Forwarded message from Jon Callas j...@callas.org - From: Jon Callas j...@callas.org Date: Fri, 8 Feb 2013 11:26:23 -0800 To: Randombit List cryptogra...@randombit.net Subject: Re: [cryptography] Meet the groundbreaking new encryption app set to revolutionize privacy... X-Mailer: Apple Mail (2.1283) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thanks for your comments, Ian. I think they're spot on. At the time that the so-called Arab Spring was going on, I was invited to a confab where there were a bunch of activists and it's always interesting to talk to people who are on the ground. One of the things that struck me was their commentary on how we can help them. A thing that struck me was one person who said, Don't patronize us. We know what we're doing, we're the ones risking our lives. Actually, I lied. That person said, don't fucking patronize us so as to make the point stronger. One example this person gave was that they talked to people providing some social meet-up service and they wanted that service to use SSL. They got a lecture how SSL was flawed and that's why they weren't doing it. In my opinion, this was just an excuse -- they didn't want to do SSL for whatever reason (very likely just the cost and annoyance of the certs), and the imperfection was an excuse. The activists saw it as being patronizing and were very, very angry. They had people using this service, and it would be safer with SSL. Period. This resonates with me because of a number of my own peeves. I have called this the the security cliff at times. The gist is that it's a long way from no security to the top -- what we'd all agree on as adequate security. The cliff is the attitude that you can't stop in the middle. If you're not going to go all the way to the top, then you might as well not bother. So people don't bother. This effect is also the same thing as the best being the enemy of the good, and so on. We're all guilty of it. It's one of my major peeves about security, and I sometimes fall into the trap of effectively arguing against security because something isn't perfect. Every one of us has at one time said that some imperfect security is worse than nothing because it might lull people into thinking it's perfect -- or something like that. It's a great rhetorical flourish when one is arguing against some bit of snake oil or cargo-cult security. Those things really exist and we have to argue against them. However, this is precisely being patronizing to the people who really use them to protect themselves. Note how post-Diginotar, no one is arguing any more for SSL Everywhere. Nothing helps the surveillance state more than blunting security everywhere. Jon -BEGIN PGP SIGNATURE- Version: PGP Universal 3.2.0 (Build 1672) Charset: us-ascii wj8DBQFRFVFhsTedWZOD3gYRAjX5AKCw+SBcR1TDlDuPorgri2makt30wACgs3iI 2f+SwEqjbAVyPhf9SH67Aa8= =tB7/ -END PGP SIGNATURE- ___ cryptography mailing list cryptogra...@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Removing watermarks from pdfs (pdfparanoia)
On Tue, Feb 05, 2013 at 06:59:03PM -0500, liberationt...@lewman.us wrote: On Tue, 5 Feb 2013 14:20:22 -0600 Bryan Bishop kanz...@gmail.com wrote: How about removing those pesky watermarks from pdfs? Sometimes they completely obfuscate the contents of a paper we're trying to read, or sometimes they have more sinister purposes. I get PDFs watermarked to me by their placement of sections in relation to one another, their word choice in opening sentences of paragraphs, and figure/image locations within the PDF. The idea being that the content is the watermark, not some silly overlay watermark which is fairly easily stripped out in most free operating systems. If you render to bitmap, and then to djvu (maybe with OCR) then this should strip these. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] [drone-list] CRS on integration of drones into NAS
- Forwarded message from Gregory Foster gfos...@entersection.org - From: Gregory Foster gfos...@entersection.org Date: Thu, 31 Jan 2013 22:12:36 -0600 To: drone-l...@lists.stanford.edu Subject: [drone-list] CRS on integration of drones into NAS User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130107 Thunderbird/17.0.2 CRS (Jan 30) - Integration of Drones into Domestic Airspace: Selected Legal Issues: http://www.fas.org/sgp/crs/natsec/R42940.pdf via Secrecy News (Jan 31) - Drone Programs Spark Budgetary, Privacy, Legal Concerns: http://www.fas.org/blog/secrecy/2013/01/drone_legal.html gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster http://entersection.com/ ___ drone-list mailing list drone-l...@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/drone-list If you would like to receive a daily digest, click yes (once you click above) next to would you like to receive list mail batched in a daily digest? You will need the user name and password you receive from the list moderator in monthly reminders. Should you need immediate assistance, please contact the list moderator. - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Muni network ownership and the Fourth
- Forwarded message from Leo Bicknell bickn...@ufp.org - From: Leo Bicknell bickn...@ufp.org Date: Tue, 29 Jan 2013 09:05:00 -0800 To: NANOG na...@nanog.org Subject: Re: Muni network ownership and the Fourth Organization: United Federation of Planets In a message written on Tue, Jan 29, 2013 at 10:59:31AM -0500, Jay Ashworth wrote: Regular readers know that I'm really big on municipally owned fiber networks (at layer 1 or 2)... but I'm also a big constitutionalist (on the first, second, fourth, and fifth, particularly), and this is the first really good counter-argument I've seen, and it honestly hadn't occurred to me. Rob, anyone, does anyone know if any 4th amendment case law exists on muni- owned networks? I don't, but I'd like to point out here that I've long believed both sides of the muni-network argument are right, and that we the people are losing the baby with the bath water. I am a big proponent of muni-owned dark fiber networks. I want to be 100% clear about what I advocate here: - Muni-owned MMR space, fiber only, no active equipment allowed. A big cross connect room, where the muni-fiber ends and providers are all allowed to colocate their fiber term on non-discriminatory terms. Large munis will need more than one, no run from a particular MMR to a home should exceed 9km, allowing the providers to be within 1km of the MMR and still use 10km optics. - 4-6 strands per home, home run back to the muni-owned MMR space. No splitters, WDM, etc, home run glass. Terminating on an optical handoff inside the home. - Fiber leased per month, per pair, on a cost recovery basis (to include an estimate of OM over time), same price to all players. I do NOT advocate that munis ever run anything on top of the fiber. No IP, no TV, no telephone, not even teleporters in the future. Service Providers of all types can drop a large count fiber from their POP to the muni-owned MMR, request individual customers be connected, and then provide them with any sort of service they like over that fiber pair, single play, double play, triple play, whatever. See, the Comcast's and ATT of the world are right that governments shouldn't be ISP's, that should be left to the private sector. I want a choice of ISP's offering different services, not a single monopoly. In this case the technology can provide that, so it should be available. At the same time, it is very ineffecient to require each provider to build to every house. Not only is it a large capital cost and barrier to entry of new players, but no one wants roads and yards dug up over and over again. Reducing down to one player building the physical in the ground part saves money and saves disruption. Regarding your 4th amendment concerns, almost all the data the government wants is with the Service Provider in my model, same as today. They can't find out who you called last week without going to the CDR or having a tap on every like 24x7 which is not cost effective. Could a muni still optically tap a fiber in this case and suck off all the data? Sure, and I have no doubt some paranoid service provider will offer to encrypt everything at the transport level. Is it perfect? No. However I think if we could adopt this model capital costs would come down (munis can finance fiber on low rate, long term muni-bonds, unlike corporations, plus they only build one network, not N), and competition would come up (small service providers can reach customers only by building to the MMR space, not individual homes) which would be a huge win win for consumers. Maybe that's why the big players want to throw the baby out with the bath water. :P -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Muni network ownership and the Fourth
- Forwarded message from Rob McEwen r...@invaluement.com - From: Rob McEwen r...@invaluement.com Date: Tue, 29 Jan 2013 11:46:46 -0500 To: na...@nanog.org Subject: Re: Muni network ownership and the Fourth User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130107 Thunderbird/17.0.2 On 1/29/2013 10:59 AM, Jay Ashworth wrote: From: Rob McEwen r...@invaluement.com (C) The fact that the Internet is a series of PRIVATE networks... NOT owned/operated by the Feds... is a large reason why the 4th amendment provides such protections... it becomes somewhat of a firewall of protection against Federal gov't trampling of civil liberties... but if they own the network, then that opens up many doors for them. Regular readers know that I'm really big on municipally owned fiber networks (at layer 1 or 2)... but I'm also a big constitutionalist (on the first, second, fourth, and fifth, particularly), and this is the first really good counter-argument I've seen, and it honestly hadn't occurred to me. Rob, anyone, does anyone know if any 4th amendment case law exists on muni- owned networks? Good question. Here is another thing to consider regarding SOME muni network... (at least where private citizens/businesses subscribe to that network) When any government entity desires log files from an ISP, and if that ISP is very protective of their customer's privacy and civil liberties, then the ISP typically ONLY complies with the request if there is a proper court order, granted by a judge, after probable cause of some kind of crime has been established, where they are not on a fishing expedition. But, in contrast, if the city government owns the network, it seems like a police detective contacting his fellow city employee in the IT department could easily circumvent the civil liberties protections. Moreover, there is an argument that the ISP being stingy with such data causes them to be heros to the public, and they gain DESIRED press and attention when they refuse to comply with such requests without a court order. In contrast, the city's IT staff and the police detective BOTH share the SAME boss's boss's boss. The IT guy won't get a pat on the back for making life difficult for the police department. He'll just silently lose his job eventually, or get passed up for a promotion. The motivation will be on him to PLEASE his fellow city employees, possibly at the expense of our civil liberties. PS - of course, no problems here if the quest to gain information involves a muni network that is only used by city employees. PPS - then again, maybe my log file example doesn't apply to the particular implementation that Jay described? Regardless, it DOES apply to various government implementations of broadband service. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032 - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Geurilla open access cookbook
- added recommended security precautions for movement members 2013.1.19 kfogel - language 2013.1.19-20 williwaw - ruby.recipe add some ways to simulate human behavior in scraper 2013.1.20 FreeDam - Overcome Built-in limit on JSTOR Liberator - Bryan http://heybryan.org/ 1 512 203 0507 -- You received this message because you are subscribed to the Google Groups science-liberation-front group. To unsubscribe from this group, send email to science-liberation-front+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Mega
On Wed, Jan 23, 2013 at 07:40:13AM -0500, bbrewer wrote: Andreas Bader noergelpi...@hotmail.de wrote: Mega seems also to have an exploitable bug for email spaming. A lot of bloggers report this. All the money in the world, and still, so many listed problems on this new service. Malicious intent, or just complete rush to give the finger to the authorities? You don't seem to know Kim dotcom Schmitz well. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] nettime Response to Academe Is Complicit essay
- Forwarded message from Lincoln Cushing lcush...@igc.org - From: Lincoln Cushing lcush...@igc.org Date: Tue, 22 Jan 2013 21:04:03 -0800 To: nettim...@mail.kein.org Subject: nettime Response to Academe Is Complicit essay Nettime colleagues: I was forwarded Timothy Burke's provocative piece through the Progressive Librarians Guild (I've been a member for over ten years). I'm replying with an adaptation of something I wrote following another essay examining Aaron Swartz's death. While Mr. Swartz's death was tragic, his persecution by the US Attorney General's office heavyhanded, and many of the information liberation positions he espoused noble, I was struck by the criticism in Burke's essay leveled at JSTOR. JSTOR has become a veritable punching bag of the Free Culture Movement. Noted professor Larry Lessig takes a whack at them in his video lecture appropriately titled What's wrong with JSTOR: http://www.uomatters.com/2011/07/larry-lessig-on-whats-wrong-with-jst or.html In it, he bushwhacks a scholar for explaining her empty office bookshelves by saying that Everything I needed is on the Internet now. Lessig's meanspirited point was that from the academic's perspective - namely working at an institution with well-endowed electronic journal site licenses - she was both privileged and correct. Alas, for the rest of us poor slobs in the real world her statement isn't true. Evil content aggregators like JSTOR have gobbled up all the good stuff. But wait - Lessig's argument only works within the narrow definition of online access. I'm certainly no fan of JSTOR. I, like all of you, have stumbled across tasty citations to works on Google, only to be zapped with the unwelcome news that I'd have to pay to see it. But JSTOR does provide a service. Their arrangements are not exclusive. You want to go to your local university library and scan an article from 1975? Go ahead, the free JSTOR citation tells you exactly what to look for. Sure, the original research may well have been paid for by public funds, but that does not mean that somehow it should magically appear for free on the Web. There are real costs to doing this work, and unless The State is willing to do it (and I would argue they should), corporations will step in. Public domain does not mean free access, just the potential for it. I'm sure there are other aspects of JSTOR that are problematic (apparently their executives each made over $250,000 in 2009, but I'm not paying their salary). I am hopeful that examinations of the circumstances surrounding the Swartz tragedy can lead to discussing and developing a clearer analysis of the real problems facing our field. For example, I see the insidious expansion of photo aggregators like Corbis and Getty One being much more dangerous than JSTOR. Those folks are truly buying up our culture, and it scares me. Burke raises the complicity of academe in the privatization of knowledge. I ask - what have any of us actually done to make information available to the public? Much of my own work as an activist archivist involves digitization of analog content and sharing it with the world. I shoot posters, which is not easy, and I've built and paid for a custom studio for doing that. I've helped mount thousands of social justice poster images on the Web. But I don't post high-resolution images. I, and the institutions I work with, feel that those images deserve some protection from corporate appropriation without compensation. Thanks you, Creative Commons. By withholding free access to the ultimate goody, the 60 megabyte image file, am I a traitor to the Free Culture Movement? I certainly hope not. Yours for democratic knowledge, Lincoln Cushing www.docspopuii.org Documents for the Public # distributed via nettime: no commercial use without permission # nettime is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: http://mx.kein.org/mailman/listinfo/nettime-l # archive: http://www.nettime.org contact: nett...@kein.org - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech