Re: [liberationtech] Quick Guide to Alternatives
On Tue, Jun 18, 2013 at 11:30:00AM +0200, Julian Oliver wrote: It'd be also good to add GNU/Linux however. [...[ And the BSD family, notably OpenBSD -- whose development is led in large part by one of my favorite curmudgeons. (As I've said elsewhere, some of the people working on OpenBSD are nit-picking, anal-retentive, pedantic, intolerant, fanatical, insistent, demanding and relentless: in other words, the perfect people to be crafting an operating system.) Use of open source applications alone is an insufficient measure against snooping today, IMO. True. Open source OS/applications are necessary -- but not sufficient. ---rsk -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Quick Guide to Alternatives
..on Mon, Jun 17, 2013 at 07:13:08PM +0200, Anne Roth wrote: Hi, Tactical Tech has been getting a lot of questions lately on what to do to avoid being spied on - like probably most everyone on this list. We have compiled this 'Quick Guide to Alternatives', based on Security in-a-box and more. https://alternatives.tacticaltech.org In addition we try to keep 'Me and My Shadow' up to date with information about how we leave digital shadows and what can be done to reduce them: https://myshadow.org/ - also a topic that seems to matter more these days, also to people who so far tended to be members of the 'nothing to hide' and 'but it's so convenient' clubs. Great list. It'd be also good to add GNU/Linux however. It's an open source (inspectable) OS made with the public interest in mind, rather than the strategic ambitions of a sole proprietor. Use of open source applications alone is an insufficient measure against snooping today, IMO. The operating system is a tangible and known point of vulnerability, from keyloggers to auto-updaters and the unnegotiable pushing of metadata over proprietary channels, such as iTunes. Both Apple and Microsoft have been shown to collaborate with the NSA. Microsoft has been found to alert government clients as to security flaws in their operating systems long before publicly releasing a fix. There's no reason Apple doesn't do the same, as if its track record for timely patching wasn't poor enough. An important sub-theme of this whole debacle is that it's simply unrealistic to trust that a corporation will defend basic human rights, especially when coerced by a government or their own craving for profit. Cheers, -- Julian Oliver http://julianoliver.com http://criticalengineering.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Quick Guide to Alternatives
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 17/06/13 18:13, Anne Roth wrote: We have compiled this 'Quick Guide to Alternatives', based on Security in-a-box and more. https://alternatives.tacticaltech.org Hi Anne, Thanks for making this resource available. The descriptions of RedPhone and Ostel seem a bit inconsistent - or maybe I don't understand the distinction that's being made. RedPhone ... encrypts voice communication data sent between two devices that run this application. However it also becomes easier to analyze the traffic it produces and trace it back to you, through your mobile number. RedPhone uses a central server, which is a point of centralization and thus puts RedPhone in a powerful position (of having control over some of this data). When using CSipSimple, you never directly communicate with your communication partner, instead all your data is routed through the Ostel server. This makes it much harder to trace your data and find out who you are talking to. Additionally, Ostel doesn't retain any of this data, except the account data that you need to log in. It sounds like you're saying the use of a central server is a disadvantage for RedPhone but an advantage for Ostel - which may be true, but I don't understand why. Cheers, Michael -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJRwFjzAAoJEBEET9GfxSfMWc0IAJmTnY1IXKNkCKnj7P68ei0D D9n4dlo6ZJ/yEIxYKoaji+bnFDuPVE5flkf1B58LqyIKxUOBds0XzLVmjDKGwrWZ vv9Jna6Ic07isFvJPyoq4zpjfKRspIfCRHmZVyOkCbnuh3takMz74q3BibtI6Izu STTVg3Fkw2fhfhQ0DSUEvU07s8rzBNwK4CNoikyxG9xF9ZwtlVLzOq5G0R9xoed8 0GxiJAzjCwLJm6saCkqHBilw4b0ky9JBNS/6hsZoXrY8v/Ps8CrNACcjkEHbH45O mDd5vgNMDkI3pcKnoz7QUztRoi8KxE4YiGRzT6XKE7Mwb84ZW8OcumkuXQcJkaQ= =FELY -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Quick Guide to Alternatives
Moritz Bartl mor...@torservers.net writes: On 17.06.2013 21:06, micah wrote: Do you have any suggestions for what Riseup can do to resolve that concern for you? I don't disagree with you, I'm just curious about solutions here. I am happy to repeat myself, since the issues I have with Riseup have not been addressed so far. Tactical Tech should not be recommending Riseup, and Riseup only, without stressing that you *always* have to trust the operators and the systems behind them, and at least mention some alternatives to Riseup. A longer article should also discuss that Gmail is probably better security-wise than some random open source installation. In the end it depends on your threat model, right? Anyway: #1 There was a point in time when Riseup purposely decided to stop pushing decentralization. A lot of work was and is put into features that are *not* documented properly and not easily available to replicate. #2 As an example, the website states minimal logging. What the hell is minimum logging other than marketing speech? Why don't you tell you're users what you are logging, up to the last byte? Especially when you provide a sensitive service like email, extra care should be put in the documentation and specification of logging policies. And by that I mean down to the config files of the syslog daemon. Riseup makes a more specific promise than just minimal logging. They say: We do not log your IP address and some other things, at https://help.riseup.net/en/about-us . It's not the up to the last byte you're asking for above, but it's more specific than just minimal logging. #3 How hard is it to be transparent about money and sponsors? There's some big money behind Riseup now, and you guys should be very open about the sources. Surprisingly hard. It's actually a fair bit of work to maintain up-to-date donor pages, especially when you have some donors who want to remain anonymous and other donors who want to be listed under a name slightly different from the one they donated under, etc... I'm not saying this is the reason Risup isn't showing that information. But the answer to your direct question is: surprisingly hard. (Speaking from abundant personal experience, running one US non-profit organization and being on the board of another.) There's an opportunity cost to maintaining that information publicly. Whoever takes on the task gives up something else they could be doing -- something that might be more interesting and feel more productive to them. Volunteers are surely standing by, and all that :-). -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Quick Guide to Alternatives
From: Anne Roth annal...@riseup.net To: liberationtech@lists.stanford.edu liberationtech@lists.stanford.edu Sent: Monday, June 17, 2013 1:13 PM Subject: [liberationtech] Quick Guide to Alternatives Hi, Tactical Tech has been getting a lot of questions lately on what to do to avoid being spied on - like probably most everyone on this list. We have compiled this 'Quick Guide to Alternatives', based on Security in-a-box and more. https://alternatives.tacticaltech.org Quick critique of one of the entries: 1) Many commercial email providers, such as Google or Yahoo, collect a huge amount of user information which can be handed over to third parties from advertising companies to governments. Furthermore, some do not offer users an encrypted connection (known as HTTPS or SSL) by default, meaning that emails are sent in 'plain text' and readable by malicious hackers, Internet Service Providers, and others with access to the networks as they travel between users' devices and the email provider's servers. Change Furthermore, some do not offer users an encrypted connection (known as HTTPS or SSL) by default to Google's Gmail offers users an encrypted connection (known as HTTPS or SSL) by default but others do not, 2) Riseup is a collective organization dedicated to providing private and secure email and hosting services for individuals and organisations committed to political and social justice. I'll hold off on a suggestion for #2, but do keep in mind that you're going to get views from non-technical people who will read secure email and https above and think, Hey, that's like what I use to log in to my bank, so obviously I want to use a service that that keeps my messages that secure when they get sent _over_ _the_ _internet_. They join Riseup and can now breathe a sigh of relief as they send secure email to all their friends at gmail.com, or wherever. Oops. Also, notice that the problem actually gets worse when you tell users that Gmail offers https by default. Either they just use gmail, or they think sending a message from secure riseup to secure gmail keeps their data secure. Neither is true, and to actually gain any meaningful control over who can read their messages they still have to use Enigmail or similar software. Finally, the user of riseup must trust the description of their service on the website to be true because it is a form of privacy by policy. If joining it is to be anything other than practicing the bad habit of trusting implicitly something you read on a list on the internet, you need to know and trust someone from the internet security/privacy world who can vouch for the security of the system based on their own human trust relationship with someone who runs riseup (or is closely connected to it). If you're a human rights worker and you have such a relationship with a security/privacy expert, you'd do better to pay them for some tutoring sessions on seting up and using one or more of the following: ssh, Tor, Tor + ssh, torchat, and possibly otr + pidgin and help them develop a working experience about what the threats are to their privacy in those instances. -Jonathan -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Quick Guide to Alternatives
Jonathan Wilkes jancs...@yahoo.com writes: Finally, the user of riseup must trust the description of their service on the website to be true because it is a form of privacy by policy. If joining it is to be anything other than practicing the bad habit of trusting implicitly something you read on a list on the internet, you need to know and trust someone from the internet security/privacy world who can vouch for the security of the system based on their own human trust relationship with someone who runs riseup (or is closely connected to it). If you're a human rights worker and you have such a relationship with a security/privacy expert, you'd do better to pay them for some tutoring sessions on seting up and using one or more of the following: ssh, Tor, Tor + ssh, torchat, and possibly otr + pidgin and help them develop a working experience about what the threats are to their privacy in those instances. I happen to know and trust someone who can vouch for the security of the system due to my human trust relationship with someone who runs riseup. Do you have any suggestions for what Riseup can do to resolve that concern for you? I don't disagree with you, I'm just curious about solutions here. I think Riseup has done a few things to try to close that gap. One has been a long term building up of trust among individuals and groups, which spreads out through recommendations by those people to others. Riseup people being involved in various forms of activism (from counter globalization movement organizing, to indymedia, to occupy and other much less well known, or hyper local activist efforts) has been one way that has happened. In various ways Riseup has been involved in defending, or fighting for the freedoms that Riseup tries to protect, sometimes that has come in the form of legal battles that Riseup has either joined or been subjected to, coalitions that Riseup has joined, or campaigns that Riseup has participated in. In other cases it comes technically through publishing documentation, guides, howtos and writing patches and software that embody the various political principles that Riseup tries to adhere to (such as privacy and log anonymization patches, or social networking software, etc.). Another way is active involvement in free software, Debian in particular. Contributing to that ecosystem because the political ideals are harmonious makes a lot of sense for an organization that is actually trying to fulfill its stated 'policies'. micah -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Quick Guide to Alternatives
Micah, What does Riseup do? I joined a list for the budding Texas Pirate Party, and it was hosted on it. I think the best promotion is to preach by example or, in a way I like more for the humor of it all, to eat your own dog food, and from your statement, it looks like you guys do just that! Great! However, when it comes to security and privacy, I worry about the false sense of protection activists could get from resorting to alternative, secure solutions, since I do believe that the best premise any serious activist should have is that there's no Privacy and/or Security on the Internet: not in the era of uncountable computrons that render any protection moot for those that want to find out, who are always the bad guys. Best Regards | Cordiales Saludos | Grato, Andrés L. Pacheco Sanfuentes a...@acm.org +1 (817) 271-9619 On Mon, Jun 17, 2013 at 2:06 PM, micah mi...@riseup.net wrote: Jonathan Wilkes jancs...@yahoo.com writes: Finally, the user of riseup must trust the description of their service on the website to be true because it is a form of privacy by policy. If joining it is to be anything other than practicing the bad habit of trusting implicitly something you read on a list on the internet, you need to know and trust someone from the internet security/privacy world who can vouch for the security of the system based on their own human trust relationship with someone who runs riseup (or is closely connected to it). If you're a human rights worker and you have such a relationship with a security/privacy expert, you'd do better to pay them for some tutoring sessions on seting up and using one or more of the following: ssh, Tor, Tor + ssh, torchat, and possibly otr + pidgin and help them develop a working experience about what the threats are to their privacy in those instances. I happen to know and trust someone who can vouch for the security of the system due to my human trust relationship with someone who runs riseup. Do you have any suggestions for what Riseup can do to resolve that concern for you? I don't disagree with you, I'm just curious about solutions here. I think Riseup has done a few things to try to close that gap. One has been a long term building up of trust among individuals and groups, which spreads out through recommendations by those people to others. Riseup people being involved in various forms of activism (from counter globalization movement organizing, to indymedia, to occupy and other much less well known, or hyper local activist efforts) has been one way that has happened. In various ways Riseup has been involved in defending, or fighting for the freedoms that Riseup tries to protect, sometimes that has come in the form of legal battles that Riseup has either joined or been subjected to, coalitions that Riseup has joined, or campaigns that Riseup has participated in. In other cases it comes technically through publishing documentation, guides, howtos and writing patches and software that embody the various political principles that Riseup tries to adhere to (such as privacy and log anonymization patches, or social networking software, etc.). Another way is active involvement in free software, Debian in particular. Contributing to that ecosystem because the political ideals are harmonious makes a lot of sense for an organization that is actually trying to fulfill its stated 'policies'. micah -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Quick Guide to Alternatives
From: micah mi...@riseup.net To: Jonathan Wilkes jancs...@yahoo.com; liberationtech liberationtech@lists.stanford.edu; liberationtech liberationtech@lists.stanford.edu Sent: Monday, June 17, 2013 3:06 PM Subject: Re: [liberationtech] Quick Guide to Alternatives Jonathan Wilkes jancs...@yahoo.com writes: Finally, the user of riseup must trust the description of their service on the website to be true because it is a form of privacy by policy. If joining it is to be anything other than practicing the bad habit of trusting implicitly something you read on a list on the internet, you need to know and trust someone from the internet security/privacy world who can vouch for the security of the system based on their own human trust relationship with someone who runs riseup (or is closely connected to it). If you're a human rights worker and you have such a relationship with a security/privacy expert, you'd do better to pay them for some tutoring sessions on seting up and using one or more of the following: ssh, Tor, Tor + ssh, torchat, and possibly otr + pidgin and help them develop a working experience about what the threats are to their privacy in those instances. I happen to know and trust someone who can vouch for the security of the system due to my human trust relationship with someone who runs riseup. Do you have any suggestions for what Riseup can do to resolve that concern for you? I don't disagree with you, I'm just curious about solutions here. Doing your computations on someone else's computer and expecting privacy is a bad mix, regardless of whether that computer is running well-configured free software or not. That goes for Google and Riseup, though I do think using the server of someone you personally trust is making the best of bad options. Going further than making the best of bad options, here's a suggestion: what about leveraging this trust they built among individuals and groups to start a program of helping set up something like this for people: http://yunohost.org/ It's surely less secure/robust than Riseup's servers in its current state, but all the work and patches they make regarding logging/etc. which you mention below would then go to strengthen a system that gives privacy by design. Plus Riseup doesn't have to host any data, encrypted or otherwise for that particular person-- just a nice friendly interface for pointing their email address at the location of the box. Then when someone comes along and codes up a Tor plugin, or NAT traversal stuff, or even some exciting new end-to-end encrypted messaging system, instead of doing the old privacy-vs-convenience dance, you'd have users contacting whatever privacy Jedi they know and trust, asking them if they think it's ok to click the button to install that plugin. (Or doing whatever audit from whoever they want to pay to look directly at the system they're running and using, and tell them whether its configured correctly.) -Jonathan I think Riseup has done a few things to try to close that gap. One has been a long term building up of trust among individuals and groups, which spreads out through recommendations by those people to others. Riseup people being involved in various forms of activism (from counter globalization movement organizing, to indymedia, to occupy and other much less well known, or hyper local activist efforts) has been one way that has happened. In various ways Riseup has been involved in defending, or fighting for the freedoms that Riseup tries to protect, sometimes that has come in the form of legal battles that Riseup has either joined or been subjected to, coalitions that Riseup has joined, or campaigns that Riseup has participated in. In other cases it comes technically through publishing documentation, guides, howtos and writing patches and software that embody the various political principles that Riseup tries to adhere to (such as privacy and log anonymization patches, or social networking software, etc.). Another way is active involvement in free software, Debian in particular. Contributing to that ecosystem because the political ideals are harmonious makes a lot of sense for an organization that is actually trying to fulfill its stated 'policies'. micah-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Quick Guide to Alternatives
From: Jonathan Wilkes jancs...@yahoo.com To: micah mi...@riseup.net; liberationtech liberationtech@lists.stanford.edu Sent: Monday, June 17, 2013 5:16 PM Subject: Re: [liberationtech] Quick Guide to Alternatives Here's the much more articulate version of what I wrote: http://www.schneier.com/blog/archives/2013/06/more_on_feudal.html -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Quick Guide to Alternatives
On 17.06.2013 21:06, micah wrote: Do you have any suggestions for what Riseup can do to resolve that concern for you? I don't disagree with you, I'm just curious about solutions here. I am happy to repeat myself, since the issues I have with Riseup have not been addressed so far. Tactical Tech should not be recommending Riseup, and Riseup only, without stressing that you *always* have to trust the operators and the systems behind them, and at least mention some alternatives to Riseup. A longer article should also discuss that Gmail is probably better security-wise than some random open source installation. In the end it depends on your threat model, right? Anyway: #1 There was a point in time when Riseup purposely decided to stop pushing decentralization. A lot of work was and is put into features that are *not* documented properly and not easily available to replicate. #2 As an example, the website states minimal logging. What the hell is minimum logging other than marketing speech? Why don't you tell you're users what you are logging, up to the last byte? Especially when you provide a sensitive service like email, extra care should be put in the documentation and specification of logging policies. And by that I mean down to the config files of the syslog daemon. #3 How hard is it to be transparent about money and sponsors? There's some big money behind Riseup now, and you guys should be very open about the sources. -- Moritz Bartl https://www.torservers.net/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
